Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue
Glenn Fleishman follows up on last week's article about the homograph security exploit, and Matt Neuburg contributes a pair of articles: a look at QuicKeys X3 and a review of Zengobi's curious Curio. Then Adam explains what happens if your email address rejects a TidBITS issue or bounces it back - and how to recover if you stop receiving issues due to too many bounces. In the news, our server moves are nearly done, and we look at the release of LaunchBar 4.
Copyright 2005 TidBITS: Reuse governed by Creative Commons license
<http://www.tidbits.com/terms/> Contact: <firstname.lastname@example.org>
This issue of TidBITS sponsored in part by:
READERS LIKE YOU! Help keep TidBITS great via our voluntary
contribution program. Special thanks this week to Tom Farrell,
David Laffitte, and Bob Dalsemer for their generous support!
SMALL DOG ELECTRONICS: Mac OS X & iLife '05 - $189
Apple Bluetooth keyboard, mouse, & adapter - $155!
Free Gift with iMac G5 Purchase; 20" Cinema Display - $795
Visit: <http://www.smalldog.com/tb/> 800-511-MACS
GET FETCH FOR FREE! Fetch Softworks makes Fetch, the original
Macintosh FTP client, free for educational and charitable use.
Apply today at <http://fetchsoftworks.com/edapply>!
Dr. Bott, LLC: There's still time to get your favorite student
some new back to school gear for her PowerBook: whether it's
the agile SportFolio or the svelte CEO Milano, Marware makes
the ideal case for your 'Books. <http://www.drbott.com/>
Web Crossing: Did you know Web Crossing supports Podcasts?!?
We can only guess what you'll podcast, but we're sure it'll be
cool. Podcast tutorials, reports, or entertainment, using RSS,
from blogs or discussions. <http://www.webcrossing.com/tb-205>
iPod Armor takes the abuse, so your iPod doesn't have to!
Rugged aluminum construction keeps iPod safe from scratches
and other random daily hazards. Your iPod is always safe in
iPod Armor. <http://ipodarmor.com/index.php?refID=5>
Circus Ponies NoteBook: Never lose anything again. NoteBook
keeps your digital life organized. Take notes, clip content,
share information. Find anything instantly with automatic
index pages. Free 30-day demo! <http://www.circusponies.com>
Awarded 4 mice by Macworld, Nisus Writer Express 2.1
is the writer's word processor that is both powerful
and easy to use. Use coupon code "TidBits" and receive
a $10.00 discount! <http://www.nisus.com/in/tidbits/>
Bare Bones Software BBEdit 8.0 -- More than 100 new features
and improvements including Text Factories, Codeless Language
Modules, a Documents Drawer, and much more! To download a
demo or to purchase a copy, visit <http://www.barebones.com/>.
Server Moves Almost Complete -- We were one-for-two with our server moves last week. I had specifically asked Chuck Goolsbee of digital.forest to move our main Xserve during the day so I could baby sit the shutdown and startup procedures (he was initially going to move it at what would have been 2:30 AM my time to reduce the impact of the downtime). That was the right call for my beauty sleep; there were no problems I had to fix, and since Chuck didn't hit bad traffic or other problems, we were down for only about an hour.
On the other hand, Geoff Duncan's move of our article database and search servers to his new digs was plagued by gremlins: the power supply on his main Web server failed (a solitary "click" is not the sound you want to hear when turning on a Mac), his dual-Ethernet-equipped Power Mac refused to bridge his internal and external networks for inexplicable reasons, and he couldn't focus on the problems immediately because he had to move all his other worldly posessions the next day. Geoff's subsequently brought up a Power Mac G3 (Blue & White) in place of his main Web server and bridged his networks using a Linksys router, but he's still ironing out the wrinkles introduced by these hardware and software changes. So, you may see search errors, odd pages, and some sporadic link failures at db.tidbits.com, but things are quickly getting back to normal. [ACE]
LaunchBar 4 Lifts Off -- Objective Development has released LaunchBar 4, a major improvement on its highly regarded utility that opens files, bookmarks, and more using adaptively generated keyboard shortcuts (see "Tools We Use: LaunchBar" in TidBITS-671) The new version adds more index scanners (such as the capability to search iTunes and iPhoto libraries, Sherlock channels, etc.), search templates that let you search Web sites like Google and the Wikipedia directly from LaunchBar, the capability to browse database records (iTunes playlists and Address Book, for example) without leaving the LaunchBar interface, and a new multi-threaded indexing engine. LaunchBar 4.0.1 costs $40 for a one-seat Business License, or $20 for a Home User License; a $30 Family License covers up to five computers within the same household; and upgrades from LaunchBar 3 cost $20 (business) or $10 (home). LaunchBar 4 is a 500K download, and includes a free evaluation license that works for up to seven items per session. [JLC]
by Adam C. Engst <email@example.com>
One of the major advantages to us in moving all of our mailing lists over to our new Web Crossing-based server is that subscribers can centralize all their subscriptions under a single user account. That way, if you want to change your email address, you can change it just once, without any help from us, and every one of our TidBITS and Take Control mailing lists will automatically use the changed address. Refer to our Account Help page for instructions on changing your address, if you want to do that.
