Security Update 2005-002 Fixes Java — Apple has released Security Update 2005-002 to eliminate a vulnerability through which an untrusted Java applet could gain increased privileges and potentially execute arbitrary code. The fix applies only to Java 1.4.2 (and thus Mac OS X 10.3.4 or later); previous Java releases are not affected. The update is available via Software Update and as a separate 16.4 MB download. [ACE]

<http://docs.info.apple.com/article.html? artnum=300980>

<http://www.apple.com/support/downloads/ securityupdate2005002macosx1034orlater.html>

Firefox 1.0.1 Security Update Released — The Mozilla Organization last week released Firefox 1.0.1 for all platforms, which fixes a number of small security holes or potential problems, notably the homograph spoofing problem we’ve talked about recently in TidBITS (see "Don’t Trust Your Eyes or URLs" in TidBITS-766). The updated version includes a new preference, network.IDN_show_punycode, which is set to true. (To access this preference, enter "about:config" in the Location field and press Return; it’s probably easiest to then type "IDN" in the Filter field to display the preference.)

<http://www.mozilla.org/products/firefox/ all.html>

<http://www.mozilla.org/projects/security/known- vulnerabilities.html>

<https://tidbits.com/getbits.acgi?tbart=07983>

Instead of seeing the actual display of international characters in domain names, you’ll see the punycode or Unicode-to-Roman mapping when you visit a site that is attempting to pass itself off as another site using this technique. The Shmoo Group, which exposed this visual vulnerability, have a demonstration on their site. The second o in shmoo in the links at the top of that page is a homograph, or a letter that looks like another letter. Before Firefox 1.0.1, the links and the destination of the fake domains at the top of that page would read "http://www.theshmoogroup.com/". Now they appear as "http://www.xn--theshmogroup-bgk.com/".

<http://www.shmoo.com/idn/>

The English version of Firefox 1.0.1 for Mac OS X is an 8.7 MB download; note that not all language versions have been updated yet.

German TidBITS Translators Wanted — The German translation of TidBITS is looking to add a few more people to the volunteer translation team to help spread the load a bit more thinly. If you’d like to contribute a bit of time each week either to translating from English to German, please contact Heinz Gnehm <[email protected]> or Jens Peter Franke <[email protected]>. Thanks for helping out! [ACE]

<http://www.tidbits.com/tb-issues/lang/de/>

We’d heard recently that one of the fathers of the Macintosh was seriously ill, and last week brought the news that Jef Raskin passed away.

<http://digibarn.com/friends/jef-raskin/>

Raskin is widely acknowledged as the person who created many theoretical underpinnings of modern personal computing and then pulled together many threads of his own and others to create a team at Apple that would eventually produce the first Mac.

Raskin was forced out of Apple in 1982 as Steve Jobs took an ever greater interest in the Macintosh. He could be prickly, fighting what was often a rear-guard battle against revisionist history, ignorance of his role, and occasional indifference. Reporters like myself often received long email messages about what he perceived as our errors in reporting (or not reporting) his role.

But he was also apparently an incredibly generous and creative person, devoted to improving the relationship between people and computers which, by extension, would give people more control over their creative abilities. Raskin’s work since leaving Apple has centered on the Humane Interface, an entirely new and sometimes hard-to-grasp approach to interaction. It was just like him to create something simultaneously mystifying, fascinating, inscrutable, and potentially indispensable.

He was a renaissance man of the kind found only, these days, in technology fields: a musician, an artist, a computer science theorist, and a practical builder. Consider the way in which he resigned from the University of California, San Diego:

"When I resigned I got into a hot air balloon in the middle of Revelle Plaza and flew over the Chancellor’s residence playing my sopranino recorder so that he would hear the sound. He came out and I yelled down that I was resigning and floated off. I was an art professor at the time and it seemed arty to leave that way."

<http://jef.raskincenter.org/published/ ubiquity.html>

The world is poorer without Jef Raskin sometimes chiding, always teaching, always engaged.

