Apple included an Open Firmware Password application on the MacOS X 10.1 CD, which allows you to prevent you Mac from being booted from another volume, so people cannot bypass the authorizations defined on your drive. If you want to use this application, you will have to read this macfixit report and also this Tech Info article from Apple.
People who are using non-US keyboards should be aware that MacOS X will use your currently active keyboard (in the keyboard menu) to set the password. However, Open Firmware does not, because keyboard mapping is loaded much later in the boot process. As a consequence, your password will probably not be recognized by Open Firmware at boot time. To work around this, you can use directly Open Firmware to set your password, or you can select the US keyboard from the keyboard menu before setting your password in the Open Firmware Password application.
NOTE:SecureMac revealed a security hole in the password protection.
I found this interesting discussion on the MacNN forums talking about a Netinfo security hole and the root account.
When you have the Terminal in the recent applications menu, and Netinfo Manager in the foreground, launch the Terminal (from the Recent Items Apple menu) and you will be logged in as the root user. The person who posted said that he didn't even have the root password enabled.
I tried this (I do have the root password enabled) in 10.1 (5G64) and the same thing happened.
[Editor's addition: The MacNN forums go on to pinpoint the cause (Netinfo Manager essentially runs as root while it's running) as well as a workaround - disable excecute permissions for those who aren't members of the Admin group. However, exactly HOW to do this is not listed. You should be able to do this in the terminal:
This removes the execute bit for "others", leaving it for "user" (root) and "group" (admin, which your normal user is a part of). I switched mine, and my admin user continues to be able to use NetInfo Manager, but I don't have a non-admin user to test with at the moment.]
A while back, I published an article titled Retaining OmniWeb as the default browser. This hack has changed a bit with the release of 10.1, and I thought I'd add information on how to make other browsers appear in the "Web" pop-up portion of the Internet preferences panel, and to set any one of them as the default.
The article might also be of interest if your "Web" setting seems to have amnesia - you change it, but then it randomly changes back to IE. I'll explain how to eliminate all choices except for your favorite, which (at least for me so far!) seems to prevent the "IE amnesia" from recurring.
So if you'd like to see more browser choices in your Web pop-up, or just prevent the Web pane from forgetting your preferred choice, read the rest of this article.
Last night I decided to upgrade my "experimental" partition from 10.0.4 to 10.1. This is where I test things on OS X before committing them to my production box. As part of the process, I decided to split the drive into a few partitions, as I had a lot of unutilized space. So I ran Disk Utility, partitioned, installed 10.0, upgraded to 10.1, configured a bunch of stuff, and then booted back to my production 10.1 environment. When I went to select my standard Classic partition, this is what I saw:
There were two problems here. The first was that everything was greyed out, the second was that my normal Classic partition didn't even show up! They grey-out problem didn't surprise me, as none of the listed volumes have OS 9 installations. But there were at least three other partitions that did, and they were nowhere to be seen.
Things I tried to fix the problem included copying a 'good' OS 9 to the missing partition (no change); specifying the OS 9 partition as the Startup Disk (as it was visible there), then checking Classic again (no change); and booting on the missing partition and then restarting in 10.1 (no change). Finally I gave up and did a clean install of OS 9.1 and 9.2.1 on the missing partition. Restarted in X and ... no change! Argh!
To save everyone else a ton of time, you may not have to do what I did. At least in my case, the problem seems to have been caused by a bug in the Classic prefs panel, not any issue with Classic itself or my partitions. If you have more than a few partitions (I have about ten total across three drives), the Classic panel in System Prefs doesn't seem to display scroll bars or arrows ... and it didn't seem to respond to the arrow keys, either. After some random clicking in the box and moving my scroll wheel and hitting the arrow keys, I managed to get the box to scroll ... and found the "missing" Classic partitions off the bottom of the display area!
So if you think you've lost a bootable Classic from the Classic prefs panel and you have a large number of partitions, make sure it's not a scrolling problem before investing time in a more complex solution! I'll try to investigate a bit more over the weekend to see if I can figure out exactly when it will and will not scroll ... and I've filed a bug report with Apple :-).
While logging in this morning after doing some work on another drive, I happened to notice that the Finder's keyboard navigation works in the login dialog box. If you have multiple users, just hit the first letter of the user's name, and that user will be highlighted. Hit enter, type the password, enter again, and you're logged in. No mouse required!
If you'd like to put your Mac to sleep while sitting at the login screen, there's a way to do it ... at least, there is if you have an eject key on your keyboard. Control-eject will bring up a "restart, sleep, or shutdown" dialog box, even while logged out. So just log out and then hit control-eject, and you can put your machine to sleep.
