TidBITS#378/05-May-97 ===================== Perhaps it was our use of the word "wax" in a headline. Last week's "Sex Wax Your Browser" article prompted several reader suggestions, so this week we're baring all to share more techniques for making Web browsing easier. We've also got a detailed summary of why no one walked away with 100,000 Swedish kronors in the Crack A Mac challenge, information on the rapidly multiplying Mac OS clone market, and news of two applications that don't mind pushing you around. Topics: MailBITS/05-May-97 Crowds of Clones Even Sexier Wax for Your Browser The Crack A Mac Story Copyright 1997 TidBITS Electronic Publishing. All rights reserved. Information: Comments: --------------------------------------------------------------- This issue of TidBITS sponsored in part by: * APS Technologies -- 800/443-4199 -- Makers of M*Power Mac OS compatibles & premium storage devices. APS price lists: * Northwest Nexus -- 800/539-3505 -- Professional Internet Services. * Power Computing -- 800/375-7693 -- PowerTower Pro 225 MHz - the fastest desktop system ever. Build Your Own Box online! * Aladdin Systems -- 408/761-6200 -- Makers of StuffIt Deluxe 4.0, the Mac compression standard, and InstallerMaker 3.1.3, the leading installer for Mac developers. * Small Dog Electronics -- Special deal for TidBITS#378! <--------- NEW! Performa 6400 32MB/1.6GB/256kL2/28.8/15" monitor, refurb: $1529 More Info: -- 802/496-7171 * StarNine Technologies -- 800/525-2580 -- Top Internet tools: WebSTAR, WebCollage, ListSTAR, and more. WebCollage is shipping! * MacWorks -- 800/463-1026 -- TidBITS Special - free shipping on Apple upgrade cards from $79 More Info: --------------------------------------------------------------- MailBITS/05-May-97 ------------------ **Feeling Pushy?** PointCast, Inc. and Marimba, Inc. this week released new Mac versions of their much-hyped "push technology" receivers. PointCast's Network (PowerPC only) has been pushed up to version 1.0.1, offering six additional channels including the Wall Street Journal, TechWeb, and the Chicago Tribune. The update also includes a Control Strip module for controlling the Network application from the desktop. Users of version 1.0 should receive the update automatically the next time they connect, and don't need to download the file (3.6 MB for an easy install, 2.6 MB for the smaller installation). Version 1.0 of Marimba's Castanet Tuner (also PowerPC only) allows access to Marimba channels, and is based on Java; the 2.9 MB download includes version 1.0.2 of Apple's Mac OS Runtime for Java, which it requires to run. [JLC] **TCP/IP CC Apology** -- My apology to Tim Kelly and Jeremy Kezer for carelessly including a description of Tim's TCP/IP CC control strip module when talking about the Jeremy's Control Strip Modules package in TidBITS-376_. The "buckware" tool (it costs $1) is not part of Jeremy's collection of control strip modules; it's one of many neat programs available at the official Tim Kelly software page. [MHA] Crowds of Clones ---------------- by Jeff Carlson For years, one of the main laments about the Macintosh was Apple's failure early on to license the Macintosh and/or Mac OS to outside vendors. Now, Mac OS clone manufacturers like Power Computing and Motorola are prompting users to choose not only which model to buy, but from which vendor. Here at TidBITS, we've often found it difficult enough to keep up with Apple's products (something exacerbated by the now-defunct Performa line), let alone sets of Macintosh compatibles from other manufacturers both in the United States and throughout the world. As a result we have a tendency not to talk about clone models or clone makers with great consistency, which doesn't do justice to the now rapidly- developing field of Macintosh compatible hardware. With that in mind, here's a brief rundown of some of the major and minor players in the Mac clone market. For more information on Mac OS clones, check out David Engstrom's The Mac and Mac Clone Performance Comparison Page. **Power Computing** -- Now approaching "grandfather" status in the field, Power pioneered the Mac OS clone market and gave users reason to believe non-Apple machines could be a viable alternative. Power's line of computers fill both the low- and high-end markets: a 180 MHz 603e processor-based system starts at $1,199 (including decent RAM, hard drive, video, and expandability options), while their top of the line PowerTower Pro models hover between $2,700 and $3,700. **UMAX** -- Umax's SuperMac line, originally inherited from former clone manufacturer Radius, also appeals to a broad range of users, starting with the inexpensive C Series and topping off with the S Series. UMAX has moved ahead forcefully with its product lines: all SuperMac machines are based on an Advanced Scalable Processor Design (ASPD), allowing for easy processor upgrades (rather than replacing the entire motherboard); the S900 machines also come with the ability to run as dual-processor machines. **DayStar Digital** -- Unlike many clone vendors who are positioning their systems to appeal to all users, DayStar Digital continues to concentrate on the heavy-horsepower crowd with their multi-processor Genesis MP workstations. The low end of these "big iron" machines offers two PowerPC 604e processors running at 200 MHz, six drive bays, six PCI slots, eight DIMM slots (allowing over 1 GB of RAM), and more, starting at $5,000. DayStar wants to dominate high-end graphics, video, and media production markets, and the few people I know who've used their machines don't plan to ever take their work back to single-processor Macs. **Motorola** -- It was only a matter of time before Motorola, the manufacturer of Macintosh processors since the 68000, started building its own boxes. The StarMax line starts with a 200 MHz 603e and the usual complement of entry-level components (16 MB RAM, 1.2 GB hard drive, CD-ROM), and ramps up to the StarMax 5000/300 mini tower, featuring a 300 MHz 603e (not 604e, which is available at 200MHz in the StarMax 4000/200) with 32MB of RAM, Ethernet, internal Zip drive, and 4.3 GB hard drive. Like IBM, Motorola may sublicense Mac-compatible systems to other manufacturers (such as APS) without explicit permission from Apple, and Motorola also offers a five-year limited warranty with its machines. **APS** -- APS hard drives, cables, and accessories have been a TidBITS standard for years, so it came as no surprise when APS announced its M*Power line of Macintosh clones, based on CPU designs from Motorola. Starting with the M*Power 603e180 ($1,199) and maxing out with the M*Power 604e200 ($2,399 for the best configuration), APS brings a wide range of configuration options plus their excellent support and quality hardware to the Mac OS clone arena (despite a lack of original machine names). **Computer Warehouse** -- The machines from this United Kingdom- based vendor are geared toward speed and power in multimedia authoring. Based on Motorola's Tanzania motherboard designs, all of their lines - New York, Manhattan, and Hollywood - run from 200 MHz 604e processors and start with 64 MB of RAM, priced between 1,500 and 2,000 British pounds, excluding VAT. Computer Warehouse's machines are being manufactured in West London and aimed at the European market. **Akia** -- Akia demonstrated their array of MicroBook Power machines at Macworld Tokyo this year. The name suggests PowerBook clones, but Akia's machines come in tower and desktop models based on 604e and 603e processors and logic boards sublicensed from IBM, all with a minimum of 80 MB RAM and 4 MB of video RAM. Also interesting are the monitors that can be purchased for these systems: all of Akia's screens are flat-panel displays. To buy them, however, you'll have to travel to Japan. **Vertegri Research** -- Canada-based Vertegri made news recently by announcing a Mac OS portable not based on Apple's PowerBook specifications (which aren't currently licensable). The imediaEngine features a 604e processor running at either 200 MHz or 240 MHz, built-in CD-ROM, and optional internal Zip and Jaz drives. What it lacks, however, is a battery. Vertegri also offers the Quicktower 200e, a 200 MHz 604e system. **Vision Power** -- A newcomer to the clone market, Vision Power plans to offer two lines of machines: the 603e-based PowerExpress and 604e-based PowerMax, both available in desktop and tower models and targeted at North American customers, although the company has reportedly been selling Mac clones in Asia since late 1996. According to reports, high-end models will offer a second processor slot for multi-processing applications (similar to UMAX's S900 models), but few other details are available. The company can be reached via email at . Even Sexier Wax for Your Browser -------------------------------- by Geoff Duncan Maybe it was the steamy title, but Adam's article "Sex Wax Your Browser" in TidBITS-377_ (which contained a few tips for efficiently using Web browsers) generated a surprisingly large email response from TidBITS readers. Many people wrote in with additional thoughts or variations on Adam's suggestions - I thought I'd share a few of those and throw in some thoughts of my own. **Shortcuts, Intranets, & Open Transport** -- In his article, Adam wrote that the latest versions of Netscape Navigator and Microsoft Internet Explorer both enable you to access a Web site with a domain name in the form of "www.company.com" by typing just the word "company" in the browser's Address or Location field. Thus, entering "tidbits" in the field would take you to: Although what Adam describes is typical for many dial-up and dedicated Internet users, readers wrote in to note some variations. Typing "tidbits" in a browser's Address/Location field actually first tries to set up a connection with a machine called "tidbits" within your current domain (such as "tidbits.company.com"). If you're using a stand-alone Mac, this isn't a problem: the Web browser fails to find that machine, then tries "www.tidbits.com." However, if you're on a corporate or organizational intranet, you might see different behavior. For instance, if there really is a machine called "tidbits" within your intranet, your browser will connect to it rather than TidBITS' Web site. Also, if your intranet is large (or slow), merely searching the network for a local machine can take quite a bit of time. A few readers reported their browsers frequently time out before they're done looking for a machine on their corporate intranets, so they always use bookmarks (or type in longer forms of a site's domain name) to access external Internet sites. If you're using Open Transport, you can change how Internet applications look for sites. At the lower right of the TCP/IP control panel, you'll see a field labeled Search domains (or Additional Search domains, if the control panel is in Advanced mode - you can select User Mode from the Edit menu to change modes). In this field, you can enter other Internet domains you'd like your Mac to treat as if they were on your local network. For example, I access the Internet from the domain quibble.com. However, I've also entered tidbits.com as an additional search domain, so I don't have to type it out to access any of TidBITS Internet servers. I can access TidBITS' Web site by typing "king" in the Address/Location field, since the machine www.tidbits.com also goes by the name king.tidbits.com. This technique works so long as none of TidBITS' machines have the same names as machines within my quibble.com domain - if I type "www" my browser will preferentially connect to my (currently unexciting) Web server at www.quibble.com. Open Transport's additional search domains can be confusing; for instance, Internet sites you access using these additional search domain appear as if they're on your local network, so the full URL in the example above appears as "http://king/", which isn't what you'd want to cut and paste into an email message to someone on a non-local network. Additional search domains can also be slow if you add large domains (like apple.com) or slow domains. However, once you get used to them, many people find additional domains helpful, and they work with any Internet application - including Anarchie, Fetch, and Cyberdog - not just the major Web browsers. **ramBunctious** -- The bulk of Adam's article discussed how to set up a custom ShrinkWrap volume to hold your browsers' disk caches in RAM for better performance. Several TidBITS readers wrote in to recommend ramBunctious - a $12 shareware RAM disk program from Elden Wood and Bob Clark - for the same purpose. As an application, ramBunctious seems to do a decent job with pure RAM disks, offering write-throughs to your hard disk to preserve your data, and an optional folder for items that are opened whenever you mount a RAM disk on your desktop. Although I can't really recommend ramBunctious over the ever-versatile ShrinkWrap - RAM disks can only be used with the ramBunctious application running (which takes another 380K of RAM), it can't mount or manipulate standard disk image files, it isn't scriptable, it has a few quirks, and ShrinkWrap is still free for non-commercial use - ramBunctious was stable in my brief testing, and a few TidBITS readers preferred its interface to ShrinkWrap's somewhat over- burdened preferences dialog. If you frequently need RAM disks and never use disk image files, ramBunctious might be worth a look. **Cyberdog** -- Adam's discussion of using ShrinkWrap for browser caching only applied to Microsoft Internet Explorer and Netscape Navigator. Greg Scarich wrote in with a tip on how to use the same technique with Cyberdog: "Thanks for the detailed discussion of setting up the persistent ShrinkWrap RAM cache. I took it one step further and got it working for Cyberdog. Cyberdog doesn't let you select the location for its cache, so I followed your instructions, then manually created a folder named Cyberdog Cache on the ShrinkWrap disk, then put an alias of that folder in the Cyberdog Preferences folder [which is inside the System's Preferences folder -Geoff], replacing the default folder of the same name." I found Greg's technique works fine with Cyberdog 2.0, although presumably it would work with earlier versions too. **ShrinkWrap & AppleScript** -- Finally, many TidBITS readers wrote to say they're taking advantage of ShrinkWrap's scriptability and using a script to mount a ShrinkWrap image for disk cache and then launch their favorite Web browser once the disk is mounted. Suzanne Courteau writes: "This has come up several times in Macworld and other publications. In April we ran a Quick Tip ("Efficient Browser Cache") that suggested writing an AppleScript program to mount your ShrinkWrap RAM disk not at startup but when you're ready to go online - though I suspect after reading TidBITS-377_, for you that _is_ right after startup!" Suzanne's right: Adam, Tonya, and I have dedicated Internet connections so we tend to want our disk caches ready from the moment we start up. However, many users with dial-up access to the Internet may not want to constantly set aside a few megabytes of RAM as a browser cache. The AppleScript outlined in the Macworld tip shows how to mount your ShrinkWrap image in RAM and launch Netscape Navigator from a single, double-clickable icon in the Finder; the same principles can be applied to UserLand Frontier, OneClick, and other programs. I've also written a slightly more elaborate AppleScript that isn't hard-coded to a particular ShrinkWrap image file or Web browser; with a little ambition, it could be modified to work with ramBunctious RAM disks. We hope you find these tips from other TidBITS readers useful - happy Web browsing! The Crack A Mac Story --------------------- by Joakim Jardenberg and Christine Pamp [Back in TidBITS-375_, we noted the success of the "Crack A Mac" challenge held in Sweden for two months last February to April. The contest offered prize money - eventually more than $13,000 U.S. - to anybody who could alter the contents of a Web page served by a standard Macintosh-based Web server. Here's the story of the contest and the server setup, plus some of the break-in attempts and hoaxes the contest team encountered. -Geoff] **What We Did and Why** -- To prepare for the Crack A Mac contest, we simply unpacked a standard Power Macintosh 8500/150 from its box. Then we installed WebSTAR 2.0 (the popular Macintosh Web server from StarNine), upgraded to Open Transport 1.1.2, connected the machine to the Internet, and put some Web pages on it. We didn't do anything special with the server - it wasn't behind a firewall, and we didn't make any other security arrangements. The entire setup took less than 30 minutes. We publicized the challenge and Hacke (the name of our server) via the Web and email, and information about the contest was carried by many diverse venues, including Ric Ford's MacInTouch, MacWEEK, Wired, TidBITS (of course), along with several Swedish publications, the Wall Street Journal, and the New York Times. The contest reward was initially 10,000 Swedish kronor (about $1,350 U.S.), but during the challenge we were able to increase the amount of prize money a couple of times, thanks to nine Swedish Apple resellers. In the end, the contest reward was 100,000 kronor, or approximately $13,500 U.S. Why did we do it? We wanted to prove there is an alternative to large and expensive Unix- and Windows NT-based solutions for secure World Wide Web services - a solution that doesn't require hundreds of hours to set up or need a separate firewall. We were not trying to prove a Mac OS-based solution is right for everyone, but we are saying it is exactly the right solution for many of us. We wanted to prove the Macintosh is an off-the-shelf system that allows safe, secure, and reliable presence on the Internet within 30 minutes. Since no one was able to claim the prize money, I think we proved our point. For more detailed information on the contest, rules, and frequent questions and answers that came up during the contest, check out Hacke itself. **The Best Attempts** -- In the early stages of the challenge, visitors were trying to exploit more or less known security issues under Unix. We also tracked news coverage on Windows NT security flaws by increased attempts to hack into our server using those flaws; each time a new article appeared about a security problem with Windows NT or NT-based server software, it was followed by a new set of attacks on our server. Many crackers seem to believe Windows NT and Mac OS have something in common. Needless to say, Hacke didn't respond at all to these attacks. Would-be crackers also spent a lot of effort on trying to guess the password to pi_admin, an administration identity under WebSTAR 2.0 that enables webmasters to handle some core functions remotely. There were more than 220,000 attempts to guess the username and the password, but to the best of our knowledge, none were successful. However, even if someone had guessed the password, they would not have been able to change the content of the server; it simply wasn't possible through pi_admin using the set of WebSTAR plug-ins we had installed. When guessing at the pi_admin password grew stale, crackers tried to break in to the machine providing our DNS service, with the goal of moving Hacke to another IP number, and then changing the content of the server. [DNS, or Domain Name Service, translates between IP numbers and the more-friendly names of Internet machines. -Geoff] But since our DNS service (provided via Men&Mice's QuickDNS Pro) is also running on a Mac, these attempts were destined to fail. The success rate was not any better for contestants that tried to get into Hacke via our mail server; it was running under Mac OS as well, so there was no Unix sendmail program to try to exploit. Tired of all the Mac servers, would-be crackers tried to find something in our network that was not Mac-based. The only thing they found were the routers. Fortunately, the routers were secured, but breaking into them could have been a problem, since it could have taken part or all of our network off the Internet entirely. The question is, would that have counted as a hack that was eligible for the prize money? Successfully attacking a router would have merely revealed a security hole in our ISP's connection, and the idea of the challenge was to alter the contents of a Web page. In the end, I suppose it would have depended on the results of a successful router attack, but none were successful. The most interesting attempts occurred near the end of the competition when people realized they needed a different solution. The best attack was pure social-engineering. It started when received an email message apparently sent by . The message requested Christine put new text on the front page of Hacke because "I don't have the time to do it myself." We would probably have seen through this ruse anyhow, but it was even more apparent because the letter was written in English, and we normally communicate with each other in Swedish. The next perpetrator was a Norwegian who claimed he had broken Hacke but he had been thrown out before he was done. He couldn't prove that he had been there but he threatened us with lawyers if he didn't receive the prize money. He even called us and told us that he had 3,000 witnesses because he'd accomplished the feat on a big screen during a conference in Norway. However, no evidence or witnesses have materialized. On the last day of the contest, we received email from two people that seemed to be very polite and helpful. They told us that they had found some information that could be very useful for us. Their enclosures looked like documents but they were, in fact, small AppleScripts that could have changed Hacke's front page had they been launched on the server. They were easy to spot, but it was a good try! The people who wrote the scripts probably realized they would not be successful, since in the middle of the code we found "Rats! No $13,000 for me today." **Performance & Reliability** -- It is well known that the Mac OS is currently sensitive to Ping of Death attacks, and that Open Transport and WebSTAR do not have functions to handle SYN attacks. We were largely spared the latter, and while Ping of Death attempts did not seem to knock out the server every time, Hacke was crashed three times by Ping of Death attacks. Since our idea was to conduct the challenge on an easy-to-set-up server, we did not try to defend against these attacks. Instead, we installed the widely-used shareware programs Keep It Up and AutoBoot to restart the server automatically if it crashed. [For background, Ping of Death attacks involve sending large data packets (usually over 64K) that get re-assembled by the receiving machine into a block of data larger than the original, often causing an overflow and hence a crash. The attack is usually carried out via ping, but in theory the technique can be applied to any IP datagram. A SYN attack is a denial of service attack that involves sending a flood of SYN packets (which are always used to start a TCP transaction) that contain faked source addresses. The receiving machine then spends a lot of its time and resources trying to send and receive acknowledgments to and from machines that don't exist. SYN attacks can be used to block individual TCP ports (or entire machines) from real users. Macs aren't the only machines susceptible to these attacks, but most other platforms have patched vulnerabilities to the Ping of Death, and Apple plans to do so in a future update to Open Transport. -Geoff] Our philosophy was that crashing a Web server only to have it reboot a minute later was not as severe a problem as an attack which alters the content of a Web page. For example, it is far more serious for a firm like Telia (the Swedish telecommunications company) if their home page is altered to read "Felia" (which, in Swedish, could mean "something that is consistently done wrong") than it is for their Web site to be down temporarily. Additionally, the Macintosh server was incredibly dependable. As noted above, it went down just three times, and in each case we were able to trace the cause to oversized ping packets. We had expected that. This reliability was also demonstrated by our other Mac servers - Web, Mail, and DNS - that were exposed to attacks and inquiries during the contest. Further, the performance of the server was never a problem. Although Hacke was often very busy (with over 50 simultaneous connections), it sent out a single "busy" message. Some challengers may have had problems connecting to the server, however, since we're located in the southern Swedish countryside and our connection to the world is only 64 Kbps. Also, users from overseas undoubtedly experienced some connectivity problems getting through to us at all. **Some Statistics** -- During the competition's two months, Hacke's English and Swedish entry pages logged more than 650,000 hits, and over 100,000 unique IP addresses were logged. The server sent out over 8,000 MB of data. Approximately 75 percent of Hacke's visitors came from the United States, 20 percent from Sweden, and the remainder were spread throughout the world. Many companies and organizations expressed interest - we logged several visitors from IBM, Hewlett-Packard, Cray, Digital, SGI, Novell, Boeing, AT&T, and Netscape. In addition, NASA and the U.S. military were frequent guests. **The Next Step** -- Hacke will not disappear. We plan to announce future contests using more sophisticated setups, to address common criticisms of the Macintosh as a Web server platform (including handling several domains, remote administration, high levels of interactivity, access to databases, and so forth). We need to contact sponsors, define a stable and interesting concept, and ensure all criticisms about inadequate features or capabilities are addressed. We also need to do our real jobs: we haven't earned a single krona for the time we spent on the Crack A Mac competition. It should also be noted the Crack A Mac challenge was in no way affiliated with Apple Computer. We just feel we have a vision that should make it possible for more organizations to take the leap toward the Internet. $$ Non-profit, non-commercial publications may reprint articles if full credit is given. Others please contact us. We don't guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. This file is formatted as setext. For more information send email to . A file will be returned shortly. For information on TidBITS: how to subscribe, where to find back issues, and other useful stuff, send email to: Send comments and editorial submissions to: Issues available at: ftp://ftp.tidbits.com/pub/tidbits/issues/ And: http://www.tidbits.com/tb-issues/ To search back issues with WAIS, use this URL via a Web browser: http://wais.sensei.com.au/macarc/tidbits/searchtidbits.html -------------------------------------------------------------------