However, far too many people stop using email addresses without bothering to update their mailing list subscriptions. Perhaps the subscriber deletes the old account outright, or just abandons it, leaving it to accept mail until it exceeds its disk quota, at which point it starts rejecting new messages. Or perhaps the ISP deletes the unused address in a regular sweep. Whatever the specifics, the result on our end is that we attempt to send that address an issue of TidBITS, or messages from TidBITS Talk, or announcements of a free update to a Take Control ebook, and the messages are bounced back to us as being undeliverable.
In the past, bounces in response to TidBITS issues went to a special account, and once a week, Geoff Duncan downloaded the entire mailbox and processed it using a HyperCard-based utility he wrote called Hired Thug to identify bouncing addresses and remove them from our lists. Hired Thug was pretty good, but the sheer diversity of TidBITS's mailing list and server setups prior to Web Crossing meant using Hired Thug wasn't very practical for TidBITS Talk, the Take Control mailing lists, or our translations. I mostly handled bounces for those lists by hand, and, believe me, processing bounces is not a fun way to spend time.
Web Crossing runs its mailing lists a bit differently so it can better automate bounce processing, relying on a technique called variable envelope return paths (VERPs). With VERPs, every message is sent from a different envelope sender address, which is essentially the sender's address at the SMTP protocol level. (Like physical letters, email messages are actually sent inside virtual envelopes, but these envelopes are seen only by SMTP servers, and the addresses used for the envelope aren't necessarily the same as those you see in the To and From lines of the message.) Web Crossing's envelope sender addresses look like <firstname.lastname@example.org>, and they uniquely identify both the intended recipient and the message being sent. If your mail server rejects or bounces a message from us, Web Crossing takes note of the envelope sender address, parses it to identify the user, and increments a counter that tracks how many bounces it has received from your email address. When your address exceeds three bounces over three separate days, your TidBITS account is marked as bouncing and we stop sending you email. In other words, if you're subscribed only to the weekly announcements of TidBITS, it will typically take three weeks for your account to be marked as bouncing (barring special issues and our occasional week off); if you're subscribed to the daily traffic on TidBITS Talk, you could be bounced within three days.
To be clear, when your TidBITS account is marked as bouncing, you won't receive postings from any of our lists, but you're still subscribed to the lists. That allows us to avoid delivering to bouncing addresses, but also allows you to log in to your account via the Web and either tell our system that your address is working again or change your email address to one that does work. So, if you think you missed an issue of TidBITS or haven't received TidBITS Talk in a few days, the first thing you should do (after checking your spam filter!) is to log in and see if your account has been marked as bouncing. Again, see our Account Help page for instructions on logging in and changing email addresses. As long as you log in using the appropriate link provided on our Account Help page, Web Crossing will prompt you to verify your address automatically.
Bounces are an immense problem for mailing lists. We see 1 to 2 percent of addresses bounce in any given week, which is hundreds of addresses when you have lists the size of ours. In the past, we did our best to identify bounces and remove bouncing addresses from our lists, but once that was done, the only way someone could recover from a temporary problem was to resubscribe or contact us for help. Now that you can all manage your own TidBITS accounts via the Web, you can recover from a temporary delivery problem all on your own, which frees up our time so we can concentrate on creating new TidBITS content.
by Glenn Fleishman <email@example.com>
In the last issue of TidBITS, I wrote about how non-English characters that resemble or are identical to Roman letters could allow scammers to spoof well-known sites by registering domain names that look identical even to the trained eye and then obtaining SSL certificates to make them look secure (see "Don't Trust Your Eyes or URLs" in TidBITS-766).
