Infrequently Noted

Tomorrow is my last day at SecurePipe.

Two weeks ago I decided that needed to move to San Francisco. I'm a patient man, but a year and a half of being long-distance with Jennifer is enough to wear even me down. Since then, I've updated my resume, spent a lot of time wondering if I'm insane, and started to actively contribute to any latent insanity by worrying about logistics for the move.

I'll be on the road all week next week, so updates are likely to be sporadic, but if we stop at any roadside attractions of note, I'll be sure to keep posted.

And if you know of anyone in the bay area who needs a good security geek, let me know!

Almost 2 weeks into my OS X odyssey, I have a lot of thoughts about my new desktop OS. Before I get flames from "Mac People" (you know who you are), please understand that I fully grok that my needs in an OS are not "ordinary" by any measure. That said, my primary expectation of a computer is that it will do things for me and will not get in my way. Given any particular task and any particular user, what is implied by these goals will be different. What follows is a list of things that I, a security and Unix geek like and dislike. Take or leave them, but please understand that my criticisms are dependent on the context of my mind and are in all likelihood not portable. Also, I realize that many of my problems with the OS are going to be addressed in 10.3, but I'm not running 10.3, and so these things still annoy.

So first, the things I love:

• Python in the default install of a consumer OS. Now all we need are the PyObjectiveC bindings to be supported by Apple and also provided in the default install.


• The hardware integration rocks. Plugging in an external monitor or keyboard or mouse or USB modem just works. Big bonus points in my book for that. It's a feat of non-trivial kernel hacking and one that the whole OS X team deserves a lot of credit for.


• My jaw just about dropped when I realized what the internal backup battery in the PowerBook was all about. Since I'm new to the laptop world, I don't know if this is a standard feature these days, but I do know that it ought to be. It's brilliant and the kind of thing that really endears in the mind of the user.


• The Keychain app is well done, and a testament to what can be done when you have GSSAPI integration in everything. It's really nice to see someone addressing security usability problems in a sane way.


• The new battery life indicator in 10.2.8 really helps. I was going nuts with the previous one.


• The X11 server is good and rocks muchly. One nit though: the installer should REALLY set $DISPLAY in the default init.sh to :0.0.


• While not having a two-button mouse-pad is indeed lame, the fact that the OS and most of the apps are correctly hinted to handle the right click when a 2-button mouse is attached is a big plus.


• Between Classic, Fink, and VirtualPC my Mac is a compatibility test-bed in a box. No other OS offers me the ability to test on as many platforms as quickly as OS X. To that, I say "huzzah!"


• Java on OS X is how Java should be done. Every other OS vendor would do well to learn from Apple's example.


• Safari is Konq all grown up, and judging by the kfm-devel mailing list traffic, many of the improvements that I'm now enjoying on OS X will be available for my SuSE box SRTL. Congrats to Apple, Dave Hyatt et. al., and Dirk Mueller et. al.


• iTunes-to-iPod integration is really slick. I'm a fan.

• Why can't I actually maximize a window? I don't want any "document centric" crap. This feature is non-optional in modern window managers, and if Apple wants to live in the 80's, fine, but at least give me the option to work the way that's most productive to me. Were I on Linux, I would have switched to a different window manager by now solely due to the stupidity of this "feature."


• Why didn't the developer tools come in the box (or better, pre-installed)? WTF is that all about? It's a CD...costs like 30 cents with packaging and everything. C'mon Apple, that's just cheesy.


• In the same way that Windows is absolutely useless without Cygwin, OS X would be a complete disaster without Fink. Apple bears full responsibility for not including a better set of CLI tools and the fact that Fink allows me to fix this myself does not let Apple off the hook for fscking it up in the first place. Where is pstree? pgrep? vim/emacs? If Apple wants to win hearts and minds, they're going to need the people that write apps on their side. Neutering your Unix is not a good way to win friends in the developer community.


• WTF is up with the .command file BS? Why can't I just set the executable bit and have a shell script be clickable? And why can't it live in the "apps" side of my dock anyway? Making shell scripts second-class citizens offends my Unix sensibilities.


• This is more a feature request than anything, but it seems to me that treating apps being displayed in the X server as separate "things" in the dock is a logical next step.


• Setting the open-firmware password should be MANDATORY on laptops. The fact that I had to go digging for info on how to do it is broken. OTOH, once set, it seems to be well-implemented. Even survives firmware flashing.


