Spotlight importer for Python source

The guys over at Toxic Software have released a freeware Spotlight plugin to handle Python source code.

Very sweet, lets you search for stuff in comment strings, function names, all sorts of goodness.


Ruby on Rails & MySQL on Tiger

First, see the previous blog entry to fix your Ruby install to be able to make proper binary extensions. You're going to need to build a mysql extension for Ruby later.

If you haven't already done so, install XCode (it's on the Tiger DVD), and fink. If you've only just installed fink, make sure you do a

fink selfupdate
fink update-all

Those will take a considerable amount of time if you haven't run them before.

Now you need to install MySQL. You can either do it from the bare tarball, or use a package manager like fink or darwinports. I like fink, so do:

fink install mysql mysql-client

and let fink grind away at all the assorted dependencies mysql needs. This will take a while, MySQL is big.

Now that MySQL is installed, we can install rails -

sudo gem install rails

Rails doesn't ship with an adapter for MySQL. We install it like so (this should be one line)

sudo gem install mysql -- --with-mysql-lib=/sw/lib/mysql --with-mysql-include=/sw/include

so that it can find the mysql libraries fink installed earlier. Note that the -- --with-mysql-include is supposed to be there, that isn't a typo.

You can now go find one of the Rails tutorials like the one Vincent Foley has at http://darkhost.mine.nu:81/~vince/rails/tutorial.html and get started with Rails.

Fix Ruby problem on 10.4

I've wanted to experiment with Ruby on Rails (the same technology behind Backpack) for a while now, but ran into a problem when I tried to install it on my 10.4 machine. Rails installs with gem, no problem, but I couldn't get gem to build the external libraries Ruby needs to interact with MySQL.

Fortunately, the kind folks at technoblog made a script that does all the fixes you need to get your Tiger Ruby to properly make binary libraries.


Tiger Mail cleanup

When you upgrade from Panther to Tiger, Mail converts the old format mbox files & indexes to .elmx files and spotlight indexing. To be safe, it doesn't delete the old files in case you want to roll back. It also doesn't update them though, so they're kind of worthless spacewasters.

Here's a list of commands to clear out the Panther grime. Make sure you have a backup of ~/Library/Mail, of course. Each line starting with find should be a separate command in a Terminal window.

find ~/Library/Mail -path "*.imapmbox/Cached*" -exec rm -v '{}' ';'

find ~/Library/Mail -path "*.mbox/mbox" -exec rm -frv '{}' ';'

find ~/Library/Mail -path "*.*mbox/content_index" -exec rm -frv '{}' ';'

find ~/Library/Mail -path "*.mbox/table_of_contents" -exec rm -frv '{}' ';'

Running this saved me 3G of disk space.

If you don't make a backup before running this and this nukes your email, it's your fault.


Nice Advanced Spotlight Tutorial

ScribeNT has a nice tutorial up on how to use the advanced query features in Spotlight at http://www.scribent.com/osx/xtip/comments/tiger_spotlight1/.

He covers stuff like using the Raw Query option to do boolean searches like "files with X but not Y" that you can't do easily from the simple query window.


Broadcast Flag Redux

Hollywood is trying to get legislation passed to reduce the functionality of HDTV. They want to be able to mark shows as unrecordable so we can't timeshift them any more.

The EFF has more information about this, and a form to automatically fax your congressman here.


Fun with fingerprints

Someone's written a howto on creating false fingerprints, suitable for fooling commercial grade fingerprint sensors here.

Defeat a Kensington laptop lock

Joy. So much for leaving my laptop unattended at Borders when I want to use the restroom.

See the pathetically easy details on unlocking a Kensington laptop lock here.


Automator and shell scripts

So I was writing my first Automator workflow, and found a bug in the "Do shell script" action. I was trying to write a workflow to iterate over the selection in the finder (and any files in subfolders of the selected files) and use SetFile to change the type and creator. This seemed easy enough, except that it turns out when Automator converts a list of files to strings to hand off to the shell script action, it doesn't properly quote them.

