The Most Versatile VoIP Provider: FREE PORTING
JUST RELEASED: Visit the Incredible PBX WikiISP-In-A-Box: Remotely Managing Your Mac Using AFP and SSH Tunnels
We've been exploring remote access and remote management options for the Mac mini and other Macs running Mac OS X Panther or Tiger for several months, and today we'll turn our attention to another solution that is ideally suited for those with multiple Macs at different locations. Every copy of Mac OS X ships with client and server versions of the Apple File Protocol (AFP) over TCP/IP. Enabling the server is a one-click operation. Choose System Preferences->Sharing and put a check mark beside Personal File Sharing. Assuming you have enabled the Mac's built-in firewall (which we always recommend), this automatically opens ports 548 and 427. If you have a hardware-based firewall (which we also recommend), you'll need to open port 548 and point it to the internal IP address of your Mac. If you have two Macs with Internet connections at different locations, you'll need to do the same thing on the other end. To connect to a remote Mac, you'll need to know its IP address or fully qualified domain name. Using a web browser on the remote Mac, you can obtain the IP address of your Mac by clicking on this link.
Once you enable Personal File Sharing and open the necessary ports in your firewalls, anyone can access and upload files to your Macs knowing nothing more than your IP address or fully-qualified domain name. Only those with actual user accounts can read and write files and execute programs on your remote Mac, and their access is restricted just as if they had logged in sitting at the desktop. The anonymous write access may or may not be what you had in mind. One very real risk of this design is that, given enough time, a malicious passer-by can flood your Mac with data and fill your entire hard disk with junk which will eventually crash the operating system since there will be no room for temporary files. If you couldn't already tell, this isn't our favorite Apple engineering design so here's how to fix it.
As delivered from Apple, every user's account has a Public folder with a Drop Box subfolder. The owner-user has read-write-execute privileges. The owner's group and everyone else have write and execute privileges to the Drop Box folder. This means strangers can upload files but can't see what's been uploaded. To adjust this so that strangers have no access privilegs, open a Terminal window and switch to root privileges: sudo su. Switch to the directory which houses user accounts: cd /Users. Display a directory listing for this folder: ls -all. Then repeat the steps below for every user account on your Mac substituting the name of each user's file folder for thisuser:
Make certain that the public directory listing in Step #2 begins with the following:
drwxr-x---
There should be three trailing hyphens following the "x" and these are the important part. Don't worry if the rest of the rights don't match. Continue repeating the steps above until you've done it for every user account on your Mac. Forgetting just one means someone can fill your disk with garbage!
Now that we've gotten the security housekeeping out of the way, we're ready to test your AFP access. This can be done from another Mac on your local area network or from a Mac elsewhere on the Internet. If you're trying it from your LAN, use the private IP address of the remote Mac (we'll call the Mac we're connecting to the AFP host or AFP server). If you're trying this from elsewhere on the Internet, use your AFP host's Internet IP address, the one you obtained in the first paragraph above. Now, click on your Desktop and press Command-K. For the server address, type afp://192.168.0.102 substituting your AFP host's IP address, of course. Click the Connect button to make the AFP connection, and assuming you got the IP address typed correctly you will see an AFP login window which looks similar to the one shown in the inset to the left. Notice the Guest and Registered User options. Now you know why we did what we did above to disable Guest access. Technically, strangers still can connect. They just can't get to anything or do any damage. To see how this works, try Guest access to our beach house Mac by going to this address: afp://windswept.dyndns.org.
For our purposes, you'll want to log in as a Registered User. So type your username and password just as you would sitting in front of your AFP Mac host. If you have Administrator rights, you'll be asked whether to mount your user directory or one of your mounted drives. Mounting the internal drive gives you access to everything on your Mac just as if you had logged in as the root user. You now can perform almost any task as if you were sitting in front of your remote Mac ... only slower. If you're using a modem, make that "painfully slower." If you have broadband connections at both ends of your AFP connection, you'll find AFP is perfectly acceptable for transferring files back and forth but probably not desirable for executing most applications, such as Word or iTunes. Another drawback of pure AFP is that data is sent in clear text and is unencrypted meaning all of the data including your account names and passwords are subject to compromise especially from a "Man in the Middle" attack. A good example would be a curious college geek managing the routers for your local Internet service provider.
That brings us to the second half of this article which is how to use an encrypted SSH tunnel to protect your AFP sessions. In one of many great articles on the subject O'Reilly put it this way:
A tunnel is a networking term with an appropriate name. It refers to a connection, usually encrypted, that connects two computers together across another, usually untrusted network. Picture a mountain of evil 3l33t d00dz sitting between your laptop and a server on your internal, protected network. You don't want to just throw your traffic really hard at the mountain and hope it gets there; you want to first form a protected tunnel from you to your machine, and then send the traffic through it.
Without getting into too much detail, what we want to do is set up an encrypted tunnel using Mac OS X's SSH tools, and then we'll pass all of our AFP traffic through that tunnel to keep the bad guys from reading its contents. Once we finish our AFP session, we'll shut down the tunnel until we need it again. For this to work reliably, you'll need to set up identical user accounts with identical passwords on both the remote host and client machines, and these accounts should have administrator privileges. A user with admin privileges need not be logged in on the remote host to establish the tunnel successfully. On the remote host, you'll need to enable Remote Login by checking the appropriate box in System Preferences->Sharing. This will enable Port 22 traffic on your Mac firewall; however, you also will need to adjust your hardware-based firewall to route port 22 traffic to the internal IP address of your Mac. Now log in to your client Mac using the same account name with admin privileges that you established on your remote Mac. Open a Terminal window and type: ssh 192.168.0.102 substituting the remote IP address of your remote Mac host. You'll be warned that this machine may not be who you think it is. Type Yes to proceed anyway. Type your admin password when prompted. Once the tunnel is established, you can shut it down by typing Exit. You now know how to establish an SSH tunnel and, once established, you can do anything on the remote Mac that you could do sitting in front of it with a Terminal window.
But we want to tunnel our AFP session through the SSH tunnel. That gets a little trickier, and we've created yet another code snippet to save you a semester's worth of work trying to figure it out yourself. Nothing in this script is original incidentally. It merely combines various suggestions I've scoured from around the 'Net to save you a bunch of time. So download afptunnel.txt to your browser by Control-Clicking on it and choosing to open it in a new tab or window. Press Command-A and then Command-C to copy the contents of the snippet to your clipboard. Now open a Terminal window and create a new file: pico afptunnel. Once the Pico editor opens, press Command-V to copy the contents of the clipboard into the editor. Now search for "windswept": Ctrl-W,windswept,enter. With the cursor positioned over the w in windswept, use Ctrl-D to delete windswept.dyndns.org. Now type the fully qualified domain name or IP address of your remote Mac AFP host but make certain the line ends with a semicolon with no blank spaces between the address and the semicolon. Now save the file: Ctrl-X,Y,enter. Change the file attributes to support script execution: chmod 770 afptunnel. Now try out the script to connect from your local machine to your remote Mac host through an SSH tunnel: ./afptunnel. Type Yes if asked whether to trust the host. Provide your admin password when prompted. When the tunnel is established and the AFP connection is made, log in to the remote host using your remote account created earlier. Heed the Terminal window warning and leave the window open until you end your AFP session by dismounting your AFP drive. Then click in the Terminal window and press the ENTER key to close down your SSH tunnel. You're now an expert on AFP and SSH. Now you can securely connect to your remote Mac from any other Mac on the planet!
Security Alert. Just a heads up that earlier this week Apple announced a security vulnerability in the AFP server for Mac OS X Tiger only. You can read all about it here. Before using AFP Server on a Tiger system with or without an SSH tunnel, you are well advised to download and install Security Update 2005-006 for Mac OS X 10.4.1.
Other Mac Projects and HOW-TO's. We tackle a new open source project for the Mac almost every week on Nerd Vittles. You can review the complete list at any time by going here.
ISP-In-A-Box: Hosting Multiple Web Sites And Domains On Your Mac
Once you get a web site up and running on your Mac mini (or any other Mac running Mac OS X Panther or Tiger), you’ll probably get hooked and want to add additional web sites or domains. So today we’re going to give you a template that can be used to add additional sites to your heart’s content. In a previous article, we covered one approach to hosting multiple domains. In that scenario, we built separate web sites in the Sites folder for various user accounts on your Mac. Then using Omnis.com‘s DNS tools, we pointed different domains or subdomains to the appropriate web sites on your Mac using a Proxy (aka mod_proxy) record for the domain that looked like this (substituting your own IP address, of course):
That solution works; however, it forces you to log in as different users to manage the different web sites. Today’s approach assumes you want to manage multiple web sites from a single account on your Mac using the traditional web site folder heirarchy located at /Library/WebServer/Documents. Our site design for multiple web sites and multiple domains goes like this. We’ll create a websites folder below the /Library/WebServer/Documents folder. Then, for each new web site or domain, we’ll create a subfolder below the websites folder. We’ll leave the websites folder empty and adjust Apache to bar direct access to the contents of that folder. Then we’ll assign a TCP port for the new site and add the necessary code to support the new domain to the Apache config file, httpd.conf. Finally, we’ll point our domains to your Mac’s IP address using the proxy service of a domain registrar, restart Apache, and presto, you’ll be hosting multiple web sites from your Mac mini ISP-In-A-Box. One advantage of this design is that you still can remotely manage all of your web sites using a WebDAV client on almost any computer. We covered all of that here last week. We’re assuming you already have built your first web site using our Apache tutorials. If not, start here. Then go here and here. Then you’ll be ready to continue on with this tutorial. As with most of our articles, a degree in Rocket Science isn’t required, but you do have to use the Pico editor to make a few customizations to the Apache configuration files. For the Internet wizards reading this, you’re probably saying there’s an easier way to set up multiple web sites with Apache. Yes, there is. It just doesn’t seem to work in the Mac environment. If anyone comes up with a simpler method that works, do us all a favor and put it in a comment.
Creating the First Web Site. Let’s begin by creating the folder that will house all of our new web sites. Open a Terminal window and switch to root access with your admin password: sudo su. Now move to the main web site folder: cd /Library/WebServer/Documents. Create the new websites folder: mkdir websites. Move to the websites folder: cd websites. Now create a directory to house our first new web site: mkdir mysite. For additional web sites, you’ll simply create additional folders below the websites folder as we just did.
Modifying Apache to Support New Web Sites. Because of Apple’s configuration design, we’re going to configure our new web sites to use TCP ports in the eighties beginning with 81 rather than the default HTTP port, port 80. Remember not to use 82. We used that for our WebDAV server. So we’ll need to first edit httpd.conf in the /etc/httpd folder. Open a Terminal window and switch to root access: sudo su. Move to the Apache config directory: cd /etc/httpd. Make a duplicate of the httpd.conf file just in case something goes wrong: cp httpd.conf httpd.sav. Now carefully edit the Apache config file: pico httpd.conf. Switch back to your web browser and Ctrl-Click on the access.txt code snippet here and open it in a new tab or window in your web browser. Press Command-A then Command-C to copy the code snippet to your clipboard. Now switch back to your Terminal window and move to the bottom of the httpd.conf file by repeatedly pressing Ctrl-V. Copy the clipboard contents there by pressing Command-V.
Now let’s look at what we pasted. The first three lines tell Apache not to display a directory listing of the websites folder if someone accesses your web site by typing: http://yourwebsite.com/websites/. The Listen 81 line tells Apache to listen on this TCP port as well as port 80. The VirtualHost _default_:81 line identifies the port which will be used to access this web site. The DocumentRoot and Directory lines tell Apache where the data for this web site is stored on your server: /Library/WebServer/Documents/websites/mysite. The allow from all line gives everyone access to this web site. And Options +Indexes tells Apache to display a directory listing of this folder if there is no index.html or index.php startup file in the folder. If you want to hide the directory if there is no startup file, change the plus sign to a minus sign.
Now that you understand what the various lines in the config file do, let’s save the changes to httpd.conf: Ctrl-X,Y,enter. Now restart the Apache web server: apachectl restart.
Firewall Adjustments. Remember to add a new port authorization in your Mac firewall to support port 81. Go to SystemPreferences->Sharing->Firewall and click the New button. Choose Other for the PortName, specify the desired TCP port number (81), and name the service HTTP81 so you can remember what it does. Click OK to save your update. Also make the necessary adjustment to your hardware based firewall to authorize the new port and point it to the internal IP address of your Mac. If your hardware firewall uses port 81 for remote access, be sure to change it to another port.
Domain Registrar Adjustments. Finally, access your domain registrar’s web site (as previously noted, we recommend Omnis.com which supports proxy DNS entries) and, using the registrar’s DNS tools, add a proxy record to point your domain to the IP address and port 81 of your Mac web server: http://111.111.111.111:81 using your own IP address. You usually have to make two proxy record entries, one for @ and one for www if you want your web site accessible as either www.yourwebsite.com or yourwebsite.com. If you don’t know the IP address of your Mac web server, just access our IP site identifier using a web browser on your Mac web server, and it will tell you.
Adding Additional Web Sites or Domains. When you’re ready to add additonal web sites or domains to your web server, just follow these simple steps. Add a new folder in the /Library/WebServer/Documents/websites folder. Add an additional Listen and VirtualHost block to your access.conf config file for each domain address which will be used to access the new web site. Be sure to change the access port to port 83 or higher and the web site directory location in every line that you added. Remember to use a different TCP port for each new domain you add. Restart your Apache web server. Make the necessary additions to your Mac and hardware-based firewalls to support the new port. Then add the proxy DNS entry for your new domain using your domain registrar’s proxy DNS tools. For a sample of what we just did using the mysite.webify.us subdomain, click here. Yes, we eat our own dog food.
ISP-In-A-Box: Remotely Managing Mac Web Sites Using WebDAV
If you’re using a Mac mini or any other Mac running OS X Tiger or Panther to host your web site, then you’ve probably wondered how you can update the content on your web site without sitting in front of your Mac. Today we’ll show you how to build and use your Mac’s WebDAV server to remotely manage your web site from just about anywhere. And you can use just about any computer to do it, even one of those Win thingies. All we need to do is tweak the Apache software that’s already installed with Mac OS X Tiger or Panther. When we are finished, we want a web site on your Mac that can be accessed by anyone using a garden-variety web browser without requiring a password. But we also want to be able to update the content of that web site by connecting over the Internet to the appropriate folder on the Mac using WebDAV with a username and password to keep the bad guys out. If you haven’t already read our previous article on how to use WebDAV clients and Web Folders, then start there to learn all about how to connect to a WebDAV server from another Mac, or a Windows PC, or even a Linux or UNIX computer.
As you probably know, WebDAV stands for Web-based Distributed Authoring and Versioning. Simply put, it is an HTTP protocol extension that allows people anywhere on the Internet to collaboratively edit and manage documents and other files using the same protocol and port used for surfing the web. In the Mac world, WebDAV provides a Disk Volume on your Desktop that "looks and feels" like any other networked hard disk. In the Windows world, WebDAV is called Web Folders. They can be used like any other mapped drive in Network Neighborhood. If you’re still a little fuzzy about the WebDAV concept, think of how you link to another drive on your local area network. WebDAV gives you the same functionality across the entire Internet with virtually the same ease of use. Depending upon user privileges, of course, you can copy files to and from a WebDAV volume, and the protocol imposes versioning control through file locking to assure that multiple people with access rights don’t change the same file at the same time. Tiger and Panther versions of Mac OS X provide both a WebDAV client and server. So let’s get started.
In a nutshell, the WebDAV server setup goes like this. We’ll assume that your main web site was built in the default location on your Mac: /Library/WebServer/Documents. First, we’ll change the group owner of this folder so that we can get read and write access to it using WebDAV. Then we’ll set up a username and password system to support WebDAV access for you and whoever else you provide usernames and passwords to. Next we’ll activate the WebDAV mods in Apache which already are installed on your Mac. We’ll then reconfigure Apache a bit to support WebDAV access and formatting. And finally we’ll restart your web server and presto, WebDAV.
You don’t need to be a Rocket Scientist to do this, but you do have to get your hands dirty with our favorite command-line editor, Pico. For those that care about such things, Tiger actually replaces Pico with Nano, but you still can access it by typing Pico … and it works the same way. If you’ve followed other Nerd Vittles tutorials, then this one will be a breeze. Just be sure you edit carefully and, if something does go wrong, copy your backup Apache config file back over the edited one and try again. Apache errors don’t get reported in System Preferences->Sharing when you activate your personal web server. If you have problems and want to see what’s going on, activate and then run WebMin (which we previously covered on Nerd Vittles and upgraded here a few weeks ago for Tiger). Using your browser, access WebMin and choose Servers->Apache Webserver. Then start and stop the web server from there. Errors will be reported with the line number in the config file that’s causing the problem. Ctrl-C in Pico will tell you what line number you’re on in the config file. If this sounds like I’ve had recent experience, you’d be correct. That’s part of the price you pay for being a pioneer.
Changing Group Owner of Your Web Site. Open a Terminal window, and switch to root access: sudo su. Then navigate to the following folder: cd /Library/WebServer. Change the Documents folder to the Apache group: chgrp -R www Documents. Provide write access to authorized users who connect to this WebDAV folder: chmod 775 Documents.
Security Warning: Be aware that we are opening a security hole in your web site by giving Apache write (and delete) access to your main web folder and any subdirectories. We’ve had two levels of protection for your web site: Mac OS X and Apache. Now we just have one: Apache. So you would not want to put up any type of web page, CGI script, or PHP code which allows someone using a web browser to manipulate, delete, rename, or copy files into or on your web site because of the very real risk of compromising your web site files. In short, the only things now standing between your web site and the bad guys are your web pages and Apache’s internal security mechanisms. While Apache has a rock-solid track record insofar as bugs and security are concerned, there’s still always a risk. And we wanted you know about it up front. Did we mention the importance of frequent backups? Here’s an article that will tell you how to do that as well. If you ever decide you want to stop using WebDAV, here’s how to provide the double-layer of security protection once again. Open a Terminal window, and switch to root access: sudo su. Then navigate to the following folder: cd /Library/WebServer. Change the Documents folder back to the admin group: chgrp -R admin Documents. Even with the admin group enabled for Documents, you still can access your web sites with WebDAV. You just won’t be able to upload new documents or delete existing ones.
Building a Password File. We already built a password file in the Web Sites 101 tutorial on Nerd Vittles. We used that password file to manage web site access to various web directories. You probably don’t want to use the same password file for this WebDAV application unless you are building this for same set of users with the same privileges. The only trick to password files is you want to put the file where Apache can read it but your web visitors cannot. And you want to be careful not to insert blank lines in the file with just a colon. That basically lets everyone in. The format for the file is username:password, each on a separate line. And the passwords are encrypted. Here’s how to do it. Open a Terminal window and switch to root access: sudo su. Now move to the directory where we’ll put the password file: cd /usr/local. We’re going to name this password file website.pw so we can remember what it’s for. To create the file and erase any existing file without warning type: htpasswd -c website.pw admin. Think up a password you can remember, and you’ll be prompted to type it twice. Now let’s verify that the file was created: cat website.pw. You should see the word admin, then a colon, and then your encrypted password. To add additional users to the file, just type: htpasswd -m website.pw username where username is your next user. You’ll be prompted for the password. Remember, if you accidentally use the htpasswd -c syntax a second time, you will overwrite your existing file and all of its entries. So be careful. Finally, remember to make duplicate entries using email syntax for the username to assure that Windows clients can access your DAV resources: htpasswd -m website.pw joe@schmo.com.
Reconfiguring Apache to Support WebDAV. Open a Terminal window, and switch to root access: sudo su. Then navigate to the folder with Apache’s configuration file: cd /etc/httpd. First, let’s make a backup copy of the config file in case something goes wrong: cp httpd.conf httpd.conf.dav.save. Now let’s carefully edit the config file: pico httpd.conf. If you previously built the WebDAV server backup application which we covered on Tiger Vittles, then skip to the next paragraph. Otherwise, uncomment the headers_module line by searching for headers (Ctrl-W, headers, enter) and then pressing Ctrl-D while positioned over the # sign at the beginning of the line. Now search for mod_headers (Ctrl-W, mod_headers, enter) and uncomment that line (Ctrl-D while positioned over beginning # sign). Now search for dav_module (Ctrl-W, dav_module, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now search for mod_dav (Ctrl-W, mod_dav, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now press Ctrl-V repeatedly until you get to the bottom of the file. Switch to your web browser and download WebDAV snippet #1. When the code snippet displays in your web browser, press Command-A then Command-C to copy all of the code to your clipboard. Now switch back to Pico, click at the bottom of the config file, and paste code snippet #1 into the config file by pressing Command-V. Use the cursor keys to move to the BrowserMatch section of the code we just pasted and be sure "redirect-carefully" didn’t end up on a line by itself. If it did, position the cursor over the first letter "r" and press the backspace key to move it back up to the end of the previous line of code. Don’t worry if a dollar sign displays at the end of the line after you move it. This just indicates that additional text is off the screen.
We’ve got one more code snippet to cut and paste, and we’ll be all set. We want to search for the second occurrence of /Directory in the Apache config file: Ctrl-W,/Directory,enter,Ctrl-W,enter. Move the cursor to the beginning of the line and press Enter to open up a blank line. Now move up to the blank line by pressing the Up Arrow. Switch to your web browser and download WebDAV snippet #2. When the code snippet displays in your web browser, press Command-A then Command-C to copy all of the code to your clipboard. Now switch back to Pico, click on the blank line we inserted, and paste code snippet #2 into the config file by pressing Command-V.
That should do it. Save your Apache config file: Ctrl-X, Y, enter. And restart Apache by deselecting and then reselecting Personal Web Sharing from System Preferences->Sharing. Close the Terminal window by typing exit, pressing enter, and then pressing Command-Q.
Testing Your WebDAV Server. To test whether WebDAV is working, switch to your Desktop and, using Finder, press Command-K. When prompted for the server address, type http://localhost and then click the Connect button. Enter your username and password that you created in the website.pw password file, and your main web site folder should appear on your Desktop. Drag a file from your Desktop to the folder to be sure everything is working as it should. If you’ve enabled web access through your Mac and router firewalls (which we have previously covered here), then you should be able to access your WebDAV server from the Internet with your IP address or domain name. Just press Command-K from Finder and use the following syntax for your WebDAV resource: http://mydomain.com. For more details on using WebDAV clients or to use a Windows machine to access your WebDAV share, read our previous article on the subject here. Now you can enjoy remotely managing your web sites with WebDAV. So put on your travelling shoes!
Some Recent Nerd Vittles Articles of Interest…
Mac OS X Tiger Backups: The Good, The Bad, and The Ugly
Now that we’ve successfully moved our ISP-In-A-Box to Tiger, we really need a backup solution that works. Our definition of "works" is that the backup copies all of your data to an external backup device, the files are intact, and you can boot your Mac from the backup drive in the event of a catastrophic failure of your main drive. Having said that, there are some other backup solutions that can duplicate all of your data but the resultant backup set is not independently bootable. In short, it’s better than nothing, but it leaves you with a good bit of work to do in the event your main drive croaks.
Our personal favorite in the Panther days was Carbon Copy Cloner in combination with psync. You can read all about it here. Unfortunately, Carbon Copy Cloner presently doesn’t work with Tiger unless you apply the 10.4.2 update. You can run it from a Terminal window; however, the resulting backup is not bootable. The developer’s web site does indicate that an update for Tiger is in the works, but it’s not soup yet. One of the major advantages to Carbon Copy Cloner (in addition to making reliable, bootable backups) was that it also was free.
Another free alternative that has been updated for Tiger is LaCie Silverkeeper 1.1.3. The price is right (free). The backup does appear to be complete. And your Mac will boot from the backup drive. However, when we booted from the backup drive after completing the backup, we got the standard Apple Welcome screen as if you had just installed Tiger on your system. This forces you to reconfigure your language preferences, your network, and walk through the remainder of the setup process before you can access your drive. Again, this may be perfectly acceptable to some. It wasn’t what we were looking for. But the price is right, and it might be adequate to tide you over until a Carbon Copy Cloner update is released.