Over the past week, there's been some motion on a few fronts worth reporting.
First, the Mozilla Foundation will disable the internationalized domain names (IDN) support as a default in Firefox 1.0 releases. They hope to develop a more elegant approach for 1.1. They (and others) blame domain registrars for allowing domains that are homographically (written similarly) identical to well-known sites.
The article at Netcraft just above explains how to disable support for IDN within Mozilla, Firefox, and other browsers using the open-source "gecko" browser code by typing "about:config" in the Location field and hitting Return. Scroll down to find the setting "network.enableIDN". If this is set to true, double click it to change the setting to false. Close the window.
If you want to leave this setting on, I recommend installing SpoofStick for Firefox, a small browser extension that alerts you to homographic problems and other signs of Web spoofing.
Interestingly, although Firefox and Mozilla share much of the same code, one reader wrote that trying to install SpoofStick in Mozilla made Mozilla crash. Mozilla's plug-in infrastructure must not support Firefox's extensions, as far as I understand it. Mozilla users might look into TrustBar, which helps identify spoofed domains, although not quite in the same manner.
Another reader wrote in to mention that her user group advised that she use Saft for Safari, which extends Safari's built-in features and has added homograph alerts.
Finally, several readers pointed out that they couldn't get the spoof to work in their various browsers and systems. The reason? They were using systems and browsers - such as iCab under Mac OS 9 - that predate the IDN support via punycode that maps Unicode in this fashion. Older means better in this case.
by Matt Neuburg <firstname.lastname@example.org>
CE Software, after some years of financial losses and questionable acquisitions, sold off its QuickMail product (to Outspring Inc.), and then went private in April 2004, under the name Startly Technologies, LLC. Its most significant remaining product is the venerable macro utility QuicKeys X; version 3.0 for Mac OS X ("X3") is the first major revision to appear since the reorganization.
QuicKeys X3 is a decidedly mixed bag. On the one hand, the interface is greatly improved - in fact, this is without a doubt the best interface QuicKeys has sported in its entire 15-year lifespan. Back in my 1996 review of the "Classic" QuicKeys 3.5, I complained bitterly of the wretched modal dialogs-within-dialogs that had to be tediously navigated in order to configure each step of a sequence. Those days are gone. In its use of ordinary non-modal editing windows, helpful secondary inspector palettes, tooltips, and sequence steps that expand in place to reveal their details and can be reordered by dragging, QuicKeys is now a superb showcase of the best Cocoa widgets and practices. Colors and shadings are gorgeous, clickable items highlight as the mouse passes over them - it's a delight to look upon and to work with. Recording a sequence by demonstration is particularly cool: as you hover the mouse over a button or menu, QuicKeys shades the rest of the screen and shows, by highlighting, that it sees the bit of interface you're about to click.
On the other hand, QuicKeys fails to take full advantage of Apple's Accessibility API, on which it depends for its capability to see and click various interface widgets. Thus, ironically, it is blind to widgets that you can detect and control easily using AppleScript and GUI scripting. An example is the list of services in the Sharing pane of System Preferences; AppleScript (as I quickly determined with a little help from PreFab's UI Browser) can see that this is a table with eight rows and two columns, and can report what the first row says ("Personal File Sharing") and whether the checkbox in that row is checked or not; AppleScript can also click the checkbox if it isn't. But QuicKeys sees nothing in that pane but the Start button.
This version of QuicKeys also re-introduces a feature present in the "Classic" version of QuicKeys from years ago: decision-making. This is crucial, because you might want your macro to do different things under different circumstances. For example, to turn on file sharing, you want to click the Personal File Sharing checkbox if it's unchecked, but not if it's checked (because that would turn it off). Unfortunately, QuicKeys's idea of decision-making is either to stop or else to skip from one step in the sequence to another - that is, to use "goto," the clumsiest programming construct of all time. QuicKeys X3 also introduces variables, but the manual warns that "variables are one of the more advanced features" of the program, a certain tip-off that something's amiss. Variables should be the simplest thing in a programming language, the basis of everything else, not (as they are here) something arcane and difficult to use. What's amiss, clearly, is that CE and Startly, perhaps from a desire to keep QuicKeys simple and dialog-based, have decided not to endow it with a true programming language - which is what it needs if the user is to accomplish anything really useful. (This is exactly why, exasperated, I abandoned QuicKeys in 1996 in favor of WestCode Software's OneClick, which, alas, never made the jump to Mac OS X.)
