Meeting Notes - May 21, 2003

By: Mikio Moriyasu - Revised: 2006-10-05 devin


What's New by Mikio Moriyasu

New Apple Software
DVD Studio Pro 2.0 is a completely new DVD authoring product, rebuilt from the ground up with a breakthrough user interface and packed with innovative features that redefine professional DVD authoring.

Final Cut Pro 4.0 is the creative, professional and extensible tool for editing and finishing in SD and HD formats. It introduces RT Extreme for real-time compositing and effects, "powerful new interface customization tools, and new high-quality 8 and 10-bit uncompressed formats.

iTunes 4.0 supports the new AAC audio format, lets you share your music with other Mac computers on your local Ethernet or AirPort wireless network, and lets you archive your entire music library to DVDs for safekeeping. iTunes can also access the iTunes Music Store stocked with hundreds of thousands of songs.

Mac OS X 10.2.5 resolves the notorious 1970 date reset bug. It also addresses an issue in which domain name lookups could fail if the DNS server responded with a very large reply packet, improves Mail's selection of character encoding for messages sent in certain languages, improves Mail responsiveness for accounts configured with multiple POP servers, when the servers are unavailable, addresses an issue in which Classic fails to start ("Error 1016") when applications available to a non-Admin user are restricted.

Mac OS X 10.2.6 resolves a repeating kernel panic bug that appeared in Mac OS X 10.2.5 if certain USB hubs or devices are connected. It also improves printing compatibility for PostScript OpenType fonts, and improves compatibility for Maya Auto Paint and Paint Effects features.

Security Update 2002-03-24 addresses a Samba vulnerability which could allow unauthorized remote access to the host system. The built-in Windows file sharing is based on the open source technology called Samba and is off by default in Mac OS X. OpenSSL is also updated to address an issue in which RSA private keys can be compromised when communicating over LANs, Internet2/Abilene, and interprocess communication on local machine. It is recommended that all users install this Security Update.

Shake 3.0 is a compositing and effects solution for film and HD. Shake now includes unlimited network render licenses and render management software on Mac OS X allowing users to distribute rendering tasks across multiple PowerPC G4-based Macintosh computers.

Software Notes
CNET reports that Opera Software released a test update to its Web browser for Windows and Linux, and pledged to continue developing its Mac version in spite of Safari. Read more.

Scott Mahaskey reports anyone who has purchased Micromat Drive 10 (version 1.1.4) in the past month can receive a free update CD that will allow booting on 2003 (non Mac OS 9 booting) Macs if they fax the following information to (707) 566-3871: The fax should include a copy of the original receipt of a Drive 10 purchased within the past 30 days, a cover letter with the owner's name, address, phone number(s), email address, and the serial number of the Drive 10 version 1.1.4 CD along with the instructional phrase "Need Micromat Drive 10 1.1.4revb".

OrangeWare answers the prayers of many users with third party 802.11 a/b/g wireless access cards and compliant base stations by developing a Mac OS X 802.11a/b/g driver for wireless devices. Read more.

Hardware News
Apple refreshes its ibook line Read more:
  • $999
  • $1299
  • $1,499
Apple introduces new iPods in three models Read more:
  • 10GB model for just $299 (US)
  • 15GB model for $399 (US)
  • 30GB model for $499 (US).
Apple has refreshed its eMac line Read more:
  • $799
  • $999
  • $1,299
Problems
MacFixIt reports that there are actually three separate iBook display issues masquerading as one:
  1. Video "artifacts" progressing to eventual system failure
  2. Black screen" or "dimming" of the backlight, when screen is opened past a certain angle. This seems to result from damage to the ribbon cable running through the hinge.
  3. "Black screen" or "dimming" of the backlight at random times, which can be temporarily solved by tapping on, or applying pressure to, the iBook case directly below the "fn" and "control" keys (to the left of the trackpad).
MacFixIt recommends that anyone with an iBook should consider picking up AppleCare or a third party warranty of some sort.

There may be a "memory leak" with Mac OS X 10.2.6. uses have reported increased RAM usage and excessive pageouts, one of the base indicators of a memory leak.

