TidBITS#578/30-Apr-01 ===================== Thinking about a wireless AirPort network? You might do better than using Apple's AirPort Base Station these days - read on for Glenn Fleishman's look at competing 802.11 access points. TenBITS offers news about Mac OS X software releases, plus warnings about damage that can be done by Apple's installer. In the news, we cover problems with some Power Mac G4 hard drives, Outpost.com shipping changes, and BBEdit 6.1.1, QuickTime 5.0.1, and Palm Desktop 2.6.3. Topics: MailBITS/30-Apr-01 TenBITS/30-Apr-01 Flying into Other AirPorts Copyright 2001 TidBITS Electronic Publishing. All rights reserved. Information: Comments: --------------------------------------------------------------- This issue of TidBITS sponsored in part by: * READERS LIKE YOU! You can help support TidBITS via our voluntary <- NEW! contribution program. Special thanks this week to Jerry Aman, Carolyn Leigh, and Ron Perry for their generous support! * APS Tech -- 800/395-5871 -- Burn a full CD in less than five minutes with the APS CD-RW 16x10x40 FireWire Plus. FireWire and USB ports let you easily connect to all recent Macs. Order at: * WinStar Northwest Nexus. Visit us at . Internet business solutions throughout the Pacific Northwest. * Small Dog Electronics: Epson USB Laser 5700i: $289! <-------------- NEW! Power Mac G4/450 Dual - New: $1,775! Refurb.: $1,649! LaCie USB CD-RW 4X/4X/24X: $119 FireWire 12x/10x/32x: $209 iBook G3/366: $1,199! -- 802/496-7171 * New Lower Price! NETLINE WIRELESS BROADBAND GATEWAY Only $299! An 802.11b access point and router all-in-one! Works with Apple AirPort. Macworld BEST OF SHOW AWARD Winner! * Bare Bones Software BBEdit 6.1 -- Built for Mac OS X The award-winning HTML and text editor is now native for Mac OS X. Buy, upgrade, or download the demo at our Web site: It doesn't suck. * MacAcademy: NEW TRAINING RELEASES!! FileMaker Pro 5 Naming <------- NEW! Standards, FileMaker Pro 5 Server, Lasso Web Publishing, FileMaker Pro 5 Advanced Scripting. View descriptions at: or call 800/527-1914 * ConceptDraw v1.6 -- Now for OS X! The Carbonized version of the powerful flowcharting and diagramming software is now available! Free update for registered users * Web Crossing: Ideal community software for news or media sites! <-- NEW! Customizable, scalable, and flexible, Web Crossing is the choice of top media sites such as The New York Times and CNN. Free 30-day trial demo at --------------------------------------------------------------- MailBITS/30-Apr-01 ------------------ **Bad Power Mac G4 Hard Drives** -- Apple has revealed that some Power Mac G4s (Digital Audio - those released in January of 2001) contain defective 40 GB and 60 GB hard drives that can damage files, cause data loss, and potentially prevent the computer from starting up. Only a limited number of machines sold in the U.S. and Canada are affected, so if you have a Power Mac G4 (Digital Audio) with a 40 GB or 60 GB hard drive, read the Tech Info Library's instructions on how to determine whether your Mac has a bad drive. If so, Apple will replace the drive under warranty. [ACE] **Palm Desktop 2.6.3 Supports Newest Handhelds** -- Palm has released Palm Desktop 2.6.3, a small update that primarily provides compatibility with the latest Palm devices running Palm OS 4.0. The new version updates Palm's HotSync synchronization software to improve data transfers using the m500 series' Universal USB Connector, plus adds the capability to transfer files to an expansion card (see "Palm Announces Thin Color m505" in TidBITS-573_). The update also fixes a problem with the Instant Palm Desktop extension. Palm Desktop 2.6.3 is a free update, and is a 6.1 MB download. [JLC] **BBEdit 6.1.1 Addresses Conflicts, Fixes Bugs** -- Less than a week after releasing BBEdit 6.1, Bare Bones Software has issued a minor update to fix crashes caused by bugs in St. Clair Software's Screen Catcher 2.3.3 and earlier (an update to 2.3.4 is already available) and Logitech's MouseWare 3.5.1 and earlier. Also fixed in BBEdit 6.1.1 are a crash related to bringing up the Forms/Button dialog, an About box drawing glitch, and a bug in which using root addressing for a URL incorrectly added an extra slash. The update is free and recommended for all users of BBEdit 6.0 and higher. Bare Bones has released updaters for both BBEdit 6.0.x (8.3 MB) and 6.1 (1.3 MB). [ACE] **Apple Releases QuickTime 5.0.1** -- After a long public beta, Apple has released QuickTime 5.0.1, enhancing performance and finally cleaning up the QuickTime Player interface. The former version's awkward circular volume control is gone, replaced by a sensible slider and complemented by control buttons sporting an Aqua appearance. Content creators, however, can now forego the interface entirely by designing their own custom interfaces. There are also improvements under the skin, such as a new DV codec that improves conversion to and from digital videotape, significantly enhanced AppleScript