Bookmark this site!


Airport Utility 6.0 WDS broken?

My WDS setup (a wireless daisy-chain to extend the range of my WiFi network) stopped working with the Airport Utility 6.0 update. Airport Utility 6.0 only has options to "Create a Wireless Network" and "Extend a Wireless Network", and my 3-node daisy chain was no longer working, however many times I tried resetting and restarting.

Finally, I found that Airport Utility 5.6 still has the manual WDS option, hidden from view. To configure an Airport for your WDS network in Airport Utility 5.6, open (double-click) the base station(s) you want to configure, select the Airport icon (top left) and click on the "wireless" tab. Now, while holding down the option key, select "Participate in a WDS network" Wireless Mode (this option only appears when you hold down the option key).

A "WDS" tab now appears, and you can follow Apple's instructions for setting up a WDS (if you haven't done this before, read these first).


SPSS 17 on Snow Leopard

Follow the suggestions at the this link – but then also create a symbolic link CurrentJDK -> 1.5 in directory /System/Library/Frameworks/JavaVM.framework/Versions
By running sudo rm CurrentJDK, then sudo ln -s 1.5 CurrentJDK
Clearly this leaves your Java installation broken for anything requiring 1.6!


iOS 4 Sync Videos

Summary: Import videos taken on your iPhone into iPhoto just as you import photos. To include the videos when you sync the iPhone, check Include Videos in the Photos tab of the iTunes Device page.
It took me ages to find this as I was looking for iTunes to sync videos taken on the phone – so I looked under the Films tab of the Devices page on iTunes (I guess this will be Movies if you set en-US as your language; I have en-gb). (Connect your iPhone and select it in iTunes under Devices to see this page.)
When you sync, iPhoto asks whether to import photos – and will import videos also if you've taken any. Just as with photos, you can then delete them from the camera roll. To get them to reappear on your phone, you just need to check Include Videos in the Photos tab of the Device page, then sync.
So, photos are dealt with by iPhoto; tunes are dealt with by iTunes.
—and videos?
Some videos are dealt with by iTunes; others are dealt with by iPhoto.


Python and UTF-8 on OSX: UnicodeEncodeError

an acute problem

'ascii' codec can't encode character u'\xe9'

I'm on a Mac Air with the latest Snow Leopard (10.6.2). I'm using Python 2.6.4 with unicode strings. I can't print appliqué !?

I tried adding
# -*- coding: utf-8 -*-
at the head of my Python script, but I still get this complaint.


The encoding used for standard input, output, and standard error can be specified by setting the PYTHONIOENCODING environment variable before running the interpreter.

The value should be a string in the form <encoding> or <encoding>:<errorhandler>. The encoding part specifies the encoding’s name, e.g. utf-8 or latin-1; the optional errorhandler part specifies what to do with characters that can’t be handled by the encoding, and should be one of “error”, “ignore”, or “replace”.


does the trick.

– or you could just add this setting to your environment file: ~/.MacOSX/environment.plist


MacPorts on Snow

MacPorts on Ice?

the move from Leopard to Snow Leopard can be slippery

... emacs-app won't compile; different versions of python fall over each other; NLTK won't build ...

Here are some tips others have found helpful:


% sudo port selfupdate
% port installed
% sudo port uninstall installed
sudo port selfupdate
brings your MacPorts installation up to date. If this fails you should just start over
port installed
shows you what you currently have installed.
Much of what you see you won't recognise as this also lists the prerequisites installed to support the things you asked for explicitly.
sudo port uninstall installed
removes all your installed ports

or just start over

I had some problems when I moved to snow leopard, so I also removed all trace of macports

sudo rm -rf /opt/local \
/Applications/MacPorts \
/Applications/DarwinPorts \
/Library/Tcl/macports1.0 \
/Library/Tcl/darwinports1.0 \
/Library/LaunchDaemons/org.macports.* \
/Library/StartupItems/DarwinPortsStartup \
/Library/Receipts/MacPorts*.pkg \
/Library/Receipts/DarwinPorts*.pkg \

then reinstall MacPorts

use the Snow Leopard MacPorts disk image

then do

% sudo port selfupdate


which ports are available for snow-leopard? before you decide which ports to install.

% sudo port install  <????>
sudo port install <????>
will install whatever you specify
<????> should be a space- separated list of port names,
with no <   >

There is a problem with emacs-app—and we can't work without emacs...

install emacs-app

To install emacs-app, first download emacs-app-Portfile-snow-leopard.patch

% sudo port clean emacs-app
% sudo port install emacs-app
% cd $(port dir emacs-app)
% sudo patch -p0 < ~/Downloads/emacs-app-Portfile-snow-leopard.patch
% sudo cp ~/Downloads/emacs-23.1-snow-leopard.patch ./files/
% sudo port -D . install

Works for me, but your mileage may vary ....


iPhone overheating

If the sun gets too hot, treat your iPhone to a moist towel and a hat.

The Tech Specs say: Operating temperature: 32° to 95° F (0° to 35° C). Summers in Greece are long and dry, with temperatures often exceeding extremes of 37°C (99°F).

Sailing in Greece the temperature went high, the iPhone overheated, and defensively stopped charging—it said it was charged, which was confusing, as it wasn't. When it got really hot it just gave up altogether and shut down. Our Humminbird Fishfinder GPS unit also shut down from overheating—even before the iPhone did.

How to keep your iPhone cool? Take a moist paper towel, folded to the size of the back of the phone. Put it on the back of the phone and ensure that the air can get to it so that the moisture evaporates gradually. You'll need to take the paper towel off from time to time to moisten it again.

I also used a hat to keep the phone in the shade.

This enabled me to keep navigating with Navionics GPS software in the relentless Greek sun.


iPhone 3.0

released at 17:25 GMT 230.1MB

17:28 GMT still downloading ...

17:45 GMT up and running—it feels faster

Apple don't make it easy to find the instructions for using new features.

You can test MMS by sending a picture to yourself (the interface in messages, which was SMS, lets you take and send a picture, or send one from your photo album). If MMS doesn't work, prompt O2 to direct your MMS messages to your phone (instead of to a web page as before) by texting the message "MMS" to 1010.

To see Google StreetView on maps, drop a pin on the street you want to view. The StreetView icon appears on the pin label; click it. (This isn't new to 3.0, but it's new to me.)


MacBook Air freeze: reset SMC

Daily, I take my MBA to work, and connect it to my 30" cinema display. At the end of the day I disconnect and take it home. Once back home, I plug into the 24" LED display and keep on working. The MBA sleeps while I'm cycling to and fro — and wakes up when I plug it in.

Today, I got home, plugged in, and found a blank screen. I waited; nothing happened. I waited some more. Eventually I gave up waiting and did a forced shut-down, by pressing and holding the power button.

To restart, I pressed the power button. The chimes, and the apple came up just as usual; then the little wheel thing came up, but it didn't move. I waited — nothing. I plugged in, unplugged, opened. closed, shut-down (again) etc. I tried all of this again, and again, in various permutations, and with plenty of waiting — nothing. Frozen as a dead parrot!

