Mac OS X, Flash Games, and non-admin accounts

My kids like DinerDash, and pretty much the whole generation of flash-based games that have come along since DinerDash made a big splash.  Originally, they played it on a Windows machine, but we have since added a Mac to the stable of kid accessible machines.  I tried installing BookWorm Deluxe on the kids Mac for them to try out.  Unfortunately, it only ran under my account.  All of the kids have Managed accounts to take advantage of the parental controls in Mac OS.  Most recently, I tried YoudaSushiChef, but it behaved similar to the others.  This perplexed me, as I tried setting the permissions via the GUI, to no avail.

I searched the web, thinking that lots of others must be having the same issue, using either Managed accounts or Standard accounts, but I couldn’t find a peep about it anywhere on the Internet.

The support team at YoudaGames was very nice, but not terribly helpful, almost as if they don’t even test their game on Mac OS.  (With today’s development tools, it wouldn’t surprise me.)  After exchanging a few emails with them, they offered me a refund, but I wasn’t ready to give up yet.

Finally, today I was thinking about it, when it struck me…  The GUI only shows Ready and Write permissions, not Execute!

Anyhow, I opened a Terminal and did:

cd /Applications
sudo chmod -R 777 YoudaSushiChef.app

Then entered my password when prompted.

Finally, I tried launching it from one of the Kid’s accounts, and it started right up, working just like it should.  Same thing worked for BookWorm, so it will probably work for most any flash-based game on the Mac.

Snow Leopard – Evolutionary Changes

Snow Leopard was a breeze to install.  It took about an hour on each of 4 machines that I upgraded Friday night.  The upgrades went without incident on two Core 2 Duo minis, an original Core Duo iMac, and a Core 2 Duo MacBook Pro.

So, what’s new in Snow Leopard?  I won’t bore you with the features that you’ve most certainly already read about on a dozen other sites.

I know this is purely objective, but the OS does feel faster than Leopard.  Some of the speed is due to the re-write done to Finder, but I think it is in large part due to the fact that most major apps now have 64 bit support.  What’s more, I expect that as more applications are updated to 64 bit support, things will seem snappier, though Apple’s core applications are the ones that the majority of people use.

While it’s not the dramatic change from Panther to Tiger, or from Tiger to Leopard, it is a worthwhile upgrade, even if you can’t see all the changes that have taken place.  For $49, I upgraded 4 machines to the latest Mac OS, one that will be improved upon and supported for at least a few more years.  I call that a bargain.

Ad blocking with a proxy

I recently re-purposed an old G4 mac mini as a server on my local network.  Why?  Snow Leopard doesn’t support the PowerPC processor, so it’s stuck on Leopard.  And, I didn’t really need it as an end-user machine anymore.

The first thing I put on it was Squid, the venerable proxy server.  A proxy on a Mini?  Why yes.  This particular Mini has 1 GB of RAM and a 24×7 rated 60 GB 7200 RPM drive.  I have a small home network serving my family, so I’m not terribly concerned with Squid killing the hard drive from over use.

I was surprised at how well it worked.  I don’t think there’s really a noticeable slowdown when surfing from my Core 2 Duo 2.26 Ghz mini, even when opening multiple tabs at the same time.  And once I’ve surfed to a site once, it should have some of the images cached, speeding things up that much more the next time I visit.

So, we’ve now used this for a few weeks and all seems well, except one thing.  I really wanted to use something like Privoxy with Squid to block ads, but there is no longer a download for Privoxy for Mac OS X.  (I think it’s still possible with Fink, but didn’t want to go down that path)

I remembered previously reading about a Mac proxy server specifically for blocking ads, so I searched and found GlimmerBlocker.  It’s a pretty configurable proxy server (configurable via the System Preferences pane).  I was pleased that it can also point to a proxy server, so I configured it to point to Squid.  Chained in this way, the results get filtered by GlimmerBlocker and cached by Squid.

So far, I have four machines using this, and the old G4 is working fine handling all the requests.  There are many fewer ads showing up on my kid’s machines now, which is the real reason for doing this… I mean, have you seen some of the ads on MySpace?