A free option in which the backup is actually bootable is Apple’s own Disk Utility which is included with Mac OS X. To make a bootable backup copy of your local hard disk, insert the Tiger DVD, plug in an external firewire drive, and reboot your Mac while holding down the "C" key. Select your language. Then from the menu bar choose Utilities->Disk Utility. Click on your internal hard disk from the drive list. Click the Restore tab. Now drag your internal disk drive to Source and drag your external drive to Destination. If you want to checksum your backup, read the screen instructions. Otherwise, check Erase Destination and then click the Restore button. Click OK to erase your backup drive. Once the backup completes, test your backup by rebooting your system while holding down the Option key. Choose the backup disk (far right) as your boot device. Be patient! It takes about a minute after your Mac reboots until you can make a drive choice. Once you select the backup drive, click the right arrow key, and you’re off to the races. The only drawback to this option is having to boot your Mac from the Tiger DVD disk to make a bootable backup. Otherwise, it works like a champ … and it’s free.
A fourth option is to download and then run psync from a Terminal window with the following command: sudo psync -d / /Volumes/Backup/ where Backup is the name of your backup volume. The backup appears to be complete; however, you cannot boot from the external drive following completion of the backup. So this option suffers from the same drawback as the Carbon Copy Cloner solution. One advantage of psync is that it can easily be added as a cron job which will kick off automatically at times you specify. See our article on crontab and CronniX for further details on how to implement this if you are interested in this approach.
Another personal favorite is D√ɬ©j√ɬ† Vu from Propaganda Productions. It works as a Preference Pane within System Preferences and does exactly what Carbon Copy Cloner used to do. Unfortunately, it’s not free unless you happen to own Toast 6 Titanium. If you do own Toast 6 Titanium, you can get the Tiger-compatible version of D√ɬ©j√ɬ† Vu by upgrading to Toast Titanium 6.1. Unfortunately, the Hobson’s Choice is that upgrading to version 6.1 eliminates your ability to burn music CDs using songs purchased from the iTunes Music Store, a nasty gotcha that we previously have written about. Fortunately, for $9.95 you can upgrade D√ɬ©j√ɬ† Vu only from Propaganda’s web site. If you don’t own Toast 6 Titanium, you still can buy D√ɬ©j√ɬ† Vu. It’s $24.95 for a single-user license and a very reasonable $34.95 for a household license which authorizes installation on an unlimited number of Macs in your single household. Or you can use it for 30 days at no cost. Perhaps by then the Carbon Copy Cloner update will be available.
Finally, our readers’ comments pointed us to another terrific shareware product, SuperDuper. And it really is. It has two modes: registered (for $19.95) and unregistered. The unregistered version which is free for downloading makes a perfect duplicate of your system disk to an external firewire drive which is bootable. That is exactly what we set out to do with our backup reviews in this tutorial, and it couldn’t get much simpler. You choose your internal drive as the source from the left pull-down menu and choose your firewire external drive as the target from right pull-down. Leave the default script and click the Start Copying button. Making a perfect clone of an iMac G5 with 20 gigs of data took roughly an hour. Then you can boot from the external drive to make sure everything went according to plan. It doesn’t get much easier than that, and you sure can’t beat the price.
ISP-In-A-Box: The $500 Mac mini (WebDAV and Web Folders 101)
Microsoft deserves a lot of credit for popularizing the idea of Web Folders, but the open source movement gets the accolades for making WebDAV work reliably across all the computing platforms. If you didn't already know, WebDAV stands for Web-based Distributed Authoring and Versioning. Simply put, it is an HTTP protocol extension that allows people anywhere on the Internet to collaboratively edit and manage documents and other files using the same protocol and port used for surfing the web. In the Mac world, WebDAV provides a Disk Volume on your Desktop that "looks and feels" like any other networked hard disk. In the Windows world, WebDAV provides a Web Folder which can be used like any other mapped drive in Network Neighborhood. If you're still a little fuzzy about the WebDAV concept, think of how you link to another drive on your local area network. WebDAV gives you the same functionality across the entire Internet with virtually the same ease of use. Depending upon user privileges, of course, you can copy files to and from a WebDAV volume, and the protocol imposes versioning control through file locking to assure that multiple people don't change the same file at the same time. Panther and Tiger versions of Mac OS X provide both a WebDAV client and server, and today we'll walk you through configuring and using both the client and the server on your Mac. Because of the number of folks that also use Windows machines at the office, we'll also briefly touch upon how to access your Mac WebDAV resources and set up a Web Folder from a Windows XP machine.
HOW-TO Use the WebDAV Client on the Mac. We're going to start by walking through the set up process for connecting to a WebDAV server resource anywhere on the Internet. To connect to a WebDAV resource from a Mac, press Command-K from Finder. Then enter a Server Address in the following format: http://192.168.0.103/dav/. This tells Finder to use the HTTP protocol to establish a link to an IP address and folder that you designate. You also can use a fully-qualified domain name in lieu of an IP address. Typically, you'll be prompted for a username and password, and then a new volume will appear on your Desktop which can be used just like your local hard disk. When you finish using the resource, CTRL-Click on the volume and Eject it. It's that simple.
HOW-TO Use Web Folders on a Windows PC. The Windows process is a bit different as you might expect, but the results are the same. Once connected, you'll have a mapped drive that can be used just like any other network drive. The simplest way is to map a drive (see inset). To access Web Folders and save your settings, we're going to use the Add Network Place Wizard. You can access it in several ways. Either Right-Click on Network Neighborhood and choose Map Drive. Or from My Network Places, choose Add a network place. Or from Windows Explorer, choose Tools->Map Network Drive. Now click "Sign up for online storage or connect to a network server" at the bottom of the window.
When the Add Network Place Wizard appears, you'll be prompted for where to create the network place. Select "Choose another network location" and click Next. For the Internet address, use the same syntax as on the Mac: http://192.168.0.103/dav/ and click Next. Give your network place a name and click Next then Finish. Your new Web Folder will now appear in My Network Places. Just click on it to connect. Here's the gotcha with WebDAV on the Windows platform. If you access a Web Folder by IP address, when you're prompted for a username and password to log in, the username must be in email format: john@doe.org. Another "Better Idea" from our friends at Micro$oft. So when you create usernames on your Mac, keep this in mind if you want Windows users to be able to access the resources reliably. It doesn't matter what the email username or domain is, but it has to be in email format. When you finish using a web folder, be sure to disconnect. Open Windows Explorer, choose Tools->Disconnect Network Drive, and select the Web Folder you wish to disconnect.
Connecting to a WebDAV Resource. We've temporarily set up a sample WebDAV server on one of our Tiger-enhanced Macs so that you can experiment with WebDAV access from your favorite Mac, Linux, or Windows machine. For reasons which should be obvious, we've disabled writing to our WebDAV server only because we didn't want our hard disk filled up by some anonymous bozo in the middle of the night. We're also going to provide a single username and password for everyone to use. It should be stressed that neither of these scenarios is typical. First, the usual purpose of a WebDAV server is to facilitate collaboration which means all authorized users should be able to read and write to the volume. Second, you usually don't provide access to a WebDAV server for anonymous users. That's what web sites are for. But this is Wiki World, and we wanted to show you how these things are put together before you roll your own. So bear with the constraints recognizing that, when you set up your own WebDAV server, it will be much more robust.
To access the system, follow one of the client access methods outlined above. The web address using Windows is http://webify.us. For Macs, use http://dav.webify.us:82. When prompted for a username and password, use bozo for the username and forlife as the password. If you have problems with the username on a Windows PC, use bozo@webify.us. Don't forget to disconnect when you are finished playing. NOTE: This system (only) will be down for a move to its new permanent location from Thursday afternoon, May 26 until Saturday morning, May 28. Our apologies.
That about covers using a WebDAV client. For step-by-step instructions on creating your own WebDAV server on your Mac, here's a reprint of the article from our former Tiger Vittles site.
ISP-In-A-Box: Building a WebDAV Server for Remote Access
Ever wished you had several gigs of off-site disk storage so you could safely back up all your most important data and use it for remote access or collaboration. One option, of course, is a .Mac account which gives you 125MB of iDisk storage space and other goodies for $99 a year. You can increase your iDisk to a gigabyte for an additional $49.95 a year, a bargain compared to some commercial sites. Here’s another approach that’ll save you hundreds of dollars a year. Find a friend with a Mac and an Internet connection and swap several gigs of storage space on your friend’s Mac for several gigs of storage space on yours. Then follow along here, and we’ll show both of you how to build and use WebDAV servers to do exactly what the commercial firms are doing. And you can use the Apache software that’s already installed with Mac OS X Tiger.
As you now know, WebDAV stands for Web-based Distributed Authoring and Versioning. Simply put, it is an HTTP protocol extension that allows people anywhere on the Internet to collaboratively edit and manage documents and other files using the same protocol and port used for surfing the web. In the Mac world, WebDAV provides a Disk Volume on your Desktop that “looks and feels” like any other networked hard disk. In the Windows world, WebDAV is called Web Folders. They can be used like any other mapped drive in Network Neighborhood. If you’re still a little fuzzy about the WebDAV concept, think of how you link to another drive on your local area network. WebDAV gives you the same functionality across the entire Internet with virtually the same ease of use. Depending upon user privileges, of course, you can copy files to and from a WebDAV volume, and the protocol imposes versioning control through file locking to assure that multiple people don’t change the same file at the same time. Panther and Tiger versions of Mac OS X provide both a WebDAV client and server. Nerd Vittles walked you through configuring and using the WebDAV clients. So let’s tackle the WebDAV server setup now. This works with Tiger or Panther by the way.
In a nutshell, the WebDAV server setup goes like this. We’ll create a new subdirectory in the web server’s storage folder which we’ll use for WebDAV read and write access. Then we’ll set up a username and password system to support WebDAV access. Next we’ll activate the WebDAV mods in Apache which already are installed on your Mac. We’ll then reconfigure Apache a bit to support WebDAV formatting. And finally we’ll restart our web server and presto, WebDAV. You don’t need to be a Rocket Scientist to do this, but you do have to get your hands dirty with a command-line editor, Pico. If you’ve followed other Nerd Vittles tutorials, then this one will be a breeze. Just be sure you edit carefully and, if something does go wrong, copy your backup Apache config file back over the edited one and try again. Apache errors don’t get reported in System Preferences->Sharing when you activate your personal web server. If you have problems and want to see what’s going on, activate and then run WebMin (which we previously covered at Nerd Vittles and upgraded here last week for Tiger). Using your browser, access WebMin and choose Servers->Apache Webserver. Then start and stop the web server from there. Errors will be reported with the line number in the config file that’s causing the problem. Ctrl-C in Pico will tell you what line number you’re on in the config file. If this sounds like I’ve had recent experience, you’d be correct. But you won’t have to pull your hair out. I’ve already done that with mine.
Creating a WebDAV Folder. Open a Terminal window, and switch to root access: sudo su. Then navigate to the root of your web server folders: cd /Library/WebServer/Documents. Create a new WebDAV folder: mkdir dav. Change the permissions of the folder’s group to match the Apache group: chgrp -R www dav. If you want to provide write access to users who connect to your WebDAV folder, then change the permissions to allow it: chmod 775 dav.Building a Password File. We already built a password file in the Web Sites 101 tutorial on Nerd Vittles. We used that password file to manage web site access to various web directories. You probably don’t want to use the same password file for WebDAV unless you are building this just for yourself. The only trick to password files is you want to put the file where Apache can read it but your web visitors cannot. And you want to be careful not to insert blank lines in the file with just a colon. That basically lets everyone in. The format for the file is username:password, each on a separate line. And the passwords are encrypted. Here’s how to do it.
Open a Terminal window and switch to root access: sudo su. Now move to the directory where we’ll put the password file: cd /usr/local. We’re going to name this password file dav.pw so we can remember what it’s for. To create the file and erase any existing file without warning type: htpasswd -c dav.pw admin. Think up a password you can remember, and you’ll be prompted to type it twice. Now let’s verify that the file was created: cat dav.pw. You should see the word admin, then a colon, and then your encrypted password. To add additional users to the file, just type: htpasswd -m dav.pw username where username is your next user. You’ll be prompted for the password. Remember, if you accidentally use the htpasswd -c syntax a second time, you will overwrite your existing file and all of its entries. So be careful. Finally, remember to make duplicate entries using full email syntax for the username to assure that Windows users can access your DAV resources: htpasswd -m dav.pw joe@schmo.com.
Reconfiguring Apache to Support WebDAV. Open a Terminal window, and switch to root access: sudo su. Then navigate to the folder with Apache’s configuration file: cd /etc/httpd. First, let’s make a backup copy of the config file in case something goes wrong: cp httpd.conf httpd.conf.dav.save. Now let’s carefully edit the config file: pico httpd.conf. Uncomment the headers_module line by searching for headers (Ctrl-W, headers, enter) and then pressing Ctrl-D while positioned over the # sign at the beginning of the line. Now search for mod_headers (Ctrl-W, mod_headers, enter) and uncomment that line (Ctrl-D while positioned over beginning # sign). Now search for dav_module (Ctrl-W, dav_module, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now search for mod_dav (Ctrl-W, mod_dav, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now press Ctrl-V repeatedly until you get to the bottom of the file. Switch to your web browser and download this WebDav snippet. When the code snippet displays in your web browser, press Command-A then Command-C to copy all of the code to your clipboard. Then switch back to Pico, click at the bottom of the config file, and paste the code snippet into the config file by pressing Command-V. Use the down arrow to move to the BrowserMatch section of the code we just pasted and be sure “redirect-carefully” didn’t end up on a line by itself. If it did, position the cursor over the first letter “r” and press the backspace key to move it back up to the end of the previous line of code. Don’t worry if a dollar sign displays at the end of the line after you move it. This just indicates that additional text is off the screen… the price we pay for using a free editor. Now we should be all set. Save the config file: Ctrl-X, Y, enter. And restart Apache by deselecting and then reselecting Personal Web Sharing from System Preferences->Sharing. Close the Terminal window by typing exit, pressing enter, and then pressing Command-Q.Testing Your WebDAV Server. To test whether WebDAV is working, switch to your Desktop and, using Finder, press Command-K. When prompted for the server address, type http://localhost/dav and then click the Connect button. Enter your username and password that you created in the dav.pw password file, and a blank dav folder should appear on your Desktop. Drag a file from your Desktop to the folder to be sure everything is working as it should. If you’ve enabled web access through your Mac and router firewalls (which we have previously covered here), then you should be able to access your WebDAV folder from the Internet with your IP address or domain name using the syntax: http://mydomain.com/dav. Enjoy your new WebDAV server. Now all you need is a friend to share it with.
iTunes Bait and Switch: Say It Ain’t So, Steve
After selling over 400 million songs through the iTunes Music Store, Apple reportedly has pulled a fast one. The Bait: Remember the original iTunes promise? Songs purchased on iTunes could be copied to an unlimited number of iPods that you own and could be played on up to five Macs or PCs. And you could burn playlists to music CDs up to seven times. And you could burn individual songs to music CDs an unlimited number of times. Well, that was then and this is now according to a little blurb on VersionTracker this week. In announcing the latest release of Roxio’s award-winning CD and DVD burning software, Toast Titanium 6.1, which was supposed to fix some compatibility issues with Tiger, a not-so-subtle gotcha has been added. The Switch: "Following discussions with Apple, this version will no longer allow customers to create audio CDs, audio DVDs, or export audio to their hard drive using purchased iTunes music store content."
If true, Apple’s welching on the terms of their music license with end-users by strong-arming software developers into crippling their CD burning software may just earn them one of the biggest class-action lawsuits of the century … to the tune of 400 million already-purchased songs. Does Apple have the right to change the terms of their music license for future sales from iTunes? I suppose so. Do they have the right to change the rules for songs people have already purchased? Any first-year law student could answer that as could most folks with about an ounce of common sense. But you can still burn a CD using iTunes, you might be saying. And I would respond, "Yeah. This week." How many times in the past year has Apple made changes to iTunes that further restrict your use of music you lawfully purchased? Making iTunes the exclusive software for burning music CDs of music purchased from the iTunes Music Store will work just about as well as letting the Arab nations unilaterally set the price of oil. What’s coming next: music CDs that will only play on Apple CD players. Give us a break! Maybe it’s time for folks to take a look at allofmp3.com after all. It’s only 95¢ a song cheaper than iTunes. But we were all trying to be good citizens, except Apple apparently. If Apple can continually change the ground rules after the fact, then it’s hard to fault those who resort to tools such as PyMusique to protect their music investment.
The fundamental difference in what Roxio apparently was doing to reverse engineer the Apple encryption scheme and what Real appears to be doing is quite simple. People have always had a contractual right to copy their encrypted songs to music CDs. So, just as printer manufacturers have no right to assert the Digital Millenium Copyright Act (DMCA) to bar competitors from making compatible print cartridges, Apple has no legitimate DMCA claim to bar other companies from providing tools to perform the lawful act of making music CDs from iTunes downloaded songs. If Apple was only worried about their encryption scheme with no ulterior motives, then it would have been a simple matter to license a decryption library to Roxio for the limited purpose of making music CDs from iTunes downloaded music. That obviously didn’t happen.
It’s too bad that Apple, which has been embraced by the public as the model technology company in this country, just can’t seem to resist the temptation to jump into the legal thicket and shoot itself in the proverbial foot. Worse yet, it always seems to happen when Apple is on a roll. Makes you wonder what would happen if Apple really were in the desktop computing driver’s seat, doesn’t it? Once word spreads that Apple is beginning a process of further crippling music downloads by changing the original terms of their deal with the public, then, read my lips, the iTunes lock on music downloads is going to be history. So, Steve. Say it ain’t so. You’ve inspired a new generation of kids to actually buy their music. Don’t make them all sorry they trusted you.
About the Author. Ward Mundy is a retired attorney who spent more than 30 years providing legal and technology assistance to the federal courts in the United States. Nothing in this article should be construed as legal advice, and obviously the views expressed herein are solely those of the author.
