Home » 2005 (Page 6)
Yearly Archives: 2005
The Most Versatile VoIP Provider: FREE PORTING
JUST RELEASED: Visit the Incredible PBX WikiISP-In-A-Box: The $500 Mac mini (Building a PureFTP Server … If You Must)
Ordinarily, we have put our faith in Apple when it comes to providing secure and reliable open-source tools as part of the Mac OS X bundle. The FTP service is the exception. Here are a few reasons why. While an FTP server is bundled with the latest version of Panther, at least one well-respected commentator has noted that Apple completely broke the FTP server with a security update in September, 2004. While it was subsequently fixed, the scenario suggests that minimal, if any, testing of FTP was undertaken by Apple as new security updates were released. Given the long history of security problems with FTP services in general, this is more than a little disturbing if you enjoy a good night’s sleep. The bundled FTP server also is extremely limited in the access methods and scope of access it supports. If you want more detail, here’s a link to O’Reilly’s MacDevCenter article that will tell you more than you ever wanted to know. The final straw which has led us to support a different FTP server solution is the flawless security record of one, and only one, FTP server. Pure-FTPd comes with a default configuration which is secure and there has never been a reported buffer overflow problem with the product.
That’s the science. Now some practical advice. FTP is by definition an insecure protocol for transferring files and data. It was developed during a simpler time when the Internet was limited mostly to college professors and students who had some respect for one another. User names and passwords are sent as plain text across the big bad Internet … and so is the data. So, unless you like living dangerously and have a good backup, don’t use FTP on mission-critical systems. You also need to stop and think WHY you need FTP. If you only want to put a file repository on line and don’t need to add and delete files except when you are colocated with your server, then use this free HTTP/PHP solution by dropping these two files in a folder on your web server. Then edit the descriptions text file to describe each file in the directory inserting a tab between the file name and the description. It doesn’t get much easier than that.
If you really must use FTP, configure the server to support access with different user names and passwords than those used to log in to your Mac locally. And, speaking of logs, check your FTP logs frequently to make certain you don’t have a security problem. A missing log would be a fairly good hint that something is amiss. Finally, minimize as best you can the access provided to FTP users (including yourself) and also restrict the scope of uploads to assure that some bad guy can’t trash your machine by simply filling it up with worthless data until your hard drive gags. You can further reduce your security exposure by coupling FTP access with a secure protocol such as SSH (which we already have addressed) or FTP-SSL/TLS. The latest FTP client versions of Transmit (our personal favorite) and RBrowser both support FTP-SSL/TLS.
Installing PureFTPd. There are several ways to install PureFTPd on your Mac. As usual, we’ll opt for the easy route and use a free tool which is one of the best pieces of Mac software on the planet, PureFTPd Manager. It not only installs PureFTPd, but it also provides Rendezvous support and an incredibly simple Cocoa frontend to manage everything on your new FTP server: anonymous access, authentication methods, bandwidth usage, and much, much more. To begin, download PureFTPd Manager. Double-click on PureFTPd Manager.mpkg to begin the install from your desktop. Follow the prompts and accept all the defaults unless you’re installing on a version of Mac OS X other than Panther, v10.3. Once the installation completes, run the application from your Applications folder. Enter your admin password when prompted. Now we’ll configure your new FTP server by deciding whether to activate anonymous user access and whether to support virtual users. We’ll also configure logging and virtual hosts if you want to support them.
Anonymous and Virtual User Access. We recommend you at least configure anonymous user access. Then it can be disabled. By configuring it, PureFTPd Manager will create a folder for anonymous users and set up the necessary permissions. Leave the defaults and click Continue. We also want to set up a mechanism for adding virtual users. These are users that you create to allow FTP access only to your system. They do not have regular Mac accounts. Click Continue to set up the necessary permissions for these accounts. Check all three check boxes under Server Logging and click Continue. In the System Settings screen, leave the defaults and click Continue. Finally, click the Configure button to complete your installation. Be patient while your install is completed. It can take a minute or two so don’t get nervous and start clicking a bunch of buttons. Once the installation completes, you will be presented with the PureFTPd Manager interface. If you plan to use this software regularly, do us all a favor and send $20 to the author. It encourages more great products like this one.
Managing Your FTP Server. You can start up and shut down PureFTPd in a couple of ways. The easiest is by checking or unchecking the FTP Server option in System Preferences->Sharing. Yes, PureFTPd now has replaced the default Panther FTP server in System Preferences. You also can start and stop the server by running PureFTPd Manager from your Applications folder and clicking on the Start and Stop buttons in the Server Status screen. We recommend you turn off anonymous FTP access until you really, really need it. Click Preferences and then Anonymous. To disable uploads, check the appropriate box. To disable all anonymous access, check Disable Anonymous Access. Note that you also can control bandwidth and storage space for anonymous users. For now, just disable it. Then click Show All to return to the main Preferences menu.
Managing Virtual Users. From the Server Status screen, click on User Manager and then New to create a new virtual user for your FTP server. Assign a login name and password, specify a home directory, and click Restrict User to Home Directory. If you want to restrict the user to a specified time period for access, specify the start and end time. Otherwise, click Disabled. Under the Virtual Folders tab, you can give the user access to other folders and specify the scope of access. Under the Transfers tab, you can limit bandwidth and disk storage for this user. Under the Other tab, you can create a customized Welcome Banner and restrict IP addresses for this user.
Creating a Secure FTP Server. If you want to implement FTP-SSL/TLS support for your new server, choose Preferences then SSL/TLS Sessions. Click Create a Certificate then Go Self-Signed. Fill in ALL of the certificate entries and specify a duration for your certificate (3000 works!). Now activate TLS access by choosing either Mixed Mode (for TLS and traditional FTP access) or TLS Only (clear text sessions will be refused). Restart the FTPd daemon when prompted. Then connect using one of the FTP clients we identified above that supports TLS access. For more detailed instructions on configuration of your server, read the MacDevCenter article here.
Last But Not Least. Keep in mind that if your Mac is behind a hardware-based firewall, you will need to configure the firewall to map the FTP ports to the internal IP address of your Mac. Read the firewalling section of the PureFTPd FAQ. We covered the basics in our Going Live! article. We’ll close today with our strongest recommendation yet. Turn off FTP services except when absolutely necessary unless you are restricting your FTP access to TLS connections only with no anonymous access.
Coming Events. We’re excited as you undoubtedly are that Apple’s new Tiger operating system for the Mac is just around the corner. Just a heads up that we plan to switch gears once Tiger is released and cover all of the tutorials we’ve written about thus far focusing on what’s involved in a new Tiger install. If prior OS releases are an indicator, then Tiger will bring a few surprises. To celebrate the release, we’ll be starting with a brand-new Mac with Tiger freshly installed. And, if you haven’t noticed in the right column, we’re adding a new web site, Tiger Vittles, to focus exclusively on installation and configuration of open source applications for the new Tiger OS. We hope you’ll join us for the celebration.
ISP-In-A-Box: The $500 Mac mini (Building a Streaming Audio Server, Part II)
Today, we want to finish building our streaming audio server by picking up where we left off in Part I. We’ll assume that you already have chosen your favorite player or smartphone and that you’ve opted out of buying Apple’s just-announced Victrola (click inset) or Sony’s latest marvel, the NetJuke. Did we forget to say it … April Fool’s. So we’ll be putting in place your own server using a Mac mini to send your tunes to your streaming audio player, whatever it may be. As we mentioned last week, streaming music is a processor and bandwidth intensive operation because your Mac not only has to decode a compressed music file stored on your local disk and broadcast it to the streaming server, but the streaming server also has to recompress it and manage the audio streams for each player that connects to your streaming server. Put another way, you probably don’t want to be transmitting a 192K audio stream in stereo if you only have a broadband Internet connection with limited upload bandwidth.
So the best place to begin the design of your streaming audio server is with a pencil and some math fundamentals. The bottom line is that a streaming audio server can only stream as much data as your Internet upload connection will support. How do you figure this out? Well, first you need to know how much upload bandwidth your Internet connection supports. Don’t take your ISP’s word for it. Instead, visit a site such as DSL Reports and run a Speed Test. The MegaPath Networks site usually works well. We don’t care so much about download performance for this project. What we’re interested in is the upload number. Let’s assume your upload number is 256 kbps. To determine the maximum bitrate that your server can support, divide the number of simultaneous streams you wish to support by the upload bandwidth of your connection. For example, the maximum bitrate your 256 kbps connection could support with two streams is 128 kbps. For 8 simultaneous streams, the supported bitrate would be 32 kbps. What happens if you do the math wrong or cheat? Your server crashes and burns. It’s that simple. Actually, the burning part is hyperbole, but you can almost count on a crash.
Another factor to consider in planning the bitrate for your streaming server is the player hardware and download bandwidth of your target audience. We’re going to assume that you are the target audience for your stream to keep things on the up and up. You did read our first installment, didn’t you? So, if you only will be supporting one stream (to you) and you plan to listen to your music on your cellphone, then a bit rate of 24 kbps in mono is probably about right unless you want the audio stream at the receiving end to die and restart regularly. If, on the other hand, you plan to play the stream from your home server at your beach house 500 miles away using an AudioTron with a three megabit cable modem connection to the Internet, then a 128 kbps stream in stereo may be more appropriate to improve the quality of the music at the receiving end. Just keep in mind that the higher the stream rate, the more processing power is required to pump out the stream. And, to broadcast in stereo, means multiplying everything by two.
Choosing A Streaming Server. Assuming you’ve solved the bandwidth requirements, step two is actually choosing a Streaming Audio Server. As we mentioned in the first part of this article, this is complicated a bit by the fact that you also need a Broadcast Server in the Shoutcast environment. If you only want a system which can send a single song on demand or a system which will play a predefined playlist, then Nullsoft’s Shoutcast DNAS server for the Mac is a perfect fit, and you can download it here. Be sure to carefully read the installation and configuration instructions which are included on Nullsoft’s web site. For the broadcaster component on Mac OS X, you can download the Shoutcast DSP Plugin for Mac OS X here. Be sure to review the configuration settings before you install the software and keep in mind that the Mac broadcast module cannot stream input from a sound card, only a playlist.
Other Broadcast Options. Let’s assume that your only reason for doing any of this is to impress your friends by playing some unique content on your cellphone "live." Nothing quite beats the iMan’s talk-radio broadcast if this is your goal. And there are a couple of approaches on the Mac platform. The first is to install the Shoutcast DNAS server on your Mac as outlined above and use the Windows platform for the broadcasting module. In this scenario, you download WinAmp 2 for Windows XP from here and then download the Shoutcast DSP Plugin for WinAmp 2.0 from here. You obviously have to have a Mac and a spare Windows XP machine and a radio with a line out jack to make this work. The only trick to successfully connecting all the pieces is making sure the passwords for the streaming server on the Mac and the WinAmp broadcaster module match. And, of course, make sure that the Shoutcast port isn’t blocked by a firewall on either your Mac or the Windows XP machine. If this sounds like a configuration nightmare, trust me. It is!
The Smarter Alternative. Unless you just spent your last nickel for lunch today, there is a far simpler way to bring up a streaming audio server on the Mac platform, but it’ll cost you $40. The product is Rogue Amoeba’s Nicecast. You can try it for free, and it’s fully functional for the first 20 minutes of every broadcast. Then the quality of the audio stream starts to deteriorate. If we’re still talking about listening to the iMan, 20 minutes is probably more than enough in one sitting anyway. In short, you can make absolutely certain that Nicecast meets your needs before you spend a dime. Complete installation and setup takes about two minutes, and Nicecast provides both the streaming server component which is Shoutcast-compatible and the broadcaster component. And any content you can play or hear on your Mac can be streamed with Nicecast. This includes iTunes as well as input from a microphone, a mixer, any radio with a line out jack, or even EyeTV. On the Mac mini, you’ll need a USB input device for most of these options. Griffin’s iMic is the best value. Finally Nicecast includes 40 professional plug-in’s including a terrific equalizer to improve the quality of your stream.
To get started, download and install the software. Run the application by double-clicking the Nicecast icon in your Applications folder. Click on the Source button and pick your input source. Click on the Input button and name your streaming station. You can include a genre and web site address if desired. Click on the Quality button and choose the quality of your audio stream. Nicecast will make an educated guess based upon the speed of your Internet connection, but you can change it in one click by selecting one of the predefined stream types. Click the Share button, and Nicecast will provide you the web link to use in your player. Make certain that Port 8000 is open on your Mac firewall and that Port 8000 on your hardware-based firewall is mapped to the internal IP address of your Mac streaming server. Now click the Start Broadcast button, and you’re in business. It really doesn’t get much easier than that which explains why Nicecast has won just about every software award worth winning including MacWorld’s Editor’s Choice in December, 2004. And, if you do ever need help, Nicecast’s first-rate documentation is as close as the Help button in the application. Finally, if you’re thinking this whole project sounds pretty silly, then take a few minutes and read this article which explains better than I why, a year from now, this project and the Mac mini may not look so silly after all. See you next week for FTP servers.
ISP-In-A-Box: The $500 Mac mini (Building a Streaming Audio Server, Part I)
Most of our Mac mini projects, which also work fine on any other Mac running Mac OS X v10.3, have focused on open source solutions at no cost. The reason was not so much because the technology was free (although that’s obviously a big plus for many of us) but because the open source software was the best in its class. The landscape is a little different in the streaming audio world. You can build a streaming audio server on a Mac with free tools, but they are not open source. While the quality is certainly still there, the system’s usability leaves a lot to be desired. Here’s why. There are usually three components in a streaming audio system: a player, a broadcaster, and a streaming server. The broadcaster sends MP3 files to the streaming server which handles compression for streaming and distribution of the stream to the players. Players and a streaming server are readily available on the Mac platform; however, the broadcaster component (which is open source) is limited in its functionality so we’ll propose another approach for the Mac platform.
We’re going to break down the process into its parts to simplify things for those just getting started. Today we’ll be addressing streaming audio players. Then, in Part II of our series, we’ll talk about a broadcaster and streaming audio server for your Mac mini. We’re also going to focus primarily on products which are Shoutcast-compatible since it is the free standard for streaming audio. For your own requirements, other solutions may work as well or better, and we’ll mention a couple. The bottom line is you can’t go wrong with a Shoutcast-compatible streaming audio solution, and you won’t have to worry about someone pulling the rug out from under your music project down the road (we hope).
Shoutcast is the invention of the good folks at Nullsoft that brought the world WinAmp. Nullsoft is now a subsidiary of AOL which now is part of the Time Warner empire. After joining AOL, the Nullsoft team created gnutella. AOL management shut down the gnutella project, and virtually all of the Nullsoft developers resigned. That history lesson is intended to explain the "we hope" reference in the previous paragraph. Thus far, Nullsoft’s Shoutcast streaming server remains free for the taking, and there are many open source broadcaster products which have evolved that all rely upon the Shoutcast server for streaming content distribution. Just keep in mind that both AOL and Time Warner are content aggregators, and you can rest assured that Big Brother will never let Little Brother interfere with their primary goal: making money. For another perspective on the incestuous relationship between Nullsoft and AOL, read this. Before you shed too many tears for the Nullsoft developers, keep in mind that they walked away from the table with a cool $100 million for a company whose major income producer is the WinAmp music player, the deluxe version of which sells for $14.95. And then there’s the WinAmp competition: Microsoft’s free (bundled) Windows Media Player and MusicMatch (almost free and bundled with virtually every new PC on the planet). And folks wonder why the Internet bubble burst. Do the math! So much for the politics, let’s get back to the technology.
Streaming Audio Defined. As the name implies, streaming audio means you can play a digital audio stream almost instantaneously on some type of player without waiting for an entire song to first download into the player. If you want to learn more about streaming technology, here’s a link that will tell you everything you ever wanted to know. So the first two prerequisites to make all of this work are some type of player that can handle streaming audio and a local network or Internet connection with acceptable bandwidth to the streaming audio source. In terms of quality and versatility for home use, there is no finer hardware-based player than Turtle Beach’s AudioTron. The AudioTron’s distinguishing characteristic from most other players is that it can play a collection of songs directly from a network hard disk without reliance upon any streaming audio server. It can also play Shoutcast streaming audio. And, as luck would have it, Turtle Beach has inexplicably killed the product just when streaming audio has finally hit its stride. The good news is that Turtle Beach and a throng of dedicated users still support the product with a broad range of add-on’s. And there are usually some units available on eBay if you want one.
Streaming Audio Players. There are many of other streaming audio players that can double as a server as well. Not the least of these is your trusty Mac running iTunes or a PC running WinAmp or Windows Media Player. One advantage of WinAmp is that it can also serve as a broadcaster in addition to being a great streaming audio player. In fact, if you are fortunate enough to have both a Mac and a Windows XP machine and you also have an XM Radio or a Sirius Radio with a line out jack, you can actually use WinAmp to broadcast your satellite radio content to your Shoutcast server by adding the free Shoutcast broadcasting plug-in to WinAmp. And, until last week, you could add the Output Stacker plug-in to capture Napster To Go streams to disk. Big Brother deleted out_disk.dll from the Shoutcast site but, with a bit of Googling on the file name, you can probably still find it if you are so inclined. See what we mean about the content aggregator mentality. This is basically the same technology and quality as a tape recorder from forty years ago, and now the content providers want to outlaw it. So much for fair use. Another worthy contender in the all-in-one category is the Blackbird Digital Music Player. Also in the home audio component player category are the Squeezebox which uses its own server software for your Mac and Netgear’s MP101.
Streaming Audio to Cellphones. One of the really cool uses of streaming audio is to play tunes on your cellphone from your home music collection. The Treo 650 running PocketTunes with an Internet connection such as Sprint’s PCS Vision is the perfect fit. For this to work, you obviously will have to open port 8000 on your home firewall and map the port to the IP address of your Mac. You’ll also have to enable port 8000 in your Mac’s firewall. We’ve covered all of this before if you need a refresher course. Just substitute 8000 for 80 in the discussion and follow the steps.
But, is it legal? Well, as a lawyer, I’m obliged to first tell you that this article is not a legal opinion, but a technology discussion. You’ll need to consult with your favorite lawyer to get a legal opinion. As a layman, I’d predict that your guess is about as good as mine. Building a shoutcast server certainly appears to be legal since there is a process in place to pay astronomical license fees. But. if you are shoutcasting only to listen to your own music collection yourself, it’s difficult to fathom how this differs from playing your purchased music directly on your CD player or iPod or Mac or PC. If you can legally carry your CD music collection from your home to your car to play it, then it seems reasonable to assume you could beam an album you’ve paid for from your home to your car or your cellphone. That is essentially what Apple does with its Airport Express. Of course, once you start sharing your music collection, all bets are off. A law professor would probably ask what happens when someone walks in your house and listens to your music. Are you now a music pirate? And what if they bring a tape recorder? Isn’t law school fun? Here’s an article and another one that cover a lot of the issues if you’re interested.
Having grown up in an era when kids were afraid to touch someone else’s mailbox out of fear of committing a felony, it’s more than a little disconcerting to look at today’s music landscape in the United States where the RIAA in collusion with the United States Congress has managed to turn almost half the country into felons for their music collections. My own view is that the Digital Millenium Copyright Act was enacted out of spite to prove Mark Twain was wrong when he said, "There’s no distinctively native American criminal class, except [perhaps for] Congress." And then there’s Microsoft’s illustrious CEO, Steve Ballmer, who put it so eloquently: "The most common format of music on an iPod is stolen." For a company that made its fortune on a product with more than a few "similarities" to the Mac (to which Microsoft had something akin to a source code license at the time), one might reasonably conclude that Mr. Ballmer certainly knows his subject matter. Finally, it’s worth recalling that no music was subject to federal copyright until 1971, long after the Beatles and Rolling Stones and Elton John had made their millions. Ask yourself this question: "Was there more music piracy in 1970 or today?" So we’re not quite sure all the legislating has really accomplished a lot … other than criminalizing the American public and lining the pockets of congressmen and recording industry moguls. Wink, Wink: They call them campaign contributions.
If Congress and the RIAA are serious about ending piracy, then a fresh, common sense approach seems long overdue. The new Napster To Go leasing model suggests that the RIAA is perfectly comfortable with a fee of $15 a month for an unlimited music collection. If we can all agree (1) that iPods and other music players only last for three or four years, (2) that you have to have a music player to play music, and (3) that less than one in a thousand listeners actually uses today’s Napster system, then it shouldn’t take a mathematics genius to figure out that some "Artists’ Fee" in the neighborhood of $100 could be added to the cost of every music player and, once such a player was purchased, the end user would be licensed to play any music the end user could get his or her hands on at no additional cost for as long as the music player would play. Why $100 and not $700 (the four-year cost of a Napster subscription)? If $700 is profitable for the RIAA and Napster with virtually no market share, then the basic laws of supply and demand suggest that increasing market share 1,000-fold should result in a cost reduction of at least 80% particularly where there are zero production and distribution costs in the pricing and sales model. And finally, limit payments from the Artists’ Fee fund to only those artists who distribute their music in unencrypted formats. Just my 2¢ worth.
That’s it for today. If you want to try out the product we’re going to be raving about in Part II, then download Rogue Amoeba’s Nicecast and have a blast until next week.
ISP-In-A-Box: The $500 Mac mini (HOW-TO Become A WordPress BlogMaster, Part II)
Using MySQL and PHP, we created a new WordPress blog on your Mac in our last installment. Today, we want to lock it down so that evil people don’t fill up your MySQL database tables with comments about Viagra and gambling casinos. We also want to show you a few tricks for customizing WordPress to better meet your needs and those of your readers. Comment spam has become the new cottage industry in the blog world, and it’s something you need to deal with up front, or you’ll be sorry within a few days of launching your new blog. There are some exhaustive articles on the tools that are available to assist you. But, let me save you a lot of time and disappointment. There’s one tool that really works, and it’s easy to install. My advice is simple: try my solution and look elsewhere only if you continue to see problems. Once you begin adding multiple filters, you have to worry about conflicts so, if one tool works, stick with one tool. WordPress HashCash works, period. It dynamically generates an MD5 hash each time a comment form is submitted. This effectively kills spambots dead in their tracks. If you want to read more about how it works, here’s the link that tells all. The hardest part is getting HashCash downloaded, but here’s how.
Downloading WordPress HashCash. Here’s the current link for WordPress HashCash. What used to be two files is now combined into the .php file. Read on before downloading. Because of the nature of this file, it doesn’t download in the usual way. Here are the steps to get the actual file. First, click on the link above. Then, read the information about the various versions and match the one you need to your version of WordPress. Once you select the correct link, scroll down to the bottom of the displayed web page. Next, Ctrl-Click (or right-click) on the link labeled "Plain Text." Choose Save Linked File As and provide the file names shown above to save each file to your Desktop. Using Finder, click on your local hard disk and move to the following folder: /Library/WebServer/Documents/blog/wp-content/plugins. Now click-and-drag each of the two downloaded files on your Desktop to the plugins folder. Finally, open the Admin section of WordPress: http://127.0.0.1/blog/wp-admin. Click on the Plugins tab and Activate WordPress HashCash by clicking on the appropriate link. Now you can sleep well knowing your WordPress blog is in good hands.
WordPress Beautification. WordPress 1.5 has only been in production a couple of weeks so the number of available skins (known as Themes in WordPress 1.5 lingo) to change the appearance of WordPress are not as numerous as with previous versions. But there are a number to choose from and most of them are available from Alex King’s web site. Installing them couldn’t be much easier. Go to the web site and view each of the various Themes by clicking on its name. Then click on the Download links for the Themes you like. Theme folders will be downloaded to your Desktop. Now repeat the steps shown above to navigate to /Library/WebServer/Documents/blog/wp-content/themes. Then click and drag the Themes folders on your Desktop to the themes folder for your blog. Choose the Theme you want to activate by opening the Admin section of WordPress (just as we did above). Click on the Presentation tab, and then click Select for the Theme you wish to make your default. Click View Site and your new Theme will appear for your very own blog. How simple is that?
Reader’s Choice. You may decide, as we have, that you’d like your visitors to be able to pick the Theme they prefer to read your blog. After all, the whole purpose of page layout is to enhance the viewing experience for readers, not for you. So why not make it easy for folks to choose a viewing style that is most comfortable for them. The default viewing theme gets saved as a cookie so the next time the person visits your site, they’ll see your blog in the Theme chosen on their last visit. With WordPress 1.5, implementing Theme Switching for your blog is a no-brainer. Go to boren.nu and download the Theme Switcher. This will download a file to your Desktop that will decompress into theme-switcher.php. Using the procedure we’ve used in the previous examples, click-and-drag this file into /Library/WebServer/Documents/blog/wp-content/plugins. Now open the Admin section of WordPress: http://127.0.0.1/blog/wp-admin. Click on the Plugins tab and Activate Theme Switcher by clicking on the corresponding activate link. With most of the new themes, your visitors will now get a listing from which to choose a preferred Theme to view your blog.
WordPress Configuration. There are a number of things you can control with your blog. If you haven’t figured it out already, you get to these settings using the Admin control panel of WordPress. To get you started, we’ve listed below some of the settings we use for Nerd Vittles. You may want to do other things with your blog which is perfectly fine. You always can change these settings as you get more comfortable with WordPress. But, the settings below will protect your blog from outsider control at least until you get your feet wet. As with any configuration changes, you’re better off making one or two adjustments at a time and viewing the results. Then, if something unexpected happens, it’s much easier to figure out what went wrong and fix it. Enjoy!
ISP-In-A-Box: The $500 Mac mini (HOW-TO Become A WordPress BlogMaster, Part I)
So you want to be a BlogMaster, but you want to host your blog on your very own Mac rather than paying a managed hosting service such as Blogger or TypePad. And you’ve elected to ignore our previous advice to use a hosting provider that offers MySQL database management, PHP, and blogging software as part of their feature set for free. Well, good for you! And you’re in luck because today, rejuvenated from our Spring Break cruise aboard the good ship Disney Wonder, we’re going to install the brand-new WordPress 1.5 on your Mac. This is the latest and greatest version of the blogging system that we use for Nerd Vittles which just happens to be what you’re reading now. In naming WordPress as the Web Application of the Year, ArsTechnica put it this way:
Let’s face it. Blogs are in fashion, and why not? Vanity knows no bounds, and there are some people who actually do something productive with theirs. From the influence of blogs on the coverage of the US presidential elections to every random teenager who has problems with their partner/parent/teacher/cat, blogs are out there allowing your most intimate feelings to be shared with random people at wifi hotspots. WordPress is the most prominent rising star of weblog software, completely free and with a large and active community. Styles, plugins and hacks are readily available, with problems such as comment spamming being addressed far more rapidly than competing applications.
We couldn’t have said it better. So let’s get started.
Prerequisites. Before you can bring up WordPress and begin your blogging career, you first need to figure out what you want to write about. Hopefully, it will be something in which others have an interest. And with Dan Rather now retired, conservative bloggers will actually have to come up with something new to whine about. But, who cares, right? You can always change your mind tomorrow, and the next day, and the next if you install and manage your own blogging system. On the hardware and software side, you’ll need a Mac running Mac OS X v10.3, aka Panther. And you also will need to install and activate five of the applications we covered in previous sessions before you begin this installation. You’ll need the Apache Web Server, the Postfix SMTP mail server only, the MySQL database server, and PHP and PhpMyAdmin. Once you complete these tutorials, read on. Don’t attempt to install WordPress prematurely, or you’ll make a big mess, and we don’t provide mess cleanup tutorials! For a complete list of our HOW-TO articles and Mac mini resources on the Net, click here.
Downloading WordPress. If you didn’t already know, WordPress is free for the taking, but you still have to download it from here. Just click on the Download .tar.gz link. This should download the software to your Desktop and automatically decompress it into a folder named wordpress. If you just end up with a .tar.gz file, simply double-click on it to decompress it into a folder. Now click once on the folder name and change the name of the folder to blog and press the return key. Next double-click on the folder to open it. Then double-click on wp-config-sample.php to open it with TextEdit. Look for the DB_USER line and change the word username to root. Now move down to the DB_PASSWORD line and delete the word password but leave the single quotes that were surrounding it. When you’re finished, it should show two single quotes with no spaces between them. Now press Command-S to save your changes. Close TextEdit, and then single-click on the filename wp-config-sample.php. Change the filename to wp-config.php and press the return key. Close the folder. Using Finder, click on the local hard disk, and move to the /Library/WebServer/Documents folder. Now click-and-drag the blog folder on your Desktop into the Documents folder. This will make your blog accessible at any of the following addresses: http://localhost/blog/ or http://127.0.0.1/blog/ or http://your.internal.ip.address/blog/ or http://your.Internet.ip.address/blog/ assuming you have activated the security settings set forth in our Network Security article. In addition, you can access your blog at http://yourdomain.com/blog/ if you have completed the domain registration steps outlined in our Domain Names article.
Installing WordPress. Like many open source applications, WordPress is a PHP-driven application that stores its data in a MySQL database with numerous MySQL tables. So, in order to use WordPress, we first need to create a MySQL database named wordpress to house the data. We’ll do this using PhpMyAdmin. Open a web browser on your server and go to http://localhost/php/. At the top of the right frame is a field for Create new database for MySQL. Type wordpress in the space provided, change the collation sequence to ascii.bin, and click the Create button to create the new MySQL database. Close that browser window and open a new one. Now go to http://127.0.0.1/blog/wp-admin/install.php. The Welcome to WordPress screen will appear. Click on the First Step link. Fill in a title for your new blog and your email address, and then click Continue to Second Step. Surprise! The installation is complete. Just be sure you write down your username (admin) and the randomly generated password. We’ll change it in a minute.
Configuring WordPress. Now click on the login link which will take you to the login screen: http://127.0.0.1/blog/wp-login.php. Type your username and password that you just wrote down. The Admin Dashboard will display with all sorts of information about WordPress. But let’s do first things first. Click on the Users tab at the top of the screen. Type in your name and any other desired extras you want to publish with your blog. Move to the two fields provided to change your password, and type your new permanent password twice. Then click the Update Profile button. Log out and back in just to be sure everything is working as it should. In a new browser window, go to http://127.0.0.1/blog/ and Voila. Welcome to Bloggerville! From your blog’s main page, you can return to the Admin program by clicking on the Admin link. You shouldn’t have to log in again assuming cookies are enabled and functioning properly on your system.
From the Administration program, you add new articles to your blog by clicking on the Write tab. And you can View, Edit, or Delete articles by clicking on the appropriate link beside the article of interest using the Manage tab. That should be enough to get you started in your blogging career. In our next session, we’ll talk about Plugins and Templates and Themes as well as how to protect your blog from the bad guys. We’ll also go into further detail about many of the WordPress 1.5 features that have made it such a popular blogging system. Your homework is to pay a visit to Alex King’s incredible WordPress resource site. While you’re there, look through the Themes section and find a look you like for your new blog. Our personal favorite is Meadow (see inset above). We’ll walk you through installing it (or your personal favorite) in our next session. For now, get those creative juices flowing and blog your socks off!
ISP-In-A-Box: The $500 Mac mini (Chapter XV: Rock Solid Backups, Rock Bottom Price … Free!)
We’ve postponed this column several times but not because it wasn’t important. We’re firm believers that every computer deserves a rock-solid backup solution, and the one we’ll introduce you to today is as good as backups get. It also happens to be free unless you’d like to donate $5 to the author … highly recommended. Today’s backup solution is so well engineered that you actually can boot your Mac from the backup drive once you complete a full system backup. Try that on your Windows XP machine. Heh heh heh. And this last capability provides a hidden bonus included with this backup solution: you can use it to clone your small hard drive and then replace it with a larger (or faster) drive which then can be cloned from the backup drive. You also can synchronize one drive to another and schedule unattended backups at any time desired.
Choosing an External Backup Drive. In order to do full system backups and incremental ones, you’ll need an external USB or Firewire drive. We recommend a firewire drive because you can’t boot Mac OS X from a USB drive. Booting from a firewire drive is as easy as rebooting, holding down the alt/option key, and choosing the drive from which to boot. The drive obviously needs to be large enough to hold your backup. If money is no object, you may want to consider one of the self-powered firewire drives so you don’t have to scramble for an AC outlet to make a backup. This makes real sense with notebook computers! Or, if you’ve gotten tired of listening to music on your iPod and would rather use it for a higher purpose, Engadget has an article that will show you how to convert your iPod into a perfectly acceptable firewire drive for backups. The most cost effective solution is probably what we use ourselves. You can find a Lacie 80GB firewire drive providing incredible performance with a small footprint for just over $100. We’ve had good luck with the Lacie drives which we leave powered on and connected to two of our iMacs all the time. Backups are run in the middle of the night and never interfere with what you’re doing.
Downloading the Software. This backup solution is designed for those using a Mac with Mac OS X v10.3 aka Panther. If you’re using a different OS, you’ll need to make some adjustments which aren’t covered here. We’re going to be downloading two separate pieces of software: Carbon Copy Cloner v.2.3 and Psync, and we want the Panther versions of both products. So just click on the Psync link in this paragraph to download it to your Desktop. Install it by double-clicking on psync.pkg once it mounts on your Desktop. Just follow the prompts. Then download Carbon Copy Cloner from the link above. Once the folder is created on your Desktop, double-click on the documentation file in the folder and read it. Now drag the Carbon Copy Cloner application to your Applications folder to complete the installation.
Making Your First Backup. Plug in your external drive and power it up. Make certain that it mounts on your Desktop (you’ll see an icon) before you start up Carbon Copy Cloner. Now start CCC by double-clicking on it in your Applications folder. Once it starts up, begin by clicking on the padlock and entering your Admin password to enable all of CCC’s features. The simplest full system backup only requires a couple of steps. Click on the Source Disk pull-down and choose your local hard disk. Then click on the Target Disk pull-down and choose your external drive. Now click the Preferences button and make certain that Repair Permissions before cloning is checked, Target Disk – Make Bootable is checked, and both Synchronization items are checked. None of the options in the right column should be checked. Now click the Save button. To begin your backup, click the Clone button. When the backup finishes, check the log to make sure nothing came unglued. Then restart your Mac and hold down the alt-option key. Choose your firewire external drive as the boot device and watch as your Mac restarts from your secondary drive. How cool is that? Now send Mike Bombich five bucks. It’s the cheapest insurance you’ll ever buy.
Scheduling Regular Backups. Nothing, of course, prevents you from making a backup anytime you feel like it. However, nothing will improve your peace of mind more than scheduling regular backups so you don’t have to worry about it. Here’s how. While you have all your settings just right in the Cloning Console window, click the Scheduler button. Choose when and how often you want your backups to run and then click the plus sign (+) to add the backup script to your System crontab (that you learned all about earlier this week). Wasn’t that hard, was it? The only wrinkle, of course, is that your machine and backup drive both must be on, and your Mac cannot be in Sleep mode. Now all you need to do is check your logs once in a while to make sure everything went according to plan.
We’ve got an extra special surprise for you tomorrow. See you then.
ISP-In-A-Box: The $500 Mac mini (Chapter XIV: Remote Access and Remote Control)
Today we’re going to tackle all the flavors of Remote Access for your Mac. It’s a must-have resource for Road Warriors and anyone using their Mac as a server of almost any kind. There are dozens of great remote access tools available but, in the interest of not putting everyone to sleep at once, we’ll focus on some of the built-in (i.e. free) tools, the best of the open source tools (i.e. free), and a couple of the more popular commercial products. The prerequisites for all of these tools are having an always-on Internet connection and having an always-on Mac. And sleep mode doesn’t qualify as ON insofar as remote access is concerned.
