On Mac Security, April, 2009

I’ve read many of the “botnet debunking” reports on the web, usually from the die-hard “Macs are totally secure” crowd. (I used to be a member, but am no longer.)

The “debunk” always includes the line “the only place you can get this trojan is from illegal downloads of iWork ’09 or Photoshop CS4…[and] it’s hard to feel sorry for those who download illegal software.”

Ummm…. I can agree with the latter contention, but -so what?- Is that somehow the equivalent of “it’s not spreading because it’s illegal?” I don’t feel sorry for the folks who have it, because 1) they usually don’t know they have it, so it’s no problem for them, and 2) it’s ME I feel sorry for. Me and all the other internet users whose use of the internet is crippled by whatever those botnets are doing.

You know, if people wouldn’t drink and drive, there wouldn’t be so many deaths due to drunk drivers. So, what? Having said that, can we now ignore the problem? Let’s not argue about who set the fire as we watch the house burn down.

And vis-a-vis this : “the only place you can get this trojan is from illegal downloads of iWork ’09 or Photoshop CS4…” Talk about wishful thinking! At first it was “”the only place you can get this trojan is from and illegal downloads of iWork ’09 …” and then Photoshop CS4 was added. Do you -really- think that the crooks (and make no mistake, this is a money-making enterprise run by seriously bad people – the days of mostly ‘script kiddies’ are long over) will say “oops: we’ve been discovered. I guess we’ll give up now?”

Of course not: they are going to find more and more delivery mechanisms.

In fact, I personally know of one that doesn’t involve either of those two programs ( a fake Flash updater.)

Further, last month at CanSecWest, a Mac was hacked in 4 seconds by merely loading a malicious web page. Nothing illegal; nothing downloaded; nothing installed by the user – just visit the page.

And the die-hard “Macs are totally secure” crowd said… (can you guess?) “Well, you need to watch what pages you visit. If you had not visited that page, there would be no infection.”

Oh good grief: talking about being in denial! Look: if you simply disconnect your Mac from the internet it will be safe. Well almost. You’d also need to lock it in a vault; rip out the power supply and put it in a block of concrete…

I’ve been sitting in front of Apple-branded computers for almost 32 years now, full-time, making my living with them, and for most of that time, Macs -were- virtually totally secure.

Things have changed.

Based on my own experience this is where things are today:

Macs were immune for a long time because of the way that memory stacks and CPU registers worked on the Motorola CPUs, vis-a-vis the state of the art in hacking at the time. That’s the actual basis of the “Macs are secure” position… and it was true.

Then the OSen and the CPU changed. Unix is largely more secure than Windows, but less secure than the old Macs… and the long-asserted “Macs are only more secure because the market is smaller” rap began to actually show some validity, instead of ignorance.

Firewalls and NAT became more common, so the black-hats quickly adopted to using psychological engineering. (Want someone’s password? Call them up and ask them. 9 times out of 10, if you say you’re with the IT department, they’ll just tell you.) Most folks try to be helpful and are generally trusting.

And because they are that, and curious, not to mention motivated by self-interest, the next evolution was to “phishing” – faking an institution you trust.

Now it’s gotten even more sophisticated, including DNS hacks and even “drive-by” hacks (such as the CanSecWest one.)

Are Mac totally secure? No.
Are they more secure than Windows XP? Yes.
Are they more secure than Vista? Probably not.

What’s the bottom line?

Simple: the biggest security loophole is the person at the keyboard.

But does saying that mean the problem of botnets (et al) has gone away? No.

Does saying “don’t download illegal copies” fix the infections? No. (Although that’s very wise advice, as is “don’t install or open things whose provenance you can’t confirm.”)

Does “don’t visit infected sites” fix the problem? No.

Honestly: I think that many of the “debunkers” are actually in denial.

We’ve reached a stage where the bad guys are using techniques what are platform independent, so being on a Mac is rapidly becoming irrelevant.

These days the Mac is becoming a more desirable target… and not the least of the reasons for that are all the deniers who proudly proclaim that they refuse to install virus protection… and therefore will (obviously) never know -if- they’ve been hacked, while their machine happily pump out spam or run DOS attacks.