So, I reset the System Management Controller — that worked :-)

To reset the SMC: Shutdown; plug in to mains power; hold down shift-ctrl-alt (alt is aka option) on the left side of the keyboard, and press the power key once; then release the keys, wait 5 seconds, and press the power key to restart. Effective magic!

The SMC includes the Power Management Unit (PMU) you may be familiar with from other devices.


Pipex > Tiscali >TalkTalk

I've been with Pipex for years. Tiscali took over in March. A couple of weeks ago my internet service went crazy.

Some sites worked: for example, Google seemed OK.

Some sites didn't: Facebook wouldn't load.

Others were erratic. The Guardian front page loaded fine — but none of the links. FirstDirect almost worked — I could look at my balances, and set up a transfer, but the final step of confirmation would hang, and hang, and never complete.

The solution: the MTU (Maximum Transmission Unit) on my Speedtouch 510 was set to 1500. Tiscali (or maybe its already TalkTalk) don't do 1500 — they do 1492 (familiar as the year Columbus set sail).

My configuration file now says (in ip.ini)

ifconfig intf=loop mtu=1492 group=local
ifconfig intf=eth0 mtu=1492 group=lan
ifconfig intf=pppoa mtu=16384 group=wan

and everything appears to be back in working order.

There's a lot of discussion of different values on the web. The 16384 above is 16K, the actual MTU used by the pppoa interface (which links me to my ISP) is negotiated down from this value by the Speedtouch 510. The ip iflist command (use this via the telnet interface to the Speedtouch 510) tells you this negotiated MTU value for the pppoa interface (and also the values you have specified for the loop and eth0 interfaces). The MTU for loop and eth0 should be set to the same value as is negotiated for pppoa.

=>ip iflist
Interface       GRP MTU   RX        TX        TX-DROP  STATUS
0  loop         1   1492  2147      0         0        UP   
1  eth0         2   1492  12453866  234402217 0        UP   
2  pppoa        0   1492  234257958 12256628  0        UP


802.1X on iPhone

iPhone Device Configuration

This post can also be accessed from

You can download a configuration for the University of Edinburgh central-wpa wifi, eduroam and IPsec (Cisco) VPN from

This is signed by me with the self-signed certificate at

You can first download and accept the certificate, and then install the profile, or just install the profile and accept the profile on a one-off ad hoc basis when asked.

When you install the profile, you'll be asked to provide your UUN and passwords for the UoE systems. For the VPN use your UUN and EASE password; for central-wpa use your UUN and EASE password; for eduroam use an extension of your UUN as follows: and your EASE password.

Once installed you won't need to enter these again!

Let me know if this also works for iPod Touch!

If you want to check my certificate, you may need these:

SHA1 fingerprint 8F 89 CF 00 78 C8 31 B8 6A 56 93 99 
                               13 A6 8F 2B 3B C7 2A 29
MD5 fingerprint  95 80 D6 9C C4 60 4B 86 A0 8A  6F BA 
                              22 42 38 8D
Public Key signature 52 2C 64 BC DD 9B 55 F6 A4 96 36 02 
6D EE 3C DC CE B0 58 A5 C3 8C 9E 25 D3 DD 48 94 B3 3A 
48 05 A7 26 47 5F C7 03 29 0A 2F B0 A8 1D 7C C4 9B 20 
23 57 AA 42 06 3E 9B 94 E6 B2 9D 3D BA 33 39 FC BB 5D 
4C EC 5A B7 5F B0 B2 12 1F A2 8E 93 39 C1 C0 A2 3A F8 
3A 86 24 0C AC 16 A4 36 A7 B6 B1 A5 7D 55 AB 88 DE 
3F 2E 19 AC B3 BC E4 21 44 14 01 91 FF BD 6F D6 18 07 
4A E2 BE 8E E0 A8 57 4C F3 E9 62 5A 34 63 AE BC 84 6D 
DC 19 CF D8 4B 60 67 A1 D8 40 47 59 92 88 02 86 0B 89 
C0 A8 79 22 57 FF E7 77 5B BF 9C 49 FF A9 43 70 92 07 
10 A1 0C D6 67 73 5F 95 3F AE 5D 49 40 FC 0F 49 C1 9A 
5F C4 EC 9D 7A 5D 30 2B 5F F7 2A 26 CB 4C BE 96 3D A2 
0C 81 E3 44 D4 D6 70 31 D5 E1 37 C4 41 13 49 AD 5D F4 
2B A8 60 D5 EC 69 57 0F AB 7F 03 A1 75 85 55 75 F3 C4 
D7 2A 67 E8 66

The iPhone Configuration Utility allows you to set up and install profiles that give access to 802.1X authenticated WPA wifi. It also gives you access to the iPhone console log, so you have some chance of debugging your configurations when things go wrong.

To see the console log connect to your iPhone via USB cable, your phone appears as a DEVICE—select it and the Console tab.

A profile can include a number of sections: General, Passcode, Wi-Fi, VPN, Email, Exchange, Credentials, and Advanced. It is recommended to create a number of specific profiles for different tasks, rather than one mega profile including everthing, as a modular approach is easier to manage. In particular, if you change a profile and reinstall it, you have to enter all the passwords it requires anew, so the modular approach goes faster.

After some experimentation I now have three profiles: one for WiFi+VPN, and two more for IMAP configurations for staffmail and gmail.

The first (WiFi + VPN), includes the University certificate(s), configuration for our IPSec (Cisco) VPN, and two WiFi profiles. These are University of Edinburgh service central-wpa, and the confederated EDUcation ROAming service, eduroam which should allow me connect back to the same UoE service from almost any academic institution in Europe, Japan or Australia.

It's all a bit confusing, as the documentation for our 802.1 setup is sketchy. For example, I found that I had to install not just the self-signed University of Edinburgh CA root certificate authority, for the VPN, but also the intermediate certificate authority Cybertrust Educational CA, which is the issuer for the certificates presented by the WiFi servers, and is not in the standard Apple list of System Roots. Looking at the log helps.

To add a certificate, make sure it is in the System keychain (so not tied to your administrator account on the Mac) and is trusted. Then use Keychain Access to export it as a .cer file and then import this .cer file into a profile, under the Credentials tab. Note that, even if using multiple modular profiles, you cannot install the same certificate twice.

For the VPN use your UUN and EASE password; for central-wpa use your UUN and WiFi password; for eduroam use and your EASE password.

To test eduroam, I switch between the two WiFi profiles. Switching doesn't work properly: each time I have to make (3) repeated attempts, leaving and returning to the Settings App between attempts. Nevertheless, at least this behaviour is repeatable. I look forward to trying eduroam on the road.

Once you've done this, setting up the two Email profiles seems easy. Just set up the account, working from a tried and tested setup, by looking at the account settings for Mail on your Mac - except the Mac doesn't tell you which port it uses for SMTP. On my University account I use for incoming, and the authenticated for outgoing. For Gmail it's and Note the small twist: secure SMTP on Gmail uses port 587, whereas the Informatics authenticated SMTP uses 465. It seems Google does the right thing and 465 is non-standard legacy stuff!

