ISP-In-A-Box: Mastering Internet Telephony – One SIP At A Time
We're interrupting our summer break to tell you about what we've been playing with these past few weeks. So today we resume our coverage of IP Telephony with the second in a series of articles on the subject. We'll be exploring SIP-based telephony solutions. These are hardware, software, and service offerings that implement the industry-standard Session Initiation Protocol (RFC 3372) for delivery of telephony services. What cell phones did to the pay phone business is happening in spades with home and business phone and long distance services thanks to VoIP telephony. Cisco had the right idea. They just got too greedy. We previously covered using Skype with your Mac mini or other Mac running Tiger or Panther. The two major drawbacks of the Skype service are Skype's utilization of a proprietrary communications protocol and being tied to your Mac or PC to make and receive phone calls. Once you upgrade to Tiger, however, you can at least get 30 feet away from your Mac using a bluetooth headset such as the Plantronics M3000.
There are some other options that are worthy of a careful look before you jump on the Skype bandwagon. And there's nothing to prevent you from using more than one voice over IP service. You could use a half dozen and still save money compared to what you're paying a Baby Bell for home and especially business phone and long distance services. The only real prerequisite for acceptable IP telephony service is a broadband Internet connection but that, too, is changing. The quality of the calls is now virtually identical to what the Baby Bells provide. Look at it this way: cancelling your residential or business phone service will almost pay for your monthly high-speed Internet service. The only time this isn't an option is in markets where DSL is your only broadband choice. Most of the Baby Bells still tie DSL service to the existence of a regular phone line at your home or office. So much for the Sherman Act's tying prohibition, but that's another story. Finally, a word of caution: VoIP telephony is still in its infancy so don't expect absolute perfection. Many of us endured snowy televisions for years, and VoIP is way past that already. But, if being able to make a 911 call in the middle of the night from your home phone is the most important criteria to you for home phone service, then by all means stick with the Baby Bells. They appreciate your 50 bucks every month for local phone service.
Unlimited "Call (almost) Anywhere" Phone Service. If, on the other hand, you're looking for a drop-in replacement for your home phone service and exhorbitant long distance fees (i.e. per minute rates for U.S. calls in excess of 4¢ per minute), then look no further than BroadVoice. Yes, once in a while, we get a whopping $20 if someone signs up for BroadVoice service using our account number, but we haven't bought our dream home with the proceeds yet. In fact, a good night on the town is still a pipe dream. Some of you may remember the late Victor Kiam commercial for Remington razors: "I liked 'em so much ... I bought the company." That's kinda the way we feel about BroadVoice although we're still awaiting the deluge of $20 checks before making the company purchase. Here's our BroadVoice phone number just in case you want to help: (4O4) 795-2227.
What distinguishes BroadVoice from the rest of the pack are several things: the breadth of their hardware and software offerings and the flexibility they provide in letting you switch plans, switch hardware, or bring your own devices for use with their service. And BroadVoice doesn't cripple the devices they sell to preclude your using their hardware with another IP telephony provider's service down the road. Imagine Sony selling you a television that could only receive Fox News. George Bush might buy one, but ...
The other major distinction with BroadVoice residential service is what $20 a month buys: unlimited calls to anywhere in the United States, Canada, and the United Kingdom, Ireland, Austria, Belgium, France, Germany, Italy, Vatican City, Norway, Sweden, Denmark, the Netherlands, Switzerland, Spain, Chile, Singapore, Taiwan, and China. Another five bucks a month buys you free calling to fourteen more countries. As with most IP telephony providers' plans, calls to other BroadVoice users in any country are always free. And nothing precludes your having an Atlanta phone number on your BroadVoice phone in Holland so grandma in Atlanta can call you toll-free using her big black Ma Bell phone from 1952. But, suppose you just want to experiment with IP telephony before making the leap. Keep reading!
What initially separated Vonage from the rest was the feature set that accompanied their IP telephony service. BroadVoice not only has matched Vonage feature for feature, but they've added almost a dozen more at no cost. The free voice mail service is nothing short of incredible. You can retrieve your messages using any phone or a web browser. Better yet you can have either your messages or just the caller ID information emailed to you in real time. You also can have calls to your BroadVoice number ring simultaneously on up to seven additional phone numbers including your cell phone. Other features include Anonymous Call Rejection, Call Waiting, Call Forwarding Always, Call Forwarding Busy, Call Forwarding No Answer, Distinctive Ring, Do Not Disturb, Last Number Redial, Call Hold, Speed Dial 8, Speed Dial 100, Caller ID with Name, Three-Way Calling, Call Notify, *69 Call Return, Voice Mail Aliases, Call Transfer, and Voice Mail Distribution Lists. If that isn't enough features to keep your fingers busy, you can add additional phone numbers in different area codes including toll free and United Kingdom numbers of your choice for less than $2 more a month. And Microsoft Windows Messenger Soft Phone support is available for $3 a month. Many other features are also on the drawing board. Last, but not least, you can manage all of these features using your favorite web browser.
The one feature we wish BroadVoice would hurry up and implement is the ability to use multiple phones in different locations with the same account. Since BroadVoice could charge for multiple simultaneous calls from the same account, we really don't see any business impediment to such a feature. And it would facilitate movement from place to place by business travelers who might want a terminal adapter in their home but would prefer a WiFi phone or softphone while on the road. Right now you would have to disable your home terminal adapter before switching to another device, or BroadVoice would suspend your service when multiple devices appeared on their radar.
VoIP Telephony Hardware. If Skype has an Achilles Heel, it would have to be the quality of hardware offerings available for use with the Skype service. Once you get used to high quality telephone instruments, it's hard to go back to a $15 plastic headset to make and receive telephone calls. You won't find that problem with BroadVoice. In fact, if you already have broadband service, you can add a terminal adapter with or without a router and use your existing cordless phones with ease. All you pay is the $40 set up fee, and the device is yours to use for free. Any of the 5.8GHz cordless phone sets are almost perfect for use with the BroadVoice router. Our personal favorites are Uniden's new two-line model (see inset above) which is expandable to 10 units or the single-line vTech i5871 which has about the same feature set as a high-end cell phone (see inset below).
Using A Wi-Fi Phone. Another option which finally began shipping again last week is a WiFi-enabled IP phone. BroadVoice offers this new phone for $99 when you sign up for their service. Or you can purchase one later for $140 from Hello Direct to use with your BroadVoice service. The claimed advantage of the WiFi phone is that you can take it with you and use it from virtually any Wi-Fi HotSpot or from any home or office equipped with wireless Internet service. We ordered the phone from Hello Direct, the marketing arm for BroadVoice hardware now. BroadVoice actually shipped the new phone, a UTStarcom F1000, not the WiSIP phone previously sold by BroadVoice. Unlike the WiSIP phone, this phone does not yet have a web interface (either incoming or outgoing). This means you cannot configure it through a web browser and can't connect to WiFi HotSpots that require some sort of terms of use acknowledgment before you can use their service. So the phone is all but worthless at Wi-Fi hot spots but does work reliably with home and office networks using nothing more secure than WEP encryption. WPA is promised as a future enhancement.