support, full support for MPEG-1 and Flash 4 media, and the capability to download new components as needed. QuickTime 5 also adds Cubic VR, which displays full 360 degree views of specially created QuickTime VR movies (previously, you were limited when viewing up or down), plus a new music synthesizer. The QuickTime Player is free, but you'll need to pay $30 to unlock the QuickTime Pro features (unless you registered after 12-Oct-00). QuickTime 5.0.1 is available both as a 408K Web installer and a 9.1 MB stand-alone installer. [JLC] **Outpost.com Adjusts Shipping Policy Yet Again** -- Less than a month after increasing its shipping charges a second time, Outpost.com has again adjusted its shipping rates to try to win back customers stung by the previous changes (see "I Saw Free Ships..." in TidBITS-567_ and "Outpost.com's Shipping Charges Increase Again" in TidBITS-574_). Outpost.com now offers second- day air shipping starting at $3.95, and overnight delivery starting at $5.95, depending on the weight of the items being shipped. This means reasonable shipping costs for lightweight items, but reasonable revenue when the company must ship heavier items. Company founder (and returning President and CEO) Darryl Peck said, "We think we have finally found a plan that works for everyone." Darryl also said that the company will no longer staff its phones from midnight to 8 AM Eastern time, when there were too few calls to warrant the required staff. [MHA] TenBITS/30-Apr-01 ----------------- by TidBITS Staff Other members of the TidBITS staff are also contributing to the TenBITS columns - our looks at issues and products surrounding Mac OS X - so check for initials after each item to see who's responsible for it. **More on Mac OS X's FTP Server** -- I hate being fooled by a special case. In last week's installment of TenBITS, I said Mac OS X's FTP server doesn't do MacBinary and noted that uploading files with resource forks wouldn't work. (If you're not sure what MacBinary is, see "Macintosh Internet File Format Primer" in TidBITS-455_.) That's basically true, but Mac users aren't likely to suffer file damage because most Macintosh FTP clients like Interarchy and Fetch automatically encode files as MacBinary if necessary (generally adding a .bin extension to the filename). That didn't happen in this one case, since the file that alerted me to the problem was a self-mounting image, and my Internet Control Panel file mappings for the .smi extension were incorrectly set to treat .smi files as Binary rather than MacBinary, probably due to Real Player taking over the .smi extension for another type of file. The real annoyance here is that because Mac OS X's FTP server doesn't understand MacBinary, as every other Macintosh FTP server does, files encoded into MacBinary and uploaded via FTP are unusable until you decode them with StuffIt Expander. And if you tried to download a file with a resource fork from Mac OS X via FTP without first encoding it manually into MacBinary format, you would lose the resource fork and wind up with an unusable file. Is it fair to ding Apple for this failing of what is essentially a plain vanilla Unix FTP server? The answer is yes in this case, since Apple exposes the FTP server in the Mac OS X interface via the Sharing control panel. If Mac OS X contained other Unix services which were unfriendly to Macintosh users but were available only through the command line, adding Macintosh support would be nice, but a lower priority. If this issue concerns you, let Apple know via their Mac OS X feedback page. While you're at it, you might mention it's been almost three weeks since the potential FTP vulnerability in Mac OS X's FTP server was reported - that's way too long to wait for an official statement regarding a security hole. [ACE] **Beware Apple's Mac OS X Installer** -- The self-mounting image that caused me trouble with Mac OS X's FTP server was for Timbuktu for Mac OS X. Even after I moved the file to Mac OS X successfully and mounted the image, Mac OS X claimed I didn't have permission to copy files to my Applications directory. When I checked, the admin group that included my single user was incorrectly set to read-only. After trying to figure out a workaround, I gave up and enabled the root user in the NetInfo Manager (see Apple's Tech Info Library instructions), logged out, logged in as root, fixed the privileges on my Applications folder, logged out, logged back in as myself, and disabled the root user again for safety. (Cumbersome, I know: I'm avoiding the command line as long as possible to evaluate Apple's claim that it's not necessary.) A few days later, I discovered how the privileges on my Applications directory had been changed. Dantz Development's Retrospect Client for Mac OS X used the Apple installer (indicated by a .pkg or .mpkg file), and Apple's installer rewrote my privileges. It seems, after I discussed the issue with Dantz, that the Apple installer _overwrites_ the permissions on the