Am I screaming that the sky is falling? No: those of us on Macs are relatively more safe than other platforms. Not “safe” – just “more safe.”

If you think you’re completely safe from everything just because you’re on a Macintosh, you’re a fool.

And furthermore, IMHO, the sky IS darkening.

Don’t say I didn’t warn you.


EyeTV to H.264… fastest way

Here’s the fastest way I’ve found to get good looking H.264 out of EyeTV, starting from your recorded program file.

1) save it as mpeg stream. This takes about 1 minute per hour of video.
2)load it into VisualHub. (Yes, I know it’s been abandoned. Deal with it.)
3) set optimize for (your device) under iTunes and standard quality, and check the H.264 box. (VH uses all your cores in the CPU, so it’s fastest)

You could be done, but if you think the output is too dark, do this:

4) load resulting movie from step 3 into QuickTime Pro. (Pro. Yeah: I know. Deal with this, too.)
5) Choose window/show controls and adjust the brightness to your liking
6) Choose File/save as (self-contained).

This process takes about 1/4 to 1/3 as much time as any other way I’ve found… at least on my setup.

Bonus section:

if you record HD on EyeTV, you’ll get a “squished” 640×480 image. Go ahead and do that, and export and manipulate as above…

before you start compression in VisualHub, change the image size to 640×360. Voila! đŸ™‚

Tag Folders

Tag Folders…
…is a free, and really useful, clever way to make use of metadata (spotlight comments.)

(I’ve written this because when you install Tag Folders, it starts asking all kinds of questions you’re not prepared to answer unless you understand what it’s doing. It’s one of those “read the manual FIRST” programs.)

Consider iTunes: you drag a music file on it, and then access it via “tags” such as artist name, genre, album, style and so on. You do _not_ access it by finding it in a folder.

In iTunes you’re using “metadata” to find the files you’re interested in.

And Leopard is all set up for that too, with files and with applications… but you have to add the metadata yourself. You do a “get info” on the file, and type in the keywords you want to use in the “spotlight comments” section.

How do you find those files then, like iTunes? You use a spotlight search that looks within the spotlight comments, of course.

Even niftier, is you can save a spotlight search as a “smart folder” (which just performs the spotlight search for you, and then shows you the results as if the files were “in” that “folder.”)

This is like choosing “classical” in iTunes, and getting a list of recordings of classical music…without any reference whatsoever as to where those files are actually located.

So, why would you even consider going to all this trouble? Well, if you only have a few files, you wouldn’t… maybe.

But leaving aside how easy or difficult it is to actually “tag” the files, let’s look at using them… and that will answer the “why” part of it.

Say you have photos of Suzy, your granddaughter. You have photos of her at home, photos at her birthday party, photos of her at the lake, and photos of her with her mom, Mary.

And being a camera-nut, you have 6,234 photos of her. And you’d like to find the shots of her with her mom during a birthday party.

Seaching thru 6,234 photos is out of the question. But if you have tagged those files with “suzy” “mom” “birthday” “lake” (where some will have just “mom” and some will have just “suzy” or “birthday”) then a smart folder looking for “suzy” and “mom” and “birthday” will show you the correct photos instantly.

You see, the secret is that you can have any number of smart folders, and you can have any number of tags.

“Great” you say “but who in their right mind would want to tag 6000 photos?”


Here’s where the cleverness of Tag Folders comes into play. They are “smarter” smart folders. Instead of just being a one-way street (find these comment/tags), they serve a two-way function.

If you just open the folder, it performs like a smart folder, showing the files that meet the search criteria.

However (here’s the clever part) if you -drop- files on Tag Folders, they will -add- the spotlight search tags to the files!

So, if you have a folder full of files of the birthday party, just drag that to the “birthday” Tag Folder, and they are all tagged with “birthday”. And if in there you have 16 photos of Suzy, just drag them to the “Suzy” Tag Folder, and they are now tagged with “birthday” and “suzy” as well. (Remember, files can have any number of tags, and so can “belong” to any number of smart folders/ tag folders.)

