iWeb 2.0.3 Released By Apple

Apple has released and update for iWeb. iWeb 2.0.3 has the wordy description of:

This update addresses compatibility with Mac OS X.

It’s available through Apple software update and as a direct download. No reboot was required when I installed the update.

Since there’s not much else to say about this update I’ll throw in a little rant. Apple released iWork updates yesterday and an iWeb update today. There’s no security implications mentioned. Couldn’t they have released them at the same time so I’d only be interrupted once? It’s not like they needed extra time for the release notes. While I really want to keep my software updated all these updates (including non-Apple updates) are getting tiresome. To tear down my own rant – Apple software update defaults to checking once a week (if I remember correctly) so if I had left the default I would have probably gotten the updates all at the same time.

Apple Updates iWork ’08

Apple released updates for all three iWork apps yesterday. The updates are available through Apple’s software update or as direct downloads. Apple was typically circumspect in their description of the updates.

Numbers 1.0.2 and Pages 3.0.2 are both described as:

This update addresses compatibility with Mac OS X.

Keynote 4.0.2 gets the relatively long description of:

This update primarily addresses performance issues while playing or exporting presentations.

I rarely use any iWork app but I didn’t have any problem installing the updates or opening a document in each app after the update. No reboot was required.

Windows Vista SP1 RC Refresh

Microsoft released a “refresh” to the Windows Vista SP1 Release Candidate. I’ve been running the original release candidate in a VMware virtual machine on my MacBook. They released the update back on January 11th but I didn’t get around to starting the upgrade for another week. The update isn’t automatic, even with the original RC installed. The update was problem free, despite requiring several hours.

The original release candidate had to be uninstalled prior to the upgrade. This was done by going through Control Panel in the Windows Update/View Installed Updates section. It took about an hour and included a couple reboots but once it started I could just walk away. According to the instructions from Microsoft even after the uninstall was finished I needed to wait an hour for things to settle down. Sure enough, checking the logs after the uninstall showed that the installer was still cleaning things up.

After I did the uninstall, Microsoft’s automatic update installed the regular Windows Vista security patches that had been released since I installed the SP1 RC. They weren’t sent to the release candidate. At this point I had killed an evening and decided not to install the refresh right away.

The installation of the refresh used the same process as the original release candidate. I again installed it through automatic update so I downloaded the file that modified the registry to have automatic update get the update. It downloaded and installed the two prerequisites without a problem. A third prerequisite is needed by some, but I didn’t need it. Even though I kept checking the refresh didn’t appear even after getting the prerequisites and I again gave up as it got later than I wanted to start the 2+ hour process.

The next night the SP1 RC refresh was waiting for me. The install took about two and a half hours, including the download and a couple reboots. I haven’t noticed any real differences or problems. But then again, I don’t use this instance of Vista for very much and if I did I probably wouldn’t risk a release candidate on it. The time required to do the update would also be a killer if it wasn’t in a virtual machine that allowed me to keep using my MacBook while the update happened.

Bluehost: Upgrading to PHP 5

This post is obsolete and screenshots have been removed.

Since development of PHP 4 ended in 2007 it’s time to finally move on to PHP 5. This website is hosted by Bluehost and they provide the PHP installation, so there’s nothing for me to actually install. Bluehost provided the ability to determine which version of PHP I want to use on my site through a Cpanel setting. All sites running under the same Cpanel account have to use the same PHP version.

To pick the PHP version on Bluehost click the PHP Config icon in the Software/Services section of Cpanel. The following options will be displayed:

image lost

Bluehost directs you to the PHP Migration Guide at php.net in the event you need to verify your code. In my case all my PHP was in WordPress or WordPress plugins. I had the latest WordPress version so I knew I was safe there. All my plugins are still actively developed and I had recent versions. So I should be all set with PHP 5, which is a good thing, since I really didn’t have anyway to test this unless I installed a whole new server. So I decided to make the change when things are slow and do some quick testing.

So I went from PHP4 to PHP5 (FastCGI) about a week ago and everything seems to be running just fine.

The OS Quest Trail Log #22: Abridged Edition

This week’s Quest included progress in the Ubuntu Server series with articles on setting up iptables and getting comfortable with Ubuntu. So now I’m at the point where I can start installing the server software. MySQL will be first up. I also started down the Windows Home Server path and I’ve been looking at some add-ins to move beyond the simple file sharing and PC backups.

I’m starting a new day job next week so this week will be busy transitioning the old stuff and next week will be getting up to speed on the new stuff so the next week or two are likely to be light ones on the Quest. But then again, I need to have some fund.