Applications folder with those automatically inherited by the installer, which can't be guaranteed to match those on the target system. Dantz wasn't the only company bitten by this issue - Adaptec's installer reportedly refuses to install if the permissions aren't right, and I've seen reports that Xtools from Tenon Intersystems also ran into related problems. But it gets worse: in an attempt to solve the permissions problem, Dantz rewrote their installer to use multiple packages (the .mpkg approach). However, if the user was logged in as root and the installer crashed during installation, it could _delete_ the Applications folder entirely. (Dantz pulled that installer instantly - in the middle of the night - when the first reports came in; they're working on a new one using MindVision's Installer VISE.) My subsequent investigations with developers have revealed that Apple's installer can also delete folders if they're used by one package, but not by a subsequent one. Workarounds for some of these and other problems have been found, and Apple is reportedly working on a new version of their installer. The moral of the story is that if you're a user and want to install a program released as a .pkg or .mpkg installer file, check for installation problem reports first, don't log in as root before installing, watch the privileges on folders touched by the installer, and make sure you've backed up at least your important data. If you're a developer looking to distribute a program, either don't use an installer at all (put your application in a bundle so the user can drag it to the Applications folder) or if you need root access or need to perform more complex installation tasks, consider an installer from another company. Both MindVision's Installer VISE and Aladdin's InstallerMaker have long provided developers - including Apple - with the flexibility, power, and reliability needed for complex installations. [ACE] **Interarchy 4.1 Adds Mac OS X Support** -- Stairways Software has released Interarchy 4.1, a free upgrade from Interarchy 4.0 with support for Mac OS 8, 9 and X. No release notes were available, so I assume there were no notable changes other than support for Mac OS X. It's a 1.8 MB download. [ACE] **DragThing 4.0.1 Replaces Dock** -- If you think Mac OS X's Dock is a crock, James Thomson's $25 shareware DragThing 4.0.1 offers a highly customizable alternative (while still working under Mac OS 8.6 through Mac OS 9.1). Although they can't actually replace the Mac OS X Dock's window minimization and Control Strip-like capabilities, DragThing docks can be placed anywhere on the screen and offer multiple styles and colors to help you visually organize your applications, folders, documents, and URLs. If you have plenty of screen space, you can open multiple docks at once, or you can specify that certain docks appear depending on which application is active. It's a 1 MB download. [JLC] **MYOB AccountEdge Goes Native** -- MYOB US, Inc. has released a carbonized version of MYOB AccountEdge, the company's small business accounting package. AccountEdge uses Mac OS X's Aqua interface and perhaps benefits more than most other applications from protected memory, since it's comforting to know that AccountEdge and its essential financial data is unlikely to be affected if another application crashes. Limitations in Mac OS X restrict AccountEdge to single user mode and prevent it from faxing reports, invoices, or other forms. The update is free to AccountEdge users with valid serial and customer numbers. [ACE] **The Moose Peeks Under Mac OS X's Hood** -- Mac OS X users who want to use the Unix networking tools underneath Mac OS X but are unhappy about Apple's minimalist tools or editing configuration text files - another hallmark of Unix "interface design" - can now turn to The Moose's Apprentice, or TMA. It's a well-documented utility that provides a Mac-like interface for controlling Mac OS X's underlying Unix network services. The final release will be $15; a free preview version of TMA 0.8 is available for download now and will expire on 30-May-01. The accompanying documentation (4 MB of the 5.3 MB download) explains many arcane Unix networking terms, a boon to Mac users! [MHA] **Tenon's Xtools 1.0 Brings X to X** -- Tenon Intersystems, purveyors of Macintosh applications built around Unix originals, has released Xtools 1.0, an X Window server for displaying on the Mac OS X desktop the graphical output from Unix applications running on remote Unix machines. Based on the latest X11R6.4 and XFree86 open source code, Xtools is a multithreaded Cocoa application that supports multiple processors and is optimized for the PowerPC G4's Velocity Engine. Xtools also supports Macintosh features such as multiple monitors and copy and paste between Mac OS X and X Windows applications. For brave Unix-savvy users, there's also an open source XonX project working on a free X Window server for Mac OS X, though it doesn't sound as though