In a nutshell: open the tag folder, and it shows you files with the chosen tag(s); drop to it, and it places those tags on the dropped file.

Finally, sort of as a bonus, there’s Tag Prompter… sort of like a no-tags tag folder: when anything goes into it, it will prompt you to apply tags. A reminder in a sense – a watch folder.

There are lots of programs out there using tags, not just iTunes. iPhoto, Aperture, Lightroom, Expression Media, Leap.. any many more.

Tag folders is just a nice, and free, way to get things done.

Finally, this has been a _very_ limited description of Tag Folders; in fact they can be quite sophisticated, including non-spotlight criteria and nesting… but for that, you’ll have to read the docs.



Print ’til you drop!

Inspired by something I read this morning, here’s my own anecdotal experience.

Epson inkjet printers: when it says “Ink Low!” (implying “your dog will DIE if you don’t replace the offending cartridge RIGHT NOW!”

…ignore it.

Modern Epsons (at least – I have no experience with other inkjets) will print merrily along for many more pages before they will finally say “OK: enough is enough – I simply refuse to print any more!” at which point, you replace the cartridge.

Again, YMMV, but with mine, even if it’s half way thru printing an image, it will pause, and present you with the cartridge tray, and let you replace the empty cart with a new one…and then happily resume printing right from where it left off. You’ll never see the difference.

However: the key to this is to NOT go into “replace-the-cartridge-mode” (meaning don’t hit cancel; don’t hit pause; don’t do a thing except replace the cartridge. If you do otherwise, you’ll lose what’s been printed so far, and will have to start over.)

And, as to laser printers, at least with my HP color one: it will start whining early on about how low the toners are. There’s two things to that:

1) there’s a menu selection (buried, of course) that you can use to tell it to quit complaining and just keep printing; and

2) once it starts complaining, (or you see the “low supplies” in the print dialog box) you probably have a ways to go.

I’m at that point now, and I printed out a report on the “remaining consumables” – and it turns out it, each of those “dangerously low” cartridges were fully capable of printing…

…wait for it..

345 -more- pages!


Users and computers on a network: a basic introduction

Unix (which is what Mac OSX is) was designed for colleges and businesses. There are, in those institutions, dozens of different computers, and thousands of different users.

So the first thing to get straight is that users (human beings) are separate and distinct from computers (boxes of electronics.)

All the users want access to all the computers.

To do this, all the computers have to be on the same network.

To avoid confusion then, the COMPUTER NAMES are all different.

By using different COMPUTER NAMES, the USERS can mount any or all of them, and tell which is which.

So, for example, let’s say there are 9 computers on the network, and they are named “one” “two” “three” “four” “five” “six” “seven” “eight” and “nine”.

You could be running on computer “three” and have “one” and “eight” mounted on your desktop.

Everything is still clear and understandable, eh? No confusion about which computer is which?

Next, let’s assume you have 26 USERS (human beings) who want access to all 9 COMPUTERS. Let’s say their 26 names are “Alpha Name” “Beta Name” “Charlie Name”… and so on thru to “Zero Name”.

The USER creates his own account on each of the nine COMPUTERS.

Why? Because with all those people (26 of them) on the computer, we don’t want private information, or individually purchased applications; or passwords etc, to be discoverable by the other 25 people; because some are administrators of the entire computer, and some cannot do administration things. So each can have is own desktop, and settings… etc.

