Our content goes on the road this week, with Travis Butler rejoining us for a look at a new iPod FM transmitter and Glenn Fleishman laying out all the security options he uses to protect his data traffic while traveling. Matt Neuburg covers worthy updates to the CSS editor Style Master, Eastgate Systems’ Tinderbox, and PTHPasteboard, and we note Security Update 2005-003 and Apple’s revisions to Pages and Keynote. Be sure to enter our DealBITS drawing for a new HTML authoring tool: GoodPage!
Security Update 2005-003 Released — Apple today released Security Update 2005-003, a collection of fixes for Mac OS X 10.3.8 and Mac OS X 10.3.8 Server. Included in this package are updates to AFP Server, Bluetooth Setup Assistant, Core Foundation, Cyrus IMAP, Cyrus SASL, and Mailman. It also addresses a few permissions issues that could enable malicious access to files and folders. And, Safari is updated to handle the problem with Unicode characters used in domain names (see "Don’t Trust Your Eyes or URLs" in TidBITS-766). Security Update 2005-003 is available via Software Update as a 15.4 MB download, or from Apple’s software downloads page. [JLC]
Tinderbox Keeps Getting Smarter — Eastgate Systems’ Tinderbox has been upgraded to version 2.4. Tinderbox (see my review in TidBITS-651) is a superb way to create heavily hyperlinked text; text snippets are stored in a hierarchical structure and can be exported as Web pages. I used Tinderbox to create the online help for the Perl editor Affrus, which blogger John Gruber has called "the finest software documentation," in part because it is "cross-linked out the ying-yang." Tinderbox 2.4 makes outlines smarter by permitting any entry to have a rule for updating itself periodically; for example, if you’re using Tinderbox to maintain a to-do list, a parent item (representing a category or group of tasks) might have a rule that its "completed" attribute should be true if and only if the "completed" attribute of all its children (the actual tasks) is true. There are also many small bug fixes and aesthetic tweaks, and Tinderbox’s Web-page export continues to evolve strongly. Tinderbox runs in both the classic Mac OS (Mac OS 9.2 recommended) and Mac OS X 10.0 and later. Tinderbox costs $165, plus $70 annually for free updates. A demo version is available for download. [MAN]
Pages 1.0.1 and Keynote 2.0.1 Updates Released — Apple updated its iWork suite last week, bumping up Pages (the word processor for the rest of us) and Keynote (the presentation program for Steve Jobs’s keynote addresses, and, you know, the rest of us who would prefer to not use PowerPoint). The sparse notes accompanying the updates point to issues "that may have affected reliability for some customers". The Pages update also fixes a problem when deleting entire pages. Both updates are available now via Software Update; Pages 1.0.1 is a 28.3 MB download; Keynote 2.0.1 is a 21.8 MB download. [JLC]
PTHPasteboard Returns, Better Late than Never — Mac OS X 10.4 Tiger could ship any time, so the reign of Panther is nearly over. But users of Paul Haddad’s free PTHPasteboard will be glad to hear the news anyway: PTHPasteboard, a wonderful free utility that keeps track of things you copy in any application so that you can paste any recently copied item later on (and not just the most recently copied item), has at last been updated for Panther.
When Haddad went to work for You Software, the terms of his employment dictated that he had to stop working on PTHPasteboard (because the code was to be rolled into You Control). At that time, Panther had not yet emerged; when it did, it broke PTHPasteboard, and by the terms of his contract, Haddad wasn’t allowed to fix it. Now, however, he has left You Software and brought the rights to PTHPasteboard with him. So, one of his first moves has been to make PTHPasteboard work on Panther. Next up: PTHPasteboard 4.0 for Tiger! [MAN]
In the early days of the Web, we saw the rise of simple graphical HTML editors like Claris HomePage, Symantec’s Visual Page, and Adobe’s PageMill. Those applications defined a useful niche between the text-only HTML editors like BBEdit (still preferred by many) and the powerful (and expensive) Web authoring tools like Adobe GoLive and Macromedia Dreamweaver. Useful and obvious though that niche may have been, all those early programs died off, leaving many people using programs with which they were uncomfortable. A few low-end Web authoring tools have popped up over the years, but none has become as well-known as those first programs.