I can't get my Pipex mail set up this way because the Tiscali certificate presented doesn't match the server address. I can override this error if I install the setting by sync with the Mac in iTunes, or enter it manually, but if I set up a profile, it just fails—and the console log says, "an SSL error occurred".


Wireless Keyboard lost?

How to make a bluetooth device a favorite

My MacBook Air has problems finding my wireless keyboard. It is paired, but not seen. I have to go through the whole rigmarole of adding a new device to make it visible. Why?

Sometimes Bluetooth preferences lets me connect; sometimes not.

My Keyboard isn't a favourite! Solving this should be easy—just use Bluetooth panel in System Preferences.

There's an obvious button to press in Tiger; but on Leopard it's hidden.


Open Bluetooth Preferences ...

Select your device (Keyboard or whatever).

For an immediate fix select Connect from the settings menu.

For something longer-lasting, select Show More Info

The trick: From the settings menu (which has now changed) select Add to Favorites. You're done.

Sometimes it shows connected but still no keystrokes appear: Disconnect and then Connect using the settings menu.



Finally, I found the solution for LaTeX on the Mac. I've been using MacTex for a month or so and it seems really solid. It has its own updater, the TeXLive utility, which allows you to keep your installation up to date. Your own local styles can be installed in ~/Library/texmf/tex/latex. BibTeX .bib files go in ~/Library/texmf/bibtex/bib or subfolders of this directory, and .bst files go in ~/Library/texmf/bibtex/bst or subfolders of this directory.

A system local texmf tree, which can be accessed by all users on a machine, can supposedly (untested by me) be placed in /usr/local/texlive/texmf-local.

This installation includes LaTeXiT, a utility I've mentioned before, that lets you easily produce PDF, EPS, TIFF, PNG, or JPEG files from LaTeX snippets. It can produce fully scalable PDFs with stroked fonts, for inclusin in presentations and posters. LaTeXiT also includes a LaTeX palette that allows you to select AMS symbols, operators, arrows, etc. from a graphical display.

LaTeXiT stores the LaTeX source within the PDF document it produces—if you want to edit your presentation later, just paste the PDF back into LaTeXiT and you can edit the source. Unfortunately, Keynote 5.0.1 doesn't seem able to access the LaTeXiT services, and LinkBack doesn't seem to work—but cut-and-paste isn't so hard.

The Grapher utility (in Applications/Utilities) also integrates with LaTex. Type a formula into Grapher, which provides a fairly intelligent wysiwyg interface (use ^ for exponents, / for fractions, "log" for log, "pi" for π, etc.). The arrow keys (all four of them) allow you to move around. Ctrl-(or right-)click on the selected equation will allow you to copy the LaTeX source for this equation (and it normally makes a better job of the latexography than I do).


Skype on iPhone–iChat next?

VoIP on iPhone. Find free Skype for iPhone on the App Store.

It works–Skype calls over WiFi–and the quality seems better than Fring or TruPhone.

Why hasn't Apple got an iPhone version of iChat yet–or Gizmo5 to give us a free SIP phone?


USB Ethernet "not connected"?

Oh, yes it is!

"Oh, no it isn't," says System Preferences.

Physically it is connected. The ethernet works fine when I try it with another laptop. But my MacBook Air has no network connection.


Not sure what causes this, but it seems to arise when moving from one network to another — work to home. Until Apple fix their bug, one workaround is as follows:

  • Open System Preferences >> Network
  • Select USB Ethernet in the ports list.
  • Click the - sign at the bottom of the ports list to delete your existing USB Ethernet port
  • Click the + sign, to add a new one; select the new one click Apply.

If you're lucky (it's worked for me a couple of times already) you will find that, after a short pause, the USB Ethernet n port you just created now works as normal.

If the option to create a USB Ethernet port doesn't appear, check that you have the ethernet adapter dongle plugged in. This seems to be neccessary.

If it still doesn't appear (sometimes it doesn't), restart and try again. This has always worked for me (so far).


Wireless again

As long-time readers of this blog will know, I have an extended wireless network. It now includes two daisy-chains and one spur: a daisy-chain on 802.11n (5GHz) with a TimeCapsule (which has internet connection from my ADSL modem/router) and two Extremes; a daisy-chain on 802.11g (2.5GHz) with older kit — two Extremes (one connected by ethernet to the remote end of the 802.11n chain) and three Expresses.

Autoconfigure was a welcome feature of the 802.11n Express. It was great — when it worked — but it was always flakey.

With the 7.4.1 firmware update my setup became completely unstable. In particular, whenever Time Machine started a backup the network would auto-reconfigure, and break. I had to use an ethernet connection direct to the Time Capsule to make a backup. I've now reverted to a manual setup of the WDS with explicit MAC numbers. All appears stable, my iPhone is back on WiFi and backup over wireless is working again.

If you're having problems with an autoconfigured wireless network, try going back to manually configured WDS. Use Airport Utility. First make a note of the Airport ID (MAC number) for each of your devices. Then, one-by-one switch from Create a Wireless Network or Extend a Wireless Network to Participate in a WDS Network. A WDS tab will appear. Under this tab you can see (and manually adjust) the autoconfigured setup. In my case I found that two Extremes were trying to act as WDS main.

As usual, be careful to update the various access points in an order that doesn't leave you unable to access some device over wireless. If you do get into that sorry state, a direct ethernet connection can be used to reconfigure the lost device.


Google Base encoding woes

Google Base lets you upload descriptions of goods, services, publications—or whatever—to enable the world to find your stuff.

You can do this item-by-item, using a web form, or in bulk by submitting an RSS or Atom feed as an xml file.

So far, so good ...

But ...

If you want to use extended character sets (eg. characters, ξ € я þ ø æ œ and accents, å ç ê ñ ü ) you will naturally use utf-8 or unicode encoding.

So, I set up the feed for utf-8 encoding, and uploaded the xml using Direct Upload via Google Base, Google's file upload interface ...

Once my feed was processed, Google said, Your data feed contains an invalid character for the current encoding setting.

I tried File Transfer Protocol, uploading via ftp to Google still didn't get the right encoding (I think Google was at fault here).

I tried Automatic upload via scheduling. This probably failed because my ISP's server insists on sending a content header saying it is serving everything in ascii—Google did the "right thing" and believed this travesty.

So, nothing worked: Your data feed contains an invalid character for the current encoding setting.

Solution: use xsl:output to encode your feed in ascii

Here is a simple xsl transform to copy an xml file and change its encoding. The important line is the attribute encoding="us-ascii", in the xsl:output element.


<?xml version="1.0" encoding="utf-8"?>
<xsl:transform version="1.0"

  <xsl:template match="/">
    <xsl:apply-templates />



<?xml version="1.0" encoding="utf-8"?>
  characters, ξ € я þ ø æ œ 
  and  accents, å ç ê ñ ü

Executing the command

xsltproc -o ascii.xml toascii.xsl utf8.xml
produces an ascii-encoded version:


<?xml version="1.0" encoding="us-ascii"?>
  characters, &#958; &#8364; &#1103; &#254; &#248; &#230; &#339; 
  and  accents, &#229; &#231; &#234; &#241; &#252;

If you are already using xsl to produce your feed, just add encoding="us-ascii" to the xsl:output element. If you have it by some other means you can use the identity transform given above.