The only way to configure the phone for use with BroadVoice is to have BroadVoice customer service select this phone as your only type of device (i.e. you lose your BYOD status) and then download the configuration using TFTP. Once you switch to this phone, BroadVoice customer service claims there's no way to revert back to another type of device without calling BroadVoice support again since the phone is so new that it's not in their list of supported BYO devices yet. BroadVoice support swears that you'll be able to have 2 separate devices (for a modest fee) within a month so I guess we'll see what happens. The other drawback with this particular phone is that there appeared to be no way to adjust the speaker volume. BroadVoice support wasn't much help on this either. We were told there was a button "somewhere probably on the side of the phone." Well, gee, why didn't we think to look there before calling. There, of course, is no button on the side of the phone nor anywhere else to adjust the volume. Nor is it supported in the menus which are fairly intuitive. UTStarcom's Forum happened to answer the question: press the right arrow key during a conversation to increase the volume or the left arrow to decrease it. Using the Up and Down arrows would have been too intuitive, I suppose. It turns out that the volume already was set to 4 of 5 steps, and increasing it to 5 made very little difference. You really couldn't use this phone in a noisy restaurant or airport setting based upon our testing. There's also a problem obtaining the device unlock code from BroadVoice support. At least two BroadVoice agents couldn't find the answer. You need this code to force a power-on password and to enter (or discover) your SIP password. Let me save you some time on the forums. For the benefit of all the hard-working BroadVoice agents, the default password is 888888 which then can be changed. And finally this footnote: despite what BroadVoice Customer Service says about not being able to change devices without their help, once you discover your SIP password using the device unlock code above, it actually is a simple matter to reconfigure the X-Ten Lite softphone to work when you are not using your WiFi phone. Just change the X-Ten Lite SIP password to match that of your WiFi phone, and it works swimmingly. Sipura terminal adapters also work fine. Just don't use two devices at once (for the time being anyway), or the BroadVoice switch will lock your account.
After successful use of the phone at home using a 128-bit WEP password, we went to test it at one of our neighborhood restaurants which has free Wi-Fi access. The phone didn't work there because (like most WiFi Hot Spots) there is a web acknowledgment screen to consent to terms of use before you can gain access to the Internet. Since the phone has no web browser, there's no way to get connected. Interestingly, some other store or home near the restaurant apparently had an open Wi-Fi router which the phone connected to with no problems after giving up on the Wi-Fi Hot Spot connection inside the restaurant. Considering that a prosecutor in St. Petersburg, Russia Florida just indicted a person for "theft of computer services" for using his computer on a public street beside a person's house with an open WiFi router, this may not be the smartest use or design of technology until a few courts speak on the legality of using open WiFi connections in public areas. In this particular case, the phone made the connection with no user intervention. We only noticed what happened because it initially paused on the Wi-Fi Hot Spot connection, and we then began watching the screen to see what would happen next. What the phone did was start scanning for other access points. Incidentally, you can store six separate WiFi locations with separate passwords in this particular phone model which is a significant improvement over the older WiSIP phone. Assuming the courts confirm the lunacy of charging individuals with theft of services for using open, unprotected WiFi access points (we'll let you be the judge of who the real dummies are in this scenario), all this phone really needs now is a simple web browser to navigate through HotSpot log in screens, and it will be a pretty terrific, first generation product. The phone is the same length and a bit more than half the width and a third the weight of Palm's Treo 650. As for the "look and feel" of the phone, we'd rate it as pretty much the equivalent of most $100-$150 cell phones.
Using A Softphone With Your Mac or PC. If you are hell-bent on using your VoIP phone service directly with your Mac or PC, X-Ten Lite (see inset) is as good a product as you could ask for. It can be configured to work with BroadVoice service easily, and it can be downloaded for free from here. We use it, and it works great!
We've barely scratched the surface of SIP-compatible devices which can be used with BroadVoice. Here's a list of configuration tutorials for the major devices that BroadVoice supports. But many other SIP-compatible devices will work as well. Visit The VoIP Connection web site to get an idea of the breadth of choices which are out there. Our only advice would be not to purchase a SIP device unless a configuration for that device exists to use with your provider. The very best Wizard for configuring numerous SIP devices for use with dozens of VoIP providers can be found at Voxilla.com. Our rule of thumb goes like this: if it's not on the Voxilla Wizard's device list or BroadVoice's supported device list, don't buy it unless you enjoy water torture.
Pay-As-You-Go Internet Phone Service. If "all-you-can-eat" isn't your favorite meal ticket, there now are a couple great SIP alternatives to Skype. As you might have guessed, BroadVoice has a BYOD-Lite plan for $8.45 a month that includes a regular phone number in your choice of area codes, all the same features outlined above, and 100 outgoing minutes to anywhere in the U.S., free incoming calls, and free calls to other BroadVoice users. Additional U.S. minutes are about 4¢ (maybe cheaper if some BroadVoice folks read the rest of this paragraph). That's about the same per minute rate that many traditional long distance carriers have been charging for U.S. calls during the last five years. And some are even cheaper. If the objective is to encourage switching or at least experimentation with VoIP services which the $8.45 pricing scheme certainly suggests, then the pot could stand a little more sweetening insofar as the per minute costs are concerned. And, yes, we make money if you sign up with this carrier, too. Agent 5185 at your service. Ain't America great!
Another VoIP provider option is SIPphone. As with BroadVoice, it is not proprietary and is also SIP-compatible meaning it uses open standards-based SIP technology. And, just as with Skype and BroadVoice, calls between users of the service are free. For calls to plain-old-telephones (POTS) in the United States, the cost is 2¢ a minute. Calling rates to other countries are available here. And, if you'd like a "regular" phone number in your favorite area code for free incoming calls from any other phone of any flavor, the cost is about $6 a month with 100 free outgoing call minutes which makes it virtually identical to BroadVoice's BYOD-Lite plan except for the per minute charges. The other good news with the SIPphone service is that most of the same hardware that works with BroadVoice will also work with SIPphone. So, if you get tired of BroadVoice for any or no reason, you can switch to SIPphone and take your hardware with you. That includes terminal adapters and routers with SIP service compatibility, the WiSIP Wi-Fi phone, and softphone clients such as the free Gizmo and X-Ten Lite clients which work with Macs, Windows PCs, and soon Linux desktop machines. Unfortunately, we haven't found the SIPphone service to be nearly as reliable as BroadVoice's. Check out their Getting Started forum before you make the leap.
Build-Your-Own PBX. For all the supernerds still reading, you also can add your own PBX to your Mac or PC and use either BroadVoice or SIPphone to place and receive calls. Known as Asterisk®, the software for your Mac can be downloaded from our experimental WebDAV server or from this Asterisk web site. You can map a network drive to our WebDAV server by connecting to http://windswept.dyndns.org:82 with a username of bozo and a password of forlife. Then you can drag and drop the Asterisk file folder on your desktop. Don't forget to eject the drive when you are finished. For more info on WebDAV and Web Folders, start here.
Our personal preference at the moment is to build an Asterisk PBX using any old, low-end Windows machine with the Blue Lava VOip PBX In A Box software. We have lots of scrapped Windows machines that are no longer permitted to access email or a web browser because of Microsoft's self-inflicted security mess. The cost of Blue Lava is only $49 and will save you weeks of headaches. Incidentally, the Blue Lava developers are the same fine folks that developed the WiSIP Wi-Fi phone discussed above. And the Asterisk software is preconfigured for use with BroadVoice and SIPphone among others.