As a result, when I received an email message from Izidor Jerebic, wanting to offer TidBITS readers a chance to win a copy of his company’s new graphical HTML/CSS (Cascading Style Sheets) authoring tool, called GoodPage, I was intrigued. The program offers code, structure, and browser (via Apple’s WebKit) views of your document; can present the different views simultaneously; and allows WYSIWYG selection and navigation between views. GoodPage provides site management via FTP, SFTP, WebDAV, or any mounted folder (such as a .Mac iDisk). It can display the differences between the remote site and your local copy and update the remote site with either all or only select files. On the code side, GoodPage supports all HTML and XHTML versions, and it has integrated HTML and CSS validation, so you can be sure your code is correct. GoodPage requires Mac OS X 10.3 or later.
I’ve been spending a lot of time over the last week learning CSS for an update to our Take Control Web site, and as much as I like using BBEdit 8 and its live preview window for HTML work, I’m looking forward to seeing if GoodPage can simplify some of the aspects of CSS that have caused me significant headaches this week (I had no idea the extent to which wacky hacks were necessary to get all versions of Internet Explorer to play nice with CSS!). TARI, the small European company that makes GoodPage, offers a 30-day free trial version, so you can give the program a test drive while waiting to see if you’ve won a copy.
Lastly, remember our new way of increasing your chances of receiving a prize. On the confirmation Web page and in the email confirmation message that entrants receive, you’ll see a custom URL that you can send to friends and colleagues so they can enter the drawing, too. If our randomly chosen winner entered using your referral URL, you’ll receive exactly the same prize. The more people you refer, the more likely it is that you’ll win a prize, so feel free to distribute your referral URL widely (without acting like a spammer, of course!)
Western Civilisation’s flagship product, Style Master, is a CSS editor. You don’t use it to create Web pages; you use it to create the look of Web pages – the font, size, color, and layout of the various elements that constitute your Web pages, as dictated though a CSS "style sheet." Style Master is my ideal of a program that knows a big complicated language so that you don’t have to; you do see the actual CSS, but you can interact with it through pop-up menus and checkboxes that list the appropriate options and generate the correct syntax.
The big question as you work with CSS is always how your CSS code is reflected in the appearance of an actual page as rendered in a browser. Style Master has always permitted you to preview your style sheet in conjunction with any Web page in any browser; but the new version, 4.0, goes one better. The rendering of a Web page can be previewed in conjunction with your style sheet right in Style Master’s own window (the Design Pane), and then, when you click a rule in your style sheet, any regions affected by that rule in the Design Pane preview are highlighted. Furthermore, it works the other way as well: click anywhere in the Design Pane preview rendering, and Style Master tells you whole containment hierarchy of elements for the spot where you clicked, plus it highlights in the style sheet all the rules that govern the appearance of that part of the Web page.
So, now you’ve no excuse for not generating gorgeous Web pages, gorgeously coded; plus Style Master itself is also more gorgeous than ever, thanks to numerous interface improvements. Style Master 4.0 is a $30 upgrade for current users; a new copy costs $60. A 30-day demo is available for download.
FM transmitters aren’t the perfect way to listen to an iPod in a car, but sometimes they’re the best option. Cassette adapters give better and more reliable sound, but work only when the car actually has a cassette deck (an option that’s hard to find these days on new cars). A direct auxiliary input gives even better sound, but such inputs are even more rare than cassette decks. A custom-designed iPod interface (such as found in some models of BMW cars) is coolest of all, but expensive, and no good if you drive multiple vehicles, as I do at work. An FM transmitter works with any FM radio, and is small and easily carried between cars. So, while an FM transmitter may not provide the best-sounding iPod audio, it is the most universal.
The last time I reviewed FM transmitters for TidBITS, my overwhelming favorite was the Griffin iTrip (see "Taking an iTrip: Three FM Transmitters" in TidBITS-681). Its performance wasn’t anything to cheer, but it was about as good as the others I looked at on any given frequency – and it worked on more frequencies than one competitor and with greater precision and reliability than the other, despite its clever but Rube Goldbergian tuning method. However, the iTrip’s biggest assets are two design features: it draws power from the iPod, eliminating the need for batteries; and the iTrip itself is so small and light that it can be carried as a clip-on to the iPod almost as easily as carrying the iPod by itself. Several FM transmitters have come on the market since my original review, with varying combinations of features, but none of them could match the iTrip’s design.