Software Updates

Transmission 1.01 was released which was a minor upgrade to the 1.00 version of my favorite bittorrent client. The update is available through the programs own auto-update feature. Changes are covered on the Transmission page and include performance and OS X specific improvements.

1Password by Agile by Agile Web Solutions has been updated to version 2.5.9. The update is available through the programs own auto-update feature or as a direct download. Changes in 1Password 2.5.9 includes a new password strength meter among over 40 new features, changes and fixes.

WordPress now using PHP 5. I switched over to PHP5 on my server and all seems well. I’m using the latest version of WordPress and what few plug-ins I use are also current and actively developed. I’ll post more info once I know things are working OK. Let me know if you have any problems with the site. Active development of PHP 4 ended at the end of 2007 although security updates will continue until August 2008.

Remote Desktop Connection

While Microsoft may prefer that all Windows Home Server (WHS) administration occur through the Windows Home Server Console, there may be times where you want to be on the actual server console, as if you connected a monitor and keyboard to the server. You can use Microsoft Remote Desktop in order to do this.

Microsoft Remote Desktop is already installed with Windows Vista. To run it just go to the Start -> Search box and start typing Remote Desktop. It’s also included with Windows XP where it’s in the Accessories -> Communications menu group.

It can also be installed on Windows 2000 Professional and and earlier OS’s by downloading it from Microsoft.

When the remote desktop client starts you’ll first be for the computer to connect to. Once that’s entered you’ll be prompted for the user name and password. Use administrator as the user name. Use your Windows Home Server console password as the password and you’ll be on the server.

You’ll see a ominous message warning you about bad things.

 

It’s open in IE so just close the window and you’re on the server desktop.

Ubuntu Server Project #5: Getting Comfortable With Ubuntu

This is a bit different than the other posts as I won’t actually be installing any major software. Instead I’ll be customizing Ubuntu to make it easier for me to use and finding programs to monitor my server.

System Information

First I’ll want some commands that tell me about the system. Since there’s only 256MB of memory allocated to this Ubuntu Server virtual machine I’ll want to keep tabs on memory usage. I can do this with the free command and use -m to have the info displayed as easy to read megabytes.

free -m

This will display the amount of memory used.

 

The first line includes cached memory so I’m more concerned with the second line which shows I’m using 16MB and have 233MB free. The third line shows I’m not using any swap space which is nice. This will be my baseline and I can monitor it as I install software.

If I want more detailed memory usage I can use cat /proc/meminfo.

If I need a reminder of the version I’m using I can use cat /etc/issue which will display the Ubuntu version. lsb_release -a can also be used to display version information.

The top command displays information on running processes and system resources. It’s updated in real time and you can exit by typing q. Pressing <shift>-<m> while top is running will sort the processes based on memory usage.

uname -a prints the machine name and kernel information along with a few other things.

 

As the above output shows it was necessary for me to use a different kernel in order to run Ubuntu under Parallels.

df -h can be used to display disk usage in MB. -h means human readable as opposed to blocks.

Screen

Screen is a terminal multiplexer that allows multiple sessions in one terminal window much as the console does. In addition, it provides the ability to disconnect a session and return to it later, or continue processing if a session is interrupted.

To install screen I execute:

sudo aptitude install screen

As a side note: Even though I left the Ubuntu Server CD image connected to the VM I had to mount it manually for aptitude to use it. I issued mount /cdrom to mount it.

There’s a good screen tutorial at Linux Journal so I won’t go into it here.

Build-Essentials

Build-Essentials is a Ubuntu meta-package of programs that are frequently needed to properly install other programs so I want to install it. I run:

sudo aptitude install build-essential

The install is problem free.

Shortcuts (Aliases)

There’s some commands I’m going to be using a lot. To save time typing, especially since my typing is pretty bad, I set up some aliases. I open my bash configuration file in the nano editor so that I can add some aliases.

nano ~/.bashrc

I scroll down until I find the Alias Definitions section.

image lost

 

I uncomment the last 3 lines shown above so that I can put the aliases in a file. I could add the aliases in this file but I like the idea of using a separate file just for the aliases. Remove the # to uncomment the lines. I save the file then use nano to create the ~/.bash_aliases file.

nano ~/.bash_aliases

I add the following aliases to the file:

alias free="free -m"
alias install="sudo aptitude install"
alias newalias="nano ~/.bash_aliases"
alias remove="sudo aptitude remove"
alias update="sudo aptitude update"
alias upgrade="sudo aptitude safe-upgrade"

The first one makes it slightly easier to get free memory, the third opens the alias file for editing while the other simplify the aptitude command line. To run the command I can just type the alias, adding any necessary command-line options after it. It’s necessary to logout and login when making these changes since the bash configuration is only read during logon.