Everything Else You Wanted to Know About BroadVoice. No single article can do justice to the breadth of features and functions available with a new BroadVoice account. Here's another article worth a look. Finally we'll send you to the same place we go when there's something new to be learned, the Voxilla Forum. As mentioned before, VoIP in general and BroadVoice in particular are not without their problems. BroadVoice, for example, had a serious meltdown several months ago after a dispute with one of their providers who had everything to gain by shutting down the likes of BroadVoice. Such are the growing pains of a new, incredible technology. Just explore it with your eyes wide open and take precautions to avoid having all of your communications eggs in one basket.
WHERE-TO Bonanza: 50 Great Summertime Web Sites for You & Your Mac mini
Today we’re providing 50 of our favorite Mac mini resources on the web that will tell you anything and everything you ever wanted to know about Mac technology. There are sites for news, reviews, tutorials, tips and tricks, troubleshooting, blogs, forums, hacks, rumors, and loads of additional applications. So, while we’re taking it easy this summer, visit a few of the sites you haven’t already tried and learn something new. We’ll even wave to you from the beach. Any Mac running at least Mac OS X v10.3 aka Panther is a suitable candidate for taking advantage of most of these web sites. In case we missed a few, feel free to add your own favorites as comments. And, for the math geniuses, you’re right. The number of sites doesn’t quite add up to 50, but a few sites weren’t that great so we’ll leave it to you to figure out which ones shouldn’t be here. And be sure to check out our HOW-TO Bonanza: 50 Great Summertime Applications for You & Your Mac Mini.
Favorite Hacks
Favorite Tech Sites
Favorite Mac mini Sites
Favorite Mac News Sites
Other Mac News and Reviews
Favorite Mac Applications
Favorite Mac Mags
Favorite Mac Rumor and Gossip Sites
Favorite Mac Weblogs
Favorite Mac mini Forums
Favorite Mac Troubleshooting Sites
Favorite Mac Tutorials
Favorite Gadget Sites
For The Other Side
When 50 Just Isn’t Enough
ISP-In-A-Box: Remotely Managing Your Mac Using AFP and SSH Tunnels
We've been exploring remote access and remote management options for the Mac mini and other Macs running Mac OS X Panther or Tiger for several months, and today we'll turn our attention to another solution that is ideally suited for those with multiple Macs at different locations. Every copy of Mac OS X ships with client and server versions of the Apple File Protocol (AFP) over TCP/IP. Enabling the server is a one-click operation. Choose System Preferences->Sharing and put a check mark beside Personal File Sharing. Assuming you have enabled the Mac's built-in firewall (which we always recommend), this automatically opens ports 548 and 427. If you have a hardware-based firewall (which we also recommend), you'll need to open port 548 and point it to the internal IP address of your Mac. If you have two Macs with Internet connections at different locations, you'll need to do the same thing on the other end. To connect to a remote Mac, you'll need to know its IP address or fully qualified domain name. Using a web browser on the remote Mac, you can obtain the IP address of your Mac by clicking on this link.
Once you enable Personal File Sharing and open the necessary ports in your firewalls, anyone can access and upload files to your Macs knowing nothing more than your IP address or fully-qualified domain name. Only those with actual user accounts can read and write files and execute programs on your remote Mac, and their access is restricted just as if they had logged in sitting at the desktop. The anonymous write access may or may not be what you had in mind. One very real risk of this design is that, given enough time, a malicious passer-by can flood your Mac with data and fill your entire hard disk with junk which will eventually crash the operating system since there will be no room for temporary files. If you couldn't already tell, this isn't our favorite Apple engineering design so here's how to fix it.
As delivered from Apple, every user's account has a Public folder with a Drop Box subfolder. The owner-user has read-write-execute privileges. The owner's group and everyone else have write and execute privileges to the Drop Box folder. This means strangers can upload files but can't see what's been uploaded. To adjust this so that strangers have no access privilegs, open a Terminal window and switch to root privileges: sudo su. Switch to the directory which houses user accounts: cd /Users. Display a directory listing for this folder: ls -all. Then repeat the steps below for every user account on your Mac substituting the name of each user's file folder for thisuser:
Make certain that the public directory listing in Step #2 begins with the following:
drwxr-x---
There should be three trailing hyphens following the "x" and these are the important part. Don't worry if the rest of the rights don't match. Continue repeating the steps above until you've done it for every user account on your Mac. Forgetting just one means someone can fill your disk with garbage!
Now that we've gotten the security housekeeping out of the way, we're ready to test your AFP access. This can be done from another Mac on your local area network or from a Mac elsewhere on the Internet. If you're trying it from your LAN, use the private IP address of the remote Mac (we'll call the Mac we're connecting to the AFP host or AFP server). If you're trying this from elsewhere on the Internet, use your AFP host's Internet IP address, the one you obtained in the first paragraph above. Now, click on your Desktop and press Command-K. For the server address, type afp://192.168.0.102 substituting your AFP host's IP address, of course. Click the Connect button to make the AFP connection, and assuming you got the IP address typed correctly you will see an AFP login window which looks similar to the one shown in the inset to the left. Notice the Guest and Registered User options. Now you know why we did what we did above to disable Guest access. Technically, strangers still can connect. They just can't get to anything or do any damage. To see how this works, try Guest access to our beach house Mac by going to this address: afp://windswept.dyndns.org.
For our purposes, you'll want to log in as a Registered User. So type your username and password just as you would sitting in front of your AFP Mac host. If you have Administrator rights, you'll be asked whether to mount your user directory or one of your mounted drives. Mounting the internal drive gives you access to everything on your Mac just as if you had logged in as the root user. You now can perform almost any task as if you were sitting in front of your remote Mac ... only slower. If you're using a modem, make that "painfully slower." If you have broadband connections at both ends of your AFP connection, you'll find AFP is perfectly acceptable for transferring files back and forth but probably not desirable for executing most applications, such as Word or iTunes. Another drawback of pure AFP is that data is sent in clear text and is unencrypted meaning all of the data including your account names and passwords are subject to compromise especially from a "Man in the Middle" attack. A good example would be a curious college geek managing the routers for your local Internet service provider.
That brings us to the second half of this article which is how to use an encrypted SSH tunnel to protect your AFP sessions. In one of many great articles on the subject O'Reilly put it this way:
A tunnel is a networking term with an appropriate name. It refers to a connection, usually encrypted, that connects two computers together across another, usually untrusted network. Picture a mountain of evil 3l33t d00dz sitting between your laptop and a server on your internal, protected network. You don't want to just throw your traffic really hard at the mountain and hope it gets there; you want to first form a protected tunnel from you to your machine, and then send the traffic through it.
Without getting into too much detail, what we want to do is set up an encrypted tunnel using Mac OS X's SSH tools, and then we'll pass all of our AFP traffic through that tunnel to keep the bad guys from reading its contents. Once we finish our AFP session, we'll shut down the tunnel until we need it again. For this to work reliably, you'll need to set up identical user accounts with identical passwords on both the remote host and client machines, and these accounts should have administrator privileges. A user with admin privileges need not be logged in on the remote host to establish the tunnel successfully. On the remote host, you'll need to enable Remote Login by checking the appropriate box in System Preferences->Sharing. This will enable Port 22 traffic on your Mac firewall; however, you also will need to adjust your hardware-based firewall to route port 22 traffic to the internal IP address of your Mac. Now log in to your client Mac using the same account name with admin privileges that you established on your remote Mac. Open a Terminal window and type: ssh 192.168.0.102 substituting the remote IP address of your remote Mac host. You'll be warned that this machine may not be who you think it is. Type Yes to proceed anyway. Type your admin password when prompted. Once the tunnel is established, you can shut it down by typing Exit. You now know how to establish an SSH tunnel and, once established, you can do anything on the remote Mac that you could do sitting in front of it with a Terminal window.
But we want to tunnel our AFP session through the SSH tunnel. That gets a little trickier, and we've created yet another code snippet to save you a semester's worth of work trying to figure it out yourself. Nothing in this script is original incidentally. It merely combines various suggestions I've scoured from around the 'Net to save you a bunch of time. So download afptunnel.txt to your browser by Control-Clicking on it and choosing to open it in a new tab or window. Press Command-A and then Command-C to copy the contents of the snippet to your clipboard. Now open a Terminal window and create a new file: pico afptunnel. Once the Pico editor opens, press Command-V to copy the contents of the clipboard into the editor. Now search for "windswept": Ctrl-W,windswept,enter. With the cursor positioned over the w in windswept, use Ctrl-D to delete windswept.dyndns.org. Now type the fully qualified domain name or IP address of your remote Mac AFP host but make certain the line ends with a semicolon with no blank spaces between the address and the semicolon. Now save the file: Ctrl-X,Y,enter. Change the file attributes to support script execution: chmod 770 afptunnel. Now try out the script to connect from your local machine to your remote Mac host through an SSH tunnel: ./afptunnel. Type Yes if asked whether to trust the host. Provide your admin password when prompted. When the tunnel is established and the AFP connection is made, log in to the remote host using your remote account created earlier. Heed the Terminal window warning and leave the window open until you end your AFP session by dismounting your AFP drive. Then click in the Terminal window and press the ENTER key to close down your SSH tunnel. You're now an expert on AFP and SSH. Now you can securely connect to your remote Mac from any other Mac on the planet!
Security Alert. Just a heads up that earlier this week Apple announced a security vulnerability in the AFP server for Mac OS X Tiger only. You can read all about it here. Before using AFP Server on a Tiger system with or without an SSH tunnel, you are well advised to download and install Security Update 2005-006 for Mac OS X 10.4.1.
Other Mac Projects and HOW-TO's. We tackle a new open source project for the Mac almost every week on Nerd Vittles. You can review the complete list at any time by going here.
ISP-In-A-Box: Hosting Multiple Web Sites And Domains On Your Mac
Once you get a web site up and running on your Mac mini (or any other Mac running Mac OS X Panther or Tiger), you’ll probably get hooked and want to add additional web sites or domains. So today we’re going to give you a template that can be used to add additional sites to your heart’s content. In a previous article, we covered one approach to hosting multiple domains. In that scenario, we built separate web sites in the Sites folder for various user accounts on your Mac. Then using Omnis.com‘s DNS tools, we pointed different domains or subdomains to the appropriate web sites on your Mac using a Proxy (aka mod_proxy) record for the domain that looked like this (substituting your own IP address, of course):
That solution works; however, it forces you to log in as different users to manage the different web sites. Today’s approach assumes you want to manage multiple web sites from a single account on your Mac using the traditional web site folder heirarchy located at /Library/WebServer/Documents. Our site design for multiple web sites and multiple domains goes like this. We’ll create a websites folder below the /Library/WebServer/Documents folder. Then, for each new web site or domain, we’ll create a subfolder below the websites folder. We’ll leave the websites folder empty and adjust Apache to bar direct access to the contents of that folder. Then we’ll assign a TCP port for the new site and add the necessary code to support the new domain to the Apache config file, httpd.conf. Finally, we’ll point our domains to your Mac’s IP address using the proxy service of a domain registrar, restart Apache, and presto, you’ll be hosting multiple web sites from your Mac mini ISP-In-A-Box. One advantage of this design is that you still can remotely manage all of your web sites using a WebDAV client on almost any computer. We covered all of that here last week. We’re assuming you already have built your first web site using our Apache tutorials. If not, start here. Then go here and here. Then you’ll be ready to continue on with this tutorial. As with most of our articles, a degree in Rocket Science isn’t required, but you do have to use the Pico editor to make a few customizations to the Apache configuration files. For the Internet wizards reading this, you’re probably saying there’s an easier way to set up multiple web sites with Apache. Yes, there is. It just doesn’t seem to work in the Mac environment. If anyone comes up with a simpler method that works, do us all a favor and put it in a comment.
Creating the First Web Site. Let’s begin by creating the folder that will house all of our new web sites. Open a Terminal window and switch to root access with your admin password: sudo su. Now move to the main web site folder: cd /Library/WebServer/Documents. Create the new websites folder: mkdir websites. Move to the websites folder: cd websites. Now create a directory to house our first new web site: mkdir mysite. For additional web sites, you’ll simply create additional folders below the websites folder as we just did.
Modifying Apache to Support New Web Sites. Because of Apple’s configuration design, we’re going to configure our new web sites to use TCP ports in the eighties beginning with 81 rather than the default HTTP port, port 80. Remember not to use 82. We used that for our WebDAV server. So we’ll need to first edit httpd.conf in the /etc/httpd folder. Open a Terminal window and switch to root access: sudo su. Move to the Apache config directory: cd /etc/httpd. Make a duplicate of the httpd.conf file just in case something goes wrong: cp httpd.conf httpd.sav. Now carefully edit the Apache config file: pico httpd.conf. Switch back to your web browser and Ctrl-Click on the access.txt code snippet here and open it in a new tab or window in your web browser. Press Command-A then Command-C to copy the code snippet to your clipboard. Now switch back to your Terminal window and move to the bottom of the httpd.conf file by repeatedly pressing Ctrl-V. Copy the clipboard contents there by pressing Command-V.
Now let’s look at what we pasted. The first three lines tell Apache not to display a directory listing of the websites folder if someone accesses your web site by typing: http://yourwebsite.com/websites/. The Listen 81 line tells Apache to listen on this TCP port as well as port 80. The VirtualHost _default_:81 line identifies the port which will be used to access this web site. The DocumentRoot and Directory lines tell Apache where the data for this web site is stored on your server: /Library/WebServer/Documents/websites/mysite. The allow from all line gives everyone access to this web site. And Options +Indexes tells Apache to display a directory listing of this folder if there is no index.html or index.php startup file in the folder. If you want to hide the directory if there is no startup file, change the plus sign to a minus sign.
Now that you understand what the various lines in the config file do, let’s save the changes to httpd.conf: Ctrl-X,Y,enter. Now restart the Apache web server: apachectl restart.
Firewall Adjustments. Remember to add a new port authorization in your Mac firewall to support port 81. Go to SystemPreferences->Sharing->Firewall and click the New button. Choose Other for the PortName, specify the desired TCP port number (81), and name the service HTTP81 so you can remember what it does. Click OK to save your update. Also make the necessary adjustment to your hardware based firewall to authorize the new port and point it to the internal IP address of your Mac. If your hardware firewall uses port 81 for remote access, be sure to change it to another port.
Domain Registrar Adjustments. Finally, access your domain registrar’s web site (as previously noted, we recommend Omnis.com which supports proxy DNS entries) and, using the registrar’s DNS tools, add a proxy record to point your domain to the IP address and port 81 of your Mac web server: http://111.111.111.111:81 using your own IP address. You usually have to make two proxy record entries, one for @ and one for www if you want your web site accessible as either www.yourwebsite.com or yourwebsite.com. If you don’t know the IP address of your Mac web server, just access our IP site identifier using a web browser on your Mac web server, and it will tell you.
Adding Additional Web Sites or Domains. When you’re ready to add additonal web sites or domains to your web server, just follow these simple steps. Add a new folder in the /Library/WebServer/Documents/websites folder. Add an additional Listen and VirtualHost block to your access.conf config file for each domain address which will be used to access the new web site. Be sure to change the access port to port 83 or higher and the web site directory location in every line that you added. Remember to use a different TCP port for each new domain you add. Restart your Apache web server. Make the necessary additions to your Mac and hardware-based firewalls to support the new port. Then add the proxy DNS entry for your new domain using your domain registrar’s proxy DNS tools. For a sample of what we just did using the mysite.webify.us subdomain, click here. Yes, we eat our own dog food.
ISP-In-A-Box: Remotely Managing Mac Web Sites Using WebDAV
If you’re using a Mac mini or any other Mac running OS X Tiger or Panther to host your web site, then you’ve probably wondered how you can update the content on your web site without sitting in front of your Mac. Today we’ll show you how to build and use your Mac’s WebDAV server to remotely manage your web site from just about anywhere. And you can use just about any computer to do it, even one of those Win thingies. All we need to do is tweak the Apache software that’s already installed with Mac OS X Tiger or Panther. When we are finished, we want a web site on your Mac that can be accessed by anyone using a garden-variety web browser without requiring a password. But we also want to be able to update the content of that web site by connecting over the Internet to the appropriate folder on the Mac using WebDAV with a username and password to keep the bad guys out. If you haven’t already read our previous article on how to use WebDAV clients and Web Folders, then start there to learn all about how to connect to a WebDAV server from another Mac, or a Windows PC, or even a Linux or UNIX computer.
As you probably know, WebDAV stands for Web-based Distributed Authoring and Versioning. Simply put, it is an HTTP protocol extension that allows people anywhere on the Internet to collaboratively edit and manage documents and other files using the same protocol and port used for surfing the web. In the Mac world, WebDAV provides a Disk Volume on your Desktop that "looks and feels" like any other networked hard disk. In the Windows world, WebDAV is called Web Folders. They can be used like any other mapped drive in Network Neighborhood. If you’re still a little fuzzy about the WebDAV concept, think of how you link to another drive on your local area network. WebDAV gives you the same functionality across the entire Internet with virtually the same ease of use. Depending upon user privileges, of course, you can copy files to and from a WebDAV volume, and the protocol imposes versioning control through file locking to assure that multiple people with access rights don’t change the same file at the same time. Tiger and Panther versions of Mac OS X provide both a WebDAV client and server. So let’s get started.
In a nutshell, the WebDAV server setup goes like this. We’ll assume that your main web site was built in the default location on your Mac: /Library/WebServer/Documents. First, we’ll change the group owner of this folder so that we can get read and write access to it using WebDAV. Then we’ll set up a username and password system to support WebDAV access for you and whoever else you provide usernames and passwords to. Next we’ll activate the WebDAV mods in Apache which already are installed on your Mac. We’ll then reconfigure Apache a bit to support WebDAV access and formatting. And finally we’ll restart your web server and presto, WebDAV.
You don’t need to be a Rocket Scientist to do this, but you do have to get your hands dirty with our favorite command-line editor, Pico. For those that care about such things, Tiger actually replaces Pico with Nano, but you still can access it by typing Pico … and it works the same way. If you’ve followed other Nerd Vittles tutorials, then this one will be a breeze. Just be sure you edit carefully and, if something does go wrong, copy your backup Apache config file back over the edited one and try again. Apache errors don’t get reported in System Preferences->Sharing when you activate your personal web server. If you have problems and want to see what’s going on, activate and then run WebMin (which we previously covered on Nerd Vittles and upgraded here a few weeks ago for Tiger). Using your browser, access WebMin and choose Servers->Apache Webserver. Then start and stop the web server from there. Errors will be reported with the line number in the config file that’s causing the problem. Ctrl-C in Pico will tell you what line number you’re on in the config file. If this sounds like I’ve had recent experience, you’d be correct. That’s part of the price you pay for being a pioneer.
Changing Group Owner of Your Web Site. Open a Terminal window, and switch to root access: sudo su. Then navigate to the following folder: cd /Library/WebServer. Change the Documents folder to the Apache group: chgrp -R www Documents. Provide write access to authorized users who connect to this WebDAV folder: chmod 775 Documents.
Security Warning: Be aware that we are opening a security hole in your web site by giving Apache write (and delete) access to your main web folder and any subdirectories. We’ve had two levels of protection for your web site: Mac OS X and Apache. Now we just have one: Apache. So you would not want to put up any type of web page, CGI script, or PHP code which allows someone using a web browser to manipulate, delete, rename, or copy files into or on your web site because of the very real risk of compromising your web site files. In short, the only things now standing between your web site and the bad guys are your web pages and Apache’s internal security mechanisms. While Apache has a rock-solid track record insofar as bugs and security are concerned, there’s still always a risk. And we wanted you know about it up front. Did we mention the importance of frequent backups? Here’s an article that will tell you how to do that as well. If you ever decide you want to stop using WebDAV, here’s how to provide the double-layer of security protection once again. Open a Terminal window, and switch to root access: sudo su. Then navigate to the following folder: cd /Library/WebServer. Change the Documents folder back to the admin group: chgrp -R admin Documents. Even with the admin group enabled for Documents, you still can access your web sites with WebDAV. You just won’t be able to upload new documents or delete existing ones.
Building a Password File. We already built a password file in the Web Sites 101 tutorial on Nerd Vittles. We used that password file to manage web site access to various web directories. You probably don’t want to use the same password file for this WebDAV application unless you are building this for same set of users with the same privileges. The only trick to password files is you want to put the file where Apache can read it but your web visitors cannot. And you want to be careful not to insert blank lines in the file with just a colon. That basically lets everyone in. The format for the file is username:password, each on a separate line. And the passwords are encrypted. Here’s how to do it. Open a Terminal window and switch to root access: sudo su. Now move to the directory where we’ll put the password file: cd /usr/local. We’re going to name this password file website.pw so we can remember what it’s for. To create the file and erase any existing file without warning type: htpasswd -c website.pw admin. Think up a password you can remember, and you’ll be prompted to type it twice. Now let’s verify that the file was created: cat website.pw. You should see the word admin, then a colon, and then your encrypted password. To add additional users to the file, just type: htpasswd -m website.pw username where username is your next user. You’ll be prompted for the password. Remember, if you accidentally use the htpasswd -c syntax a second time, you will overwrite your existing file and all of its entries. So be careful. Finally, remember to make duplicate entries using email syntax for the username to assure that Windows clients can access your DAV resources: htpasswd -m website.pw joe@schmo.com.
Reconfiguring Apache to Support WebDAV. Open a Terminal window, and switch to root access: sudo su. Then navigate to the folder with Apache’s configuration file: cd /etc/httpd. First, let’s make a backup copy of the config file in case something goes wrong: cp httpd.conf httpd.conf.dav.save. Now let’s carefully edit the config file: pico httpd.conf. If you previously built the WebDAV server backup application which we covered on Tiger Vittles, then skip to the next paragraph. Otherwise, uncomment the headers_module line by searching for headers (Ctrl-W, headers, enter) and then pressing Ctrl-D while positioned over the # sign at the beginning of the line. Now search for mod_headers (Ctrl-W, mod_headers, enter) and uncomment that line (Ctrl-D while positioned over beginning # sign). Now search for dav_module (Ctrl-W, dav_module, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now search for mod_dav (Ctrl-W, mod_dav, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now press Ctrl-V repeatedly until you get to the bottom of the file. Switch to your web browser and download WebDAV snippet #1. When the code snippet displays in your web browser, press Command-A then Command-C to copy all of the code to your clipboard. Now switch back to Pico, click at the bottom of the config file, and paste code snippet #1 into the config file by pressing Command-V. Use the cursor keys to move to the BrowserMatch section of the code we just pasted and be sure "redirect-carefully" didn’t end up on a line by itself. If it did, position the cursor over the first letter "r" and press the backspace key to move it back up to the end of the previous line of code. Don’t worry if a dollar sign displays at the end of the line after you move it. This just indicates that additional text is off the screen.
We’ve got one more code snippet to cut and paste, and we’ll be all set. We want to search for the second occurrence of /Directory in the Apache config file: Ctrl-W,/Directory,enter,Ctrl-W,enter. Move the cursor to the beginning of the line and press Enter to open up a blank line. Now move up to the blank line by pressing the Up Arrow. Switch to your web browser and download WebDAV snippet #2. When the code snippet displays in your web browser, press Command-A then Command-C to copy all of the code to your clipboard. Now switch back to Pico, click on the blank line we inserted, and paste code snippet #2 into the config file by pressing Command-V.
That should do it. Save your Apache config file: Ctrl-X, Y, enter. And restart Apache by deselecting and then reselecting Personal Web Sharing from System Preferences->Sharing. Close the Terminal window by typing exit, pressing enter, and then pressing Command-Q.
Testing Your WebDAV Server. To test whether WebDAV is working, switch to your Desktop and, using Finder, press Command-K. When prompted for the server address, type http://localhost and then click the Connect button. Enter your username and password that you created in the website.pw password file, and your main web site folder should appear on your Desktop. Drag a file from your Desktop to the folder to be sure everything is working as it should. If you’ve enabled web access through your Mac and router firewalls (which we have previously covered here), then you should be able to access your WebDAV server from the Internet with your IP address or domain name. Just press Command-K from Finder and use the following syntax for your WebDAV resource: http://mydomain.com. For more details on using WebDAV clients or to use a Windows machine to access your WebDAV share, read our previous article on the subject here. Now you can enjoy remotely managing your web sites with WebDAV. So put on your travelling shoes!
Some Recent Nerd Vittles Articles of Interest…
Mac OS X Tiger Backups: The Good, The Bad, and The Ugly
Now that we’ve successfully moved our ISP-In-A-Box to Tiger, we really need a backup solution that works. Our definition of "works" is that the backup copies all of your data to an external backup device, the files are intact, and you can boot your Mac from the backup drive in the event of a catastrophic failure of your main drive. Having said that, there are some other backup solutions that can duplicate all of your data but the resultant backup set is not independently bootable. In short, it’s better than nothing, but it leaves you with a good bit of work to do in the event your main drive croaks.
Our personal favorite in the Panther days was Carbon Copy Cloner in combination with psync. You can read all about it here. Unfortunately, Carbon Copy Cloner presently doesn’t work with Tiger unless you apply the 10.4.2 update. You can run it from a Terminal window; however, the resulting backup is not bootable. The developer’s web site does indicate that an update for Tiger is in the works, but it’s not soup yet. One of the major advantages to Carbon Copy Cloner (in addition to making reliable, bootable backups) was that it also was free.
Another free alternative that has been updated for Tiger is LaCie Silverkeeper 1.1.3. The price is right (free). The backup does appear to be complete. And your Mac will boot from the backup drive. However, when we booted from the backup drive after completing the backup, we got the standard Apple Welcome screen as if you had just installed Tiger on your system. This forces you to reconfigure your language preferences, your network, and walk through the remainder of the setup process before you can access your drive. Again, this may be perfectly acceptable to some. It wasn’t what we were looking for. But the price is right, and it might be adequate to tide you over until a Carbon Copy Cloner update is released.
A free option in which the backup is actually bootable is Apple’s own Disk Utility which is included with Mac OS X. To make a bootable backup copy of your local hard disk, insert the Tiger DVD, plug in an external firewire drive, and reboot your Mac while holding down the "C" key. Select your language. Then from the menu bar choose Utilities->Disk Utility. Click on your internal hard disk from the drive list. Click the Restore tab. Now drag your internal disk drive to Source and drag your external drive to Destination. If you want to checksum your backup, read the screen instructions. Otherwise, check Erase Destination and then click the Restore button. Click OK to erase your backup drive. Once the backup completes, test your backup by rebooting your system while holding down the Option key. Choose the backup disk (far right) as your boot device. Be patient! It takes about a minute after your Mac reboots until you can make a drive choice. Once you select the backup drive, click the right arrow key, and you’re off to the races. The only drawback to this option is having to boot your Mac from the Tiger DVD disk to make a bootable backup. Otherwise, it works like a champ … and it’s free.
A fourth option is to download and then run psync from a Terminal window with the following command: sudo psync -d / /Volumes/Backup/ where Backup is the name of your backup volume. The backup appears to be complete; however, you cannot boot from the external drive following completion of the backup. So this option suffers from the same drawback as the Carbon Copy Cloner solution. One advantage of psync is that it can easily be added as a cron job which will kick off automatically at times you specify. See our article on crontab and CronniX for further details on how to implement this if you are interested in this approach.
Another personal favorite is D√ɬ©j√ɬ† Vu from Propaganda Productions. It works as a Preference Pane within System Preferences and does exactly what Carbon Copy Cloner used to do. Unfortunately, it’s not free unless you happen to own Toast 6 Titanium. If you do own Toast 6 Titanium, you can get the Tiger-compatible version of D√ɬ©j√ɬ† Vu by upgrading to Toast Titanium 6.1. Unfortunately, the Hobson’s Choice is that upgrading to version 6.1 eliminates your ability to burn music CDs using songs purchased from the iTunes Music Store, a nasty gotcha that we previously have written about. Fortunately, for $9.95 you can upgrade D√ɬ©j√ɬ† Vu only from Propaganda’s web site. If you don’t own Toast 6 Titanium, you still can buy D√ɬ©j√ɬ† Vu. It’s $24.95 for a single-user license and a very reasonable $34.95 for a household license which authorizes installation on an unlimited number of Macs in your single household. Or you can use it for 30 days at no cost. Perhaps by then the Carbon Copy Cloner update will be available.
Finally, our readers’ comments pointed us to another terrific shareware product, SuperDuper. And it really is. It has two modes: registered (for $19.95) and unregistered. The unregistered version which is free for downloading makes a perfect duplicate of your system disk to an external firewire drive which is bootable. That is exactly what we set out to do with our backup reviews in this tutorial, and it couldn’t get much simpler. You choose your internal drive as the source from the left pull-down menu and choose your firewire external drive as the target from right pull-down. Leave the default script and click the Start Copying button. Making a perfect clone of an iMac G5 with 20 gigs of data took roughly an hour. Then you can boot from the external drive to make sure everything went according to plan. It doesn’t get much easier than that, and you sure can’t beat the price.
