OS Quest Trail Log

The OS Quest Trail Log #9

I spent the week dabbling in new software. Pixelmator is out of beta and available now so I looked at that. Still reminds me a lot of Photoshop Elements, lots of palettes. The so-called HUDs are really just transparent palettes. Both are nice but Acorn has more than I currently know how to use and the price is great ($40) so I decided to go with Acorn. Pixelmator is $59. I suspect they may keep leapfrogging each other in terms of features and ease of use and I doubt either would have been a bad choice. Eval versions are available for both. Jon Whipple has a comparison of Acorn, Pixelmator, iPhoto and Graphic Converter.

Also in the area of images, I’ve been using Xee. Xee is an image viewer & browser for the Mac. Xee opens up a directory and can be used to quickly scroll through all the images in that directory. Xee can also do some limited file management, conversions and can do a slide show. Xee is a free (donation-ware) app.

I’ve been using the MailPlane beta for a little over a week and now that pricing is available I just bought a copy of this great program. MailPlane is a desktop app that integrates with GMail on the web. It doesn’t move the mailbox locally, simply provides great integration. You can manage multiple GMail accounts in MailPlane which is a huge benefit. MailPlane also brings Mac Keyboard shortcuts to GMail, iPhoto integration and general ease of use. MailPlane has special pricing until the beta ends. Beta invites are still available.

I’ve also been looking a Mac software to do screen captures and demos. The two that pop to the top of the list are IShowU ($29) by ShinyWhiteBox and SnapZ Pro X ($69) from Ambrosia Software. Even though SnapZ Pro is more expensive it made a more favorable first impression. it also has more features and is able to do screenshots and movies. There’s eval versions of each. The iShowU eval adds a watermark to the videos. The SnapZ Pro X demo was used to make the video used for the tip father down in this post.

I’m still really liking the new Apple Aluminum USB keyboard after a full week of use.

Software Updates

Panic Transmit 3.6.1 contains several bug fixes. See the release notes for details. I use Transit to do some backups via Automator scripts. I always know when there’s a update because when I check the Mac in the morning the update notification usually causes the automator script to throw up an error. I could turn off update checks but I’d prefer an error one night over missing an update notification. I usually just make a note and tell Transmit to ignore it then do the update when I get a chance. As with any program that uses the keychain you’ll have to confirm access the first time the updated program runs. So, if you use automator scripts be sure to run the app after upgrading (wouldn’t you want to test it anyway?).

As already mentioned in this blog, there were several updates from Apple that I installed earlier in the week.


I was using Vista recently and went to do a “Start” -> “Run” to execute a program. In Windows XP I use the run box for everything from opening drives to running programs. So this was a problem that needed to be solved. There’s two ways around this. Use the <Windows key>-<R> key combo to display the run box whenever it’s needed (<Command>-<R> on a Mac under Parallels or VMWare) or change the setting to always display it on the menu. Here’s a QuickTime video tip showing how to change the run box setting.

Links & News

Microsoft’s stealth update doesn’t seem to be problem free. Windows Secrets is reporting that Microsoft’s secret update causes problems when doing an XP repair.

Apple had a bit of a manufacturing problem and shipped some MacBooks and MacBook Pros without Journaling enabled. They’ve released an update to remedy the situation.

Microsoft Home Server released an update a few days ago. Home Server seems like a really cool product, but is anyone selling them yet? Does seem like it’ll be a hard sell – a PC that sits off in a closet or someplace that you don’t actually sit at an use.

LifeHacker faced off Parallels and VMWare for Mac virtualization software to see which their readers voted for. The completely unscientific results have Parallels ahead with 53.4% of the votes. Another Lifehacker poll pitted Mozy against Carbonite. Mozy is ahead with 55.2% of the vote at this point.

Ars Technica has a good summary of Microsoft Vista Ultimate Extras fiasco.

1Passwd is available for 20% off through iSlayer. 1Passwd is a Password manager for the Mac. I don’t use it but I love the stuff iSlayer does (for free). They get a cut when it’s purchased through them so I figured I’d pass it along.

