mac

Talk about Markdown to SLUUG this Wednesday

I’ll be giving a talk to the St. Louis UNIX Users Group next Wednesday night about Markdown, a tool I absolutely love.

You’re invited to come. Please do – I think you’ll definitely learn a lot.

Date: Wednesday, Nov. 9, 2011
Time: 6:30 – 9 pm
Where: 11885 Lackland Rd., St Louis, MO 63146
Map: http://g.co/maps/6gg9g
Directions: http://www.sluug.org/resources/meeting_info/map_graybar.shtml

Here’s the description:

John Gruber, the inventor of Markdown, describes it this way: “Markdown is a text-to-HTML conversion tool for web writers. Markdown allows you to write using an easy-to-read, easy-to-write plain text format, then convert it to structurally valid XHTML (or HTML). Thus, ‘Markdown’ is two things: (1) a plain text formatting syntax; and (2) a software tool, written in Perl, that converts the plain text formatting to HTML. … The overriding design goal for Markdown’s formatting syntax is to make it as readable as possible. The idea is that a Markdown-formatted document should be publishable as-is, as plain text, without looking like it’s been marked up with tags or formatting instructions.”

This talk by Scott Granneman & Bill Odom will cover the basics of Markdown’s syntax, key variants of Markdown, tools for composing Markdown (including vim, of course!), and ways you can easily transform a plain text file written in Markdown into HTML, JSON, TXT, LaTeX, man, MediaWiki, Textile, DocBook XML, ODT, EPUB, Slidy and S5 HTML and JavaScript slide shows, RTF, or even Word!

If you have any questions, please contact me. Hope to see you there!

Talk about Markdown to SLUUG this Wednesday Read More »

Steve Jobs, genius

From Stephen Fry’s “Steve Jobs” (The New Adventures of Stephen Fry: 6 October 2011):

Henry Ford didn’t invent the motor car, Rockefeller didn’t discover how to crack crude oil into petrol, Disney didn’t invent animation, the Macdonald brothers didn’t invent the hamburger, Martin Luther King didn’t invent oratory, neither Jane Austen, Tolstoy nor Flaubert invented the novel and D. W. Griffith, the Warner Brothers, Irving Thalberg and Steven Spielberg didn’t invent film-making. Steve Jobs didn’t invent computers and he didn’t invent packet switching or the mouse. But he saw that there were no limits to the power that creative combinations of technology and design could accomplish.

I once heard George Melly, on a programme about Louis Armstrong, do that dangerous thing and give his own definition of a genius. “A genius,” he said, “is someone who enters a field and works in it and when they leave it, it is different. By that token, Satchmo was a genius.” I don’t think any reasonable person could deny that Steve Jobs, by that same token, was a genius too.

Steve Jobs, genius Read More »

My favorite iPhone apps

Someone on a mailing list asked for a list of our favorite iPhone apps. Here’s what I said:

Reeder is the best RSS reader (tied to Google Reader, natch), bar none.

Articles presents Wikipedia beautifully.

Dropbox is an essential for the reasons Martin gave.

Echofon is a great Twitter app, especially since it syncs with its Mac desktop app.

Pano takes panoramic pix, ColorSplash allows you to make pix B&W & then selectively colorize them, & Camera+ has all sorts of goodies.

Rowmote Pro lets me control my Mac mini connected to my TV remotely.

Simplenote is a great note app that syncs with its website & JustNotes on my Mac.

1Password keeps passwords, account info, serial #’s, & sensitive notes encrypted & synced with the Mac version of the app using Dropbox.

Nightstand is a gorgeous alarm clock & more.

Amazon.com makes it too easy for me to spend $$$.

PhoneFlicks manages my Netflix queue.

And finally, even though it’s only been out for a day or two, Rage 3D is a killer shooter that looks freakin’ gorgeous.

