Two awesome apps that work awesome together—1Password and Dropbox
The folks at Agile Web Solutions just announced that on of my favorite apps, 1Password Pro, now offers synchronization of secure information using one of my other favorite apps, Dropbox. If you don’t know what 1Password is, check out this episode of MacMercTV that explains the ins and outs of the desktop version of the program.
As you can see, 1Password is a highly secure database for keeping track of web site logins, but it also handles notes, credit cards, bank accounts, and software registration information—I just didn’t have time to go into it all in the video! And, obviously, they also have an iPhone and iPad app, but the question is, how to synchronize the data across all these devices with all their different abilities and restrictions?
With the update of 1Password Pro 3.5 for iOS devices and 1Password 3.3 for Mac, the 1Password ecosystem is now fortified with fully-automated “cloud” syncing awesomeness! Using Dropbox, a free online storage service, users can securely store their data in the cloud, and synchronize their Windows, Mac and iOS devices automatically.
Now, your website logins, notes, credit cards, bank accounts and software registration information can be available on all of your Mac, Windows and iOS devices, automatically and effortlessly the way God intended.
I cannot recommend 1Password strongly enough—your passwords are the only thing between you and identity theft and this application makes it so easy to be outrageously secure while not being forced to hand-enter crazy-long passwords across the iOS’ three keyboards. They make it just as easy to be secure as it is for you to be lazy and open to attack.
1Password for iPhone, iPad and iPod touch is available in the App Store for $9.99 (USD), and the Pro version is available for $14.99 (USD). A Single User license of 1Password for the Mac is available for $39.95 (USD) and a five user Family License for $69.95 (USD). A fully functioning, 30-day trial of 1Password may be downloaded for free from Agile Web Solutions’ Downloads page.
How secure are your passwords? I’d love to hear what you think of 1Password and Dropbox in the comments.1
- scroll down, they’re there [↩]
The Best of 2002
The Year in Freeware
Best on the Web: Chimera Navigator
Fast, new and open-source, Chimera has grown from a shaky beta to a fully functional browser. With a great interface and handy extras Chimera laughs in the face of clunky Netscape and ho-hum Internet Explorer. Tabbed browsing, pop-up suppression, keychain password storage and favicon support make this gift from the open source community our number one.
Freeware Classic: FileCM
For those of you still living in the past, consider this a lifetime achievement award. And for what do we bestow this honor? FileCM adds cut, copy and paste file options to your contextual menu. ThatÃs one more command than even OS X.
Best System Extension: Diabolitin
For decades now, talented programmers have been filling AppleÃs gaps. This one creates a single interface, in the form of a preference pane, from which you can activate or deactivate all kinds of system items. Control your fonts, screensavers, preference panes and more from one interface.
Best Menu Item: Weather Pop
When the novelty of menu extras emerged, no one found a better use for them than Glucose Software. Best of all, when Glucose released a shareware version, they kept their ìliteî version free.
Best Plug-in: PDF Browser Plug-in
Do you ever get so tired of poor 3rd part support you wish you could do something yourself? Of those who took maters into their own hands, the PDF Browser Plug-in may be the best. At least the best one that is still freeware.
Let’s hope next year yields another great crop of free software.
Brian
Superior Ad Blocking on OS X
I love surfing the web. I have DSL and I get pretty good download speeds (compared to 56K modems, insane download speeds). Even though I have a good connection, I still hate downloading obtrusive ads. You know those huge “skyscraper” ads, or those pesky Flash ads that seem to take forever to download? Even more annoying are the pop-up ads that show up on a surprising amount of sites considering everyone hates them with a passion (except evil marketing types). I’m about to show you how to block almost all of the aforementioned ads in ANY browser in OS X. If you don’t want to be bothered with pop-ups use a program or browser that disables them. My method only stops the ads from loading, not the window from popping. Chimera has a killer pop-up blocker installed by default (haven’t seen one so far).
Some people may say that it isn’t right to block ads… That’s how sites stay free. That’s true, and that’s exactly why I’m only giving directions to block the big boys that have no concern at all for your privacy (can we say doubleclick?). This will not block ads on MacMerc, MacMinute, MacUpdate or any other well run site. My goal by blocking ads is to speed up surfing. Only graphical ads are blocked… Text ads are let through. If you really like a site and you’re afraid that they will lose income when you block its ads, look around on that site and most likely there are other ways you can support it. Most webmasters would rather all their visitors gave $10 a year than have to run ads. I know MacMerc would 
. If you can’t find anything just email someone there and ask where you can send a donation. It will be appreciated.