Adjust brightness for 24 inch LED Cinema Display?

I think that the F1/F2 keys on my MacBook Air used to adjust brightness of the primary display. In any event, they certainly don't now (10.5.6) allow me to adjust the brightness of my 24" LED display—they adjust the brightness of the MacBook Air screen, whichever display is selected as Primary.

However, the Display tabs of the Display panels of System Preferences allow you to adjust the brightness of each display independently.


ant ftp task libraries:
jakarta-oro; commons-net

A problem

Update: 6 April 2012 This stopped working again. Adding ant-commons-net-1.7.1.jar to ~/.ant/lib resolved the problem.

My installed version of ant (I presume from Developer Tools) doesn't support the ftp task:

$ which ant
$ ant -version
Apache Ant version 1.7.0 compiled on August 25 2008
$ ant -diagnostics | grep ftp.*Available
ftp : Not Available (the implementation class is not present)

The manual says To use the FTP task, you need jakarta-oro 2.0.8 or later, and commons-net

Sounds simple—just find the right .jar files and put them in ~/.ant/lib

jakarta-oro-2.0.8.jar is easy to find.

commons-net-2.0.jar is also easy to find, as is commons-net-ftp-2.0.jar —but they don't work. For example:

$ ls ~/.ant/lib
commons-net-2.0.jar jakarta-oro-2.0.8.jar
$ /usr/bin/ant -diagnostics | grep ftp.*Avail
ftp : Not Available (the implementation class is not present)

ant-commons-net-1.7.1.jar does work with Ant version 1.7.0 — and you can find it if you look.

But there is an easier way...

The solution

Update to Ant version 1.7.1 (I did this from MacPorts with Porticus; Fink also has this version):

$ which ant
$ ant -version
Apache Ant version 1.7.1 compiled on June 27 2008
$ant -diagnostics | grep ftp.*Available
$ ls ~/.ant/lib

The MacPorts installation includes the requisite java archives. (I haven't tested the Fink install.)


Starting over (again)

Lovely new MacBook Air — light as a feather pillow.

Power up.
Switch on.
My Air arrived with zero charge. I had a nervous few minutes with no response from the power button. I had time to read the FAQ, try again, and panic briefly before it eventually had enough charge to start up.
Setup admin account
Setup wireless
Software update
This may take some time (for me this was an 870MB download). While waiting you can Install Firefox
Software update again
Repeat until there are no further updates
Migrate user data from your TimeCapsule backup
Do this over ethernet, unless you want a long wait (I had 40GB to migrate. I get 2-3GB/h over a wire connected to my remote Express — 1.5GB/h with two wireless hops, and 7-8GB/h when wired directly to the Time Capsule.)
Setup user accounts
Include a working account for yourself
Configure Time Machine Backup for your new machine.
Start the initial backup.
This will take even more time (my initial backup is requires transfer of 55GB of data).
You can carry on with other tasks meanwhile. You can interrupt the process ("Stop Backing Up" in the Time Machine Menu), and resume later. Again, do as much of this as possible over a wired connection, to speed things up.
Use Calaboration to sync your Google calendars with iCal
Install Fink and Fink Commander
This allows you to install and manage various Unix utilities. I start with emacs-carbon.
Install MacPorts and Porticus
This also allows you to install and manage various Unix utilities and for many has more up-to-date versions. It also has a port of polyml. I start with polyml, tetex, bibtex2html and hevea. Porticus doesn't have carbon-emacs.
Install Kerberos Extras
Our "staffmail" imap server supports Kerberos authentication - just use the realm EASE.ED.AC.UK and your EASE user name and password. Unfortunately Apple haven't yet implemented this fundtionality on the iPhone — so syncing broke my email on the iPhone.
Change back to password authentication; sync again, so mail on the iPhone is back to normal; turn off sync; turn on Kerberos authentication on the Mac.
Install Developer Tools
Apart from anything else, this is probably the easiest way to get CVS installed.
Download iPhone SDK
Useful for the iPhone emulator which lets you see how your web pages will look on the iPhone. Maybe someday I'll write some code too!
Turn on the Safari Develop menu
To display the Develop menu in Safari 3.1 or higher, select the checkbox labeled "Show Develop menu in menu bar" in Safari's Advanced Preferences panel.


Channel 13: Leopard Wireless Card Locale

Channel 13 is legal in the UK and many other locales, but not in the USofA.

Since most default setups use channel 6 or channel 1, those of us looking for uncrowded channels often find 13 is uncluttered.

When I did a recently clean install of Leopard, I found that my channel 13 network disappeared — invisible!

Update (2009-03-09) It seems that the 10.5.6 update (I installed it on 2008-12-27) has changed something so this tip no longer works!

Although my MacBook Time Zone was set to Edinburgh - Scotland (you can set this in System Preferences, under Date&Time), I found that my Wireless Card Locale was set to US (which disables channel 13).

You can check your Wireless Card Locale by going to "About This Mac" > "More Info ..." > "Network; Airport Card".

The solution was to set the Time Zone to Tokyo then restart. Wireless Card Locale is then "Worldwide" and channel 13 is enabled.

Setting the Time Zone back to "Edinburgh - Scotland" and restarting again gives me "Worldwide" — but setting Time Zone to "Los Angeles - USA", and restarting, sets it back to "US".


iPhone Google Voice Search Arrives!

Google Mobile App

Out with the old; in with the new.

It doesn't appear as an update, in the iTunes store, the post date and version number appear unchanged (see the image) — ignore that! Just delete the old one then get the Google Mobile App again from the AppStore. Apple will tell you the update is free since you already bought this App. The packaging is still old, but Now the update appears and the packaging is updated too the app inside is new (version and it does do voice search.


Time Machine hangs? Spotlight responsible?

Time Machine and Spotlight run slowly over wireless...

So slowly, that it appears that the system has hung.

Time Machine is great — but ...

Making the first backup of a 60GB of data takes a very long time over wireless.

Making a large incremental backup, after being away for a week, or more takes a very long time over wireless. Even over 802.11n I find Time Machine, backing up over my WDS, manages about 1MB/sec. Say 1GB takes 16 minutes, then 60GB takes 16 hours!

If Spotlight is indexing the backup while the backup is changing, things go even slower.

Solution: For the first backup, or for an incremental backup after you've been on the road, first turn of Spotlight indexing for the backup. Then connect your Mac by ethernet cable directly to the LAN port on the Time Capsule, and leave it to chunter away overnight. Finally, turn indexing on to let Spotlight digest the backup.

