Home » Technology (Page 99)

Category Archives: Technology

The Most Versatile VoIP Provider: FREE PORTING

ISP-In-A-Box: The $500 Mac mini (Chapter VIII, Going Live!)

It’s time to put the final piece in our puzzle and actually "Go Live" on the Internet with our ISP-In-A-Box. "We don’t have a web site yet," you might be saying. Actually, we do. Go to http://localhost, and you’ll see it. It just doesn’t do much. But we will fix that early next week. If you want a preview of the data-driven web site we plan to build on your computer next week using PHP and MySQL, just click on this link. Once it’s built, you can customize all of the web content for your site using PhpMyAdmin to edit a simple MySQL database. It’ll even support Google Ads (as shown in the sample) if you decide you want to get rich quick or you can paste your favorite family photo on the top of your web page, but we’re getting ahead of ourselves. Our task for today is to get you a fully-qualified domain name so that people can access your web site from the Internet without typing http://24.98.82.246 (or whatever IP address has been assigned to you by your ISP).

Prerequisites. In order to complete today’s tasks, you should already have bought your Mac mini and activated the Apache Web Server. Before you can build a data-driven web site next week, you’ll need to install MySQL and PHP. If you haven’t already gotten this far, consider this your Saturday Night homework assignment. The entire ISP-In-A-Box series is now available in PDF format for download here.

Deciphering Your IP Address. Before we can link a domain to your IP address, we first need to know your IP adddress. If you don’t know it, you can obtain it by going to http://mundy.org/ip.php from the web browser on your Mac mini on the network connection where you plan to run your web server. You’ll also need to know whether you have a static (stays the same) or dynamic (ever changing) IP address. Chances are it’s dynamic.

Choosing An Internet Service Provider. Most ISPs only provide dynamic addresses unless you pay an additional fee. For about the same money, you can obtain a full-service web hosting account. Can you use a dynamic IP address and still host a web site from your house? The answer is maybe. While still using dynamic IP addresses, many ISPs including many cable providers rarely change your IP address. My experience with both Time Warner and Comcast is that they force an IP address refresh about once every six months. If you use one of these providers, you’re in pretty good shape hosting a web site from your home. Fortunately, AT&T is out of the broadband business. For a time, they actually blocked incoming port 80 access to customers’ machines. However, there’s even a workaround for that problem now which we will get to. At the other extreme in the ISP world are PPPoE providers such as Earthlink which disconnect, reconnect, and change your IP address regularly during the day, if not the minute. These ISP’s are all but unusable for hosting a web site from your home. If you have service from one of the latter ISP varieties, you have two choices: use your ISP-In-A-Box as a staging server and purchase a web hosting account for your "live" web site or switch to a more accommodating Internet Service Provider.

Choosing a Domain Name. There are two approaches in selecting a domain name for your ISP-In-A-Box. First, you can select a name such as wmundyhome.dyndns.org which rides on someone else’s domain and provides dynamic updating of your IP address whenever your ISP changes it. Or, second, you can purchase any available domain you like (such as webify.us), and manage IP address changes yourself. Either approach works. The latter is obviously more personal and more professional. And, with the right ISP, the manual updates of your IP address are not that burdensome. The two examples I’ve provided actually both point to the same server in my basement which is connected to the Internet through a Comcast cable modem. There used to be a significant difference in the cost of the two options; however, that has all but gone away. The dyndns.org solution is free, and the personalized domain is now less than $10 per year from many sources.

Using DynDNS.org. If you opt to use dynamic IP address updating, you first will need to register at DynDNS.org and obtain a username and password. What we’re going to do in this scenario is link a dynamic IP address to a static hostname for your computer. There is no cost. Whenever your ISP changes your IP address, your router’s built-in update client will notify dyndns.org of the change (after you configure your router to do so), and the DNS table will be updated for all the world to see. Step 1 is to select a hostname for use with one of dyndns.org’s registered domains. There are several dozen domains from which to choose. Log in to your dyndns.org account, click on Dynamic DNS, and then choose Add a Host. Enter the hostname you wish to use (your name with no spaces usually works well) and select a domain from the pull-down list. Then enter the IP address of your Internet connection which you obtained earlier. You’re finished at dyndns.org, and your qualified domain name (joeschmo.homeip.net) should be accessible on the Internet within a few hours. Sometimes it takes a bit longer. This domain name will continue to find your web site until your ISP changes your IP address.

To find your web site after an IP address change, you either have to manually update the address on dyndns.org’s web site, or you have to configure an update client to do it for you. Most new hardware router/firewall’s have this capability built in, but you’ll need to configure it. In addition, there is a Mac application, DNSupdate, which can do it as well. We covered that in our first ISP-In-A-Box installment although I hope I’ve pursuaded you not to put all your security apples in one basket to save a measly $30.

To configure your router for dynamic IP address updating, open the router admin program using your web browser. Typically, there is a Dynamic DNS menu option. You then would specify www.dyndns.org as the provider and insert your fully-qualified domain name, username, and password just as you entered it on the dyndns.org web site. Save your changes, and you’re good to go.

Using Your Own Domain. Becoming the master of your own domain is not a big deal these days. What used to cost hundreds of dollars is now under $10 with lots of features that we just happen to need. To make sense out of this article, we really needed to set up a domain to play with so we could walk you through all of the steps. I’ve done that with webify.us, which now is pointing to a server in my basement that’s connected to a Comcast broadband Internet connection through a Netgear wireless firewall, router, and print server. Yes, we do eat our own dog food before offering it up to you. We’ve chosen Omnis.com as our domain registrar for two reasons: they’re dirt cheap ($7.95 per year for most domains) and they offer a great feature set (DNS Manager, URL forwarding, and proxy routing) at no additional cost for those that want to run a web server out of their own home. Are there other suitable providers? Absolutely. But you need one that provides the feature set I’ve described, and no one today is any cheaper than the one we’ve chosen. Register.com provides a similar service for only $35 a year or $19.99 a year for multiple years. So you do the math.

The first step is obviously to select a domain that no one else has already registered. Most registrars have a link on their site to let you test various domains until you find one that’s available. For our example, we chose webify.us. Pretty clever, huh? Once you select your available domain, the registrar’s web site will walk you through the registration process during which you will set up a username and password to manage your domain. Write it down, and don’t lose it! It is a huge hassle to prove who you are these days. Make certain that you choose to use the registrar’s name servers during the registration process. Once the registration process is completed, go do something for a couple hours while your account is being set up. Your domain may not actually be available on the Internet until tomorrow.

The second step is to log into your account at your domain registar’s web site. In the case of Omnis.com, you click on the Manage My Account tab on the main page. Once you’re logged in, click on the Manage DNS option. You’ll be warned that this is dangerous but continue on. Once you get to the DNS page, click on one of the little question mark icons and read about Proxy and URL record types. These aren’t really legitimate DNS record types. They are special routines to make it easy to point a domain at a home IP address or a non-standard HTTP port, i.e. not port 80. Remember, I told you about AT&T’s cute trick of blocking port 80 access. The proxy record would let you point your domain to a different port, e.g. port 81 and reconfigure Apache to host your web site from that port.

For our purposes today, we’re going to use a Proxy record to point our new domain to our home IP address. Move to the DNS Manager – New Record section of the web form and make two entries. For the first entry, insert just the values shown below in italics on the form (leave the other fields alone) and use your own home IP address in the Content. Then click the Add New Record button.

  • Namewww
  • TypePROXY
  • Contenthttp://111.111.111.111
  • For the second entry, insert just the values shown below in italics on the form (leave the other fields alone) and substitute your own home IP address in the Content. Then click the Add New Record button again.

  • Name@
  • TypePROXY
  • Contenthttp://111.111.111.111
  • Now all you need to do is wait (usually several hours but it can take a day) for the DNS information to propagate to the DNS name servers, and you should be able to reach your home web site using your new domain name from anywhere on the Internet. That’s all there is to it … until your ISP changes your IP address. When this happens, just log back in to your registrar’s web site and modify the two entries above to point to your new IP address. Within a few hours, you’ll be back in business. Join us next week and we’ll build a real data-driven web site on your Mac mini that you can fill with any web content you desire. Have a great weekend.