The following is a list of the “Big Boys” in the adserving market that many sites use to outsource ads:
doubleclick.net
linkexchange.com
adsmart.net
admonitor.net
msn.com (not an outsource service but gobs of ads come out of ads.msn.com)
smartclicks.com
focalink.com
bravenet.com
bfast.com
sextracker.com (You’d be surprised)
hitbox.com
valueclick.com
fastclick.net
realmedia.com (these ads are hugely huge)
And there are several more. If you do a lot of “source hunting” you’ll soon notice that 90% of ads come from less than 100 locations.. Should be easy to block right? Well, in OS X it’s a piece of cake.
Open the terminal by going to /Applications/Utilities/ and opening Terminal. You may not have ever used the Terminal before but do not worry, this won’t be hard. Type:
sudo pico /private/etc/hosts
When prompted, enter in your administrator password (if you’re the only user of your computer, it’s just your regular password). When you type nothing will appear on screen (not even *’s). This is a security mechanism. When you finish your password just press enter. You’ll be taken to a screen that should look something like below:
Pico is a simple text editor for Unix. It’s commands are a little funny for Mac users since it uses control instead of command, but it’s otherwise really easy to learn. The ^ key signifies control for any interested souls out there . What this file does is associate hosts. The first line means when a request for localhost comes in send it to 127.0.0.1 (almost the universal address for the local-computer). What we’re going to do is insert some well known ad servers into the right hand column, and send them to 127.0.0.1 in the left hand column. For extra points we’re going to set up a custom 404 error page to keep blocked ads looking pretty. Here is a list I compiled of the most popular/annoying ad servers along with the 127.0.0.1 forwarding address. Copy and paste this list into pico (select the text and press Control-C, in pico use the arrow keys to highlight an area below the last line with text on it and press command-v). Once you successfully copied the addresses press Control-o and hit enter once you see the message asking for a file name. Then hit Control-x. Keep the terminal open for the 404 message step (not a real message that shows in the Terminal, but you need to keep it open for the step that prevents nasty errors to be shown).
Now you need to turn on your personal web server. If you don’t, you’ll have to click through warning messages about every 2 seconds for most every page you visit. To do so just open up the System Preferences by going to the Apple Menu and choosing “System Prefrences…”. Once the preference pane opens, choose Sharing. In the sharing pane, check the persona web sharing box. The pane should look like this before you click the check box:
If you were to restart your computer now, and started browsing the web, you’d notice a lot fewer ads. But, you’d also notice really weird looking error messages. Here’s a picture I took of my browser at Tucows.com:
I think having the ads in place might look better… But the load times without them are much nicer. To fix this, we’re going to make a custom error message. All that text means is that the ads can’t be found on your computer… Of course they can’t… We’re trying to get rid of them! Get back in the Terminal and type:
sudo pico /etc/httpd/httpd.conf
You’ll be greeted with the now familiar Pico interface but now with a lot more text. No worries, this is a down and dirty task. Press Control-w and type (or paste):
ErrorDocument
Look for the following text:
# ErrorDocument 404 /missing.html
Move your cursor with the arrow keys until it’s one character to the right of the #. Hit delete. This “un-comments” the line. We’re telling Apache that when there is a missing page, use missing.html instead of the error message. If you run a web server (like I do) you can get more tricky and throw it to a script that dynamically decides if you’re trying to block an ad or if someone found a broken link on your web server (I’ll save that for part 2). To save this file hit control-o and then control-X. You can close the Terminal. Now just download this file and place it in /Library/Webserver/Documents/.
Go ahead and restart your computer. When you next start your web browser, head over to a large site like CNN or TuCows and notice the difference. I’d suggest using Chimera to get the best effect… no pop windows and no large sive ads. If you go back to TuCows you’ll see a nice ad free version like this:
If you find this saves you time, please consider supporting MacMerc by donating through PayPal below or by purchasing through our MacMerc.com Store. By offering you this tutorial we are effectively removing this site’s only source of income. We love every aspect of this site except the hosting bill.