Apple expanded its wildly successful iPod family of portable music players last week, lowering prices and adding new capacities to the iPod mini and iPod photo product lines.

With its 4 GB capacity and new, lower price of $200 in the U.S., the basic iPod mini, which also gains extended battery life (the company claims "up to 18 hours"), fills the midrange gap between the $100-$150 iPod shuffle and the previously pricier models starting at $250. A new 6 GB model takes over the $250 price point. The new iPod minis are available now worldwide in metallic silver, pink, blue, and green hues (gold, one of the original iPod mini colors, apparently lost its luster).

<https://tidbits.com/getbits.acgi?tbart=07494>

<http://www.apple.com/ipodmini/>

At the same time, Apple is offering a slimmer 30 GB model of its iPod photo, featuring a color screen and video connector for photo slide shows for $350, down $150 from the price of the original (now discontinued) 40 GB iPhoto photo. The 60 GB unit drops from $600 to $450. Both models are available immediately worldwide. (The 40 GB Click Wheel iPod has also quietly disappeared from Apple’s lineup, leaving the original lineage with only the 20 GB model, at $300, and the 20 GB U2 Special Edition model for $350.)

<https://tidbits.com/getbits.acgi?tbart=07877>

<http://www.apple.com/ipodphoto/>

The new lineup is also notable for what’s missing. Both the iPod mini and iPod photo models come with USB 2.0 cables for transferring data and recharging the internal battery. If you want to use FireWire, you need to buy an optional $20 iPod Dock Connector to FireWire cable. A $20 iPod photo AV cable is needed to view photos on a television, or the $30 iPod photo Dock offers an S-video connector (as well as audio out and the Dock connector).

A new $30 iPod Camera Connector, expected to ship in late March, will enable photographers to free up limited camera storage card space by transferring photos to the iPod (check Apple’s site to verify compatibility with your camera before buying). Once transferred, the photos can be displayed on the iPod photo’s built-in color screen or, after previously being connected to a computer, on a television through the unit’s video connector, and they can later be moved to a Mac or Windows PC.

Over the last year, you’ve heard me talking about how we’re moving all of our Internet services to an Xserve running Web Crossing, which is an integrated suite of Internet servers, all backed up by a high-performance object-oriented database and its own programming language. The amount of custom code necessary for our specific situation has caused the project to take longer than would be ideal, but overall, I’ve been extremely happy with the functionality Web Crossing has provided.

<http://www.webcrossing.com/>

However, it’s been hard to recommend Web Crossing to individuals or small organizations because of the cost and complexity of setting up your own server – after all, this is the same software that runs discussion forums for the likes of Apple, Salon, and the New York Times, so power and flexibility has long trumped a straightforward interface.

Now Web Crossing, Inc. has addressed those concerns with Site Crossing, a new hosted service that provides a simple and integrated interface for managing interactive services like mailing lists, discussion forums, weblogs, polls, a shared calendar, file libraries, slideshows, and live chat. Such complex features can be difficult to add to existing Web sites, particularly in conjunction with a unified user database and access lists (to keep private sections away from the public), making Site Crossing useful as an adjunct to an existing site. Site Crossing also provides full email, FTP, and Web services, making it possible to build an entire Web site around Site Crossing.

<http://www.sitecrossing.com/>

The Basic account costs $8 per month for 3 of the interactive services, 1 GB of storage space, and 10 GB of data transfer per month. The $14 per month Standard account offers 6 interactive services, 2.5 GB of storage space, and 20 GB per month of data transfer. Lastly, the Advanced account will set you back $22 per month for 12 interactive services, 6 GB of storage space, and 30 GB of data transfer per month. If you need even more, full-fledged Web Crossing hosting is available. You can also purchase your own private domain name and have Web Crossing host it for $20 per year. You can try Site Crossing for free for 30 days, so it’s easy to see if it will meet your specific needs.

