Sunday, July 5, 2009

"How Can I Stop Leopard From Continually Asking Me to Accept Incoming Connections for Microsoft Office Apps -- Word, PowerPoint, Excel, Entourage?"


Leopard has a different primary firewall than was offered in earlier versions of OS X. On the Firewall tab of the Security prefs pane, you get three choices for how it works:

-- Accept all incoming connections
-- Allow only essential services
-- Set access for specific services and applications

If you choose the third option, Leopard asks your permission whenever any network connection is attempted to a new app on your computer. Microsoft Office apps rely on such connections for various purposes. For instance, through Microsoft AutoUpdate, they check for updates. Through Microsoft Database Daemon, they check your local network for other open copies of any Office app that might violate your license agreement. And of course, Entourage collects email and performs a number of other functions over your network.

The problem is that Office apps are never treated by Leopard as apps you've already approved. Instead, you're asked again and again about these connections. No doubt, it's Microsoft's subtle form of sabotage to import Windows Vista's annoyingly frequent permissions requests into the Mac environment.

Just kidding. It more likely has to do with an older software design described by Apple's support document "Mac OS X 10.5 Leopard: About the Application Firewall":

"Some applications check their own integrity when they are run without using code signing. If the Application Firewall recognizes such an application it will not sign it, but then it will re-present the dialog every time the application is run. This may be avoided by upgrading to a version of the application which is signed by its developer."

I imagine this will clear up with the next version of Office. Meanwhile, the best solution for the non-geek in most cases seems to be to choose one of the other firewall modes.

If you choose "Allow only essential services," Leopard itself will decide what's allowed to come in (which apparently does not include checking for other open Office apps). This is the choice I've made for now. The only problem would be if you've turned on one of the services on the Sharing prefs pane -- file sharing, printer sharing, Internet sharing, or such. Those won't work anymore.

The other choice, "Accept all incoming connections," blocks nothing. That's another way to make sure you're never asked. Of course, if your computer is connected directly to the Internet, this would not a wise choice. But if it's connected through a router with its own firewall -- for instance, an Airport Extreme base station -- then mostly likely you are already adequately protected.

But this does not constitute medical advice, and be sure to consult your personal physician.

P.S. If you choose either "Allow only essential services" or "Set access for specific services and applications," be sure to go into the "Advanced" options and turn on Stealth Mode for extra safety.


Friday, July 3, 2009

"How Can I Avoid Trouble with System Updates?"

You've probably seen the cries of pain on the Mac fix-it sites that arrive with every system update -- blank screens, lock-outs, networks going down, Apple apps failing, hardware not responding. Yet most people seem to experience little or no trouble. Why is that?

With something as complex as a system update, some incompatibilities are bound to occur. But some Mac users heighten the chances dramatically by loading their computers with crud.

By "crud," I mean small programs that modify the system to produce interface changes or add features. With every one of these you add, you make it all the more likely that the next OS X update will choke on an unexpected modification. And also with each one, you make it harder to locate the problem!

How do you spot these programs? Usually, they're the ones that use installers instead of drag-and-drop. An installer often means they're sticking files in places they'd be wiser not to. If they weren't doing that, they wouldn't need the authenticated OK that the installer requires you to give!

In case you have any doubt, these installers often tell you exactly where their files will go. Just select "Show Files" on the installer's File menu. If they're putting files in obscure folders, be very, very suspicious. And if they don't have a menu item to let you know, that's double the danger!

It's not all the fault of Mac users. The fact is, they're urged on to it by members of the Mac media, who should know better. These are the people who get paid to spend hours a day in front of their Macs. If something goes wrong, they can take the time to fix it, then write about it and get paid! They don't seem to understand that not all of us are in that privileged position.

For instance, let's take a look at the current issue of MacWorld, August 2009. The cover trumpets "56 MUST-HAVE MAC APPS: High-Quality, Low-Cost Mac Downloads." As you might figure, I'm skeptical of such articles, but I do look at them. Two of the recommended apps caught my eye: iAntivirus, a free antivirus program with a four-mouse rating, and GlimmerBlocker, an ad blocker for Safari with three-and-a-half stars.

