• MacTech Network:
  • Tech Support
  • |
  • MacForge.net
  • |
  • Apple News
  • |
  • Register Domains
  • |
  • SSL Certificates
  • |
  • iPod Deals
  • |
  • Mac Deals
  • |
  • Mac Book Shelf

MAC TECH
  • Home
  • Magazine
    • About MacTech in Print
    • Issue Table of Contents
    • Subscribe
    • Risk Free Sample
    • Back Issues
    • MacTech DVD
  • Archives
    • MacTech Print Archives
    • MacMod
    • MacTutor
    • FrameWorks
    • develop
  • Forums
  • News
    • MacTech News
    • MacTech Blog
    • MacTech Reviews and KoolTools
    • Whitepapers, Screencasts, Videos and Books
    • News Scanner
    • Rumors Scanner
    • Documentation Scanner
    • Submit News or PR
    • MacTech News List
  • Store
  • Apple Expo
    • by Category
    • by Company
    • by Product
  • Job Board
  • Editorial
    • Submit News or PR
    • Writer's Kit
    • Editorial Staff
    • Editorial Calendar
  • Advertising
    • Benefits of MacTech
    • Mechanicals and Submission
    • Dates and Deadlines
    • Submit Apple Expo Entry
  • User
    • Register for Ongoing Raffles
    • Register new user
    • Edit User Settings
    • Logout
  • Contact
    • Customer Service
    • Webmaster Feedback
    • Submit News or PR
    • Suggest an article
  • Connect Tools
    • MacTech Live Podcast
    • RSS Feeds
    • Twitter

ADVERTISEMENT

Volume Number: 21 (2005)
Issue Number: 11
Column Tag: Programming

Patch Panel - light

Collections and Contemplations

by John C. Welch

IT Types Finally Get A Room of Our Own

So after the last series we saw here, I thought that I'd devote this column to a collection of items that aren't enough to merit their own columns, but still of use to Mac IT Admins and Mac Geeks in general.

iTunes

While iTunes is indeed a wonderful thing, there are aspects of it that can be annoying on a network in large numbers, especially the iTMS, Internet Radio, and Music Sharing. Luckily, all of these can be managed, some of them centrally. With iTunes 5, you can now set preferences for accessing Podcasts, the iTMS, and Shared Music from within the "Parental" section of the iTunes preference. Yes, I know that doesn't cover Internet radio, but if you look in the "General" section, you see the control for showing or displaying Internet Radio. Finally, you have further controls in the "Sharing" section. These sections are shown in figures 1a - 1c below.


Figure 1a: iTunes 5.X Parental Controls

However, you still have to get those preferences out to the user's machines. For that, you really, really want to use Workgroup Manager and the MCX (Managed Client for OS X) capabilities that allow you to push out individual preference files. I would go into the details of how to use this with iTunes, but as it turns out, I don't have to. Instead, go to the .Mac site of John DeTroye, Apple SE and MCX wizard extraordinaire. Go to his downloads section, select "Latest_Tips", "Tiger-tips" and download the "mini-tandt-itunes5.pdf" document. It will show you how to use Workgroup Manager to manage iTunes for everything but Internet Radio.

Now, that's not a minor issue. Internet Radio is potentially a huge bandwidth hog, especially if you multiply each connection by a couple hundred or thousand users. However, there's two ways to deal with this, one elegant, but requiring a more advanced firewall, and one that's not so advanced, but works well nonetheless.

The elegant way is to block the initial request from iTunes. As it turns out, iTunes makes all its initial requests for things like Internet radio and the iTMS as http connections. In those connections, it has a user agent, that, on my machine shows up as: User-Agent: iTunes/5.0.1 (Macintosh; N; PPC). So, if your firewall/router setup is able to handle higher level filtering, you simply tell it to block all outbound HTTP traffic where the User-Agent contains "iTunes". That blocks all versions, all platforms. At that point, your iTunes traffic is now local - only. Note: While


Figure 1b: iTunes General Controls

there are a lot of very complex tools to discover things like this, my personal favorite here is tcpflow, available via DarwinPorts at http://www.darwinports.org/.

If your firewall/router setup isn't able to do this, then there's a simpler, albeit uglier way. Block TCP ports 8000-8999 and 42000-42999. That will prevent any iTunes Internet Radio streams to your network. Doing the iTMS is a little trickier, since that all happens over ports 80 and 443, and if you block those, you've effectively cut off the World Wide Web. However, if you kill access to "phobos.apple.com", you


Figure 1c: iTunes Sharing Controls

can block off the iTMS, at least until Apple changes the DNS name of the iTMS.

To block music sharing, (say if you don't yet have all your machines on iTunes 5.x yet), just set the firewalls on the individual Macs to block all connections on TCP port 3689. (This can be done any number of ways, from shell to Applescript; the specific implementation is really up to your individual preferences and skillset. You can also do it as part of the imaging process for new machines, and let attrition handle it for you.) If for no other reason, the fact that iTunes 5 lets you block everything but Internet Radio with relative ease, is a good reason to upgrade.

AppleScript Tricks

So, as many who know me can attest to, my .sig file in Entourage is huge and varied. However, I got rather tired at typing them in manually all the time, so...AppleScript to the rescue. I have two scripts that handle signature creation, one from within emails in Entourage, the other for things I see in Safari that are theft-worthy.