The consequence is that QuicKeys X3 occupies a dubious niche. At $100, it's more expensive than competing macro utilities like Script Software's $30 iKey and Stairways Software's $20 Keyboard Maestro, and it lacks the Accessibility API power and programmability that you get for free with AppleScript. Users must decide whether QuicKeys X3's excellent interface alone can justify its premium price.
by Matt Neuburg <email@example.com>
The world is not a tidy place. That's why I'm constantly discovering new and interesting ways to store and retrieve information on my computer. Typically, those ways involve imposing order through hierarchical arrangement, or retrieval through sophisticated searching: I'm drawn to outlines, databases, keywords, indexes. This approach, however, doesn't work for everything or for everybody. The mind, after all, is not a tidy place either. Perhaps there is no hierarchy to impose, no keywords to assign, nothing clear to search for. Perhaps you just need to make it up as you go along. Perhaps all you have, and all you need, is a vague mental picture of what you've got and how it goes together. Perhaps there is just the cloudy soup of stuff in your mind (ideas and purposes) and stuff on your computer (documents and URLs).
Curio, from Zengobi, wants to help you slice through the soup, not with left-brained devices such as outlines, databases, and keywords, but with a more right-brained device - pictures. The program describes itself as an "idea development environment," but it could lend itself to all sorts of uses. I'll quickly describe the interface, and then proceed to an assessment of Curio's peculiar strengths.
Cover Your Assets -- A Curio document consists of one or more pages, called "idea spaces." An idea space is rather like a simple drawing document; you might think of it as a whiteboard, or perhaps as a surface you're going to stick Colorforms onto. The objects you can stick onto this surface are called "figures." A figure can be a line (possibly with an arrow), a geometric shape, or a block of text; actually, the latter two are the same, since text can appear inside a geometric shape. Figures can be resized and rotated; multiple figures can be aligned and grouped. A figure can have a checkbox; it can be marked with a "flag" (a little icon such as a question mark); it can be assigned a "rating" (a number of stars from zero to five). You can also scribble on top of everything.
A figure can also represent an "asset." This is where things start to get interesting. An asset is a document on your hard disk; double-click the figure in Curio, and the document opens in whatever application owns it. Or, an asset can be a URL; double-click it in Curio, and it opens in your Web browser. If an asset is something with a ready preview, like an image file, that preview appears as its Curio representation; otherwise, you might just see a document icon and a title. In fact, if you drag an image from your browser into a Curio document, the image is shown as a preview and you can double-click it to go to the Web page it came from.
A Curio document is thus not just a bunch of drawings; it's a bunch of drawings whose objects can refer to the outside world. Indeed, they can refer to the inside world instead: a Curio document is a package, and an asset can be copied to live inside it, where it remains viewable and editable by the program that created it. What's more, a single asset can be represented by as many figures as you like; in other words, a document on your hard disk can appear in several places at once within a Curio document.
So now you see how Curio can bring creative clarity to chaos. Given fifty documents on your hard disk, a single Curio document can make them available in various combinations within multiple idea spaces, accompanied by text, pictures, URLs, and scribbles.
Analysis and Synthesis -- Curio proudly boasts a second-place finish in O'Reilly's 2004 Mac OS X Innovators contest. Yet, if one takes a deliberately critical view and scrutinizes Curio closely, one may start to wonder what the fuss is all about. After all, lots of snippet keepers and organizers that I've reviewed can store links to files on disk (iData 2, Tinderbox, and TAO, for instance), and several can optionally store files inside their own documents (NoteTaker and DEVONthink). Furthermore, looking at any other individual aspect of Curio, it's hard to avoid concluding that the implementation is relatively half-baked: Curio doesn't do any one thing as well as some other program does it. Had the O'Reilly folks, one wonders, ever seen a full-fledged outliner, mind-mapper, diagrammer, or asset manager?
For example, idea spaces in Curio can be arranged hierarchically; and within an idea space, figures can be combined within special figures called "lists" that display a hierarchical arrangement. But Curio can in no sense be used as a real outliner; it lacks anything like the hierarchic organizational and navigational power of a TAO or a NoteTaker.
Curio's drawing abilities are cute, but you couldn't use them to do any serious drawing. It's nice to be able to draw shapes and arrows, but the arrow endpoints don't magically stay attached to the shapes, so you can't create true diagrams as in ConceptDraw or OmniGraffle, nor can you generate and connect ideas efficiently as in a dedicated mind-mapping program like Pyramid or even Inspiration.