MacFixit and Jan Fuellemann of Nova Media (a Macintosh mobile connectivity solutions provider) are investigating an issue between PowerBook 17" and some GPRS PC Card modems. The PC Card Modems cause Kernel Panics every time they are inserted into the laptops. Apple has apparently throttled back the allowed power consumption rate for the PC Card slot and may not be following exact PCMCIA standard specification. If so, this effectively eliminates the use of the GPRS modem cards with this line of PowerBooks.

10.2 in Brief
For those with subscriptions, MacFixit Has started to troubleshoot issues users have encountered while using the latest software and hardware updates from Apple including: Mac OS X 10.2.5, Mac OS X 10.2.6 iTunes 4.0, AppleWorks 6.2.7, Safari 1.0, QuickTime 6.1.1, QuickTime 6.2, iPods, iBooks, and PowerBook 17"s.

When you hold both the option key and the control key while clicking an application's icon, the "force quit" command in the apps contextual menu will be available no matter what the program's status. This is useful when quitting apps that are not sending an "application not responding" signal.

General News
Yesterday Apple and IDG World Expo announced made a joint announcement July installment of Macworld Expo will go on without Apple CEO Steve Jobs as "Macworld CreativePro Conference and Expo" and will take place July 14-18, 2003 at New York City's Javits Center. Read more.

Forbes reports that the industry group that spawned Wi-Fi released a new standard that may put the old one to shame. It extends the wireless range of Wi-Fi from roughly 300 feet to several miles and lets signals bounce around obstacles and penetrate walls. Read more.

IDG News reports that reducing software piracy by just 10 percentage points worldwide would generate 1.5 million jobs and add US$ 400 billion to the world economy. Read more.

MacScripter.net, a huge archive of AppleScript scripts, has been updated to an SQL database enabling better handling of user participation and a much improved GUI. The site is also now being syndicated, available in XML/RSS format. Read more.

Cool Stuff
The iFM from Griffin adds an FM radio to the iPod in one integrated package that utilizes the iPod's own remote for its controls. With iFM you can scan and tune any FM radio station and save your favorites in six presets. The device will begin shipping this Summer. More. Read more.

Events
MacHack 18: Unstoppable
Location: Detroit, MI

Date & Time: June 19-23, 2003

Type: Conference

Fee: Click here for registration information.

Topics: Click here for information on topics & sessions.

The organizers of MacHack have announced one-day training sessions to be held on Wednesday, June 18. These "intensive training sessions" are designed to complement MacHack's three days of presentations and papers. Cocoa Software Development and Tcl/Tk training will be available. Cocoa training will be lead by veteran Macintosh developer Chris Hanson. The Tcl/Tk training session will be led by Clif Flynt. Read more.
Mikio's entire presentation including a complete list of new Apple and third-party software since March, new Apple hardware releases, Apple retail news, and other Apple related topics can be found on the main Mac Managers web site at: http://www.macos.utah.edu or select from the options listed below:

[View Web Page] [Download PDF] [View Movie]

Mac OS X, LDAPv3, & Kerberos by Darren Davis

An individual was observing how the LDAP plug-in was operating. He noticed that an extra bind was occurring and when he looked a little closer, he noticed that certain passwords were being passed as clear text.

Mac OS X Login Process
  • User types in his user name and password. Now, in most configurations, the Directory holds just user information but Kerberos is used alongside the Directory to do the authentication.
  • So when a user types in his user name and password, it's the common user name but the password is the Kerberos password that goes to the Kerberos server.
  • After the user name and password is entered, the client talks to the Directory Server, the Directory Server returns the user attributes indicating that "Yes, that this is that user."
  • The Kerberos part of the password then talks to the Kerberos Server to authenticate the user. The Kerberos Server then responds that "Yes, this is that user."
The Issue
  • The problem occurs when the client talks to the LDAP Server the first time. You have a "Generic User" that is used too contact the Directory Server to get the user information.
  • Later in the whole login process, the login client is going to attempt to bind to the LDAP Directory.
  • When this occurs, even though communication to the Directory is supposed to be done through a special user, the bind is attempted with the user name and password that was just entered. What this means is that it's the Kerberos password that is used to attempt to get the user attributes.
  • Unfortunately, the Kerberos password is passed to the to the LDAP Server in the process. It doesn't do anything, but if you don't have it secured in some fashion, your Kerberos password just got passed as clear text over the wire.
  • This is a serious problem. When it was discovered Apple was notified, Cerc was notified, and Apple came up with a fix.
Solutions
  • Use SSL for LDAP information so even though the Kerberos password is getting bounced off of the LDAP Server, at least it's encrypted.
  • Configure Directory Access to set the Authentication Authority Attribute (located in the LDAPv3 plug-in) to an existing Directory Attribute that always has a value. When this is done, the bind sequence will fail and go onto the next step which is the Kerberos login. The Kerberos credentials are not passed onto the LDAP server.
[Download PDF] [View Movie]

