Macking 123

Password That Sucker!
A recent Macintouch noted the first time I had seen a Mac taken over by a spammer to send out his messages. It seems the owner had a DSL connection and had created a user with a simple name and password, like "user" and "user." The spammer had managed to log into this insecure connection via SSH and run scripts that let him pass spam messages through the victim's Mac. He had left that port open so he could do remote maintenance from his office.
Moral is, don't open that port if you don't know how to use it, and then don't create such a simple name/password scheme that a cracker can figure it out. OSX is very secure, but not if you "...leave the door unlocked and the keys in the ignition."

New Century Boombox
I needed a way to play my iPod for a party. There are a lot of choices in powered external speakers for 'pods, so when I found myself in an Apple store recently I saw they had a dozen choices set up for testing. Hands down winner was the Altec-Lansing IM7, a tube-shaped device the size of, well, a boombox. What set it apart from the nearest competition (the $299 Bose) was the amazing power it projected; enough for uncompromising outdoor use. It swallowed the Pod into a dock (similar to the way a cassette player swallows a tape) and then offers a remote control that lets you skip to the next track, raise volume and bass independently, and shut it off. The rest of the controls are via the Pod itself. It listed for $249.
It also has an audio-in port that will accept signal from an iPod that won't fit its dock, or a tape player, TV set or any other source. It is good enough to be your only sound system.
I almost whipped out my card on the spot, but I remembered that Apple always charges list price for everything they sell. When I got home I found the same device on Ebay for just $173 (my final bid) and the auction ending in just eleven minutes! Amazing. With $24 for two day air shipping, it came to just under $197 total - and they managed to get it shipped to me two days before the party.
The dealer was tradingcircuit.com, the online presence of Circuit City. After ordering, I saw an ad for the same unit at Fry's for $199. In the end I saved $2 over that, plus the gas to Wilsonville, plus the risk of going to Fry's and possibly spending more money.
It used to be said that the purpose of the Apple stores were to serve as walk-in billboards; their existence was subsidized by the advertising department and were not intended to be profitable. They are very much so, but they did their job for me: I went in, based a purchasing decision based on what I learned there, and then bought somewhere else. Sometimes I do buy from them because there will be something in stock that will be only slightly more expensive than elsewhere (like an iPod case) or simply not available anywhere else without a lot of searching.
Now that we may have a fourth Apple store, this one going up at NW 23rd and Glisan, there will be plenty of opportunity for browsing. People will still shop elsewhere and yet the store will be immensely profitable. Other, independent, Mac dealers will also reap the benefit of increased Apple awareness and sales will go up for everyone. It's pretty well known throughout the industry that Portland is a dedicated Mac town.

Keeping Your Own ISP
Michael: A correction to your comments about Verizon. I've had Aracnet/SpiritOne DSL through Verizon since February 2000. The Verizon service has always been only offered as a "business" service. When Verizon started offering (and promoting) ISP service to home customers several years ago it was less expensive than than their pass-through charge I was, and continue to, pay. Even more insulting is that the Verizon DSL ISP is faster. However it (apparently) blocks servers and they don't offer static IPs. I would guess it is also PPPoE. So there are advantages to SpiritOne, and I intend to stay there until they are forced out of business next year by that recent court decision. At that time I will probably change to Covad. I understand that Verizon business service (which has static IPs) is $100/month, which is much more expensive than Aracnet or Covad.

Burning CDs from iTunes
On a completely different topic, that of burning CDs from iTunes to create MP3 files, this is an excellent idea no matter what. If you read the ITMS license agreement (or the license agreement of any music store) you would find that they reserve the right to change the DRM at any time, including discontinuing the service. This would make any purchased (?) music totally inaccessible. Thus it is an excellent idea to burn to CD and optionally rip to MP3s any purchased music from any online service.
Perhaps you do realize the precarious license when you state that iTunes allows burning protected files "for now." Indeed they could disallow that tomorrow.
Tom Almy
Yep. It would be bad PR for Apple to do so, however. If they do it will be under orders from the RIAA.
More amazing to me is the fact that they have not yet done so, even though iTunes has gone through three hasty upgrades since summer. The new version 6 can play videos in full screen mode, which can be purchased from the ITMS (now the iTunes Media Store) but QuickTime 7, also revised multiple times, cannot play them full screen with its own player unless you pungle up $30 for the Pro version. The updated QuickTime prevents you from burning off DVD copies of your videos using iMovie. Tell me that is not one step removed from what we fear they will do with music tracks.