To see what Time machine and Spotlight are up to, use the console to inspect the logs. Set the filter so you see messages from backupd. You should see a sequence of messages appear slowly (but no longer very slowly), like this:

Starting standard backup 
Network volume mounted at: /Volumes/Data 
Disk image /Volumes/Data/myMacBook0016cb896cb9.sparsebundle mounted at: /Volumes/Backup of myMacBook 
Backing up to: /Volumes/Backup of myMacBook/Backups.backupdb 
No pre-backup thinning needed: 2.21 GB requested (including padding), 801.41 GB available 
Copied 22 files (24.4 MB) from volume Macintosh HD. 
Starting post-backup thinning 
No post-back up thinning needed: no expired backups exist 
Backup completed successfully.

Each line starts with date and time and the label /System/Library/CoreServices/backupd[22205]


Spotlight should be allowed to index your backup — so that you can find valuable nuggets of information lost in the past. Spotlight is also very slow if it has to index 60GB over wireless — if you do this, your log may also include lines like:

Waiting for Spotlight to finish indexing /Volumes/Backup of myMacBook/Backups.backupdb 

The solution is the same — when Spotlight has lots of changed stuff to index in the backup, let it work over ethernet. If you unplug and go wireless immediately your big backup is done, Spotlight will spend a long time catching up — and it won't let the next hourly backup begin until it has caught up.

Spotlight crashes

In addition, spotlight crashes: mdworker does the Spotlight indexing — you may find messages like this:

Formulating crash report for process mdworker[22921] 
(0x10c720.mdworker[22921]) Exited abnormally: Bus error 

When this happens, it slows things down even more. It's a bug — every crash is a bug. Some discussions suggest that it may by triggered when Spotlight attempts to index ill-formatted emails.

You can tell Spotlight not to index emails — and it may have some effect. Waiting patiently also seems to work — and I need to be able to search for mail by content, so I have to let Spotlight index my mail.


iPhone ... cannot be synced (error 13014)

The iPhone ... cannot be synced.
An unknown error occurred (13014).

This occurred after the iTunes 8.01 (11) update. Restarting the Mac seems to cure it.


iPhone Screen Capture

To screen grab: While holding the Home button, click the on/off/lock button.

You will find an image file among your photos. Download it to iPhoto. Export as PNG, TIFF or JPEG.

VPN on iPhone L2TP/IPsec

Settings > VPN > Add VPN configuration...

To connect to ...

<your UUN>

<your EASE password>

<find it here>
No cheating in the library!



ENTITY &mdash;
(X)HTML entities in XML for XSLT

You can use character entities in your XML provided you declare them.

Add a DOCTYPE to your XML — all you need is the name of your root tag (my document in the example below is a recipe) and a reference to the special character sets you want.

for example

XML-compatible ISO Special Character Entity Set for XHTML

— including lt gt mdash quot euro

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<!DOCTYPE recipe [
       <!ENTITY % xhtml-special
           PUBLIC "-//W3C//ENTITIES Special for XHTML//EN"
       "" >

other standard character sets

You can add more declarations to the DOCTYPE mdash just add them between the square brackets [...]

XML-compatible ISO Latin 1 Character Entity Set for XHTML

— fractions, accented characters, pound, yen, cent, copy

       <!ENTITY % xhtml-lat1
           PUBLIC "-//W3C//ENTITIES Latin 1 for XHTML//EN"
       "" >

ISO Math, Greek and Symbolic Character Entity Set for XHTML

       <!ENTITY % xhtml-symbol
           PUBLIC "-//W3C//ENTITIES Symbols for XHTML//EN"
       "" >


Printing in the Forum

Updated for Snow Leopard 2009-10-21.

The print-server address is

You can look up the available printers with the DICE command printers
[tammy]mfourman: printers
if213m0 HP 4100DTN - IF213
if237c0 Canon iRC3080i multi-function device in IF237
if313m0 HP8150DN - IF313
if336c0 Canon iRC3080i multi-function device in IF336
if413m0 HP8150DN - IF413
if435c0 Canon iRC3080i multi-function device in IF435
if536c0 Canon iRC3580i multi-function device in IF536

You should install and select the Canon iR C3080/3480/3580 PPD Canon UFR_II_V200_MacOSX_us_EN.dmg File for Mac OS X for the multi-function (scan-print-copy) Canon devices.

You probably already have the HP drivers. If the configuration is not attached to the printer, you can print it using the printer's menu buttons.

Safari 4 beta scores 100/100 on acid3

Update 2009-02-24 This is now a public beta from Apple.

If you are registered as an ADC member (go to then to the ADC member site link to register for free), you can now download the Safari 4 Developer Preview.

This this is very fast and very compliant: 100/100 on the Acid3 test. (Firefox 3.0.5 scores 71/100.)

First Direct online banking now works fine (and fast).


Starting over: MacPorts

As a long-term Fink user, I've found it hard to summon up the energy to move to Macports (previously known as Darwin Ports), until now. A dead disk provided the necessary impetus to overcome this energy barrier.

MacPorts—so I am told by friends I trust—is closer to the Mac zeitgeist, and has more packages available in fresher versions.

My first experience was not good. I tried the standard install from .dmg with two fresh, fully updated installs of Leopard + x11 + XCode Tools—one on my ageing MBP; one on a sparking new MacBook Air. Neither succeeded in creating the code>.profile that is supposed to adjust the PATH environment variable.

You should start with a standard install as it does almost everything—and may even do it all, for some it succeeds.

In the environment of a shell accessing packages installed by MacPorts, PATH should include /opt/local/bin:/opt/local/sbin and MANPATH should include /opt/local/share/man. The standard install is meant to create a .profile to achieve this. It didn't.

Googling macports leopard profile led to various suggestions (as usual, others have encountered this problem before me). One of these works—others don't.

Do not add the new paths to /etc/paths and /etc/manpaths.

Do not add new files named macports or MacPorts, containing the new paths, to /etc/paths.d/ and /etc/manpaths.d/.

Do create a file ~/.profile containing the following code:

export PATH=/opt/local/bin:/opt/local/sbin:$PATH
export MANPATH=/opt/local/share/man:$MANPATH

Then you can type sudo port -d update in a fresh terminal window, to update your MacPorts installation, and sudo port install emacs-app, for example, to install a Cocoa version of emacs.

You'll find the Emacs installed as a regular application in /Applications/MacPorts/.

Note: If you already have a .bash_profile or .bash_login, you can and should append the commands above to that file, and optionally rename rename that file as .profile, instead of creating a new .profile.

Explanation: (for the full story try man bash)

When bash is invoked as an interactive login shell, or as a non-inter-active shell with the --login option, it first reads and executes commands from the file /etc/profile, if that file exists. After reading that file, it looks for ~/.bash_profile, ~/.bash_login, and ~/.profile, in that order, and reads and executes commands from the first one that exists and is readable.


Fixing’s IMAP date problem

Using imapsync to migrate mail from one IMAP server to another, I hit a problem. Google led me to the following description of the same issue:

The IMAP Date problem is the result of how figures out the Date Received time for an email. Rather than using the Date: header in the email it uses the time the file was written to the file system. This becomes a problem when files are copied to a new location on the server and the creation time of the file is changed.

Not's problem!