The a, b, & g's of 802.11 by Craig Bennion

Craig's research began when he needed to look into a wireless solution for his home. It expanded when he had to look for a solution that would support both his newly acquired iMac that only supports the 802.11 g, and his existing laptop that only supports 802.11b

The Original 802.11
Essentially Ethernet using wireless mechanisms.

It specifies how to put information out via the Physical Layer or the media (PHY). In this case:
  • Direct Sequence Spread Spectrons (DSSS)
  • Frequency Hopped Spread Spectrum (FHSS)
It also specified how the Media Access Control (MAC) works.

802.11b
  • Frequency: 2.4 GHz Instrumentation Scientific Medical (ISM) Band
  • Channels; 11 channels, 3 of which are non-overlapping
  • Speed: 11, 5.5, 2.1 Mbps
  • Channel Access: CSMA/CA - The standard ethernet collision mechanism.
  • Transmission Power: 1 watt (most devices use 30mW)
  • Carrier: Direct Sequence Spread Spectrons (DSSS)

    There is a lot of overlap with 11 channels only three of which are non-overlapping.

    Complimentary Code Key (CCK) - The signal is spread over the entire bandwidth. You uses the whole thing to transmit your information.
802.11a
  • Frequency: Uses the 5 GHz unregulated band
  • Channels: 12 and all 12 are non-overlapping. They are grouped into low (40 mW), medium (200 mW), and high (800 mW) power groupings over the 300 MHz bandwidth.
  • Speed: 24,12,6 Mbps Mandatory 54,36,18, 9 mbps optional
  • Channel Access CSMA/CA
  • Transmission Power: 800 MW max
  • Carrier: Orthogonal Frequency Division Multiplexing

    The overall higher frequency means less power to penetrate objects.

    OFDM breaks the available bandwidth into 52 discrete carriers across the bandwidth. 4 used for signaling and data control the other 48 are used to transmit information. When you mulitplex, you breakdown your transmission into 48 different sub-carriers and transmit that way.
802.11g
  • Frequency: Uses the 2.4 GHz ISM band
  • Channels: 11 channels, 3 of which are non-overlapping 1,6,11
  • Speed: up to 54 Mbps
  • Channel Access: CSMA/CA
  • Transmission Power: 1 watt
  • Carrier: Orthogonal Frequency Division Multiplexing

    This is the best of both worlds. "g" has the power, but uses the OFDF carrier
By Comparison
  • "a" based equipment is more expensive with shortest range. It is fast, however.
  • "b" based equipment is least expensive but the high frequency range means that it is slow.
  • "g" based hardware is moderately expensive and has the same high range fast as "a" based equipment.
Who Uses What 802.11g Chipsets
  • Broadcom (the first) used in - Apple, Belkin , Buffalo, Linksys
  • Intersil used in - Actontec, NETGEAR, Corega Int, D-Link, USI
  • Atheros used in - HP, NETGEARE (tri-mode), TRENDnet
    (NOTE: Atheros chipset is interesting in that it is tri-modal and can do "a", "b", and "g").
  • Texas Instruments used in - TNETW1130 (announced 4/03)
  • Agere Systems - Chipset just announced.
Compatibility
There has been no testing to see about compatibility between manufacturers hardware by the by the Wi-Fi Association group as 802.11g spec has not been finalized yet.