Thanks to Mike Ashley from the Automator-users mailing list for the following code snippet that works around this:

on run {input, parameters}
set output to {}
repeat with i from 1 to length of input
set x to item i of input
set output to output & {quoted form of POSIX path of x}
end repeat
return output
end run

Just put a "do applescript" stage ahead of the "do shell script" stage, and put the above code in. It'll take the list of file aliases and convert them to properly quoted paths for the shell script to act on.

Fixing 10.4.1's issues with GPGMail

10.4.1 semi-breaks the GPGMail plugin. To fix it,

  1. run Mail, let it disable the plugin
  2. quit Mail
  3. rename the Bundles-disabled back to Bundles
  4. Open Terminal
  5. defaults write com.apple.mail EnableBundles 1
  6. restart Mail

The plugin should work again. Note that we're using 1 and not YES (like the plugin docs for 10.4.0 said).

According to the mailing list, if you follow the previous directions from the dmg, and set BundleCompatibilityVersion to 1, that triggers the new Mail in 10.4.1 to complain and disable the bundle.


Cool web service of the day

I've been tinkering with Backpack, lately. Backpack allows you to dynamically create web pages, which can contain notes, todo lists, text, images and/or files. You can embed HTML markup. Now, while this doesn't seem all that special (why not just use mediawiki?) to the hardcore geeks, what makes it cool is that it has a nice clean web interface to everything - and you can email items to your pages. This is something I'd have no problem recommending to my non-techie friends.

I'm not really doing it justice in this summary - go sign up for a freebie account (they won't host images or files for freebie accounts, and you have a limited number of pages) and try it for yourself.

This is another service from the same guys who did BaseCamp and TaDa Lists, so you know it's going to work well.


Foreign Spam

I've been seeing a lot more foreign language spam the last few months, and have created a mail rule to nuke it all before applying any of my other couple of hundred rules.

Basically, the rule is set to delete any messages when the Content-Type header contains any of the following strings:


I don't speak any of those languages, so all messages encoded in them are spam, as far as I'm concerned. If you know of more charsets to nuke, please leave a comment.

Simple automator plugin to add spotlight tags

Adam Rice has a nice howto for creating an automator plugin to add spotlight tags to a file at http://www.adamrice.org/eponymous/2005/05/add_spotlight_t.html.


DMCA update

Our congresscritters are looking at reforming the DMCA and formally legalizing circumventing copy protection as long as your use of the copy is legal. The EFF has set up a page that will allow you to fax & mail your congresscritter to support this, at http://action.eff.org/site/Advocacy?id=115.

Go let your congresscritter know you support this.


Launchd and anacron Howto

I used to run anacron on my laptop in 10.3 so that I could run the daily/weekly/monthly maintenance tasks at appropriate intervals, but without having to have the laptop awake at any specific time. Anacron allows you to specify that specific tasks run every N days, and every time it runs, it checks each job to see if it's been long enough since the last run, and runs it if appropriate. This worked out quite well - I had anacron tasks set up to run the daily script every day, the weekly every 7 days, and the monthly every 30 days. I had cron set to fire up anacron every 15 minutes, and all was well.

Until 10.4, anyway. 10.4 introduced launchd, which replaces cron, and Apple no longer started cron as part of the boot process. I had a lot of maintenance tasks that I was running with anacron via cron though, and while it was easy enough to make an old-style StartupItem to launch cron, I wanted to do the right thing.

Anyway, after experimenting with plutil and launchctl a bit, I figured out how to get launchd to run anacron every 15 minutes. It isn't all that complicated, if you're familiar with XML, but in the interest of sparing other people the hassle, I'm documenting it here.

Presuming you've used fink to install anacron, you can cause launchd to run anacron every 15 minutes by creating a file called /Library/LaunchDaemons/net.sourceforge.fink.anacron.plist with the following contents:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<string>anacron service</string>

Once you've created the file, all you need to do is use launchctl to load it, by typing sudo launchctl load /Library/LaunchDaemons/net.sourceforge.fink.anacron.plist in a Terminal window. Or reboot.

