jwdunn

How to Fix Sticky Spaces

I use my function keys for application switching via Quicksilver. Because I’ve assigned most of my major applications to their own virtual desktops using Spaces, switching between them involves both bringing their frontmost window forward and navigating to the virtual desktop (space) that holds that frontmost window.

Every so often I’ll be annoyed to find that Spaces has “fallen behind” my application switching. Pressing a function key will bring the corresponding application to the front—evidenced by that application’s title appearing in my menubar—but Spaces won’t figure out I’ve toggled that application, and so will not switch to its virtual desktop. The result is that I don’t see the application’s windows and have to manually switch to its space to use it.

I’m not sure whether this behavior can be replicated using command-tab or why exactly it occurs, but I’ve recently figured out how to fix it. Spaces is a child of the Dock process, which seems to be responsible for more elements of the OS X UI with every major release. Restarting Dock is a good bet for solving most UI glitches, and my sticky spaces problem is no exception.

Since Dock will automatically reopen after being force-quitted, you can effectively restart it by running the following simple command:

killall Dock

I only have to do this every once in a while, and it’s far less trouble than enduring sticky spaces. Has anyone else observed this bug or found a way to prevent it altogether?

The Combined RSS Feed

About a month and a half ago I promised not to mess around with the RSS feed anymore, having dedicated to FeedBurner. I’m sticking to that promise in the sense that the FeedBurner feed (and all other existing feeds for jwdunn.com) will remain intact indefinitely, and you are certainly welcome to subscribe to them.

What’s changing is that the “main” RSS feed for jwdunn.com is now here, and it will syndicate both articles and linklist items as I post them. You’ll be able to tell the difference because linklist items are preceded by a “→”.

I decided that having a single feed for all of the content on this site would be pretty convenient, and I hope you agree. For clarity, here is a complete list of all available feeds for jwdunn.com:

• Main feed — contains articles and linklist items.
• Article feed — contains only articles.
• Linklist feed — contains only linklist items.

In other site news, I’ve been lazy about posting here over my winter break and for that I apologize. I’ve got several articles on the horizon, including a bit about my visit to January’s Macworld conference in San Francisco (which I am pretty stoked about). Happy 2008 to all!

Norton (Anti)Virus

The number one security-related threat to Mac users at Stanford is Symantec’s Norton AntiVirus 10.0. With backing from Residential Computing (Rescomp), Norton AV has caused more pain and suffering at Stanford than any OS X-based virus could aspire to.

How It Spread

Before I get into the dastardly nature of Norton AV and how to kill it, I’d like to cover its propagation from Rescomp. Naturally, Rescomp requires faculty and students to register their devices before they can use them to access Stanford’s network. The first step in this process is to run their Computer Health Tool, some software that, among other shady data mining operations, will prevent registration if it doesn’t find any anti-virus software installed.

A variety of anti-virus suites satisfy the Computer Health Tool (see the bottom of the CHT’s page for a list) but Stanford’s recommendation for Panther, Tiger, and Leopard users is Norton AV. Rescomp has a crazy licensing deal with Symantec and offers Norton AntiVirus 10.0 free to anyone with a Stanford ID, as part of their “Essential Stanford Software” suite.

Basically, anyone who isn’t hyper-aware of where Rescomp is directing them will follow this path to a Norton AV install: registration requires Computer Health Tool check, Computer Health Tool check requires an anti-virus program, and Stanford provides Norton AV. Most students I’ve talked to whizzed through every “Continue” button in this process, and all regretted it.

The easiest way to avoid ending Rescomp’s registration process with Norton AV installed is to specify an archaic operating system (OS 8 or 9 will both do) when prompted to download the Computer Health Tool. This will bypass the CHT altogether and lead directly to registration, without getting Norton AV involved at all.

Why It Sucks

Rescomp acknowledges some of the “malware on OS X” dialogue’s finer points in its description of Norton AV:

The majority of the virus and worm attacks do not effect Macintosh users. However, some users may unwittingly promote virus attacks if they use Microsoft Outlook or other MS products.

Indeed, whether Mac users need anti-virus software at all is debatable. Whether Mac users need a steaming pile, however, is not—and Norton AV is significantly closer to the latter than the former. In fact, Norton AV has all of the essential qualities of a nasty computer virus: it mucks about in system folders, invades most aspects of the Mac user interface, bogs down the CPU, causes hangs and crashes, is difficult to cleanly uninstall, and generally decreases productivity while generating frustration.

Norton AV’s first sin is its installer, which forces the user to install 18 separate components. I love how the “Customize” interface teases with greyed out radio buttons:

Symantec doesn’t include any list of installed files in Norton’s readme or user guide. So, I used Pacifist to examine Norton AntiVirus Installer.pkg’s 18 components and compile a list of every file it copies to the hard drive during an installation of Norton AntiVirus 10.0:

/Applications/Norton AntiVirus
/Applications/Symantec Solutions/*
/private/etc/Symantec.conf
/Library/Application Support/Norton Solutions Support/*
/Library/Contextual Menu Items/NAVCMPlugin.plugin
/Library/Documentation/Help/Norton Help Scripts/*
/Library/Frameworks/Stuffit.framework/*
/Library/Preference Panes/APPrefPane.prefPane
/Library/Preference Panes/SymantecQuickMenu.prefPane
/Library/PrivateFrameworks/SymAppKitAdditions.framework/*
/Library/PrivateFrameworks/SymBase.framework/*
/Library/PrivateFrameworks/SymNetworking.framework/*
/Library/PrivateFrameworks/SymScheduler.framework/*
/Library/PrivateFrameworks/SymSystem.framework/*
/Library/StartupItems/NortonAutoProtect/*
/Library/StartupItems/NortonMissedTasks/*
/Library/Widgets/Symantec Alerts.wdgt
/System/Library/Extensions/KTUM.kext
/System/Library/Extensions/SymEvent.kext
/System/Library/Extensions/SymOSXKernelUtilities.kext
/Users/Shared/NAV Corporate
/usr/bin/navx

During use, Norton AV will also generate several preference files in ~/Library/Preferences/, which can be identified by the “com.symantec” in their filenames.

There are several objectionable elements in the above file list. The first item, Norton AntiVirus, is an alias to /Applications/Symantec Solutions/Norton AntiVirus.app. To counter stupidity like this, I don’t think OS X should support aliases that link to files they are separated from by less than two directories. If Symantec wanted more presence in the Applications folder, why didn’t they just install Norton AntiVirus.app there in the first place and avoid the useless alias altogether?

Notice that Norton populates an astounding eight folders in /Library, which makes it a ubiquitous presence in OS X. Norton AV 10.0 includes four application bundles, a menubar item, a widget, a contextual menu item, and not one, but two preference panes. These various manifestations rely on three background processes (not including the widget) which, according to Activity Monitor, are responsible for eating around 30 MB of real memory. Words cannot express how obnoxious this is. If I could right click with all four Norton applications open, my dashboard forward, and System Preferences up, I would actually see seven independent manifestations of Norton AV at once, all with overlapping featuresets and options. Holy Norton-spam:

The pathetic part is, Norton AV could easily be just as useful if it comprised one preference pane and one background process.

Stuffit.framework is the backbone for Smith Micro’s Stuffit (.sitx) archive format, a relic of pre-Tiger days when the Mac was not .zip-friendly. Why Norton AV uses Stuffit I have no clue, but its presence in the installer is yet another indication that Symantec is behind the times—so behind the times, it turns out, that Norton AV relies on an outdated version of the outdated archive format, and is actually broken by Stuffit updates.

Finally, and most crucially, Norton AV commits a faux pas by installing three kernel extensions in the /System directory, which is reserved for the inner workings of OS X and generally should not be messed with. The first section in Apple’s article on kernel extensions is “Why to Avoid KEXTs,” and warns

Finally, for security reasons, some customers restrict or don’t permit the use of third-party KEXTs. As a result, use of KEXTs is strongly discouraged in situations where user-level solutions are feasible…When you are trying to determine if a piece of code should be a KEXT, the default answer is generally no.

I’m not a programmer, but Norton AV does not achieve any functionality that I’ve been unable to duplicate using other applications which do not rely on any kernel extensions. This leads me to believe that its kernel extensions fall into the category of “strongly discouraged in situations where user-level solutions are feasible,” and are ultimately unnecessary tampering with OS X’s internals. In any case, their sheer number (three .kext files for one anti-virus suite) makes Norton AV’s presence in /System shady at best.

I won’t get into the Norton AV user experience much. It rivals the installation in suckiness. I’m just going to cover one egregious behavior that is responsible for much angst, force quitting, and hard rebooting at Stanford: Auto-Protect.

Auto-Protect is an on-by-default “feature” of Norton AV that protects Mac users by crashing their computers when they plug in their iPods. More specifically, it automatically scans every file on every removable disk upon mount, checking for malware that might produce such nuisances as, say, 100% CPU load upon mounting a removable disk.

Where Auto-Protect runs into trouble is with drives containing thousands of files—iPods and external hard drives, for example. The task of indexing and scanning each file on such a massive disk is enough to occupy any Mac’s CPU, cause OS X to hang, and, in many cases I’ve observed, lead to a beach ball of death and a hard reboot. At the very least, Auto-Protect forces users to click “Cancel” whenever they mount a disk image—a process that is by now responsible for costing Stanford students and professors enough man-hours to prove the Riemann Hypothesis and then go out for celebratory drinks.

Auto-Protect might be a good idea, if it operated with any intelligence whatsoever. It doesn’t remember disks it has scanned before or recognize “trusted” disks such as iPods or external drives. And here’s something mind-blowingly ironic: Auto-Protect actually scanned the Norton AV disk image—and, potentially worse, deemed it safe for installation!

Stanford is making a serious mistake by recommending that Mac users install Norton AntiVirus. I wouldn’t touch Norton AV even if I believed that Macs were involved in the spread of malware at Stanford, and other Mac owners at Stanford should do anything in their power to avoid it.

Instead, I recommend the simple, free, and open source virus scanner ClamXAV. ClamXAV requires only one file to keep your computer healthy: ClamXAV.app.

How to Uninstall It

This post wouldn’t be complete if I didn’t offer Norton AV’s victims a way out.

Symantec was kind enough to include an uninstaller as one of Norton AV’s 18 components: /Applications/Symantec Solutions/Symantec Uninstaller. In Norton AV’s tradition of behaving quite like the viruses it was created to destroy, however, the uninstaller only deletes a fraction of Norton AV’s installed files.

To perform a real uninstall, a) manually delete every file I listed above or b) run the uninstaller and then clean up the remaining garbage by hand. Option b is faster, especially because I’ve already gone through the trouble of finding all the files that the uninstaller neglects:

/Library/Application Support/NAV.history
/Library/Application Support/Norton Solutions Support/*
/Library/Frameworks/Stuffit.framework/*
/Library/StartupItems/NortonAutoProtect/*

Don’t forget the “com.symantec” .plist files that Norton generates in ~/Library/Preferences. These are also missed by the uninstaller.

In short: run the uninstaller, trash the above files, and restart to begin a new, happier, life without Norton AV. If Rescomp asks to run their Computer Health Tool, feign outdated-ness and specify OS 8.

I sincerely hope that Rescomp sees a surge in the number of Macbooks running archaic operating systems come next year’s network registrations—every computer that avoids Norton is a small victory for Stanford’s Mac community.

Ten Reasons to Stick with Safari

Every few months I’ll open up Activity Monitor to see what is eating my RAM and notice Safari chilling at about 500 MB real memory usage. This is an outrageous RAM footprint for a web browser—most operating systems’ core functions can run speedily on half a gig of real memory.

Disgusted, I vow never to use Safari again and switch to some alternative browser, usually the lightweight Camino. After a few minutes’ worth of browsing, though, I begin to remember why Safari is worth its resource demands. This list is to remind me why I shouldn’t swear off Safari: because, if you can spare the RAM, it’s hands down the best web browser for OS X.

1. “Open Page With”

Many Apple applications have a hidden debug menu. To activate Safari’s debug menu, simply run the following terminal command:

defaults write com.apple.Safari IncludeDebugMenu 1

When you restart Safari, you should see “Debug” to the right of “Help” in your menubar. The debug menu has several handy features (another one of which is next in this list) but what I most often use it for is the “Open Page With” function, which will load the frontmost site in any other browser you’ve installed, with one click of the mouse.

This function is a huge timesaver for testing websites or making sure a certain page is loading properly in Safari.

2. The Web Inspector

Safari 3’s biggest improvement over Safari 2 is in a feature that most of its users don’t even know exists: the web inspector. Accessible from the debug menu, the inspector is a window into the code that makes up the frontmost page.

As someone who is attempting to learn CSS and HTML on the fly, I can tell you that the web inspector is invaluable for debugging. It’s compact and slick to boot, so give it a spin even if you’re not into webdesign. Sometimes it’s just interesting to reduce the internet to plain text.

3. The Activity Window

As I explained in a post about using Safari to download YouTube video, the activity window is simply a list of every file that composes the frontmost site. It can be opened from the Window file menu.

If you are having trouble loading a certain page, the activity window may reveal why. It’s also useful for identifying advertising sources and downloading hidden files.

4. Attractive, Windowless In-Line Searching

I’m a sucker for clean, flashy graphics, and Safari’s find function is a case in point. Unlike Camino or Safari 2, which pop find windows in your face, Safari 3 slides out a find bar in the frontmost window, Firefox-style.

Safari highlights results clearly and scanning between them with command-shift-G/command-G produces nice fade effects.

5. SafariStand

Safari wouldn’t be half as useful without SafariStand, the ultimate browser plugin. SafariStand can auto-hide your downloads window, apply custom stylesheets, and hook Safari up with an awesome tab preview sidebar.

I like SafariStand’s vertical tab preview sidebar so much that I’ve used it to completely replace Safari’s tab bar with some quick .nib file hackery. You can take a peek at my modded-up interface in this older post on SafariStand.

6. Microformat Support

Microformats are open formats for common data that can be “attached” to a website just like an RSS feed. The idea is that, when you visit someone’s website, their phone number and upcoming events are one click away from your address book and calendar.

I suspect the next generation of browsers will support Microformats by default, but until then there’s the Safari Microformats plugin, which will generate an icon in Safari’s address bar to access a page’s Microformats with one click.

7. PithHelmet

Safari Adblock, a plugin named after the popular Firefox extension, recently got a lot of attention as a method for blocking online advertisements in Safari.

However, Safari AdBlock is truly lame in comparison to PithHelmet, a powerful ad-blocking plugin that has been around since Panther and recently went Leopard-compatible.

PithHelmet is $10.00 shareware, but it has an indefinite trial period (I strongly encourage you to pay). It offers complete control over what Safari loads and what it doesn’t: you can literally eliminate any element of any page by using its simple rule editor. I wrote a tutorial for Macinstruct about how to locate and block certain .jpg ads, for example. It’s a snap.

Before you commit to blocking internet advertising, you might consider the economic implications of your decision. It’s also worth noting that, like SafariStand and the Safari Microformats plugin, PithHelmet is an InputManager and thus unsupported (but fully functional, so far) in Leopard.

