Microsoft recently released a number of security patches for Office for Mac, including updates for Office 2008, Office 2004, and the Entourage Web Services Edition.

According to a March 16th post on MacWindows.com, however, the Office 2008 update (12.2.4) may trigger the long-standing issue of being unable to save Word .doc & .docx files to a Windows server. If you have not been experiencing problems saving files to a Windows server, be very careful before applying this update!

MacWindows.com has posted several potential workarouuds for this issue, including disabling the autosave/recover feature & changing the owner of the sahre on the Windows server to NETWORK SERVICE.

As always, if you plan to upgrade, make sure you have a recent backup and complete plenty of testing before rolling out this upgrade.

Advertisements
GoogleLogo.gif

Late last week, Google released a Mac version of the Google Email Uploader application. The program can be used to upload emails from Apple Mail, Thunderbird and Eudora (or from any mbox or Maildir archive) to Google Apps hosted accounts. Finally, an easy way to centralize all those pre-gmail emails to an easily accessible (& searchable) location!

There is a drawback, however. Just like the Windows version, the application will only work with Google Apps email accounts. This means standard Google email accounts (accounts that end with gmail.com or googlemail.com) are not supported. It is unclear if & when support for gmail.com accounts will be added.

On launch, the Uploader will try to find local email archives in their usual locations on Mac OS X:

  • Apple Mail: ~/Library/Mail
  • Eudora: ~/Eudora Folder
  • Thunderbird: ~/Library/Thunderbird

Individual mail folders from each archive can be selected, allowing you to pick & choose the emails you would like to upload. The Uploader will also attempt to preserve mail properties, such as Unread, Starred, Trashed, etc. & allows you to assign a custom label to the emails so they can be easily located once they have been uploaded. A screenshot of the interface is below:

GmailUploader_Screenshot.png

Google has provided a few tips to ensure the best experience when using the Uploader. They suggest starting small, as after about 500 emails the performance drops quite dramatically. They also recommend assigning a custom label to emails (it’s enabled by default) so that you can easily locate emails once they have been uploaded. It can also take some time for the Google Apps servers to process the uploaded email so if they don’t appear right away, be patient.

“Log to Desktop” & “Emulation” (test-run) options are also available. Full details can be found at the Official Google Mac Blog.

To download the application, go to Google Code.

Technorati Tags:
, , ,

iphone_home.gif
MacNewsWorld reported yesterday reported a new worm targeting jailbroken iPhones. The worm has been dubbed ‘Duh’ and unlike previous exploits, this version is malicious, establishing a command-and-control botnet that is capable of sending data back to a central server.

The default root (SSH) password is also changed, in an apparent attempt to make it more difficult to re-secure an infected iPhone. According to Paul Ducklin from Sophos, the password is changed to ‘ohshit’ & is done by rewriting it’s hashed value in the master password file.

Please note that this worm only appears to affect jailbroken iPhones – iPhone running Apple’s official OS are unaffected. Unfortunately, since jailbreaking an iPhone is considered a warranty violation, Apple has made little effort to allow for 3rd party anti-virus vendors to develop software to prevent such attacks, claiming jailbroken iPhones are already running ‘unauthorized software’ and as such are used at the owners risk.

Detailed instructions for changing the default root (SSH) password can be found at the JustAnotheriPhone blog. Using the free MobileTerminal iPhone application is the simplest & most straightforward option.

While changing the root password will certainly increase protection against the ‘Duh’ worm and any future attacks, currently, the only 100% secure iPhone is one that has not been jailbroken. If you are using an iPhone in an enterprise or other environment where data security is an issue, running a jailbroken iPhone is strongly discouraged.

To restore the Apple-authorized OS to an iPhone, simply connect the iPhone to iTunes & click the ‘Restore to Defaults’ button. This will erase all data on the phone & return it to factory settings. This support article from Apple describes the backup & restore process in detail.

snowleopard.jpg
Apple released Mac OS X 10.6.2 updates yesterday, fixing a number of issues, including the Guest Account bug posted earlier that could potentially delete a user’s home directory.

Other fixes include native support for Apple’s new, multi-touch Magic Mouse, mobile account creation for Active Directory users, file sync for portable home directories, a fix for Mail crashes during Exchange setup, & an issue with graphics distortion in Safari Top Sites, among others.

Updates are available via software update or directly from Apple. Download the 10.6.2 combo update for servers or the 10.6.2 combo update for clients.

As always, make sure you have a current backup before applying any software updates. Read on for the full list of features/fixes.

What’s included?

