Configuring the Firewall on MacOS X 10.5.1+ (Leopard)

2 Feb 2009 11:23 by Rick

Confession: Until last week, I had it switched off. It didn’t make a lot of difference but I should have been more careful. It was just that when I first switched it on, nothing worked and I didn’t understand how the Mac worked enough to fix it; then I forgot. It ought to be switched on by default then this wouldn’t happen.

Anyway, it is all actually quite straight forward. There are guides available to show you how to do it. The problem is that they are a bit too technical in language and also are not clear on how to decide what to put in the table of allowed programs. The answer is don’t put any in manually, let them ask you first and then decide if you want to allow it.

The sort of programs which will ask and need it are IM/VoIP (iChat, Adium, Skype) and Download/Upload services (µTorrent, iPlayer, CyberDuck). Your browser may also ask, it rather depends on what sites you go to. Some applications ask more than once but eventually they remember. The ones that don’t ask and shouldn’t need it are Mail/RSS/News (Thunderbird, iMail), Text (NeoOffice, TextWrangler, TextEdit, MS-Office) and (to my surprise) Virtual Machines (VMware Fusion, Crossover and probably Parallels). In any case, you ought to run a local firewall in virtual machines.

Apple cancels Christmas

17 Dec 2008 11:39 by Rick

That’s all folks!

Google Chrome – no luck on first try

3 Sep 2008 10:20 by Rick

The talk on the web is about the first completely new browser for over a decade (I think). Designed from a blank sheet it promises to be popular, emphasising speed and reliability over features. Only a Windows version is available at the moment but I found that I couldn’t even download it from my Mac, it must be doing some platform detection. I will try again tonight after firing up my VM.

Hot stuff

18 Aug 2008 14:24 by Rick

As we had a surplus of loyalty points I splashed out on an MP3 player the other day. Not wanting an overpriced iPod I got the Samsung YP-T10 which does everything I need and has 4GB of memory and Bluetooth. I have not figured out the latter yet but can load the music from my Mac with a third party application XNJB.

The controls on this device (apart from the on/off switch) are a touch pad which is heat rather than pressure sensitive. So it works from your fingers but not hard objects in your pocket or knocks. Putting it in my shirt top pocket I find that it keeps cutting out—it is clearly warm in there and the “little bumps on my chest” …

I will have to put it in the pocket control side out!

Mount network drive at login (Mac)

9 Aug 2008 07:46 by Rick

It has taken a while to figure out how to do this from suggestions that it can’t be done (daft) to using a login time script. As you would expect it is all very easy.

First mount it from the finder by hand. Then go to System Preferences > Accounts > Your Login > Login Items. Select the + to add a new item and navigate the to share you want mounted. Done.

No need to SHOUT

8 Jul 2008 17:52 by Rick

The Apple aluminium keyboard (and, I am told, the built in keyboard on the MacBook Pro) has a feature that there is a short delay on the Caps Lock key so you have to hold it down a little bit longer before it takes effect. This is to guard accidentally writing emails and IM messages all in capitals. The guy who thought of that one should GET A BONUS, but I would like it adjustable—a little longer in my case.

Some people prefer to disable it completely and, I must admit, it is a pretty useless key.

Colour Management

24 Jun 2008 20:37 by Rick

To those who look carefully, photographs on web pages look dull compared to how they look in photo editors. I always thought it was due to the low resolution but apparently it is all about Colour Management Profiles. These are instructions placed in the image file which tell the receiver how to render the colours and are intended to allow matching on different devices—e.g. Screens on different computers, projectors and printers. However, Firefox has always ignored them; until Firefox 3. IE ignores them as well; Safari does read them but in a different way.

In Firefox, if you go to the about:config page and set gfx.color_management.enabled to True then, after a restart, it will be activated. All the photographs will look just a little bit richer, brighter and more sparkling. The photo purists are wondering why it has not been enabled by default?