Random Access

Security Quest #3: Intellitxt and PDFs

One of the most popular posts on the Spam Chronicles site was my post on blocking IntelliTxt ads from back in April. I’ve decided to reprint it here. The company offering them is Vibrant Media. They do allow a way for users to turn off the ads, although this feature has to be implemented by the webmaster and my experience is that not many do.

If your at a website that has these ads first check to see if there’s a link to turn them off. If there’s not and you want to keep visiting the site you can turn off Javascript. But this may break other things on the site and you’d probably want to turn it back on when you leave the site. All in all, an annoying solution.

There’s another alternative if you use Firefox. You can install the GreaseMonkey add-on for Firefox then install a GreaseMonkey script to block the ads.

Install the GreaseMonkey add-on from it’s page Firefox Add-on directory. You’ll need to restart Firefox before the plugin becomes active.

Then install the “Disable Text Ads” from These pop-up ads should now be disabled. Be sure to check for script updates as these ad vendors change their methods constantly and new vendors pop up.

For additional GreaseMonkey scripts you can visit and visit the home of the Disable Text Ads script author at

Adobe Reader PDF Vulnerability

A security researcher, known as pdp, is reporting a “High Risk” vulnerability in Adobe Acrobat Reader (versions 7, 8 and 8.1) that can be used to run any program on a Windows PC. According to pdp (in the comments) non-Adobe Readers (such as Fox-it) may be affected although it may be less severe by requiring a user confirmation. There’s a video on pdp’s site (in the comments) that shows the exploit running calculator. The program already has to be on the PC but there are ways to accomplish that. Ars Technica mentions that putting both the executable and pdf in the same zip would accomplish this. Vulnerability

All versions of except the very latest have a vulnerability that can be used to execute code. users should upgrade to the latest version to plug the vulnerability. Version 2.3 plugs the whole and it was released on Sept 17th.

Google Vulnerabilities

ZDNet has a blog posting about vulnerabilities in various Google products – GMail, Blogspot and their search appliance.

Security Software

AVG Anti-Virus Free Edition got another minor update this week. It’s up to 7.5.488.

Avira AntiVar Personal Edition has been updated to version Antivar Personal is a free anti-virus software for Windows, including Vista.

News & Information

TechDirt has a story about Symantec accidentally issuing a “Threatcon 4” warning which means there’s “extreme global incident activity” in progress. It was a false alarm due to a software test. It appears only TechDirt noticed.

Symantec also issued a warning about bluetooth security. A study by InsightExpress said that 73% of mobile device users aren’t familiar with mobile device security issues. No mention of what has to be a forthcoming Symantec product. Symantec does offer some common sense steps to take: stay offline, stay invisible, verify incoming transmissions, and use passwords. In my case I turn off bluetooth. I have a habit of losing every bluetooth headset I get. The last one vanished within a day.

Security Fix has the story of someone who’s email account was hacked and ransomed for $100. In a twist, the payment was actually to go to a phishing site so they were probably after more than the $100. Also a good lesson about using the same password across emails and online accounts as he had to scramble to change online accounts that shared the email password.

OS Quest Trail Log

The OS Quest Trail Log #8

Another short update for the log.

I spent some time trying to install Boot Camp on my iMac. It couldn’t resize the existing partition to make room for boot camp. I could image to another drive, then erase and image back. But I decided to try out iDefrag and explore the whole OS X doesn’t need defragging thing. My 500GB drive with about 250GB of data had 0.5% fragmentation, after being used for about 9 months. As expected (because they’re large and written to often), the Parallels VM drives were the most highly fragmented as were some Aperture library files. Songs in my iTunes library were also highly fragmented which did surprise me. After a night of running iDefrag my hard disk was compacted and I could repartition it for Boot Camp. So I’ve added a Windows Vista install to the mix, installing it with Boot Camp on my iMac,

Software of Interest 2.3 has been released. The release notes for the open source application provide the list of enhancements and security fixes.

iStat Pro 4.2 has been released for OS X. iStat Pro is a dashboard widget that displays numerous OS stats.

The popular Carbon Copy Cloner has been updated to version 3.

Acorn has been updated to version 1.0.1. The update is mainly bug fixes but has a few minor new features. Acorn is a image editor for the Mac that has a $40 intro price (there’s also a 30-day full-featured evaluation version).