Don’t forget to support the sites you like if you block their ads!
UPDATE (10/23/08 – 19:02 PT): Thanks to a MacMerc.com reader who submitted this tip to update this tutorial for Mac OS X 10.5:
Just wanted to let you guys know that I recently figured out how to get the Superior Ad Blocking walkthru to work in 10.5. Instead of editting the /private/etc/hosts file (which actually changes the correct one in 10.5) it’s easier to change the /etc/hosts as it will also apply to other users on the computer. Second the httpd.conf has moved from /etc/httpd/httpd.conf to /etc/apache2/httpd.conf. Just trying to help out! Cheers and Good Luck!
Our readers are the best!
–Rick
Web Serving Made Easy Part 4
By: Jon Gales
Alright. By now you’ve got PHP running and know how to do CGI scripts. If
you’ve forgotten, check last
week’s column. There is some good and bad news this week. The good news
is that this is a pretty darn long/good/amazing article. The bad news is that
it’s the end of the series. if you’ve enjoyed or even just followed this series
I’d like to hear from you. PowerUser Monday
isn’t going away–just the web serving series. Also, if you’ve gotten a website
set up from this I’d like to get your link so I
can
add them
to the bottom of this page (hopefully
get you some traffic as well).
Now we’re going to install MySQL. It’s the most popular open source database
in the world and it just rocks. It’s often used with PHP and web applications
because:
- It’s free
- It kicks serious butt
- It runs on Windows, *nix and OS X
Instead of downloading source code and having the joys of learning how to
compile it, we’re going to cheat and use a package made by the MySQL people.
This is new to version 4.0 (just came out) and it rocks. Visit this
page and
download the file. Be nice and give them your info–they aren’t spammers. They
have given a good chunk of their lives for this software… Give them honest
answers. It’s a 7.1 meg download which isn’t bad for what you get.
You’ll find the downloaded file in your default downloads folder called, “mysql-standard-4.0.12.dmg“.
Just double click on it like any other DMG. Inside you’ll find a package (yep,
that’s what that those box icon thingies are)–double click it. The installer
is self explanatory.
Since it’s unix software you won’t see a GUI application. To start it up you
must delve into the terminal. If you feel inclined (you should) install a
script by Marc
Liyanage that boots MySQL at startup. To start it without having to restart
your computer just pop open the terminal and type the following:
shell> cd /usr/local/mysql
shell> sudo ./bin/mysqld_safe
(Enter your password)
(Press CTRL+Z)
shell> bg
(Press CTRL+D to exit the shell)
If you have problems, refer to MySQL’s
OS X installation guide. It sums it
all up well.
Now, you need to set your password. Enter the terminal again and type:
mysqladmin -u root password YOURNEWPASSWORD
Try to make this secure, you won’t need to type it in much and it’s important.
Now, we want to do something with our newfound database. You can download
a great Cocoa app called YourSQL that will log in for you and let you muck
around a little easier than in the Terminal. It’s free and I use it all the
time. However, the remainder of this app will focus on setting up a CMS that
uses MySQL, not MySQL (that’s another week folks).
Weblogs are hot right now and a lot of people either have or want to have
one. If you’re one in the second category wish no longer. Go to pMachine.com and
download a copy (it’s free). I use it and love it. There are lots of other
great free Content Management Systems like MovableType, PHP Nuke, and B2 but
pMachine is just plain easy (and the programmer is a big Mac guy).
Go to /Library/WebServer/Documents/ and drag all of the files
from the pMachineFree2.2.1
folder to it. Once that’s done point your browser to http://localhost/pm/install.php
and follow the on screen directions. Below are some pointers.
It will probably say you have to mess with config.php. Just open it up (it’s
in the pm directory) in a text editor and make the following changes:
$hostname = "localhost";$dbusername = "root";
$dbpassword = "YOURNEWPASSWORD";
Obviously YOURNEWPASSWORD is what you entered prior in the MySQL installation.
If all goes well you should see some green when you refresh step two. The rest
of the installer is self explanatory. When you get to the part where it asks
for the domain make sure you don’t leave it as localhost if you’ve registered
a domain. if you need help on this, check part
2.
You’ve now got a dynamic database powered weblog hosted off your computer!
You can administer things via http://localhost/pm/.
If you don’t like the template, feel free to change it. All it takes is a
text editor (yes, Dreamweaver or GoLive will work) and mess with the files
in /Library/WebServer/Documents/. For instance, weblog.php is the main
page. It’s pretty easy hacking. My weblog is powered by pMachine if you want an example of what can be done (don’t use mine as a high bar, it sucks ).
Again, let me know how it goes. I love
feedback.Many thanks to Marc for the great
reference he’s got. Check it out–he’s
a God send.
User submitted sites:
Full Security
Brought to you by: James with special thanks to simX and Michel Evrard.
All right you security freaks. It’s time to make your computer a fortress. I’m sure that most of you have at least a password set on your user and the password prompt activated at startup, otherwise you wouldn’t be here. But did you know that anyone with access to your computer can boot from the install CD and reset your password? Well, they can, and if they want to, they will.
Call me paranoid, but I like plenty of security, especially on my iBook.
As I’m sure you all know, the ROM (open firmware) is the first part of your computer to activate. It then tells everything else what to do. What we’re going to do today is put a password on that guy, thus disallowing anything else to activate (including the CD Drive and the Hard Drive) without the proper password. Here’s what you do:
Boot up, holding command-option-o-f
You’ll now see a white screen with a few basic instructions. At this screen, enter setenv security-mode full
You’ll be asked to enter a password, do so, confirm, and now you’re ready.
Enter mac-boot
You’ll be asked for your password. Enter it. Now you’re on your way to a normal restart.
Incase you ever want to disable this feature, just enter setenv security-mode none
To re-enable it, just enter setenv security-mode full again.
Note: This security mode disables everything but booting straight to the Hard Drive. If you want to boot to the Command Line or a CD, you’ll have to disable the security.
Thanks to simX, we now know how to override this feature. “First, you need to open up the computer and add or remove a memory module (this is essential). Then, turn on the computer and immediately zap the PRAM, by holding down the keys Command-Option-P-R. Keep holding them down until you hear 3 additional startup chimes (that’s in addition to the first one you hear when powering on) — this will make sure you zap the PRAM. You’ll now be able to start up the computer without needing to enter the open firmware password. You may return the removed memory module at any time after this point.”
simX would also like to point out that there are some faults to this feature. “One of these is an alternate keyboard layout: when booting into open firmware, your keyboard layout will always be the default QWERTY layout (unless there’s some way to set this of which I don’t know — I’d be interested). So you could accidentally enter a password in your default keyboard layout, but the password will actually be entered in the QWERTY layout. Next time you try to enter your password when you restart, it won’t work.”
Michel Evrard has a way to change the keyboard’s layout as it is perceived by Open Firmware. “The default layout used before login is actually the root user default layout, and is certainly QWERTY when you install your machine with such a keyboard. Activate the root user from an Admin account (sudo passwd root, etc…), login as root, go into System Preferences to change your keyboard layout to fit what you need, and logoff from root. Et voilà ! This default keyboard layout is also probably in a plist file belonging to root and can then be edited without activating the root user which is I admit a better solution. But I haven’t had the time to do the search yet. If you find it, I will be interested 
!!”
Well, I hope you enjoyed my security tutorial. Have fun!
* MacMerc.com is not responsible for lost or damaged computers.
I’ve Locked My Keys In The Car
Brought to you by: James Huff
Have you set-up an OS X password or Open Firmware password on a now out-of-use computer? Have you found some reason to go back to it, but now realize that you’ve been locked out because you can’t remember what password you’ve used? Here’s a quick round-up of two useful solutions.
If you’ve forgotten your OS X password, just reboot from your OS X install CD, go to the “Installer” menu and choose “Reset Password”. At this point, set your password to something easy as this won’t change your keychain password. Now, return to your OS X and login triumphantly. Make your way to the “Accounts” System Preference pane. Now, change your password to your desired password. This will also change your keychain password.
If you’ve forgotten your Open Firmware password, just shut-down your computer, remove one RAM module and zap the PRAM 3 times (restart holding down command-option-P-R until you hear the start tone 3 times). The Open Firmware security is now disabled. Feel free to re-enable it and set a new password.
*MacMerc.com is not responsible for loss or damage of data and computer hardware.
Secure Transfers
We all know the Internet is rife with menacing threats, so why send your username and password through it unprotected? Too often we assume that good old FTP is safe. What we don’t realize is that – particularly on others’ unprotected wireless networks – your login credentials pass through unprotected.
Fetch has been transferring files to and from Macs for almost as long as the FTP protocol has been around. You’ll be happy to know, the running dog is getting an update to version 5. This limited release beta improves the interface, and introduces support for SFTP, a secure FTP protocol.
If you’ve not already been accepted to the limited beta test, you’ll have to wait to get your hands on this FTP client. Fetch 4 is free to academic users, and cheap to the rest of us. No pricing has been announced for version 5.
Now, for a beta you can use today, there’s Cyberduck. This beta release also supports SFTP. The Open Source FTP client requires Panther and sports a clean interface and server bookmarking. Cyberduck brought home a 4 mouse rating from Macworld, pretty good for a free application.
While Fetch came to us from Dartmouth College, the University of Michigan has an excellent free file transfer solution. We’ve recently looked at Fugu, but it’s worth mentioning again while we’re on the subject of secure file transfer. Fugu does SFTP via SSH encryption.
If the terminal is more your style, you’ll want this straightforward collection of AppleScripts to connect to Telnet, SSH, FTP and SFTP servers via the Terminal. This one should work on any flavor of OS X.
There you go. Whatever your client may be, now you can send those data packets out with confidence.
Downloads provided by MacUpdate
Stay Secure and Synchronized at the Office
Brought to you by: James
If you find yourself stuck at your work computer during breaks, you may be tempted to browse the internet, but I can name two things that are probably keeping you from enjoying your short browse. You’re probably concerned about security, which keeps you from checking your email. And, you probably find it difficult to keep your news feeds and bookmarks in sync between your home and work computers. Don’t worry, it’s not as difficult (or insecure) as you think.
The first thing that you’ll probably want to do is pickup your email. To stay in sync and avoid installing any third-party applications, just access your email through a web-based interface (aka “webmail“). Your first priority when accessing webmail on a public or work computer is to confirm that the connection is secure. A secure connection will keep peering eyes away from your password and email activities. If the connection is secure, you will notice a small lock icon at some location in your browser. In safari, the lock icon is at the top-right of the browser window. In Firefox, the lock icon is in the address bar. If you are connecting to your webmail via a URL that has an “https://” header, chances are that it’s secure. Generally, you can get secure access to your webmail through either your ISP or webhosting provider. If your ISP does not provide secure webmail access, and you don’t have a webhosting provider, then ask someone for a Gmail account, or find another free webmail service with a secure login system.
The next thing you’ll probably want to do is check all of your favorite RSS or Atom feeds. To stay in sync and avoid installing any third-party applications, just access your feeds through a web-based interface (aka “online news aggregator“) like NewsGator or Bloglines.
After that, you’ll probably want to browse through your favorite sites. To stay in sync and avoid installing any third-party applications, just access your bookmarks through a web-based interface (aka “social bookmarks manager“) like de.lirio.us or del.icio.us.
If you are paranoid enough to require complete anonymity while browsing at work, then look no further than The Cloak. With The Cloak, you can surf via an anonymous proxy (hiding your identity from the sites that you visit) and optionally encrypt your entire browsing experience. For an added ounce of security, use a browser with which you can easily delete the cookies, cache, and history. Firefox is one such browser. Safari v2 also offers a secure “Private Browsing” feature.
Thanks for reading! I hope you enjoy staying secure and synchronized at the office!
Cloud Control– Setting up Your Own Server
Recent headlines have taught us that we pay a price for the accessibility provided with all of the ‘cloud computing’ services we enjoy. Problems like data theft, loss or uncontrolled downtime haunt even the best of services like Gmail.
So, in this first step of cloud control we’ll start taking back control of our data by unleashing the powerful server capabilities built right in to OS X.
Fire up the Stack
To set our Macs up as remote devices, we need a couple components. We need a web server to make our Mac available remotely. We’ll need a scripting language that supports many off-the-shelf applications we can download: PHP. We’ll also need a database to house the data we are going to create with these applications: MySQL.
You can get all three in nicely packaged ‘stacks’. XAMPP and MAMP are great choices for a quick install. However, they are both a little overweight in terms of what we need, and neither support an SSL connection out of the box.
Web Server
So I chose a lesser-know alternative, Apprellium’s Abyss Web Server. It is easy to configure (right in your browser), lightweight: 3.9 MB and supports SSL so we can encrypt out transactions.
Since Abyss does not come in a stack, we’ll have to add PHP and MySQL ourselves, but that’s not hard. PHP is easily added using a pre-configured installer from Apprellium. The link also gives you the short-and-sweet configuration instructions.
For MySQL I chose a slightly older version packaged by Server Logistics for its small size. It comes with a preference pane for basic maintenance. Set your root password and we’re ready for the next step.
Applications
Now were ready to add PHP scripts and build applications we can use locally or remotely. In the next segment we’ll look at more open source applications you can use to enhance the function of your new server. For now, we’re going to install a couple that will make our databases more accessible.
phpMyAdmin is the most popular web-based tool for managing MySQL databases. Once installed, we’ll be able to build databases, upload data and generate reports using queries without writing a line of code. And, since we’ll be turning our Mac loose in cyberspace, this data will be accessible anywhere.
While phpMyAdmin is a great database management tool, I chose TurboDBAdmin for everyday data entry for my databases. Turbo sports a streamlined, AJAX interface that makes entering new data or editing existing data easy and fast.
Putting it all Together
With all these pieces in place we’re ready to open our server up for remote connections. If your Mac lives on an internal network, you’ll need to set up port forwarding from your router to your Mac and assign it a static internal IP. With your http ports opened on your firewall, you should now be able to see your web server by browsing to the IP address your ISP assigns. You may want to set up a free account with DynDNS and use their free dynamic DNS service to create a name that points to your IP for easier remote access.
A Word on Security
Allowing remote access to your Mac exposes it to risk. Fortunately, Abyss supports directory level access control, and you should set up a password to protect you sensitive directories and PHP scripts (password protecting phpMyAdmin is an absolute MUST). You could also create a non-root user in MySQL and use that in your PHP applications for added security. Only forward ports you are using, that are relatively safe (http rather than remote login or FTP) and configured.
The Fun is Just Beginning
Getting a working web server running on your Mac is a reward itself, but with PHP and MySQL in place and remote access working the possibilities are wide open. Check back for our part two of the series for some PHP/MySQL applications for managing your data and making the most of your new personal server.
Is there anywhere Apple won’t put Cover Flow? Safari 4.0 Beta Announced
Today Apple announced the public beta of Safari 4 for Mac (under Tiger or Leopard) and Windows (XP SP2 or Vista).
Apple claims the Nitro engine in Safari 4 runs JavaScript 4.2 times faster than Safari 3. Safari 4 also has other new features like “Top Sites” (which gives shiny thumbnails of frequently visited pages), Full History Search, Cover Flow (because everything has to have Cover Flow), and Tabs on Top (with no option to put them back where they were).
Safari 4 is available immediately as a free download. A more complete list of features is listed after the “Read more.”
The new features in Safari 4 include:
- Top Sites, a display of frequently visited pages in a stunning wall of previews so users can jump to their favorite sites with a single click;
- Full History Search, where users search through titles, web addresses and the complete text of recently viewed pages to easily return to sites they’ve seen before;
- Cover Flow, to make searching web history or bookmarks as fun and easy as paging through album art in iTunes;
- Tabs on Top, for better tabbed browsing with easy drag-and-drop tab management tools and an intuitive button for opening new ones;
- Smart Address Field, that automatically completes web addresses by displaying an easy-to-read list of suggestions from Top Sites, bookmarks and browsing history;
- Smart Search Field, where users fine-tune searches with recommendations from Google Suggest or a list of recent searches;
- Full Page Zoom, for a closer look at any website without degrading the quality of the site’s layout and text;
- built-in web developer tools to debug, tweak and optimize a website for peak performance and compatibility; and
- a new Windows-native look in Safari for Windows for Windows users that actually like the way Windows looks.
Note:For those of you using 1Password, Safari 4 might appear to break the password app’s functionality, but it is actually not the case. 1Password Version 2.9.9.BETA-11 (build 7364) works wonderfully well with Safari 4. To access this update, go to Preferences in 1Password and under Updates check the box next to Include Beta versions and then click the “Check now” button. A new version will be offered to you. Download it, apply its plug-in to Safari and restart your browser.