My favorite iPhone apps Read More »

A vote for CrossOver

Let me recommend Codeweavers’ CrossOver, a commercial implementation of WINE that works on Linux & Mac OS X. It’s reasonably priced, & it makes setting up & configuring both WINE and the programs that run inside WINE much easier. Plus, the company is made up of good people, & they’re very upfront on their site about what works with WINE, what mostly works, what kinda works, & what doesn’t work at all.

http://www.codeweavers.com/

A vote for CrossOver Read More »

A solution to two-way task list syncing on a Mac & iPhone

I just published a page on my website about a solution I’ve found to an important issue: how to keep task lists on my Mac & my iPhone that are synced. I used to use The Hit List, but the developer’s failure to come up with an iPhone solution has led me to abandon it. To read about my solution, check out “Two-way Syncing Task List Software on a Mac”, at http://dev.granneman.com/techinfo/tools/tasklistsoftware.

A solution to two-way task list syncing on a Mac & iPhone Read More »

How security experts defended against Conficker

From Jim Giles’ “The inside story of the Conficker worm” (New Scientist: 12 June 2009):

23 October 2008 … The dry, technical language of Microsoft’s October update did not indicate anything particularly untoward. A security flaw in a port that Windows-based PCs use to send and receive network signals, it said, might be used to create a “wormable exploit”. Worms are pieces of software that spread unseen between machines, mainly – but not exclusively – via the internet (see “Cell spam”). Once they have installed themselves, they do the bidding of whoever created them.

If every Windows user had downloaded the security patch Microsoft supplied, all would have been well. Not all home users regularly do so, however, and large companies often take weeks to install a patch. That provides windows of opportunity for criminals.

The new worm soon ran into a listening device, a “network telescope”, housed by the San Diego Supercomputing Center at the University of California. The telescope is a collection of millions of dummy internet addresses, all of which route to a single computer. It is a useful monitor of the online underground: because there is no reason for legitimate users to reach out to these addresses, mostly only suspicious software is likely to get in touch.

The telescope’s logs show the worm spreading in a flash flood. For most of 20 November, about 3000 infected computers attempted to infiltrate the telescope’s vulnerable ports every hour – only slightly above the background noise generated by older malicious code still at large. At 6 pm, the number began to rise. By 9 am the following day, it was 115,000 an hour. Conficker was already out of control.

That same day, the worm also appeared in “honeypots” – collections of computers connected to the internet and deliberately unprotected to attract criminal software for analysis. It was soon clear that this was an extremely sophisticated worm. After installing itself, for example, it placed its own patch over the vulnerable port so that other malicious code could not use it to sneak in. As Brandon Enright, a network security analyst at the University of California, San Diego, puts it, smart burglars close the window they enter by.

Conficker also had an ingenious way of communicating with its creators. Every day, the worm came up with 250 meaningless strings of letters and attached a top-level domain name – a .com, .net, .org, .info or .biz – to the end of each to create a series of internet addresses, or URLs. Then the worm contacted these URLs. The worm’s creators knew what each day’s URLs would be, so they could register any one of them as a website at any time and leave new instructions for the worm there.

It was a smart trick. The worm hunters would only ever spot the illicit address when the infected computers were making contact and the update was being downloaded – too late to do anything. For the next day’s set of instructions, the creators would have a different list of 250 to work with. The security community had no way of keeping up.

No way, that is, until Phil Porras got involved. He and his computer security team at SRI International in Menlo Park, California, began to tease apart the Conficker code. It was slow going: the worm was hidden within two shells of encryption that defeated the tools that Porras usually applied. By about a week before Christmas, however, his team and others – including the Russian security firm Kaspersky Labs, based in Moscow – had exposed the worm’s inner workings, and had found a list of all the URLs it would contact.

[Rick Wesson of Support Intelligence] has years of experience with the organisations that handle domain registration, and within days of getting Porras’s list he had set up a system to remove the tainted URLs, using his own money to buy them up.

It seemed like a major win, but the hackers were quick to bounce back: on 29 December, they started again from scratch by releasing an upgraded version of the worm that exploited the same security loophole.

This new worm had an impressive array of new tricks. Some were simple. As well as propagating via the internet, the worm hopped on to USB drives plugged into an infected computer. When those drives were later connected to a different machine, it hopped off again. The worm also blocked access to some security websites: when an infected user tried to go online and download the Microsoft patch against it, they got a “site not found” message.

Other innovations revealed the sophistication of Conficker’s creators. If the encryption used for the previous strain was tough, that of the new version seemed virtually bullet-proof. It was based on code little known outside academia that had been released just three months earlier by researchers at the Massachusetts Institute of Technology.