 

Well, I’ve got aliases to make my life easier and I’ve got system utilities to monitor resource usage as I install new software. Next on the agenda is the MySQL installation.

Using the Airport Extreme for USB Printing

When I rearranged my office recently my printer ended up about 8 feet from my computer and the cable was only 6 feet. USB cables were too expensive locally, close to thirty bucks for one long enough. So I ended up ordering a Belkin 16′ USB Cable for less than $8. Ok, they got me to order a book from my wish list to get above $25 for the free shipping. But that was a 16 foot cable and a book I’d eventually order for less than a what a 11 foot cable would cost locally. USB 2 is limited to 5 meters which is about 16 feet so I was getting the longest cable I could use without getting into repeaters or powered cables.

But I’d have to wait overĀ  a week for the cable to arrive so I left the printer where it was and hooked it to the Airport Extreme Base Station (AEBS) that was right next to it. I figured that would suffice until the cable arrived. Boy was I wrong. For the record, my printer is a Epson Stylus Photo R340. From what I experienced Apple lost it’s touch with airport printing.

There are some issues I expected going in and these would probably occur with most USB printers unless their driver is designed for the AEBS. What I confirmed was:

  • The utilities didn’t work. These are the utilities used for things like checking alignment, checking ink levels, cleaning the print head and so on.
  • Error messages aren’t returned to the computer. For example, out of ink and out of paper messages.
  • The built-in card reader can’t be accessed from the computer.

I did have additional problems which may have been printer specific. Eventually I just moved the printer a bit and ran the cable across the floor until my new cable arrived. But these are the problems I had:

  • An out of paper error message caused a loss of connectivity to the printer. Powering it off/on or plugging in the USB didn’t help. I eventually had to reboot the AEBS.
  • When a printout was near the end of the document it would frequently report a communication error and I had to cancel the job. The next job would start printing fine but would more likely than not experience the same problem near its end.
  • The AEBS would sometimes not see the printer when the printer was turned on. Unplugging/plugging in the USB usually resolved this, but once I had to reboot the AEBS (which is when I decided to move the printer).

Apple not longer publishes a list of supported printers. If you’re looking to use the AEBS for printing a good place to start your research is at iFelix.net. Apple also has a list of troubleshooting steps but since this setup was temporary for me I didn’t take the time to go through most of them.

Anyone successfully printing using an Airport Extreme base Station?

Ubuntu Server Project #4: Iptables Firewall

Continuing along the security theme set by the previous article I’ll configure some simple iptables firewall rules for my Ubuntu Server virtual machine. Iptables can be pretty complicated and I won’t attempt to go into great detail. Since this is a virtual machine only accessible from within my home network I have the luxury of being able to play without having to actually be concerned with security. So iptables will be set up for the experience and for future testing.

Iptables is installed with every Ubuntu installation so there’s nothing new to install. We just need to configure the rules that iptables needs to use. Since I’m setting up a web server I’ll create rules to allow SSH (port 22222), HTTP (port 80) and HTTPS (port 443) traffic.

I’m going to create two files that contain the iptables rules. One will be used for testing and the other will be for production. The production rules will be permanent and load during reboots. The test rules will be in file /etc/iptables.test.rules and the production rules will be in file /etc/iptables.prod.rules.

The Rules

I connect to the Ubuntu server using SSH from the terminal on my Mac. Everything done related to iptables has to be done as root so I issue the command:

sudo -i

and enter my password when prompted. Now I won’t have to use sudo as a prefix for each command.

For my first step I’ll save any existing rules to the production file using the command:

iptables-save >/etc/iptables.prod.rules

On my freshly installed Ubuntu server this generated the following file contents:

image lost

 

To list the current filter rules on the screen I run iptables with the -L switch.

iptables -L

which results in the following information:

image lost

 

What the above means is that anything from anyone on any port will be accepted. I’m not a fan of the theory that as long as nothing is running on the ports then nothing needs to be blocked. I am a fan of blocking everything except traffic which this server is intended to handle. So I’ll be setting up some rules to restrict traffic. Initially I’ll be doing this in the /etc/iptables.test.rules file. During this time I’ll keep my existing terminal connection active and actually start a second session just to be sure. This way if a test rule blocks SSH I’ll have an existing connection that I can make the change with. (OK, it’s a VM on my Mac so no second session, but if it was a remote server I’d set up the second session as a safety measure.)

I start off with some very simple rules which are based on information found in the Ubuntu Documentation Iptables HowTo. Rules are processed top to bottom and once a decision is made about a packet no more rules are processed.

