TweetFollow Us on Twitter


Volume Number: 20 (2004)
Issue Number: 1
Column Tag: Programming

Patch Panel

by John C. Welch


A look at the latest release of Mac OS X


On October 24th, 2003, Apple released the latest version of Mac OS X, aka Panther, (continuing in Apple's feline naming trend), version 10.3. This version boasts not only the changes we've all seen in demos, such as the new Finder, and Expose, but some other, less visible features that are just as important.


With any major operating system release, there are a lot of changes that the users, developers, and administrators get hit with, and Panther is no exception. While the release may be numbered as a tenth version change, this could easily almost qualify for a full version change. While Apple is always running the hyperbole machine non-stop for any major release of Mac OS X , in this case, it's more justified than usual. There are huge amounts of changes, inside and out, and they make for one heck of an upgrade.

Now, there have been numerous reviews of Panther already, so thanks to them, there are a few things I'm not going to bother with. Expose, the new appearance of the Finder, both have been done to death. We're not ignoring the Finder, but there have been forests published on the new appearance, and from my POV, that's enough. I care less about the view, and more about the features, and those, I will look at. Fast User Switching, FUS, is going to be looked at, but not for the pretty transitions. So, the features that I look at are going to be those of interest to me as a network administrator / IT Geek. While I will be mentioning Mac OS X Server, it's only going to be in relationship to Mac OS X, not as a separate review. I'm not going to really talk about iApps, WebObjects, or the developer tools. Those aren't really a part of the core OS. I'm also not going to spend much time on the BSD improvements, as those are better handled by a separate article, since the BSD layer is its own world almost.


As with any OS, the first exposure to the product is the installation, and this is the area that Panther has had the most problems. The upgrade installs have been a disaster in most cases. There have been consistent problems with permissions being set wrong, needed system users not being created, etc. At this point, barring a new CD release with 10.3.1 or later on it, I would avoid doing an upgrade install from Jaguar, or any earlier version of Mac OS X. However, that's not to say you have to reformat your system to get a good install of Panther. When you do the install, change your install type from Upgrade to Archive and Install, but pick the option that says it will preserve user and network settings. That way, you don't have to reset all your home directory settings, network settings, etc. You'll end up with a directory called "Previous Systems" on your Mac, and it will have all the non-user stuff in it. Now, don't just delete this. You're going to want to hang onto it for a few days until you're happy that everything is working correctly. I find that if I go into the Library, (not System/Library) directory in Previous Systems, and manually move over the stuff that isn't in my new /Library, I avoid problems. I don't just copy over all the folders in the old /Library, but rather the stuff inside them. This way, any serial numbers, etc. that are in /Library are there in Panther too. (Adobe likes to put serial numbers in /Library/Application Support/, for example.)

Of course, you CAN do a format install, but I've not found it necessary. As you may have heard, you can only install Panther on Macs that shipped with built-in USB. So Beige G3's are out, as are laptops prior to the 1999 PowerBook G3 models. Note, that's not to say it's impossible to install on these models, just that Apple's not supporting it. Regardless of model, a poor or inconsistent installation experience is never good, and hopefully, Apple will get new CDs out soon.

Regardless of your installation method, there are some obvious changes. For one, there are now three CDs for Panther alone, not counting the Xcode Development tools CD. (In an interesting difference between the two, Mac OS X Server 10.3 only has two CDs). This is due to overall increased size of the OS, and new items, such as X11. X11, the, well, X11 environment for Mac OS X from Apple is an optional install in Panther. To use it, you have to choose to do a custom install, once you have chosen your installation type. There are other options here besides X11. You can install more printer drivers, more languages, more fonts, etc. For my part, I always install all the printer drivers on a laptop, (you never know where you'll be printing, or to what), however, on a desktop, I don't bother, unless I know I'll need those specific drivers. If you install X11, you'll need to have the third CD at hand. (Of course I install it, I'm a geek).