I’ve been having network problems running Vista under VMWare on my MacBook. Every once in a while I lose network connectivity. Everything shows as “working” but it’s not. I do a repair and all is well. Scott Hanselman has a post showing how to “Reset the crap out of your network adapters in Vista.”

Links & News

Yahoo acquired Zimbra for $350 million. There’s a Yahoo blog entry and press release. Zimbra provides email and collaboration software. Speculation is that this will help Yahoo create an offering to compete with Google Apps.

IBM announced I.B.M. Lotus Symphony. Symphony is an office productivity suite based upon the open source The announcement follows the recent announcement of IBM formally joining the community.

Google added the long awaited presentation app to Google Docs & Spreadsheets. It’s called “Presentation” (and Google Docs and Spreadsheets is now just Google Docs)

Random Access

Security Quest #2: PayPal Security Key & Weekly Update

PayPal is piloting a new feature that more financial institutions should consider and every PayPal client should use. They are making Verisign security key fobs available to PayPal users for a nominal cost of $5 each. The cost includes shipping.

The key fob generates a new six digit password every thirty seconds. You enter this, along with your password, when signing onto PayPal. Even if someone gets your password they cannot access the account without the key fob (well, there is an exception).

PayPal’s Security Key FAQ sums up it’s benefits:

Because it gives you an extra layer of security when you log in to your PayPal or eBay account. Most websites keep your online account safe by only asking for your user name and password to verify your identity. The PayPal Security Key gives you an additional security code that only you know about. That makes your account more resistant to intrusion. Plus, the Security Key’s easy to use.

PayPal does allow access if you lose the key or it breaks. The FAQ states they’ll ask you to confirm account ownership. After entering your password you’ll be asked to verify account information (by providing the full account numbers) or by answering your security questions. This method can be used to access your account when you don’t have your security key or to deactivate the key if it’s lost or broken.

Since PayPal is owned by eBay it’s no surprise that the key can also be used with eBay. While key fobs are a great security idea, one key fob per account isn’t feasible. The key fob is issued by Verisign and can be used their Personal Identity Provider (PIP) service which is in beta. PIP is OpenID enabled and can be used at sites that are OpenID enabled.

For information about the PayPal security key logon to your PayPal account and go to

Security Updates

Firefox has been released. The only patch in the update is to fix a critical security vulnerability when dealing with Quicktime media files. The vulnerability bulletin only mentions Windows as an affected OS but the update is for all platforms. The update is being sent through Firefox update and is available for direct download.

Security Software

AVG Antivirus Free Edition has been upgraded to version 7.5.487

Security News, Information & Discussion

The Unofficial Apple Weblog has a good article on using the OS X keychain application to store and locate passwords.

Ars Technica, among others, is reporting that spammers seem to be turning their botnets against anti-spam sites. Speculation is the attacks are from those controlling the Storm worm botnets although it may be customers paying for the attacks.

The Washington Post Security Fix blog is reporting that the RightMedia ad network was serving banner ads trojans. Rightmedia has banned the ads which were served by Photobucket, MySpace and others. RightMedia was recently purchased by Yahoo.

The Spyware Guide brings an update of spammers use Skype for a rogue anti-spyware scam.

There were a couple recent articles about managing spam comments in WordPress blogs:

  • Internet Duct Tape talks about use Akismet Auntie Spam, a Greasemonkey script for Firefox, to manage spam in WordPress.

TD Ameritrade issued a press release concerning an internal audit of their systems. They were investigating stock-related spam and found “unauthorized code” in their systems which has now been removed. They say only contact information was stolen. Ameritrade customers might want to think about new email addresses – and a new broker.

Media Defender, an anti-P2P company, made news recently after over 700MB of their emails were made public. The emails directly contracted the companies public statements over questionable tactics the company was accused of using. Media Defender employee Jay Mars forwarded all his company email to a GMail account. The GMail account was used as the conduit to get the emails. The lesson here is no matter how secure a company tries to make it’s systems employee actions are always the weakest link.

OS Quest Trail Log

The OS Quest Trail Log #7

It’ll be a short log this week. While the Quest has been busy this week, most of the work will make it into individual posts during the next week. I’ve been looking at Jungle Disk and Amazon S3 for backing up. I’ve also been looking at Microsoft’s free SyncToy as a simple backup alternative.