The solution is to use imapsync with the flag --syncinternaldates

I am now using

/usr/bin/imapsync --syncinternaldates \
     --host1 --user1 mfourman --ssl1 \
     --host2 --user2 mfourman -ssl2 \
to finish the transfer of about 4GB of mail history.

To start, try it out on a small folder --folder Test

First test with --dry :

/usr/bin/imapsync --syncinternaldates  --folder Test \
     --host1 --user1 mfourman --ssl1 \
     --host2 --user2 mfourman -ssl2 \
     --noauthmd5 --delete --dry
If everything looks OK then run
/usr/bin/imapsync --syncinternaldates  --folder Test \
     --host1 --user1 mfourman --ssl1 \
     --host2 --user2 mfourman -ssl2 \
     --noauthmd5 --delete
Expunge from the source by hand (in Mailbox > Erase Deleted Messages).

Using the --expunge flag upsets other users of the IMAP server:

Currently it is processing folder which is 100MB in size, it is deleting (and then expunging) one message at a time. The way that is implemented on the server, is that the message is deleted, and then the whole file is written out again with that one message removed. This is leading to a lot of disk IO.

That's the short story. The actual story was more involved and also included using my gmail IMAP account as a temporary buffer to recover from some false starts. (Free 6.5GB quota - thank you Google!)


Opaque Leopard Menu Bar

Many find the translucent menu bar in Leopard disconcerting. There are several tips posted elsewhere suggesting various hacks involving obscure environment variables to turn off this feature.

Apple did it for you! (since 10.5.2)

Go to System Preferences > Desktop and Screen Saver. Uncheck the Translucent Menu Bar checkbox. You're done!

emacs: Fatal malloc_jumpstart() error

Emacs fails with the error Fatal malloc_jumpstart() error

Black Magic

In a Terminal window type

$ sudo mv /usr/bin/emacs-i386 /usr/bin/emacs-i386.backup
$ sudo /usr/libexec/dumpemacs -d
$ emacs --version
GNU Emacs 22.1.1
(Here, $ is the shell prompt.)

Once youve checked all is OK you can remove the backup

$ sudo rm /usr/bin/emacs-i386.backup


Time Capsule


Time Capsule is an airport extreme base station (802.11 a, b, g, n) with built-in hard drive for backup.

You set up the base station as usual, using AirPort Utility.

You can use your old base station to create a WDS network and extend your wifi coverage to attic or garden – or share with a neighbor. In any case, APPL say, you should make the Time Capsule your main base station – the one directly connected to your ISP.

If you just have 802.11n-capable access points you can let your network autoconfigure. Choose a common Network Name, Wireless Security and Password. Under Airport > Wireless set the main base station to Create a wireless network; set the other base stations to Extend a wireless network.

A domestic ISP typically gives you internet access via a single IP address. Depending on your ADSL or cable hardware you have various options for setting up your system to distribute local IP addresses to clients on your local network.

My ADSL modem is a speedtouch router. It provides a DHPC server with optional MAC authentication. WDS setup is simple: each base station is configured to get its own IP address as a DHCP client, and to act as a bridge passing wifi client traffic to and from the ADSL modem.

If your ADSL or cable modem isn't set up as a DHCP server, you can get the Time Capsule (or any Airport base station) to do this. Set the main base station to "Share a public IP Address" (under Internet).

If your modem provides a range of addresses that clients can select manually, you can set the main base station to distribute these. Select "Distribute a range of IP addresses."


Time Machine sometimes gets confused and can't mount the backup disk. Apple say the volume name should be shorter than 27 characters. Elsewhere they say it should be purely alphanumeric [0-9,a-z,A-Z]*


Extreme 7.3.1 firmware update

All went smoothly, but now my remote base stations (I have a WDS daisy chain 4 links long - see earlier post) don't show in Airport Utility. Still connected - I can ping them just fine, and the remote airTunes express shows up in iTunes.

Update this seems to have been a temporary problem. Everything is now visible again.

All my airports (7 at last count) are configured in bridge mode - my speedtouch adsl modem router provides a DHCP server. On the bright side, this update seems to have helped with one issue: the 802.11n extremes now seem to pick up an IP address from my router using DHCP (previously I found this didn't work and had set manual IP addresses as a work-around).

application/x-mplayer2 plugin

Problems with BBC radio-player?

You need the Flip4Mac internet plugin. Download it free from microsoft. Use the "customize" button when installing to select the browser plugin.


Uninstall SPSS

installer tells me that a there is still a previous version of SPSS 16 on my mac

SPSS is great, but ...

The Mac install is clunky. If you've aborted an install and want to start again, or you just want to get some space free, you have to remove the old installation.

You've removed all files and directories matching *spss* (and, for good measure, youve also tried *SPSS*), and you can't start again because the installer complains that you haven't removed a previous installation.

remove InstallShield (probably sitting in your home directory) and start again!

If you want to get rid of an older version, and you haven't yet started, use the uninstaller installed with SPSS,

SPSS know about the problem

They say:

Problem Subject: Trying to install SPSS 16 for the Mac yields an error message that there is already a previous flavor

Problem Description: I am trying to re-install SPSS 16 for the Macintosh and I am unable to do so because during the installation I am met with an error message telling me that there is already a previous flavor of SPSS on this machine and that it must be removed before a new install can take place. What is the reason for this message and how can I resolve this so that I can install SPSS 16 for the Macintosh?

Resolution Subject: Completely remove the previous installation of SPSS 16 from this machine

Resolution Description: The reason this is happening is that the previous installation of SPSS 16 for the Macintosh was not uninstalled correctly. If you merely trashed the application folder then SPSS 16 was not uninstalled. The uninstall function is found with the SPSS 16 applcation in the 'Applications' folder. In order to resolve this issue if SPSS 16 is not removed through the uninstall process please go into the 'Users' folder on the main operating systems hard drive. In here you should find a house with your login name on it and you should go into this item. In this house (folder), please trash the following:


~/InstallShield (directory, remove the whole thing)

~/Library/Preferences/com.spss.spss for mac.plist

Now empty your trash. Now you will be able to re-install SPSS 16 for the Macintosh.

free iPhone SDK

Apple say:

``Start your development today with the free iPhone SDK ...''

... not quite: this is a 2.1GB download, and it looks as though AAPL wasn't ready for the demand. Currently at 7% after seven hours, and just picking up speed (presumably as the US goes to sleep): occasional bursts of action, but still very slow—10 hours to go...


Wireless Woes

Strange behaviour: Everything was fine, working with my MBP on a multi-AP WDS network of new Airport Extreme base stations; move to another floor, just next to an AP, can't see the signal, or rather I see it fleetingly, get asked for password, then it disappears. My first conclusion is that the AP must be caput, but back upstairs, where I started, I now see no signal.

Another laptop can see the signal fine. I try manually changing network setup, restart, shutdown, even taking out the battery then restart. Still no wifi connection. I conclude that the wifi card in my laptop must be damaged, or at least have a dodgy aerial connection.

Back at home I still have the same problem—and neither Airport Utility, nor iStumbler can see the signal either. I think I'll try looking at the wifi card.