Tame the IM Jungle

iChat is a really nice chat app that Apple includes with every copy of Mac OS X.  I rarely use the video or audio capabilities, typically using it strictly for instant messaging. But iChat can’t communicate with MSN Messenger, or Yahoo Messenger contacts.  Another annoyance is that if you add accounts for the various services that iChat supports (AIM, ICQ, Jabber, and Google Talk), they show up in separate windows.  (There may be a way around this, but I could not find it.)  Assuming you have friends on MSN Messenger, and Yahoo Messenger, you could end up with a pile of windows on your desktop to handle basic IM tasks (several of them being iChat windows).

You might say “Just switch to Adium”.  That would be one solution, since it supports literally butt-load of IM protocols.  Literally.

For many people, changing to Adium is a fine solution.  But I had other needs:

1.  My wife REALLY likes iChat.
2.  I need a private IM network.
3.  I wanted a centralized way of controlling all the IM that takes place on my network out to all the major IM services.
4.  And I wanted to log it all.

If you have similar needs and a server laying around to use that runs either Windows, Mac OS, or Linux, then the answer to all these things is OpenFire.

My wife home schools several of our children and the majority of their school work is done on computer using the excellent program Switched-On Schoolhouse (which I highly recommend to anyone interested in home schooling their children).  We wanted an instant messaging system the kids could use for school work that was completely separate from the public IM networks.  This way, they can IM my wife with quick questions and get a quick answer without the worry of anyone on the outside talking to the kids when they should be working.  Openfire took care of this easily.

It wasn’t until my wife mentioned how annoying it was that she had an iChat windows for every service that I paid attention to the plug-ins available for Openfire.  I discovered the “IM Gateway” plug-in, which lets you register an internal (openfire) user with their corresponding external IM services.  So, a single openfire user can be linked to multiple external services, but as far as iChat (or any other Jabber-enabled chat client) is concerned, all your MSN, Yahoo, AIM, ICQ, etc. friends are accessible through the same IM service.  This gets rid of the multiple window problem my wife had with iChat.

Perhaps I’m a control freak, but I wanted all IM services on my network to run through a central server.  I haven’t locked down the outgoing firewall ports for these IM services yet (to only allow them from the openfire server), but that’s probably coming soon.

I have a teenage daughter and son, and I’m concerned about who they are chatting with.  I’m not terribly interested in the messages they send back and forth to their friends, but I’d like to have the ability to check up on them if I suspect anything is going on, or if, heaven forbid, one of them goes missing.  Openfire’s “Monitoring Service” plug-in handles this nicely, allowing you to either just keep statistics, or to actually log entire conversations.  And, you can search the logs by date, keyword, participants, etc.  Oh, and don’t worry about the privacy of my kids…  I specifically told them I’d log their IM, so they are aware.

Anyhow, there are a bunch more plug-ins for openfire, many of which would be more useful in a business setting (like the one to integrate it with Asterisk, or the FastPath plug-ins for managing chat queues, such as a support team might use).

So, if you have any of these needs, tame that IM Jungle and get openfire!

Fresh OS Installs help Macs too!

My new 2.26 Ghz Mac mini with 4 GB of RAM arrived today.  My old iMac (the first model of Intel iMac, Core Duo, 2.0 Ghz) had been slowing significantly over the last year, so I decided to act as if I were a brand new user, then simply copy over the things I needed.

First, I performed a backup to an external drive, ala SuperDuper!

Next, I swapped out my computer and booted from said external drive, mainly to make sure everything worked.  Since we were now at USB speeds, it was even slower than before, at booting up at least.

I copied over my pictures, iTunes library, Safari bookmarks, mail, address book, various applications (needing to re-enter all the registration info as I go).  It’s much more of a pain, but I won’t need to go through this for another few years I imagine.