Obviously, there are oodles of companies offering Web hosting plans with a variety of features and at a variety of price points, but I think Site Crossing and its interactive features are worthy of consideration particularly by clubs, schools, and other small groups without a lot of resources or technical experience. Such groups often run into difficulties with the decisions of where to host a Web site that won’t disappear with a volunteer, and with the problem of technically sophisticated members leaving. I can think of a few organizations we’re involved with that could use such a service.

Leaving aside all the legal and ethical considerations of downloading unauthorized music from the Internet, one of the things that’s always bothered me is the horrible metadata that most shared tracks seem to have. It’s entirely common to end up with files with barely descriptive names and completely blank ID3 tags for the artist and album. I hate that. I also dislike the duplicates that can results from accidentally importing tracks multiple times, which is all too easy with multiple people sharing the same library, as Tonya and I do. Call me a neat freak, but I can’t stand a messy database, and the iTunes Library is essentially a database of track information.

It was time to clean house.

Clearing Duplicates — I started with a new feature in iTunes 4.7: the Show Duplicate Songs command in the Edit menu. It’s a little brain-dead, in that it appears to match only on track name, but it’s better than nothing. iTunes identified over 200 duplicate songs, most of which were legitimate duplicates stemming from greatest hits albums, covers by other artists, or poor song names. Ideally, the Show Duplicate Songs feature would evolve to give the user additional control, so I could, for instance see only songs with the same name, artist, and album, and only then if they were the same length. Nonetheless, it was useful for clearing out a few complete duplicates.

Identifying Unknowns — After removing the duplicates, I was still left with 121 tracks that had incomplete metadata and thus offended my sense of order. Some were authorized tracks I’d downloaded from artist Web sites, others were tracks I’d downloaded because I own the record albums, a few were samples from various venues, and a number were entirely unidentifiable (even when I listened to them).

I didn’t want to put the effort into listening to each track with incomplete metadata and manually updating the tags. Instead, I downloaded Jay Tuley’s free iEatBrainz utility (1 MB download), which attempts to match the musical fingerprint of a track in iTunes with one in the MusicBrainz database, a Web-based database of fingerprints and metadata for over 2.5 million songs. It’s a clever idea and I was curious about how well it would work.

<http://www.indyjt.com/software/? show=ieatbrainz#ieatbrainz>

<http://www.musicbrainz.org/>

I selected the 121 tracks in my library that lacked artist or album tags, and then I fed them to iEatBrainz to see if it could find a match. It wasn’t exactly speedy, and its fingerprint matching algorithm wasn’t terribly accurate, but in the end, iEatBrainz managed to present me with what seemed like correct metadata for 54 of the 121 tracks. Many of the rest it couldn’t find at all, and for some it guessed completely wrong. But hey, 54 out of 121 is way better than nothing.

Filling in the Blanks — I was still left with a nagging feeling that the metadata in my iTunes Library wasn’t as complete as it could be. iTunes ships with a sample smart playlist called "60’s Music" that looks for tracks whose year is between 1960 and 1969. But although I have a lot of music from the Beatles, Doors, and Simon & Garfunkel, that smart playlist contained only 41 tracks. For whatever reason, when I’d ripped my CDs years ago, the CDDB didn’t give me the year information. And, of course, I was lacking artwork for most of my albums, the ripping of which predated the appearance of that feature in iTunes.

I’d come across LairWare’s $20 MPFreaker, and decided to give it a spin. MPFreaker promises to fill in the blanks in your iTunes metadata, downloading better information from online databases. MPFreaker can fix nearly everything related to a song, including title, album, artwork, genre, year, and track number. You can feed MPFreaker a few songs manually, point it at a playlist, or give it your entire iTunes Library. I was unsure of what it would do, so I started with a few songs, tested a small playlist, and then I finally bit the bullet and ran it against my library. In each case, MPFreaker worked fine, although I was careful not to check the Overwrite checkbox for each of the pieces of metadata that MPFreaker can update, figuring that any data I already had was fine.