Indeed, worse was to come. On 15 March, Conficker presented the security experts with a new problem. It reached out to a URL called rmpezrx.org. It was on the list that Porras had produced, but – those involved decline to say why – it had not been blocked. One site was all that the hackers needed. A new version was waiting there to be downloaded by all the already infected computers, complete with another new box of tricks.

Now the cat-and-mouse game became clear. Conficker’s authors had discerned Porras and Wesson’s strategy and so from 1 April, the code of the new worm soon revealed, it would be able to start scanning for updates on 500 URLs selected at random from a list of 50,000 that were encoded in it. The range of suffixes would increase to 116 and include many country codes, such as .kz for Kazakhstan and .ie for Ireland. Each country-level suffix belongs to a different national authority, each of which sets its own registration procedures. Blocking the previous set of domains had been exhausting. It would soon become nigh-on impossible – even if the new version of the worm could be fully decrypted.

Luckily, Porras quickly repeated his feat and extracted the crucial list of URLs. Immediately, Wesson and others contacted the Internet Corporation for Assigned Names and Numbers (ICANN), an umbrella body that coordinates country suffixes.

From the second version onwards, Conficker had come with a much more efficient option: peer-to-peer (P2P) communication. This technology, widely used to trade pirated copies of software and films, allows software to reach out and exchange signals with copies of itself.

Six days after the 1 April deadline, Conficker’s authors let loose a new version of the worm via P2P. With no central release point to target, security experts had no means of stopping it spreading through the worm’s network. The URL scam seems to have been little more than a wonderful way to waste the anti-hackers’ time and resources. “They said: you’ll have to look at 50,000 domains. But they never intended to use them,” says Joe Stewart of SecureWorks in Atlanta, Georgia. “They used peer-to-peer instead. They misdirected us.”

The latest worm release had a few tweaks, such as blocking the action of software designed to scan for its presence. But piggybacking on it was something more significant: the worm’s first moneymaking schemes. These were a spam program called Waledac and a fake antivirus package named Spyware Protect 2009.

The same goes for fake software: when the accounts of a Russian company behind an antivirus scam became public last year, it appeared that one criminal had earned more than $145,000 from it in just 10 days.

How security experts defended against Conficker Read More »

A fix for Apple Mail’s inability to search Entire Message

Spotlight
Creative Commons License photo credit: Ti.mo

When using Apple Mail, you should be able to search for a term in From, To, Subject, & Entire Message. However, today I could no longer search Entire Message. It was grayed out & completely unavailable.

I found interesting info on the following pages, with the last being the most helpful:

  • http://discussions.apple.com/message.jspa?messageID=6653445#6653445
  • http://www.bronzefinger.com/archives/2006/04/apple_mail_sear.html
  • http://discussions.apple.com/message.jspa?messageID=5934412#5934412
  • http://forums.macworld.com/message/425508
  • http://www.macosxhints.com/article.php?story=20080201111317585

I closed Mail and tried this, which re-indexes the entire hard drive in Spotlight:

sudo mdutil -E /

But it did nothing. Then I did this, which re-indexes just the Mail folders in Spotlight:

mdimport ~/Library/Mail

That fixed it.

A fix for Apple Mail’s inability to search Entire Message Read More »

Steve Jobs on mediocrity & market share

From Steven Levy’s “OK, Mac, Make a Wish: Apple’s ‘computer for the rest of us’ is, insanely, 20” (Newsweek: 2 February 2004):

If that’s so, then why is the Mac market share, even after Apple’s recent revival, sputtering at a measly 5 percent? Jobs has a theory about that, too. Once a company devises a great product, he says, it has a monopoly in that realm, and concentrates less on innovation than protecting its turf. “The Mac user interface was a 10-year monopoly,” says Jobs. “Who ended up running the company? Sales guys. At the critical juncture in the late ’80s, when they should have gone for market share, they went for profits. They made obscene profits for several years. And their products became mediocre. And then their monopoly ended with Windows 95. They behaved like a monopoly, and it came back to bite them, which always happens.”