To change the interval, change the 900 above to whatever number of seconds you want launchd to wait between invocations.

If you don't want it automatically running as soon as you boot up in addition to every 300 seconds, delete the RunAtLoad key, and don't forget to delete the <true/> argument as well.

If you didn't use fink, change the /sw/sbin/anacron to the path you installed anacron on.

If you get an error message when you try to load the file with launchctl, you can use plutil to check the syntax by typing plutil lint org.debian.anacron.plist - if it isn't exactly correct, launchd will complain and refuse load your job.

And if you're using anacron to run the periodic tasks like I am, you can keep them from getting re-run at the regular time by doing the following commands:

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.periodic-daily.plist

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.periodic-weekly.plist

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.periodic-monthly.plist

Then do sudo launchctl list to make sure they aren't showing up.

The plist file is available here.


Tiger Notes

First a few sites that will help you take advantage of the new Tiger features.

Grab some workflows for Automator at Automator World.

Get some widgets for Dashboard at Dashboard Widgets.

Minor annoyances

  • Safari keeps popping up a warning when I download sit/dmg/zip files that there might be an application inside. This is fine for newbies, but I can't find a way to shut it off and it's driving me crazy.

More later after I've had more time to play with it.


In-depth review of Tiger

John Siracusa has another of his in-depth OS X reviews at Ars Technica.

As always, lots of good information.


Use fink to install Roaring Penguins' Remind package

Mike Harris has a nice little howto for using Remind on OS X over at http://www.43folders.com/2005/02/guest_mike_harr.html.

What he doesn't have is a set of instructions about how to get it built on your machine.

Whenever I install an open source package, I make a fink info file so I can build it more easily on the other systems I'm responsible for.

You can download my fink info file here. To use it, you need to have fink installed, and the XCode Developer tools as well.

  1. Open a Terminal window
  2. wget http://feral.bipedz.net/fink/Remind-3.0.22.info
  3. You should now have my info file. Install it into your fink by doing: sudo cp Remind-3.0.22.info /sw/fink/dists/local/main/finkinfo/
  4. Edit /sw/etc/fink.conf and make sure the Trees line includes local/main. I run fink with unstable enabled and my Trees line looks like this
    Trees: local/main stable/main stable/crypto unstable/main unstable/crypto

  5. Now you can install Remind with fink. do fink install Remind and fink will download Remind from Roaring Penguins and compile & install it for you.



Automatically back up your LDAP database

Here's the script I use to automatically back up the LDAP database on 10.3 Server. If you stick it into /etc/periodic/daily, the system cron jobs will run it automatically for you when they do the other system maintenance jobs. Don't forget to chmod +x it once you're done editing the script.

You can download the script from here.

#! /bin/bash
# Usage: put this into /etc/periodic/daily as something like 800.backup_LDAP
# and the stock Apple cron jobs will run it automatically every day.
# Copyright 2004 J. P. Block
# This is released under the BSD license, but please send me any
# modifications so I can update the released version.

source /sw/bin/init.sh

# how many days we keep backups for

STAMP=`date +%Y-%m-%d-%H%M%S`

# ensure the destination exists
mkdir -p $DESTDIR

tar cvf $DESTDIR/DirectoryService_$STAMP.tar /Library/Preferences/DirectoryService
gzip -9v $DESTDIR/DirectoryService_$STAMP.tar
chmod 400 $DESTDIR/DirectoryService_$STAMP.tar.gz

# backup LDAP
/usr/sbin/slapcat -l $DESTDIR/slapcat_$STAMP.ldif -f /etc/openldap/slapd.conf
gzip -9v $DESTDIR/slapcat_$STAMP.ldif

# Backup password server
mkdir -p $DESTDIR/mkpassdb
mkpassdb -backupdb $DESTDIR/mkpassdb
tar cvf $DESTDIR/passdb_$STAMP.tar $DESTDIR/mkpassdb
gzip -9v $DESTDIR/passdb_$STAMP.tar
rm -fr $DESTDIR/mkpassdb

find $DESTDIR -mtime +$DAYLIMIT -exec rm '{}' ';'

Andre Norton ill

>From Laura J. Underwood's post at the Knoxville Speculative Fiction Association's newsgroup today:

"Word from Sue Stewart is that Andre has been released from the hospital so she can go home and pass away peacefully in the company of her cats and the people who take care of her.