A lot of traffic on the server uses the loopback port and we want to allow it all. No reason to stop intra-server communication. So I add the lines:

-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT

The first line says to accept all traffic on the loopback port. The second rule says to reject all traffic that uses the loopback address but isn’t on the loopback port. -A means append the rule to the chain. INPUT is the chain to add the rule to. Valid chains are INPUT, FORWARD and OUTPUT as shown in the previous screenshots. -i means to only match if the traffic is on the specified interface. lo is the loopback interface. -j is the action to take with the packet. Valid actions are ACCEPT, REJECT (Reject and notify sender), DROP (silently ignore) and LOG. The ! in the second line means “not” so in this case it means traffic not on the loopback adapter. -d indicates the destination and can be an ip address or port. In this case it’s the loopback address.

Then I’ll add a rule to continue to accept all established connections:

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

State matches are described in greater detail at faqs.org. But this rule says to accept all traffic for an ESTABLISHED connection that has seen traffic in both directions. It will also accept traffic for new connections if it’s associated with an established connection, these are the RELATED packets.

Next I’ll allow all outbound traffic. I’ll leave restricting outbound traffic for another day.

-A OUTPUT -j ACCEPT

Now I’ll enable web traffic on the common ports of 80 for HTTP traffic and 443 for HTTPS traffic.

-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

The -p specifies the connection protocol used, in this case tcp and dport indicates the destination port.

Now I’ll allow SSH traffic. Use the same port specified in the ssh_config file. In my case it was port 22222.

-A INPUT -p tcp -m state --state NEW --dport 22222 -j ACCEPT

In this rule the state parameter is used to allow the creation of NEW connection. The previously defined rule for established connections will apply once the connection is created by this rule.

Next up is a rule to allow pings.

-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

In this rule icmp is the protocol used. A complete list of icmp types is at faqs.org which shows 8 as a “echo request” type.

Now I’ll create a rule to log incoming packets that are denied by iptables.

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

This rule will log denied packets, up to 5 a minute. It will prefix the log entries with “iptables denied: “. The LOG action doesn’t stop rule processing so the packets will be processed by any following rules. The reason we know these packets will be refused is because the only rules that follow will reject the packet. So if a packet has reached this rule there isn’t a chance for it to be accepted.

So the rules to deny any remaining packets are:

-A INPUT -j REJECT
-A FORWARD -j REJECT

The rules file needs to begin with *filter and end with COMMIT. The complete iptables rules file is available as a text file.

Enforcing the Rules

I save the rules to /etc/iptables.test.rules and then run the following command to load them in:

iptables-restore </etc/iptables.test.rules

The to see if anything actually changed I run iptables -L and compare it to the previous results. As the screenshot below shows they are different.

 

image has been lost

Now it’s time to test the critical SSH connection. I open a new terminal window and try a connection. It works and the other rules seem correct so I’m all set. If it failed I’d still have my existing connection to fix the problem (assuming the rules to allow existing connections took affect).

Now I need to make these rules permanent. First I’ll save them to my production rules file:

iptables-save >/etc/iptables.prod.rules

Now I need to make sure the rules are loaded at startup. I load the file /etc/network/interfaces in the nano editor. I add the following line at the end of the loopback section:

pre-up iptables-restore </etc/iptables.prod.rules

The screenshot below shows my updated interfaces file.

image has been lost

The final test is to restart Ubuntu server and make sure the rules are still in place.

So now I have a basic server setup and it’s running a simple firewall. I’ll probably spend a little time exploring Ubuntu before I start installing the server software.

 

iTunes Smart Playlists

Images have been removed from this obsolete post.

When I bought my first iPod I was still on Windows and the software delivered with the Windows iPods (yup, Windows specific iPods back then) was a version of MusicMatch. The software was OK, but just OK. It was slow and a pain to build playlists. One of the reasons I bought the hard disk iPod over other flash MP3 players was so I could have all my music with me and not have to decide what I wanted to listed to while sitting at the computer. MusicMatch did that to some degree but it was lacking. I still didn’t use the iPod all that much and didn’t always carry it with me.

But then iTunes for Windows came out and that’s what really made me a iPod fan. Not the iTunes store (which I avoided for the longest time), just iTunes as jukebox software that could manage my iPod. The killer feature for me was the smart playlists. They’ve evolved over time but here’s an overview of a few I have now. Screenshots are from iTunes for Mac but they should apply just fine to iTunes for Windows.

Rating Songs

I rely on the song ratings for some of my playlists so some background is in order. Every song is rated 2 to 5 stars but it’s not true that I like every 5 star some better than every 4 star.