There are two types of remote access tools in my book: safe and dangerous. Safe in this context means the connection between you (wherever you are) and your Mac server is always encrypted so that others can’t intercept your password or data. Dangerous means everything else such as FTP. We’re only going to discuss safe remote access tools, and I’d urge you to think twice about enabling or using anything else. Once someone intercepts your unencrypted password, they basically own your Mac and all the data that’s stored on it. So ask yourself if that’s a risk you are willing to take. And I think you’ll probably come to the same conclusion we have: Just Say No.
If you’ve been following our advice, then there is a hardware-based firewall of some variety between your Mac server and the Internet. And your Mac has its built-in firewall enabled as well. Before remote access will work, you’ll need to open the SSH (secure shell) port (22) by accessing the Sharing Folder under System Preferences. Just check the Remote Login box to enable other computers to access your Mac using SSH. You’ll also need to create a rule in your hardware-based firewall that passes Port 22 traffic to the IP address of your Mac. If you don’t know what your Mac’s Internet address is, just click here using a web browser on the Mac in question.
Once you have enabled Remote Login, your Mac automatically starts three UNIX servers: SSH for remotely logging in to your machine, SCP for remotely copying files to/from your machine, and SFTP which is functionally identical to a traditional FTP server except the connection is secure. With SSH, the simplest way to access your server from another machine is to open a Terminal window, switch to root access (sudo su), and then open an SSH session: ssh 111.111.111.111 where the IP address is the actual IP address of your server. If you’re inside the hardware firewall with your server, then you can use your internal IP address as well. Unless you’ve installed a security certificate on your Mac (which really isn’t necessary since an unregistered one will be generated automatically), you will be warned that the authenticity of your server cannot be established. Just type yes to proceed, and then enter your root password. Once you’re connected to your server, you can do anything you could do from a Terminal window sitting at your machine. Type man scp for a tutorial on how to use the secure copy program. q gets you out. When you are finished with your SSH session, type exit to logout.
Secure FTP works similarly. You login by typing: sftp username@111.111.111.111 where username is an actual account on your server and the IP address is your server’s actual IP address. After typing your password, you will be presented with the sftp> prompt. Type ? to see the list of possible commands. When you are finished with your SFTP session, type exit to logout. If you only need to copy files back and forth to your Mac server, this is probably the easiest and simplest method to use. And it’s free.
If your primary remote access requirement is to copy files between your Mac and a remote machine but you prefer the ease of use of a Mac OS X Aqua interface, then there is no finer program than Transmit (see inset). While it’s not free, $30 won’t break the bank for most folks, and you’ll be getting the top of the line FTP and SFTP product available in the Mac marketplace. If, down the road, you decide to use a web hosting facility for your web site(s), Transmit is the one tool you simply cannot live without. Copying files is as simple as dragging and dropping them into a Transmit window. If you can’t tell, we use Transmit ourselves for managing web sites and have for many years. You won’t be disappointed.
There’s another type of Remote Access program. The applications in this group are designed to let you remotely display and control the desktop of your Mac. In other words, what you see is the same thing someone sitting in front of your Mac server would see … only slower. For some, this is an essential component of remote access. For others, it’s a big waste of computing and bandwidth resources. Just be forewarned that Remote Control software is not perfect and is resource intensive, and you won’t be disappointed if you have a fast broadband connection in both directions on both machines. Keep in mind that a typical Mac display these days exceeds 700,000 pixels with millions of colors, and it will give you some idea of the amount of data which must be transmitted just to replicate a single static screen. And that’s before you ever move your mouse! Yes, there are compression techniques and shortcuts that the various applications use to reduce the size of the screen transmissions, but it still is a bandwidth intensive operation because of the screen sizes and resolutions of today’s monitors. Apple makes a perfectly acceptable commercial application to handle remote control called Apple Remote Desktop 2. And, if money is no object or for large organizations, it is a perfectly acceptable solution for remote control. You should be aware, however, that half of the Apple remote control package is available at no cost to users of Mac OS X v10.3. That half is now standards-based and, because it’s free, we’re going to take advantage of it today. Standards-based means that it is compatible with every VNC client for virtually every computing platform in the world, all the way down to cellphones and PDAs if you can stand the performance. The other half (purchased from Apple) will set you back $299 for 10 clients or $499 for unlimited clients. The good news is you don’t need the costly half because there is a standards-based product for Macs which works well and is only getting better. Finally, be aware that this remote control solution is not encrypted meaning that it is possible (theoretically at least) for someone at your ISP’s router to intercept the data. With built-in compression, the data stream still would pretty much be gibberish, but at least it is something you should be aware of. See the comments to this article for an approach that uses an SSH tunnel.
So our remote control approach will be to download and install the latest version of the Apple VNC client. And then we’ll download the standards-based Chicken of the VNC to handle access to the remote desktop. And, as we mentioned, any standard VNC product can be used to connect to the Apple VNC desktop once we get it upgraded to version 2.1. You can read all about the history of Bell Labs VNC software and all of its supported platforms here. Finally, a word about nomenclature. The piece of software residing on the host machine always has been called the VNC Server until Apple came along and named theirs the Remote Desktop Client. The piece of software on the traveling machine that is used to connect back to your host or home base has always been called the VNC Client except Apple calls theirs the Apple Remote Desktop. Sounds confusing? You bet. For our purposes, we’ll refer to the Host Machine (meaning your home base host) and the Remote Machine (meaning the computer from which you are making the connection to your host machine). Whew!
Now, let’s upgrade the software on your Host Machine to make sure the standards-based remote access products will work. Just download and install the Apple Remote Desktop Client 2.1 from here. When you complete the installation, you will need to enable Apple Remote Desktop under the Services tab in the Sharing folder of System Preferences. Then click on the Access Privileges button, choose a user account, make sure all the boxes in the right column are checked, and check the "VNC viewers may control screen with password" option. Enter a password that you will use for remote access. Leave the "guests may request access" option unchecked, or you’ll have to have someone sitting at your host machine to grant access. Click the OK button to save your changes. Next, you need to open the firewall ports on your Mac and your hardware-based firewall to support remote access. Click on the Firewall tab. Then click the New button. Choose VNC (5900-5902) from the pull-down list. If it will only be you connecting to your host machine, then you only need to open port 5900 on your hardware-based firewall and point it to the internal IP address of your host machine. That completes the Host machine installation and setup for remote control.