Compatibility between manufacturers hardware is still suspect. Airport and Linksis, for example, won't talk together in abridged mode.

It's probably a little premature for a successful mixed vendor environment for 11g right now.

Other Points
Printer Spooling off of the Hubs - Apple Airport has a USB port built in for direct printing but does not have a spooling features. In general, these products offer just access points. Most manufacture have other products such as PC or PCI cards for wireless as well as USB connectivity. A few have have print spoolers (New Company called SNC).

Security - Wireless encryption that is easy to crack. They've come out with another spec (802.11i) to make it a stronger encryption.

AppleTalk Support - Linksys supports AppleShare over AppleTalk. Appletalk via IP is a different.

Additional Information
  • www.smallnetbuilder.com
  • www.wi-fi.org
  • www.oreillynet.com/wireless
  • www.80211-planet.com
  • www.wirelessnewsfactor.com
Craig's presentation provided a general overview of what hardware is available for OS X users who need 802.11 access points. For additional information regarding 802.11 or related hardware, please consult the websites listed above.

[Download PDF] [View Movie]

LDAPv3 & Wildcard Static Mappings by Dan Sinema

As a personal project, Dan modified Apples LDAPv3 plug-in to handle wildcards on static mapping.

Basic Information
What is a Directory?
"Fundamentally, what a directory service does is security manage complex systems of interrelated information and suggest the widespread distribution and speedy retrieval of that information"
Qualities of a Directory
  • Defines namespace
  • An extended search capability
  • Authentication and access control
  • Scales from small to large networks
  • A datastore optimized for reads
DAP derived from x.500
  • Directory access protocol (DAP)
  • Original standardized by ISO and ITU in 1988
  • X.500 is an enormous standard
  • Utilizes the OSI stock
  • Very costly to implement & hard to develop stuff so much so that only large corporations could really us it.
Lightweight Directory Access Protocol (LDAP)
  • Version 1 published as RFC1487 in 1993 by IETF and ISODE at U of UofMich
  • TCP/IP based
  • Lower overhead
  • Widely accepted API
  • Uses the DNS namespace
What is an OID
"An oid (object identifier) is a globally unique identifier for objects and attributes assigned by various international standards organizations including American National Standards Institute (ANSI) and the Internet Assigned Numbers Authority (IANA)"
Schema
  • Sometimes compared to map
  • Description of objects and things
Object Class
  • Similar to a class in C++ or Java
  • Used to describe objects in general terms
  • MET object descriptor
Attribute
  • Similar to data members in C++ and Java
  • Gives personality to object class (like employee number)
LDAP is Industry Standard
  • Sun, Netscape, SunONE use it
  • Novell e-directory
  • Microsoft Active Directory
  • OpenLDAP
Mac OS X Directory Services
  • Sits down in the darwin layer
  • Runs the directory services daemon
  • Defines plug-in structure
  • Defines nodes, Standard Record Types, standard attributes
  • LookupD used for UNIX compatibility
  • NetInfo, legacy directory
  • LDAP
Mac OS X LDAPv3 Plug-in
  • Uses Mac OS X Directory Services API
  • OpenLDAP API (wrapped in the LDAP framework - nice way Apple links libraries together so that they are organized into on central location)
  • Open sourced under APSL (Apple Public Source License)
Features of LDAPv3 Plug-in
  • Map LDAP objects and attributes to local objects and attributes
  • Statically assign values of attributes (added in version 10.2.2)
Map LDAP to Local
  • In mac OS X there is thing called "Real Name"
  • On an LDAP server "Real Name" is maybe something like "CN" this is mapped from local to LDAP
Static Mappings
  • "#" signifies that the value is a static mapping
  • The standard plug-in applies the same value to all users that logs in via LDAP
Dan's Project
It's nice to assign everyone a static value but if everyone is going into the same home file, the directory has to be regularly cleaned out. If it is not, a user will be able to see everyone else's directory. You also have to add special attributes to the LDAP server for the Mac OS X client.

Dan's modifications allow you to make statically assigned values but the portion that is unique to the user can be assigned a variable that will replace the value.