8. Option-Click to “Save Target As…”

Number eight hardly qualifies as a feature, but its absence in other OS X browsers drives me nuts. In Safari, I can download any file by option-clicking on its link. Unlike in Camino, no dialog box pops up to pester me when I perform this action—the linked file just adds itself to my downloads queue.

Camino seriously needs to get its act together on this one. Why should I need to specify a save location when I already have a downloads folder assigned?

9. Cooperation with Other Applications

Safari does have something to gain merely by shipping from Apple with every copy of OS X: it’s the standard in browsing on the Mac.

This means that every script and third-party application on OS X that interacts with a web browser will support Safari. A small example that I use regularly is the Safari button in Adium’s toolbar, which copies the URL of Safari’s frontmost page to the IM field for sending. Of course it’s possible to write my own URL-fetching script for for any other browser, but the point is: if I use Safari, I don’t have to.

10. Resizeable Text Fields

A few members of this list are features that are available in other browsers, but to my knowledge no other browser (on any platform) offer resizeable text fields. Honestly, I thought this was a pretty useless feature when I saw Apple advertising it as new in Safari 3. That was before I realized that long forum posts and blog comments are really a pain to format and revise in a 2” by 3” box.

Of course, there’s still something to be said for conciseness.

The SAFE Act and Sensationalism

On December 5th, the House of Representatives approved the Securing Adolescents from Exploitation-Online (SAFE) Act by a vote of 409 to two.

In “House vote on illegal images sweeps in Wi-Fi, Web sites”, CNet News’s coverage of the SAFE Act that made the internet rounds today, Declan McCullough opens with quite a hook:

The U.S. House of Representatives on Wednesday overwhelmingly approved a bill saying that anyone offering an open Wi-Fi connection to the public must report illegal images including “obscene” cartoons and drawings– [sic] or face fines of up to $300,000.

McCullough’s opener, while successfully generating a comment thread fueled by anti-Federalists who didn’t bother to read the remainder of the article or the act itself, severely misrepresents the SAFE Act with an egregious omission.

The SAFE Act specifies punishment for “an electronic communication service provider or remote computing service provider that knowingly and willfully fails to make a report” of illegal traffic on its network. The operative words here are “knowingly” and “willfully,” and McCullough knowingly and willfully chose to ignore them.

It is not until the 356th word of his article, “learn,” that McCullough even alludes to the SAFE Act’s limitations—so I’ll clear things up for him.

The Securing Adolescents from Exploitation-Online Act absolutely does not apply to network traffic service providers are unaware of, nor does it require or even encourage service providers to become aware of illegal activity they would be required to report:

Nothing in this section shall be construed to require an electronic communication service provider or a remote computing service provider to:

1. monitor any user, subscriber, or customer of that provider;
2. monitor the content of any communication of any person described in paragraph (1); or
3. affirmatively seek facts or circumstances described in subsection (a)(2).

The most amusing quality of the SAFE Act is that it’s not even anything new (a fact it cost me five minutes of poking around in the United States Code to discover). Before December 5th, anyone knowingly distributing child pornography was already a criminal under a number of laws, including Title 42’s Section 13032 and Title 18’s Section 2252A:

Any person who…knowingly mails, or transports or ships in interstate or foreign commerce by any means, including by computer, any child pornography…shall be punished as provided in subsection (b).

All in all, I’d say McCullough must be pretty satisfied with himself for creating a good amount of ruckus over an essentially redundant law.

Congress must intend the SAFE Act as a clarification on reporting illegal traffic, but service providers will see it as another disincentive to monitor their network traffic. By further regulating responsible network monitoring, the government is encouraging an “ignorance is bliss” philosophy when it comes to illegal activity over the internet—a service provider assumes risk proportional to its knowledge about user activity.

The lesson for America’s average e-citizen is this: it’s best not to leave your WiFi network open, but if you must, be sure not to check up on it.