A song with two stars means I don’t like it. It’s probably not synced to my iPod although there are exceptions if I like the song when played as part of an album but don’t want it to play outside the album.

Every song starts with 3 stars. Five stars means I like it more than most for that genre or artist.

Four stars means I liked it more than most. I may rate a song 4 stars instead of 5 if I have too many five stars for the artist.

One star isn’t used for songs, it means it’s spoken word and I’ve already listed to it.

Smart Playlists

Smart Playlists are created by selecting “File -> New Smart Playlist…” from the menu. They can be edited by right-clicking the list and selecting “Edit Smart Playlist”. Click the thumbnails for for full size images.

All Music

For the mother of all playlists I start with one called “Music Only”. This one is set up to only include songs and exclude everything else. If new file types are added I have to change it but at least I only have to change it in one place. All my playlists are set to include only checked items as shown here. If I don’t want a song on my iPod I uncheck it in iTunes.

While “Music” can be selected as a playlist this indicates what iTunes sees as the Music library. In my case this isn’t just songs so I need the Music Only playlist.

List of 5’s (by LRP)

This is an example of a playlist that uses my ratings, the All Music playlist and presents me the songs that I haven’t heard in awhile at the top of the playlist. In this case the “by LRP” means “by Least Recently Played”. The playlist criteria is shown in the screenshot. As you can see from the screenshot it picks files with a five star rating and is limited to my “Music Only” playlist so I’ll only get music.

It’s not checked, but you’ll see it’s set to limit to 700 items based on least recently played. This is a holdover from when my music didn’t all fit on my iPod. Checking the box would limit the playlist to the 700 songs and if this playlist was set as the sync criteria only those songs would sync.

As for the Least Recently Played Piece…

Save the Smart Playlist then sort by the “Last Played” field in iTunes by clicking on it until it’s sorted least recent to most recently play. If you need to add the field right-click the field header bar and select it from the list. The playlist will sync to the iPod in this order (at least it does for my 5G iPod) and any field can be sorted. Click the first column (numbers – no title) to return to manual sort.

I have similar playlists for my other ratings. It’s convenient to listen to songs of a certain rating and change the rating if my tastes have changed.

Best of…

I have numerous “Best of” playlists for specific artists. There are minor differences between the way they’re set up in order to either keep the number of matched songs relatively low or provide enough songs for a playlist. But they’re all basically the same and the screenshot to the left shows the basic playlist. Some artists may be limited to 5 stars while others may include songs from various bands they were in, which is covered in the next section.

Similar to the best of for artists I also have best of genre playlists. Simply pick Genre as the criteria instead of artist.

Grouping

The properties of every song contains a Grouping field on the info tab. This can be used to contain the artist name if they were in various bands. The example shows Buddy Holly entered into a song done by The Crickets.

To create a Best Of collection for Buddy Holly I can use the Group field and avoid some complex nested playlists. Smart Playlists can only “match all” or “match any” which can be limiting at times. The criteria is “contains” because there may be cases where several artists I like are in the same group and I want those songs to appear in each of their own playlists.

Unrated Songs

When I add a song to the iTunes library the first thing I want to do is rate it. So I have a playlist setup to identify unrated songs. This way I can easily play the songs and rate them. No star is selected, if you accidentally click a star you can clear it my clicking at the very left edge of the field.

One thing to keep in mind – if you are playing the list in iTunes and rate a song it will immediately drop off the list, even if it’s playing. If it’s the one playing then all playback stops. To prevent this uncheck “Live Updating” or do what I do and rate the song when it’s done playing. Songs can be rated on the iPod without affecting playback.

Playlist of Selected Podcasts

I like listening to podcasts while driving to work in the morning. I have a smart playlist set up that contains the podcasts I like to start the day with.

Podcasts can be selected by using the Album field.

Amazon MP3 Store

For me, the Amazon MP3 store has become a place to buy music since it’s all DRM-free and in many cases cheaper than iTunes. This smart playlist identifies the music that was bought from Amazon.

My Favorite Playlist

This is my most used playlist. I like the constant refresh of the music I listen to even if it does take several months to get through everything. Still, this playlist doesn’t contain every song. It’s limited to 250 songs so I can still do random play and only get older songs. It also excludes Classical and Jazz since I only listen to those when I’m in the mood for them. It also excludes all those lowly 2 star songs. Some people like shuffle but I prefer this list.

As for where I came up with the 250 number. It’s approximately how many songs I’d have to listen to each week to make it through the entire collection in 6 months.

Additional Playlists

Theses playlists are variations on the above themes so don’t really require any explanation once you see the criteria. Hover your mouse over each thumbnail for the list description and double click it to view if your interested.