Adding Variable Support to the Static Mappings
  • Administrators can customize the static mappings on per user basis
  • Allows use of the directory as is, additional modifications are not required
  • "Tokens" use LDAP attribute names encased by $ (example $uid$). The user would then be looking for the value of the "uid" attribute on the LDAP Server
How it Works
You do the static mapping but in place of where you want the value of the LDAP server placed, you put the LDAP attribute name you're looking for wrapped in "$". Dan's code then looks at it, finds the dollar signs and then extract the attribute name and go look for it.

So in a nutshell, the LDAP request is made from the client to the server (for example User=testuser). The LDAP server replies back to the client sending back the matching values for User=testuser.

Dan's code...
  • Recognizes that the NFS Home Directory is mapped with a static mapping of #/tmp/$uid$
  • Finds the "$"
  • Finds "uid" is requested attribute
  • Locates value of "uid" from LDAP Server (in this case, it is "testuser")
  • Replaces "$uid$" with "testuser"
  • Final value of NFS Home Directory is #/temp/testuser
All of this occurs before any directory gets created

Only limitation is that you can replace attribute values that are part of the object you're looking for (for example from user object you can only replace objects that ar part of the user object)
One Note on Setting this Up
The way this works now is that you replace the LDAP plug-in out of Mac OS X machine and put this plug-in. If you do an update it will get overwritten so take it out, do your update and put it back in.
Dan's presentation provided a general overview and demonstration of the results of his personal project

If you have any additional questions regarding this modification of the LDAP v3 plug-in, you can contact Dan at dsinema@apple.com.

[Download PDF] [View Movie]

U of U College of Fine Arts: QuickTime Streaming by Dan Hutten & Holly Christmas

How It Started
Had a administrator who wanted it although he was not sure how to do it. He just wanted it. Had a music professor who created her own class audio compilations for her students. These selections were on hard formats (tapes and CDs) and were available for on campus use only (checked out from the music or main library and used in their facilities).

In addition to the amount of time it took to compile the material for these selections, there were issues about the overall quality of the recordings, the failure rate of the media over time, as well as accessibility. Basically, the students wanted greater access to the selections.

They had moved to providing downloadable MP3s but because these are download into the student's hands, They have "custody" of the MP3. This ended up creating a huge copyright issue regarding ownership. On CD's and tapes at least, the selections are checked out and limited to use in certain on-campus facilities. The students don't own them, they BORROW them for educational purposes.

What It Led To
Initially, the professor went to the Marriott Library's Technology Assisted Curriculum Center who said that they would do the streaming for her. They didn't have their QuickTime Server up in time so they encoded and distributed the music selections using Real Player.

There were some initial configuration problems with Real Player both from the Fine Arts side (getting the material out) and the students side (getting the material to play). It turned out, however, that the way the streams had been set up, the students were downloading RAM files that had .mp3 extensions. The professor was convinced they were downloading MP3 music files.

Streaming the selections was the logical choice getting away from ANY downloadables. Quicktime streams are not a downloaded and they are largely universal via the web (no downloads = no copyright issues). The problem is the Art Department has a large support base but a low number of techs so a lot of the work had to be offloaded to the the professor. She was cool with this as she was already doing a lot of the work with the CD's.

Cleaner was the best option. The idea was that Cleaner was all scripted, it was professor proof, so all she had to do was to compile her selections and & upload it to servers and it would stream. There were a few gaps that needed to be taken care of, like a web page to access the material but these were mostly repointing the old Real Player links to the QuickTime Streaming files.