Steve Jobs on mediocrity & market share Read More »

Vista & Mac OS X security features

From Prince McLean’s “Pwn2Own contest winner: Macs are safer than Windows” (AppleInsider: 26 March 2009):

Once it did arrive, Vista introduced sophisticated new measures to make it more difficult for malicious crackers to inject code.

One is support for the CPU’s NX bit, which allows a process to mark certain areas of memory as “Non-eXecutable” so the CPU will not run any code stored there. This is referred to as “executable space protection,” and helps to prevent malicious code from being surreptitiously loaded into a program’s data storage and subsequently executed to gain access to the same privileges as the program itself, an exploit known as a “buffer overflow attack.”

A second security practice of Vista is “address space layout randomization” or ASLR, which is used to load executables, and the system libraries, heap, and stack into a randomly assigned location within the address space, making it far more difficult for crackers to know where to find vulnerabilities they can attack, even if they know what the bugs are and how to exploit them.

[Charlie Miller, the security expert who won both this and last year’s CanSecWest Pwn2Own security contests,] told Tom’s Hardware “the NX bit is very powerful. When used properly, it ensures that user-supplied code cannot be executed in the process during exploitation. Researchers (and hackers) have struggled with ways around this protection. ASLR is also very tough to defeat. This is the way the process randomizes the location of code in a process. Between these two hurdles, no one knows how to execute arbitrary code in Firefox or IE 8 in Vista right now. For the record, Leopard has neither of these features, at least implemented effectively. In the exploit I won Pwn2Own with, I knew right where my shellcode was located and I knew it would execute on the heap for me.”

While Apple did implement some support for NX and ASLR in Mac OS X, Leopard retains dyld, (the dynamic loader responsible for loading all of the frameworks, dylibs, and bundles needed by a process) in the same known location, making it relatively trivial to bypass its ASLR. This is slated to change later this year in Snow Leopard.

With the much larger address space available to 64-bit binaries, Snow Leopard’s ASLR will make it possible to hide the location of loaded code like a needle in a haystack, thwarting the efforts of malicious attackers to maintain predictable targets for controlling the code and data loaded into memory. Without knowing what addresses to target, the “vast majority of these exploits will fail,” another security expert who has also won a high profile Mac cracking contest explained to AppleInsider.

Vista & Mac OS X security features Read More »

Mac OS X settings to reduce PDF sizes

From Adam Engst’s “Slim down your PDFs” (Macworld: 5 November 2008):

Though few people realize this, you can reduce the size of PDF files using the Leopard version of Preview. To shrink a PDF file, open it in Preview, choose Save As from the File menu, and, in the Save dialog box, choose Reduce File Size from the Quartz Filter pop-up menu. If when you compare the compressed PDF with your original, the images are too fuzzy for your needs (the default settings are pretty severe), you can make your own Quartz filter with different settings.

To do this, launch ColorSync Utility (in Applications/Utilities), choose New Utility Window from the File menu if none is showing, and click on Filters in the toolbar. Click on the arrow to the right of Reduce File Size, choose Duplicate Filter from the drop-down menu, and name your new filter. Enter different values for Image Sampling and Image Compression, switch back to your original PDF in Preview, and save a PDF with your new filter in place of Reduce File Size. With some trial and error, you should be able to arrive at a compromise that satisfies you.

Mac OS X settings to reduce PDF sizes Read More »

How to run a command repeatedly

You can use the watch command, but it unfortunately isn’t available for Mac OS X. At least, from Apple. Sveinbjorn Thordarson (great name!) has a version of watch that you can download and compile on your OS X box. It’s available at http://www.sveinbjorn.org/watch_macosx.

Or, you can use this shell script:

while true ; do foo ; sleep 1 ; done

This will run foo every second until you press Ctrl-C to cancel the script.

How to run a command repeatedly Read More »

I for one welcome our new OS overlords: Google Chrome

As some of you may have heard, Google has announced its own web browser, Chrome. It’s releasing the Windows version today, with Mac & Linux versions to follow.