ISP-In-A-Box: The $500 Mac mini (Upgrading to Tiger = No-Brainer)
It’s been a week since Tiger was released, and we finally got our copy even though it was several days late. Apple more than compensated for the delay by offering up a free copy of iWork or iLife. Class act, that Apple. Our project for today is to upgrade your Mac mini to Tiger. Then we’ll send you over to Tiger Vittles to upgrade the Top 10 ISP-In-A-Box projects that we built earlier this year so that they all work again. Sounds like a whole weekend project, doesn’t it? Think again. Believe it or not, it took a little more than an hour to upgrade Panther to Tiger and about one more hour to get all ten of the following applications working. If you’re from the Windows World or have any familiarity with any server platform other than Macs, you know just how incredible that is. If not, just count your blessings, twice. Tiger is a must-have upgrade. And, if you happen to have two to five Macs in your household, it’s just about the best deal on the planet. Imagine Exxon selling you gasoline for 50¢ a gallon just because you own five automobiles.
Prerequisites. For purposes of this article, we’re assuming your Mac mini came with Panther preinstalled or that you’re upgrading another Mac that already has Panther installed. You also should have installed whichever applications above that you want to use while still running Panther. Stated another way, this tutorial won’t necessarily help you if you install Tiger and then attempt to install some of the applications above. We haven’t tested new installs on Tiger yet. So, if there are some applications you want that you haven’t installed, click on the appropriate links above, and do the installs before upgrading to Tiger. You also should make certain that any of the applications you need already work under Panther. Don’t upgrade to Tiger until they do. Finally, you’ll need $9.95 if you want to enable any or all of the email servers using PostFix Enabler for Tiger. Hint: You only really need the SMTP mail server if you’re planning to use the Email Reminders or the WordPress blog.
Upgrading from Panther to Tiger. The first thing you need to do before you begin the upgrade is to read HOW-TO: Prep Your Mac for a Tiger Upgrade on our Tiger Vittles site. Then you need to review the software compatibility lists on our Tiger Vittles site: Tiger-Ready Applications: The Good, The Bad, and The Ugly. If there is some application you absolutely have to have and it’s on our Bad or Ugly lists, then you probably will want to hold off on upgrading for a while. If you need VPN software to connect to your office, that’s probably a deal-breaker. Virtually all of the VPN clients are broken with Tiger at the moment.
In a nutshell, the upgrade process we used went like this. We obviously can’t guarantee that it will work for you because we don’t know what is on your system or what condition your system is in. So proceed at your own risk and call Apple if you run into problems. They get money for this. We don’t.
Go have a snack while your Mac is indexing. Then meet us over at Tiger Vittles today to upgrade the first ten ISP-In-A-Box server applications to work with Tiger. And, while you’re there, check out how your other favorite applications are doing with Tiger.
Nerd Reminder: Don’t forget to call your mama this weekend. Flowers would be a nice touch.
Road Warrior’s iPod Solution … and an Alternative
Like the rest of the universe, we’re pretty much sold on iPods to handle all of our music needs, but there’s an exception to every rule. The exception in this case is for those of us that carry around a USB flash drive on our keychain to meet other needs. Strolling down the Costco aisle the other day, I ran across a slick little device for about $25 that turns any iPod or even a garden-variety USB flash drive into an MP3 music source for your vehicle. Checker Auto has it for $10 more. And Wal-Mart carries them as well. It’s called a VFM7 FM Modulator from a company called Roadmaster. In addition to functioning as your own private FM radio station, it also can play MP3 files (only) from almost any USB flash drive. And it includes a 3.5mm line input jack for attaching virtually any music device including any iPod. Wouldn’t you think the automobile manufacturers could spring for a line input jack on automobiles that now cost as much as a house? Kinda reminds me of the oil companies. They had no problem washing your windshield and checking your oil when gas was 40¢ a gallon. Now that a gallon of gasoline costs over five times that much, you get to do it yourself. Go figure. Just play your music louder. It’ll help you forget!
The VFM7 can broadcast on any of seven FM frequencies which provides the necessary flexibility to avoid interference in all but the largest metropolitan areas. Having tried many FM modulators over the years, I can tell you that this one ranks right up there with the best. The trick to most FM modulators is to plug them in, leave the music off, and try each frequency matching your FM radio to your choice on the modulator until you find one that is quiet, i.e. no noise, no faint radio signal, and no hiss. The round button (see inset) changes frequencies, and the other three buttons are for skip to previous song, play/pause, and skip to next song. Once you’ve found the correct frequency for your area, plug in your audio device or USB flash drive and press play. There are tons of FM modulators you might be saying. And right you are. But most of them aren’t the size of a slightly enlarged car cigarette lighter, and none of them have a USB MP3 player and line in jacks built in to the unit. Usually you’ve got a bunch of dangling cords to contend with in addition to the modulator. And most of the non-battery modulators lack the flexibility to support both USB flash drives and line in using the same unit. If you’re a boating enthusiast, you’ll also find using a $25 flash drive with a $25 FM modulator makes a lot more sense than risking an unintended swim for your mega-hundred dollar iPod.
And speaking of USB flash drives, here’s a great little secret if you don’t already have your fill of flash drives. What we’ve started doing is building different music collections on different flash drives for travelling. Then all you have to do is swap out flash drives when you want to switch from country music to punk rock. The SanDisk Cruzer Micro series of drives has the added flexibility of being able to plug in to the Cruzer Micro Companion MP3 player to provide a portable MP3 player using a single AAA battery and a set of headphones. You get about 7-9 hours of play time out of an alkaline battery. The 256MB flash drive costs about $25 and the 512MB drive is about $40. Larger drives are available as well. The MP3 player device is about $45. Or you can purchase a combination 512MB flash drive with the player. Buy.com was the cheapest source earlier this week, but you might want to run the items through PriceGrabber and check the latest pricing. As a rule of thumb, a 256MB flash drive holds about four hours of music, and we’ve found that bigger isn’t always better. Each time you power off the VFM7, you go back to the first song on your flash drive so smaller, multiple drives tend to make more sense. Another approach on the Windows platform is to use Renamer to shuffle your songs from time to time. Enjoy!
Tiger Vittles. In celebration of Apple’s release today of Mac OS X Tiger, Tiger Vittles presents a round-up of what works and what won’t with Tiger and unveils a new database app to let everyone report on their favorite programs: Tiger-Ready Applications: The Good, The Bad, and The Ugly.
Free Asterisk Solutions
