Mac Command Line: Turning Apps into Commands

I moved to MacOS X because it offers both a unix command line and graphical interfaces, and I almost exclusively use the command line as I switch between tasks. If you use a terminal and aren’t familiar with the open command, I urge you to take a look.

I tend to open documents with open ~/Do[tab]… I wanted a way to open more things like this. I wanted to treat every app as if it were a command. I did this a little while back, and recently had to use a Mac without these little aliases and it was annoying! (We know that mousing was objectively faster and cognitively slower than keyboard use.

So I thought I’d share. This works great in a .tcshrc. I spent a minute translating into bash, but the escaping escaped me. Also, I suppose there might be a more elegant approach to the MS apps, but it was easier to write 5 specific aliases than to figure it out.

Anyway, here’s the code:

foreach f (/Applications/*.app /Applications/Utilities/*.app)
    set t=`basename -a $f`
	# Does not work if your app has a shell metachar in the name. Lookin' at you, superduper!
    set w=`echo $t | sed  -e 's/ //g' -e  's/.app$//'  | tr '[A-Z]' '[a-z]'`
    alias $w open -a \""$f"\"  
end

alias excel open -a "/Applications/Microsoft\ Office\ 2011/Microsoft\ Excel.app"
alias word open -a "/Applications/Microsoft\ Office\ 2011/Microsoft\ Word.app"
alias powerpoint open -a "/Applications/Microsoft\ Office\ 2011/Microsoft\ PowerPoint.app"
alias ppt powerpoint
alias xls excel

(Previously: Adding emacs keybindings to Word.)

When an interrupt is important

So it’s cool that this “S.M.A.R.T” stuff tells the computer when the hard drive is failing. The next step in user interface is to take the message out of /Applications/Utilities/Disk Utility and into an interruptive UI, so that I don’t discover this problem when I happen to get an extra drive for backup.

I know Apple knows how to interrupt the user when it matters to them, because iTunes always gives me two chances to enter my password so it can auto-update things. Maybe they’re hoping I won’t notice this one and just figure I need a new machine:

Disk Utility
Sigh.

Is iTunes 10.3.1 a security update?

Dear Apple,

In the software update, you tell us that we should see http://support.apple.com/kb/HT1222 for the security content of this update:

Itunes10 3 1

However, on visiting http://support.apple.com/kb/HT1222, and searching for “10.3”, the phrase doesn’t appear. Does that imply that there’s no security content? Does it mean there is security content but you’re not telling us about it?

Really, I don’t feel like thinking about the latest terms of service today if I don’t have to. I’d prefer not to get your latest features which let you sell more and bundle in your latest ideas about what a music player ought to do. But I’m scared. And so I’d like to ask: Is there security content in iTunes 10.3.1?

Let’s Fix Paste!

copy-paste.jpg

Okay, this is a rant.

Cut and paste is broken in most apps today. More specifically, it is paste that is broken. There are two choices in just about every application: “Paste” and “Paste correctly.” Sometimes the latter one is labeled “Paste and Match Style” (Apple) and sometimes “Paste Special” (Microsoft).

However, they have it backwards. Usually, what you want to do is the latter one, which is why I called it “paste correctly.” It is the exception that you want to preserve the fonts, formatting etc. Usually, you want to just paste the damned text in.

I mean, Jesus Hussein Christ, how hard is it to understand that when I go to a web page and copy something and then paste it into my document that I want to use MY fonts, formatting, color, and so on? Even if I do want to preserve those, I ESPECIALLY do not want you to leave my cursor sitting at the end of the paste switched out of whatever my setting I’m using. In the rare occasion that I want paste as it is done today, the keys I type are:

modifier-V              ! Paste (modifier is either (ironically) command or control)
start typing            ! Continue on my merry way
modifier-Z              ! Oh, crap, I'm no longer in my font,
modifier-Z              ! I'm in Web2.0Nerd Grotesque 10 light-grey
! undo the typing and the paste
space, back-arrow       ! Get some room
modifier-V              ! Paste
forward-arrow           ! Get back to my formatting
(delete)                ! Optionally delete the space
start typing again      ! Now where was I? Oh, yeah....

Note the extra flourish at the end because pasting is so helpful.

The usual sequence I type is:

modifier-V              ! Paste
modifier-Z              ! %$#@*!
search Edit menu        ! Gawd, where is it, what do they call it?
select Paste Correctly  ! Oh, there
start typing again      ! Now where was I? Oh, yeah....

This is much simpler, but has its own headaches. First of all, Microsoft binds their “Paste Special” to control-alt-V and brings up a modal dialog because there are lots of options you could conceivably want, and just wanting to paste the %$#@&* text is so, so special. Apple (whose devos must long for the Knight keyboard) binds it to command-option-shift-V, but at least doesn’t make me deal with Clippy’s dumber cousin. They put “Paste Style” on command-option-V, which pastes into place only the formatting. Oh, yeah, like I do that so often I need a keyboard shortcut.

The upshot is that the user experience here is so bad that the stupid blog editor I’m using here that actually makes me type in my own <p> tags is a more predictable editing experience. I can actually achieve flow while I’m writing.

Most tellingly, the most even, consistent, out-of-my way editing experience is getting to be LaTeX! Yeah, I have to type accents by hand, but at least I don’t lose my train of thought every time I paste.

The solution is simple. Make modifier-V be paste. Just plain old paste. Put paste-with-frosting on control-meta-cokebottle-V and give it a helpful dialog box. Please?

Photo by adam.coulombe.

Jonathan Ive’s Sharia Style

I was on a business commuter flight the other day, which was also the maiden voyage of my MacBook Air. I had it out before takeoff. This was an international flight and I was in bulkhead. On international flights, they’re not as strict about not having your laptop on your lap during takeoff. This flight was only an hour and ten, and if I had to wait ’til cruising altitude, I’d never get any work done.

I slid it into the middle of my Economist (manila envelopes are the only think it fits in), but other guys had their mondo Dells out, so I stopped hiding it.

One of the flight attendants saw it and came over, pouncing on me. Drat. Nabbed.

I blinked when she cooed, “Ooooooo, is that the new MacBook? Can I touch it?”, because this wasn’t what I would think of as a nerd-bird. It was Etihad from DMM to AUH, and after a few days in Al Khobar, I found the fact that the flight attendants had neither an abaya nor hijab to be a pleasant surprise.

I handed it to her. She called over another flight attendant, who also cooed over it. They passed it back and forth extolling, “It’s so light! It’s so smooth! It feels sooooo good!”

They called over a third young woman who turned up her her nose and sniffed, unimpressed, “My brother has one of those.” She thus put the others in their place for being so unsophisticated as to not be totally bored by it yet. It’s a good thing that SAFEE isn’t implemented, yet, or we’d never have gotten off the ground. If looks could kill….

Pointedly ignoring her, my pair of flight attendants marveled over the Air for a bit longer and then handed it off to me so they could play with seatbelts and oxygen masks.

After they left, the guy across the aisle turned to me and said, “My god, I never thought I’d see the day when a laptop was better at picking up girls than a Ferrari. That’s it, I’m ditching Windows.”

Small Bits of Chaos

Use The Logo Luke

apple-windows-xp2-frame.jpg
“Decaf” over on DeadBeefCafe, relates the story of a colleague whose response to yet another virus outbreak is to convince management to purchase Macintoshes, with the following justification:

We’re going to buy Mac Minis and run Windows on them because Macs aren’t affected by these security problems.

Decaf breaks down the several fallacies of this statement and sardonically sums it up with:

So we’re left with the best security method I’ve heard of: A different case! By affixing an Apple logo onto the host, we’ve made it more secure, because Macs aren’t subject to the same security problems.

Just when I think that my organization is getting behind the curve for one reason or another, I come across something like this and I feel lucky to be where I am today.
[Image from: techno-science.net ]

On The Curious Incident Lately in Apple v. Maynor and Ellch

maynor-and-ellch.jpgSo John Gruber, who has written quite a bit on the whole did-they-didn’t-they spat between Apple and Dave Maynor and Jon Ellch, offers up “An Open Challenge to David Maynor and Jon Ellch,” offering them a Macbook if they can root it.

I’d like to mention something that hasn’t happened lately. By not happening, it seems to have not drawn attention to itself. After a war in which gallons of ink were spilled, and every utterance by Apple, Maynor, and Secureworks were analyzed by Talmudic scholars, there’s silence.

What might be the cause of such silence? Are Apple and Maynor finally talking? (In my personal experience of trying to learn more about security issues with Apple products, Apple ignores questions. They ignored questions when I name dropped. They ignored questions when I mentioned things like being an editorial board member at the CVE project.)

So one possible interpretation of events is that there was serious mis-communication, and the parties involved are now having interesting discussions.

If that’s the case, then Gruber is trying to pour gasoline on a fire that others are trying to extinguish.

After I wrote this, Jon Ellch posted to DailyDave, that post was covered in Linux.com, “Johnny Cache breaks silence on Apple Wi-Fi exploit,” and that story was picked up by Slashdot.

[Update: Rob Lemos has a short article, “MacBook Controversy continues with Challenge” at SecurityFocus.]

Macintosh Genuine Advantageā„¢

See “Mac OS X Server Firewall Serial Hole:”

…What they haven’t noticed yet is Mac OS X Server 10.4 overrides an explicit administrator firewall security setting to keep its copy protection functional.

OSXS 10.4’s “Server Admin” lists “Serial Number Support” on UDP port 626 under its firewall pane, with an option to turn it off. You can, in fact, block that port with the UI. And it will work for a little while.

However, serialnumberd will eventually notice this and re-enable UDP port 626 itself. This results in a disparity where Server Admin’s UI says you have port 626 disabled, but it’s clearly active in the “Active Rules” pane.

I promised not to comment. I think it’s still fair to link.

DaveG On Apple Security Advisory

warm-and-fuzzy-boots.jpgSo if you have a Mac, you really want to open software update now. You can read about Apple Security Update 2006-0003 after you’ve installed it and the Quicktime patch. In “Apple Security Update RoundUp,” DaveG explains:

So, in short, without the latest update, OS X is secure as long as you don’t look at any movies, images, websites, zip files, flash content or email messages.

Snarkiness aside, I like that a number of these vulnerabilities appear to have been found internally (assuming that is what uncredited vulnerabilities mean).

He also says “That’s around 35 vulnerabilities in one day!” Why the ‘around?’ As I explained in “Counting In Computer Security,” that counting can be tricky.

One final comment. For comparison, Microsoft shipped three patches this month, covering roughly 5 vulns (CVEs). Apple shipped 2 patches, covering roughly 35. I feel so warm and fuzzy.

Apple’s Message

come-fuck-me-boots.jpgOver at Security Curve, Ed Moyle has some good thoughts on “the Gigantic ‘Bull’s Eye’ on Apple’s Forehead:”

Now, I don’t know about you but I haven’t seen this kind of hubris since Oracle’s “unbreakable” campaign. Remember that? I do. I remember that at one point in time, most researchers ignored Oracle and pretty much left it alone… Then Oracle stepped up on the soapbox shouting “we’re unbreakable”, only to find themselves getting the kind of scrutiny from hackers usually reserved for new flavors of Mountain Dew.

I don’t think the current threat is that bad. I also don’t think that Apple is ready for the sort of onslaught that’s taught such harsh lessons to Microsoft and Oracle.

So Apple, please think about those shoes you’re wearing. Think about the message you’re sending, because teenage boys will respond.

(Image from istock photo.)

Time to Patch

Brian Krebs has a long article, “Time To Patch III: Apple,” examining how long it takes Apple to ship security fixes:

Over the past several months, Security Fix published data showing how long it took Microsoft and Mozilla to issue updates for security flaws. Today, I’d like to present some data I compiled that looks at Apple’s performance on this front.

It’s a good thing no one has any technology that would help a researcher understand exactly the changes that a patch makes. Because if they did, they could sure read those Linux patches and learn a lot about Apple vulnerabilities.