|
Volume Number: 21 (2005)
Issue Number: 11
Column Tag: Programming
Patch Panel - light
Collections and Contemplations
by John C. Welch
IT Types Finally Get A Room of Our Own
So after the last series we saw here, I thought that I'd devote this column to a collection of items that aren't enough to merit their own columns, but still of use to Mac IT Admins and Mac Geeks in general.
iTunes
While iTunes is indeed a wonderful thing, there are aspects of it that can be annoying on a network in large numbers, especially the iTMS, Internet Radio, and Music Sharing. Luckily, all of these can be managed, some of them centrally. With iTunes 5, you can now set preferences for accessing Podcasts, the iTMS, and Shared Music from within the "Parental" section of the iTunes preference. Yes, I know that doesn't cover Internet radio, but if you look in the "General" section, you see the control for showing or displaying Internet Radio. Finally, you have further controls in the "Sharing" section. These sections are shown in figures 1a - 1c below.
Figure 1a:
iTunes 5.X Parental Controls
However, you still have to get those preferences out to the user's machines. For that, you really, really want to use Workgroup Manager and the MCX (Managed Client for OS X) capabilities that allow you to push out individual preference files. I would go into the details of how to use this with iTunes, but as it turns out, I don't have to. Instead, go to the .Mac site of John DeTroye, Apple SE and MCX wizard extraordinaire. Go to his downloads section, select "Latest_Tips", "Tiger-tips" and download the "mini-tandt-itunes5.pdf" document. It will show you how to use Workgroup Manager to manage iTunes for everything but Internet Radio.
Now, that's not a minor issue. Internet Radio is potentially a huge bandwidth hog, especially if you multiply each connection by a couple hundred or thousand users. However, there's two ways to deal with this, one elegant, but requiring a more advanced firewall, and one that's not so advanced, but works well nonetheless.
The elegant way is to block the initial request from iTunes. As it turns out, iTunes makes all its initial requests for things like Internet radio and the iTMS as http connections. In those connections, it has a user agent, that, on my machine shows up as: User-Agent: iTunes/5.0.1 (Macintosh; N; PPC). So, if your firewall/router setup is able to handle higher level filtering, you simply tell it to block all outbound HTTP traffic where the User-Agent contains "iTunes". That blocks all versions, all platforms. At that point, your iTunes traffic is now local - only. Note: While
Figure 1b:
iTunes General Controls
there are a lot of very complex tools to discover things like this, my personal favorite here is tcpflow, available via DarwinPorts at http://www.darwinports.org/.
If your firewall/router setup isn't able to do this, then there's a simpler, albeit uglier way. Block TCP ports 8000-8999 and 42000-42999. That will prevent any iTunes Internet Radio streams to your network. Doing the iTMS is a little trickier, since that all happens over ports 80 and 443, and if you block those, you've effectively cut off the World Wide Web. However, if you kill access to "phobos.apple.com", you
Figure 1c:
iTunes Sharing Controls
can block off the iTMS, at least until Apple changes the DNS name of the iTMS.
To block music sharing, (say if you don't yet have all your machines on iTunes 5.x yet), just set the firewalls on the individual Macs to block all connections on TCP port 3689. (This can be done any number of ways, from shell to Applescript; the specific implementation is really up to your individual preferences and skillset. You can also do it as part of the imaging process for new machines, and let attrition handle it for you.) If for no other reason, the fact that iTunes 5 lets you block everything but Internet Radio with relative ease, is a good reason to upgrade.
AppleScript Tricks
So, as many who know me can attest to, my .sig file in Entourage is huge and varied. However, I got rather tired at typing them in manually all the time, so...AppleScript to the rescue. I have two scripts that handle signature creation, one from within emails in Entourage, the other for things I see in Safari that are theft-worthy.
The Entourage script is fairly simple:
set theSigTitleRecord to display dialog "Enter a name for the signature" default answer "RandomSig 1" set theSigTitle to text returned of theSigTitleRecord tell application "Microsoft Entourage" try set theSelection to the selection as text set theSelection to "-- " & return & theSelection make new signature with properties {name:theSigTitle, content:theSelection, include in random:true} end try end tell
The first part is easy. We display a dialog that asks for a name to be used for the signature, with some default text. Dialogs all return a record, so we grab the "text returned" field of that record, and put it in theSigTitle.