The install can take quite a while, depending on your circumstances. There's a reboot after the first CD, and the rest of the install runs booted from your hard drive. For Mac OS X Server - based networks, the remote install options with Panther and Panther - Server are much improved over Jaguar. Creating the install images is straightforward, as is setting up to install via NetBoot. Once that's done, just NetBoot the clients from the appropriate image, and go. On a slow network, with an old B&W G3 as a server and a grape iMac, it took about 45 minutes. On a faster network, it took about 20 minutes.

Finally, another neat trick is exposed in Disk Utility. It seems that having Mike Bombich working for Apple has paid off a bit, as it looks like a lot of the features of Carbon Copy Cloner are now a part of Disk Utility, and you can restore a drive from a networked image via WebDAV. Not something I've had time to test, but a pretty cool possibility nonetheless.


Machine configuration and System Preferences in Panther are pretty close to what they were in Jaguar, but there are some new features, that were needed, and some reorganizing that makes it much faster to see what interfaces are working on your system. The network preferences got a lot of redesign in particular, and you benefit from that work as soon as you open them.

Figure 1. Network Status screen

As you can see, the interfaces you have enabled, and the status of those are immediately shown to you, so if you are having problems, you have an immediate starting point. This is something that all users, but mobile ones in particular have needed for a while. The TCP/IP settings have also gotten some changes, most noticeably the inclusion of a machine's IPv6 address, and the ability to configure IPv6 settings in the GUI.

Figure 2. TCP/IP setup

Figure 3. TCP/IPv6 automatic setup

As you can see, the default is to automatically set up IPv6 settings. There's a reason for this. Here's what the manual version looks like:

Figure 4. TCP/IPv6 manual setup

You thought IPv4 addresses were bad. But the support is not just the base networking stack. Apple has been gradually implementing IPv6 capabilities in their applications as well, although most are in a transitional state, so will look for IPv4 connections, and tend to prefer them. But for those of you working in pure IPv6 environments, Panther is a much nicer experience than Jaguar was.

Another problem in Jaguar was setting up custom Ethernet settings. Although you could change Ethernet settings via ifconfig, getting those changes to stick was often much harder than it needed to be. Panther allows you to change Ethernet settings in the GUI.

Figure 5. Manual Ethernet setup

While you can't set jumbo frames in the UI, (that's limited to Mac OS X Server), for those of you in situations where autoconfig didn't work so well, you can now customize your Ethernet settings far easier than you could in Jaguar.

Printing has made it into System Preferences, and you can now set up a few basic things directly in System Preferences, such as the printer that comes up in the Print Dialog, and the default paper size. (One would think this qualifies as the Default Printer, but evidently Apple disagrees with me there.) You can enable printer sharing, and fire up the Printer Setup Utility, the Application Formerly Known As Print Center, so that you can set up specific printers. (More on that later.) Panther now has built-in faxing, and while it's not a replacement for a fax server, the ability to have your incoming faxes sent to an email address is a nice touch. Support for internet faxing would be a nicer touch, but for a first effort, it's not bad. Unfortunately, you can't easily share the faxing as you can the printing, which is a bit of a letdown.

One not so nice change is the removal of functionality from what was the Internet preference pane, (now the .Mac pane). The .Mac pane now only lets you set your .Mac account information, and iDisk settings. You have to go to Mail, Safari, etc. to set the default web browser, home page, email application, etc. While simplicity is nice, this is more of a crippling effect than a simplifying one, and has a net effect of making it harder to set often - used preferences. Since the default email or web application is a system, or at least a user - wide setting, it makes no real sense to make you go find an email application to set this in. If you can set other user prefs in System Preferences, then removing these just looks like a silly attempt to push people into using Safari and Mail.