it's as far along or mature as Xtools. Xtools costs $200 ($100 for educational users) with quantity discounts available for both commercial and educational sites. [ACE] **Everybody Must Get Stoned** -- Stone Design deserves an award for the first piece of Mac OS X software to arrive here in physical form (it actually came in before we even received Mac OS X itself). Stone Studio is a $300 Cocoa-based suite of seven applications for graphics professionals, including an object- oriented drawing program, a time and billing program, and a number of smaller utilities for creating GIF animations, PDF documents from PostScript originals, and more. Not only does Stone Design earn points for promptness, but it's good to see completely new productivity applications appear because of Mac OS X. [ACE] Flying into Other AirPorts -------------------------- by Glenn Fleishman Apple started the wireless networking revolution with AirPort (and the rest of the industry acknowledges its role) but the AirPort Base Station is largely unchanged since its introduction nearly two years ago - no drop in price and only a few software updates that added overdue and welcome features. However, Apple is no longer the only provider of low-cost wireless access points as home users increasingly hooked up multiple machines, often with different operating systems, tied into broadband cable or DSL modems. Several companies now offer affordable wireless home gateways, which tie together firewall, router, and base station features into a single package costing between about $250 and $340. AirPort, at its heart, is an implementation of the industry standard IEEE 802.11b, now also known as Wi-Fi (Wireless- Fidelity). Because Apple and its technology partner Lucent adhered to the standard, virtually all PC and Mac equipment is seamlessly interoperable. All the equipment surveyed in this article works with Apple's AirPort Card, as well as PC and PCI Cards, and more exotic USB and Ethernet adapters from other manufacturers. The only difficulty a Mac user faces in using these other gateways is proprietary Windows configuration software; this survey excludes gateways with that limitation. All gateways noted in this article, except the AirPort Base Station itself, use a Web-based interface. **Wi-Fi Basics** -- Wi-Fi lets you set up a short-range network of a few hundred feet using a high-frequency wireless data exchange. A base station, called an "access point" by non-Apple manufacturers, acts as an always-on relay that shuttles data back and forth between wirelessly connected machines and a wired network connection (Ethernet or dial-up). Some access points can relay traffic among each other to extend the range without requiring a wired Ethernet node. You can also turn a single computer into a pseudo-base station using AirPort and other software, but that machine must be left on - and not crash - for others to relay through it. (For a general overview of Wi-Fi, see "Going to the AirPort" in TidBITS-567_.) The advantage of the new generation of home gateways is that they add firewall protection to the mix; some of them also allow you to protect both a wired and wireless local area network (LAN). The AirPort Base Station offers only a single kind of firewall-like filtering and doesn't help a wired LAN at all. These home gateways generally lack the network management and service robustness needed for corporate infrastructure, but easily handle the needs of a home or small office with less than a dozen machines and no high-traffic Web or Internet file server. Some gateways have built-in artificial limitations that restrict the number of simultaneous connections to 10 or 12, so it's worth reading the specifications carefully if you plan to put a large number of machines on a gateway. **Common Features** -- The gateways mentioned below share a number of basic features in common. * DHCP Server. A DHCP (Dynamic Host Configuration Protocol) server hands out IP addresses to local machines on request. This avoids messy management of addresses. Many DHCP servers embedded into home gateways work in a bridge mode that enables them to offer DHCP service to machines on the wired local area network as well as the wireless one. * NAT (Network Address Translation). Most gateways that support DHCP also support NAT, which is a way to give machines on your network access to the Internet without requiring an Internet- reachable address for each one. When a machine behind the NAT gateway accesses the Internet, the gateway passes the request on to the Internet, then returns data to the original machine. The rest of the Internet is aware only of the NAT gateway - it never "sees" the machine which initiated the request. Since machines behind the NAT gateway aren't directly accessible to the Internet, some manufacturers are promoting it as a firewall feature. Some NAT gateways allow you to "punch" through by creating a permanent inbound route through the gateway - this usually done on a