Ms. Norton contracted a serious case of flu and bronchitis, and was under a high fever for a while. She spent her 93rd birthday in the hospital. The fever broke, and for a time she seemed to be getting better and was even eating and talking about going home, and looking forward to the publication of her next book (due out in April, I think), but word is that she is still battling illness, and getting tired, and not doing well.

Still, Sue Stewart has asked that people please send cards and letters and flowers.

The address is below:

Andre Norton
1007 Herron Street
Murfreesboro, TN 37130


Nesting of folders has exceeded the recommended limit of 100

If Disk Utility reports Nesting of folders has exceeded the recommended limit of 100, you can find the offending folders by opening a Terminal window and typing

sudo find / -maxdepth 100 -mindepth 100

The last few times I had people report this error to me, they turned out to have an old version of Vapor on their machine.


Former White House cybersecurity advisor Richard Clarke rips Microsoft over security

"Given their record in the security area, I don't know why anybody would buy from them"

Read more in the Seattle Post-Intelligencer article here.

TwoFingerScrolling Update

I've gotten some feedback from Joe Stroller with some modifications to the TwoFingerScrolling startup script. I'm also posting a tarball of the updated StartupItem at http://apesseekingknowledge.net/packages/TwoFingerScrolling.tar.gz to make it simpler to use.

These instructions assume that you're comfortable enough using Terminal to edit files with a command line editor like vi or emacs, and that you know how to boot into single user mode and remove the StartupItem if you have a problem.

All you need to do now is

  1. Download the tarball from here.
  2. Extract it
  3. Download the latest version of the kext from Daniel Becker's site here
  4. Put the extracted kext file into the StartupItem folder you got from step 2 above
  5. If it doesn't already exist, create a folder in /Library named StartupItems.
  6. Move the TwoFingerScrolling directory to /Library/StartupItems. If it is not named TwoFingerScrolling exactly, it will not load.
  7. In a Terminal window, edit /System/Library/StartupItems/LoginWindow/StartupParameters.plist and change the line that reads Requires = ("Disks", "SecurityServer"); to Requires = ("Disks", "SecurityServer", "TwoFingerScrolling");. This forces LoginWindow to not start until the new kext is loaded.

You're all set.

For those of you who want to see the new script, here it is:

# Load Daniel Becker's modified Trackpad Driver on recent PowerBooks and iBooks
# This is released under a BSD license.
# By J. P. Block
# and Joe Stroller

. /etc/rc.common

# http://www.macdevcenter.com/pub/a/mac/2003/10/21/startup.html says:
# The StartupItems specification requires that the executable file
# has the same name as the subdirectory that contains it and that the
# executable is in the root level of subdirectory.
# But since Joe User might choose to run this script manually
# (for testing or otherwise), we can't rely on $PWD and have
# to define the /path/to/the.kext programatically


if [ "$UID" != "0" ]
echo "Only root can load or unload kernel modules."
exit 1

# Check to make sure we have a patched driver to load, or bad things will
# happen when we unload the original driver and can't find the patched driver
# to replace it.

if [ ! -d "$MYDIR/AppleADBMouse.kext" ]; then
ConsoleMessage "No patched AppleADBMouse.kext found."
exit 0

# We have to source Apple's /etc/rc.common in order to get the ConsoleMessage
# function, but it breaks the below:
#if [ -z "$1" ]
# echo "ERROR! This script requires a commandline argument, silly!"

