Joi Ito's Web

Joi Ito's conversation with the living web.

Just installed OS X 10.2 and am trying to "Make the Switch"... I'm using Mizuka's old Powerbook G4 with the broken "/" key, not the cool new one that just came out. I just ordered office and all of the Adobe stuff, so until that arrives, I can't completely switch. I feel totally screwed up right now though. I have a Sony Vaio C1MRX with a great form factor and excellent battery life, I have a Dell Latitude coming that I'm going to configure with with Windows 2000 in a very security conscious mode (after talking to Chris Goggan about what the most secure PC setup was...) and now I have this PowerBook. I hope I am only using one of these a month from now and I HOPE it is going to be the PowerBook.


Let me know if you need any help. I know a little about Macs - Neeraj

Well for starters, every time I move it, the power cuts out and shuts down suddently. Also, I realize I need to install a card to do 802.11... Also, my "/" key is broken... and having trouble editing Japanese in MT... So, I need some help. ;-)

The power problem can be addressed with a shim in the battery compartment. (This was a common problem with early TiBooks...including mine.)

Have a dealer do the airport card; they're a serious pain to install yourself. (Memory, however, is a snap.)

How, exactly, is the / key broken? Missing? Stuck? Not responding?

The Japanese part I won't be very helpful on, I'm afraid.

Is this your first time to use a Mac? I seem to remember a comment that you had an xServe.

I am an old Mac user. I started with an Apple II, bought the first Mac, Mac +, Mac II, etc. I switched to PC when Apple came out with that 5300 series powerbooks. I really did't like them and the PC's were so much lighter... And yes, I have a xServe which this site runs on, but we are switching to an Intel box because the xServe is to weird... I will probably continue to use it for indexing my photos or something. ;-p

Liz, thanks for the pointer. I found out about a place that will do the battery compartment fix. I also found out that they sell keyboards replacements. The "/" fell off... ;-P

And what is Mizuka going to use for a computer? ;-P

Good luck switching - I left Apple after they stopped making the thin, powerful Duo-line of expansion-bay using laptops. I love my Thinkpad X-series, because it's so thin and minimal. But OSX is tempting, as is the Mac integrated DVD drives in slender portable computers.

Sometimes I think I want to switch just because my current computing environment is too stable. It would be entertaining to switch and have to start over again - picking new apps and customizing settings. Windows XP/Office XP irritates me at times, but I imagine I would replace these problems with other problems. Hah - at least I'd have the Mac/Unix community to turn to for help.

Maybe it's similar to the feeling I get running Mozilla all the time - like I'm a part of the computing rebel alliance.

Joi - what convinced you to want to switch?

Well Mizuka has a cube on her desk and wasn't using the powerbook.

XP is not stable and OSX just seemed so cool. I think Apple handles bi-lingual environments better than MS. I also wanted to play with Rendevous...

Rendezvous was what got me to switch from 10.1 to 10.2 this quarter. I swore I'd wait 'til the quarter break, so that I didn't risk any in-progress material for classes. Then on the airplane back from PopTech all my colleagues had their TiBooks open and were using Rendezvous to chat with each other (using one of the TiBooks as a software base station), and I was insanely jealous. Upgraded the next day. (We were a pretty entertaining sight at the conference and the airport, with our 7 matching TiBooks.)

I love 10.2. iChat and Rendezvous are great tools, but overall the environment is wonderful for the kind of web development work I need to teach (and practice).

My TiBook is nearly 2 years old, and I still adore it. It's my fourth mac laptop, and it's by far the best I've owned. Not only for its "wow" quotient in public (which is significant), but because everything I need is in the one slim case--DVD drive, firewire, USB, PC slot, integrated WiFi, microphone, etc. Makes travelling easy. No docking station, no bulky accessories. Life is good.

My Latitude arrived today. It's as big as a tank. How totally uncool. I guess it about the same size as a TiBook, but it's fat... So the 12 hour service anywhere in the world is really cool, but is the security and the big heavy ugly form factor worth it? I guess I should lug it to India and see...

I don't know...if I were going to test out a possibly cumbersome piece of equipment, I think I'd start with Starbucks, not the Indian subcontinent. Less shoulder strain if I decide the choice was poor. :-)

How is the xServe "weird"?--just that the people supporting you are used to plain vanilla Linux/Intel and don't want to invest the time to figure out Mac OS X?

Can the xServe be tilted vertically and put by the side of a desk to use as a regular PC? Does is absolutely need to be in a rack? How noisy is it? I was thinking it would be a unique--but expensive--replacement for a regular desktop Mac.

Sen and Ushioda, can you comment on what was weird about the xServe?

I think the fans are a bit too noisy for my tiny office to use as a desktop.

To give some background, I'm not particularly in love w/ specific processors and I've got a flat panel iMac which is quite possibly my favorite desktop machine ever -- in fact, as far as desktop machines go, I've only ever owned 2, and both of them have been Macs (the first one being an SE over 10 years ago).

As far as laptops are concerned, I agree w/ Justin about the form factor -- after you've spent years carrying around smaller and lighter machines (especially in a city where the primary mode of transportation [i.e. crowded train -- check out Justin's site some time for a photo of what it can be like at rush hour] involve a fair bit of walking) it just doesn't work very well to lug around something so heavy. For reference, the laptops I've used a fair bit over the years include:

DEC Ultra Hinote 2
IBM ThinkPad 700ED (very heavy)
IBM ThinkPad 600E (a little better)
IBM ThinkPad X20 (at it's release, one of the best machines I had ever encountered)

I also used a Duo a bit, which I found to be quite nice -- I wish Apple would release something like that again! Something comparable to the IBM ThinkPad X series as far as form factor were concerned would be great and I'd like make that the replacement for my current X20.

As far as OS usage is concerned, I spent most of my early years using various Apple 2s (II, II+, IIe, IIc) and the early Macintosh so I started out very much engrossed in Apple's DOS, ProDOS, and the early Macintosh System.

I didn't start using MS-DOS until high school, and then it was only to mess w/ CONFIG.SYS and AUTOEXEC.BAT to get various games working on PCs (-; I also used NEC's PC 8801 and 9801 series to play games around that time in addition to doing some CS assignments.

A little later, I used VMS on various VAXen, to be followed by SunOS on Joi's second-hand Sparc 1+ and a Sparc 5, FreeBSD on PCs we put together, Solaris on a Sparc 20, and IRIX on an Indy and an ONYX. This was followed by OpenBSD and NetBSD on some Mac hardware and then GNU/Linux on a Sparc 5 and a home-grown PC.

I don't know if one would call the above experience diverse, but the main administrator of our MT set-up (not myself) has experienced more OS/machine combinations than listed above and likely in more depth. I won't go into details about his experience though as I believe it would be too much of an invasion of privacy.

Anyway, I hope this background gives some insight into where we're coming from -- we are not "people ... used to plain Linux/Intel and don't want to invest the time to figure out Mac OS X" (-; I use it every day and have been for at least half a year -- and the other admin has been using it for much longer.

As for what we're switching to from the Xserve -- it is not a GNU/Linux / Intel machine -- it's a FreeBSD / Intel machine.

We originally tried the Xserve w/ the idea that given the pleasant user interface provided by MacOS X, we felt there was a good chance that the GUI administrative interface for the Xserve would offer a pleasant, flexible, and comprehensive alternative to what we'd used elsewhere. This didn't turn out to be the case, unfortunately. You can do a little more from Xserve's configuration interface than what's in vanilla MacOS X, but not nearly enough to make it worth using for anything more than default installation of daemons -- essentially, we're reduce to screwing around w/ text files (I'm not saying having the option of being able to do this is bad -- what I don't like is having it be the only real option especially on a Mac!). What's worse is that if you examine the configuration files you'll see such statements as "don't edit this file" -- presumably because the administrative interface wouldn't be able to cope otherwise. This makes the experience of administering very unpleasant. On the one hand you have a GUI that doesn't give you what you need, and on the other hand, if you want to just configure things via text files you are left wondering whether some of your changes might break something.

Another thing that was less than pleasing was the lack of a real packaging system -- or should I say, there being too many and none of them is that mature yet? All of the choices we have tried and studied (and we've tried a few) don't quite give us what we need for MT and maintenance. When you've got a boss who loves to get the latest features, an integrated packaging system whose packages behave rationally is necessary (at least for administering a machine which you may be keeping around for a while).

So in summary, if you've got a system where you have to use text files to configure the machine (and you're not even sure whether its safe to do so) and you don't have a way to manage software rationally, options like the other BSDs (Free, Net, and Open) and GNU/Linux begin to look attractive (hey, I want to spend some time living my life, right?) -- at least for the current project. I have hopes that these issues will be addressed for the Xserve (and I hope for vanilla MacOS X) in the near future -- but until they are addressed in a reasonable fashion, I wouldn't recommend using Xserve for these types of projects.

Thanks for the detailed response. It's kind of depressing to me. Before I ever used OS X, I figured that the Unix underneath it would be too freaky and "dicked with" to be practical, but when I got my hands on it and installed it, I was surprised at how normal it was, with Apache there and emacs, etc. It was so much fun to just open a terminal window on the local computer rather than telnetting into another computer to do Unix stuff, while having a full-blown, no compromises, easy-to-use GUI (unlike Gnome or Eazel or whatever). I had gradually convinced myself that I could use one computer to do GUI stuff and Unix stuff.

Your comments give me considerable doubt about how practical that is. (I was also having doubts on the security front too.) However, when I do Unix stuff, I only use the command line ... I just got used to doing it that way since I have used headless servers via telnet up to now. If I continue to use only the terminal window and not any GUI interfaces, then maybe I can forget about problems editing "do not edit" files, since they will never be opened by a GUI application ... maybe.

I still don't know how to create users and group and set permissions and the like on OS X (critical for security purposes) ... it seems they really changed things in this area to idiot-proof it for average users. Ars Technica had something on it way back, but I haven't seen any really detailed, useful treatment of it yet. Maybe that new O'Reilly book on OS X for Unix geeks covers this area.

I had a similar feeling to the one you described in your first paragraph -- fun followed by disappointment. FWIW, I still enjoy the MacOS X experience much more than the one provided by that company in Washington state (though to be honest, I haven't had much experience w/ their latest).

Please note that my detailed remarks are oriented toward the state of MacOS X in its current form. I believe it's possible for MacOS X to improve and the two areas where I see it as weak now feel like they are likely to receive attention -- at the least the package management. Since there are a number of different groups working on this aspect and have been doing so for a while, I would be surprised if at least one of them didn't turn out something decent.

Another point worth considering is whether it's fair to compare what we were trying to do w/ the Xserve to what you're likely to do. Our needs are likely different as well as our goals.

Just my two cents (-;

As far as creating users and groups and the related activities, I believe the netinfo group of utilities might be of some help. I haven't investigated them in much detail yet so I don't have much more to say about them. If interested, I'd suggest looking at the netinfo-related man pages as well as the adduser_OSX script at

Joi mentioned wanting a secure platform in his original message.

I recently attended a presentation by some Apple folks on the security of MacOS X, and was stunned at how much they've accomplished that people don't realize yet.

I have been working in that arena for most of the past 20 years, and I have never before seen a vendor do so much so quietly.

In case you don't know, Apple has implemented almost the entire Common Data Security Architecture in MacOS X. This may not mean much for users, but for developers, it means things like easy access to well-implemented cryptography without having to do it all yourself.

One easily user-accessible feature is encrypted disk images. Without having to buy any additional software, you can create a disk image that's always encrypted, and even keep your home directory in it. These may contain any of several file formats, and may even reside on external servers. They're fast enough that medium-sized Quicktime movies play off of them just fine.

Oh yeah, there are around 70 different cryptographic algorithms implemented and shipped in OS X already, they're just not all exposed yet. (There's native smartcard support in there too, if you're a developer.)

In short, Joi, if you want the most secure platform, your TiBook is a great place to start these days.

Hi Bob,

I noticed the encrypted disk image creation option in Disk Copy -- the only choice there being AES. Is this what you are referring to? I presume the apparent support of a single algorithm here is merely a matter of the GUI exposing only one.

That's certainly the most user-visible manifestation. When I attended the talk, they said they had implemented 70 different Cryptographic Service Providers (CSPs) within their implementation of CDSA.

Due to time constraints for releasing 10.1, they made the decision to ship Disk Copy with just AES, and to only ship with a few of the CSPs exposed, but they're committed to opening up the whole thing.

There are other components that help as well. For example, you can lock Open Firmware to only allow boot from a particular image. (This is more secure on desktops than laptops right now, because there is a way to turn it off, but it requires removing RAM.)

The Keychain API is a delight if you want to do key management without having to worry about writing things like secure object destructors yourself.

...and if you don't like some aspect of it, the whole CDSA implementation is open source.