To check on how to do that I need to get online. So I find an ethernet cable and connect a LAN port on one of my base stations. I'm now online, as expected, but I didn't expect to see Airport Utility and iStumbler burst into life just because I made a wired connection. Everything looks normal, and Network preferences now says I have a wireless connection.

I unplug the ethernet cable, and everything stays fine; back to normal. I don't pretend to understand why.


It happened again!

Same symptoms - persisting across two different WDS networks.

Again, recovery coincided with my decision to give up hope and use a wired connection to my base station.



AJAX demystified: import xml

Here's the barebones of a javascript function that will request xml from a url configured to return xml (text/xhtml+xml or application/xml for example) and then asynchronously add a selected fragment of the returned xml as a child of some node on your page; this target node is selected by id.

function getXML(url, toGet, id){ 
  var request = new window.XMLHttpRequest();
   // for IE use ActiveXObject instead

  function load(){
      var content, node;
      if(request.readyState == 4 &&
         request.status == 200){
         content = document.adoptNode(
         node = document.getElementById(id);
    } // should handle null response or failure

  if(request){"POST", url, true);
  }// else ...

This will work on a gecko browser, if you have everything set up properly. You'll have to expand it to make it robust, as per the comments (and more).

Example xhtml to call this:

<div id="putInfoHere" />
<span class="button" 
    "putInfoHere");'>Get Info</span>

The file contact.xhtml should have an element such as <div id="address">...</div> with the matching id. This will be harvested. The clever part is that the harvested code still lives in the correct namespace. So imported markup is correctly interpreted as xhtml.

Make sure files are served with an appropriate mime-type. With apache you can do this using .htaccess :

AddType application/xhtml+xml .xhtml

A future post will have more, on how to send text or xml data to a script using httpRequest with POST instead of GET.

AJAX demystified: import text; async cgi

Here's the barebones of a javascript function that will request text from a url configured to return text (text/plain or text/plain for example) and then asynchronously put the returned text into a textarea element (or any other element with a value field) on your page; this target element is selected by id.

function getText(url, id){ 
  var request = new window.XMLHttpRequest();
  // for IE use ActiveXObject instead

  function load(){
    if(request.readyState == 4 &&
         request.status == 200){
        = request.responseText;
  // should handle null response or failure

  if(request){"GET", url, true);
  } // else ...

This will work on a gecko browser, if you have everything set up properly. You'll have to expand it to make it robust, as per the comments (and more).

Example html and javascript to call this (note how the call uses the id of the textarea):

<textarea id="putInfoHere" />
<span class="button" 
    "putInfoHere");'>Get Info</span>

Make sure text files are served with an appropriate mime-type. With apache you can do this using .htaccess :

AddType text/plain .txt

You can replace info.txt with a cgi script that produces a header and info on stdout. For example (with otherwise pointless sleep to demonstrate asynchrony), put the following mydate.cgi in a cgi-enabled directory:

echo "Content-type: text/plain\n"
sleep 2

Change the URL in your html accordingly, and make sure your script is executable chmod +x mydate.cgi

A future post will have more, on how to receive xml instead of text and how to send text or xml data to a script using httpRequest with POST instead of GET.


Mac OS X 10.5: Web Sharing - "Forbidden 403"

In what follows, substitute your short username for myshortname

Create the file
containing the following text:

<Directory "/Users/myshortname/Sites/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
Set the group and owner as follows:
sudo chown root:wheel /etc/apache2/users/myshortname.conf

Restart apache by switching Web Sharing off then on in System Preferences.


Block Microsoft messenger on Speedtouch router

Blocking tcp traffic from two ranges of IP addresses on ports 80 and 1863 prevents MSN messengerlogin and initialisation.

You can input the following via telnet login to your speedtouch (telnet -l <user> for temporary use—to revert to saved configuration use system reboot, save or add it to the firewall section of user.ini for a permanent block. (View source to see lines split here.)

firewall chain create chain=nomsn

firewall rule create chain=nomsn prot=tcp srcport=1863 src= action=drop
firewall rule create chain=nomsn prot=tcp srcport=1863 src= action=drop

firewall rule create chain=nomsn prot=tcp srcport=80 src= action=drop
firewall rule create chain=nomsn prot=tcp srcport=80 src= action=drop

firewall assign hook=input chain=nomsn


See CLI reference for your model.

*                             ______ 
*                         ___/_____/\
*                        /         /\\ Alcatel, Speed Touch 510 ADSL modem
*                  _____/__       /  \\ 
*                _/       /\_____/___ \   Version R3.7.2.1 
*               //       /  \       /\ \ 
*       _______//_______/    \     / _\/______ Copyright (c) 1999-2001 Alcatel 
*      /      / \       \    /    / /        /\
*   __/      /   \       \  /    / /        / _\__ 
*  / /      /     \_______\/    / /        / /   /\
* /_/______/___________________/ /________/ /___/  \ 
* \ \      \    ___________    \ \        \ \   \  /
*  \_\      \  /          /\    \ \        \ \___\/
*     \      \/          /  \    \ \        \  /
*      \_____/          /    \    \ \________\/
*           /__________/      \    \  /
*           \   _____  \      /_____\/
*            \ /    /\  \    /___\/
*             /____/  \  \  /
*             \    \  /___\/
*              \____\/


ClamAV an open-source anti-virus toolkit

Clam AntiVirus (ClamAV) is an open-source anti-virus toolkit for UNIX, released under GPL. It provides a number of utilities including a flexible and scalable multi- threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.

ClamAV is included in both Fink and DarwinPorts, or can be downloaded directly from sourceforge


You have to edit the configuration files. See the manual pages for details:

man freshclam.conf
man clamd.conf

You have to edit both files. On a Fink install, you'll find them in /sw/etc/. For other setups, locate clam.conf should find them.


clamconf -n tells you what non-defaults are set in your configuration.
clamscan -r directory recursively scans a directory.
freshclam updates your virus definitions.

man clamconf
man clamdscan
man clamscan
man freshclam

I added the following line to /sw/etc/anacrontab

   1       25        clamscan         nice /sw/bin/freshclam -quiet

When you check your imported software (for a Fink installation, do this by running the command sudo clamscan -r /sw) you should find a few ''infected'' files. For example:
/sw/src/clamav-0.91.2.tar.gz: ClamAV-Test-File FOUND
There are a few more examples in /sw/share/doc/clamav/test/. If you don't find these test cases, check your configuration.

The malware I have found is exclusively in spam mail and cached java applets.

clamdscan ˜/Library/Caches/Java\ Applets
clamdscan ˜/Library/mail\ Downloads
You can remove offending files by hand, or use the --remove option when calling clamdscan.


X11 on Leopard won't launch for me - a quick google tells me that others have the same problem.

The idea under Leopard is that X11 will launch automatically as required, so just typing xterm in a Terminal window will launch a xterm window.

But for me this didn't work, since I had set DISPLAY = 0:0

To check, type echo $DISPLAY if the response is 0:0 (as you might expect) you need to remove the entry for DISPLAY from environment.plist (double-click on the file and the property list editor should open). On the other hand something bizarre:

mfourman$ echo $DISPLAY
seems to be fine!