Whenever I'm evaluating such software, about the first thing I do is go over to VersionTracker and read the feedback for it. (Click on "Show All Feedback" for the full treatment.) What did I find?

iAntivirus has only three out of five stars there. The very first message is from a fellow who actually tested the program on a collection of common viruses and found that it failed to find one of them. Some commenters found it to be a resource hog.

Skip iAntivirus.

The description of GlimmerBlocker sounded promising. "The problem with other ad-blockers for Safari is that they are implemented as awful hacks: as an InputManager and/or ApplicationEnhancer. This compromises the stability of Safari and very often create problems when Apple releases a new version of Safari. GlimmerBlocker is implemented as an http proxy, so the stability of Safari isn't compromised because it doesn't use any hacks."

It has four stars, too. Looks good! But then you look at some of the feedback. Slows down browsing. Prevents downloading podcasts in iTunes. A pain to remove.

None of that feedback was for the current version, so I thought I'd at least visit the developer's site. There I read a list of the applications requiring workarounds or special configurations to coexist with this app. And what about the incompatibilities the developer hasn't yet run into? Or the ones that the next version will introduce?

Scratch GlimmerBlocker.

Another small app often recommended by MacWorld is LittleSnitch, which monitors and manages outgoing network connections. I happened to try that out today on my Test volume, while gathering data about a problem with Microsoft Word.

Why on my Test volume and not on my main boot volume? Because of comments I'd read online, including the ones pithily reflected in the developer's own note on changes in the current version: "Fixed an issue causing system freezes at login on Mac OS X 10.4 Tiger." The app performed well enough on my Test volume with OS X 10.5.7 -- oh, except that all other volumes were grayed out in my Startup Disk prefs pane, so I had to uninstall Little Snitch before I could select my main boot volume.

Trash Little Snitch.

I'm not perfect. I do occasionally succumb to the lure of greater functionality. When I switched from OS 9 to OS X, I just couldn't live without some kind of replacement for the old Apple menu. After trying out numerous options, I finally settled on Butler, which seemed relatively fast and safe.

And it was, except for one little feature that I never used but that was turned on in the background: a custom clipboard. That little "enhancement" caused Microsoft Word 2004 to crash repeatedly for the better part of a year -- almost every time I tried to cut or copy a substantial block of text in a large file -- before I finally discovered it and turned it off. So, indeed, I paid for my sin. (Microsoft, please forgive me for blaming you all that time.)

People used to complain all the time about how unstable OS 9 was. Let me tell you a secret. OS 9 was incredibly stable. I use my computer for most of the day, almost every day, and with OS 9.2.1, I could easily go a couple of months without a system crash.

No, it wasn't OS 9 that was unstable. It was the crud that people loaded into it. And not just the small-time freeware and shareware, from which you might expect trouble. It was software from the big names too. Remember Adobe Type Manager? How many OS 9 users had that on their computers? When I saw how often my Mac crashed with it, into the Trash it went.

And then there were the Norton Utilities extensions. I remember once spending two or three days trying to fix a network problem and finally narrowing it down to a Norton extension update.

When OS X first came out, no one could believe how stable it was. People ran it for months without rebooting. And there was good reason for that: No one had yet written crud for it!

But now they have, and there's loads of it around. Do yourself a favor. The next time someone offers you an app to add a nifty feature to your system, measure that feature against the security of knowing your computer will start up after the next update.

I know you'll make the wise decision.

Late edit: Wow. I just discovered that one of the Google ads displayed with this post is for iAntivirus. Good match, Google!

Thursday, July 2, 2009

"How Can I Use My Old HP LaserJet with Leopard?"

I have an old HP LaserJet 2100. It's a great machine. I've had to replace a couple of rollers, and the automatic feed on the top tray doesn't work anymore -- but still, the thing is reliable, prints clean, stays a lot quieter than modern printers, and doesn't make the lights dim when it's working.