Security has gotten new attention from Apple in Panther. It now has its own preference pane, and some new tricks. The big one is FileVault, which turns your home directory into a big encrypted disk image. Problems with FileVault aside, there are some potential issues with it that would make one not want to just enable it by default. If you use AppleScript a lot, FileVault changes the path to your home directory. Because FileVault makes your home directory a single file, and an encrypted one at that, if that file gets corrupted, recovery of data will be almost impossible. Any change to even a small text file can force the backing up of several Gigabytes of unchanged data. FileVault is a great idea if you need it, but understand that there are real issues and problems that you will run into because of it. However, aside from FileVault, there are other, less worrisome security features in Panther. You can finally require a password to wake your computer from Sleep, a feature much in demand by laptop users. Unfortunately, this is tied into the screen saver, so you either password enable both, or neither. Some granularity here would be nice. Both are tied into the new Kerberos security improvements in Panther, so if you are on a Kerberos network, unlocking the screen saver or waking from sleep can be tied into your network authentication system. Another new feature is the idle-time logout, a welcome feature for anyone running a Mac in a lab, or other public use situation.

The user account settings get yet another makeover in Panther. Login items no longer get their own preference pane, they're back to being part of your account settings, which makes sense. The FileVault settings from the "Security" pane are replicated in the Security tab. If you are clicking on someone else's account, and you're an administrator, the Login Items tab changes to a Limitations tab. For people not using Mac OS X Server and Workgroup Manager, this is the place to lock down parts of the OS for standard users, or limit them to the Simple Finder. Clicking on Login Options lets you choose how the login window looks, enable or disable autologin, hide the Sleep, Restart, and Shutdown buttons in the UI, and enable Fast User Switching.

Fast User Switching is simply the ability to switch between users on a machine without logging the current user out. Windows XP does this. You've always been able to do this in the UI from the command line, via the su command. Fast User Switching simply enables this at the GUI level. Now, if the account you are switching to has a password, you'll need to enter that. Certain applications, such as iChat and iTunes don't play nice with Fast User Switching. iTunes simply ignores it, and only runs in one user environment at a time. iChat will switch, but it will log out the switched - out user(s). Some utilities don't work well, or get confused by Fast User Switching, such as TypeIt4Me. I've also found that if you are using the Active Directory plugin, using Fast User Switching to switch to an Active Directory account that is not already logged in will send the GUI south until you reboot, or log in remotely and kill the loginwindow process for the AD user. Also, the more switched out users you have, the more that Mac's resources will get used. But all in all, it's a good implementation of a requested feature.

The Energy saver finally gets the scheduled shutdown/startup features, missing in Mac OS X prior to Panther. The Keyboard and Mouse preferences have been combined, and a new trick, one that lets you define custom keyboard shortcuts is included. You can also use this to change application shortcuts. For example, the login/logout of AIM shortcut in iChat is Cmd-L. Unfortunately, this is also the "enter URL" shortcut in every web browser on the Mac, including Safari. Since the brushed metal interface makes it hard to see at a glance if a window is active or not, I'm always logging out of iChat when I thought I was entering a new URL. However, a new keyboard shortcut, and BAM, that problem is gone.

Figure 6. Keyboard Shortcuts

There are some limits, for example, I can't override the autocomplete in Script Editor in Panther to be Tab instead of F5 or Option-Esc, because Tab can't be used with this feature, nor can Enter, Cmd-Tab, Cmd-Enter, etc. Still, it's a nice feature, and my one use of it has saved me a lot of frustration. My final favorite new feature in Panther's System Preferences is one that I wouldn't have expected, and that is Classic. Classic now has a menubar widget, and if you have a Classic System folder, this widget also lets you access the Classic Apple Menu in all it's customizable glory. So, in the fourth major version of Mac OS X, Apple has finally given us back the Apple Menu.

There are quite a few configuration changes all throughout the OS. The Apple Menu sports a new "Software Update" item, which is a welcome change. Even better though are the improvements to the command - line softwareupdate utility. With Jaguar, you ran it once with no options to get a list of updates, and then you had to run the command once for each update, which was tedious. Panther improves this greatly.