General operating system fixes provided for:
• an issue that caused data to be deleted when using a guest account
• an issue that might cause your system to logout unexpectedly
• Spotlight search results not showing Exchange contacts
• the reliability of menu extras
• an issue in Dictionary when using Hebrew as the primary language
• shutter-click sound effect when taking a screenshot
• an issue with the four-finger swipe gesture
• an issue adding images to contacts in Address Book
• an issue in Front Row that could cause sluggish or slow frame rates while watching videos
• creation of mobile accounts for Active Directory users
• reliability and duration of VPN connections
• general reliability improvements for iWork, iLife, Aperture, Final Cut Studio, MobileMe, and iDisk
• overall improvements to VoiceOver performance
• this update addresses video playback and performance issues for iMac (21.5-inch, Late 2009) and iMac (27-inch, Late 2009) computers that may occur in some situations while AirPort is turned on

Fonts fixes provided for:
• an issue with font spacing
• an issue in which some Fonts are missing
• font duplication issues
• an issue with some PostScript Type 1 fonts not working properly

Graphics fixes provided for:
• an issue when connecting monitors to DVI and Mini DisplayPort adapters
• an issue in which the brightness setting may not be remembered on restart
• addresses functionality with specific display models
• general reliability and performance improvements when using some applications

Mail fixes provided for:
• a situation in which Mail’s unread count may not update properly as messages are read on another computer
• an issue in which deleted RSS feeds may return
• an issue in which Mail cannot preview or Quick Look attachments when composing a new message
• an issue that can cause Address Book and/or Mail to stop responding when opened
• an issue in which email messages received from an Exchange Server are not formatted correctly
• an issue in which Mail reports “Account exceeded bandwidth limits” for some Gmail accounts

MobileMe fixes provided for:
• performance when accessing files from iDisk via the Finder and syncing iDisk files
• an issue in which syncing iDisk files does not proceed beyond “checking items”
• reliability and performance when syncing contacts, calendars, and bookmarks with MobileMe (syncing with iTunes and iSync are also improved)
• an issue that prevents some users from logging into MobileMe via the MobileMe System Preference pane

Network file systems fixes provided for:
• compatibility with third-party AFP servers
• file synchronization for portable home directories

Printing and faxing fixes provided for:
• automatic printer updates improvements
• Print dialog allowing you to enter and send to more than one fax recipient

Safari fixes provided for:
• a graphics distortion issue in Safari Top Sites
• Safari plug-in reliability

snowleopard.jpgMy last post looked at an issue where network users without a proper path assigned to their home directory in WorkGroup Manager would be unable to properly create a local home folder. This post looks at an issue with login failures that can arise with mobile network accounts under Snow Leopard Server. If you have mobile network accounts – AD or LDAP – that cannot login, jump to the bottom of this post for the fix.

After creating several network user accounts under Snow Leopard, I found that my test user account was unable to login. But instead of the standard shake of the login window that indicates a failed login attempt, the login window actually began to collapse as if the login process was starting – the login & password boxes disappeared briefly before reappearing suddenly & displaying the familiar shake to indicate that login had failed.

Interestingly, the user account could still be used to access system services without issue. Attempting to login to AFP shares or setup iCal for shared calendaring using the users login credentials worked fine.

Several reboots & rebinds later I dug through the system log to find the following error: error = Error Domain=NSOSStatusErrorDomain Code=-35 “Operation could not be completed. (OSStatus error -35.)” (no such volume).

Turns out the ManagedClient.app was unable to create the mobile account at login. The solution was to create it manually. On the client computer, login as an administrator & run the following two commands as root:

sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username

sudo createhomedir -c -u username

This forces the creation of both the mobile user account & their home directory. Log out & log in with your mobile user’s credentials – you should be able to login without issue. This should work for both Active Directory and Open Directory mobile user accounts.

Thanks to Rich Trouton of the macenterprise google group for posting the fix!

As of this writing, Snow Leopard Server is at version 10.6.1

snowleopard.jpgUPDATE: Due to some errors on my part, I have had to heavily edit this article. The information contained herein is now accurate. Sorry for the confusion!

I recently ran into a bit of an irritating issue while setting up directory services on a new server running Snow Leopard Server (10.6.1). It seems that as of 10.6, users without a value for their home directory (NFSHomeDirectory) are unable to create a home directory on managed clients. I had created a series of users and assigned them to groups. Every time I would log in to test, however, error messages would appear warning about problems creating the user’s home directory.

What is interesting, however, is that users can still access system services (AFP, iCal, etc) without issue. Attempting to login to AFP shares using the users login credentials works fine. Attempting to login to a managed client, however, generates a warning message about being unable to locate the users home directory. When logged in, the user cannot create new files or folders on the desktop – the whole system behaves as if the user has no permissions for the desktop.

A quick look at the logs on the server hinted that the issue was tied to home directories, with several warning messages about problems with home directories: CFPreferences: user home directory at /99 is unavailable. User domains will be volatile.

Sure enough, when I looked in WGM, I had forgotten to assign home directories to the accounts. I quickly corrected this (relatively large) oversight & BAM! clients were logging in without issue!

This is a fairly sharp departure from previous behavior. Prior to Snow Leopard, network users with no home directory assigned (NFSHomeDirectory=99) could still login; their home directories were simply created in a folder named “99” in the root of the boot volume (/99/user1). As of 10.6 this behavior seems to have changed. Why exactly, I’m not yet sure – although I imagine it must be tied to security.

My next post explores an issue where mobile account creation can sometime fail on login. Stay tuned!

As of this writing, Snow Leopard Server is at version 10.6.1.