I've had the thing for longer than I can remember. In fact, I've had it so long that it comes from the days before USB. It connects via the old circular type of serial port that used to be on Macs.

Two or three computers ago, the Mac lost that serial port, and I lost my connection. Luckily, Farallon stepped up to the plate with a neat little gadget called the iPrint. This small device was an adapter between serial on the LaserJet and Ethernet on the Mac. I must have used it for a decade.

But then came 2009, and I upgraded from Tiger on a PPC Mac to Leopard on an Intel. Only problem: I couldn't talk to my printer.

You may be thinking it was time to pack it in and buy a new printer. I thought so too. The problem was, I couldn't get a new printer I liked as much. (And I had at least one and a half laser cartridges for the old printer still unused. Those things are expensive!)

It turns out that it wasn't so big a problem after all. Like many LaserJets, this one had an Ethernet option. All I had to do was obtain and install the right "JetDirect" card. I remember, when I bought the printer, this option seemed like a hugely major expense -- but the cards can be found now on eBay for very little. (And my income is a bit higher now, so that may have helped change my viewpoint.)

So, here's what it takes:

1. Find out the right JetDirect card model for your LaserJet by looking in your manual -- you do still have it, don't you? -- or by visiting the HP Web site. There are probably several versions for your printer, so make sure you get the one with AppleTalk! (Mine was an HP JetDirect 600 N EIO Print server, part J3111A.)

2. Buy it on eBay or anywhere else you can find it cheap.

3. Slip it into your LaserJet -- takes a few seconds.

4. Connect it to your Mac's Ethernet port. Unlike in the days of the iPrint, Macs no longer require a special kind of Ethernet cable when connecting directly instead of through a hub, so you don't need to worry about green or white. But you probably can't reuse the cable that came with the iPrint anyway, because its connector is too small for a modern Mac. The one that worked for me was a "Cat 6."

5. With your LaserJet on, go to your Mac's Network prefs pane, click on Ethernet, then Advanced, then AppleTalk. Make sure the "Make AppleTalk Active" box is checked. Click "OK," then "Apply." (If you're asked if you want to deactivate AppleTalk on your AirPort connection, approve that too. I doubt you have many wireless AppleTalk printers!)

6. Go to the Mac's Print & Fax prefs pane. At the bottom of the printer list box, click the plus sign. In the box that pops up, make sure you're on the Default pane. You should see an HP LaserJet listed, even if it isn't the right model. Click on that. Make sure that the "Print Using" field now shows your correct model. If it doesn't, select your model from the menu. Then check the "Name" to be assigned to the printer, and change it if you like. Then click "Add." Back in the printers list, you can right-click or Ctrl-click to set the printer as the default.

That's all! Your LaserJet should be ready for its next decade.

Update: Apple strikes again! With Snow Leopard, AppleTalk has been removed. See my later post on making this printer work with Snow Leopard!

"How Do I Avoid a Long Double Start-Up on Leopard Combo Updates?"


The safest way to apply an OS X update is to download Apple's Combo Update, which includes all updates since that major version appeared. But Leopard Combo Updates have the annoying characteristic of requiring a very long double start-up -- during which the computer may even hang. The whole process can be both time-consuming and nerve-wracking.

Luckily, the solution is simple: Don't update from your boot volume.

On my Mac, I always have at least three working copies of OS X:

1. My regular boot volume, named "OSX".

2. A "Test" volume for trying out software, updates, and fixes before applying them to my boot volume. As necessary, I update this by copying from my boot volume with SuperDuper.

3. A "Maintenance" volume for performing repairs to the boot volume. I update this one too with SuperDuper -- but it usually lags behind the boot volume by an update or two, so I can be sure it's available to save me from any problems an update might introduce.

When Apple announces an update to Leopard, I download the Combo Update from the Apple site. Then I boot into "Maintenance" and apply the update to my boot volume from there.

The result is that the update is complete within a few minutes and after only a quick, single start-up. Try it, you'll like it!