# You don't have to be drunk to write Bash scripts on a Macintosh, but it helps!
ConsoleMessage ""
ConsoleMessage ' * If you see a message below saying "$1: unbound variable"'
ConsoleMessage " * It probably means $0 "
ConsoleMessage ' * has been called without a parameter (like "start" or "stop")'
ConsoleMessage " * "
ConsoleMessage " * If this message annoys you then please bitch to (IE file a"
ConsoleMessage " * bug report with) Apple, compaining that their /etc/rc.common"
ConsoleMessage " * functions break standard Bash syntax like: "
ConsoleMessage ' * if [ -z "$1" ] ; then echo "missing parameter" ; fi '
ConsoleMessage ""

case "$1" in

ConsoleMessage "Loading Two Finger Scrolling"
# make sure the permissions are correct on it before we load it
chown -R root:wheel $MYDIR/AppleADBMouse.kext
kextunload -b com.apple.driver.AppleADBMouse && kextload $MYDIR//AppleADBMouse.kext

ConsoleMessage "Stopping Two Finger Scrolling"
kextunload $MYDIR/AppleADBMouse.kext && kextload /System/Library/Extensions/AppleADBMouse.kext
echo "Neither \"Start\" nor \"Stop\" are spelled \"$1\""

exit 0


Smart Water

Basically, invisible paint with unique microdots in it. The idea is you paint your stuff with it, and when the police find stolen stuff, they can figure out who owns it. Of course it only took about ten seconds for Bruce Schneier to point out the obvious problem in his blog - just paint someone else's stuff and call the cops.


Activating Two Finger Scrolling on each boot with a StartupItem

Daniel Becker has modified Apple's trackpad driver kext to enable Two-Finger Scrolling on older PowerBooks and iBooks. Download the kext from http://www-users.kawo2.rwth-aachen.de/~razzfazz/.

I want to keep the original kext where it is so future system updates don't have issues if Apple decides to update the system kext, but I also want to automatically load Daniel's improved driver every boot, so I wrote a StartupItem to take care of it for me.

These instructions require a working knowledge of using Terminal and CLI editors like vi or emacs.

  1. open Terminal and make a new directory called TwoFingerScrolling.
  2. Use your favorite editor to create a new shell script in the new directory, also called TwoFingerScrolling. Paste the following content into the script:

    # Load Daniel Becker's modified Trackpad Driver on recent PowerBooks and iBooks
    # This is released under a BSD license.
    # By J. P. Block <jpb@apesseekingknowledge.net>

    . /etc/rc.common

    export PATH=$PATH:/sw/bin:/sw/sbin
    export TFSKEXT=/path/to/your/work/dir/TwoFingerScrolling/AppleADBMouse.kext
    # When you are done testing, comment out the line above this, and uncomment the next line
    #export TFSKEXT=/Library/StartupItems/TwoFingerScrolling/AppleADBMouse.kext

    # Check to make sure we have a patched driver to load, or bad things will happen when we unload
    # the original driver and can't find the patched driver to replace it.
    f [ ! -d $TFSKEXT ]; then
    ConsoleMessage "No patched AppleADBMouse.kext found."
    exit 0

    case "$1" in

    ConsoleMessage "Loading Two Finger Scrolling"
    # make sure the permissions are correct on it before we load it
    chown -R root:wheel $TFSKEXT
    kextunload -b com.apple.driver.AppleADBMouse && kextload $TFSKEXT

    ConsoleMessage "Stopping Two Finger Scrolling"
    /usr/bin/logger "Stopping Two Finger Scrolling"
    kextunload $TFSKEXT && kextload /System/Library/Extensions/AppleADBMouse.kext

    exit 0

  3. StartupItems also need a plist file to work. Create a file in the directory you created called StartupParameters.plist and paste the following contents into it:

    Description = "Two Finger Scrolling";
    Provides = ("TwoFingerScrolling");
    Requires = ("Network");
    OrderPreference = "Last";
    Messages =
    start = "Starting Two Finger Scrolling";
    stop = "Stopping Two Finger Scrolling";
    restart = "Restarting Two Finger Scrolling";

  4. chown +rx TwoFingerScrolling/TwoFingerScrolling We have to mark the script as executable, or it won't work.
  5. Copy the AppleADBMouse.kext you downloaded from Daniel's site into the TwoFingerScrolling directory.
  6. sudo chown -R root:wheel ./AppleADBMouse.kext

    Do NOT move this into /Library/StartupItems yet! We want to make sure it is working and you have all your permissions correct before trying to boot with the new StartupItem, or it will kernel panic your system every time you boot.