Other Details
  • Enable professors to generate material - This means training as well as making sure the professor has the necessary computer hardware.
  • To minimize the load on the web server, they created a series of pointer files on the web server and the audio files on the streaming server. NOTE: Pointer files can be looked at with a utility called MakeRefMovie available at apple.com it shows you what the pointer files are pointing to on the streaming server.
  • They have created three different levels of audio quality based on increasing file size. Depending on the QuickTime Preferences client configuration, a certain file is selected and played. The initial encodes were done on an OS 9 G4/733 with 350MB RAM. Cleaner usually took about 9 to 15 hours to process the equivalent of one CD. A machine with OS X and 760MB RAM took half as long.
Listening Issues Encountered
  • The instructor really wants the students to have a good listening experience and encourages them to contact the Fine Arts techs when they encounter issues. (his led to the aforementioned support policy).
  • Files skipping or lagging - The initial re-encode of the Real Player files had to be re-encoded again using QDesign.
  • 56K files still skipping - so they re-encoded again at 28K
  • 404 errors - As this is a stream, the initial handshake goes over 554 and then it streams over RTSP ports. Some users were behind firewalls as they accessing this from work. Fine Arts did not want to go over port 80 (progressive downloads) at this point so these uses are out of luck. In the meantime, they've enabled streaming over port 80 via the QuickTime server which tunnels through the HTTP protocols. This is all being done on a streaming server that is also a student server which may cause future problems.
  • Other applications - Other apps were trying to play the .mov files so they had to set them to ignore them and set QuickTime as the exclusive .mov player.
Other Issues
With the establishment of the streaming, now Fine Arts essentially has to offer a certain degree of support for students at home in addition to their existing on campus responsibilities. The issue was basically, "How low do we go? How much support do we offer?" because, lord knows what kind of hardware the students are using.

They decided to test all of the common configurations & offer a FAQ that walk's users through the solutions to the issues that they encountered. Beyond that, the students were on their own. They also decided that once the class got into gear, they would walk the students through the process, discuss potential issues, and for one week offer support. If the students didn't contact them during that week, they were on their own.

The issue of copyright is still there. The Teach Act provides gray area where as long as the material is used for a class by students, it can be used in this way. One other future possibility is to "degraded" the selections or create audio "thumbnails" for public access and then create better quality streams are only accessible through a password.

Future Goals & Issues To Be Addressed
  • When and how these will be address is dependent on time & resources.
  • Make it more professor proof - Have them do more of the work
  • Generate html
  • Password Protection
  • Copyright Issues - Since implementation, the Teach Act as become law so it's time to reexamine it and see if Fine Arts is still in compliance.
  • Incorporate more cross-media activity - Listen to the streams and follow along with digitized copies of the sheet music for example.
Related Links
QuickTime Player

QuickTime Streaming Server

Apple Streaming/Webmaster Tools

MakeRefMovie

QDesign

Cleaner 5

The Teach Act

[Download PDF] [View Movie]

Other Issues

Apple Worldwide Developers Conference 2003
San Jose, CA - June 23 - 27, 2003

Apple will use the 2003 Worldwide Developers Conference to boost its emerging Xserve presence. Read more.

Apple will also run an exhibit fair giving smaller vendors a chance to show off their products. Read more.

Comprehensive development tracks of interest include Enterprise IT, Apple Developer Tools, QuickTime, Application Frameworks, Core OS, Hardware, Graphics and Imaging. Read more.

Apple will provide developers with a more complete preview release of Mac OS X 10.3 "Panther" at WWDC. Read more.

Apple has announced that it will offer WWDC attendees the opportunity to attend "Early Bird" workshops at no additional charge on Sunday, June 22. Apple engineers and third party specialists will conduct these "first-come, first-served" hands-on sessions. Attendees will be presented with the opportunity to implement the featured technologies at dedicated workstations provided during the workshops. Read more.

There will be two people from Student Computing Labs who will be attending this year's WWDC. If you have any questions, issues, or topics that you would like to have addressed by Apple, please send the information to Richard Glaser here.

Integrating Mac OS X on Campus
On May 1st, 2003, Apple Computer and the University of Utah Student Computing Labs Mac Support Group presented this free seminar based on real-world experience and lessons learned from the Higher Education Mac OS X Labs Deployment Project ( www.macosxlabs.org ). Together, they demonstrated solutions for deploying, maintaining, and managing Mac OS X clients in an open multi-user, multipurpose, and multi-platform environment.

For post-seminar information including presentation topics, presentation materials, related information, and seminar photographs, please click on the above Integrating Mac OS X on Campus link.

If there is a topic you would like to see discussed at a future Mac Managers Meeting, please let us know here.