Giving Up on Staying Old
I have been advising people who want to retain more control over their iTMS music to stick with version 4.7.1, QT 6.5.2 and forego the latest iPods. Well, we could hold out only so long, and so it's time to throw in the towel.
The iTunes Music Store breaks now under any version older than 4.9. Apple removed the updaters for that version from their web site to force users to move to 5.0.1. Software Update offers only iTunes 6 if you run from a 10.3.9 system with iTunes 4.7.1. If you do make the jump to iTunes 6, you lose your copy of QuickTime 6 Pro, because iTunes requires QT7. Of course, Apple will happily sell you the Pro version of QT7!
If you avoid buying anything from the ITMS, of course, none of this need affect you. Stick to QT6 and iTunes 4.7.1. Make sure you have archived installers for both in case you have to reinstall your OS. While you are at it, continue to forget about Tiger.
If you skipped iTunes 5 you avoided becoming one of the reported victims of a badly-designed update. From now on we have to depend on those dedicated programmers who will develop cracks for any current and future DRM schemes. After all, we can still convert our own CDs, record our own DV movies and make our own music, and their hacks will let us continue to do so with purchased or found media. You've read and heard most of the arguments demanding tighter control to stop those eeevil pirates from the mainstream press; if you pay attention to any of the freedom-of-the-net news sites, musicians' forums, and other creativity blogs you'll find out more about why they are full of it.
So go ahead and make a complete backup of your music files, then download and install all the latest and the greatest and welcome to the bravely Applish world. To keep up on the best hacks and cracks, check out the usual suspects: Macintouch, Ars Technica, 2600, Boing Boing, Slashdot and look for new releases which may disappear quickly due to assault from the forces of evil wielding the DMCA. The goal is to retain control in YOUR hands, the user. What you do with that control is subject to your own ethical standards; the opinion of industry hacks is not worth the valuable brain cells it takes to even consider them.
Apple's move into video is generally exciting and will make more short-form content available, such as, well, all the videos released for MTV play between 1979 and 1995 when they pretty much gave up playing them. I know of dozens locked away in RIAA vaults I would pay to have a copy of.

Bad Installers
It isn't just Quark. According to the Labor Day edition of Macintouch, the Palm Desktop 4.2.1 (revision C) installer does serious damage to permissions in programs not related to Palm.
"After the program files are installed, the installer runs a shell script called "postflight" that attempts to "fix" any permissions issues which may prevent the program from running properly. Unfortunately, the script violates the most basic programming principle in the universe - thou shalt not alter the files of programs other than thyself - and it does it so blatantly that I can only assume malicious intent.
"The "/Library/Application Support" directory is where many programs place critical system-wide configuration and program files that are referenced on an as-needed basis. This is a directory whose permissions should NEVER be changed or altered, lest you end up breaking many of your installed apps. In particular, all sorts of system-level programs such as Anti-Virus and Disk Utilities place parts of themselves there, and any changes to their permissions will prevent them from loading at boot time. Even more dangerous, some programs place symbolic links from that directory to "/System/Library", and running a chmod command that recursively drills down that directory could end up completely trashing your entire system.
"In short, this is the most irresponsible and potentially dangerous Mac OS X install program of all time. I have never seen anything this egregiously idiotic, and I have seen some pretty bad install programs. I am placing this in the category of a Trojan Horse, and warning anyone and everyone NOT to install it."

It Took A While, But It's Fixed
I placed a call to Palm to inquire about this before warning ComputerChips readers about this issue, because there is no direct email address to contact them, not even for Press Relations. I heard from their contracted PR department, who gave me an email address to forward these concerns to. Although it took almost a month to get an answer, Palm pulled the bad installer and replaced it with a Rev. D on their site. Beware of copies of C floating around, though. Some may have even made it to production CDs. If you ever plan on getting a Palm, or would simply like to use the rather-nicely-done desktop software, go download the latest revision and stash it in your Installers folder.

No Microsoft products were used in the production of this column.

email mp at moonmac dot com. (I took out the mailto link because that's how the spammers find me.)