<http://www.lairware.com/mpfreaker/>

MPFreaker performed wonders, adding year and artwork information to many – though not all – of my songs. It wasn’t particularly fast, but considering I had handed it 4,100 songs to check, I was neither surprised nor bothered. One slight oddity did present itself; after the first run, my 60’s Music smart playlist had grown to over 200 songs. But when I created another smart playlist to see how many tracks still lacked year information, there were nearly 900. A second run of MPFreaker picked up year information for a number of additional songs; I’m not entirely sure why.

As long as you’re careful not to overwrite data mistakenly, and you don’t mind the occasional low-resolution artwork, MPFreaker is a fabulous utility for cleaning, regularizing, and filling in the blanks in your iTunes Library. You can try the demo on three songs per launch; otherwise it’s a 2.4 MB download.

Now, if you don’t mind, I need to go listen to my database.

Like many people, Tonya and I sometimes have trouble falling asleep at night. We do interesting work, and we have oodles of ideas for the future, so it’s all too easy to let those thoughts start cycling through our brains when we should be going to sleep. Annoyingly, the problem is exacerbated by working long hours; the later in the evening we work, the closer to the surface all the work thoughts are, and the harder it is to catch some shuteye. And, of course, if we lose sleep because of work-induced insomnia, our efforts the next day suffer.

But we’ve stumbled across a tremendously effective solution to this problem, all thanks to the iPod, which until now we’ve used primarily in the car and as an alarm clock (in conjunction with a Tivoli Audio Model 3 with a satellite speaker).

<http://www.tivoliaudio.com/product.php? productid=145>

<http://www.tivoliaudio.com/product.php? productid=147>

Books in the Car — At Thanksgiving, we were driving to New York City to spend the holiday with relatives, and since it’s a 4-hour drive, I wanted to have some audio books to listen on the way. A friend had given me a referral code to Audible.com that provided me with two free books, so I downloaded an unabridged version of "A Short History of Nearly Everything," by Bill Bryson, whose travelogue about Australia, "In a Sunburned Country," I’d enjoyed hugely. "A Short History of Nearly Everything" is a popularization of numerous fields of science, ranging from cosmology to geology to biology, and I highly recommend both it and Bryson’s mellifluous writing in general (the first two links point to the iTunes Music Store; the second two to paper copies of the books on Amazon).

<http://phobos.apple.com/WebObjects/MZStore.woa/ wa/viewAlbum?playlistId=3255416& amp;selectedItemId=3255416>

<http://phobos.apple.com/WebObjects/MZStore.woa/ wa/viewAlbum?playlistId=2629292& amp;selectedItemId=2629292>

<http://www.amazon.com/exec/obidos/ASIN/ 076790818X/tidbitselectro00/ref%3Dnosim/>

<http://www.amazon.com/exec/obidos/ASIN/ 0767903862/tidbitselectro00/ref%3Dnosim/>

Books in Bed — We didn’t end up with much time to listen to the audio book in the car over Thanksgiving, so it was still on the iPod when we returned home. Then came a 2-week period in which we released three Take Control ebooks and worked late almost every night. After a few days of this, Tonya came downstairs around 10:30 PM and moaned that she needed to relax so she could sleep, but she didn’t want to watch television because most of the shows we enjoy tend to induce stress on their own, nor did she want to read a book after a long day of staring at the computer screen. Without even appreciating what I was saying, just scratching the itch of an unfinished book, I suggested we could listen to the Bill Bryson audio book. Tonya was dismissive at once: "But it would put me to sleep instantly!" And then I realized. "Isn’t that the goal?"

So we got ready for bed, set the iPod for a 15-minute sleep timer (which causes the iPod to shut off automatically, remembering its position in the current track), and started the audio book where we last remembered listening. I think Tonya was awake for approximately 45 seconds, and while I lasted a bit longer (I’m one of those people who never falls asleep reading or watching TV), I was surprised the next night at just how far I had to rewind to return to where I remembered the story.