    ISP-In-A-Box: The $500 Mac mini (Chapter VII, Network Security)

    We’ve built enough pieces for our ISP-In-A-Box now to start thinking about network security because we’re just about ready to put our web site on the Internet for all the world to see. We still don’t have a web site, but we’ll get to that. If you want to see the data-driven web site we’re going to build, click here. You’ll be able to add all of your own personalized content in under an hour. Unlike Nerd Vittles, the sample data-driven web site is actually running in our basement using a garden-variety Comcast cable connection to the Internet. Tomorrow, we’ll talk about what you need to do to connect your ISP-In-A-Box to a domain name, and we’ll provide a couple different ways this can be approached. That pushes back our backup solution and actually building our data-driven web site until next week, but we’re getting there.

    In the meantime, we need to get our security ducks in a row to make sure that, when we do put up our web site, it remains our web site and not some cracker’s. It has been reported that the average survival time for a new machine placed on the Internet is about 16 minutes before it is compromised. Pity the poor Microsoft Windows XP souls that have a half day of security patches to download (with a broadband connection no less) before they are anywhere near secure … and those are just the security flaws that Microsoft knows about! The Mac World is a little different since Mac OS X was built on top of a secure operating system (as opposed to DOS). Even when there is a reported problem in the Mac world (like yesterday), it typically requires a creep to be sitting in front of your computer or somewhere on your local network to do much damage.

    Security Options. To avoid compromising your new Mac, you have two choices to secure your machine before connecting it to the Internet: (1) turn on the Mac firewall or (2) install and configure a hardware-based firewall between your Mac and the Internet connection. DO BOTH! If you haven’t implemented either of these safeguards and you already have connected your Mac to the Internet, the safest course probably is to reinstall Mac OS X on a reformatted drive. Promising to do better and be safe henceforth without starting fresh is about as effective as a vow of celibacy after a summer of one night stands. Having said that and given Mac OS X’s almost flawless securiity record, I’m not sure I’d go to the trouble unless you’re seeing weird behavior on your machine. A third option to enhance the security of your Mac and your web site is to block all ports with your firewalls and turn your web site over to a hosting provider with experts on staff who do this for a living. Web hosting services are incredibly cheap these days with multiple site hosting plans available for well under $10 a month. With this scenario, you’d use your Mac mini as a staging server to build and test web applications before uploading them to your provider. Read our article on the subject if you want to learn more.

    Mac OS X Firewall. Turning on the Mac firewall couldn’t be easier. Click on the Apple icon in the upper-left corner of your screen, and choose System Preferences. Click on the Sharing folder and then the Firewall tab. Click on the Start button to set your Firewall On. The check mark beside Personal Web Sharing should already be checked if you have activated Personal Web Sharing (your Apache Web Server) in the Services tab. If it’s not checked, activate Personal Web Sharing in the Services tab and then repeat the drill. What we have just done is invite bad people around the globe to attack your server on ports 80 and 427 using any Internet connection they can get their hands on. Think about it! And, make no mistake, bad people will attack your server … daily! But we have to leave port 80 open for HTTP traffic (to view your web site) and port 427 is used by Mac OS X to communicate with file and printer shares on IP networks. Does activating the Mac firewall with port 80 open mean your web site is secure? No. It just means that would-be crackers must use the HTTP protocol to attack your site instead of walking in through a more vulnerable back door port and seizing control of your entire machine. Once again now, does this firewall configuration protect you against attacks from really bad people? Repeat after me, "Absolutely not!" If you want to read a really horrifying account of how the Internet world works written by one of the leading technology experts in our country, read Steve Gibson’s gem, DrDOS. What else can be done? Keep reading!

    Hardware-based Firewalls. So-called hardware-based firewalls are now a dime a dozen, almost literally. YOU WOULD BE CRAZY TO SURF THE WEB (MUCH LESS HAVE A PUBLIC WEB SERVER) WITHOUT FIRST DEPLOYING A HARDWARE-BASED FIREWALL. Pardon me for shouting. These devices used to be several thousand dollars or even more. Now you can get a very good one with a 10/100 megabit router and an 802.11G wireless router included for less than $30. dLink, Linksys, and Netgear have about 100 models collectively, and any of them will be better than nothing. One could write a book on choosing the best one and, before the book could be published, there would be a half dozen new models that were better than anything mentioned in the book. Without picking a favorite, let me suggest some features to look for:

  • Dynamic DNS support – if you want automatic updating of the IP address linked to your domain name
  • Stateful packet inspection (SPI) – no firewall should be without it; used to thwart denial-of-service attacks among others
  • IPsec and PPTP pass-through – if you need VPN remote access to another network
  • NAT plus WPA – for wireless security
  • Web filtering – if you have young kids surfing the net
  • WDS bridging and repeating – if you need to extend the range of your wireless network
  • If none of these buzzwords mean anything to you, here are some reference materials to get you up to speed. Tom’s Networking is a good place to begin your search and product comparison. Another article worth reading is Frank Derfler’s Networking Buyer’s Guide on the PC Magazine web site. While the focus is networking in the workplace, you’ll still pick up a lot of useful information. And, for home networks, don’t miss PC World which has perhaps the most comprehensive comparison of products with some excellent buying recommendations. Even though the article is a little over a year old, most of the equipment is either still available or has been enhanced. In fact, two of their three top-rated products are products we use in our own home networks. PC World’s top-rated wireless router/firewall is now under $30 at Amazon. The retail price of the product when it was reviewed was $110.

    Choosing a firewall/router is only half the battle, of course. And it’s the least important half. Properly configuring the firewall/router is what keeps your network and your server secure. Fortunately, most of the top-rated firewalls come with default settings that provide top notch protection. While there are fairly complete networking guides accompanying most of these products, I would add a few additional recommendations for a home network.

  • 1. Before you do any configuring of the device, load the very latest (stable) updates from the manufacturer’s web site. This is a five-minute task with most of these devices.
  • 2. Don’t configure the router using a wireless network connection. It will only cause you problems. Plug a network cable in to do router configurations.
  • 3. If you choose a wireless model, skip all of the wireless security options except the one which lets you specify the actual MAC addresses of every device which is authorized to use your home network. This option is reliable and provides good wireless network security (see Comments). Every network card has a unique MAC address. No match, no access! You can’t beat that for wireless security. You’re not running a Starbucks with strangers using your network all the time. So hard-code the MAC addresses into your wireless router, and you’ll never have to worry about wireless network security.
  • 4. Open only essential ports for access to your home network from the Internet. If the only thing you plan to do is run a web server, open nothing but port 80. Once you think you’ve got your firewalls configured properly, run Steve Gibson’s free ShieldsUp! port test from inside your LAN to make sure you are secure.
  • 5. Most of these devices come preconfigured to hand out dynamic IP addresses using a DHCP server built into the router. While this is fine for most home networks, it can cause problems if you’re running a web server. The reason is because you must tell the router the IP address to which it should route incoming port 80 (HTTP) traffic, and you want that address to be your web server. Don’t turn off DHCP as the solution to this problem. Instead, let your computer establish a connection to the router and obtain a dynamic IP address. Once it has done this, go back into the router setup with a web browser and enter the MAC address of your Mac mini and its dynamically assigned IP address in the Reserved IP table (usually found under the LAN or Wireless menus with most routers). This tells the router’s DHCP server to always assign this IP address to this machine.
  • 6. Now that your server is going to be on the Internet, we also need to delete the phpinfo() file we built last week to verify that PHP was working. This application displays all sorts of information about your computer including your MySQL password. We don’t have a password to worry about in our configuration, but in the future you might, and then you’d run the risk of exposing it for all the world to see. Using Finder, click on your local hard disk and move to the /Library/WebServer/Documents folder. Then Ctrl-Click on the test4u.php file and move the file to the trash or at least out of your web site directory.
  • 7. Once you complete step 5, it is safe to poke a hole in your firewall (no, not literally!) and map the HTTP service or Port 80 to the internal IP address of your web server (usually done under the Services or Rules menus on most routers). You’ll want to specify that all port 80 traffic be allowed through the firewall all of the time.
  • These tips should get you started. Check back here in a day or two to see if we’ve added anything else. Also take a look at the comments just in case I’ve overlooked something. As you are now beginning to appreciate, this is getting pretty close to Rocket Science, and the more input you get on security, the safer your system will be.