Well if you have tried it in Windows you will see—everything else will have taken on a different tinge compared to what it was before, mine went pinkish, others have reported a cream bias. The greys are no longer neutral because in the process of doing it to photographs that come with built-in profiles, they have applied a default profile to everything else on the page and it all looks wrong. The official Mozilla page says that it relies on a properly calibrated monitor. Well mine is as close as I can get it without special hardware but that is not the answer. What you also need to do is set the default profile gfx.color_management.display_profile. You would expect this to be the actual values for your monitor, but that is what Firefox is already doing. What you need to do is set it to C:\WINDOWS\system32\spool\drivers\color\sRGB Color Space Profile.icm to stop Firefox altering it and allow the Windows display driver to make the correction for the screen. Brad Carlile has a good test page—if the greys still look grey and his three test pictures all look the same then you have got it right. The Apple Mac doesn’t seem to have a problem, just set the enabled flag to True and it mostly works. Safari (at least on the Mac) does it like this by default.

Secondly, plugins, particularly Flash, do not compensate, so sites that blend from backgrounds to Flash will no longer be seamless—but my fix seems to solve that as well, unless they are trying to blend Flash with JPG which would be unusual. I haven’t got this working for the Mac yet. and, although Flash blending is ok, apparently Safari falls down for a similar reason; the CSS and GIF backgrounds don’t blend seamlessly with JPG and PNG images. This may also affect my fix but I haven’t had a chance to experiment with it yet. What I need is another comprehensive test page. Update: It is a heavy read, but this page by G. Ballard explains it all and has a lot of test pictures or this excelent article by Jeffrey Friedl.

Finally, it also takes 10–15% more processor power to render the pictures so those on older systems will see a noticeable slow down on picture heavy sites.

I first though that I would be switching it off again until they get this sorted out properly, but having found the profile hack I will leave it, I don’t care about Flash anyway.

Time Machine Hangs

12 Jun 2008 18:21 by Rick

This seems to be a bug in Mac OS X 10.5.* (Leopard). If you have the Energy Saver options set to “Put the hard disk(s) to sleep when possible” (obviously not the same euphemism in the States as here 🙂 ) then Time Machine can hang in the “preparing backup” state. Forum help here and here.

Oh, and another thing—backing up your VMware images using Time Machine is a good way to fill up your disk in no time. Use a separate guest O/S backup mechanism to do them,

Skyped up

5 Jun 2008 09:43 by Rick

I normally use these posts (the technical ones that is) to highlight problems with products and help people get around them. This one is different. Skype is brilliant and easy! For those that don’t know, it is an internet phone system.

The Mac Pro is one of the few Apple machines that doesn’t come with a microphone so I had to get one first. Unlike a PC it only has a Line-in socket (low sensitivity) and requires a powered microphone. It is a shame that it doesn’t provide 3v phantom power for electrets but I don’t suppose there is much call for it. Powered mics are remarkably hard to get and the easier solution is a USB microphone—it also leaves the line in socket free for other things. Some people recommend using a headset but we didn’t find it necessary.

Then install the software, create an account (most of the good names are already taken unfortunately) and you are away. The only criticism I have is that the Skype web site doesn’t give you much help around the hardware side but otherwise it is fine.

The quality is excellent and it is easy to use. I was particularly impressed by the easy and high quality conference call facility. Now if only the company system was as good as that!

We also installed on a windows laptop and that was just as straight forward. The software version is different and the windows version looks a lot more cluttered but it works just as well, even with the laptop pin-hole microphone and tinny speakers. We found that it scans your Outlook address book for known phone numbers, that may or may not be useful, but they do work quite well; apparently your first call to a “real phone” is free. Internet to Internet calls are free all the time so it is very popular for people with families dispersed around the world. It will also do video calls (I don’t think we will bother), IM chat and SMS.

Finally a recommendation. Unless you want to restrict your calls to a few designated people, fill in at least the basic information into your profile. Think of it as a phone book. I would suggest the minimum is your real name, country and city. Then at least callers can have a sporting chance of getting the right person.

Canon MP600R configuration

28 May 2008 10:58 by Rick

I am not going to talk in this post about how to setup this device, because it works well with the instructions provided and in most normal situations will not give you any trouble. It is a good printer and an acceptable scanner. I will, however, start off with a very strong warning—Once it is configured, leave it alone. This applies to other Canon network devices as well such as the MP800R and IP5200R.

My problem arose when I moved my wireless access point to a location that was out of range of the device. As there was a switch nearby, I decided that the best solution was to change from wireless to wired. This was not easy and to explain why and give a solution is going to get very technical and complex.