The rest all happens within Entourage. We get the selected text, drop it into theSelection, and
make sure it's plain text. We then set up the sig format in theSelection, which by RFC is
"--
The Safari version is similar:
set noSelectedTextFlag to 0 tell application "Safari" set theText to (do JavaScript "getSelection()" in document 1) if theText = "" then --some sites with frames don't allow for the JavaScript above, so copying is the fix tell application "Safari" to activate tell application "System Events" tell process "Safari" keystroke "c" using {command down} delay 0.5 set theText to the clipboard end tell end tell end if if theText = "" then display dialog "You need to have something selected!" set noSelectedTextFlag to 1 end if end tell if noSelectedTextFlag = 0 then set theSigTitleRecord to display dialog "Enter a name for the signature" default answer "RandomSig 1" set theSigTitle to text returned of theSigTitleRecord tell application "Microsoft Entourage" try set theText to "-- " & return & theText make new signature with properties {name:theSigTitle, content:theText, include in random:true} end try end tell end if
As we can see, the script only has a few changes. The first line is a flag for some error checking that I added to the script, and defaults to 0. In the Safari section, we first try to use JavaScript within Safari to get the selected text and put it in theText. If that doesn't work, and it often doesn't, we then resort to the quick 'n' dirty UI scripting method, and have Safari act as though we hit cmd-C to get the selected text onto the clipboard. That is then dumped into theText.
The next line is a quick error check. If, after all that, theText is still empty, then we display a dialog informing the user that hey, this won't work so well without actual selected text, and it sets noSelectedText to 1. From there, we check to see if noSelectedText is 0. If it is, then we create the signature. If not, then we don't and the script ends.
True, neither of these scripts are all that complex or "work - oriented" but they do give you some ideas of how to accomplish the same thing from two different angles, and some very basic introduction to using JavaScript and UI scripting in the same AppleScript. Besides, its fun to have a large collection of pithy signatures.
Microsoft Office 2004 Service Pack 2
While there are always arguments for and against applying a service pack or update, if you use Entourage in a Microsoft Exchange environment, run, don't walk to apply this. It has a host of fixes and changes for Exchange users that people have been asking about for some time. It doesn't do everything everyone wanted, but it hits a lot of issues like delegation, folder sharing, password change messages, sync speed, GAL usage, quota management, and Public Folders right out of the park.
As well, the Entourage Weblog, at http://blogs.msdn.com/ entourage/default.aspx is no longer dormant, and has a bunch of really great articles about Entourage's SP2 changes. There are some fixes to the rest of Office, but after all, Entourage is why we really buy Office, right? (I'm so getting in trouble for that ;-)
Conclusion
Again, nothing major here, just some small "storylets" that I've had bouncing about for a bit, and decided to turn into a column. Sometimes, you just have to go light.
Bibliography and References
Much thanks to John DeTroye for his tips and tricks documents, they're a boon to Mac administrators everywhere. http://homepage.mac.com/johnd
The folks at MacSurfer originally created the Safari code to make their lives easier, it works really well, so I stole it like a thief in the night. MacSurfer is also the best news aggregation page on the Mac web, and I hit it at least 5 times a day. http://www.macsurfer.com/.
We may not always like their parent company, but the Microsoft Macintosh Business Unit always does great work, and I can't imagine trying to work without Entourage, Word, and PowerPoint. http://www.microsoft.com/mac/.
John Welch (jwelch@bynkii.com) is the Unix/Open
Systems Admin for Kansas City Life Insurance, a Technical Strategist for Provar, (http://www.provar.com/) and the Chief Know-It-All for TackyShirt,
(http://www.tackyshirt.com/). He has over fifteen years of
experience at making Macs work with other computer systems. John specializes in figuring out ways
in which to make the Mac do what nobody thinks it can, showing that the Mac is a superior
administrative platform, and teaching others how to use it in interesting, if sometimes frightening
ways. He also does things that don't involve computertry on occasion, or at least that's the rumor.
Warning: include(/home/cust10011/www/site001/includes-mactech/includefiles/mt_footer.inc) [function.include]: failed to open stream: No such file or directory in /home/cust10011/www/site001_files/staticcontent/articles/mactech/Vol.21/21.11/Collections/index.html on line 226
Warning: include() [function.include]: Failed opening '/home/cust10011/www/site001/includes-mactech/includefiles/mt_footer.inc' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/cust10011/www/site001_files/staticcontent/articles/mactech/Vol.21/21.11/Collections/index.html on line 226