The Entourage script is fairly simple:

set theSigTitleRecord to display dialog "Enter a name for the signature" 
      default answer "RandomSig 1"

set theSigTitle to text returned of theSigTitleRecord

tell application "Microsoft Entourage"
      try
            set theSelection to the selection as text
            set theSelection to "-- " & return & theSelection
            make new signature with properties 
               {name:theSigTitle, content:theSelection, include in random:true}
      end try
end tell

The first part is easy. We display a dialog that asks for a name to be used for the signature, with some default text. Dialogs all return a record, so we grab the "text returned" field of that record, and put it in theSigTitle.

The rest all happens within Entourage. We get the selected text, drop it into theSelection, and make sure it's plain text. We then set up the sig format in theSelection, which by RFC is "--". With Entourage, you need to use the return keyword, not the \r escape for returns. We then create a new signature with the required properties; name, content, and is it in the random list, (yes). By wrapping it in a try block, I deal with any errors. There should be some error checking to look for me trying to run this script without selected text, but since I'm the only one (until now), who's using it, it hasn't been a big deal.

The Safari version is similar:

set noSelectedTextFlag to 0

tell application "Safari"
      set theText to (do JavaScript "getSelection()" in document 1)
      if theText = "" then --some sites with frames don't allow for 
         the JavaScript above, so copying is the fix
      tell application "Safari" to activate
      tell application "System Events"
         tell process "Safari"
            keystroke "c" using {command down}
               delay 0.5
               set theText to the clipboard
            end tell
         end tell
      end if
      if theText = "" then
         display dialog "You need to have something selected!"
         set noSelectedTextFlag to 1
      end if
end tell

if noSelectedTextFlag = 0 then
      set theSigTitleRecord to display dialog "Enter a name for the signature" 
         default answer "RandomSig 1"
      set theSigTitle to text returned of theSigTitleRecord

      tell application "Microsoft Entourage"
         try
            set theText to "-- " & return & theText
               make new signature with properties {name:theSigTitle, content:theText, 
               include in random:true}
            end try
      end tell
end if

As we can see, the script only has a few changes. The first line is a flag for some error checking that I added to the script, and defaults to 0. In the Safari section, we first try to use JavaScript within Safari to get the selected text and put it in theText. If that doesn't work, and it often doesn't, we then resort to the quick 'n' dirty UI scripting method, and have Safari act as though we hit cmd-C to get the selected text onto the clipboard. That is then dumped into theText.

The next line is a quick error check. If, after all that, theText is still empty, then we display a dialog informing the user that hey, this won't work so well without actual selected text, and it sets noSelectedText to 1. From there, we check to see if noSelectedText is 0. If it is, then we create the signature. If not, then we don't and the script ends.

True, neither of these scripts are all that complex or "work - oriented" but they do give you some ideas of how to accomplish the same thing from two different angles, and some very basic introduction to using JavaScript and UI scripting in the same AppleScript. Besides, its fun to have a large collection of pithy signatures.

Microsoft Office 2004 Service Pack 2

While there are always arguments for and against applying a service pack or update, if you use Entourage in a Microsoft Exchange environment, run, don't walk to apply this. It has a host of fixes and changes for Exchange users that people have been asking about for some time. It doesn't do everything everyone wanted, but it hits a lot of issues like delegation, folder sharing, password change messages, sync speed, GAL usage, quota management, and Public Folders right out of the park.

As well, the Entourage Weblog, at http://blogs.msdn.com/ entourage/default.aspx is no longer dormant, and has a bunch of really great articles about Entourage's SP2 changes. There are some fixes to the rest of Office, but after all, Entourage is why we really buy Office, right? (I'm so getting in trouble for that ;-)

Conclusion

Again, nothing major here, just some small "storylets" that I've had bouncing about for a bit, and decided to turn into a column. Sometimes, you just have to go light.

Bibliography and References

Much thanks to John DeTroye for his tips and tricks documents, they're a boon to Mac administrators everywhere. http://homepage.mac.com/johnd

The folks at MacSurfer originally created the Safari code to make their lives easier, it works really well, so I stole it like a thief in the night. MacSurfer is also the best news aggregation page on the Mac web, and I hit it at least 5 times a day. http://www.macsurfer.com/.

We may not always like their parent company, but the Microsoft Macintosh Business Unit always does great work, and I can't imagine trying to work without Entourage, Word, and PowerPoint. http://www.microsoft.com/mac/.

John Welch (jwelch@bynkii.com) is the Unix/Open Systems Admin for Kansas City Life Insurance, a Technical Strategist for Provar, (http://www.provar.com/) and the Chief Know-It-All for TackyShirt, (http://www.tackyshirt.com/). He has over fifteen years of experience at making Macs work with other computer systems. John specializes in figuring out ways in which to make the Mac do what nobody thinks it can, showing that the Mac is a superior administrative platform, and teaching others how to use it in interesting, if sometimes frightening ways. He also does things that don't involve computertry on occasion, or at least that's the rumor.
Warning: include(/home/cust10011/www/site001/includes-mactech/includefiles/mt_footer.inc) [function.include]: failed to open stream: No such file or directory in /home/cust10011/www/site001_files/staticcontent/articles/mactech/Vol.21/21.11/Collections/index.html on line 226

Warning: include() [function.include]: Failed opening '/home/cust10011/www/site001/includes-mactech/includefiles/mt_footer.inc' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/cust10011/www/site001_files/staticcontent/articles/mactech/Vol.21/21.11/Collections/index.html on line 226