Problem description

The heart of the problem is that this multifunction device does so many things and seems to achieve them (or at least initiate them) by broadcast and recognition of the ethernet MAC address using a proprietary protocol. Here we can spot two consequences immediately: first it will only work on the same subnet (but that is generally not a problem for home) and secondly, the wireless and wired interfaces have different MAC addresses (ending in a4 and a5 respectively in my case).

The functions that the device performs are

  • Printing—this is pretty much understood and well supported in both Windows XP and MacOS X. The drivers behave in a standard way and using the tools available it is fairly easy to create a new port and printer device—but don’t bother because of what follows.
  • Scanning initiated from the device—This depends on a custom daemon “Canon IJ Network Scan Utility” which is waiting for messages. It is configured to watch for particular MAC addresses so doesn’t work if you switch. There is no re-configure tool available but a reinstall does add the new address to the list. Again, don’t do it yet because of what follows.
  • Scanning initiated from the computer. This uses the “Canon MP Navigator 3.0.” I am not exactly sure how this works but it must need to know about the scanner address because it didn’t work anymore, and no amount of reinstalling would convince it to work.
  • Mounting a memory stick. This seems to work ok because the mechanism knows about both MAC addresses anyway, but I haven’t tested it.

A Solution

While playing with this and trying to get things to work, I got into a situation where one (Windows) machine couldn’t see the device at all, even during installation and another could see it with the “Canon IJ Network Tool” but could not print or scan. I came to the conclusion that the only way forward was to start again from scratch. To clear the deck I un-installed absolutely everything. It helped that I had no other Canon software at all on the system so after using the official uninstallers I deleted the Canon folder in Program Files and, using regedit, deleted all software\canon keys in the registry. I believe that this last stage is important because that is where the addresses are stored. Now do a reboot to clear the air.

Having done this, I re-installed everything needed including configuring the printer using the USB connection, just as if it was brand new. And it works.

I haven’t done this on MacOS X because I have no idea how to uninstall things this thoroughly. Using standard tools and re-installing over the top I have got printing and remote initiated scanning working but computer initiated scanning doesn’t even start. It doesn’t help that the Canon installer keeps insisting that the machine be rebooted, an anathema to Unix based machines.

Would updated drivers have improved things? I don’t believe so but didn’t get the chance to find out as it wasn’t at all clear which versions I already had or what was available for download.

Lessons learned

  • Get it right first time. Plan ahead and think before you start to install.
  • This device is not designed for larger networks. e.g. it won’t work with multiple subnets and I don’t think two of these devices configured on the same computer would work too well either. Although there is a device configuration tool (“IJ Network Tool”) there is nothing to reconfigure the computer end. Even replacing the printer with a new one would be difficult.
  • Don’t rely on Canon tech. support. The web site is hopeless and no one got back to me at all from a support ticket [see below].
  • If possible, get one device to do one job, they are much easier to understand. I was shopping for a wired network inkjet printer. All that was available was this wireless combination printer/scanner/copier. At least it doesn’t do fax!

All this is a great shame because Canon make good printers which are economical to run and I have been very happy with them. I hope I will continue to be happy with this one.

Update: later the same day I had an email reply from Canon support. They said

In Mac, you need to select the device and move it to the rubbish bin and the same with software. Just move everything to rubbish bin, device and software. Restart before installing again.

I understand dropping applications into the Trash, but devices? Eventually I took the same drastic action as on the PC. I dropped everything that said Canon into the Trash including stuff under /Applications, /Library/Application Support, /Library/Printers and /Users/Shared. Then rebooted and installed everything from scratch again even using an (extended) USB cable. I thought initially that I was still in the same position as MP Navigator still said “Scan Failed” but on the second click it worked. Trying again, it seems it always fails on the first click. I am not convinced that I managed to delete everything as it still seems to know my scanning settings (600dpi rather than the default 300) but it seemed to be enough to do the trick.

For reference, “Canon IJ Network Scan Utility” (the daemon), “Canon IJ Network Tool” (for configuration) and “Canon IJ Printer Utility” (for printer maintenance and default settings) are all under /Library/Printers/Canon/BJPrinter/Utilities. “Canon IJ Network Scanner Selector” (to pick which scanner to use I suppose) is under /Library/Application Support/Canon/ScanGearMP/Utility. “MP Navigator 3.0” is under /Applications/Canon Utilities. This is stuff that should be in the manual.