Yes, this took much longer than using the Migration Tool would have, but then I would have all the cruft from my G4 Mac mini, originally running Panther that I had upgrade to Tiger, that I then migrated to my iMac, and then there’s the Leopard upgrade…

I’ll keep my external hard drive around just in case I missed anything.  I can just park it and rely on TimeMachine for backup purposes until I get around to buying a new external hard drive that at least supports FW800.

This mini is significantly faster than my iMac, even though it only has about a 12% clock speed advantage, but going from Core Duo to Core 2 Duo makes up another 10-30%, depending on the task.

But for that matter, I’m sure my iMac would have felt much faster had I just taken these steps with it.  Now, I just have to see if I can convince my wife than a fresh install is what she needs for her new iMac (which will again replace the aging G4 Mini, which my kids will get once I’ve got the wife up and working on the iMac).

Fix duplicates in Mac OS X “Open with…” Finder menu

My “Open with…” menu is buggy!  I end up with many duplicates of the same programs showing up in this list.  So, I set out to find a fix to this today.

Other sources on the Internet give a directory to move to, then a terminal command to run.  Unfortunately, it looks like at some point, Apple has moved this to another directory, but none of the sources I could find pointed me to the right location.  (I’m running 10.5.6)  Fortunately, a simple Spotlight search turned up what I was looking for.

To save you the trouble, open a Terminal session and type:

$ cd /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support
$ ./lsregister -kill -domain local -domain system -domain user

Anyhow, since I ran the lsregister command, all is back to normal again.

My Hulu obsession (part 2)

In my previous post, I talked about the various ways I’ve tried to watch Hulu on my flatscreen TV, and how they have all fell somewhat short.

Personally, I’m hoping that Hulu  is secretly working with Apple on the next generation of AppleTV software.  Perhaps they already are!  There are already 1 Mbit H264 encoded videos are on Hulu now.  With decoding of the stream handled by the hardware itself, the current AppleTV unit would be more than capable of displaying beautiful streaming content from Hulu, complete with a few commercials to keep the network executives happy.  With the way prices have dropped on hardware, Apple could probably drop the price to $129 (or lower, perhaps to the $99 level).  They could corner the market on streaming home media players.

Many people would say that would never happen because of all the content on Hulu would compete directly with the iTunes store’s own content.  I don’t see that as a major issue, though.  I think of Hulu as the “free samples” that you get from the grocery store, encouraging you to buy.  Think about it – For old content, they can put as much as a season or two on Hulu for free to get people hooked into a story, then sell the next several seasons on iTunes.  (I’m pretty close to buying the DVD set for seasons 3-5 of Babylon 5 because seasons 1 and 2 are on Hulu!)

What about the market for new shows on iTunes, you ask?  I could see a slight downside to iTunes sales from streams here, but only very slight.  I imagine occasionally people purchase an episode here or there because they miss it, for whatever reason.  For shows people absolutely love (that have a good re-watch value), they’d probably keep spending the money to buy them on iTunes.  Since the quality of downloads would be better from iTunes than the streamed content from Hulu, and there are no commercials on iTunes, I think a large percentage of iTunes buyers would still buy shows.  (I have season passes to Monk and Psych, both shows that are on Hulu).  Because Hulu cycles through the recently broadcast shows, you can only go back about 4-5 episodes typically.  The networks would benefit here if for no other reason than they’d get more eyeballs on their Hulu advertising.  Plus, with the massive story lines in shows today you can get lost if you miss an episode or two.  Think of Heroes, or Lost as examples.  If the content is right there, ready to be streamed down at no cost, people who occasionally miss an episode of a show they enjoy won’t end up missing enough episodes that they lose track of what’s going on and just stop watching.  Think this doesn’t happen?  It happened with me and the show 24.  Though I loved the 1st season, a PVR problem caused me to miss an early episode of season 2.  Though I recorded like the next 4-5 episodes, they didn’t replay the one I missed.  I got discouraged, week after week when they didn’t re-run the episode I missed.  Eventually, I gave up and just deleted all the unseen episodes.

If AppleTV could natively do this, Apple would have a constantly updated source of content for the AppleTV.  Once word got out about it, they’d probably be hard pressed to keep them on store shelves.