Since then, we’ve listened to the audio book nearly every night, and Tonya refused to let me take the iPod to Macworld Expo, since she has even more trouble falling asleep when I’m traveling. She fully admits that she’s retaining almost nothing, since she falls asleep so quickly, and although I’m keeping more of it in my head, my recall is highly spotty. Despite childhood dreams of learning in one’s sleep, it’s just not happening. Tonya claims she sees no reason to listen to any other audio books, since she remembers almost none of this one, so she would be perfectly happy to pick up other several-minute chunks of it on subsequent listenings.

As to why listening to this audio book works so well for helping us fall asleep, I can only speculate. The act of listening seems to quiet the voices in our heads, the ones that are busy cycling through what’s on the schedule for the next day, who we should send email to about what, and how we might accomplish certain tasks. Once those voices have been silenced, it’s easier to let go of the day and drift into sleep. Tonya thinks she’s falling into a deep sleep sooner too, which has the added benefit of enabling her to wake up earlier than before.

It’s entirely possible that our experience was a stroke of luck, since I wouldn’t be surprised if this particular audio book was just about perfect for helping us drop off at night. It’s non-fiction, and although Bryson tells stories, they tend to be short and self-contained, so you aren’t trying to stay awake to find out what happens next. A pot-boiler might not work. At the same time, we both have scientific backgrounds and sufficient interest that we want to listen; a dull book might simply become droning background noise. Also, the reader (not Bryson himself) is an Englishman, with a pleasant accent; although I’ve never listened to an audio book with a terrible reader, I understand they exist. Someone with a grating voice would undoubtedly be problematic.

In the end, I’m mainly surprised that such a prosaic combination should prove so life-changing. We’ve had the iPod for almost a year, and although this was the first audio book we downloaded from Audible.com, I had certainly planned on doing so for car trips. And while we’ve used the iPod to play music in the bedroom through the Tivoli Audio Model 3, using the sleep timer to listen to music wasn’t sufficiently engaging to clamp down on those voices in our heads. The combination we hit upon may not involve glamorous new technology (and would likely work with plain old cassette tapes as well), but it is highly effective. So all I can say is that sometimes great solutions to tough problems are in plain sight all along. If you too have trouble nodding off, give the iPod and audio book combination a try.

One of our goals for the Take Control ebooks was to be able to produce books and updates shortly after new software appeared. Late last week, we released the first two titles to cover GarageBand 2.0, part of the new iLife ’05 suite. It’s nice to avoid waiting for printing, binding, and shipment times to get timely information out the door.

<http://www.tidbits.com/takecontrol/news/>

Take Control Ebooks First To Cover GarageBand 2.0 — Author Jeff Tolbert and the Take Control crew burned some midnight oil to produce these ebooks so quickly, and we are pleased to bring you our take on GarageBand 2.0 in the form of the second editions of both "Take Control of Making Music with GarageBand" (how to mix your creative talents with GarageBand’s loops and effects) and "Take Control of Recording with GarageBand" (real-world advice for how to get great results recording instruments with GarageBand).

<http://www.tidbits.com/takecontrol/garageband- music.html>

<http://www.tidbits.com/takecontrol/garageband- recording.html>

"Take Control of Making Music with GarageBand" grew significantly, adding 17 pages. Notable changes include info about using GarageBand 2.0’s cool new notation view, a look at pan curves (they make dynamic panning a snap!), and coverage of several new (and more advanced) techniques for working with loops. The ebook also discusses the new track locking feature, which reduces GarageBand 2.0 CPU usage and prevents you from accidentally messing up a track.

If you purchased "Take Control of Making Music with GarageBand" before 01-Dec-04, you may upgrade for $2.50: click the Check for Updates button on the first page of your current copy of the ebook and purchase using the Buy button at the bottom of the Web page that loads in your browser. Those who purchased on or after 01-Dec-04 may upgrade for free; if we have your email address and were able to get email through to you, you should have an email message from us about how to download your free update. If not, check your spam filter and then (if necessary) contact us using the form on our FAQ page.