Figure 7. Command - Line softwareupdate in Panther

As you can see, not only can you manage all the different settings of softwareupdate, like schedules, ignored updates, etc. , but you can also elect to install all available updates, all required updates, and, very important for system administrators, you can also download the update packages, a major convenience for those who prefer to roll out updates on their schedule, not Apple's.

One preference pane that is missing is the ColorSync pane. That functionality is now a part of the Displays preferences and the ColorSync Utility. I'm not going to comment on some of the nitty - gritty operations of ColorSync in Panther, I don't know enough about it to do so. But I will say that it is a much bigger part of Panther than it was a part of Jaguar. There are new ColorSync "filters" that allow you to apply ColorSync settings to print files. But it's not just things like embedding profiles. You can also do things like compress images, (a welcome feature for Quartz - created PDFs), sharpen or blur images, create PDF /X - 3 PDFs, etc. ColorSync has gotten a lot of attention in Panther, and for those of you that live and die with it, I highly recommend a bit of research before upgrading, both to prevent problems, and see what the new features can do for you.

Directory Services

The second version of Open Directory has gotten a lot of play from Apple, although for the most part, without Mac OS X Server, most of the changes are lost on the average user. But there are a few changes that you don't need Mac OS X Server to take advantage of. The biggest one is the new Active Directory plugin. This, like all other Directory Services settings, is found in the Directory Access application in /Applications/Utilities.

Figure 8. Directory Access Main Screen

Now, in addition to Active Directory, there are also plugins for AppleTalk, LDAPv3, NIS and others. LDAPv2 is gone, and NetInfo is no longer enabled by default. Neither is AppleTalk, which means that you are going to have a rough time browsing AppleTalk networks until you enable this, as I have on my machine. This is not a very obvious place to look for this, and the default causes a lot of problems for people, so while I understand that Apple wants to get rid of things like NBP and other non-AFP parts of AppleTalk, they really need to be clearer about showing people how to find this without a trip to Apple's support site.

The BSD Flat File and NIS plugin finally makes plugging into those networks FAR easier than it was, which has been a long time in coming. (I still remember a WWDC Networking Feedback Forum where I asked Apple to either fix NIS, or break it completely, because the 'half-ness' of it was killing me.) It's not going to give you NIS+ connectivity ala Sun boxes, but is you need NIS, it's better now than it used to be. The LDAPv3 Plugin is fairly unchanged from the client point of view, which make sense, as most of the changes with LDAP and Open Directory have more to do with Mac OS X Server than with the clients.

One thing that should be touched on is the recent noise over the 'major' security hole in Directory Services. By default, the LDAP plugin is set to get Directory Information from a DHCP - Assigned LDAP server. This is a part of the DHCP spec, so it's not an Apple-invented trick. The problem is, if you have a rouge DHCP / LDAP server that is set up correctly, it could allow a cracker to take over your system, and that of any other Mac booting on a subnet visible to the rogue server. The problem isn't one that's easily fixable. First, most DHCP security is targeted towards limiting client access to the server, not authenticating the server to the client. That's how DHCP is supposed to work. You find the first DHCP server available, and configure from that. There's no security in this process of any real value. If you grab the wrong DHCP server, you're effectively denied service, or correct service. This is why rogue DHCP servers are "A Bad Thing" anyway. The current DHCP standard has no security. In fact, the following is the entire security section of the current DHCP RFC (2131):

    7. Security Considerations

    DHCP is built directly on UDP and IP which are as yet inherently insecure. Furthermore, DHCP is generally intended to make maintenance of remote and/or diskless hosts easier. While perhaps not impossible, configuring such hosts with passwords or keys may be difficult and inconvenient. Therefore, DHCP in its current form is quite insecure.

    Unauthorized DHCP servers may be easily set up. Such servers can then send false and potentially disruptive information to clients such as incorrect or duplicate IP addresses, incorrect routing information (including spoof routers, etc.), incorrect domain nameserver addresses (such as spoof nameservers), and so on. Clearly, once this seed information is in place, an attacker can further compromise affected systems.