To educate people about the new browser & its goals, they release a 38 pg comic book drawn by the brilliant Scott McCloud. It’s a really good read, but it gets a bit technical at times. However, someone did a “Reader’s Digest” version, which you can read here:

http://technologizer.com/2008/09/01/google-chrome-comic-the-readers-digest-version

I highly encourage you to read it. This browser is doing some very interesting, smart things. And it’s open source, so other browsers can use its code & ideas.

If you want to read the full comic, you can do so here:

http://www.google.com/googlebooks/chrome/

BTW … I don’t think Chrome has the potential of becoming the next big browser; I think instead it has the potential to become the next big operating system. See http://www.techcrunch.com/2008/09/01/meet-chrome-googles-windows-killer/ for more on that.

I for one welcome our new OS overlords: Google Chrome Read More »

Where we are technically with DRM

From Nate Anderson’s “Hacking Digital Rights Management” (Ars Technica: 18 July 2006):

The attacks on FairPlay have been enlightening because of what they illustrate about the current state of DRM. They show, for instance, that modern DRM schemes are difficult to bypass, ignore, or strip out with a few lines of code. In contrast to older “patches” of computer software (what you would generally bypass a program’s authorization routine), the encryption on modern media files is pervasive. All of the software mentioned has still required Apple’s decoding technology to unscramble the song files; there is no simple hack that can simply strip the files clean without help, and the ciphers are complex enough to make brute-force cracks difficult.

Apple’s response has also been a reminder that cracking an encryption scheme once will no longer be enough in the networked era. Each time that its DRM has been bypassed, Apple has been able to push out updates to its customers that render the hacks useless (or at least make them more difficult to achieve).

Where we are technically with DRM Read More »

Apple iTunes Music Store applies DRM after download

From Nate Anderson’s “Hacking Digital Rights Management” (Ars Technica: 18 July 2006):

A third approach [to subverting Apple’s DRM] came from PyMusique, software originally written so that Linux users could access the iTunes Music Store. The software took advantage of the fact that iTMS transmits DRM-free songs to its customers and relies on iTunes to add that gooey layer of DRM goodness at the client end. PyMusique emulates iTunes and serves as a front end to the store, allowing users to browse and purchase music. When songs are downloaded, however, the program “neglects” to apply the FairPlay DRM.

Apple iTunes Music Store applies DRM after download Read More »

Differences between Macintosh & Unix programmers

From Eric Steven Raymond’s “Problems in the Environment of Unix” (The Art of Unix Programming: 19 September 2003):

Macintosh programmers are all about the user experience. They’re architects and decorators. They design from the outside in, asking first “What kind of interaction do we want to support?” and then building the application logic behind it to meet the demands of the user-interface design. This leads to programs that are very pretty and infrastructure that is weak and rickety. In one notorious example, as late as Release 9 the MacOS memory manager sometimes required the user to manually deallocate memory by manually chucking out exited but still-resident programs. Unix people are viscerally revolted by this kind of mal-design; they don’t understand how Macintosh people could live with it.

By contrast, Unix people are all about infrastructure. We are plumbers and stonemasons. We design from the inside out, building mighty engines to solve abstractly defined problems (like “How do we get reliable packet-stream delivery from point A to point B over unreliable hardware and links?”). We then wrap thin and often profoundly ugly interfaces around the engines. The commands date(1), find(1), and ed(1) are notorious examples, but there are hundreds of others. Macintosh people are viscerally revolted by this kind of mal-design; they don’t understand how Unix people can live with it. …

In many ways this kind of parochialism has served us well. We are the keepers of the Internet and the World Wide Web. Our software and our traditions dominate serious computing, the applications where 24/7 reliability and minimal downtime is a must. We really are extremely good at building solid infrastructure; not perfect by any means, but there is no other software technical culture that has anywhere close to our track record, and it is one to be proud of. …

To non-technical end users, the software we build tends to be either bewildering and incomprehensible, or clumsy and condescending, or both at the same time. Even when we try to do the user-friendliness thing as earnestly as possible, we’re woefully inconsistent at it. Many of the attitudes and reflexes we’ve inherited from old-school Unix are just wrong for the job. Even when we want to listen to and help Aunt Tillie, we don’t know how — we project our categories and our concerns onto her and give her ‘solutions’ that she finds as daunting as her problems.

Differences between Macintosh & Unix programmers Read More »