    ISP-In-A-Box: The $500 Mac mini (Chapter VI, The Webalizer)

    You can’t be your own ISP without having some pretty bar graphs and pie charts to impress your friends with how well you’re doing. And no one does them better than The Webalizer. So today we want to add Webalizer to our ISP-In-A-Box and henceforth you’ll have daily statistics for your web site that you can review and analyze ad nauseum. These include summaries of hits, files, pages, and kilobytes for each hour of the day, each day of the week, each URL on your web site, and each entry and exit page of your site plus you get listings of the top referrers to your pages, the top search strings, the top user agents, and totals by Apache response code. Not bad for just installing a free piece of software. Right? Well, not so fast! Webalizer, as it turns out, is one of thousands of little Unix gems sitting out there that is virtually worthless in the current Mac world unless you have a fairly good grasp of Unix because no one has taken the time lately to actually make it work and document what it takes. One would think with all the resources that Apple pours into hardware and software development (not to mention publicity), they could hire just one person to comb through applications (like Webalizer) and clean up the installation routines to keep them up to date with the shipping version of their OS. Alas, we don’t live in a perfect world, do we? The bottom line is that if you simply download the Webalizer package, which incidentally claims to have a Mac OS X installer, it won’t work. So let’s be the good citizens that we are and at least put the pieces together so that it’s usable with Mac OS X v10.3, aka Panther. I’m anything but a Unix guru so you’ll probably want to read the comments to this article (from some real experts) that will tell you all the shortcuts I could have taken if only I had known what I was doing. As they say, you get what you pay for. But, you never know. Some energetic whiz kid may come along and read what we’ve done and decide to automate the whole process with a script. That would be great at least until Mac OS X v10.4 is released. Then we’re back to square one again. See what I mean about having an Apple employee do it.

    Here’s our plan of attack with Webalizer. We’re going to download the Webalizer package and then manually put the pieces where they should go to make things work smoothly. We’ll build a directory off of our main web site to house the daily Webalizer web pages. I’ll provide you a cleaned up configuration file to download and drop in the /etc folder on your server so Webalizer can find it. The config file just tells Webalizer where we’ve put stuff. Then we’ll clean out the old Apache log file and tweak the Apache web server config file to output more detailed logs so that Webalizer can paint pretty pictures for you. After restarting the web server, you’ll have a new Apache log file to support Webalizer. Finally, we’ll introduce crontab and try out our Webmin program from last week to schedule Webalizer to update its data once a day. Then you’ll be able to go to http://localhost/webalizer or your Internet address and look at all the statistical information about your web site whenever you wish.

    Prerequisites. Beginning with this chapter, we’ll list the other ISP-In-A-Box projects you must complete before starting this one. For the Webalizer project, you first must enable the Apache Web Server and at least access one web site on your local machine. This was all covered in our first ISP-In-A-Box installment. You’ll also need to install and activate WebMin to complete the optional crontab portion of this tutorial.

    Obtaining The Webalizer. We’re going to be using Webalizer 2.0-10 which is the current stable version of the software. It’s available from a number of sources. The easiest is probably MacUpdate, but it’s also available for Mac OS X on the Webalizer web site. This software is packaged as a tarball so, once you download it to your desktop, it should decompress into a folder named webalizer-2.01-10-macosx. You also need to download my customized version of the Webalizer config file. Just Control-Click here and Save the Linked File to your desktop as webalizer.conf. Once the download completes, drag it into the Webalizer installation folder to keep things tidy. Now drag the Webalizer installation folder to your Applications folder. We’ll work with it from there. Do not run either of the installation scripts! For those that don’t trust their mother (much less their teacher), here’s what I did with the config file. I started with the sample.conf file which is in the Webalizer download folder. However, it had the wrong Mac location for the Apache log file (which is what Webalizer uses to prepare its charts and data), and we needed a customized web site location to house the Webalizer web pages so I’ve plugged that in as well. If you’d like to look for yourself, open the file with TextEdit, not WorldText. For now, don’t change anything else in the config file, or you’re on your own.

    Apache Housekeeping. As mentioned, we have to do a couple things with the Apache web server to get the most out of The Webalizer. We’re going to modify log file format so that we get more informative statistics. Then we’re going to delete the current log file (actually we’ll rename it so you don’t get too nervous). And finally we will restart the Apache web server which will build us a new log file with the proper format for The Webalizer.

    Open a Terminal window by going to your Applications/Utilities folder and clicking Terminal. Switch to root user access: sudo su. Provide your admin password if prompted. Now let’s move to the directory where the Apache configuration file is stored: cd /etc/httpd. Let’s make a copy of our config file just in case something goes wrong: cp httpd.conf httpd.conf.save. Then you could copy it back if you need to. Now let’s edit the config file: pico httpd.conf. Be careful here! Let’s first find where we need to make our logfile format change: Ctrl-W, logformat, and then enter. Now press the down-arrow key exactly 12 times. You should be at the beginning of a line which reads: CustomLog "/private/var/log/httpd/access_log" common. Insert a pound sign at the beginning of this line by pressing #. Now press the down-arrow key exactly 13 times. You should be at the beginning of a line which reads: #CustomLog "/private/var/log/httpd/access_log" combined. Delete the pound sign at the beginning of this line by pressing Ctrl-D. The # sign should disappear. Now save your changes: Ctrl-X, Y, and press enter.

    We’ve configured Apache to generate log entries in the new format, but we still have a log file in the old format. So let’s rename it. Move to the Apache log file directory: cd /var/log/httpd. Now rename the log file: mv access_log access_log.save. To generate a new empty log file in the new format, we need to restart Apache: Click on the Apple icon in the upper-left corner of your screen, choose System Preferences, and click on the Sharing folder. Uncheck the check box beside Personal Web Sharing and wait for your web server to shut down. Now check the check box beside Personal Web Sharing to restart Apache. Command-Q closes System Preferences. That wasn’t so bad, was it?

    Installing The Webalizer. Now we’re ready to install our Webalizer application. All we need to do is copy the application files to their permanent home and put the Webalizer config file in a place where Webalizer can find it when it runs. Last but not least, we need to create a directory to store our Webalizer web pages which the program will generate each day.

    You should still have a Terminal session with root access open. If not, do it again using the instructions above. Now let’s move to the directory where our installation files are stored. cd /Applications/webalizer-2.01-10-macosx. There are only three files we need to copy to get Webalizer going:

  • mkdir /usr/local (If you get an error, that’s fine. It just means the directory already exists.)
  • mkdir /usr/local/bin (If you get an error, that’s fine. It just means the directory already exists.)
  • cp  webalizer  /usr/local/bin/webalizer
  • cp  webazolver  /usr/local/bin/webazolver
  • cp  webalizer.conf  /etc/webalizer.conf
  • mkdir /Library/WebServer/Documents/webalizer (This sets up a place to store our Webalizer web pages.)
  • To make sure everything works, first open a web browser and go to http://localhost. This will create an entry in your Apache log file.

    Now run Webalizer once in a Terminal window: sudo /usr/local/bin/webalizer

    Switch back to your web browser and go to http://localhost/webalizer/. Wasn’t that easy!

    You can manually run Webalizer as we just did whenever you want to, or you can put an entry in your cron file and have your Mac run it automatically each day. We need to learn about cron files for some future projects anyway so let’s automate the process so your Webalizer statistics are generated once each day.

    First start up WebMin if it’s not already running on your server: sudo /etc/webmin/start. Then open Webmin with your web browser: http://localhost:10000. Now choose System, Scheduled Cron Jobs and then click Create a New Scheduled Cron Job. The form shown above will display. Fill in the form with the values in italics:

  • Execute Cron Job asroot
  • Active?Yes
  • Command/usr/local/bin/webalizer
  • Input to command[leave blank]
  • Command/usr/local/bin/webalizer
  • When to Execute — Times and dates selected below
  • Now look at the bottom section of the form and click on a minute and an hour using a 24-hour clock to designate when Webalizer should be run. Leave All selected for the Days, Weeks, and Months options. You might want to select a time a few minutes from now just to be sure everything works properly. Then you can adjust the time later by clicking on this cron job in the System, Scheduled Cron Jobs web page of WebMin. Once you have chosen a minute and hour, click the Create button to activate the Webalizer cron job. Now access your http://localhost web site several times. Then you can check your Webalizer web site after the time passes to be sure it updated the page hits from your last visits. That’s it for today. Enjoy!

    RSS Made Really, Really Simple

    If the simplicity and headline style of MacSurfer’s Headlines News and Technology News Network leave you wishing there were similar sites to handle your other favorite topics, then you’re ready for Really Simple Syndication, RSS. a lightweight XML metadata format designed to handle headlines and web content. Instead of a single talented company digesting web pages from thousands of providers as MacSurfer does, RSS uses a different paradigm. RSS decentralizes headline-building by encouraging all web providers to create regular "feeds" of their sites containing headlines and content. The content may be the same as the actual web pages, or it may be a subset with links to the complete web pages. Instead of your having to visit hundreds of web sites every day, you use an RSS Reader to do the leg work for you. All you have to do is tell it where to look periodically for items of interest to you.

    Some RSS Readers are free, and some you have to pay for. For the Windows platform, we recommend NewzCrawler. There’s also NewsGator Outlook Edition which, as its name implies, creates RSS feeds in a folder within Microsoft Outlook. For your iPod (Yep, it’s true!), there’s Pod2Go. For your Treo 650 smartphone, there’s mNews. And, for your Mac or Mac mini, no one does RSS better than Ranchero’s NetNewsWire. Free and enhanced versions of Ranchero’s reader are available. The enhanced version is well worth its modest cost. Here’s how it works. Just define the web sites with RSS feeds that you’d like to track and tell NetNewsWire how often to retrieve the feeds. That’s it for the basics. What you’ll see is a 3-pane window (see inset) similar to many email clients. Your RSS sites are listed on the left, the headlines for each site appear at the top right, and the contents (known as an item in RSS parlance) for each story is shown in the bottom right pane. As with good email clients, NetNewsWire remembers which items you’ve read. And the dock icon shows how many unread stories exist in your feeds. You also can import and export your subscriptions for use in other readers, and there’s a Weblog editor which makes quick work of posting RSS content to your favorite blog. NetNewsWire also includes a Sites Drawer. It provides one-click access to hundreds of great RSS feeds. Here’s our own list of favorites in OPML format which can be imported directly into NetNewsWire to get you started. You also can find thousands more on the Complete RSS web site. There’s news, technology, sports, Fark, business and finance, Amazon, programming, humor, tech bargains, opinion, politics, entertainment, sex … well, actually, we just threw that in to see if you still were awake. Finally there are numerous scraped feeds or bootleg feeds. These are third-party crafted RSS feeds of web sites that do not yet (and may never) produce RSS feeds of their own such as WhiteHouse.gov and television program guides. There’s even a site that will create made-to-order RSS feeds for a modest fee. We’ll leave the legal issues these feeds may raise for another day.

    Take a look at what the RSS feed for Nerd Vittles looks like. It’s not much different than the actual web page you’re reading here. Actually, with Complete RSS, it is the web page you’re reading here. NetNewsWire goes one step beyond the Complete RSS approach and actually builds the contents pane from the XML code without reliance on any of the page’s actual HTML code. This obviously facilitates off-line browsing. While RSS content originally was limited to text, all that has changed. You’ll see the same rich content (with images) that you’re used to with a web browser. Just like MacSurfer, the advantage in switching to RSS is that you can comb through hundreds of headlines in just a few minutes rather than waiting for hundreds of web pages (and pop up ads) to load. If you don’t yet own a Mac, there are dozens of other RSS readers available for almost every operating system.

    The latest news in the browser and RSS universe is Firefox 1.0, the web browser that’s taking the world by storm. It supports RSS as an integral part of the browser. And chances are there’s a version for your computer right here. To use RSS within Firefox, just download and install the Sage RSS plug-in. All you need to perfect the reading of most blogs is a simple style file. Just Ctrl-click to download and save ours to your documents directory and configure Sage to use it (Tools, Sage, Options, Settings, Use Custom Style Sheet). Now you’re ready to start saving RSS links to read with Sage and Firefox. We recommend you create a bookmarks folder (Bookmarks, Manage Bookmarks, New Folder) just for RSS links since Firefox can periodically update your feeds. Here’s our RSS feed to get you started. Once you bookmark our link, choose Tools, Sage, and click on Nerd Vittles in your Sage-panel bookmarks folder. Voil√ɬ†!

    Finally, there’s one unsung advantage of RSS feeds over traditional web pages that is huge in our book. With web pages, you never really know when the contents of a page have been updated. And with hit-and-miss web caching, you may not know even when you return to a site. RSS solves this problem transparently. When a page is updated, the link to the page in your RSS feeds list automatically changes back to unread. For those of us that write HOW-TO articles and don’t always get it quite right in version 1.0, RSS provides a great way to alert readers that something important has changed in the story. Give RSS a try, and you’ll see why millions are discovering that it’s a better way to enjoy the web.

    [WM: And here’s one of those updates I was talking about. Another great RSS reader for the Mac platform was released just yesterday. The betas of NewsFire got rave reviews. And, if money matters, it’s half the cost of NetNewsWire.]

    ISP-In-A-Box: The $500 Mac mini (Chapter V, WebMin)

    Today, we were supposed to wrap up our opening series on turning your Mac mini into a full-fledged Internet hosting (or staging) server… but I’ve changed my mind. More than 10,000 visitors showed interest in our articles last week, and more than half of them were from the Windows World. So I’ve decided to continue beating the dead horse a bit longer. We’ll add a couple installments each week until we fill up everyone’s hard disks. You’ll notice we’ve changed from Parts to Chapters. That indicates our intention to continue building on what we’ve already done for some time to come. Think of this as a college class that you don’t have to pay for … or attend, for that matter. And, just like college, we’ll slack off when Spring Fever hits. And, when June rolls around, don’t expect much until next fall. We will wave to you from the beach house, however.

    If you’re just finding our site, you can read the entire series of articles (preferably from the bottom up) by selecting the Internet/Web Category on Nerd Vittles. We also encourage a look around while you’re here. After all, you wouldn’t want your Mac mini to grow up to be just a one trick pony. Our series on Home Automation and Computer Telephony servers can put a Mac mini to good use during those idle cycles. We might even get you interested in photography one of these days, perhaps this summer. And then you can really bore your friends with two nerdy pastimes.

    Coming Attractions. Tomorrow, for Mardi Gras, we’ll be covering RSS, a much better way to keep current with blogs and especially HOW-TO web sites like this one. We’ll tell you why. On Wednesday, we’ll add another chapter to our ISP-In-A-Box series by installing Webalizer, a statistical analysis package with the best bar graphs and pie charts west of the Pecos. On Thursday we’ll address hardware-based firewalls and routers to protect your new system, and we’ll cover all the nitty gritty details to actually get you a domain set up on the Internet so that folks like me can start looking at your web site. If you don’t yet have a web site, don’t worry. We’ll tackle that next week. And then on Friday of this week we’ll have another ISP-In-A-Box feature covering how to install and make quick, free system backups for your Mac mini or any other Mac using any portable USB or Firewire hard disk … even your iPod. And, unlike Windows World, you can test your backup’s integrity by booting your Mac from the remote drive after the backup is complete.

    WebMin, the Ultimate ISP Tool. In days of old, every operating system vendor wrote a proprietary user interface (UI) to make their OS "user-friendly." The trouble was that every time you switched operating systems, you had to learn an entirely new UI, too. Jamie Cameron changed all of that with the introduction of WebMin. If you have any previous experience with almost any flavor of BSD, Linux, IBM AIX, Sun Solaris or Java Desktop, then today’s topic will not be news to you. WebMin is one of the must-have tools on almost every server platform. What PhpMyAdmin did for MySQL, WebMin does for virtually every open source application in the marketplace. It provides a web front-end to manage almost everything running under the hood of your machine including cron jobs, bootup and shutdown processes, system logs, DNS, SSH Server, Apache web server, Postfix SMTP server, MySQL, PostgreSQL, NFS, SSL, Perl, and SAMBA to name a few. If you want to host multiple domains on a single server with Apache (including a Mac mini), nothing can come close to WebMin for quick, reliable, and automatic Apache configuration. As was true with PhpMyAdmin, powerful tools pose powerful risks if (1) you don’t know what you’re doing or (2) you don’t consider security before installation. WebMin includes its own web server which runs on port 10000 by default. You either need to enable the firewall on your Mac mini and leave port 10000 closed or you need to install a firewall/router between your Mac mini and the Internet and leave port 10000 closed. This will assure that no one can get to WebMin except sitting in front of your machine. And you’ll still need a username and password to get in. That’s about as secure as life gets these days. So let’s begin the installation.

    First, we need to download the WebMin software. Go to prdownloads.sourceforge.net/webadmin/ and scroll to the bottom of the list. We want to download the latest and greatest version which includes support for Mac OS X v10.3: webmin-1.180.tar.gz. If you’re reading this months from now, there may be a later one. If so, get it in the tar.gz format. Choose a mirror close to you and download the file to your desktop. Once the file has been downloaded, it will decompress in a couple minutes into a folder with the same name as the original file: webmin-1.180. At the present time, there are 182 items in the folder. Your mileage may vary if a new version comes out down the road. Now drag the entire folder to your Applications folder.

    We’ll need to get our hands dirty a little bit to complete the installation so just follow along and don’t get ahead of us. Go to the Applications/Utilities folder and open a Terminal window. Type sudo su and press enter. If prompted, type your admin password to switch to root access. Now move to the webmin installation folder: cd /Applications/webmin-1.180. Start the installation script by typing ./setup.sh and press enter. Don’t forget the leading period! You’re now going to be asked a series of questions. Listed below are the questions (in bold) followed by the corrrect answers (in italics) for you to provide:

  • Config file directory /etc/webminpress enter
  • Log file directory /var/webminpress enter
  • Full path to perl /usr/bin/perlpress enter
  • Web server port (10000)press enter
  • Login name (admin)press enter
  • Login passwordtype your admin password and press enter
  • Password againtype your admin password again and press enter
  • Start Webmin at boot timetype y and press enter
  • The installation script then will whirrr away for a minute or two. Be patient! WebMin will then tell you it’s finished and give you a couple little pieces of information that you need to either write down or bookmark this page.

  • To uninstall WebMin, open a Terminal window, sudo su, provide admin password, and run this script: /etc/webmin/uninstall.sh
  • To manually stop WebMin, open a Terminal window, sudo su, provide admin password, and run this program: /etc/webmin/stop
  • To manually start WebMin, open a Terminal window, sudo su, provide admin password, and run this program: /etc/webmin/start
  • To access WebMin with a web browser, go to http://localhost:10000 or http://127.0.0.1:10000 or http://nnn.nnn.nnn.nnn:10000 where nnn.nnn.nnn.nnn is your Mac’s IP address
  • Now we’re ready to see if things are working properly. Open a web browser and go to one of the addresses above. You should be prompted for a username and password. Type admin for your username and type your admin password. Don’t save it … but you knew that! You should see the WebMin opening page. Now that wasn’t so bad, was it?

    WebMin WARNING: WebMin has a deceptively simple user interface, and you may be tempted to muck around and improve things. Don’t … until you first RTFM (read the manual)! Or go to your favorite bookstore and thumb through a few of the many great books on WebMin. Pick one that best suits your reading style. They all pretty much cover the territory.

    WebMin Housekeeping. WebMin updates are released periodically. You can get on the mailing list at webmin.com. Once you know of an update, here’s the process to get it and install it. Nothing could be simpler. Open WebMin with your web browser. Go to Webmin, Webmin Configuration, Upgrade Webmin. Move to the third form on the page which is labeled Update Modules Now. Run the test to see what you’re missing by leaving the defaults and clicking the Update Modules button. WebMin will then check for updates and tell you what you’re missing. Go back to the Update Modules section again, uncheck the "Only show …" option and check the "Install Modules …" option. Then click the Update Modules button again. The new modules will be installed. You’ll need to do this once after this install because there is at least one update available. If you don’t get on the mailing list, then you need to go through this drill about once a month. I would not turn on the automatic updates. If the WebMin update server gets compromised, you are toast!

    Finally, a word about whether to run WebMin all the time. If you have a gig of RAM, it won’t hurt. With anything less, I would turn it off until I needed it. That means you probably don’t want it to start up when you boot your machine. You then can manually start it with the command shown above. Here’s how to disable the automatic boot of Webmin. Open WebMin in your browser. Go to System, Bootup and Shutdown, and click on WebMin in the alphabetical list. Change the startup setting from -YES- to -NO- and click the Save button. That should get you started with WebMin.

    Vindication At Last: ISP-In-A-Box Performance. Privately, I’ve caught more than a little grief from colleagues suggesting that the Mac mini really isn’t up to snuff to handle some of the tasks we’ve been throwing at it this past week. Well, the testing results are in comparing a Mac mini to a 1.8GHz dual-G5 using the industry-standard Apache Bench application. According to Macminicolo.net, which handles colocation services for servers of all flavors, "While [Mac mini] figures aren’t at the top end of the generally available ISP-class web server performance curve by any means, the economics of the Mac mini are such that for the first time ever there is a competitive Macintosh server able to handle more than 1000 hits per second yielding 20Mbits of data at a price that meets or beats much of the industry…"

    PHP/MySQL Book List. I promised last week to put together a reading list to get you started with PHP and MySQL. There are a number of books that cover both topics together which is a good way to learn PHP and MySQL. My favorite is PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide by Larry Ullman. There’s also a little more advanced O’Reilley book on the subject: Web Database Applications with PHP & MySQL, 2nd Edition. You can’t go wrong with either one, or just buy them both and skip that romantic dinner out next week. Heh heh heh.

    ISP-In-A-Box: The $500 Mac mini (Part IV, PHP)

    We've been exploring the possibilities of the Mac mini for the past couple weeks with a series of articles covering first what it would take to turn the Mac mini into a Home Automation Server. And then we built a Computer Telephony Server. This week we're using the Mac mini to build a full-featured Internet Hosting Server a.k.a an ISP-In-A-Box. This is the fourth installment in our five-part ISP-In-A-Box series. If you're just joining us, you might want to start at the beginning and read the articles from the bottom up using this link. On the first day, we covered hardware requirements and installation and operation of the Apache Web Server. Day Two added mail services including SMTP, POP3, and IMAP servers. And yesterday we installed MySQL to handle all our data base chores.

    Today we'll cover installation of PHP, a pedal-to-the-metal scripting and programming language that you can use to build or run web applications for just about anything. As we mentioned yesterday, adding PHP to the server with MySQL gives you access to literally thousands of free, commercial-quality applications that already have been written by talented programmers all over the world. Here's a partial list from just one of dozens of web sites that catalog these things. After we get PHP up and running, we'll install phpMyAdmin, your first PHP application. We'll use it to manage and create MySQL databases, and you can kiss the MySQL command prompt goodbye ... forever.

    For those of you who are programmers or wannabe's, one of the beauties of PHP is its extensibility. In addition to the functions provided in the basic language, others have added function libraries for PHP covering almost every programming discipline you can imagine including imaging, printing, emailing, data base integration with virtually every DBMS on the planet, XML, SOAP, PDF, compression technologies, date, time, calendaring, TCP, URL and socket functions ... and we've barely scratched the surface. The documentation alone (in over two dozen languages) runs well over 1,000 pages. Assuming you decide to develop your own applications, if you've learned any other programming or scripting language including ASP or Visual Basic on the Microsoft platform or C on any platform, then you'll be right at home with PHP. If you're just getting started with programming, find a PHP course at your local community college or university. They all love PHP! But, as we noted earlier, one of the real beauties of PHP is not having to write any applications unless you want to. If there's some web-based application you needed yesterday for a project, chances are someone already has written it for you using PHP.

    To simplify the installation process, we're going to use a PHP installation image (.dmg) file rather than a tarball just as we did with MySQL. We're going to install PHP 4.3.10 for OS X v10.3. Make sure you have applied the latest Apple patches to Panther before we begin. As already mentioned, PHP 5 is also available, but it is not yet in widespread use by ISP's, and many of the best PHP applications still require version 4. Click on this link for documentation about this PHP build and for other installation images. When you're ready to begin the actual download we'll be using, click here. The download is 26MB so a modem is probably not the optimal approach. When the download completes, the image file should automatically mount on your Mac desktop. If not, double click on the .dmg file to open the folder. Now double-click on php-4.3.10.pkg. Let it check the compatibility of your Mac. Then select your default drive, provide your admin password, and PHP will be installed. When the installation completes, you can eject the image file from your desktop.

    [Update: On some machines, a minor adjustment in the Apache configuration file may be necessary to support PHP. Open a terminal window (Go to Applications/Utilities and double-click on Terminal icon). Type sudo su and press enter to switch to the root user. Type cd  /etc/httpd and enter to move to the Apache config directory. Type pico httpd.conf and enter to load the Pico editor and edit the Apache config file. Be careful here! Press Ctrl-W, type php4, and press enter to search for the word "php4." You should be positioned on a line which begins #LoadModule php4_module .... If there is a pound sign (#) at the beginning of the line, we need to remove it. Don't hit delete! If you did, just backspace over the weird characters. Position the cursor under the # sign and press Ctrl-D. Now press Ctrl-W and enter to find the next occurrence of php4. Do this a couple times until you get to a line that begins #AddModule mod_php4.c. If there is a pound sign (#) at the beginning of the line, delete it by positioning the cursor under the # sign and pressing Ctrl-D. That's it for the changes. Now save the file by pressing Ctrl-X, then Y, then enter. Exit gracefully from the terminal window by typing exit and pressing enter, repeat it, and then Command-Q. Now we need to stop and restart the Apache Web Server for the changes to take effect. Click on the Apple icon in the upper left corner of the screen and choose System Preferences. Double-click on the Sharing folder. Deselect Personal Web Sharing by clicking on the check mark beside this option. Wait for the web server to stop. Then select Personal Web Sharing by clicking on the check mark box beside it again. Wait for the web server to start up again, and then close System Preferences by pressing Command-Q. ]

    Now let's be sure PHP installed properly. Make sure your Apache web server is running (consult the previous column on Apache if you need further assistance or a refresher course). Now open TextEdit in your Applications folder. Change the editor to plain text format by clicking Format, Make Plain Text. Now type the three lines shown in the left inset ending each line with a carriage return. Then save the file to your desktop as test4u.php in Unicode (UTF-8) format. When prompted whether to append .txt to the file name, choose "Don't append." Now use Finder and click on your local hard disk. Then navigate to /Library/WebServer/Documents. Now drag and drop test4u.php in this folder. Using your web browser, type in this address: http://localhost/test4u.php. You should see a PHP-generated page displaying everything you ever wanted to know about your computer. If not, recheck to make sure your web server is running and that you don't have a typo or missing semicolon in your test4u.php file. If all else fails, try reinstalling PHP or call your favorite Mac guru (not me!) for a little assistance. [Update: Once you've tested your system, move the test4u.php file out of your web site folder to prevent misuse.] Congratulations. You've just earned your first programming merit badge!

    Now it's time to install our first PHP application, phpMyAdmin. This is a complete web front-end for MySQL that let's you create, delete, modify, and do just about anything else to any and all MySQL databases. Here are a few warnings to get you started. As with any powerful tool, be careful. Don't muck around in the database called mysql or MySQL itself may come to a screeching halt. If you want to experiment, then create your own database and play there. Leave databases connected to applications you need alone. And, finally, here's a word about security. We plugged a hole in MySQL to keep outsiders out yesterday. When you install phpMyAdmin, you're letting them right back in unless you complete all the steps outlined here. You also will want to RTFM (read the manual) and decide for yourself whether additional security measures are warranted because of where your machine is placed. If you are sitting in the middle of a fraternity house and half of your brothers belong to the 'Nerd of the Month' Club, all bets are off. If you're in a private residence with fairly trustworthy relatives around, the security outlined here is probably enough to keep someone from hacking into your new Mac. End of Sermon.

    By now you should know the drill fairly well. First, make sure your Mac is running Mac OS X v10.3 and is up to date with Apple patches. Second, we need to download the phpMyAdmin software. Go to the Sofotex web site and click Download Now. Be patient for a few seconds, and your download should begin automatically. If not, choose a mirror site from the list. This will deposit a phpMyAdmin tarball (.tar) on your desktop which should decompress into a folder named phpMyAdmin-2.6.1. If not, double-click on the tarball to decompress it. Now let's open the folder by double-clicking on it. Find the config.inc.php file and Control-Click on it and choose to open it with TextEdit. When the file opens, choose File/Print and print just pages 1 through 4 of the file. While your file is printing, click on the Apple, choose System Preferences, click on the Sharing folder, and then click on the words "Personal Web Sharing." Be careful not to deselect the option or you'll shut down your web server. Now look at the bottom of the display and write down the IP address that's shown after the words "View this computer's website at http://." Press Command-Q to close your System Preferences window. Click in your TextEdit window and then press Command-Q to close it as well. Now close the phpMyAdmin-2.6.1 folder. Click once on the folder's file name and rename it to php and press enter. Now we're going to drag the folder to its permanent home. Open a Finder window, click on your local hard disk icon, and move to /Library/WebServer/Documents. Now drag and drop the php folder from your desktop into the Documents folder, which is as you'll recall the root folder for your computer's web server. Open a web browser, and go to http://localhost/php/. Assuming your Apache web server and your MySQL server are running, you should see a snazzy phpMyAdmin web page with at least the name of your mysql database in the left column and a bunch of nasty, red security messages at the bottom of the screen. If not, check to be sure Apache and MySQL are both running. As the red messages say, YOUR SYSTEM IS NOT SECURE at this point so don't be quitting just yet. Close the web browser, and let's plug the security hole. You're gonna need those four pages you printed and the IP address you wrote down.

    We're going to secure your computer now so PAY ATTENTION! We need to edit a few lines in the phpMyAdmin config file to tell it to only let you run the program. Otherwise, anyone with a web browser can type your IP address and then /php to do exactly what you just did. Not good! Move back to your Finder window which should be positioned in the /Library/WebServer/Documents folder. If not, move there again. Then double-click on the php folder to open it. Find the config.inc.php file and Control-Click on it and choose to open it with TextEdit. Now let's look at your printout and mark what needs to be changed. Then you can make the changes CAREFULLY with TextEdit and save the file (Alt -S). First go to page 2. At the top of page 2 should be a line that says $cfg['PmaAbsoluteUri_DisableWarning'] = FALSE;. We want to change only the word FALSE to TRUE. Don't mess up the existing punctuation and quotes! Now go to page 4. About two-thirds of the way down the page are several lines that look like the following. Be very careful in searching for these because there are two more sets of identical lines further down in the configuration file. We don't want to change those.

    $cfg['Servers'][$i]['AllowRoot'] = TRUE; // whether to allow root login
    $cfg['Servers'][$i]['AllowDeny']['order'] // Host authentication order, leave blank to not use
    = '';
    $cfg['Servers'][$i]['AllowDeny']['rules'] // Host authentication rules, leave blank for defaults
    = array();

    Now, here's what it should look like after you fix it except you need to replace the IP number 192.168.0.112 with the number you wrote down on your piece of paper.

    $cfg['Servers'][$i]['AllowRoot'] = TRUE; // whether to allow root login
    $cfg['Servers'][$i]['AllowDeny']['order'] // Host authentication order, leave blank to not use
    = 'deny,allow';
    $cfg['Servers'][$i]['AllowDeny']['rules'] // Host authentication rules, leave blank for defaults
    = array('deny root from all','allow root from localhost','allow root from 192.168.0.112',);

    I'm not even going to tell you how important the correct punctuation is, but if you screw it up, you'll know shortly. Once you save the changes, open a web browser, and go to http://localhost/php/. If this didn't work, try http://192.168.0.112/php/ using your own IP address, of course. Do you finally see the same lovely phpMyAdmin? If so, at least you can get in. If not and you see an Access Denied message, check for typos and make sure you put in the correct IP address. Once you can access phpMyAdmin successfully, then we need to make sure no one else can (from anywhere). If you have another machine on your network, use a web browser to go to http://192.168.0.112/php/ substituting your IP address from your trusty sheet of paper again. You should see the phpMyAdmin heading with an Access Denied message. If you have no other machines on your network, visit a friend and try to access your phpMyAdmin site in the same way using your Internet IP address (if you have a firewall/router, you first need to configure it to pass port 80 traffic to your private IP address). You still will see a big red message saying you're using a root account for MySQL with no password. While this is true, it is only accessible while sitting in front of your Mac and NOT from elsewhere assuming you carefully followed the MySQL tutorial yesterday. phpMyAdmin unfortunately isn't smart enough to know the difference. If you want to make this message go away (and that's all we're doing!), open main.php in the /Library/WebServer/Documents/php folder using TextEdit, search (Command-F) for the first occurrence of the word root, and replace it with toot (or any other word but root), and save the file (Command-S). Now close your web browser, reopen it, and go to http://localhost/php/ or http://192.168.0.112/php/ using your own IP address. Whew! Once again you've passed with flying colors.

    That's it for today. In our next session, we'll tie up all the loose ends, do a little experimenting with phpMyAdmin, and I'll provide some sample code and point you to some great books to get you started with your new PHP/MySQL programming career. And we'll share some great news about the future of our ISP-In-A-Box series. Thanks for visiting. Have a great weekend!

    ISP-In-A-Box: The $500 Mac mini (Part III, MySQL)

    This is the third installment in our five-part series on building a full-featured Internet hosting server with a Mac mini. On the first day, we covered hardware requirements and installation and operation of the Apache Web Server. Day two added mail services including SMTP, POP3, and IMAP servers. Today we begin the fun part of being the master of your own Internet universe with the installation of the MySQL data base management system. Why would you want a data base server in general and MySQL in particular? The short answer is that installation of MySQL today and PHP tomorrow truly opens up the Internet universe and gives you access to literally hundreds of fantastic, free, commercial-quality applications. These include blogs such as WordPress (which you are reading now), photo galleries such as Coppermine, content management applications such as phpWebSite, discussion boards such as phpBB2, project management apps such as PHProjekt, customer service systems such as PHP Support Tickets, polling and surveying systems such as phpESP and PHPsurveyor, wikis such as PhpWiki, mailing lists such as phpList, and other terrific applications including PHPauction, phpCOIN, phpFormGenerator, WebCalendar and on and on the list goes. Plus, you can build your own databases and applications to your heart's content without spending a dime for the software or the tools. So let's get started.

    Our game plan is to get MySQL installed on your Mac today and give you the rest of the day to play with it. We're going to install MySQL 4.1 even though version 5 is also available. The reason is that most ISPs still run version 4.1, and many of the applications we listed above are not yet compatible with version 5. Then tomorrow we'll add PHP and PHPmyAdmin to the mix, and you'll never have to stare at a MySQL command prompt again... unless you want to. But, it's fun once so just play along. First things first. We need to download the correct version of MySQL to match the correct operating system and correct version of that operating system. This began as a Mac mini project so we're assuming you're running Mac OS X v10.3 aka Panther. If not, you need to make the necessary adjustments as we go along. If you haven't already done so, load the latest Apple patches on your system so that you are current before we begin this installation. Now choose a mirror site that's close to you from this list and download the MySQL installer to your desktop. Once the .dmg image file downloads, it should automatically mount on your desktop. If not, double click on it to mount it now. In the image folder, there are two package files, a preference pane installer to install MySQL in your System Preferences tray, and a readme file. Drag the readme.txt file to your desktop for safekeeping.

    Now we're ready to begin the MySQL installation. First, we will install MySQL. Next, we'll install the automatic startup package which is responsible for making sure the MySQL daemon always starts up when you boot up your Mac. And finally, we'll install the new preference pane to start and stop the MySQL server. To get started, double-click on the mysql-standard package. Answer the prompts, choose your default drive, agree to the license, and enter your administrator password. If there is a problem during the installation, consult the readme file. Otherwise, you'll see a message in a minute or so indicating that the installation was successful. Now double-click on the MySQLStartupItem package, choose your default drive, enter your administrator password, and wait for the installation to complete. Lastly, double-click on the PrefPane icon, tell it to install for you (the administrator) only, and wait for the installation to complete. Just to be sure everything went according to plan, restart your Mac.

    When your Mac comes back to life, click on the Apple icon in the upper-left corner of the screen, choose System Preferences, and then click on the MySQL icon in the bottom of your System Preferences tray. It should show MySQL running with a check mark next to the option to automatically start during system startup. If not, make the necessary corrections to start MySQL and to assure that it automatically starts in the future. The MySQL installation is now complete, but MySQL is not yet secure! So ... keep reading.

    Don't ask me why but MySQL's default installation sets up anonymous and admin user accounts that are wide open (i.e. password-free) for all the world to hack, and they have. Kinda reminds you of another company in the great Northwest, doesn't it. If you don't plug this security hole, any person that discovers your IP address can totally destroy every MySQL database you build and take remote control of your machine! In short, you're toast! It should be noted that the anonymous and admin accounts for localhost access (which are separate accounts) are also password-free, but this shouldn't be a problem so long as you have control of your physical machine. So let's fix the mess and set up MySQL so it's easy to access (for you and your web server, not the world). Open a terminal window by choosing the Terminal application in your Applications/Utilities folder. Type sudo su and press the enter key.

    You now can connect to your MySQL server by typing /usr/local/mysql/bin/mysql at a bash command prompt. Let's do it now. You should then see a MySQL command prompt that looks like this: mysql>. First think up a very secure password for remote access to your MySQL server (you're never going to use it probably so make it a good one). Now you're ready to type the following command substituting your new password for the word "secret" and don't forget the two pairs of single quotes and the semi-colon on the end of the command:

  • update mysql.user set password = password('secret') where host<>'localhost' ;
  • When you press the enter key, MySQL should report that two records were changed. If not, try again. Cut and paste the command above if you have to. Once you get the "two records changed" message, double-check your work by typing this command:

  • select host,user,password from mysql.user ;
  • MySQL should list four accounts. The two localhost accounts should have blank passwords, and the other two should have passwords that you can't decipher. If not, repeat the drill until you get it, or you might just as well never use MySQL. My apologies for the diatribe. You'll thank me in ten years when you never get hacked. Here are the last two commands to enter in MySQL for now. The first makes certain that your changes get written to disk, and the second gets you out of MySQL gracefully. Once back at a bash command prompt, type exit and enter twice and then Command-Q to close the terminal window.

  • flush privileges ;
  • q
  • Your homework for tonight is to take a look at the MySQL documentation so that you get a feel for what can be done with a relational database. Using Safari or any web browser, open the MySQL documentation by entering this address: file:///usr/local/mysql/docs/manual.html#Tutorial . To get back to the MySQL command shell: open a terminal window, type /usr/local/mysql/bin/mysql and press enter. Have fun! Don't forget to end your commands with a semicolon, or MySQL just sits there. Don't forget to exit gracefully (q) when you're finished.

    Feb. 9 Supplement. Several common questions have arisen since this article first appeared. I wanted to address them in the body of the article for the benefit of new visitors who might not read the comments.

    Missing Preference Pane. On some older Macs (apparently not Mac mini's), there is no Preference Pane option in the MySQL installation folder to install in System Preferences. This is not a big deal. All this preference pane does is allow you to stop and start MySQL. You can do the same thing from a Terminal window (opened from Applications/Utilities):

  • To start MySQL manually: sudo /library/startupitems/mysql/mysql start
  • To stop MySQL manually: sudo /library/startupitems/mysql/mysql stop
  • To restart MySQL manually: sudo /library/startupitems/mysql/mysql restart
  • Uninstalling MySQL. Here are the steps. Don't skip any! You cannot undo these deletions!! All your data will be lost, too!!! If something goes wrong in a step, do not go to the next step. Send me an email. First open a Terminal window (opened from Applications/Utilities):

  • Switch to root user access: sudo su
  • Provide admin password if prompted: type your password
  • Move to the folder where MySQL is stored: cd /usr/local
  • List the contents of the folder: ls
  • Write down the exact file names of all files beginning with mysql : there should be two, a file and a directory
  • Stop MySQL manually and make sure it says it is stopped: sudo /library/startupitems/mysql/mysql stop
  • Delete the MySQL symbolic link file: rm mysql
  • Delete the MySQL directory and subdirectories using the long file name you wrote down above: rm -rf mysql.standard.rest.of.filename
  • Move to the Receipts folder: cd /library/receipts
  • Delete the MySQL directory and subdirectories using the long file name you wrote down above: rm -rf mysql.standard.rest.of.filename
  • Move to the startup folder: cd /library/startupitems
  • Delete the MySQL startup directory: rm -rf mysql
  • Delete the other possible MySQL startup directory: rm -rf mysqlcom
  • ISP-In-A-Box: The $500 Mac mini (Part II, Mail Services)

    We began our five-part series on building a full-featured Internet hosting server with a Mac mini yesterday and covered the recommended hardware for the server as well as basic instructions for setting up an Apache Web Server. Today we’ll show you how to turn your Mac mini into a full-blown mail server with SMTP, POP3, and IMAP support. Before doing that, let me first define what SMTP, POP3, and IMAP are. And then I want to offer a word of caution about why setting up these services (especially POP3 and IMAP) for most folks is probably a bad idea.

    SMTP or Simple Mail Transfer Protocol is a collection of services to send email messages between servers. It also accepts messages from mail clients for delivery to others. Messages are retrieved with a mail client which "talks" to either a POP3 or IMAP server which manages the flow of incoming messages between an SMTP server and the mail client. While there are exceptions, the fundamental distinction between a POP3 client and an IMAP client is that POP3 clients download messages and manage them on a local machine while IMAP clients download copies of messages which are generally stored on a server. At the risk of oversimplifying, if you have one computer and one email account, POP3 is more than adequate. If you have multiple computers that all need access to your email messages or if you need web access to your email messages, IMAP is probably a better choice because it is more robust particularly in handling deletions of messages from a variety of locations.

    Rather than telling you not to install an email server, let me try to define when it would be appropriate and leave the rest to you. Every ISP on the Planet provides SMTP services for its customer base. If you have Internet access, you generally also have SMTP services to handle delivery of your outgoing email messages. One advantage in setting up your own SMTP server is you will always know its address or domain name. If you travel extensively or spend lots of time in Wi-Fi HotSpots of different vendors, then SMTP services for outgoing mail can be painful because you generally have to reconfigure your email client to tell it the address of your SMTP server before you can send or reply to email. This is not always the case, however. Most modern WiFi HotSpot routers now transparently reconfigure your SMTP settings when you connect to their services. And having your own SMTP server doesn’t always mean you can send email because more and more ISPs are blocking SMTP activity from downstream computers (i.e.. computers located inside your ISP’s firewall and routers) as a way to better control the proliferation of SPAM.

    Almost every ISP on the Planet also provides POP3 mail services for customers, and most provide IMAP and webmail access as well. In addition, for mail delivery and storage, there are numerous other free services including Gmail from Google, HotMail from Microsoft, and Yahoo Mail from Yahoo as well as low-cost vanity email providers such as NetIdentity.com. Unless email between numerous users in your local area network is significant and uploading and downloading of messages to and from an ISP causes inordinate delays in the delivery of email, I can think of no sound reason to deploy either a POP3 or IMAP server on your local system. And there are some very good reasons for not doing it. First, it all but requires that you have a good grasp of DNS principles and that you properly configure your mail domain. If you’re saying, "What’s that," then you definitely do not need a POP3 or IMAP mail server. Second, if you don’t know what you are doing with DNS and your POP3 and IMAP settings, you run the very real risk of losing all of your incoming mail or having it bounce back to the senders. Third, most ISPs back up their servers fairly regularly. Do you plan to do the same? It’s your email! Finally, mail server services can be processor intensive and eat into your available resources. Keep in mind that these services have to run regularly to determine whether there is incoming or outgoing mail and, if so, to process it. Is it worth the computing resources to duplicate a service that skilled personnel already handle for free at your neighborhood ISP? End of lecture.

    So you want to be a mail administrator. Great! Assuming you’ve mastered DNS (which is beyond the scope of this tutorial … and me), setting up SMTP and optionally POP3 and IMAP services couldn’t be easier on the Mac mini. Step 1: Go to this web site or this one and download Postfix Enabler. Step 2: Print a copy of the web page while you are there. This is the installation and operating instructions. Step 3: Decompress the archive and drag the Postfix Enabler icon to your Applications folder. Step 4: Run the application and provide your Admin password. Step 5: Click the Enable Postfix button. You now have a fully functional SMTP server. Step 6: If you want POP3 or IMAP servers enabled, reread the warnings above (hint!), and then read the Postfix Enabler documentation for installation and configuration instructions. Step 7: Send the author a small donation. Postfix Enabler is shareware. Having dabbled in shareware myself once upon a time, I can tell you it’s one of the best things that ever happened to keep the computer industry honest and competitively priced.

    Note: Unlike Windows machines which all have their special quirks, all Macs pretty much work the same way so everything we’re discussing will work just as well on an iMac, or Powerbook, or Power Mac G5, or eMac, or iBook so long as you’re running an up-to-date version of OS X v10.3, aka Panther. If you have a Mac mini, then you have OS X v10.3. If you have a different Mac and you’re using an earlier version of OS X, then pretty much everything is different insofar as mail services (even the SMTP server is different) so you can stop reading now.

    To test your new SMTP server, start up your mail client and reconfigure your client’s SMTP server settings to point to 127.0.0.1. Now send a message you don’t mind losing to someone you know and ask them to reply. Or just send a message to yourself. Wait a few minutes and refresh your mailbox. Keep in mind that a number of ISPs block all SMTP-generated email messages from end-users (that’s you!). If it doesn’t work, it’s probably your ISP that’s the problem, not Postfix. I told you not to do it. Didn’t I?

    In our next installment, we really will be installing something you need, the MySQL data base management system, one of the fastest and most reliable DBMS products in the marketplace. It also happens to be free for most purposes. What can you do with MySQL? Just about anything. Take a look at our main web page at mundy.org. It is completely generated from a MySQL database. Or visit one of our beach webcam sites at Pawleys Island or Surfside Beach. All of the tide, sunrise, and sunset data for these sites is generated from a 100-year table of data stored in, you guessed it, a MySQL database. So join us back here tomorrow.