ISP-In-A-Box: The $500 Mac mini (WebDAV and Web Folders 101)
Microsoft deserves a lot of credit for popularizing the idea of Web Folders, but the open source movement gets the accolades for making WebDAV work reliably across all the computing platforms. If you didn't already know, WebDAV stands for Web-based Distributed Authoring and Versioning. Simply put, it is an HTTP protocol extension that allows people anywhere on the Internet to collaboratively edit and manage documents and other files using the same protocol and port used for surfing the web. In the Mac world, WebDAV provides a Disk Volume on your Desktop that "looks and feels" like any other networked hard disk. In the Windows world, WebDAV provides a Web Folder which can be used like any other mapped drive in Network Neighborhood. If you're still a little fuzzy about the WebDAV concept, think of how you link to another drive on your local area network. WebDAV gives you the same functionality across the entire Internet with virtually the same ease of use. Depending upon user privileges, of course, you can copy files to and from a WebDAV volume, and the protocol imposes versioning control through file locking to assure that multiple people don't change the same file at the same time. Panther and Tiger versions of Mac OS X provide both a WebDAV client and server, and today we'll walk you through configuring and using both the client and the server on your Mac. Because of the number of folks that also use Windows machines at the office, we'll also briefly touch upon how to access your Mac WebDAV resources and set up a Web Folder from a Windows XP machine.
HOW-TO Use the WebDAV Client on the Mac. We're going to start by walking through the set up process for connecting to a WebDAV server resource anywhere on the Internet. To connect to a WebDAV resource from a Mac, press Command-K from Finder. Then enter a Server Address in the following format: http://192.168.0.103/dav/. This tells Finder to use the HTTP protocol to establish a link to an IP address and folder that you designate. You also can use a fully-qualified domain name in lieu of an IP address. Typically, you'll be prompted for a username and password, and then a new volume will appear on your Desktop which can be used just like your local hard disk. When you finish using the resource, CTRL-Click on the volume and Eject it. It's that simple.
HOW-TO Use Web Folders on a Windows PC. The Windows process is a bit different as you might expect, but the results are the same. Once connected, you'll have a mapped drive that can be used just like any other network drive. The simplest way is to map a drive (see inset). To access Web Folders and save your settings, we're going to use the Add Network Place Wizard. You can access it in several ways. Either Right-Click on Network Neighborhood and choose Map Drive. Or from My Network Places, choose Add a network place. Or from Windows Explorer, choose Tools->Map Network Drive. Now click "Sign up for online storage or connect to a network server" at the bottom of the window.
When the Add Network Place Wizard appears, you'll be prompted for where to create the network place. Select "Choose another network location" and click Next. For the Internet address, use the same syntax as on the Mac: http://192.168.0.103/dav/ and click Next. Give your network place a name and click Next then Finish. Your new Web Folder will now appear in My Network Places. Just click on it to connect. Here's the gotcha with WebDAV on the Windows platform. If you access a Web Folder by IP address, when you're prompted for a username and password to log in, the username must be in email format: john@doe.org. Another "Better Idea" from our friends at Micro$oft. So when you create usernames on your Mac, keep this in mind if you want Windows users to be able to access the resources reliably. It doesn't matter what the email username or domain is, but it has to be in email format. When you finish using a web folder, be sure to disconnect. Open Windows Explorer, choose Tools->Disconnect Network Drive, and select the Web Folder you wish to disconnect.
Connecting to a WebDAV Resource. We've temporarily set up a sample WebDAV server on one of our Tiger-enhanced Macs so that you can experiment with WebDAV access from your favorite Mac, Linux, or Windows machine. For reasons which should be obvious, we've disabled writing to our WebDAV server only because we didn't want our hard disk filled up by some anonymous bozo in the middle of the night. We're also going to provide a single username and password for everyone to use. It should be stressed that neither of these scenarios is typical. First, the usual purpose of a WebDAV server is to facilitate collaboration which means all authorized users should be able to read and write to the volume. Second, you usually don't provide access to a WebDAV server for anonymous users. That's what web sites are for. But this is Wiki World, and we wanted to show you how these things are put together before you roll your own. So bear with the constraints recognizing that, when you set up your own WebDAV server, it will be much more robust.
To access the system, follow one of the client access methods outlined above. The web address using Windows is http://webify.us. For Macs, use http://dav.webify.us:82. When prompted for a username and password, use bozo for the username and forlife as the password. If you have problems with the username on a Windows PC, use bozo@webify.us. Don't forget to disconnect when you are finished playing. NOTE: This system (only) will be down for a move to its new permanent location from Thursday afternoon, May 26 until Saturday morning, May 28. Our apologies.
That about covers using a WebDAV client. For step-by-step instructions on creating your own WebDAV server on your Mac, here's a reprint of the article from our former Tiger Vittles site.
ISP-In-A-Box: Building a WebDAV Server for Remote Access
Ever wished you had several gigs of off-site disk storage so you could safely back up all your most important data and use it for remote access or collaboration. One option, of course, is a .Mac account which gives you 125MB of iDisk storage space and other goodies for $99 a year. You can increase your iDisk to a gigabyte for an additional $49.95 a year, a bargain compared to some commercial sites. Here’s another approach that’ll save you hundreds of dollars a year. Find a friend with a Mac and an Internet connection and swap several gigs of storage space on your friend’s Mac for several gigs of storage space on yours. Then follow along here, and we’ll show both of you how to build and use WebDAV servers to do exactly what the commercial firms are doing. And you can use the Apache software that’s already installed with Mac OS X Tiger.
As you now know, WebDAV stands for Web-based Distributed Authoring and Versioning. Simply put, it is an HTTP protocol extension that allows people anywhere on the Internet to collaboratively edit and manage documents and other files using the same protocol and port used for surfing the web. In the Mac world, WebDAV provides a Disk Volume on your Desktop that “looks and feels” like any other networked hard disk. In the Windows world, WebDAV is called Web Folders. They can be used like any other mapped drive in Network Neighborhood. If you’re still a little fuzzy about the WebDAV concept, think of how you link to another drive on your local area network. WebDAV gives you the same functionality across the entire Internet with virtually the same ease of use. Depending upon user privileges, of course, you can copy files to and from a WebDAV volume, and the protocol imposes versioning control through file locking to assure that multiple people don’t change the same file at the same time. Panther and Tiger versions of Mac OS X provide both a WebDAV client and server. Nerd Vittles walked you through configuring and using the WebDAV clients. So let’s tackle the WebDAV server setup now. This works with Tiger or Panther by the way.
In a nutshell, the WebDAV server setup goes like this. We’ll create a new subdirectory in the web server’s storage folder which we’ll use for WebDAV read and write access. Then we’ll set up a username and password system to support WebDAV access. Next we’ll activate the WebDAV mods in Apache which already are installed on your Mac. We’ll then reconfigure Apache a bit to support WebDAV formatting. And finally we’ll restart our web server and presto, WebDAV. You don’t need to be a Rocket Scientist to do this, but you do have to get your hands dirty with a command-line editor, Pico. If you’ve followed other Nerd Vittles tutorials, then this one will be a breeze. Just be sure you edit carefully and, if something does go wrong, copy your backup Apache config file back over the edited one and try again. Apache errors don’t get reported in System Preferences->Sharing when you activate your personal web server. If you have problems and want to see what’s going on, activate and then run WebMin (which we previously covered at Nerd Vittles and upgraded here last week for Tiger). Using your browser, access WebMin and choose Servers->Apache Webserver. Then start and stop the web server from there. Errors will be reported with the line number in the config file that’s causing the problem. Ctrl-C in Pico will tell you what line number you’re on in the config file. If this sounds like I’ve had recent experience, you’d be correct. But you won’t have to pull your hair out. I’ve already done that with mine.
