For years, systems administrators have used SFTP (the SSH File Transfer Protocol) to provide secure access to remote file systems. Based not on FTP, but on the Unix Secure Shell, SFTP allows the encrypted transfer of files over any network. While SFTP's command options and version compatibility can make it a complicated tool, Magnetk's ExpanDrive makes it easy to appreciate, offering Macintosh users a near-flawless way to mount and access remote servers as local disks.
The heart of ExpanDrive is the Drive Manager window, opened from its magnet-shaped icon in the OS X menu bar. From this window, you can add, subtract, and manage any remote volume on a server offering SSH. Fill in the server address, your login name and password, and (optionally) the remote server path you're logging in to and name you'd like for the local version of the volume.
The beauty of ExpanDrive is that once it's up and running, you can forget it's there entirely. It handles network difficulties gracefully, faster and more stably than the Macintosh Finder itself, and reconnects seamlessly when disconnected.
ExpanDrive keeps improving as well, with four significant updates this month alone. The coming version, promised by Magnetk in the next few weeks, includes Applescript integration and command line utilities for mounting SFTP shares from the Terminal.
ExpanDrive isn't without its issues. It handles Unix symlinks (file pointers like Windows shortcuts) poorly, can't transfer the resource fork on legacy Macintosh files (and fonts), and lacks a standardized interface or dock icon. If these issues apply in your environment, they may very well be deal breakers. For web development, image libraries, or management tasks, on the other hand, ExpanDrive outshines any other available tools for secure file system access.
ExpanDrive retails for $29.
Posted on 26 March 2008 by Ellis Jordan Bojar
Although Mac OS X has excellent built-in PDF support, there are some jobs that only Adobe's Acrobat can do. The ability to combine existing documents, create editable forms, and encrypt sensitive data all make Acrobat an indispensable tool. It's too bad, then, that the application has such a checkered history when it comes to stability. Acrobat 8 Professional, for instance, often crashes right out of the box. If it's doing so in your environment, there are several ways to get things running smoothly again.
There's a known issue in Acrobat 8 where corrupt or improperly-permissioned support files can cause the application to quit without warning. The problem centers around Adobe's Updater plugin, which by default checks for software patches when Acrobat first starts and causes the program to crash. Armed with this knowledge, it's easy to choose a solution appropriate for your environment.
The simplest method of dealing with this is to disable the plugin by selecting Acrobat in the Finder, choosing "Get Info" from the "File" menu, and unchecking the "Updater.acroplugin" box in the "Plugins" section of the Info pane. This method will prevent Acrobat from quitting unexpectedly, and is simple enough to walk users through over the phone or email. Unfortunately, it doesn't address the underlying issue.
The next approach is to replace the Updater plugin entirely. Adobe offers a fix for the Updater Plugin [963 KB]. To install the new plugin, right-click Acrobat 8 and choose "Show Package Contents", then open the "Contents" folder and place the new file in the "Plugins" directory. Though the publisher notes this doesn't work in every case, it allows Acrobat to run properly in most environments with the auto-update mechanism.
Finally, in most large environments, the best solution is to remove the offending plugin entirely. To do this, once again right-click Acrobat 8 and choose "Show Package Contents", this time going into the Plugins folder and removing the file named "Updater.acroplugin". This not only returns Acrobat 8 to full functionality, but prevents future issues that might be caused by unscheduled or user-initiated updates.
Recommended Reading: If you're looking for greater control of the update process, Adobe offers patches for manual download, testing, and installation at its Acrobat for Macintosh support page. If you're looking for more information on this issue, take a look at the Adobe Product Forums or the Acrobat for Macintosh list at Google Groups.
Posted on 19 March 2008 by Ellis Jordan Bojar
In many business environments, instant messaging has replaced email (and even the telephone) as the tool of choice for brief and casual contact. While easy, real-time chat has been embraced by most users, it still poses a number of challenges for network administrators. Most message services use no encryption by default, run your private conversations through their own servers, and offer no means to retain a permanent record of what could be important business communications. Running your own iChat Server can solve those problems.
In Server Admin, select your server from the left column, then click "Settings" from the toolbar. In the "Services" pane, check "iChat", and save your changes at the bottom of the window. Now choose the iChat service on the left, then hit "Settings" once again and begin with the "General" configuration pane. The current hostname of your server will already be listed under "Host Domains". If you'd prefer to use a service-specific name, such as ichat.makemacwork.com, you'll need that set up in your DNS listings.
Next, select the SSL certificate you'd like to encrypt message traffic with. You can use the unsigned "Default" certificate that's created by OS X Server, but many Jabber clients (including Apple's own iChat) will complain that they can't verify the server's identity. If your company doesn't already act as it's own certificate authority, it's easiest to use a third-party vendor such as Digicert, Thawte, or Go Daddy.
For "Authentication", Kerberos is the most secure option, but becomes unwieldy for users outside of your domain. The "Any Method" option will use Kerberos when possible, and otherwise default to a username and password. If you're required by law or policy to archive chat transcripts, move to the "Logging" pane, and check "Automatically save chat messages". When you're finished, click "Save".
Now everyone with a user account on your server can log in using any "Jabber-compatible" client. This includes iChat and Adium for Macintosh, as well as Trillian and Pidgin for Windows, among others. If you're planning to offer instant messaging from outside your office (for traveling employees, clients, or vendors) you'll also need to forward ports 5060, 5190, 5222, and 5223 through your firewall for this configuration.
Finally, there's one feature in Leopard's "Standard" server setup that somehow missed inclusion in the more flexible and configurable "Advanced" option. To automatically add every iChat user to every other user's Buddy List, you'll currently need to run the following on the command line after each user logs in initially:
sudo /usr/bin/jabber_autobuddy -m
Keep in mind that "Auto-Buddy" is a neat idea for small workgroups, but can quickly become unwieldy as your user base grows. If the feature appeals to you, it makes the most sense to automate the process by adding a launchd script that runs the command on a scheduled basis.
With these steps in place, anyone involved with your organization can send and receive secure instant messages through your OS X Server.
Recommended Reading: To learn more about the Jabber protocol (on which iChat Server is based), check out the information at Jabber.org.
Posted on 5 March 2008 by Ellis Jordan Bojar