    Malicious DHCP clients could masquerade as legitimate clients and retrieve information intended for those legitimate clients. Where dynamic allocation of resources is used, a malicious client could claim all resources for itself, thereby denying resources to legitimate clients.

There is a secure DHCP RFC, 3118, but it's still a proposed standard, not a final one, and has been in the works since 2001. Even after it becomes a standard, creating a secure DHCP infrastructure would require more than a little work at all levels of any network. The fact is, if you use DHCP at this time, you are accepting a certain amount of risk. Apple using a standard in a way that is not against the standard does not suddenly "create" a security hole. As well, if you have to set up a couple hundred machines at once, this out of the box autoconfig ability for LDAP directories that are advertised via DHCP is more than a little handy. Being able to have all your user, home directory, and other LDAP-Derived settings available on a client machine as soon as you power it on is not a minor convenience. So, you have to either give up autoconfig, or keep a closer eye on your network. This is also not a crack that is terribly easy to set up or implement. Rogue DHCP servers get discovered fast, they cause a LOT of problems. In other words, it's something to keep an eye on, but not panic over. Simply disabling the ability to find LDAP servers via DHCP on your client Macs takes care of this hole anyway.

The big new change however is the Active Directory plugin. Now, you could hook Jaguar into Active Directory via LDAP, but this was not a very simple process, and did require some Active Directory schema modifications, which most Active Directory administrators were loathe to make, because it's almost impossible to undo Active Directory schema mods, and because in most large Active Directory setups, the Macs are not numerous enough to make that kind of thing worthwhile. So the plugin alleviates much of the pain associated with hooking Macs into Active Directory networks, which is "A Good Thing" for Mac users on Windows networks.

Figure 9. Active Directory Plugin Setup

The setup here is straightforward. By default you only have to enter the forest name, the domain name, and the computer ID. (Forest and Domain can be identical). You'll need to know the location within Active Directory the computer is going to be stored. By default, the plugin assumes it's in the "Computers" container, but you can assign it to a different container, or an OU, depending on your needs and your Active Directory setup. You'll need to not only to be able to authenticate as an administrator on the Mac OS X machine, but you'll also need to authenticate with adding machine privileges to the Active Directory domain, or have someone nearby who can. If you are trying to bind remote machines, you can have Directory Access connect to a remote machine, or you can use SSH and the dsconfigad command. "man dsconfigad" for details. The options are pretty straightforward. If you have a laptop, you can create a mobile account with a local home directory, so that you can log in with an Active Directory account offline. You can set it to authenticate in multiple domains in the same forest, a needed feature if you work in a large Active Directory network. You can specify the preferred domain server, and set Active Directory groups that can act as local administrators on a given Mac. Finally, you can map the User ID, UID to a specific attribute.

What does all this mean? Well, you can log in with a valid AD user ID, and you don't have to create it ahead of time. If you make it a mobile account, you get a home directory on the system. Once an Active Directory account has been created on a Mac, it can be set up to be a local administrator for that machine.

Figure 10. Active Directory User in System Preferences

Logging into Active Directory with the plugin gets you Kerberos tickets for Active Directory resources, so you get some single signon benefits. If you want, you can also have Active Directory set up your network home directory so you can use it with Mac OS X. Now, this does not mean that your Active Directory home directory is your Mac OS X home directory. It actually mounts as a separate network drive. But you have access to it. If you set up a custom Contacts search tree in Directory Access, and put the Active Directory node in it, then you get a nice side benefit from Address Book: It can search the Global Address List, or GAL for email and other information. Very nice for Address Book users. If you want better AD integration, such as real SMB home directory support, DFS integration , or you still need to authenticate against NT 4 domains, then your best bet, (and only bet in the case of the NT 4 domains) is Admit Mac, from Thursby Systems. It's more expensive than the Panther plugin, but you get more features too, so its value is determined by what you need.