Anyhow, I sincerely hope that if Apple and Hulu people aren’t already working together, that someone from Apple runs across my blog and realizes how awesome this would be, and then takes the action needed to actually make it happen.

SageTV HD Theater can record Hulu too

SageTV recently released the fabulous HD Theater (A.K.A., the HD200).  This device can replace a dedicated PC when it comes to playing back video content from a SageTV server.  The surprise feature in the HD200 was that it can run as a standalone media player.  Using the remote that comes with it, you can navigate shares on your local network to watch your content from the comfort of your couch.  Included in this was the ability to connect to UPNP servers to play that media also.  There are a few of these you can get for free, and some appliances come with them (like the ReadyNAS NV+).  Basically, UPNP is a dead-simple way to share your media.

A $30 Windows program called PlayOn extends the UPNP concept even further.  It runs a UPNP server, but rather than serve your content, it serves content from Hulu, Netflicks, and other streaming content providers.  It actually transcodes the content on the fly from the proprietary format of Hulu, etc. to a format that your media player can handle (like MPEG), all in real-time.

Back when I first got my HD200 appliance, I explored PlayOn through the HD200’s UPNP browser.  I found that it includes an unusual feature “Copy to Library”.  I tried it out, and it prompted me for a network location to save the file.  Intrigued, I gave it a place to save it, and waited.  I’ve not actually timed it, but it seems to be converting it in real time, writing the file (along with the Hulu embedded commercials) as the seconds tick by.  When it was done, I hurriedly navigated to the location via the HD200, excitedly selected it, then found that it could not play the resulting file.

I wasn’t too upset about it, so I sort of forgot about it for a while, but my thoughts recently came back to it.  I wondered if perhaps the resulting file was not 100% mpeg, but close enough that a tool could automagically fix it for me.  So, I went through the process again, today.  Once it was done saving the file off, I opened it with MPEG Streamclip.

And there it was.  In the MPEG Streamclip window.  I hit play, and it played.  I jumped around to various scenes, seeing commercials mixed in with them, and the whole episode was there.  Next, I hit File -> Convert to MPEG and gave it a new location to save the resulting file.  After a few minutes of processing, it was done.  SageTV could now read it, skipping ahead and back just like any other file.

Now, admittedly this process is a bit much to go through for every file that you want to see.  But, if it can be done this way, we’re surely only a hop, skip, and a jump from someone automating the process (using a different tool other than an HD200 to save the file off).

Sofaware’s 8.0.35x is here! WPA Enterprise here we come!

Sofaware is the company behind the CheckPoint Safe@Home, Safe@Office, and the ZoneAlarm appliances. Anyone who happens to have a current license and has their appliances set to auto-upgrade will have had a surprise sometime Thursday. The latest version of firmware has gone GA, as in Generally Available.

This version adds a number of nice new features, but none of them were more important to me than the built-in WPA Authenticator. What does that mean? Assuming you have the appliance with built-in wireless capability, you can now run WPA Enterprise level encryption. Previously, you could have done it as well, provided you had a Radius server laying around and some serious time on your hands to configure it. With the new firmware, it’s all in one nice little low-power-consuming package: The best protection currently available for wireless networks right in the same box with the wireless hardware (not to mention a great little firewall).

Now, I’ve dealt with WPA Enterprise before, many times. My old friend ZeroShell is what I recommend to anyone looking to secure a small office or home wireless network, if they are serious about security. With that said, I’ve not had a great need for wireless access in my home, and I’ve since taken down the ZeroShell box to put that hardware to other use (yes, it was running in a VM, but that whole box is now engaged in other activity).

Anyhow, Installing WPA Enterprise is not a trivial task normally. The docs they give you make it a very streamlined process, though. Here’s a quick run down of what the docs tell you to do:

1. Configure the wireless network for “802.1″ or “WPA-Enterprise” with the Authentication Server field set to “Internal User Database” (not RADIUS).
2. Make sure there is a cert installed on the VPN -> Certificate page. (Generate a new certificate here if you aren’t sure, because if old certs exist, these docs say it won’t work.)
*** 3. Export the CA certificate via the Export function ***
4. Add each user into the local user database
5. Configure the wireless clients (which includes installing the CA cert you exported above)
6. Finally, connect.