So Alpha Name creates his user account on COMPUTER “one” and then goes to COMPUTER “two” and does the >exact same thing<... and so on down the line to computer "nine". On each of these computers, he creates an account named exactly "Alpha Name". The COMPUTERS automatically supplies a "short (user) name" for the account, which is the USER's first name, in lower case. So the "short name" of USER "Alpha Name" is "alpha." >AT THE TIME OF ACCOUNT CREATION< the USER can select a different "short name" from the computer-suggested lower-case first name. So "Alpha Name" may decide she likes "honeybear" as a short name instead of "alpha"... she can make that change when the account is established. Just like the full USER name, the "short name" is tied and permanently fixed to that account. Neither can be changed. Why? Because that would allow the defeat the privacy of each user. Still with me? So: COMPUTER "one" has accounts with USER  short names for 26 users: "honeybear" "beta" "charlie" "delta"... and on to "zero". COMPUTER "two" has accounts with USER  short names for 26 users: "honeybear" "beta" "charlie" "delta"... and on to "zero". COMPUTER "three" has accounts with USER  short names for 26 users: "honeybear" "beta" "charlie" "delta"... and on to "zero". COMPUTER "four" has accounts with USER  short names for 26 users: "honeybear" "beta" "charlie" "delta"... and on to "zero". Now: USER  "honeybear" can choose any one of the COMPUTERS named "one" "two" "three" "four" "five" "six" "seven" "eight" and "nine" and always sign into any or all of them as "honeybear." So: when you choose "go" from the finder to mount a new drive * you are telling it which computer to try to mount, either by name (if you choose "browse")  or IP address. Right there, you have specified the computer you want. Next it pops up a dialog with a list of users. That's because you could be any one of the 26 users on that computer, and it has no way of know which one you are unless you choose a user name and supply the password. Once you do that, you are signed into that chosen computer, as that particular user, just was if you were sitting in front of it, and using its own keyboard. Tracy * I almost never do this with my local network, except for the first time. Once I have a remote computer mounted on my desktop, I just create an alias to it, and leave that alias on the desktop. Then when I restart, and want to re-mount that computer, I just click on the alias. Much simpler.

My millions

Here’s an email I just received. I particularly like the last line.


You were made the beneficiary of Three Million, Five Hundred Thousand United States Dollars

(3.5M USD) which is to be remitted to you.

I want to assure you that the transaction is absolutely legal and 100% risk free as the

entire process of the transaction will be done in accordance with the law so as to prove

that the fund is free from drugs or terrorism.

The fund have been bonded, sealed and approved for remittance to you, no one has the

authority to deduct any amount from the fund until it is remitted to you.

In order to facilitate the remittance of your fund to you you have the option to choose

whether your fund should be delivered to you or transferred into your bank.

You are hereby advised to acknowledge the receipt of this email, so that we can proceed with

the transaction.


Henchard Cole.

If you wish to unsubscribe, please click here. We will respect all unsubscribe requests.

Formatting your drive

On using Disk Utility (DU) for changing the formatting type:

First: the obvious – changing the formatting type will totally erase the target disk, causing you to permanently lose everything on it (unless you have a backup, of course.)

Next: there are drives (the physical hard disk) upon which reside one or more volumes. When you see an icon on your desktop, you’re looking at the volume. The finder does not have a way of working directly with drives. That’s what Disk Utility (DU) is for.

When you open DU, you’ll see two panels. On the left is the listing of the drives and volumes that DU can recognize.

You’ll see something like:

465.8 GB ST3500630AS

The uppermost one begins with the size of the hard disk, and its model number. This one is the drive itself
Underneath that, and indented slightly, is usually one or more volume names. If you do not see anything underneath a disk, then it is not formatted yet (and you need to format it.)

You select a drive or a volume to work on in the larger right hand panel, by highlighting it in the left hand panel.

If you select a volume, then above the right hand panel you’ll see: First Aid / Erase / RAID / Restore

If you select a drive, then above the right hand panel you’ll see: First Aid / Erase / Partition/ RAID / Restore (note the addition of “partition”)

To select the formatting of a drive, first select a drive in the left hand column.

Next, click the “partition” button above the right hand column

Now in the right hand column, you’ll see

Volume Scheme: Volume Information:

Beneath Volume scheme, you’ll see a popup menu, probably saying “current” and beneath that, a diagrammatic representation of all the space on the drive.

Below that, you’ll see + – Options…

These are likely grayed out.

click on the popup menu directly underneath the words “Volume Scheme”, and select the number of partitions, (volumes) you want on the drive. “1 Partition” is the most common, although you may choose more.

Once you do that (choosing anything other than “Current”) the “Options…” button at the bottom of the diagram will become active.