    To test it, close all your applications except Terminal, then, in Terminal, cd into the TwoFingerScrolling directory you've been working in and do sudo ./TwoFingerScrolling start

    If you have done everything right, you should now be able to do two finger scrolling. If you haven't, your computer just crashed, and you should be glad you didn't set it up to load the broken StartupItem every boot.

Presuming it worked, you can now install it as a boot item.

  1. In Terminal, type ls /Library/StartupItems. If it tells you there is no such file or directory, do sudo mkdir /Library/StartupItems
  2. cd to the directory containing the TwoFingerScrolling directory you made and filled in the previous set of instructions.
  3. type sudo mv TwoFingerScrolling /Library/StartupItems/TwoFingerScrolling
  4. UPDATE: edit the script per comments so TFSKEXT is set to the correct directory, /Library/StartupItems/TwoFingerScrolling to find the modified kext. If you do not edit the script, it will not load your new driver.
  5. Finally, we have to get LoginWindow to wait for the new kext to load, or you're going to have a kernel panic if you touch the trackpad as the switchout takes place. To do this, edit /System/Library/StartupItems/LoginWindow/StartupParameters.plist and change the line Requires = ("Disks", "SecurityServer"); to Requires = ("Disks", "SecurityServer", "TwoFingerScrolling");

Your system is now set up to automatically load the new driver every boot.

How to set up a local fink repository

I have one of our G5s set up to be the apt repository for the machines at my day job. It's running 10.3 client, so I added a file, /etc/httpd/users/fink with the following contents:

Alias /fink /sw/fink

<Directory /sw/fink>
Options Indexes FollowSymLinks

I did this as a separate user file rather than edit /etc/httpd/httpd.conf to prevent future OS updates from breaking my apt repository. If you're running the repository on OS X Server, I believe you need to put the file in /etc/httpd/sites, and the file name may need to be tweaked to avoid confusing the GUI tools.

To get client machines to use the repository, I added the following lines at the beginning of /sw/etc/apt/sources.list (change finkmachine to the machine name of your repository):

deb http://finkmachine.local./fink stable main crypto
deb http://finkmachine.local./fink unstable main crypto

It was cool to discover that apt would deal with rendezvous names painlessly.

Now all you have to do is remember to do fink scanpackages after you build anything new on the repository, and your clients can just apt-get update;apt-get upgrade periodically to stay up to date.


Two-Finger Scrolling with older PowerBooks and iBooks

Daniel Becker's modified Apple's trackpad driver kext to enable Two-Finger Scrolling on older PowerBooks and iBooks. Download the kext from http://www-users.kawo2.rwth-aachen.de/~razzfazz/.

Setting up Rendezvous Bookmarks on Mac OS X

This actually turns out to be fairly simple, if you're using the Apache Apple shipped. Conveniently enough, the default configurations for both Client and Server (as of 10.3) include all conf files found in /etc/httpd/users (on Client machines) or /etc/httpd/sites (on Server).

All you have to do is create a new file (I called mine rendezvous.conf) in the appropriate directory, with the following content.

<IfModule mod_rendezvous_apple.c>
# Only the pages of users who have edited their
# default home pages will be advertised on Rendezvous.
# RegisterUserSite customized-users
#RegisterUserSite all-users

# Rendezvous advertising for the primary site is off by default.

RegisterResource "Foo Bookmark text as shown in menus" /foo
Redirect /foo http://www.foo.com

RegisterResource "Bar Bookmark text" /bar
Redirect /bar http://www.bar.com


Now all you need to do is sudo apachectl graceful and the bookmarks you added to this file should show up in the Rendezvous submenu of the Bookmarks menu for people on your LAN.


