Mac Mini: first impressions

I’ve been using the Mac for a little over a week now, and in general, it’s pretty slick. Before Apple made the move to a Linux-based operating system with OSX, I had little use for Macs. The UI was clunky at best, and the inability to multitask was a show-stopper.

Disclaimer: I access the Mac via a KVM switch, using a multi-button mouse and a professional Windows keyboard with mechanical switches. But more often, I use the Mac through a VNC connection from my main Windows PC.

Keyboard issues

Because I’m not using a Mac keyboard, I had to figure out how to press Mac-specific keys, but that turned out to be easier than I expected. OSX recognizes different keyboards and maps keys appropriately. For instance, when accessing the Mac directly, the Alt key works as the Option key, the Control key is the Command key, and the Windows key is the Apple key.

The biggest problem I had with the keyboard was the Home and End keys. On Windows, those keys move the cursor to the beginning and end of a line, respectively. On a Mac, they move the cursor to the beginning and end of the document, respectively. This messed with my motor memory in a big way, and I looked at a variety of remapping solutions. Eventually I was able to fix this by creating the file ~/Library/KeyBindings/DefaultKeyBinding.dict and adding these lines:
{
/* Remap Home / End to be correct :-) */
"\UF729" = "moveToBeginningOfLine:"; /* Home */
"\UF72B" = "moveToEndOfLine:"; /* End */
"$\UF729" = "moveToBeginningOfLineAndModifySelection:"; /* Shift + Home */
"$\UF72B" = "moveToEndOfLineAndModifySelection:"; /* Shift + End */
"^\UF729" = "moveToBeginningOfDocument:"; /* Ctrl + Home */
"^\UF72B" = "moveToEndOfDocument:"; /* Ctrl + End */
/* Remap Ctrl-left/right to go to previous/next word */
"^\UF702" = "moveWordLeft:";
"^\UF703" = "moveWordRight:";
}

Update: This solution for the Home and End keys seems to work for all applications, with one exception: Firefox. I reported the problem on Mozilla’s Bugzilla site as Bug #918859.

Another keyboard problem I’ve run into is that the Enter (Return) key works differently on the Mac. In Windows dialogs and Explorer, Enter opens the currently-highlighted item. If it’s a folder, the folder opens; if it’s a file, the file opens. Makes sense to me, and it’s something I do all the time. Oddly, on the Mac, Enter renames the highlighted file or folder. I haven’t found a permanent solution to this, so in the meantime I’m trying to remember to use Alt-O (Command-O) to open folders/files from the keyboard.

One final keyboard difference worth noting is the fact that there is no Insert key on the Mac. On Windows, this key toggles between insert and overtype modes. On the Mac, you’re always in insert mode.

No single-button mouse for me

I’m glad I can use my multi-button mouse. Again, I’m just so accustomed to right-clicking UI elements to show context menus that I would have a hard time changing to the Apple approach, which is to hold down the Control key and click the (only) mouse button.

Installing open source software

I recently moved all my public-facing services onto a new, powerful Linux computer. Almost all of my work with the Linux server happens at the command line. I don’t find either of the graphical UIs most commonly used on Linux (KDE and Gnome) all that compelling. In any case, I’m now comfortable using the APT system to install and manage open source software packages in Linux, so I was surprised to find nothing similar on the Mac. A bit of research led me to a tool called ‘Homebrew’; having installed this software, I can now download and install software using the ‘brew’ command, which is similar to APT.

Remote access with VNC

Although my KVM works well with the Mac, I find it more convenient to use remote control software. This allows me to continue to use my Windows machine as my primary work environment while providing quick access to the Mac. OSX includes a VNC server, but it’s disabled by default. Enabling it is a simple matter of going to the Sharing panel in System Preferences, putting a checkmark next to Remote Management, assigning the users who should have access, and configuring access (click the Options button). There are numerous VNC client software packages available. I’m currently using TightVNC, which was simple to set up and seems to work reasonably well. Just point your VNC client at the name displayed on the Remote Management settings page on the Mac to connect.

Remote login with SSH

I’m accustomed to accessing my Linux server via command line interface using SSH. This also works for the Mac, but again it has to be enabled first. To do that, again go to System Preferences. Put a checkmark next to Remote Login, and assign the users who should have access. Connect using an SSH client like Putty.

Miscellaneous Mac weirdness

One thing that has always bothered me about the Mac is that closing an application’s windows doesn’t close the application itself. Well, usually. That’s part of the problem: there’s no consistency to it. Some apps close when you close their last open window, and some don’t. A very odd design choice in any case.

Now about those three little buttons at the top left of windows: there’s a close button (the red ‘X’), a minimize button (the yellow ‘-‘), but what does that third button do? It’s a green ‘+’, so one might reasonably expect it to maximize the window, right? But sometimes it does, and sometimes it doesn’t. Weird.