port- by-port basis, so Web traffic (on port 80) could go to one machine behind the gateway, and SMTP traffic (on port 25) to another. This port mapping makes it possible to run Internet-reachable servers behind a NAT gateway. * DHCP Client. All of the gateways sport a DHCP client to request an address from a broadband provider. The gateway requires this client in order to route traffic through the provider if you don't have permanent Internet addresses for your network. * PPPoE (PPP over Ethernet). Some broadband companies use PPPoE as a security measure and/or as a session length control tool. Of all the gateways surveyed, only the Orinoco currently lacks this feature; Agere's FAQ says it's coming soon. Asante hasn't noted this detail yet. * Ethernet. All gateways include an Ethernet port for the wide area network (WAN), or Internet connection, and at least one port for the LAN. Many gateways offer switched 10/100 Mbps ports to increase network throughput among separately connected segments. For instance, on an office network, you might connect servers to one port and other machines to another, to keep office traffic from interfering with Internet traffic. * Modem. The Apple and Orinoco models include a built-in 56 Kbps modem that enables them to share a dial-up Internet connection with the rest of the machines on the network. The SMC Networks gateway has an RS-232C port - which can be converted to the Mac's old-style round serial plug - to connect to an external modem or ISDN device. * Print spooling. The Asante, Linksys, MaxGate, and SMC Networks gateways have a parallel port (as an extra option on some) to allow the unit to function as a print spooler for printing from Windows - not much of a bonus for most Mac users. * Dynamic DNS. Dynamic DNS services enable you to map a dynamically assigned address to a fully qualified domain name (like host.example.com) whenever the machine gets a new address from a DHCP server. Although some ISPs offer this service, only the MaxGate unit has a built-in DNS server and a trial subscription to a provider that handles the dynamic updates. **Configuration** -- Apple made an obvious decision early on, perhaps due to their relationship with Lucent, to require a Macintosh application to configure the AirPort Base Station. However, a Java-based configuration tool originally designed for Lucent's residential gateway will also configure Apple's AirPort, and it works on all platforms with Java installed. (Lucent, in the meantime, has spun off its wireless and related divisions as a new company called Agere. Agere's RG-1000 gateway comes with Windows- only configuration software, which tends to confirm the exclusivity theory.) Most companies instead opt for Web-based configuration. The biggest disadvantage of a Web interface is security. Because of the huge increase in wireless networks and the behavior of most equipment to announce new networks as they become available, it's trivial for neighbors or even passers-by to manipulate your gateway maliciously, or set it up for their own use. Most gateways offer simple password protection to access the gateway's settings; I recommend instantly setting that password before proceeding. (More obscurely, you can limit access to the specific Ethernet adapters on your network by entering the unique Ethernet Media Access Control (MAC) address of each machine, found in Apple System Profiler as Hardware Address in the AppleTalk section of Network overview, or in the Info dialogs (switch to Advanced mode to access them) of the TCP/IP or AppleTalk control panels.) Web interfaces are wonky at times, applying settings incorrectly or generating strange errors. Web forms also limit the kind of data you can enter easily, along with the overall ease of interaction. Adding lots of machines and complex firewall settings can become tedious. Luckily, you only have to do it once, since the gateways all store settings in continuous memory that's retained even when the device is unplugged. Many gateways also use flash RAM to store their firmware (the software that drives the hardware). However, you may need to use software specific to a platform to update the firmware. Farallon, for instance, makes both Mac and Windows software packages to update firmware rather than rely on a Web interface to upload a file and apply it. **Encryption** -- A separate issue is network encryption, which keeps outsiders from connecting to your network and provides some semblance of protection for the traffic that passes across it. Apple's AirPort, as well as most of the gateways surveyed, offer a simple form of limited security called Wireless Equivalency Protocol (WEP). It's taken a lot of heat lately as weaknesses have been revealed, so if privacy is paramount for you, don't rely solely on WEP. Corporations typically use some sort of Virtual Private Network (VPN) software with its own strong encryption to prevent breaches. Despite the recent reports, it's not a bad idea to use WEP as a reasonable