Of course, that must have changed, or I wouldn’t be writing this review. At January’s Macworld Expo, XtremeMac came out with the AirPlay, their own clip-on FM transmitter which draws power from the iPod.
Design — The AirPlay doesn’t fit together with the iPod as well as the iTrip does; it’s taller, and it doesn’t extend across the width of the iPod, leaving me with the uneasy (if probably unjustified) feeling that it’s more likely to break off if banged around. An iPod or iPod mini plus the corresponding iTrip looks and feels like one piece; the AirPlay hangs off awkwardly by comparison. However, its design boasts a couple advantages over the iTrip: the same unit fits both the regular iPod and the iPod mini, and it gives you access to the Hold switch.
The AirPlay also has one feature the iTrip can’t touch: a built-in display with a digital tuner that’s manually controlled. The last feature wasn’t enough to tempt me on other transmitters, which, when compared with the iTrip, were often bulky and unwieldy. On a slim, clip-on transmitter like the AirPlay, the manually controlled digital tuner makes all the difference in the world.
The iTrip’s digital tuning feature, which operates via special MP3 files on the iPod and displays on the iPod’s screen, was a quantum leap over the analog tuner in another transmitter I tested. Instead of trying to turn a dial a fraction of an inch to lock in on a frequency, I could pick and set any specific frequency with relative ease using the iPod’s controls. The iTrip manages this, on a device with no moving parts, through a series of encoded sound files, one per frequency; playing the appropriate file through the iTrip sets the frequency.
Unfortunately, while clever, this method has problems. Changing frequencies means interrupting what you’re playing to use a tuning file. It also makes hunting for a new frequency somewhat tedious; play a frequency file, return to the previous menu to play a song to test the new frequency, go back to play another frequency file if the previous one didn’t work well, etc. For this reason, tuning with the AirPlay is as much a quantum leap over the iTrip as the iTrip was over an analog tuner; the AirPlay and radio can be adjusted together with precision while your song keeps playing.
Performance — I wrote a fairly extensive description of FM transmitter performance issues in my prior review, and I recommend that you go back and read it, because things haven’t particularly changed since then. In a nutshell, transmitter performance is highly variable; the number of local radio stations, layout of nearby buildings, model of car and location of the radio antenna, and even where the iPod is sitting in the car can cause significant shifts in performance.
The AirPlay, alas, is no different. In several weeks of testing, including lots of driving around Kansas City and a couple of longer road trips, the AirPlay performed comparably to the iTrip; at times it seemed to handle some spots a bit better, at other times a bit worse, but at all times the differences were so small that it could easily have been my imagination. In other words, don’t start looking at the AirPlay thinking it’ll crank out a stronger signal; its advantage over the iTrip lies in doing a better job of finding a usable station, just as the iTrip had the same advantage over the competitors I tested against at the time. (The same fact would be true of other transmitters with a manually operated digital tuner, by the way. The AirPlay’s advantage is that it’s the first transmitter to combine a manually operated digital tuner with the size and battery-free operation of the iTrip.)
Conclusions — The iTrip is still the most elegantly packaged FM transmitter; in standard and mini versions, it fits with appropriate iPods as if they were designed together. The AirPlay is a bit clumsy by comparison. (To give a specific example: when charging the iPod through the dock connector, I could rest the iPod and iTrip combination on its "head" while it charged. If I tried that with the iPod and the AirPlay, it would probably fall over.) The AirPlay also lists for $40, $5 more than the iTrip, and the iTrip can frequently be found on sale for another $5 to $10 off. But in the end, the AirPlay fixes the iTrip’s one major flaw while retaining most of the iTrip’s design advantages. I liked the iTrip a lot and in a way am sorry to see it topped, but until something better comes along, the AirPlay is now my tuning companion of choice.
PayBITS: If Travis’s review helped you decide which FM
transmitter to buy, say thanks with a few bucks via PayBITS!