Click on it, and select the format you want for the drive: GUID Partition Table; Apple Partition Map; Master Boot Record.

Then Click OK.

Click to confirm that you want to go ahead, and the drive will be reformatted in the selection method.


And… only so it’s all in one place, here the bit from my previous post about those different formats:

And in that vein, here’s a bit about GUID (aka GPT) vs APM.

[GPT = GUID Partition Table = Globally Unique IDentifier Partition Table]
[APM = Apple Partition Map]

When you buy a bare drive, it’s formatted as… none of the above: it’s MBR – Master Boot Record – which is what PC’s use, and why you need to format it with one of the others. (MBR is recognized by the Mac OS, but its structure imposes limits on what can be stored on the disk.)

You need APM to boot a PPC Mac, or use on a PPC Mac that isn’t running at least 10.4.8.

If you’re on an Intel mac, there is no reason at all to use APM (unless, of course, you’re planning on using the drive on a machine that meets the above criteria.)

And… if you’re on a PPC machine, and are running 10.4.8 or later, then the only drive you need formatted as APM is the boot drive (&, of course, any drives you’re cloning to with the intent of doing a drop in replacement.) The rest of your drives can be GUID, which offers some advantages.

Entirely anecdotally, the seem a smidgen faster to me… although it seems it’s somewhere in the 8-10% range (and I could simple be delerious, too.)

That said, they employ checksums on the partition map and header, as well as duplicates of each of those and the partition maps are larger. There are other tidbits which, like those I just mentioned, are not anything you’d ever notice in use… but make geeks like me really happy.

(OK… it makes your drive a bit more resistant to some kinds of corruption.)

But (since block copy was mentioned here recently) one needs to be sure that you’re using a block-copy program which is written for the GUID formatting, since programs only “familiar” with APM may yield a problematic copy (depending on its intended use). See Apple TN2166.


Intel: GUID all the way.
PPC: OS less than 10.4.8 – APM all the way
PPC: OS 10.4.8 > : APM for boot; GUID for everything else.

Want a home stereo to go with your iPod?

Just in case you want to put together a little system to go with your iPod, and perhaps impress your friends… here’s what the editors of Stereophile magazine think would do nicely:

Turntable : Goldman Reference II turntable: $300,000

ToneArm: Continuum Audio Labs Cobra is $15,595

Cartridge: Clearaudio Goldfinger : $8000

Phone PreAmp: Boulder 2008: $33,250

DAD-A playback: Meridian Reference 800: $22,540

or, you could go with a separate transport and digital processor:
dCS Verdi Encore: $15,499 and dCS Elgar Plus: $15,499

PreAmp (surround): Meridian Reference 861 is $19,000

or, if you prefer stereo only: McIntosh C1000 : $26,000

Next, if you like a solid-stat amp, it’s hard to beat the Chord SPM 14000 MonoBlocks: $79,000

or for you tubie-types: Lamm Industries 2.1 MonoBlocks: $29,900

(I hate to bring it up, but some folks like to slum, and get an integrated amp: Ars Emitter II Exclusive: $24,900… very crass…)

Speakers: the Peak Consult El Diablo is only $74, 995 the pair.

Sub-woofer: the REL Studio III: $8995

Headphones: Stax SRS-007II Omega II system: $3895

Equalizer: Meridian 861with MRC room correction: $19,000

Power Isolator: Arcolink 6N-NCT: $10,950

AC cables: JPS labs Alluminata power Cable: $3499 each (you’ll need 8 for all this gear) $27,992

Interconnect cables: JPS labs Alluminata: $2999 per meter. (you’ll need about 4 of these as well.) $11,996

Speaker cables: JPS labs Alluminata: $8499 / pair (you’ll need 5 pair for surround sound) $42,249

Hey! Less than a million! : $700,705. (That’s the stereo price; if you want 5:1 surround, you probably ought to stick in another $250,000…)

Drat… that takes it right up to a million bucks… sigh

and, like computers, this will all be obsolete in a year or so, and you can start over!



And, oh yes: this stuff actually sells!