It also works, of course, while logged in. I'm not sure of any workarounds for non-eject-key keyboards. Anyone?
The ability to log in as root (versus using 'su' in the terminal) still exists in 10.1, but the mechanism is better hidden than it was in previous OS X releases. In my opinion, that's a Good Thing, as you should probably be logging in as root only if you really really know what you're doing. But enough of the lecture on the dangers of root...
To login to OS X 10.1 as root, first login as your normal Admin user. In the Login pane, click the Login Window tab, and then check the box that reads 'Show "Other User" in list for network users'. Logout after saving the change. When the login box reappears, you'll see "Other User" as an option. Click it, and you can enter "root" as the username followed by the root password.
In over a year of OS X usage, I have not yet had to login to the system as root to accomplish any tasks. But if you do need to (and there are some valid reasons), this is how it works in 10.1.
The window server has a cool feature in OS X 10.1 that isn't enabled by default (though it will be in an upcoming update, as I understand it): window buffer compression.
A little background. Under OS X, the contents of each window are saved in a buffer, so that they can be updated instantly, and also so that the cool transparency effects in Aqua are possible. This is a good thing, to have a fully buffered window manager -- however, it uses a lot of memory.
In 32 bit mode ("Millions" in System Preferences), a window that is 800 pixels wide by 600 pixels high uses up 1.9mb of RAM. When you consider that there are usually over 100 windows open when you're using OS X (not all windows are visible), you start to realize that this can start to add up in terms of RAM usage.
The more windows you open, the more RAM they use up, the more that virtual memory will have to page in and out while you use your applications to do work. This can cause slow-downs as the disk grinds to do the virtual memory paging.
So what Apple did was they implemented a compression mechanism into the window server. When a window's contents haven't changed for a given period of time, the window server compresses them, so they take up less memory. Since it uses a compression method that doesn't require the buffer to be fully decompressed to do compositing (dragging a window around, updating the screen, etc.), you won't notice a slowdown with this compression turned on.
In fact, because less memory is being used up by the window buffers, more RAM will be available for your applications, with will mean less virtual memory paging, and may in fact result in speeding up your machine. Additionally, since less data needs to be read (it is compressed, after all!), things like updating windows may be faster as well.
If you are a power user who has lots of windows open, you might consider giving this hack a shot. I'm using it, and getting compression ratios of about 8.5:1 (in other words, my window buffers are using 8x less RAM than they normally would).
Read the rest of the article for the details on implementing window compression.
Andrew Welch / el Presidente / Ambrosia Software, Inc.
I've discovered that X programs are prone to misbehavior when you make them try to operate on aliases.
The most painful example was when I tried replacing Exploder 5.1's bookmarks.html file with an alias to the one I used under 9... Exploder thought the file didn't exist, and wrote out its default bookmarks.html, which overwrote the original file! Luckily, I had a semi-backup and was able to rebuild from it.
Also, the Dock simply doesn't understand the concept of having an alias to a folder in the dock - after installing 'Classic Menu', I tried to replace the pseudo-apple items folder I had in the Dock with a link to Classic Menu's folder, and the Dock wouldn't do the click-and-hold thing that it does with an actual folder. It's fine with a folder full of aliases, and does the right thing there, but not when the folder itself is an alias.
So... while aliases are a traditional tool for managing different programs that need the same info, be very sure to back up any data you try to alias before testing, as it seems that X's support of them is not quite as transparant as 9's was.
Recently, Open Door Networks published a widely-reported security alert concerning Apple's implementation of WebDAV access to the iDisk in 10.1. The essence of the security hole is that your password is sent in cleartext, where it could be interecepted by anyone sniffing the network.
While I agree this is a fairly major security issue, I had other problems with iDisk in 10.1 -- speed, or the lack thereof. It seemed that, at least on my connection, webDAV access crawled. The disk would mount quickly, but copying even a modest 400K file could take minutes at times. This used to take five or ten seconds.
It turns out that the solution is posted on the advisory page at Open Door Networks. Simply use Appleshare to connect instead of WebDAV. Under the Go Finder menu, select "Connect to Server" and enter afp://idisk.mac.com. You'll get a username and password box, after which you can mount your iDisk like any other Appleshare volume.
This isn't a perfect solution -- it takes me longer to connect via Appleshare (the Finder gets the spinning rainbow disk until the connection is made), and the 15-minute time restriction comes into play again. However, it's worth it in exchage for greater security and the speed increase I get when actually transferring files.
Read the rest of the article if you'd like to know how to make Appleshare access to your iDisk just as easy as WebDAV access.