Now let’s do the other half: the traveling or remote machine software, aka the VNC client. To test this, you’re going to need a second computer (not necessarily a Mac). It’s helpful to have a second computer inside your hardware-based firewall so we can get the kinks out before you try this on the road. If your second machine is also a Mac, then the software you need is Chicken of the VNC (get it?). Download the 2.0b2 version from a SourceForge mirror site to your Desktop. Once it is installed on your Desktop, drag the icon to your Applications folder. Double-click on the icon to start the application. The VNC Login screen will appear. Fill in the IP address of your Host machine and the password you assigned when we enabled the Apple Remote Desktop. The Shared Display checkbox lets more than one person connect to the same Host at the same time so long as you use different ports. Port 0 uses 5900, port 1 uses 5901, etc. The ports have to be open and pointed to your host on your hardware-based firewall. For now, you can leave Shared Display unchecked and make sure the Port is set to 0. Leave the Default Profile setting as is and decide whether you want to save your password in your keychain. That’s all there is to it. Click the Connect button and the screen of your Host machine should miraculously appear. You can toggle the Host machine display between a window and full-screen by pressing Command-Option-Control-`. To disconnect, just close the Host machine display window or choose Connection, Close Window from the title bar menus.
For additional assistance and terrific web-based documentation, just click on Help while the program is running. To keep up with the latest developments of Chicken of the VNC, visit MacUpdate. If you need VNC software for other platforms, Real VNC has the latest versions and AT&T’s VNC archive is another worthwhile site although it now is over five years old. VNC clients also are available for Palm devices and Treo smartphones as well as Pocket PCs and compatible smartphones. Enjoy!
ISP-In-A-Box: The $500 Mac mini (Chapter XIII, Crontab Scheduling)
Well, our plan for today was to get down in the weeds of BSD and actually show you how to wrestle with crontabs to schedule tasks on your Mac or Mac mini. But, as luck would have it, our friends at iMagicWeb had a better solution that they wrote us about. So let’s shift gears and wrestle with crontab in the least painless way possible … which is to use a terrific piece of free software called CronniX. It was written specifically to manage cron jobs using the traditional Mac OS X Aqua interface. Before we get to CronniX, let’s briefly address what crontab is and what it does for you. Think of crontab as the ultimate scheduler. It can run almost any BSD application, script, or command as well as any Mac OS X application or Applescript at any time or combination of times that you care to dream up. Stated another way, you use crontab to schedule background jobs, i.e. tasks that you want your computer to execute without bothering you or your computer’s display. We already are using cron jobs to handle our Email Reminders, and our Webalizer statistics, and our daily Web Calendars. But we’ve barely scratched the surface of the possibilities. Later this week we’ll add automatic backups of your main hard drive to any external USB or firewire hard disk. And there will be specific tasks that you come up with where a cron job is the obvious solution.
There are three main things you do with cron jobs: you create them, you change them, and you delete them. To change or delete an existing job, just highlight the job and click Edit or Delete. To create a new entry, you need to be aware that cron jobs can be run as any user including the root user, and they inherit the privileges of that user. The moral here is, for security’s sake and the overall health of your system, don’t run jobs as the root user unless you have to. In creating cron jobs, you can schedule them to run at a particular time or times or at timed intervals, e.g. every 15 minutes. And you can schedule cron jobs to only run on a certain day of the week or month or on an assortment of days chosen by you. You can also quickly bring your server to its knees by running disk-intensive cron jobs every minute of every hour of every day of the year. The choice is yours. Aside from not running cron jobs as root unless you have to, the only other bit of advice I would offer is this. Test whatever you plan to schedule as a background job in the foreground first. When run as a foreground task (i.e. from a Terminal window), you can watch it to make certain it does what you wanted it to do. If it doesn’t, you can kill the job by pressing Ctrl-C. It is extremely difficult to diagnose scripting bugs in applications you have running in the background particularly when all you hear is your hard disk beating its brains out. Before you can kill a background job, it usually has plenty of opportunity to wreak enormous havoc on your computer. Having said all that, what makes the Mac such an incredibly powerful server platform is due at least in part to the almost limitless capacity to schedule and execute background tasks of every variety imaginable.
Up to now we’ve been setting up cron jobs using Webmin which is every bit as efficient as swatting a fly with a sledge hammer. For one thing, you have to crank up the Webmin server just to be able to access Webmin using a web browser. For some tasks, this is a great approach. But for scheduling cron jobs, it’s a little silly. So, as I mentioned, our original plan for today was to cover the intricate details of using crontab and managing cron jobs from the Terminal command prompt. Lo and behold, it turns out there is a terrific little Mac OS X application called CronniX which makes the drudgery of crontabs all but disappear. As mentioned, the application is free although the author does accept donations. His web site is http://h5197.serverkompetenz.net/cronnix/. So go to the site, click on the download link and download the latest and greatest version (3.0b3.dmg). It will decompress into a folder on your desktop. Open the folder and drag the CronniX application to your Applications folder.
When you start up CronniX, it will default to the crontab for your current login ID. You can switch crontabs by pressing Command-O and entering the desired username including root and system. Existing crontab entries will be displayed for the username selected. An asterisk (*) in crontab lingo means all while an asterisk followed by a slash and a number means every so many minutes or hours or days. For example, */15 in the minutes column would mean every 15 minutes while */4 in the hours column would mean every 4 hours. To create a new crontab entry, you simply click the New button and fill in the blanks. Checking the checkbox beside a field sets that field to * or all. The syntax for commands is exactly what you would type in a Terminal window to execute the command. And, for Mac OS X applications, you can execute them by checking "Prepend /usr/bin/open" and then clicking the Browse button and choosing the desired Application. Once you’ve made your entry, click on the Save button to actually post your new entries to the selected crontab. Then press Command-Q to close CronniX. It’s as simple as that.
Free Asterisk Solutions