Read more about PayBITS: <http://www.tidbits.com/paybits/>
I spent five days in Austin last week at South by Southwest Interactive (SXSWi), the digital media and politics cousin to the music festival, which started the day I left town. I used Wi-Fi service in Seattle, Denver, and Austin airports along the way, as well as at my hotel and the SXSW venue, the Austin Convention Center.
What I didn’t do is expose my passwords, my browsing habits, my email, or my FTP transfers to anyone who might have been watching my traffic. I used a variety of encryption methods to make sure that nothing I did was easily snoopable, because all of the networks I used were public.
While I don’t stay up at night worrying about whether someone intercepts my non-secured Web page interactions, I am concerned that my passwords for those pages could be scooped up. Most transactions you carry out using dedicated software don’t include any default protection of your password, much less the data you’re sending. So when you send email, upload via FTP, use a Web site that has a non-secured login, or use Netopia’s Timbuktu Pro 7 or earlier, your password is just out there to be snatched.
Are people sniffing? You bet. Especially at a technology conference. They might be sniffing as a hobby, or they might be simply amoral or even actively malicious. You have to assume that out of several hundred people, one person is monitoring traffic using free and freely available software, and thus you’re at risk.
There are two main approaches to encryption that you could wind up using: transactions and sessions secured with Secure Shell (SSH) or Secure Sockets Layer (SSL) technology, and all-encompassing network encryption with a virtual private network (VPN) connection. (SSL is also known as TLS, or Transport Layer Security; the former was its name under patent, while the latter is its "freed" name.)
Like a Signet Ring for Email — More and more software comes with encryption built in, requiring a similar piece of software on the other end that also supports encryption. For email, I now secure both incoming and outgoing messages along with the passwords that allow me to send and receive email.
My email host is FastMail, which secures incoming POP (Post Office Protocol) and IMAP (Internet Message Access Protocol) and outgoing authenticated SMTP (Simple Mail Transfer Protocol) using SSL, the same encryption that’s been protecting Web pages for nearly a decade. (Authenticated SMTP lets you send email from anywhere by logging in to an outgoing mail server just as you would to an incoming one, but the encryption it uses for passwords (and only for passwords!) is considered weaker than SSL.)
Virtually all Macintosh email applications support SSL for POP and SMTP and most for IMAP, including Apple Mail, Eudora, Entourage, and Mailsmith, to name the four most popular. Enabling SSL email involves little more than toggling a few checkboxes and sometimes using an alternate port number.
I pay FastMail $40 per year for three gigabytes of monthly email and file transfer and 2 GB of storage. Free FastMail users can use only SSL for IMAP, along with secure webmail. Paid users have access to SSL for POP, IMAP, and SMTP. (It can be difficult to find the setup and troubleshooting FAQ for SSL on FastMail, so I’ve provided the link below.)
Some other mail providers, such as even Google’s free Gmail service, include SSL, too, but usually in a more limited way. Gmail supports secured POP and SMTP, for instance. Oddly, very few ISPs offer secured email; in fact, please let me know if yours does!
Securing Other Services — If you’re like me, and I suspect you are, you may wind up using a half dozen different Internet-based services in an average day, and that’s no different on the road. You might use FTP to upload a file, Timbuktu Pro to control a machine remotely, and instant messaging to conduct some conversations. Each of these services can be secured directly with the right software.
Secure FTP uses SSH to encrypt a connection between an FTP client, like Interarchy or the beta version of Fetch 5, and a server that supports SFTP. If you’re connecting back to a Mac, go to System Preferences > Internet > Services and check Remote Login. This enables SSH, and, it turns out, SFTP. You don’t need FTP Access turned on for this to work because SSH triggers a special application under Mac OS X and similar Unix, Linux, and BSD variants.
Timbuktu Pro 8 added SSH support, as well, which is a great boon when you need its abilities on public networks (see "Timbuktu Pro 8.0 Finally Adds Encryption" in TidBITS-769). Timbuktu Pro would always be harder to crack because sniffers would need more specialized software to view transactions, like file transfers or mouse movements, but the password transfer by itself would enable an intercepted transaction to turn into remote control of a computer. To use SSH with a Mac OS X computer, Remote Login must be turned on and you must set up a Mac OS X user login within Timbuktu Pro 8.