One final bit of weirdness is the way icons work. When you click an icon, for example on the desktop, you see a nice square frame around the entire icon, regardless of the shape of the icon’s image. This encourages a belief that the Mac understands that the shape and size of the icon’s image is not important in terms of selecting (or double-clicking) the icon. That belief is erroneous. In fact, if an icon’s image has any transparent ‘holes’, you cannot select the icon by clicking on any of the holes. As a result, some icons are easier to select that others, and trying to select an icon with a lot of transparent areas can become an exercise in frustration. On Windows, clicking anywhere inside the square boundaries of an icon selects it.

Must-have free desktop software for the Mac

(cricket chirping)

Seriously. Most of the desktop software I use on my Windows PC is free or open source. That’s relatively rare on the Mac, at least in my (admittedly limited) experience. I guess there’s a general understanding that Mac owners have money to burn. The App Store doesn’t even allow sorting or filtering search results by price.

More malicious email and web site warnings

As if you needed more reasons to be cautious when using email or browsing the web, here are two new warnings, from CERT and Malwarebytes.

According to CERT and the FBI, a new, active spear-phishing campaign is sending email to targeted recipients. This particular email purports to be from “National Center for Missing and Exploited Children” and its subject line is “Search for Missing Children”. Do not open this email or any of its attachments, which contain malware.

Malwarebytes, a respected anti-malware software vendor, recently posted a warning about fake Flash player updates that appear on some (mostly pornographic) web sites. Users are tricked into clicking a link that supposedly updates the Flash player, but actually installs malware. Once the malware is installed, legitimate web-based advertisements will be replaced by ads served by the perpetrators. The new ads are often pornographic in nature, and can appear over ads on any web site.

Firefox 23.0.1

A new version of Firefox was released yesterday. Version 23.0.1 apparently fixes three minor bugs, none related to security.

There was no official release announcement for this new version. The release notes are exactly the same as for version 23, with the three fixed bugs just added the top of the list of changes. The ‘complete list of changes’ link still points to an enormous list of bugs that appear to all be related to version 23.

I won’t bother rehashing everything that’s wrong with the way new Firefox versions are being documented by Mozilla. For that, see my post about Firefox 23.

When Windows XP support ends…

After April 2014, it will no longer be possible to obtain security updates for Windows XP – unless you’re paying Microsoft a ton of money. This has some interesting ramifications.

Clearly, there will be renewed interest in the aging O/S as an attack target. New vulnerabilities will continue to appear, but will remain unpatched on most Windows XP computers. Tools that exploit these vulnerabilities will increase in value, resulting in a boom for anyone developing them.

Depending on how many XP systems remain after April 2014, and the number and seriousness of vulnerabilities discovered after that date, there may be some backlash against Microsoft. There may be calls to extend support for XP even further. It’s possible that as many as one third of all computers and devices will still be running XP after support expires.

If Microsoft declines to extent support, you can bet that any new patches they develop for XP will find their way into the hands of regular users through unauthorized torrents and underground web sites.

On the other hand, while keeping Windows XP patched is obviously an important part of an overall security plan, there are other ways to protect yourself. Most users these days connect to the Internet through a router/firewall, which – if configured correctly – makes it almost impossible for an attacker outside the router to identify or even detect a computer inside the router. So, while I’m not recommending that you ignore this problem (you should really upgrade to Windows 7), there may not be a reason to panic if you’re still running Windows XP next year.

Update 2013Aug21: Another ComputerWorld post on this subject, and a post from ZDNet.

Today is Patch Tueday for August 2013

It’s that time again. This month Microsoft has issued eight bulletins, with three of them flagged as Critical. The associated patches affect Windows and Internet Explorer. The August 2013 security bulletin has all the technical details. A post on the Microsoft Security Response Center has a somewhat friendlier summary. For a slightly different view of this month’s updates, check out this post on the SANS Internet Storm Center.

Windows 8.1 update coming in October

Windows 8 Service Pack 1 8.1 will be made available starting some time in October 2013, according to various sources.

Included in the free update will be several tutorials on the new user interface. The exclusion of such tutorials in Windows 8 was a strange decision by Microsoft, since they were in every previous version of Windows.

The update will also include a variety of changes related to user interaction, affecting the use of touch, mouse and keyboard input. Context menus will be improved for better usability.

Related:

Update: Microsoft has set a firm date for availability of Windows 8.1: October 18, 2013.

SANS Ouch! newsletter: Two Step Verification

This month’s Ouch! newsletter (warning: PDF) is a helpful primer on two step verification. If you have a Google account of any kind, you’ve encountered two step verification. It may seem like extra work, but it’s definitely worthwhile.

Update: Duo Security has been posting about two step verification (aka two factor authentication) a lot recently. For example: Why 2 Factor Authentication Hinges on the User Experience.

My new Mac Mini

One of my consulting clients is developing iPhone/iOS apps. I’ll be helping out with testing, deployment, and probably some development. To that end, the client has provided a Mac Mini.

I’ve used Macs before. I even started a blog about my experiences with a new Mac way back in 2004. Some of my earlier observations may still be valid; others may not. In any case, I plan to post anything interesting/cool/weird/annoying that I discover about the new Mac. I’ll try not to let my Windows bias show through, but I can’t guarantee anything.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.