Sounds easy, right? Well, step 3 was a doozie. While I successfully exported the cert many times, I’ve yet found anything you can do with that cert. The iPhone Configuration Utility didn’t recognize it as a CA cert. In fact, it thinks there is a password on it. Elsewhere in the docs, it states that there isn’t a password, so I was a bit unsure of what to do next. I even tried some openssl commands to try to convert it from one format to another, but ended up with “Bus Errors” of all things after the “Enter Import Password” prompt, no matter when I put in as the password.

After spending an hour or so and failing miserably, I remembered one interesting difference between Windows and Mac machines that I previously discovered when working with WPA Enterprise. XP machines need the CA cert installed before you can even think about connecting to a WPA Enterprise network, but Macs kindly download the CA cert and ask you if you want to trust it. After thinking about this a bit, I thought that perhaps I could use that CA cert instead of the useless one I exported via the web interface of my Safe@Office. So, I connected via my Mac. It presented me with a certificate, which I trusted. Afterward, I loaded the “Keychain Access” application and found it in my Certificates category. I then exported it from there to .cer format and added the resulting file to the iPhone Configuration Utility. It was finally recognized as a CA cert. I saved off that configuration, sent it to my iPhone, and within moments I was connected via WiFi.

I’m not sure if there is a problem with the way it exports the certificate, or just what, but I’m very happy that there was an alternate way to get it via my Mac. (Who knows, perhaps Vista works this way too, but since I only run Vista on a dev machine at work, I don’t know.)

Aside from this big addition, the new firmware also has a built-in DNS server, which is something I’ve wanted ever since I got this device. It has some new AntiSpam features, support for BGP, and a new dashboard screen, which shows you details on the processor and memory utilization, among other things. There are a number of other enhancements, but that covers the highlights. Overall, I’d say it’s a worthwhile upgrade. Keep it up Sofaware!

Untangle vs. AppleTV

Since I installed Untangle almost a week ago, I’ve been pretty pleased with things.  Everything on my network seemed to continue to work normally.  Until yesterday.

My son asked to watch something from AppleTV, so I brought up the list of shows.  For quite a while I had thought about buying a few old Scooby Doo shows for him to watch.  So, I brought up the listing, selected a show, and hit “Preview”.  After several seconds, AppleTV gave an error message indicating that it couldn’t play the file, that the file format was unrecognized.

Since we are having tropical storm Fay visiting, and have had intermittent Internet access, I thought that it might be a fluke, so I checked a few other shows, which all also failed.

Today, our Internet connection seems solid, so I thought I would try to troubleshoot this a bit.  First, I went into Untangle to get the IP Address of my AppleTV.  Next, I set that IP Address in the passlist for the Web Filter.  I didn’t alter the Spyware settings, etc.  I did look through the Virus, Spyware, and Web Filter event logs just to see if it was showing up that anything was being blocked.  The only thing in the list was a hit against “Omniture” in the spyware list.  Several other machines on my network were also trying to hit that, so I looked it up.  It’s a web analytics company.  Figuring that AppleTV wouldn’t block viewing a preview just because it couldn’t hit the analytics site, I left it alone. (I may be wrong here, though)

Anyhow, I tried again, only to find the same error.

I still had my pfSense box up and running, so I moved the cables back to it, and then immediately tried to play another Scooby preview.  Viola!

So, I’m guessing that there is something about the way AppleTV communicates to the content servers that doesn’t care for a transparent proxy in the middle.  Or perhaps it is blocked because it can’t talk to Omniture.

I feel certain there should be a way to stop this from breaking…  Time to hit the Untangle forums, I think.

UPDATE: Yep – A forum user told me exactly where the Bypass could be set.  AppleTV is once again happy with Untangle.