Quark 4 and OS X Issues

We run 4.11 under Classic at my work every day, unfortunately. There are a few issues to work around.

First, it won't work if the user running it doesn't own the folder and have write permission on all of the files in it. On the plus side, you don't need to run Quark's POS installer for each copy you need on a given machine, you can copy the original QX4 folder to each user. On each machine at my work, in addition to the staff member's user, we have an IT user with administrator privileges, and keep the master Quark copy for the machine in IT's Public folder. Then when Quark inevitably screws up a user's copy, they know to delete their copy and go into ~it/Public and copy the QX411 folder from there into their own user's Applications directory.

Secondly, the fonts all look like crap, but it turns out you can still run ATM in your Classic System, and that half-fixes the problem. You'll still occasionally need to zoom out and zoom back in to force it to regenerate the font glyphs, but that usually fixes the problem. We do have a problem where Classic will occasionally appear to lock up every few days, but I can't tell if it's just Quark being crashy or because we're using ATM which isn't technically supposed to work at all.

Palettes sometimes vanish. if a palette is not completely on top of a Quark window, it will occasionally disappear. You have to close & reopen them by the menu to get them back. I think it's easier to just stretch the Quark window to completely cover the screen, but my Production guys can't stand that.

Also, Quark windows sometimes don't realize they've been clicked on if you try to click them to bring Quark to the foreground when you're working in a native OS X application. Command-tabbing out of Quark and then back will usually make Quark realize it's in the foreground.

Update: Someone on one of my mailing lists pointed me at ClassicDraw XT which is a donationware Quark XTension that is supposed to fix the redraw issue. More later after I've had a chance to test it.


Using the native Apple encryption and digital signature support in Panther Mail

The only hassle involved in setting up Mail.app to use encryption is getting a key certificate. You can get a free one from Thawte.com, but you must use Mozilla. Thawte's site is broken, and only works properly with Moz - even Internet Explorer won't work. You can get Mozilla from mozilla.org

Go to http://www.thawte.com and sign up for an account. They're going to want some form of unique ID, issued by a government. I used my drivers licence.

They're going to send you a message to confirm that the email address you gave them is actually yours. Follow the instructions in the message. Be sure to remember to use Mozilla and not Safari.

  1. Login on Thawte.com
  2. Select Certificates
  3. Select Request a Certificate
  4. Select Request X.509 Certificate
  5. Select Netscape Communicator
  6. Ignore the organization question and choose Next
  7. Pick one of your email addresses. You need to get a separate X.509 certificate for each email account you want to be able to encrypt and sign mail with.
  8. If you have to ask what one is, you don't have an extranet identity. Choose Next
  9. You don't want to monkey with the extension list. Select the defaults.
  10. Pick a nice long key length, like 2048 bit. Longer keys are more secure than shorter keys. Select Next
  11. Wait around for a long time. Eventually you'll get an email telling you your certificate is ready. Paste the link from the email into Mozilla, and go to that page.
  12. Click Navigator, then Fetch. Nothing will appear to happen, but the key has been downloaded into Mozilla.
  13. Open Preferences in Mozilla
  14. Select Security
  15. Select Certificates
  16. Select Certificate Manager
  17. Select your key. Select Backup
  18. Pick a decent password when prompted, then save the certificate to your disk.
  19. Open the file in the Finder. It will automatically fire up Keychain Access for you and import the key.
  20. Now would be a good time to burn a CD with your key file and store it somewhere safe.
  21. Quit Mail and restart it so it loads the key information.

The next time you send Mail using the account with the email address you made the key for, you'll see a little seal icon in the compose window. Click on it to sign your message.

All you need to do to give someone your public key is send them a signed message. Once you get a signed message from someone, when you write a new mail to them, you'll see a little lock icon. Click on it so the lock is visibly locked, and the mail will automatically be encrypted. As a matter of policy, you should really encrypt as much of your mail as possible.

Creative Commons License

This work is licensed under a Creative Commons License.
Copyright 2007-2010, Joseph P. Block, Some Rights Reserved.

Creative Commons Logo