Note that some applications may set the DISPLAY variable on startup. I had to retire sshLogin (a Mac port of sshAskPass) because it insists on doing this. So I'm back to using ssh-add from the terminal to set up my ssh identity before launching xterm.

Connecting via ssh from the xterm then sets up an X11 connection so that remote X applications can use your Mac screen. Use ssh -X to forward X11 connections, or set this up, for hosts you trust, in your ssh configuration.

Your ssh configuration depends on various files in ˜/.ssh:

authorized_keys config identity  known_hosts

You can set your ˜/.ssh/config on a per-host basis: for example

# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
Host trusted.local
     ForwardX11 yes 
     ForwardX11Trusted yes
     Compression yes
     Cipher blowfish
     ForwardX11 yes 
     User alias 
Host *
     ForwardX11 no
     ForwardX11Trusted no
Note X11 forwarding should be enabled with caution.

User Specifies the user to log in as, useful when you have a different user name on different machines.

The default configuration file (see /private/etc/ssh_config) includes a list of common settings. The configuration files contain sections separated by ``Host'' specifications, and that section is only applied for hosts that match one of the patterns given in the specification. (Lines starting with `#' are comments. Copy this template, remove `#' and edit values as desired. For details see man ssh_config)

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no



Dave Matthews's polyml is my implementation of choice for Standard ML (my language of choice).

The latest release (version 5.1) compiles on Leopard. The download should be unpacked automatically by Stuffit Expander—otherwise use gtar xvzf polyml.5.1.tar.gz.

cd polyml.5.1
sudo make install

You should get the message:

Libraries have been installed in:

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `DYLD_LIBRARY_PATH' environment variable
     during execution

See any operating system documentation about shared libraries for
more information, such as the ld(1) and manual pages.

You can also download later development versions of the source from the cvs repository on sourceforge:

cvs co polyml
cd polyml
cvs update -Pd
chmod +x install-sh
sudo make install


Safari Crash; Firefox Crash; Applet Crash!

Leopard and Java 6 don't mix!

I didn't know this and used Java preferences to set Java 6.0 as my preferred version (I had earlier installed the developer preview, under Tiger)


Apple confesses

The solution is to expunge all traces of Java 6, then reinstall Java.

Javablog has the answer:

Move or remove all of the following


and all your Java 6 installation receipts from /Library/Receipts/.

Then re-install Java from the Leopard DVD with the commands

open /Volumes/Mac\ OS\ X\ Install\ DVD/System/Installation/Packages/Java.pkg
open /Volumes/Mac\ OS\ X\ Install\ DVD/System/Installation/Packages/JavaTools.pkg 


Kerberos for Leopard

For the avoidance of doubt, install Mac OSX Kerberos Extras—some say this is changed for Leopard (OS X 10.5) others hint that it's just as the same as it was for 10.4.

Add X509 Anchors to Keychain Access (found in /Applications/Utilities/). (It was there by default in 10.4, but it appears not in Leopard. Select Add Keychain from the File menu. In the file selection dialog, navigate to /System/Library/Keychains. You should find X509 Anchors there.

Install the University Certificate in X509 Anchors— drag-and-drop.

For me Keberos works for IMAP access to, but not to, nor for SMTP access to either.

Here's what support have to say:

I've run this past a few people who might know and the consensus is that Apple may have broken something. There's a strange looking message in one of the log files - Token header is malformed or corrupt

This is probably not the whole story, as staffmail does work with Leopard's Kerberos. Time to switch to staffmail...


Fink "Can't fix GCC after Repair Permissions"

I'm now working with Leopard aka OS X v10.5; this is a Leopard problem

Chasing around to see what could be wrong, I find two contradictory bits of information:

In Apple's version of GCC, both cc and gcc are actually symbolic links to a compiler named like gcc-version; which compiler is linked to may be changed using the command gcc_select.

% locate gcc_select

% gcc_select -l
This version of gcc_select can be used only on MacOS X 10.4.

It seems this may be connected to the CHUD problem of the previous post.

Here's what worked for me:

  1. Remove gcc_select (it says it doesn't work with 10.5).
  2. Remove /Developer (XCode Tools didn't install properly anyway).
  3. Reinstall XCode — make sure you install the Unix Developer Support option.
  4. Run Fink: Selfupdate, then Update-all

Everything worked smoothly.

I still have some problems with Keychain and Kerberos, but I still like Leopard. Cover Flow is helping me clean up my desktop.


Leopard - a spotty start

Added later: See the following post (above) for solution!

First, the good news. I have Leopard up-and-running, and it is great. It feels faster (maybe it is faster, who knows) it looks great.

Installation is supposed to be straigtforward. Put the CD in the drive and follow the instructions. We got to the place where you are supposed to select a disk on which to install Leopard - no disk appears. Wait,... Wait some more,... Make a cup of tea, ... Still a blank.

Go back, and look for an exit button - there is none. Try Disk Utility as suggested to select startup drive - no drive appears. Despair begins. I did back up my important files before starting this process, but restoring them will be a hassle - and what about the unimportant ones (I have a long tail, lots and lots of not very important files, but if they all go, that will feel quite important).

I try various incantations of keys (escape, eject, command-Q, even ctrl-alt-del) nothing works.

In desperation, I plug in an external drive to see if I can perhaps escape this nightmare by installing Leopard on that. The drive appears, but I'm not allowed to install on that drive. I'm about to do a hard reset (well forced power-down by pressing the button until it gives up). Then, my hard drive appears as a possible selection.

I select the drive, hit continue, and leopard installs without further hitch (it takes almost two hours).

It looks just the same - it just feels better, and faster. Of course, if you look closely, it isn't the same, but the changes are subtle, it feels entirely familiar, but better.

Now to install XCode Tools... This time, everything starts fine, but then fails at the end telling me that CHUD installation has failed, and I should contact the software manufacturer (that would be Apple).


securityd memory hogging

Mac running slow, Keychain keeps telling me Google Desktop has changed and asks for authentication. Do I have a virus, or is something wrong with keychain?

Activity Monitor tells me that securityd is using 1.5GB of memory; something is wrong.

Googling suggests that /var/db/CodeEquivalenceDatabase may be corrupted. Furthermore, it seems that it can rebuild itself, so the lizard's tail treatment is suggested: remove the offending part.

I did the following:

cd /var/db
sudo rm -rf CodeEquivalenceDatabase

sudo rm -rf is serious magic, and can get you in serious trouble; be careful (long ago, I once did cd /dev ; rm -rf mouse * — where I meant mouse* — don't try this at home) ... the faint-of-heart could take a copy of the file instead and remove it later:
mv CodeEquivalenceDatabase CodeEquivalenceDatabase.old

In any case, this seemed to work. After a restart keychain asks me to authenticate access for various apps: SystemUIServer, GoogleDesktopAgent, Mail, ... I do this. Everything seems normal, and securityd is using "only" 28MB of memory (back in the old days, we used to run serious theorem provers in less).