<http://www.tidbits.com/takecontrol/faq.html>

Important changes in "Take Control of Recording with GarageBand" discuss new features in GarageBand 2.0, including multitrack recording, Bass Amp and Vocal Transformer effects, and the built-in tuner. The update is free to all owners of version 1.0 of the ebook. To get your update, click the Check for Updates button on the first page of your ebook and use the download link on the Web page that loads in your browser.

Joe Kissell Interviewed on Your Mac Life — Want to hear Joe Kissell talking about Take Control and Mac OS X backups? Me too – it’s always fun to hear what other people say about you on the radio. Last week, Joe was on Shawn King’s Your Mac Life program, and you can listen to the archive via QuickTime Player. The whole program is a couple of hours long, but if you don’t have time to listen to the entire thing, Joe starts at about 46:30 in and returns at about 1:18:00.

<http://www.yourmaclife.com/article.php? story=20050224092123814>

<http://www.tidbits.com/takecontrol/backup- macosx.html>

AAUG Reviews "Take Control of Buying a Mac" — Thanks to the Alaskan Apple Users Group for yet another review of our Take Control ebooks. This time, my "Take Control of Buying a Mac" garnered their 4.5 moose rating (I love the concept of the moose as a unit of measurement). Their criticisms are perfectly accurate; I don’t mention the Apple Store for Government Employees or the Mac mini, but both are slated for the next revision. In fact, I’ve put a few notes about changes the Mac mini will require on the book’s Updates page; just click the Check for Updates button on the first page of your copy of the ebook to see them.

<http://www.akappleug.org/rev/456.html>

<http://www.tidbits.com/takecontrol/buying- mac.html>

The second URL below each thread description points to the discussion on our Web Crossing server, which will be faster.

iPod shuffle Performance Problems — Does the iPod shuffle perform notably more slowly than other flash drives when used for copying and deleting data? (7 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2482>

<http://emperor.tidbits.com/TidBITS/Talk/340>

Sharing iTunes but with different ratings for songs — What do you do for ratings when you and your wife have diverging tastes in music but want to share the same iTunes Library? (4 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2491>

<http://emperor.tidbits.com/TidBITS/Talk/349>

iPod updates (and iPod photo redux) — TidBITS Talk readers share their impressions of the new iPod mini and iPod photo models. (4 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2486>

<http://emperor.tidbits.com/TidBITS/Talk/344>

Apple Store (iPod) experience — Apple does right by a reader who had ordered a 60 GB iPod just before the price drop. (3 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2485>

<http://emperor.tidbits.com/TidBITS/Talk/343>

Can two users share one iPod? The subject speaks for itself, and readers answer the question. (3 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2489>

<http://emperor.tidbits.com/TidBITS/Talk/347>

Problems with VERPs — VERPs, or variable envelope return paths, an approach for managing bounces on mailing lists like ours, might run into problems with challenge-response systems. Then again, it’s up to the person using a challenge-response system to make sure that mail from lists gets through. (3 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2484>

<http://emperor.tidbits.com/TidBITS/Talk/342>

Best Unix for old 68k and PPC Macs? More proof that old Macs don’t die, they transmogrify. Readers submit suggestions for running Unix variants on old machines. (30 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2478>

<http://emperor.tidbits.com/TidBITS/Talk/336>

Migration help for switchers? A recent Mac convert needs help migrating email and other data from Windows, and the TidBITS Talk readership springs into action. (7 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2481>

<http://emperor.tidbits.com/TidBITS/Talk/339>

Wireless iPod feasible — How realistic is it to expect a wireless iPod that can download music from anywhere? And if a service were to exist, would it increase the amount of music bought legally due to the ease and immediate gratification it could provide? (16 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2483>

<http://emperor.tidbits.com/TidBITS/Talk/341>