Home » Technology » Apple & Macs (Page 3)

Category Archives: Apple & Macs

The Most Versatile VoIP Provider: FREE PORTING

Apple’s iPhone: Free At Last!

We raved about the iPhone when it was first released. And today we wanted to give you a brief update because of some very good news. Other than the cost which now has been addressed, the two serious shortcomings that we’ve seen with the iPhone both centered around Apple’s decision to lock the platform. This led to two major drawbacks. First, it forced at least those in the U.S. to use AT&T for wireless service. To say they are a dreadful provider just really doesn’t cover it. For any of you that hated Sprint three years ago and left, guess what? All those people you hated seem to have moved to AT&T… with reinforcements. The good news is that Sprint now has some of the most courteous, helpful staff of any provider in the industry. Go figure?

WARNING: Do not attempt any of the following if the firmware on your iPhone is 1.1.1 or higher. Read this forum for details.

The second major limitation was the inability to add any applications other than Apple’s to the iPhone. Yes, you can do instant messaging through some stranger’s web site with your web browser if you don’t mind sharing your usernames and passwords with folks you don’t know. We can’t wait for the online banking scams. Can’t you see it now? Log into your favorite bank through our site, and you can transfer funds (to us!) quicker than we can say Ka-ching! Sorry, but Web 2.0 is an absolutely lousy platform for any application that collects or uses personal information. The intermediate web site operator can harvest every piece of information you type. Yes, you should make certain that you trust the provider before using their site. Try telling that to a bunch of teenagers that miss their free instant messaging.

So, where were we? All of the above has changed in the last couple weeks, and today we’ll walk you through how to easily unlock your iPhone in about 5-10 minutes to take advantage of the changes. Once you do this, you’ll be in your own iPhone Orbit which means no more Apple updates to the iPhone unless you’re willing to completely wipe everything off your phone and start over. This isn’t as big a deal as it sounds since most of your stuff (photos, address book, and music) is stored in iTunes anyway. What will you have when you’re finished? A perfect iPhone! You can add your own applications in seconds. And there are close to a hundred apps already. And you can use any SIM card you like. So, when you travel out of the country, you can purchase an El Cheapo SIM card in Mexico and have a functioning, low cost iPhone.

Unlocking Your iPhone. Let’s start with the obvious. Make certain you have a properly functioning, up to date iPhone before you begin. If you haven’t upgraded your firmware to 1.0.2 using iTunes, do that first and be sure everything is still chugging along before attempting to unlock the phone. And, of course, the obligatory warnings. YOU’RE DOING ALL OF WHAT FOLLOWS AT YOUR OWN RISK. Read the whole article first and be sure you appreciate the risks AND you’re comfortable performing all of the steps. If you’re not willing to assume the risk that accompanies living on the Bleeding Edge, then leave your iPhone alone and wait for Apple to release 1.0.3 or whatever.

The Mac Solution. If you happen to live in a household with both Macs and PCs, then you can perform this magic just as we did. The Mac needs to be running Tiger. The PC needs Windows XP with SP2 although Vista reportedly works as well. We didn’t try Vista! For Mac users, the easiest process is to follow this guide. First, download and install iNdependence 1.1.1 on your Mac, not the newer version. Next, download the 91MB iPhone 1.0.2 restore files and put the decompressed folder where you can find it. Plug your iPhone into your Mac and shut down iTunes if it autostarts. Kill the iTunes Helper app using Activity Monitor. Then load iNdependence. Click the Jailbreak tab and then the Perform Jailbreak button. Using the Finder dialog box, find the folder location where you stored the 1.0.2 restore files and click Open. Now, for the tricky part. Step 6 involves holding down the Home and Sleep buttons on your iPhone until you see the spinning pizza wheel. This occurs shortly after the iPhone begins its reboot. Release the buttons immediately. If your iPhone reboots normally (as ours did on the first try), you waited too long. Just repeat the steps again and work on your timing. When you do it correctly, you’ll see a pretty picture of a jail cell. When the Jailbreak is completed, iNdependence will return to its native state. Click on the SSH tab and then the Install SSH/SFTP/SCP button. Once you get the Jailbreak success message, do a special reboot of your iPhone by holding Home + Sleep buttons down for 3 seconds. Then power off your iPhone in the standard way. Now Power On your iPhone and wait while the software is loaded. When it finishes, do another special reboot as above. And you’re done. Skip the Return to Jail step for now.

Changing the Root Password on Your iPhone. A special word of caution is in order here. The root password for your iPhone is dottie. Just about everyone in the world knows that now. With SSH and SFTP now installed on your iPhone, anybody that deciphers your IP address can log into your iPhone unless the password is changed. Hmmm. The bad news. The passwd app is NOT loaded on the iPhone, and we have yet to find a trustworthy copy of it. If you don’t change the root password on your phone, anyone at any Starbucks has a good shot at trashing your phone. All they need is your IP address: ssh -l root For the time being, the easiest way to make the change is first to generate a new password file at this web site. Once you have the text file in hand, hop on over to this site and follow the instructions to update the /etc/master.passwd file on your iPhone.

The Windows Approach. You no longer need a Mac to perform the jailbreak. Reportedly, iBrickr can do the same thing. Just watch the video on the IBrickr web site for details on the jailbreak process. There’s also a Mac-compatible version called Breezy which we haven’t tried. We’re going to use iBrickr for a different purpose, however. It’s become the very best tool for loading custom applications onto your jailbreaked iPhone. You also can use it to load custom ringtones and wallpaper. Download and store iBrickr 0.8 on your Windows PC. Once downloaded, plug in your iPhone and click on the folder location where you unzipped the iBrickr files and double-click ibrickr.exe to run the application.

iBrickr installs files in the PXL image format. There’s a pxl installer on the iPhone that does all the dirty work so all you have to do is find the application you want with a PXL installer. You’ll find about about 50 of them on Nate True’s site or the mirror site, and there’s a growing collection on this Google Code site. So download your favorites into a folder on your PC.

Installing Applications with iBrickr. To install the applications, run the iBricker.exe program while your iPhone is connected to your PC and choose Applications. Then click Install from PXL file. Click on the application desired and wait for your phone to beep after a software refresh. It’s about a 30-second exercise for most applications. The new application will appear in the bottom row of the SpringBoard. Keep in mind that there’s only room for four more applications on the iPhone SpringBoard. If you want more than that, install the Launcher application as one of your first four choices or load the SpringBoard rearranger.

Unlocking the AT&T SIM. Thousands of articles have already been written about this. The price went from $100 to $0 in less than a day. Now you can simply install the anySIM 1.01 PXL image and run it to switch SIM chips on your phone. Be sure to first consult their web site for late-breaking announcements. Enjoy!

Some Recent Nerd Vittles Articles of Interest…

Introducing Version 3 of the Plug-and-Play Asterisk IP PBX for the Intel Mac

NOTE: The system referenced in this article is no longer supported by Nerd Vittles as this version of Asterisk® has been phased out. For the latest and greatest, please consider our new PBX in a Flash offering.

We don’t usually write about stuff we haven’t personally tested, but we’re making a partial exception today because we don’t (yet) own an Intel Mac. Donations, anyone? Where were we? Thanks to the work of literally hundreds of developers, there is a terrific Asterisk IP PBX with an incredible array of additional bells and whistles. That product which we have tested extensively is TrixBox 1.2.3. It’s so good, in fact, that we chose it as the base system for all of the Nerd Vittles applications that we write about each week. For Halloween last year, we introduced Version 3 of our Plug-and-Play Asterisk IP PBX for Windows. Then a week later, we showed how to take a standard install of TrixBox 1.2.3 on Linux and NerdVittlize it into the equivalent of our version 3 build for Windows. When you were finished, you had a secure, turnkey Asterisk IP PBX with all of the Nerd Vittles software collection and virtually every mission-critical add-on anyone could ever dream of for a phone system: freePBX, an Apache web server, a SendMail server, PHP, MySQL, WebMin, SugarCRM contact management, FTP and SSH support, Perl, integrated fax-to-email support, calling card billing, and more. And it all runs quite peacefully in a CentOS 4.4 Linux wrapper on either a dedicated Linux machine or on your Windows Desktop.

What was missing unfortunately was a way to run this same system on a Mac. Yes, there’s an Asterisk implementation on the Mac platform. But it’s downright primitive compared with the systems we’ve been writing about for the last 18 months. So today we have not one but two special treats for the Mac enthusiasts of the world. First, it’s now possible to run our standard Version 3 system using the new VMware beta for the Intel Mac. You can download it here (561MB). You’ll also need to install the VMware Fusion beta software on your Intel Mac. Just fill out this form and then download the software. At least the beta is free, and the clients have remained free on other platforms.

Thanks to one of our great contributors, Gillam Hall, there’s now another alternative: a Parallels Desktop image of our Version 3 Asterisk system. You’ll first need to purchase and install Parallels Desktop on your Intel Mac. Parallels Desktop requires Mac OS X 10.4.6 or later. Then you can download the Parallels Desktop image of Version 3 here (535MB).

After installing either VMware Fusion or Parallels Desktop on your Mac, all you need to do is download either our standard VMware Version 3 Build or the new Parallels Version 3 .tar.gz Build, decompress the archived file, and run it in a VMware or Parallels window on your Mac Desktop. Once you get it running, hop over to our Version 3 tutorial for Windows and configure your system. To maximize performance, make sure you also apply the tweaks covered in the Comments to that tutorial. The total setup time is about 30 minutes once you have the download in hand. Enjoy!

What To Do Next. Once your new PBX is humming away, here are the next steps. First, you’ll want to upgrade freePBX to version 2.2.x. The tutorial to walk you through the drill can be found here. Last but not least, you’ll want to apply the latest Asterisk security patches to prevent a denial of service attack on your system. The tutorial for that can be found here.

Securing AsteriDex. Because of a security vulnerability in our very own AsteriDex, you’ll need to download and install this simple patch as well. Log into your Asterisk server as root and issue the following commands:

cd /var/www/html/asteridex
rm -f callboth.php
wget http://nerdvittles.com/trixbox11/callboth.zip
unzip callboth.zip
rm -f callboth.zip
chown asterisk:asterisk callboth.php
chmod 775 callboth.php

Adding an iTunes Telephone Controller to Your Asterisk PBX

If you're as lazy as the rest of us, then getting up to change what's playing on iTunes or to adjust the volume is just too much like work especially if you've installed one of our PBX-in-a-Flash™ Asterisk® systems on either a dedicated Linux machine or your Windows Desktop. For long-time readers of Nerd Vittles, you may recall that we covered how to build a streaming audio server using iTunes last year. So today we add the missing piece which will let you change songs, adjust the volume, and pause and restart iTunes using any touchtone phone connected to your Asterisk or TrixBox system. Special thanks to jpe for figuring all of this out and to Acme Technologies and to David Schlosnagle for their work on the iTunes Command Line Interface.

Overview. To get things working, there are just a few, easy steps. First, you'll need a Mac running the Panther or Tiger versions of Mac OS X. Next, you'll need to download and install the iTunes Command Line Interface. Then you'll need a rock-solid Asterisk system. We recommend TrixBox 1.2.3 which you can install using our tutorial and installation scripts above. Finally, we'll add a voice prompt and tweak the dialplan a bit using freePBX to handle the telephony interface to iTunes. And, presto, you're done.

Installing the iTunes CLI. We're assuming you've already got a Mac up and running with the required version of Mac OS X. If not, start there. Then download the iTunes Command Line Interface onto your Mac Desktop. Unless you've secured Safari, it will decompress the downloaded file automatically leaving you an iTunes Remote Control folder on your Desktop. If it doesn't automatically decompress the .sit file, then just double-click on it. Now open a Terminal window and switch to root access using your Mac password: sudo su. Then execute the following commands:

cd Desktop
cd "iTunes Remote Control"
cp itunes /bin/itunes
chmod +x /bin/itunes
itunes play
itunes play

The ifconfig command lets you decipher the private IP address of your Mac. Write down the inet address for the network interface you're using to connect your Mac to your private network (usually found in the listing for en0 or en1). To complete the installation on the Asterisk box, you'll also need to know a username and password for your Mac. If you don't know, you can find all your Mac usernames by changing to the /Users folder and typing ls. The last two commands should crank up iTunes on your Mac Desktop and begin playing whatever the last song or podcast you listened to. If everything's working, you can close the Terminal window on your Mac. We're done with the Mac part of the drill.

Password-Free SSH Access. As with our Proximity Detection System and Backup tutorials, we want to use SSH to communicate between the Asterisk system and iTunes on your Mac. As you know, SSH typically prompts for a password when you connect to a remote resource. So here's the trick if you haven't read our previous articles. Log into your Asterisk system as root. Because the Asterisk system will actually be the actual user connecting with SSH, we need to switch from the root user to the asterisk user account to get things set up correctly: su asterisk. Then, from the command prompt, issue the following command: ssh-keygen -t rsa. Press the enter key three times. You should see something similar to the following. The file name and location in bold below is the information we need:

Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/asterisk/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/asterisk/.ssh/id_rsa.
Your public key has been saved in /var/lib/asterisk/.ssh/id_rsa.pub.
The key fingerprint is:
1d:3c:14:23:d8:7b:57:d2:cd:18:70:80:0f:9b:b5:92 asterisk@asterisk1.local

Now we want to copy the public key file (in bold above) to your Mac from your Asterisk system using SCP. The command should look like the following (except use the private IP address of your Mac instead of and use your Mac username instead of the two instances of username below). Provide the Mac password for the username you've chosen when prompted to do so.

scp /var/lib/asterisk/.ssh/id_rsa.pub username@

Once the file has been copied, you now should be able to log into your Mac from your Asterisk system using SSH without being prompted for a password. Let's try it. Here's the command. Just substitute your username and the IP address of your Mac below:

ssh username@

You should be admitted without entering a password. Type exit twice to log out of your Asterisk system and to log out as user asterisk. If it didn't work, repeat the drill or read the complete article and find where you made a mistake.

Modifying Your Dialplan to Support the iTunes CLI. Now we're ready to cut and paste some code. Connect to your Asterisk system using your web browser by pointing to the internal IP address of your server: Choose System Administration and log in with username maint and your password. Now choose Config Edit and click on extensions-trixbox.conf in the list of config files. When the editor opens, add the following lines in the [from-internal-trixbox] context of the file:

exten => 673,1,Answer ; Dial MP3 to manage iTunes
exten => 673,2,Wait(1)
exten => 673,3,DigitTimeout(5)
exten => 673,4,ResponseTimeout(7)
exten => 673,5,Goto(itunes,s,1)

This will let you dial MP3 or 6-7-3 from any extension on your Asterisk system to manage iTunes on your Mac. While you're still editing extensions-trixbox.conf, scroll to the bottom of the file and add the following chunk of code:

exten => s,1,setvar(user=username)
exten => s,2,setvar(ituneshost=
exten => s,3,background(custom/itunes)
exten => s,4,background(beep)
exten => 1,1,system(ssh ${user}@${ituneshost} /bin/itunes mute)
exten => 1,2,goto(99,1)
exten => 2,1,system(ssh ${user}@${ituneshost} /bin/itunes pause)
exten => 2,2,goto(99,1)
exten => 3,1,system(ssh ${user}@${ituneshost} /bin/itunes unmute)
exten => 3,2,goto(99,1)
exten => 4,1,system(ssh ${user}@${ituneshost} /bin/itunes prev)
exten => 4,2,goto(99,1)
exten => 5,1,system(ssh ${user}@${ituneshost} /bin/itunes play)
exten => 5,2,goto(99,1)
exten => 6,1,system(ssh ${user}@${ituneshost} /bin/itunes next)
exten => 6,2,goto(99,1)
exten => 7,1,system(ssh ${user}@${ituneshost} /bin/itunes vol 25)
exten => 7,2,goto(99,1)
exten => 8,1,system(ssh ${user}@${ituneshost} /bin/itunes vol 50)
exten => 8,2,goto(99,1)
exten => 9,1,system(ssh ${user}@${ituneshost} /bin/itunes vol 100)
exten => 9,2,goto(99,1)
exten => 0,1,system(ssh ${user}@${ituneshost} /bin/itunes mute)
exten => 0,2,goto(99,1)
exten => *,1,system(ssh ${user}@${ituneshost} /bin/itunes vol down)
exten => *,2,goto(99,1)
exten => #,1,system(ssh ${user}@${ituneshost} /bin/itunes vol up)
exten => #,2,goto(99,1)
exten => 99,1,NoOp(${SYSTEMSTATUS})
exten => 99,2,GotoIf($["${SYSTEMSTATUS}" = "APPERROR"]?99,6)
exten => 99,3,background(num-was-successfully)
exten => 99,4,background(activated)
exten => 99,5,goto(s,4)
exten => 99,6,background(im-sorry)
exten => 99,7,background(an-error-has-occured)
exten => 99,8,wait(1)
exten => 99,9,background(goodbye)
exten => 99,10,Hangup
exten => t,1,goto(s,1)
exten => h,1,Hangup

Now move up to the first line of code (s,1) and change username to reflect the account name on your Mac that will be used to manage iTunes. It's got to be the same one that was used in the SSH keygen step above! Now move to the second line of code (s,2) and plug in the IP address of the Mac running iTunes. Save your changes by clicking the Update button. Close your browser, and don't worry about restarting Asterisk just yet because we have one final step to go.

Installing the iTunes CLI Voice Prompt. Just to give our new system a professional touch, let's add a custom voice prompt from Allison Smith to greet callers dialing MP3 on your system. Log into your Asterisk server as root and issue the following commands. The final one will restart Asterisk to load our dialplan updates from above.

cd /var/lib/asterisk/sounds/custom
wget http://nerdvittles.com/trixbox123/itunes.gsm
chown asterisk:asterisk itunes.gsm
amportal restart

Taking the iTunes Controller for a Spin. Now that the installation is complete, let's try it out. Make sure your Mac is turned on. Then pick up a telephone on your system and dial MP3. You'll be welcomed by Allison and prompted to enter a command. Using the commands shown on the adjacent keypad diagram, you can control virtually all aspects of iTunes. When you've finished entering commands, just hang up. It's that simple. If you happen to be streaming iTunes music to other desktops or your cellphone, then you'll really appreciate this addition to your Asterisk application software collection. Enjoy!

Nerd Vittles Demo Hot Line. You now can take a number of Nerd Vittles projects for a test drive... by phone! The current demos include NewsClips for Asterisk (latest news headlines in dozens of categories), MailCall for Asterisk with password 1111 (retrieve your email by phone), and Nerd Vittles Weather Forecasts by U.S. Airport Code. Just call our number (shown in the left margin) and take any or all of them for a spin. The sound quality may not be perfect due to performance limitations of our ancient Intel 386 demo machine. But the price is right.

Nerd Vittles Fan Club Map. Thanks for visiting! We hope you'll take a second and add yourself to our Frappr World Map compliments of Google. In making your entry, you can choose an icon: guy, gal, nerd, or geek. For those that don't know the difference in the last two, here's the best definition we've found: "a nerd is very similar to a geek, but with more RAM and a faster modem." We're always looking for the best BBQ joints on the planet. So, if you know of one, add it to the map while you're visiting as well.

Hosting Provider Special. Just an FYI that the Nerd Vittles hosting provider, BlueHost, has raised the bar again on hosting services. For $6.95 a month, you can host up to 6 domains with 50GB of disk storage and 999GB of monthly bandwidth. Free domain registration is included for as long as you have an account. That almost doubles last month's deal, and it really doesn't get any better than that. Their hosting services are flawless! We oughta know. We've tried the best of them. If you haven't tried a web hosting provider, there's never been a better time. Just use our link. You get a terrific hosting service, and we get a little lunch money.

Want More Projects? For a complete catalog of all our previous Asterisk projects, click here. For the most recent articles, click here and just scroll down the page.

Headline News for the Busy Executive and the Lazy Loafer. Get your Headline News the easy way: Planet Asterisk, Planet Gadget, Planet Mac, and Planet Daily. Quick read, no fluff.

Got a PDA or Web-Enabled Smartphone? Check out our new PDAweather.org site and get the latest weather updates and forecasts from the National Weather Service perfectly formatted for quick download and display on your favorite web-enabled PDA, cellphone, or Internet Tablet. And, of course, it's all FREE!

ISP-In-A-Box: The $500 Mac mini (Create Your Own Planet … Really!)

Today we're officially launching three new Planet sites for the universe to enjoy ... at least those with an Internet connection. For those unfamiliar with Planet, it's a terrific RSS news feed aggregrator which downloads news feeds published by web sites and aggregates their content into a single combined web page showing the collective feeds in chronological order, latest news first. Planet Mac collects news from two dozen of the most well-respected Mac sites on the web while Planet Gadget focuses on late-breaking news about all your favorite new toys collected from more than a dozen worldwide sites. And, last but not least, for all you Superman buffs: Planet Daily, a site with all the latest (real) news headlines from around the globe. There are loads of other planet sites of interest. A long list is available at Planet Planet, the mothership. And, yes, there's even a Planet Asterisk®. Finally, for those of you lucky enough to have a Nokia 770 Internet Tablet, you'll be happy to know that virtually all Planet sites are Nokia 770-friendly. In fact, hitting the 150% zoom key gives you a perfect Big-Type read with no horizontal scrolling, the way eBooks oughta be but usually aren't. If you missed our review, the Nokia 770 is the best $350 travel companion imaginable ... well, almost.

This is where most press releases end. But today we're going to show you how to build your own Planet: add a Mac, one Python, a feed parser, a templating engine, and a domain. Mix and serve. Presto! Your own new Planet is born. While this project will run on a Windows or Linux machine, it's much more fun to build and maintain it on a Mac ... because it's a 30-minute project! About half of our readers don't (yet) have a Mac. Too bad! But there's still hope. You really don't have to live with viruses, trojans, root kits, adware, and other secret back doors into your system unless you just enjoy pain. Anyway, there's never been a better time to try a Mac. Can you spell Intel R-O-C-K-E-T? Our tutorials will get you up and running in no time with your own web server, mail server, MySQL and PHP servers ... at no additional cost. Take it from a guy that lived and breathed PCs for over 20 years: Come on Over from the Dark Side. You'll never look back! We haven't, and the learning curve is virtually non-existent. </end of rant>

Now, where were we? For our own Planet sites, we're actually maintaining them on three iMacs (Mac minis work just as well), and then we're uploading content once an hour through a cron job to our redundant WestNIC-hosted Linux servers for all the world to see. It's called bandwidth, and you'll need plenty of it if you tackle a project such as those we've bitten off today. Of course WestNIC is practically giving bandwidth away at the moment: 500 gigs a month with 10 gigs of permanent (backed up!) storage for under $10 a month. Wow! We've used WestNIC for well over a year now, and it's been flawless. That's quite a contrast from our three previous hosting providers, all of whom served up a nightmare about once every three months. The $8.95 deal probably expires in the next couple days so HURRY if you're interested. That price is less than 10% of the going rate from most reputable providers for this much bandwidth.

Where to Begin. The real trick to making the Planet software work is getting the right Python engine installed on your system. While both Mac OS X Panther and Tiger come with Python preinstalled, it's unfortunately an older version which lacks support for python-bdb, the critical component to achieve liftoff with Planet. So download MacPython 2.4.1 from here. Once you've downloaded the software, just install it as you would any other Mac application. Can you say double-click? If you're running Tiger, you'll also want to apply the installer fix which is explained on the web site. Finally, grab the latest nightly build of Planet from here. Once the tar ball decompresses on your desktop, rename the folder to planet just to keep things simple. Because of some privileges issues, the easiest way to get things working is to give everyone full rights to this folder. Open a Terminal window, switch to root access, and set the rights substituting your account name on your Mac for mine (in bold):

sudo su
chmod 777 /users/wardmundy/desktop/planet

Be sure your Mac's web server is running (System Preferences->Sharing->Personal Web Server) and then create a web folder for your new Planet site using your account name, not root. Just issue this command:

mkdir /library/webserver/documents/planet

Configuring Planet. Before you can actually test things out, we need to do a little basic configuration magic with Planet. From your desktop, double-click the planet folder, then the examples folder, then the fancy folder. Now Ctrl-Click on config.ini and choose Open With ... TextEdit. You'll need to modify a few sections of code. Starting at the top, you'll see a section that looks like this:

# Every planet needs a [Planet] section
# name: Your planet's name
# link: Link to the main page
# owner_name: Your name
# owner_email: Your e-mail address
name = Planet Schmanet
link = http://planet.schmanet.janet/
owner_name = Janet
owner_email = janet@domainname

In the name field, give your planet a name. In the link field, insert the fully qualified domain name for your planet. Fill in your owner_name and owner-email address, and you're all set. Now move down the page to new_feed_items and change the 2 to something like 30. This sets the number of items your application will download from each RSS feed. You can adjust all of this later depending upon your subject matter. Continue moving down the page until you get to output_dir. Change the existing output entry to the address of your new web site directory on your Mac: /library/webserver/documents/planet. Leave the remaining settings alone at least until we get a successful first run.

The final step is setting up the actual RSS feeds which will be supported by your Planet application. Scroll further down the page until you get to the last section which starts like this:

name = Scott James Remnant
face = keybuk.png
# pick up the default facewidth and faceheight

name = Jeff Waugh
face = jdub.png
facewidth = 70
faceheight = 74

If you haven't done so already, now it's time to figure out what you want to cover in your Planet application. It could be subject matter oriented. If you need some ideas, just scan the RSS Feeds available from the Washington Post. Or you may choose just to collect your favorite RSS feeds into a Personal Planet. If you're addicted to your Nokia 770 like we are, trust us when we say you'll never touch another news reader after you see the zoomed text display of a Planet site on your Internet Tablet. Once you figure out your site's contents, write down the names of the sites and the addresses of the feeds. Then you simply replace the examples in the config file with your own selections. For example, a Nerd Vittles entry would look something like this. You'll note that we've commented out the optional "face" which is reserved for a picture of the blog owner. If you decide to use faces, you'd also want to uncomment the facewidth and faceheight lines and insert the correct dimensions for the picture to speed up loading of the web page.

name = Nerd Vittles
#face = nerd1.png
# pick up the default facewidth and faceheight
#facewidth = 62
#faceheight = 80

When you complete all of your RSS feed entries, press Command-S to save your config file changes to disk.

Setting Up the Web Site. We don't need to do much construction work on the Planet web site since the Planet application will handle the heavy-lifting for us. We do, however, need to copy a few things to the web site directory. So open your web site directory with Finder (DefaultDrive->library->webserver->documents->planet). Then open the planet folder on your Desktop in a second Finder window. Now copy the images folder from output to the open planet web folder. Also copy the planet.css style sheet to your planet web folder. If you have a favicon.ico file for your new web site, put it in there, too.

Modifying the Look and Feel of Your Site. Don't do it now, but make a mental note that you can customize your Planet site in any way you desire. Just be sure you make a backup of the web site template before you make improvements. The template is in the /examples/fancy folder and is named index.html.tmpl. You can edit the file with any text editor including TextEdit, pico, and nano. If you use pico or nano, be sure to start up the editor with -w to avoid unexpected line wrap problems.

Taking Your Planet for a Spin. Ready for a test run? Drop down to a Terminal windows again, and switch to root access (sudo su). Switch to the planet folder on your Desktop using your account name, not mine (replace all of the bold entries). And then give it a whirl:

cd /users/wardmundy/desktop/planet
/usr/local/bin/python /users/wardmundy/desktop/planet/planet.py /users/wardmundy/desktop/planet/examples/fancy/config.ini

You'll get some feedback that looks something like the following although you won't have any cached data on your first run:

INFO:planet.runner:Loading cached data
INFO:planet:Feed http://www.popgadget.net/index.xml unchanged
INFO:planet:Feed http://feeds.gawker.com/gizmodo/full unchanged
INFO:planet:Feed http://mundy.org/blog/wp-rss2.php unchanged
INFO:planet:Updating feed http://www.bradsdeals.com/rss.cfm?c=6
DEBUG:planet:Items in Feed: 20
INFO:planet:Feed http://feeds.feedburner.com/ubergizmo unchanged
INFO:planet:Updating feed http://www.woot.com/Blog/Rss.aspx
DEBUG:planet:Last Modified: 2006-01-27T17:15:41+00:00
DEBUG:planet:Items in Feed: 20
ERROR:planet:Error 404 while updating feed http://gizmonews.com/wp-rss2.php
INFO:planet:Updating feed http://www.engadget.com/rss.xml net:Items in Feed: 40
INFO:planet:Updating feed http://techbargains.com/rss.xml
DEBUG:planet:E-Tag: "4679fc226323c61:94c"
DEBUG:planet:Last Modified: 2006-01-27T17:00:12+00:00
DEBUG:planet:Items in Feed: 93
DEBUG:planet:Removed expired or replaced item http://www.techbargains.com/news_displayItem.cfm/57004
DEBUG:planet:Removed expired or replaced item http://www.techbargains.com/news_displayItem.cfm/56997
DEBUG:planet:Removed expired or replaced item http://www.techbargains.com/news_displayItem.cfm/56969

INFO:planet.runner:Processing template examples/fancy/index.html.tmpl
INFO:planet.runner:Writing /library/webserver/documents/planet/index.html
INFO:planet.runner:Processing template examples/atom.xml.tmpl
INFO:planet.runner:Writing /library/webserver/documents/planet/atom.xml
INFO:planet.runner:Processing template examples/rss20.xml.tmpl
INFO:planet.runner:Writing /library/webserver/documents/planet/rss20.xml
INFO:planet.runner:Processing template examples/rss10.xml.tmpl
INFO:planet.runner:Writing /library/webserver/documents/planet/rss10.xml
INFO:planet.runner:Processing template examples/opml.xml.tmpl
INFO:planet.runner:Writing /library/webserver/documents/planet/opml.xml
INFO:planet.runner:Processing template examples/foafroll.xml.tmpl
INFO:planet.runner:Writing /library/webserver/documents/planet/foafroll.xml

The object here is to get a clean run. The way to figure that out is to look in the first section above for lines that begin with the word "ERROR." These are processing errors in accessing the sites you specified for inclusion in your Planet site. What this usually means is that either a site you chose is down, or the address of the site is incorrect, or the format of the RSS feed is not yet supported by Planet. You won't find many of the latter since Planet supports most flavors of RSS feeds. In any case, these errors need your attention and should be fixed in or removed from your config file before you automate the data collection process. The second section of code above tells you whether Planet was successful in generating the documents for your web site. If you don't see errors here, then you should be able to access your site at http://localhost/planet/ using your favorite web browser.

Automating Your Planet Site. Once you get a successful run and get the errors resolved, you'll want to automate the data collection process. You don't want to have to manually run the planet python script every time you want to visit your web site. And, if you plan to offer the site to others, then it obviously needs to be kept current. Also, if you plan to publish your web site through a hosting provider or even .Mac, this also can be automated. First, you need a script. And then you need to tell your Mac to run it periodically by adding a crontab entry. Here's the runupdate script we use. And, yes, your Planet also produces RSS feeds which can be published by copying those files to your host provider as well as what's shown below. Look in /library/webserver/documents/planet for the names of the RSS feed files. To begin, create a text file in the planet folder on your Desktop and insert something like the following. Be sure to chmod 775 runupdate to make the script executable. And remember to always run your script as root, or it will fail. Don't run the script yet. We've got to move the planet folder on your Desktop first.

cd /users/wardmundy/planet
/usr/local/bin/python /users/wardmundy/planet/planet.py /users/wardmundy/planet/examples/fancy/config.ini
cd /library/webserver/documents/planet
/usr/bin/ftp -in <<EOF
open planetgadget.com
user username password
cd www
dele index.php
rename index.html index.php
put index.html

There are several potential gotcha's above. First, make sure you are positioned in the planet folder on your desktop before running the planet python script as root. Second, use your account name in the bolded entries on the second and third lines above, not mine. Third, make sure you are running the correct version of python to execute the script because there now are two versions on your Mac. Providing the extended name for python solves this. Fourth, insert the domain name of your host provider in lieu of planetgadget.com and provide the account name and password that you use to gain FTP access to your site. The www entry is the directory location of the web pages on our FTP site. YMMV!

Our hosting provider supports both .html and .php web pages so we perform a little magic here. Before uploading the updated web page (index.html), we first must delete the old one. But, when we do that, we run the risk that someone will hit the site at the moment the page is gone. This would result in a 404 error, and no web page. Not good!. So, what we do is rename the page to index.php after first deleting the old index.php file. Then, if someone hits the page during the update, they will get the index.php page which displays (when there is no index.html page). And it will look exactly like index.html since it has no embedded PHP code and, in fact, is the older version of the identical page.

The final step in automating updates of your Planet web site is to add a crontab entry on your Mac so that the above script runs periodically during the day and night. Before we do that, open a Finder window with the default folder for your accountname. Then drag the planet folder into this directory. Be careful not to accidentally drag the folder inside some other folder already stored in your accountname folder. Now open a Terminal session, switch to root user access (sudo su), and add the following line to the bottom of the system crontab file (pico -w /etc/crontab). Note that there should be a single tab between each of the seven entries below. Delete the intervening spaces! If it lines up with the other entries in your crontab file, you've done it correctly. Then save your changes: Ctrl-X, Y, then press Enter.

01 5-20 * * * root /users/wardmundy/planet/runupdate

Be sure to use your account name instead of mine. This crontab entry runs the script at one minute after the hour between the hours of 5 a.m. and 8 p.m. If you wanted the script to run hourly all day and night, replace 5-20 with an asterisk (*). If you wanted the script to run once every four hours, replace 5-20 with */4. If you only want the script to run at certain hours, just replace 5-20 with a list of the hours separated by commas with no spaces. Enjoy your new Planet!

Coming Attractions. Later this week we'll clue you in to the first (ever) Valentine's gift-with-a-plug for the Little Mrs. that won't get you killed. Caution: YMMV Then next week we'll be hot on the trail of the new, new, new Asterisk@Home release! Come join us. It's free.

Other Asterisk Projects? For a list of our previous Mac projects, click here. For a complete catalog of our previous Asterisk projects, click here. For the most recent articles including those you missed over the Christmas and New Year's holidays, click here and scroll down the page.

HOW-TO Bonanza: 50 Great Summertime Projects for You & Your Mac mini

Well, it’s that time of the year again. The Nerd Vittles staff will be taking a breather for a bit to recharge our batteries. But, in the finest college tradition, we’re leaving you lots of homework. Here’s a listing of what we’ve built thus far in our Mac mini ISP-In-A-Box project. So, while we’re taking it easy, pick out a few projects you haven’t tried and knock yourself out. Any Mac running at least Mac OS X v10.3 aka Panther is a suitable candidate for these projects. Many also have been tested with Tiger. Visit Tiger Vittles for the Tiger update notes to many of these tutorials. Also be sure to check out our WHERE-TO Bonanza: 50 Great Summertime Web Sites for You & Your Mac mini.
Mac mini

  • Apache Web Server
  • Email Servers: SMTP, POP3, and IMAP
  • MySQL Database Server
  • PHP and PhpMyAdmin
  • WebMin
  • The Webalizer
  • Web Calendars
  • Email Reminders
  • Crontab and CronniX
  • WordPress 1.5 Blog
  • TrixBox/Asterisk® VoIP PBX
  • A special welcome to Popular Science visitors
    And here are some of our other tutorials to keep you and your Mac mini busy:

  • Web Sites 101
  • Remote Access
  • P2P from A to Z
  • Network Security
  • Domain Names and ISPs
  • Skype = Free Phone Service and Mastering Internet Telephony: One SIP At A Time
  • And finally we and our friends at MacSurfer and Engadget and Gizmodo and MacOSXhints and MacDevCenter and Entropy. Give ’em a whirl!

  • WebDAV Server HOW-TO
  • WebDAV Clients HOW-TO
  • Managing Web Sites with WebDAV
  • Remote Mac Access with AFP and SSH
  • RSS Made Really, Really Simple
  • Backing Up Your Mac … for Free
  • Mac OS X Tiger Backups: The Good, The Bad, and The Ugly
  • Building a Data-Driven Web Site
  • Building a Streaming Audio Server
  • Web Hosting (Is Not) For Dummies
  • Hosting Multiple Web Sites and Domains
  • Creating a Secure (HTTPS) Mac OS X Web Server
  • Building A PureFTP Server … If You Must
  • Building a Home Automation Server
  • Building a Computer Telephony Server
  • Installing a Free Asterisk@Home PBX: Part I, II, III, IV, V
  • Mastering Internet Telephony: One SIP at a Time
  • Turning Your Mac mini Into a DVD Player Kiosk
  • HOW-TO: Turn your Mac mini into a media center
  • HOW-TO: Create Your Own Planet (aka Web Site of Your Favorite RSS Feeds)
  • CenterStage – The Mac Media Center Open Source Project
  • UStec Mac mini Home Media Server
  • Wiki Knowledge Base: Using a Mac mini as a Home Media Center
  • MacVroom – The Definitive Mac mini Car Integration Site
  • iDash: Mac mini for Your Car or Land Rover or Lexus or VW GTi or BMW or 3000GT or Prius
  • HOW-TO: Turn your Mac mini into a low-cost recording studio
  • Installing and Tuning Open Office on Mac OS X
  • Exploring the Mac OS X Firewall
  • 50 Ways To Get More From Your Mac mini
  • Last but not least, for PC users thinking about making the Switch to a Mac, read our article and this one. Then buy David Pogue’s book, and you’ll have everything you need. It really is a No Brainer!

    We’ve gotten lots of terrific feedback and some great tips from many of you since we first began putting this list together in early spring, but we’d love to hear from the shy types as well. What did you like? What can we improve? What can we cover which would be of interest to you in the coming months? If you have a favorite open source application or a must-have tool that we’ve overlooked thus far, don’t be timid. Drop us a note or just leave a comment below. We do this for fun, not as a business fortunately, but we strongly believe that Apple should be doing something similar as part of their business plan. We, their loyal customers, deserve nothing less. Thanks for visiting NerdVittles.com. And do tell your friends about us. Finally, take a look at our Tiger Vittles site for the latest happenings with Mac OS X Tiger.

    Who Is This Guy? Ward Mundy, the author of the ISP-In-A-Box series, is a retired attorney who spent more than 30 years providing legal and technology assistance to the federal courts in the United States.

    WHERE-TO Bonanza: 50 Great Summertime Web Sites for You & Your Mac mini

    Today we’re providing 50 of our favorite Mac mini resources on the web that will tell you anything and everything you ever wanted to know about Mac technology. There are sites for news, reviews, tutorials, tips and tricks, troubleshooting, blogs, forums, hacks, rumors, and loads of additional applications. So, while we’re taking it easy this summer, visit a few of the sites you haven’t already tried and learn something new. We’ll even wave to you from the beach. Any Mac running at least Mac OS X v10.3 aka Panther is a suitable candidate for taking advantage of most of these web sites. In case we missed a few, feel free to add your own favorites as comments. And, for the math geniuses, you’re right. The number of sites doesn’t quite add up to 50, but a few sites weren’t that great so we’ll leave it to you to figure out which ones shouldn’t be here. And be sure to check out our HOW-TO Bonanza: 50 Great Summertime Applications for You & Your Mac Mini.
    Mac mini

    Favorite Hacks

  • hack a day   HOW-TO Hacks to the Max
  • lifehack.org   Daily Productivity Pointers and Life Hacks
  • Favorite Tech Sites

  • O’Reilly Make:   Technology on Your Time
  • O’Reilly MacDevCenter   Mac Projects to the Max
  • Command-Tab   Technology and Mac Geekery
  • MacGuru HQ   Mac and Linux Tips, Tricks, and Secrets
  • Favorite Mac mini Sites

  • 123macmini.com   The granddaddy of the Mac mini sites
  • Modmini.com   Making the most of your Mac mini
  • BYODKM.net   Mac mini Enthusiast Network
  • HTmini   Mac mini Hardware News
  • Favorite Mac News Sites

  • MacSurfer’s Headlines News   If You Only Have Time To Check Out One Site, This Is It!
  • Mac News Network   Another Terrific Site for Mac News
  • Mac Mini News   All the Latest Mac Mini News
  • MacCentral   Great news and reviews from MacWorld
  • MacMiner   get deep. find news.
  • MacDailyNews   Apple and Mac news
  • Infinite Loop   Ars Technica’s Mac journal
  • trendalicious!   Another view of the del.icio.us bookmarking service
  • Other Mac News and Reviews

  • Applelinks   The Ultimate Mac Website
  • MacInTouch   Mac News and Information
  • MacMerc.com   Mac Articles and News
  • MacMegasite   Mac News from a Software Developer’s Perspective
  • Macsimum News   Mac Online Newspaper
  • MacSlash   Daily Dose of Mac News and Commentary
  • The Tao of Mac   Two parts genius, one part … well, you decide
  • Favorite Mac Applications

  • Mac OS X Apps   Mac Applications for Everyman … and Woman
  • Mac OS X Power Tools   Every Link from First and Second Editions
  • Favorite Mac Mags

  • MacAddict   A Better Machine, A Better Magazine
  • MacWorld   The Mac Product Experts
  • Popular Science   Great How-To article on the Mac mini
  • Favorite Mac Rumor and Gossip Sites

  • Apple Insider   News and Rumors
  • Mac Rumors   News and Rumors You Care About
  • Think Secret   Mac Insider News
  • Favorite Mac Weblogs

  • Technorati   Blog search engine
  • The Apple Blog   Everything Apple
  • The Unofficial Apple Weblog   A Little Bit of Everything Including A Chat Room
  • Daring Fireball   Mac Nerdery, etc.
  • Obvious Diversion   Mac Stuff That Makes You Think
  • Nerd Vittles   Just In Case You Share This List With A Friend
  • Favorite Mac mini Forums

  • Apple Discussion   Lots of stuff with lots of rules (registration required)
  • Macminiforums   #1 Resource for the Mac mini (registration required)
  • MacOSXhints Forum   Everything you ever wanted to know about Mac OS X
  • Favorite Mac Troubleshooting Sites

  • MacFixIt   Troubleshooting Solutions for the Mac
  • Accelerate Your Mac   Lots of great real-world tips
  • Tiger Hints   Solutions to just about any problem with Tiger
  • Favorite Mac Tutorials

  • MacZealots.com   Mac Tutorials and Reviews
  • Favorite Gadget Sites

  • Engadget   
  • Gizmodo   
  • Ubergizmo   
  • GadgetryBlog   
  • Akihabara News   
  • Popgadget   For Ladies Only
  • For The Other Side

  • For Windows XP Users   Still Using Win XP But Wanna Try the Mac OS X Experience for Free
  • When 50 Just Isn’t Enough

  • MacPiCkS   Every Mac resource on the web … except ours, but who cares
  • ISP-In-A-Box: Remotely Managing Your Mac Using AFP and SSH Tunnels

    We've been exploring remote access and remote management options for the Mac mini and other Macs running Mac OS X Panther or Tiger for several months, and today we'll turn our attention to another solution that is ideally suited for those with multiple Macs at different locations. Every copy of Mac OS X ships with client and server versions of the Apple File Protocol (AFP) over TCP/IP. Enabling the server is a one-click operation. Choose System Preferences->Sharing and put a check mark beside Personal File Sharing. Assuming you have enabled the Mac's built-in firewall (which we always recommend), this automatically opens ports 548 and 427. If you have a hardware-based firewall (which we also recommend), you'll need to open port 548 and point it to the internal IP address of your Mac. If you have two Macs with Internet connections at different locations, you'll need to do the same thing on the other end. To connect to a remote Mac, you'll need to know its IP address or fully qualified domain name. Using a web browser on the remote Mac, you can obtain the IP address of your Mac by clicking on this link.

    Once you enable Personal File Sharing and open the necessary ports in your firewalls, anyone can access and upload files to your Macs knowing nothing more than your IP address or fully-qualified domain name. Only those with actual user accounts can read and write files and execute programs on your remote Mac, and their access is restricted just as if they had logged in sitting at the desktop. The anonymous write access may or may not be what you had in mind. One very real risk of this design is that, given enough time, a malicious passer-by can flood your Mac with data and fill your entire hard disk with junk which will eventually crash the operating system since there will be no room for temporary files. If you couldn't already tell, this isn't our favorite Apple engineering design so here's how to fix it.

    As delivered from Apple, every user's account has a Public folder with a Drop Box subfolder. The owner-user has read-write-execute privileges. The owner's group and everyone else have write and execute privileges to the Drop Box folder. This means strangers can upload files but can't see what's been uploaded. To adjust this so that strangers have no access privilegs, open a Terminal window and switch to root privileges: sudo su. Switch to the directory which houses user accounts: cd /Users. Display a directory listing for this folder: ls -all. Then repeat the steps below for every user account on your Mac substituting the name of each user's file folder for thisuser:

  • chmod -R o-rwx thisuser/public
  • ls -dl thisuser/public
  • Make certain that the public directory listing in Step #2 begins with the following:


    There should be three trailing hyphens following the "x" and these are the important part. Don't worry if the rest of the rights don't match. Continue repeating the steps above until you've done it for every user account on your Mac. Forgetting just one means someone can fill your disk with garbage!

    Now that we've gotten the security housekeeping out of the way, we're ready to test your AFP access. This can be done from another Mac on your local area network or from a Mac elsewhere on the Internet. If you're trying it from your LAN, use the private IP address of the remote Mac (we'll call the Mac we're connecting to the AFP host or AFP server). If you're trying this from elsewhere on the Internet, use your AFP host's Internet IP address, the one you obtained in the first paragraph above. Now, click on your Desktop and press Command-K. For the server address, type afp:// substituting your AFP host's IP address, of course. Click the Connect button to make the AFP connection, and assuming you got the IP address typed correctly you will see an AFP login window which looks similar to the one shown in the inset to the left. Notice the Guest and Registered User options. Now you know why we did what we did above to disable Guest access. Technically, strangers still can connect. They just can't get to anything or do any damage. To see how this works, try Guest access to our beach house Mac by going to this address: afp://windswept.dyndns.org.

    For our purposes, you'll want to log in as a Registered User. So type your username and password just as you would sitting in front of your AFP Mac host. If you have Administrator rights, you'll be asked whether to mount your user directory or one of your mounted drives. Mounting the internal drive gives you access to everything on your Mac just as if you had logged in as the root user. You now can perform almost any task as if you were sitting in front of your remote Mac ... only slower. If you're using a modem, make that "painfully slower." If you have broadband connections at both ends of your AFP connection, you'll find AFP is perfectly acceptable for transferring files back and forth but probably not desirable for executing most applications, such as Word or iTunes. Another drawback of pure AFP is that data is sent in clear text and is unencrypted meaning all of the data including your account names and passwords are subject to compromise especially from a "Man in the Middle" attack. A good example would be a curious college geek managing the routers for your local Internet service provider.

    That brings us to the second half of this article which is how to use an encrypted SSH tunnel to protect your AFP sessions. In one of many great articles on the subject O'Reilly put it this way:

    A tunnel is a networking term with an appropriate name. It refers to a connection, usually encrypted, that connects two computers together across another, usually untrusted network. Picture a mountain of evil 3l33t d00dz sitting between your laptop and a server on your internal, protected network. You don't want to just throw your traffic really hard at the mountain and hope it gets there; you want to first form a protected tunnel from you to your machine, and then send the traffic through it.

    Without getting into too much detail, what we want to do is set up an encrypted tunnel using Mac OS X's SSH tools, and then we'll pass all of our AFP traffic through that tunnel to keep the bad guys from reading its contents. Once we finish our AFP session, we'll shut down the tunnel until we need it again. For this to work reliably, you'll need to set up identical user accounts with identical passwords on both the remote host and client machines, and these accounts should have administrator privileges. A user with admin privileges need not be logged in on the remote host to establish the tunnel successfully. On the remote host, you'll need to enable Remote Login by checking the appropriate box in System Preferences->Sharing. This will enable Port 22 traffic on your Mac firewall; however, you also will need to adjust your hardware-based firewall to route port 22 traffic to the internal IP address of your Mac. Now log in to your client Mac using the same account name with admin privileges that you established on your remote Mac. Open a Terminal window and type: ssh substituting the remote IP address of your remote Mac host. You'll be warned that this machine may not be who you think it is. Type Yes to proceed anyway. Type your admin password when prompted. Once the tunnel is established, you can shut it down by typing Exit. You now know how to establish an SSH tunnel and, once established, you can do anything on the remote Mac that you could do sitting in front of it with a Terminal window.

    But we want to tunnel our AFP session through the SSH tunnel. That gets a little trickier, and we've created yet another code snippet to save you a semester's worth of work trying to figure it out yourself. Nothing in this script is original incidentally. It merely combines various suggestions I've scoured from around the 'Net to save you a bunch of time. So download afptunnel.txt to your browser by Control-Clicking on it and choosing to open it in a new tab or window. Press Command-A and then Command-C to copy the contents of the snippet to your clipboard. Now open a Terminal window and create a new file: pico afptunnel. Once the Pico editor opens, press Command-V to copy the contents of the clipboard into the editor. Now search for "windswept": Ctrl-W,windswept,enter. With the cursor positioned over the w in windswept, use Ctrl-D to delete windswept.dyndns.org. Now type the fully qualified domain name or IP address of your remote Mac AFP host but make certain the line ends with a semicolon with no blank spaces between the address and the semicolon. Now save the file: Ctrl-X,Y,enter. Change the file attributes to support script execution: chmod 770 afptunnel. Now try out the script to connect from your local machine to your remote Mac host through an SSH tunnel: ./afptunnel. Type Yes if asked whether to trust the host. Provide your admin password when prompted. When the tunnel is established and the AFP connection is made, log in to the remote host using your remote account created earlier. Heed the Terminal window warning and leave the window open until you end your AFP session by dismounting your AFP drive. Then click in the Terminal window and press the ENTER key to close down your SSH tunnel. You're now an expert on AFP and SSH. Now you can securely connect to your remote Mac from any other Mac on the planet!

    Security Alert. Just a heads up that earlier this week Apple announced a security vulnerability in the AFP server for Mac OS X Tiger only. You can read all about it here. Before using AFP Server on a Tiger system with or without an SSH tunnel, you are well advised to download and install Security Update 2005-006 for Mac OS X 10.4.1.

    Other Mac Projects and HOW-TO's. We tackle a new open source project for the Mac almost every week on Nerd Vittles. You can review the complete list at any time by going here.

    ISP-In-A-Box: Hosting Multiple Web Sites And Domains On Your Mac

    Once you get a web site up and running on your Mac mini (or any other Mac running Mac OS X Panther or Tiger), you’ll probably get hooked and want to add additional web sites or domains. So today we’re going to give you a template that can be used to add additional sites to your heart’s content. In a previous article, we covered one approach to hosting multiple domains. In that scenario, we built separate web sites in the Sites folder for various user accounts on your Mac. Then using Omnis.com‘s DNS tools, we pointed different domains or subdomains to the appropriate web sites on your Mac using a Proxy (aka mod_proxy) record for the domain that looked like this (substituting your own IP address, of course):

  • Namewww
  • TypePROXY
  • Contenthttp://
  • That solution works; however, it forces you to log in as different users to manage the different web sites. Today’s approach assumes you want to manage multiple web sites from a single account on your Mac using the traditional web site folder heirarchy located at /Library/WebServer/Documents. Our site design for multiple web sites and multiple domains goes like this. We’ll create a websites folder below the /Library/WebServer/Documents folder. Then, for each new web site or domain, we’ll create a subfolder below the websites folder. We’ll leave the websites folder empty and adjust Apache to bar direct access to the contents of that folder. Then we’ll assign a TCP port for the new site and add the necessary code to support the new domain to the Apache config file, httpd.conf. Finally, we’ll point our domains to your Mac’s IP address using the proxy service of a domain registrar, restart Apache, and presto, you’ll be hosting multiple web sites from your Mac mini ISP-In-A-Box. One advantage of this design is that you still can remotely manage all of your web sites using a WebDAV client on almost any computer. We covered all of that here last week. We’re assuming you already have built your first web site using our Apache tutorials. If not, start here. Then go here and here. Then you’ll be ready to continue on with this tutorial. As with most of our articles, a degree in Rocket Science isn’t required, but you do have to use the Pico editor to make a few customizations to the Apache configuration files. For the Internet wizards reading this, you’re probably saying there’s an easier way to set up multiple web sites with Apache. Yes, there is. It just doesn’t seem to work in the Mac environment. If anyone comes up with a simpler method that works, do us all a favor and put it in a comment.

    Creating the First Web Site. Let’s begin by creating the folder that will house all of our new web sites. Open a Terminal window and switch to root access with your admin password: sudo su. Now move to the main web site folder: cd /Library/WebServer/Documents. Create the new websites folder: mkdir websites. Move to the websites folder: cd websites. Now create a directory to house our first new web site: mkdir mysite. For additional web sites, you’ll simply create additional folders below the websites folder as we just did.

    Modifying Apache to Support New Web Sites. Because of Apple’s configuration design, we’re going to configure our new web sites to use TCP ports in the eighties beginning with 81 rather than the default HTTP port, port 80. Remember not to use 82. We used that for our WebDAV server. So we’ll need to first edit httpd.conf in the /etc/httpd folder. Open a Terminal window and switch to root access: sudo su. Move to the Apache config directory: cd /etc/httpd. Make a duplicate of the httpd.conf file just in case something goes wrong: cp httpd.conf httpd.sav. Now carefully edit the Apache config file: pico httpd.conf. Switch back to your web browser and Ctrl-Click on the access.txt code snippet here and open it in a new tab or window in your web browser. Press Command-A then Command-C to copy the code snippet to your clipboard. Now switch back to your Terminal window and move to the bottom of the httpd.conf file by repeatedly pressing Ctrl-V. Copy the clipboard contents there by pressing Command-V.

    Now let’s look at what we pasted. The first three lines tell Apache not to display a directory listing of the websites folder if someone accesses your web site by typing: http://yourwebsite.com/websites/. The Listen 81 line tells Apache to listen on this TCP port as well as port 80. The VirtualHost _default_:81 line identifies the port which will be used to access this web site. The DocumentRoot and Directory lines tell Apache where the data for this web site is stored on your server: /Library/WebServer/Documents/websites/mysite. The allow from all line gives everyone access to this web site. And Options +Indexes tells Apache to display a directory listing of this folder if there is no index.html or index.php startup file in the folder. If you want to hide the directory if there is no startup file, change the plus sign to a minus sign.

    Now that you understand what the various lines in the config file do, let’s save the changes to httpd.conf: Ctrl-X,Y,enter. Now restart the Apache web server: apachectl restart.

    Firewall Adjustments. Remember to add a new port authorization in your Mac firewall to support port 81. Go to SystemPreferences->Sharing->Firewall and click the New button. Choose Other for the PortName, specify the desired TCP port number (81), and name the service HTTP81 so you can remember what it does. Click OK to save your update. Also make the necessary adjustment to your hardware based firewall to authorize the new port and point it to the internal IP address of your Mac. If your hardware firewall uses port 81 for remote access, be sure to change it to another port.

    Domain Registrar Adjustments. Finally, access your domain registrar’s web site (as previously noted, we recommend Omnis.com which supports proxy DNS entries) and, using the registrar’s DNS tools, add a proxy record to point your domain to the IP address and port 81 of your Mac web server: using your own IP address. You usually have to make two proxy record entries, one for @ and one for www if you want your web site accessible as either www.yourwebsite.com or yourwebsite.com. If you don’t know the IP address of your Mac web server, just access our IP site identifier using a web browser on your Mac web server, and it will tell you.

    Adding Additional Web Sites or Domains. When you’re ready to add additonal web sites or domains to your web server, just follow these simple steps. Add a new folder in the /Library/WebServer/Documents/websites folder. Add an additional Listen and VirtualHost block to your access.conf config file for each domain address which will be used to access the new web site. Be sure to change the access port to port 83 or higher and the web site directory location in every line that you added. Remember to use a different TCP port for each new domain you add. Restart your Apache web server. Make the necessary additions to your Mac and hardware-based firewalls to support the new port. Then add the proxy DNS entry for your new domain using your domain registrar’s proxy DNS tools. For a sample of what we just did using the mysite.webify.us subdomain, click here. Yes, we eat our own dog food.