• There's no low-level access to wi-fi card configuration. Where's iwconfig? No, ifconfig doesn't cut it. This is tres lame.


• Terminal.app sucks. Apple should replace this post-haste with a port of xterm that doesn't require baby-sitting to do the things you expect out of a terminal.


• The default terminal is tcsh???? What rock are you living under Apple? Providing bash is a start, but making it the default would be a big step in the right direction.


• Is making NetInfo as opaque and undocumented as LDAP some kind of badge of honor? C'mon Apple...where's the docs? (no, telling me the command line syntax for nidump doesn't qualify as documentation).


• Mbox files in Mail.app. What are they smoking in Cupertino, anyway? Just because your OS has it's roots in the 70's, that doesn't mean it should stay there. Apple ported Konqueror, and they should do the same thing with KMail.


• Two keys: alt-tab. Why can't I cycle through minimized windows? Whose lame-ass idea was it to require command-tab to cycle through apps and then require command-` for per-app window cycling? It's a bad solution to a simple problem, and one that should have been shot in the head when they were porting the NeXT OS in the first place.


• Why do I have to resort to modifying nib files to change my default keystroke mappings? I don't care if Steveo does have a control-freak problem, that shouldn't make my user experience sucky.


• Konqueror beats the pants off the Finder in every imaginable way when it comes to file-system browsing and management. Call it a Windows Explorer rip-off if you like, but there's nothing like sftp/fish pseudo-protocol support in the Finder, and a tree view option would be quite welcome by at least this user. Sometimes old metaphors are the best, and in this particular case I'm quite sick of OS X attempting to waste as much of my screen real estate as it possibly can. Thank goodness for Fink and Konqueror. Without them, I'd be stuck with this lame Finder debacle and a castrated command-line environment.

Oh Blarg.

I just fixed my Kmail+GPG problem. Seems I had a typo (or 3) in my fink.conf file, so the unstable ports weren't being searched. Kmail required gpgme for GPG integration, and it's only available in unstable. With the correct package search paths, the pre-built KDE binaries work just fine using gpgme.

Despite a healthy serving of crow, I'm now quite happy with the arrangement. Mail is my primary window to a lot of things, so having my mail the way I like it is important to me. Nice to know that OS X cooperates.

So I'm loving Kmail on the OS X box, save for one minor (ok, so not really minor) hangup: GPG integration seems borked. It seems that even though my GPG keys are correctly placed, Kmail doesn't know how to use GPG in to encrypt mail. So now I'm halfway through re-building Kmail (and half of KDE) from source via fink. Here's to hoping.

Now that I'm mobile, mail is becomming a major concern. 'Till now, I've been able to get away with having a couple of accounts which were checked via POP3 from a single box. Mail would get backed up from that box, and I'd run my client from that system. This worked very well when I had DSL, but since my last move that hasn't been an option.

The laptop compounds the problem somewhat as I want my mail to be both acessible offline and sync'd with my desktop so that I have the same "picture" of the outside world from my mail client at all times, no matter where I check my mail from. My initial thought was to see if Mail.app would do what I need, but alas it stores mail in mbox files. Perhaps the most broken/brain-dead way of storing mail ever, so that wasn't an option.

Next, what about Kmail under Fink? This seemed good, as I use/like Kmail everywhere else (save work, where we some massicistic tendancy dictates that pine is only acceptable MUA). Installing Kmail via Fink was straight-forward. Apt still rocks muchly. It's funny how often I forget how cool it is when I'm on a distro that doesn't use it. One problem though...Kmail wouldn't start. Hard crash...bus error. Not good.

A quick google turned up a problem with the QT libraries for Fink under OS X, meaning that I had to trying QT 3.2.1 out of unstable and hold my breath. I almost turned blue waiting for QT to compile, but once built Kmail works beautifuly. A quick scp of my primary maildir and the options files for kmail and we are ready to rock. A mobile, non-sucky, rsync-able mail solution at last. I'm a happy camper.

I'll probably have some thoughts on Safari when I get a chance to play with it more, but I really love the way the overflow: auto; problem is fixed and how spell checking is built in. Oh, and JavaScript debuging info to the console in the default build is a frigging godsend compared to Konqueror. There are some negatives, but overall it's the browser I knew Konq could be. Now if only we could get some OpenSource SVG support.

Oh, and for the $129 price of entry, VirtualPC kicks ass. Installing RedHat in a VM was a snap, and it's reasonably useful, even with a relatively limited 512 meg of ram. Very cool.