Creating a WebDAV Folder. Open a Terminal window, and switch to root access: sudo su. Then navigate to the root of your web server folders: cd /Library/WebServer/Documents. Create a new WebDAV folder: mkdir dav. Change the permissions of the folder’s group to match the Apache group: chgrp -R www dav. If you want to provide write access to users who connect to your WebDAV folder, then change the permissions to allow it: chmod 775 dav.Building a Password File. We already built a password file in the Web Sites 101 tutorial on Nerd Vittles. We used that password file to manage web site access to various web directories. You probably don’t want to use the same password file for WebDAV unless you are building this just for yourself. The only trick to password files is you want to put the file where Apache can read it but your web visitors cannot. And you want to be careful not to insert blank lines in the file with just a colon. That basically lets everyone in. The format for the file is username:password, each on a separate line. And the passwords are encrypted. Here’s how to do it.
Open a Terminal window and switch to root access: sudo su. Now move to the directory where we’ll put the password file: cd /usr/local. We’re going to name this password file dav.pw so we can remember what it’s for. To create the file and erase any existing file without warning type: htpasswd -c dav.pw admin. Think up a password you can remember, and you’ll be prompted to type it twice. Now let’s verify that the file was created: cat dav.pw. You should see the word admin, then a colon, and then your encrypted password. To add additional users to the file, just type: htpasswd -m dav.pw username where username is your next user. You’ll be prompted for the password. Remember, if you accidentally use the htpasswd -c syntax a second time, you will overwrite your existing file and all of its entries. So be careful. Finally, remember to make duplicate entries using full email syntax for the username to assure that Windows users can access your DAV resources: htpasswd -m dav.pw joe@schmo.com.
Reconfiguring Apache to Support WebDAV. Open a Terminal window, and switch to root access: sudo su. Then navigate to the folder with Apache’s configuration file: cd /etc/httpd. First, let’s make a backup copy of the config file in case something goes wrong: cp httpd.conf httpd.conf.dav.save. Now let’s carefully edit the config file: pico httpd.conf. Uncomment the headers_module line by searching for headers (Ctrl-W, headers, enter) and then pressing Ctrl-D while positioned over the # sign at the beginning of the line. Now search for mod_headers (Ctrl-W, mod_headers, enter) and uncomment that line (Ctrl-D while positioned over beginning # sign). Now search for dav_module (Ctrl-W, dav_module, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now search for mod_dav (Ctrl-W, mod_dav, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now press Ctrl-V repeatedly until you get to the bottom of the file. Switch to your web browser and download this WebDav snippet. When the code snippet displays in your web browser, press Command-A then Command-C to copy all of the code to your clipboard. Then switch back to Pico, click at the bottom of the config file, and paste the code snippet into the config file by pressing Command-V. Use the down arrow to move to the BrowserMatch section of the code we just pasted and be sure “redirect-carefully” didn’t end up on a line by itself. If it did, position the cursor over the first letter “r” and press the backspace key to move it back up to the end of the previous line of code. Don’t worry if a dollar sign displays at the end of the line after you move it. This just indicates that additional text is off the screen… the price we pay for using a free editor. Now we should be all set. Save the config file: Ctrl-X, Y, enter. And restart Apache by deselecting and then reselecting Personal Web Sharing from System Preferences->Sharing. Close the Terminal window by typing exit, pressing enter, and then pressing Command-Q.Testing Your WebDAV Server. To test whether WebDAV is working, switch to your Desktop and, using Finder, press Command-K. When prompted for the server address, type http://localhost/dav and then click the Connect button. Enter your username and password that you created in the dav.pw password file, and a blank dav folder should appear on your Desktop. Drag a file from your Desktop to the folder to be sure everything is working as it should. If you’ve enabled web access through your Mac and router firewalls (which we have previously covered here), then you should be able to access your WebDAV folder from the Internet with your IP address or domain name using the syntax: http://mydomain.com/dav. Enjoy your new WebDAV server. Now all you need is a friend to share it with.
iTunes Bait and Switch: Say It Ain’t So, Steve
After selling over 400 million songs through the iTunes Music Store, Apple reportedly has pulled a fast one. The Bait: Remember the original iTunes promise? Songs purchased on iTunes could be copied to an unlimited number of iPods that you own and could be played on up to five Macs or PCs. And you could burn playlists to music CDs up to seven times. And you could burn individual songs to music CDs an unlimited number of times. Well, that was then and this is now according to a little blurb on VersionTracker this week. In announcing the latest release of Roxio’s award-winning CD and DVD burning software, Toast Titanium 6.1, which was supposed to fix some compatibility issues with Tiger, a not-so-subtle gotcha has been added. The Switch: "Following discussions with Apple, this version will no longer allow customers to create audio CDs, audio DVDs, or export audio to their hard drive using purchased iTunes music store content."
If true, Apple’s welching on the terms of their music license with end-users by strong-arming software developers into crippling their CD burning software may just earn them one of the biggest class-action lawsuits of the century … to the tune of 400 million already-purchased songs. Does Apple have the right to change the terms of their music license for future sales from iTunes? I suppose so. Do they have the right to change the rules for songs people have already purchased? Any first-year law student could answer that as could most folks with about an ounce of common sense. But you can still burn a CD using iTunes, you might be saying. And I would respond, "Yeah. This week." How many times in the past year has Apple made changes to iTunes that further restrict your use of music you lawfully purchased? Making iTunes the exclusive software for burning music CDs of music purchased from the iTunes Music Store will work just about as well as letting the Arab nations unilaterally set the price of oil. What’s coming next: music CDs that will only play on Apple CD players. Give us a break! Maybe it’s time for folks to take a look at allofmp3.com after all. It’s only 95¢ a song cheaper than iTunes. But we were all trying to be good citizens, except Apple apparently. If Apple can continually change the ground rules after the fact, then it’s hard to fault those who resort to tools such as PyMusique to protect their music investment.
The fundamental difference in what Roxio apparently was doing to reverse engineer the Apple encryption scheme and what Real appears to be doing is quite simple. People have always had a contractual right to copy their encrypted songs to music CDs. So, just as printer manufacturers have no right to assert the Digital Millenium Copyright Act (DMCA) to bar competitors from making compatible print cartridges, Apple has no legitimate DMCA claim to bar other companies from providing tools to perform the lawful act of making music CDs from iTunes downloaded songs. If Apple was only worried about their encryption scheme with no ulterior motives, then it would have been a simple matter to license a decryption library to Roxio for the limited purpose of making music CDs from iTunes downloaded music. That obviously didn’t happen.
It’s too bad that Apple, which has been embraced by the public as the model technology company in this country, just can’t seem to resist the temptation to jump into the legal thicket and shoot itself in the proverbial foot. Worse yet, it always seems to happen when Apple is on a roll. Makes you wonder what would happen if Apple really were in the desktop computing driver’s seat, doesn’t it? Once word spreads that Apple is beginning a process of further crippling music downloads by changing the original terms of their deal with the public, then, read my lips, the iTunes lock on music downloads is going to be history. So, Steve. Say it ain’t so. You’ve inspired a new generation of kids to actually buy their music. Don’t make them all sorry they trusted you.
About the Author. Ward Mundy is a retired attorney who spent more than 30 years providing legal and technology assistance to the federal courts in the United States. Nothing in this article should be construed as legal advice, and obviously the views expressed herein are solely those of the author.