Software of Interest

Flying Meat has a new image editor out called Acorn that’s receiving positive reviews. From a feature perspective it seems to be a steal at it’s $40 intro price (no mention when the price goes up). I downloaded the eval and like it’s ease of use. I couldn’t get it to print properly but haven’t had time to dig into it. I’ve only spent about an hour looking at it but it made a favorable impression. With Adobe Photoshop Elements still not a universal binary (and will probably cost more than $40 to upgrade once it is) Acorn has come along at a good time. But it’s going to be a crowded field with Pixelmator in private beta and Iris promised soon after Leopard.

Growl, the open source system notification tool for OS X has been upgraded to version 1.1.

Adobe Lightroom 1.2 was released. The release notes (PDF link). The “upgrade” is a download and install of the full product which is a 40MB download for the Mac.

CyberDuck, the popular open source FTP client for Mac OS X has been updated to version 2.8.

Links & News

Lifehacker is running an unscientific poll of online backup software, At this time Mozy has the most votes and is just slightly ahead of “My data lives on the edge.”

IBM has thrown their support behind It’s discussed at Slashdot.

A great podcast was mentioned on a recent Mac Break Weekly. It’s from a music company and it contains free music without DRM. Image that, a music company views the Internet and podcasts as a way to promote music. The company is Magnatune. Their website banner and podcast intros proclaim “We’re not evil.”. The podcasts are about an hour long and are grouped by types of music. I took the “Everything” feed and get a nice mix of music types and have yet to get a podcast that wasn’t worth the listen.

SCO filed for Chapter 11 last Friday.

Random Access

Security Quest #1b: Microsoft Patch Tuesday

Another month and another Microsoft Patch Tuesday so there’s another set of patches from Microsoft. This month is relatively mild. The only OS Security update is for the old Windows 2000 SP4, nothing for Windows XP or Vista. The Visual Studio and MSN Messenger updates are only rated as “important”. These should still be installed as the rating indicates an exploit that could have serious repercussions. It just means the exploit can’t be used to spread malware without user action.

None of these updates apply to my Windows PCs or VMs so all I got was the malicious software removal tool which doesn’t require a reboot.

MS07-051 is a “critical” update for Windows 2000 SP4.

MS07-052 is a “important” update for Visual Studio .Net 2002, 2003, and 2005, including those versions updated with SP1.

MS07-053 is a “important” update that applies to various versions of Windows Services for Unix. If you run Windows Services for Unix check the bulletin, you probably need to update.

MS07-054 is an “important” update for MSN Messenger 6.2, 7.0, 7.5 and 8.

Random Access

Security Quest #1a: Introduction and Catching Up

I’ve been running another site called the Spam Chronicles which was last updated after Patch Tuesday in August. I’ve accepted that I don’t have time to keep both sites up to date. So, long story short – I’ll stop even thinking about updating the Spam Chronicles and will instead incorporate the new content here when it’s appropriate. The current Spam Chronicles will stay up, no reason to pull it down. (The site has been shut down.) When winter sets in I may find time to do a redesign.

A new feature here will be the Security Quest postings. I plan to do these every Wednesday (or so) since that gives me one easy topic each month – Microsoft Patch Tuesday. Today’s patch Tuesday information is in Security Quest #1b which will follow shortly. This one will serve as a round-up for news and information.

Software Updates

WordPress 2.2.3 is a security and bug fix release.

iTunes 7.4 (now 7.4.1) contained a security update which wasn’t mentioned in the download notification. If you get music files from unknown sources you should apply the update. If you only rip commercial CDs or download from iTunes you can hold off.

Lavasoft recently update Ad-Aware to work with Windows Vista. This includes the free version.

BitDefender recently updated the free version of their anti-virus software to version 10.

Security Information, News and Discussion

Skype is reporting that a worm is being spread through Skype for Windows. The worm spreads through the chat feature. via Wired Compiler Blog

Ars Technica has the story of Swedish security researcher that used TOR (The Onion Router) to collect password for embassy employees. TOR is used for anonymous Internet communication. He ran a sniffer on some tor exit nodes operated by his company. Unfortunately tor users probably didn’t realize their traffic was exposed to tor operators. A little encryption would help.