Depending on the instant messaging service, everything you send from password to emoticons is passed in the clear. That’s why I recommend Skype. It’s free and has a robust Mac OS X client that supports text messaging and phone calls using voice over IP (VoIP) with up to five other people conferenced in with you. And it’s all encrypted. However, Skype won’t discuss its encryption, so we don’t know long-term whether it’s reliable. But for right now it’s certainly a good option.
Hiding All Your Traffic — Because I use so many Internet services, I went full bore and turned on a VPN server in my office. When I connect from my computer to the VPN server, every piece of data entering and leaving my machine is encrypted as it passes over the network. This means there’s no unencrypted data in transit that someone can sniff.
I discovered at SXSWi that Rendezvous traffic bypasses the VPN because it’s considered local traffic, and this is fine as Rendezvous services typically don’t expose any passwords. But if you’re iChatting over Rendezvous, your messages would be sent in the clear. Remember, though, that unless both you and the other party have a VPN enabled, your conversation would be in the clear on one side or the other.
VPN servers used to cost thousands of dollars, but the Buffalo Wireless Secure Remote Gateway has a simple VPN server for a few dozen users built in, and it costs between $140 and $200.
You can use the Buffalo gateway in Mac OS X 10.2 Jaguar or later because it relies PPTP (Point to Point Tunneling Protocol) for encapsulating and encrypting your network data. Launch the Internet Connect application to create a PPTP connection. The Buffalo gateway requires an IP address reachable from the rest of the world, whether static or a dynamic one mapped through dynamic DNS.
There are services that let you rent VPN access as well. HotSpotVPN.com, for instance, offers an $8.88 per month unlimited usage rate that’s compatible with Jaguar and later versions of Mac OS X.
Keeping It Real: Real Private — I hate to sound paranoid. I don’t think anyone wants my personal information. But I do know that plenty of people want as much private data as they can find for whatever purposes they choose to put it to. Windows viruses running on a Wi-Fi network you’re connected to, for instance, could constantly scan the Wi-Fi network for account names and passwords and send them back to a remote cracker for later use.
I like to keep my passwords close and any potential enemies – impersonal or not – far away. Using encryption sensibly keeps attackers at bay.
Although we hear from many Take Control ebook readers, we also enjoy reading reviews of the ebooks to see how we can improve upcoming titles and revisions. If you’re interested in reviewing any of our books for a publication, just contact us via the form on our FAQ page and we’ll see about sending you a review copy.
Alaskan Apple Users Group Reviews More Ebooks — These folks just don’t slow down. Thanks to the Alaskan Apple Users Group for reviewing Glenn Fleishman’s Take Control of Your AirPort Network and Matt Neuburg’s Take Control of What’s New in Word 2004: Advanced Editing & Formatting. Both titles picked up the coveted 5-moose rating, and the reviews are worth a read for anyone considering the books.
The second URL below each thread description points to the discussion on our Web Crossing server, which will be faster.
DRM to force repurchasing — Digital rights management (DRM) is intended to be a hindrance to illegal copying, but it also obstructs honest consumers’ capabilities to use the media they purchase legally. For example, when moving from one DVD encoding region to another (such as from the United States to Australia), you may need to repurchase DVDs that work in players of the new region. (6 messages)
A restricted musical future? When buying music from the iTunes Music Store (or any other online music service that employs DRM), will you be able to use those songs in the future? And will they be of sufficient quality? (26 messages)
In-house Radio Transmitters — One way to broadcast music throughout the house (aside from very large speakers, of course) is to connect a radio transmitter to your Mac, which can pass its signal along to any radio within range. Readers look at several options. (7 message)
Cloning old OS 9 disk with Panther upgrade — When upgrading an old PowerBook G3 to Mac OS X, what’s the best way of preserving Mac OS 9 as both a backup and a bootable volume? (8 messages)
Web Form Filling Software — Readers suggest options for storing Web form information, including built-in options of several Web browsers. (4 messages)
Turbo Tax problems — It’s tax time again in the United States, and that means wrangling with tax software. (1 message)
DNS on 10.3.8 Client edition for Dummies? A reader is looking for an easy-to-use guide for setting up domain name service on a home network. (1 message)