Snow Leopard Cheat-sheet

August 31, 2009

SnowLeopardLast Friday, Apple released OS X 10.6, “Snow Leopard” to the general public. There’s been quite a bit of excitement building around it’s release, although unlike the media & PR hype surrounding the release of Leopard, this time around the buzz seems a little more organic, building more through blogs, consultants, techs, & users instead of corporate PR departments.

While I haven’t yet done extensive testing of Snow Leopard’s newest features & enhancements (I spent the days following it’s release in the mountains of Garibaldi Provincial Park), I did make some time to put together a quick ‘cheat-sheet’ of key features, enhancements, & system requirements for the new OS. Be sure to stay-tuned, however. There’s sure to be more Snow Leopard posts to follow…

Snow Leopard Cheat-Sheet

$35 Upgrades!!!:

Thats correct. Apple is offering a $35 (US$30) upgrade disc for users who have OS 10.5 (Leopard). What Apple has not announced is that this upgrade disc will also upgrade your OS X 10.4 (Tiger) systems as well!  Thank you Apple for the cheapest OS upgrade in history…

Snow Leopard System Requirements:

  • Intel processor with 1GB of memory
  • 5GB of free hard drive space
  • DVD drive (for installation)

Key Features:

  • Speed – the first thing everyone is noticing is how much of a performance boost Snow Leopard is over pervious versions of the OS
  • Mail – support for Microsoft Exchange!!!
  • Cisco VPN support – Finally!!!
  • Ejecting volumes – no more “unable to unmount <NAME> because the disk is in use” errors
  • Customizable spotlight searching
  • Automatic print driver updates – boring but practical!
  • HFS+ read support for Boot Camp – access your OS X files while booted to Windows

iPhone SMS Security Patch

August 10, 2009

iphone_homeThe iPhone OS 3.0.1 that was released on July 31 patched a security flaw that could have allowed hackers to remotely control iPhones by launching a text-message attack. Security researchers publicized the exploit at the Black Hat cybersecurity conference and Apple posted the security patch the following day.

While Apple moved quickly, Chris Miller, one of the researchers who publicized the exploit noted that he notified Apple about the flaw nearly a month earlier and that it was first discovered in OS 2.0. It may have taken a public exposure to jump start the release.

Read more about the SMS exploit at Wired.com.

apple-mail-iconI recently started experiencing an issue with Apple’s Mail application – every time I would select an email with an attachment, Mail would freeze for a few seconds before shutting down with the standard “unexpected quit” error dialog. I originally suspected corrupt emails, thinking back to issues with corrupt emails crashing Entourage if the Preview pane was enabled. Except that this time Mail would crash on EVERY email with an attachment – & there was no way that every email coming in was getting corrupted.

I cleared caches, rebuilt the mail index, removed Mail’s plist, even repaired permissions – all for nothing.

I finally stumbled onto a thread on the Apple Discussions forum suggesting that Mail might not be the correct version for the OS that I was running (10.5.7) & that the 10.5.7 combo updater should be re-installed.

Sure enough, here’s the version I was running when Mail was crashing:

Mailv3

And here’s the version that SHOULD be running under 10.5.7:

Mailv3.6How does this happen?

I had recently performed an archive & install on my laptop & being my overly cautious self, I hadn’t deleted the old System files (the Previous System folder). Turns out that when I ran the 10.5.7 combo updater after doing the archive & install, the combo updater actually updated the files in the previous System folder, not the newly installed System files!!!

The fix? Move the Previous System folder to the trash & re-run the 10.5.7 combo updater. Suddenly Mail is v3.6 & everything runs flawlessly again!

Thanks to Ernie Stamper on the Apple Discussions board for identifying this deceptive (& peculiar) bug!

wgmCreating network home folders for users in Open Directory is typically a fairly painless task using OS X Server. What can be a little more painful is trying to figure out how to create a clean, locally cached home folder on a client workstation. The only obvious options for home folders in Workgroup Manager are None & the creation of an AFP or NFS share that’s stored on the server.

While leaving the settings in WGM set to None does result in the home folder getting cached on the local machine, it’s a less than perfect solution. For starters, the profiles get cached in the root of the drive, under a directory labelled 99. Plus the home folders it creates doesn’t have the usual directory structure – they only contain a Desktop and a Library folder. Not quite what we’re looking for. Ideally, the home folder would get created in the /Users directory, using the standard home folder template just like a local machine account is.

The fix to this is to make sure the NFSHomeFolder attribute is set for all your network accounts. That’s what happens when you select an AFP or NFS share – the path to the network share is written to the NFSHomeFolder attribute in the LDAP directory. When you leave the home folder setting at None, the default value is assigned to NFSHomeFolder – a value which happens to be 99 (hence the 99 directory that appears in the root directory on client machines whenever a user without a specified home folder logs in).

Set Network Account Home Folders to the Local Users Directory (/Users):

  1. Launch WGM & login to your Open Directory server
  2. If the Inspector tab in WGM isn’t visible, enable it in the Preferences
    1. Check the box next to “Show ‘All Records’ tab and inspector
  3. Select a network user account & click the Inspector tab
  4. Locate the NFSHomeDirectory attribute – it should read 99 – & change this value to ‘/Users/username‘ where username is the shortname of the user.
  5. Save your changes.