Ars Technica is also reporting an increase in botnet attacks on eBay users with the goal of stealing their eBay identity.

Mac OSX Hints tells us how to secure our Wireless connection at Starbucks. (Haven’t tried this myself, not being a T-Mobile user) via Lifehacker. has the story of the Quechup social network using questionable techniques to get users. They want to make YOU the spammer. They will ask for you email address and password (for common email systems like GMail) and then send invites to every member of your address book and send them under your name. First, never give anyone your password. Second, avoid Quechup. Hopefully the company will fail.

It’s legal to call spyware “spyware”. Techdirt has an article about a lawsuit against anti-spyware vendors being dismissed.

Slashdot has a discussion of the Ophcrack opensource Windows password cracking program.

Microsoft Patch Tuesday news will be in the next post.

OS Quest Trail Log

The OS Quest Trail Log #6

It was a light week here at The OS Quest, caused by some business travel mid-week and catching up after a long weekend.

Comcast broadband continues to run well except for some points where it just stops. Since the outage seems to stay in effect until I power-cycle the cable modem I’m assuming I don’t miss any outages. I this case the lock-up always seems to occur when I’ve been uploading for a long time. For example, an overnight backup. Eventually the problem will occur when I have the time and patience to call Comcast tech support. My past experiences with Comcast tech support is in line with the surveys – it’s not good.

Apple’s announcements this week didn’t excite me. Don’t get me wrong, I want one of everything except the iPhone, but my current iPod is just fine for me. But when it dies I’ll have a hard decision – the 160GB data center in my pocket or the slick interface wireless PDA with limited storage. I’m hoping my iPod lives to see the next iPod Touch version which will hopefully have 32GB (I’ve given up on iPod touch with a hard drive). That will still be a tough decision.

Which brings me to my comment to iPhone early adopters. It was worth waiting in line and worth the price when you bought it. It’s technology. It’s always getting better or dropping in price, or both. Wait until you need it or you consider it’s worth the value. Then suck it up. But I have to admit, a 33% price drop after a little more than two months is Apple sticking a finger in your eye, even if the cellphone market is competitive.

In old business – I mentioned in the last trail log that I couldn’t bridge the LinkSys router. Bob Plankers left a comment suggesting just using the Ethernet switch ports to connect. You can check out his own site at The Lone Sysadmin.

Links & News

iStatsMenu 1.1 has been released by iSlayer. This is a free, must-have app for any Mac user who likes stats. In my case, I choose to display memory, CPU usage and network bandwidth used, along with the enhanced calendar/clock on my iMac. For my MacBook I add the temperature. For all the stats in one view I use the iStatPro Dashboard widget.

jkOnTheRun brings news of Virtual CloneDrive which is freeware for Vista. It can be used to mount ISO (CD) images as virtual drives in Vista.

The BBC, among others, is reporting that Sony has new rootkit problems. The problem was originally found by F-Secure. At least in this case the user knows they’re installing software and there’s an uninstall routine. The rootkit is related to biometric security on Sony’s USB memory stick.

UneasySilence has information on how to get your personal information out of Internet search results.

Lifehacker brought news of a posting of 40 Free Windows Apps at the Technology Bites blog.

OS Quest Trail Log

The OS Quest Trail Log #5

It was a big weekend here at the OS Quest Data Center so I figured I’d wait for the long weekend (made even longer with a vacation day on Friday) to end.

With my switch to Comcast I have a little time with both DSL and Comcast since the DSL will run for another couple of weeks. A co-worker suggested I keep the DSL as a backup or to increase my bandwidth. Being a router guy he happened to have a Xincom XC-DPG502 router that he sent me. Since it didn’t cost me anything (except time) I figured I’d check it out. Once I packed the Xincom back up I pulled out my new Apple Airport Extreme Base Station and set that up.