Curio has a search feature, but it simply searches on text blocks you've created and notes you've attached to assets; it can't search inside the content of the assets - it can't even search on whether or not something is checked or has a certain flag. And its idea of displaying what you've found is not to collect the results, but simply to dim what wasn't found - you still have to go scrolling by eye through all your idea spaces looking for the found figures. Contrast this with the powerful keywording and indexing of Tinderbox or DEVONthink, or the searching of NoteTaker or TAO.
A figure can be a "jump target," meaning that double-clicking an arrow image in one idea space reveals that figure in a different idea space. But this doesn't work between Curio documents, and is a far cry from true hyperlinks as in Tinderbox or NoteTaker.
Curio provides a Web-searching tool called "Sleuth," but it's merely a preconfigured front end to existing search engines and other sites. It doesn't search more than one engine at once or provide a compact interface, like Sherlock, nor does it collect your results for you, like DEVONagent. In fact, it really isn't a search tool at all; it's just a Web browser, offering no tangible advantage over using a real Web browser. Plus, there are no Services for instantly plopping a document or a Web page into Curio without leaving the Finder or your browser; contrast NoteTaker and DEVONthink.
If, on the other hand, you keep your attention on the notion of Curio managing and presenting your assets, some of these reservations may fall away. Curio, after all, doesn't need to be a super drawing tool, because if you want to include a super drawing in your Curio document, you can - and you can edit it with some super drawing application. It doesn't need to be a great word processor or a great outliner, either, because you can embed a word processing or outlining document from some other application inside a Curio document. In fact, you can create a new document of any kind from within a Curio document: hand Curio an empty document once, and you can then duplicate that as an embedded asset and represent it in an idea space, ready for editing, in a single move.
To appreciate Curio's strengths, therefore, concentrate on assets that you have, or you are thinking of collecting or creating - pictures, URLs, PDFs, spreadsheets, Word files, documents of any kind. Imagine presenting those assets arranged on whiteboards, and imagine those whiteboards clumped together in a single document. You might present them to yourself as a way of simply organizing them; you might use Curio for its intended purpose of "idea development," collecting and presenting the assets as part of some research or brainstorming project. You can also present them to others; Curio has amazingly good HTML export (with assets accessible through file protocol URLs), and you can export the whiteboard appearance of your idea spaces as PDFs or image files.
Conclusions -- If you can imagine slicing through the soup of chaos - the chaos of your hard disk or the chaos of your mind - with a few bright, simple drawings, then Curio beckons like a lighthouse in the darkness. The program costs $130, which seems a bit high given the inchoate nature of its feature set (I was honestly expecting something more in the realm of $30), but potential users can decide for themselves, because a 30-day demo is available as a 5.6 MB download. Curio comes with decent online help, and is accompanied by a tutorial which, while useful, sometimes reads startlingly like one of AltaVista's Babel Fish translations ("Get on the good foot with Dossiers!"). It requires Mac OS X 10.2.8 or above.
PayBITS: Want to reward Matt for helping to clear
away your computer clouds? Send him a few bucks!
Read more about PayBITS: <http://www.tidbits.com/paybits/>
by Adam C. Engst <firstname.lastname@example.org>
We're on the verge of releasing more titles, and this week brought a little extra encouragement to get them out the door in the form of a nice review of "Take Control of Mac OS X Backups."
MacGuild Gives "Take Control of Mac OS X Backups" an A -- The Macintosh Guild, which bills itself as "the ultimate Apple user group for corporate America," has reviewed Joe Kissell's "Take Control of Mac OS X Backups," giving it a grade of A (Outstanding). [ACE]
by TidBITS Staff <email@example.com>
The second URL below each thread description points to the discussion on our Web Crossing server, which will be faster.
How are you managing your headphones/headsets? There are music headphones and earbuds, and phone headphones, but do any of them work for both listening to music and talking on the phone? (5 messages)
Mac mini impressions -- Now that Apple's Mac mini is getting into customers' hands, how well does it perform? Readers look at memory limitations and using wireless peripherals. (5 messages)
Moving my e-life to a new machine -- While waiting for a new PowerBook to arrive, a reader ponders the best way to transfer the data from his old machine to the new one. (13 messages)
Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.
Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue