Walt-O-Matic

Today I learned that there’s a nifty little utility called Maintenance 3.8 out on Apple’s site. You can find it by going to Apple / Mac OS X Software…, and when the web page pops up, type Maintenance in the search box.

It’s an automator script to repair permissions, verify preferences, updating prebindings, do cleanup, update databased, rebuild indexes, empty Trash, and so forth. My guess is it’s much like Onyx.

Deciding to give it a try, I downloaded it, opened the .DMG file, and double clicked the automator icon, selecting Restart when done. And while I got a very little in the confirmation department that things were working, I saw a lot of CPU activity running utilities I was familiar with.

So, with the laptop plugged in, I left to to chug away. I heard the restart sound several minutes later. And, I ignored it.

Later, I picked up my laptop and went to login.

Nothing.

The “breathing LED” on the front was off, and nothing was responding keyboard or mouse wise. The screen was black.

So, I decided to check the battery. Full power.

But then I noticed something. At the steep angle, in the near pitch black of my LCD screen, I saw the login window. What was happening: the backlight wasn’t coming on. Fiddling with the brightness control didn’t help either.

Sure enough, I could make out the cursor once I located where it was.

I tried opening and closing the lid. Nope. Backlight still off.

So, I restarted (as I mentioned, it was operational, I could barely make out the GUI).

The machine sprang to life, showed me the blue background, and right before it went to the login screen, the backlight cut out again, leaving me in pitch black.

Titling the screen back again (with the keyboard sticking up in the air and the screen flat on the table), again I could make out the login box and mouse. I did a restart again.

This time I held down Command-V as it booted. And I watched as it came up, lots of normal diagnostic messages, and then the blue background, and right as the login screen appeared, back to pitch black.

Annoying. But now I’m wondering if all the times I’ve ever woken my laptop after a case where the lid didn’t quite clasp perfectly, was this what was happening — could the machine be up, but the backlight off?

So, one last time, I restarted. Only I held down Command-Option-P-R (four fingers) to reset the power management settings. Several chimes later, I let go, and the machine booted perfectly, and the login box appeared, backlight and all.

I’m hoping that my experience may lead to an additional piece of the puzzle about the Mac waking up funny. I would have never have noticed anything on the screen if I looked at it dead on, as I always do.

It’s fairly well known that if you close the Mac’s lid, but down engage it fully, the lid will pop back up, but not after putting the machine to sleep. At that point, it becomes a little dance with the lid, trying to get the lid back down, so that the machine can see it re-open, and that usually wakes it. But sometimes the screen is still dark, and you have to play with the power button (and if frustrated, hold it down to restart).

Sometimes this same problem manifests when you wake the machine, enter your password, and suddenly everything goes dark. You wiggle the cursor and hit the keys and nothing happens. Caps Lock toggles, but it feels like it’s gone back to sleep.

Well no more. From now on, I’m going to tilt my screen back and see if I’m operational. That way I won’t lose data from an unnecessary restart.

While trying to iChat using Leopard to a system running Tiger, I ran into a problems that I never had using OS X 10.4 before: bad video quality to downright refusing to connect.

With a little research, I ran across this article and that was enough to resolve the problem.

Here’s how to get iChat working on OS X 10.5
…if you’re running Parallels.

See, turns out that Parallels, I’m using 3.0 Build 5582 (Dec 5, 2007), appears to be running some services, even when the virtual machine is active, that gets in the way of iChat.

Get out of iChat.

Go to Apple / System Preferences…, select Network, and click on Parallels NAT and change the Configure drop down to Off; then go to Parallels Host-Guest an change the Configure drop down to Off. Press Apply.

Get back into iChat and try again. For me, it instantly fixed the problem.

I’ve just discovered that I can crash the Finder, not that this inhibits anything in that it instantly restarts…

1. Pick any FOLDER that’s on your desktop. Press Command-I to get info.
2. In the bottom right is a pad lock, click it, and enter your password so you can change permissions on the folder.
3. To the far left of the padlock is a plug sign. Press it.

For me, I instantly get an error on the console that the Finder exited abnormally with a bus error; this is usually a pointer trying to access memory that it’s forbidden to. The CrashReporter logs the event, and Finder restarts, closing the Info window that was just open.

While I can reproduce it effortlessly, can any one out there?

Today’s trick will give you an astounding performance boost, while at the same time make you just shake your fist at Microsoft.

First of all, to start with, let me say that my Dell Precision 470 (2.8Ghz Dual CPU with hyperthreading on) and 2GB of RAM running XP Pro is …slow. I mean the kind of slow where clicking the Start button takes several seconds to draw the rectangle for the menu.

I have a dual monitor system. I’m using a Dell 2005FPW via DVI at 1680×1050 60Hz as my primary monitor and a Dell 1907FP via analog SVGA/XGA at 1280×1024 60Hz as my secondary. Both are driven by an ATI FireGL V3100 using the latest drivers from ATI’s site for XP Professional, and hardware acceleration is set to full.

I first noticed the severity of the problem when using iTunes 7.3.1.3’s music visualizer. Here’s how playing a simple CD turned into a fantastic diagnostic tool.

With the iTunes visualizer running on the primary monitor, I noticed that when I put the mouse on the secondary monitor the visualizer ran at full speed and was completely fluid. When I put the mouse on the primary screen, even when I wasn’t moving it, the frame rate dropped to about two frames every second (music, however, played fine).

Task Manager, after a violent killing spree, showed a minimal number of processes and services, idle times in the high 90%s, and no interesting page or interrupt activity — but the behavior continued. Opening additional applications didn’t affect performance, as long as the mouse was on the secondary screen.

When I showed this behavior to a friend of mine, Brian Busch, he suggested I turn off mouse trails. And, to humor him, I did. Instantly my system sprung to life and the problem was gone.

That’s when it struck us. Windows XP’s mouse pointer options don’t use hardware acceleration. And to confirm it, I pressed the CTRL button, which showed the location of my mouse. As the little target was drawn around the cursor, the frame rate dropped. When Microsoft’s little visibility animation ended, the system resumed at full speed.

Why was mouse trails on? Because Dell still hasn’t fixed the jumping mouse problem. But I don’t love them enough to kill my system’s responsiveness. Laptop users, beware.

Performance Recommendation: Go to Settings / Control Panel / Mouse, select the Point Options tab, and in the Visibility section uncheck ‘Display Pointer Trails’, ‘Hide pointer while typing, as well as ‘Show location of pointer when I press the CTRL key’ and press OK.

Shortly after the 10.4.9 update, and even though I’m running 10.4.10, I’ve noticed an odd behavior with my wireless network connectivity. While using my machine, often for hours at a time without incident, my applications will all suddenly act as though there’s no internet, and indeed, looking at the routing tables, by all appearances it is gone.

The odd part is that my signal strength is at full. And, even more confounding, if I turn off the wireless and turn it back on, I suddenly get connectivity again and the applications recover. Meanwhile, other devices connected wirelessly don’t see the drop, so I know it’s local to the Macbook Pro.

Is anyone else out there experiencing a similar problem where the machine just drops internet awareness?

The only clue I ever seem to get in my console.log file is the message:
mDNSResponder: SetupAddr invalid sa_family 0
mDNSResponder: getifaddrs ifa_netmask for fw0(7) Flags 8863 Family 2 169.254.59.71 has different family: 0
mDNSResponder: Repeated transitions for interface en1 (FE80:0000:0000:0000:0216:CBFF:FEB6:AD8C); delaying packets by 5 seconds

According to websites with source code for the operating system, the file dDNS.c contain codes that looks like this:

mStatus dDNS_SetupAddr(mDNSAddr *ip, const struct sockaddr *const sa)
	{
	if (!sa)
                {
                LogMsg("SetupAddr ERROR: NULL sockaddr");
                return(mStatus_Invalid);
                }

	if (sa->sa_family == AF_INET)
		{
		struct sockaddr_in *ifa_addr = (struct sockaddr_in *)sa;
		ip->type = mDNSAddrType_IPv4;
		ip->ip.v4.NotAnInteger = ifa_addr->sin_addr.s_addr;
		return(mStatus_NoError);
		}

	if (sa->sa_family == AF_INET6)
		{
		struct sockaddr_in6 *ifa_addr = (struct sockaddr_in6 *)sa;
		ip->type = mDNSAddrType_IPv6;
#if !defined(_WIN32)
		if (IN6_IS_ADDR_LINKLOCAL(&ifa_addr->sin6_addr))
                    ifa_addr->sin6_addr.__u6_addr.__u6_addr16[1] = 0;
#else
		if (IN6_IS_ADDR_LINKLOCAL(&ifa_addr->sin6_addr))
                    ifa_addr->sin6_addr.u.Word[1] = 0;
#endif
		ip->ip.v6 = *(mDNSv6Addr*)&ifa_addr->sin6_addr;
		return(mStatus_NoError);
		}

	LogMsg("SetupAddr invalid sa_family %d", sa->sa_family);
	return(mStatus_Invalid);
	}

It appears that the software can’t figure out whether IP4 or IP6 is in use, so it reports it has no idea how to set up the socket. It’s interesting to note that the socket isn’t null, so something’s going on.

But what is mDNSResponder? Well, for one, it contains Apple’s Bonjor services that allow zero-configuration networking.

mDNSResponder is a multi-cast DNS deamon. And, what’s even cooler, is that you can force it to emit its status and dump tons of info in the console.log by sending it a gentle signal:
sudo killall -INFO mDNSResponder

Even FreeBSD has mDNSResponder in its ports collection.

And, even while Apple has a way to disable Bonjour, I’m not sure that I want to, nor am I 100% convinced this is the problem, but is more likely a symptom. Afterall, Apple has had network problems before. Plus, they appear to be actively working on Bonjour.

As my friend Phil points out, the IP addresses in the 169.254 range are in the zero-configuration range for peer-to-peer communication.

Like I said, I’m curious to know if I’m alone in this, or even better, if someone’s solved the problem, what was it…?

UPDATE 1-Aug-2007: It appears that the AirPort Extreme Update 2007-004 fixes this problem. And, while you’re at it, get the Security Update 2007-007 as well.

I’m currently working on an application that takes content from various web resources, munges the content, stores it in a database, and on demand generates interactive web pages, which includes the ability to annotate content in a web editor. Things were humming along great for weeks until we got a stream of data which made the browser burp with a JavaScript syntax error.

Problem was, when I examined the automatically generated JavaScript, it looked perfectly good to my eyes.

So, I reduced the problem down to a very trivial case.

What would you suppose the following code block does in a browser?

Try it and see.

To my eyes, this should produce an alert box with the simple text </SCRIPT> inside it. Nothing special.

However, in all browsers (IE 7, Firefox, Opera, and Safari) on all platforms (XP/Vista/OS X) it didn’t. The close tag inside the quoted literal terminated the scripting block, printing the closing punctuation.

Change </SCRIPT> to just <SCRIPT>, and you get the alert box as expected.

So, I did more reading and more testing. I looked at the hex dump of the file to see if perhaps there was something strange going on. Nope, plain ASCII.

I looked at the JavaScript documentation online, and the other thing they suggest escaping are the single and double quotes, as well as the backslash which does the escaping. (Note we’re using forward slashes, which require no escapes in a JavaScript string.)

I even got the 5th Edition of JavaScript: The Definitive Guide from O’Reilly, and on page 27, which lists the comprehensive escape sequences, there is nothing magical about the forward slash, nor this magic string.

In fact, if you start playing with other strings, you get these results:
  <SCRIPT> …works
  <A/B> …works
  </STRONG> …works
  <\/SCRIPT> …displays </SCRIPT>, and while I suppose you can escape a forward slash, there should be no need to. Ever. See prior example.
  </SCRIPT> …breaks
  </SCRIPTX> …works (note the extra character, an X)

With JavaScript, what’s in quotes is supposed to be flat, literal, uninterpreted, meaningless test.

It was after this I turned to ask for help from several security and web experts.

Security Concerns

Why security experts?

The primary concern is obviously cross site scripting. We’re taking untrusted sites and displaying portions of the data stream. Should an attacker be able to insert </SCRIPT> into the stream, a few comment characters, and shortly reopen a new <SCRIPT> block, he’d be able to mess with cookies, twiddle the DOM, dink with AJAX, and do things that compromise the trust of the server.

The Explanation

The explanation came from Phil Wherry.

As he puts it, the <SCRIPT> tag is content-agnostic. Which means the HTML Parser doesn’t know we’re in the middle of a JavaScript string.

What the HTML parser saw was this:

And there you have it, not only is the syntax error obvious now, but the HTML is malformed.

The processing of JavaScript doesn’t happen until after the browser has understood which parts are JavaScript. Until it sees that close </SCRIPT> tag, it doesn’t care what’s inside - quoted or not.

Turns out, we all have seen this problem in traditional programming languages before. Ever run across hard-to-read code where the indentation conveys a block that doesn’t logically exist? Same thing. In this case instead of curly braces or begin/end pairs, it was the start and end tags of the JavaScript.

Upstream Processing

Remember, this wasn’t hand-rolled JavaScript. It was produced by an upstream piece of code that generated the actual JavaScript block, which is much more complex than the example shown.

It is getting an untrusted string. Which, to shove inside of a JavaScript string not only has to be sanitized, but also escaped in such a way that the HTML parser cannot accidentally treat the string’s contents as a legal (or illegal!) tag.

To do this we need to build a helper function to scrub data that will directly be emitted as a raw JavaScript string.

1. Escape all backslashes, replacing \ with \\, since backslash is the JavaScript escape character. This has to be done first as not to escape other escapes we’re about to add.
   
2. Escape all quotes, replacing ' with \', and " with \" — this stops the string from getting terminated.
   
3. Escape all angle brackets, replacing < with \<, and > with \> — this stops the tags from getting recognized.

At this point we should have generated a JavaScript string which never has anything that looks like a tag in it, but is perfectly safe to an XML parser. All that’s needed next is to emit the JavaScript surrounded by a <![CDATA[ ... ]]> block, so the HTML parser doesn’t get confused over embedded angle brackets.

From a security perspective, I think this also goes to show that lone JavaScript fragment validation isn’t enough; one has to take it in the full context of the containing HTML parser. Pragmatically speaking, the JavaScript alone was valid, but once inside HTML, became problematic.

I’m an avid fan of Registry Mechanic and can’t say enough nice things about the product.

I recently downloaded Registry Mechanic 6 (version 6.0.0.750 w/ engine 2.0.0.560), installed, and ran it. It worked great - I even like the slightly sleeker interface. However, after doing the Smart Update, Registry mechanic displayed a message that C:\Program Files\Registry Mechanic\PCTLicHelper.dll is missing or invalid, and it suggested I uninstall and reinstall.

The uninstall worked fine. The reinstall worked fine. The re-running worked fine. But upon another update, I got the same error message.

My next thought was that the file might be getting deleted accidently during the upgrade, and to simply install the software, copy the file to a safe haven, do the upgrade, and put it back. No such luck, the file doesn’t exist in the pre-upgraded application. This is a new file needed by the latest upgrade, and judging by the file name, I believe it’s highly related to PC Tools’s license scheme that is subscription based.

A little experimentation with uninstalling and reinstalling shows that the fault lies in the Smart Update’s getting of the updated Registry Mechanic. I suppose they wrote the code but forgot to bundle the DLL.

Simply uncheck the entry that says Registry Mechanic 1.43Mb, but leave all the other items checked. You’ll be able to scan just fine.

I tried reporting this problem to PC Tools at their website support page, but that reported an error: Fatal error: Undefined class name ‘datetime’ in /home/shared/include/tickets/rawmessage.php on line 222. I guess they have bigger problems than they thought.

After calling their USA support line, 1-800-764-5783, I got a recording that said they could also be reached at support@pctools.com. That would have been nice to have on the website somewhere obvious.

This trivial issue aside, Walt gives Registry Mechanic a big thumbs up!

UPDATE 22-Feb-2007: As Mike suggested, I got the latest update this morning and this time there was an updated program, a PC Tools License Helper, and a revision to the white list. I installed the update, and Registry Mechanic worked just fine. I never did hear back from PC Tools about the issue, or its website being broken.

UPDATE 24-Feb-2007: This morning got an email from PC Tools informing me that the problem had been fixed and to simply reinstall, commenting there was no need to re-enter license information. They made no comment on the fact that their website was broken, other than to generically tell me it was a “great source of knowledge for future questions.”

Immediately after installing Apple’s Security Update 2007-001 for AirPort, I no longer had wireless connectivity to the internet. This is how I got around the problem.

Here’s how it’s supposed to work: You go to Apple / Software Updates…, it presents a Security Update, to which you select it to download and install. If it affects core pieces of the running operating system, then it may require a reboot. If that’s the case, then you are asked to authenticate the new module when it starts. For instance, a new AirPort driver asks you if you want to let it use your keychain (so you can connect to networks) - this extra line of defense would, for instance, let you know if some malicious program is trying to steal your passwords. Since it came from Apple via an update you explicitly requested, you authenticate, and all is good — everything is back to normal, and you’re more secured.

This didn’t happen when I installed the Apple Security Update 2007-001 for AirPort.

Immediately after the system reboot, I noticed that I wasn’t prompted for my password for the new replacement driver. This doesn’t always happen with minor changes, but you can almost always expect it with a security update.

Additionally, my AirPort icon in the tool bar was gray, suggesting that the AirPort power was off. So, I selected Turn Airport On, which normally starts scarfing the air for networks, joining my default one or letting me choose from a list. However, in this case, nothing happened.

I confirmed I wasn’t connected via the browser. And repeated attempts to turn on the network were futile.

At this point I opened the Network Diagnostics utility using QuickSilver.

If you don’t have that, you can go to your main disk, and go inside the System folder, then the Library folder, then the CoreServices folder, and click the Network Diagnostics application. Or, you can open a Terminal window and enter:

  $ open /System/Library/CoreServices/Network\ Diagnostics.app

Surprisingly, this told me my computer’s internet was working normally, and did I want to continue. I picked Yes. It then wanted to know which network port I wanted, I chose AirPort. My network appeared in the list, and I selected it and clicked Continue. It said I was now connected, and I hit Quit.

Sure enough, Apple / System Preferences / Network showed a green light next to my AirPort, and the text said I was now connected. A quick browser check to the internet confirmed that was, indeed, the case.

Meanwhile, the AirPort icon on the toolbar remains grayed out, convinced I’m not connected, and that there’s nothing that can be done about it.

Obviously the network card is working, as are the new security patches. It looks like something relatively minor got overlooked with the interface. But it’s nice to know there’s a workaround at the moment.

UPDATE 16-Feb-2007: I HAVE A FIX.
Grab a copy of OnyX, go to it’s Automation page, and fill out the form like this:

Then press Execute, this will take a while and require a reboot at the end.

Next, grab a copy of AirPortExtremeUpdate2007001.dmg and re-install it, this will require a reboot as well. At this point your Wi-Fi AirPort problem should be fixed.

And while you’re at it, grab a copy of SecUpd2007-002Univ.dmg and install that too, then reboot.

I believe what’s going on, and this is pure speculation, is that there’s some kernel cache files that either prevent the 2007-001 update from being installed or simply override the changes is has. By using OnyX, it’s possible to clear out all the cruft that’s plaguing the operating system, allowing the patches to work as advertised.

And, once you do the above, be sure to go to Apple / Software Update… — if you weren’t getting any updates since installing 2007-001, you’ll notice things like Final Cut Pro, Java for Mac OS X 10.4 Release 5, and Daylight Savings Time Update.

As an aside, here’s a list of Apple Security Updates for OS X.

Adding to the list of why IE7 is a nightmare, try this… I was using version 7.0.5730.11.

Bring up your favorite web page and double click a word on the page, not a link, but a word. It highlights that word, yes? Good. It should.

Note that one of the features that CSS is designed for is so that the user can override the appearance. Say for instance, I’m blind as a bat, and I would like the font larger so I can read the web page without strain.

Hold down the Control key and roll your mouse wheel. You can zoom-in and zoom-out. Again, very handy.

Now, double click a word on the page. Surprised?

That’s right the code that handles what you highlighted is misaligned with where the text is rendered. This means if you’ve zoomed in, as I did, in order to copy something, you can’t do so with any degree of precision.

Yet another annoyance from the people who want to take over your desktop.

Parallels is wonderful. Parallels beta is even more amazing.

However, when I went to try build 3094, things did not go well at all. It screwed up my screen sizes, hosed my computer, and in general, it was the first time I’d seen a beta that acted, well, like a beta.

I updated to build 3120, today, and everything is happily back to normal and running great. It did require a reboot after installation to get the virtual bridge working.

I can’t wait to buy the next version when it goes official. Even better, I can’t wait if they give it away as a free update to existing owners.