Xincom DPG502 Router

While not the typical home router the Xincom is a relatively low cost router ($180) that has two WAN ports that can be set up to load balance or to operate as a fail-over backup. Even ignoring costs I decided keeping DSL and using the Xincom wasn’t for me. Many secure connections (such as https websites or my Mozy backups) can’t bounce between ports so they stay on the WAN port they first get. I found many times my connections were using the slower DSL connection and it was processing 50% of the traffic even though the load balancing said it should use only 10%. I also had a problem accessing some websites through the Xincom although they were accessible through a different router. It took awhile to get there but I eventually narrowed it down to the Xincom even though it didn’t make much sense.

The fail over feature seemed to work well although the connection has to be down hard. You can also set the router up to connect to a server on the Internet and consider the link down if it’s not accessible. The router can also be set up to connect to a server on the Internet and mark the wan port as down when it’s not accessible.

Apple Airport Extreme Base Station

Once I had enough fun playing with the Xincom I packed it up to send back and pulled out my new Apple Airport Extreme base station. I wanted to set up a 802.11n network for my Apple TV, my Macbook and once I get a USB 802.11n USB adapter my Mac Mini. In addition to the extra speed I’m hoping to avoid the interference I always run into since I live in an apartment complex. It also give me gigabit ethernet and the ability to attach a USB drive.

The installation is a bit different in that I had to install the Airport Utility (which required a reboot) on my iMac and then update it through software update before I could install the Airport Base Station. Then I had to update the firmware on the base station once the Airport Utility connected to it. I’m used to accessing the routers through a web browser but in this case it’s done through the Airport Utility.

It took longer than I expected but ended up being problem free.

Linksys Won’t Bridge – 2Wire Will

In order to keep only 802.11n devices on my Airport to avoid degrading the speed I needed to set up a second wireless access point for my 802.11 devices (Tivo, old Windows laptop, occasional work laptop). I figured I could just use my Linksys but that was no go. There’s no Bridge mode and when I found a third party firmware that could do it I ended up not being able to flash the firmware. I then found I could bridge my 2Wire gateway so I was able to set that up.

So now my network consists of the Airport Extreme connected to the cable modem and providing the 802.11n network. It also provides the ethernet cable connection to my iMac and the DHCP addresses for everything on the network. The Airport is connected via ethernet to my 2Wire 2701-HG gateway. The 2701 just provides the 802.11g wireless network and it’s in bridged mode. It’s own wan connection is unused and DHCP to its wireless devices is provided by the Airport.


I’m liking the speed of Comcast. But all is not perfect. I’ve had some problems where the connection just drops and I have to power cycle the cable modem. It usually happens overnight so I don’t notice until morning. Since I’ve been in vampire mode this weekend I’ve been on the computer when the connection goes away and power cycling the cable modem always fixes it. Jumping to another PC also fails to connect to the internet so it’s not an iMac problem. Even though cycling the modem seems to fix it, it does show activity.

New Business

With my move to cable for internet I’m looking into dropping my phone land line completely. Anyone who I want to talk to already has my cell phone number. The only ones who call my land line phone are telemarketers. I want another phone number that I can give to people who I can’t trust with my cell phone (potential telemarketers) so I’m looking into Skype and some other options. I also just came across an offering from AOL which seems like it might fit the bill.

I finally got motivated to head out and take some pictures. My latest camera, Panasonic DSC-LZ8. It’s a SLR-looking point and shoot with a 12X zoom that also shoots RAW. The downside is that OS X doesn’t have a RAW converter for it so iPhoto and Aperture won’t read them. Adobe Lightroom will read them so I installed the 30-day evaluation. When shooting RAW the LZ8 also saves a JPG so I did a quick comparison. I imported a couple of RAW photos and exported without any processing. The corresponding JPG was slightly better (so it was processed by the camera) and of good quality in my opinion. What I didn’t expect was how much I’d like Lightroom. It just seemed more intuitive than Aperture for importing, organization and quick processing.

Links & News

NeoOffice 2.2.1 is now available. NeoOffice is an OS X port of At one time NeoOffice required the installation of X11 but that’s no longer the case. While it’s been awhile, and several versions, since I used it my previous experience was that it was to big, slow and cumbersome for my limited needs (same complaint about at the time).

Lifehacker brought a link to a series of cheat sheets for every character key on a Mac.

BuiltWith is a website that tells you what tools are used on a website.