and free line of first defense. There are some difficulties in setting WEP passwords that work under both Macs and PCs, or even among different PCs. First, you want to set only a 40- or 64-bit password, because that's all the AirPort system supports. (The two are identical: the 24 missing bits are an initialization vector, which is used only for marketing purposes to pretend the encryption is stronger than it is.) Second, you must convert the password from the five hexadecimal format numbers that PCs use (base 16 numbers) into the text that the Apple AirPort software requires. Apple's AirPort Admin software offers an Equivalent Network Password option, which is the hexadecimal sequence that PC software can employ. But none of the gateways surveyed offered an obvious method to take passwords in the other direction. **Firewall Protection** -- Because all the wireless traffic must wend its way through the gateway, most makers have put in firewall protection that blocks traffic and examines data as it passes between the Internet and your computers. All of the makers except Apple also provide two or more Ethernet ports so that a local wired LAN, if any, can also be protected by the same controls. The amount of control over firewall features varies by maker, as does the difficulty of allowing certain kinds of traffic to pass through. Some units log attacks; the only manufacturer mentioning this feature is MaxGate. The Farallon specifically does not log, and Asante hasn't released enough details about their unit yet to say one way or the other. **Gateway Rundown** -- Here's a summary of the unique features of each gateway. * Asante FriendlyNet FR3002AL. Announced in April at the Seybold trade show, details about this gateway are not yet entirely available. However, it is known that the gateway features two switched 10/100 Mbps Ethernet ports, one each for WAN and LAN connections. (Actually, it may have two LAN and one WAN; the report is unclear.) It also has a parallel port and built-in print spooler. The list price is expected to be $320. * Linksys EtherFast Wireless AP + Cable/DSL Router w/4-Port Switch. For $260, the Linksys gateway offers Web-based administration and four LAN and one WAN Ethernet ports; online documentation is scanty. * Farallon's NetLINE Wireless Broadband Gateway. The NetLINE's firewall controls allow different machines to be set up with varying levels of protection, and for specific ports (for services like a Web site or a mail server) to be exposed to the outside world while protecting the rest of a machine. For $300, the NetLINE Wireless Broadband gateway provides one 10/100 Mbps LAN port and one WAN Ethernet port. * MaxGate UGate-3300. Also $300, this gateway offers one WAN and one LAN 10/100 Mbps Ethernet port. It also features a built-in DNS server that works with an external service provider for dynamic DNS. Its firewall and access logging description make it sound like it's using a combination of NAT and packet filtering to provide security, rather than offering true port-based firewall protection. * SMC Networks Barricade 11 Mbps Wireless Broadband Router 4 Port. This $339 gateway has a parallel port for print spooling, three switched 10/100 Mbps Ethernet ports, one 10 Mbps WAN port, and firewall protection. It also has a unique feature: an RS-232C serial connection for an external modem or ISDN device so the company can provide the option of routing a dialup Internet connection without the expense of bundling a modem. **Making the Choice** -- Apple's AirPort Base Station clearly doesn't have as many features as some of these newer gateways (though it boasts a slick design and configuration through real Macintosh software). Of the newer gateways, my call goes to the Farallon NetLINE Wireless Broadband Gateway. In testing, I found its speed and reliability fine, and its configuration only mildly obscure. Most impressive is the NetLINE Wireless Broadband Gateway's firewall feature set, which rivals the best and most expensive personal firewall software available for Mac or Windows. If you're looking for an alternative to Apple's AirPort Base Station, you won't go wrong with this competitor from Farallon, and it's worth looking at the other units as well if you need specific features they offer. [Glenn Fleishman is a Seattle journalist who covers technology for publications like The New York Times, Fortune magazine, and Wired magazine.] $$ Non-profit, non-commercial publications may reprint articles if full credit is given. Others please contact us. We don't guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. This file is formatted as setext. For more information send email to . A file will be returned shortly. For information: how to subscribe, where to find back issues, and more, email . TidBITS ISSN 1090-7017. Send comments and editorial submissions to: Back issues available at: And: Full text searching available at: -------------------------------------------------------------------