Other new configuration tricks

As we've already seen, the command line has been beefed up quite a bit in Panther. Mac OS X Server 10.3 takes this even further, by giving you command - line equivalents for almost every GUI tool. Panther also comes with a copy of the client for Apple Remote Desktop, so if you use that product, you can plug your Panther systems into your workflow right out of the box.

The Finder has some new tricks as well. The obvious one is the return of Labels, which is either a very good thing, if you used them a lot, or a minor thing if you didn't. If you are new to AppleScript, the Finder is now somewhat recordable, so you can use Script Editor, or Script Debugger, or any AppleScript tool that supports recording to help you get an idea of how to build simple AppleScripts. Even cooler are the new Action Menus, which live in the Finder, and are context sensitive based on the current selection. They kind of duplicate context menus, but not perfectly. Folder Actions get much easier to implement, thanks to context menu support in the Panther Finder. Select a folder, ctrl - click on it, and you can attach, disable or configure Folder Actions. For me, this has been a real boon over the Jaguar method that required you to do it the hard way, or via a not terribly handy setup that required you to activate the Scripts menu in the Menu Bar. I have a "folder scan with Virex" folder action that I use to automatically scan files added to designated download folders, like my Desktop, the Entourage Saved Attachment folder, etc. I have another one that I use in conjunction with Distiller Watched folders that starts Distiller when something is added to a watched folder. A relatively minor feature that has made many scripter's lives easier.


Since I am a network geek by trade, it behooves me to talk about Panther's networking changes. There have been some big changes here, some good, some bad, some just necessary.


Panther is all about security. Almost everything in Panther has improved security. AFP and FTP services are now Kerberized if used with Mac OS X Server, so file transfers have gotten more secure. Even Mail has improvements to its Kerberos implementations, so for those of you using Kerberized email, (mostly Universities), Mail is a much nicer choice in Panther than it was in Jaguar. If your machine is managed by Mac OS X Server, you use the AD plugin for your logins, or you've customized your authentication setup, then you can get Kerberos tickets when you log in, which makes single signon much easier in Panther. (The idea with single signon, is that when you log into the machine, that's the only time you need to authenticate. After that, any resources you have access to, like network drives, email, etc. use various behind the scenes mechanisms, in this case Kerberos, to handle that, so you aren't having to deal with a daily stream of password requests.) In Panther, Kerberos is everywhere. Note that if you use AFS, or the Andrew File System as a distributed file system, you'll need to update to the most current version for Panther, from

SSL gets a major boost in Panther as well. There is much better SSL support in Mail. application for using certificates with email, and S/MIME support for attachments. Safari's SSL support is a little better than it was in Jaguar, but still not as good as Mozilla's. Even relatively minor things, like the wake from sleep password dialogs are Kerberized. Apple has really done a good job of integrating security into Panther without making it a stumbling block to everyday 'normal' use. This kind of thing is not easy to pull off, but it's the best way to get everyone to start making secure computing something besides a buzzword at a trade show. The Keychain supports SSL better than it ever did before, which makes adding certificates to your system a much nicer process. Now, if the KeyChain scriptability were to be similarly improved, it would even nicer.

The password system in Panther has changed as well. New user accounts in Panther no longer use the old NetInfo 'crypt' passwords. Those were never really that secure anyway, and by getting rid of them, we get improved security, and much longer passwords. That's right, you can now have a password that's up to 255 characters in length. Not a bad improvement. Now, as to how you remember that, I have no idea. NetInfo is gradually going away anyway. LDAP is now the preferred protocol for Directory Services in Panther, and NetInfo is now only really needed for local machine records. I imagine that we'll probably see the end of NetInfo in the next few releases.

Windows connectivity

There have been improvements to non-Active Directory Windows networking. Samba 3 is now the back end for Windows connectivity in Panther. This allows for things like making your Mac OS X system an NT 4 Primary Domain Controller. (This is a simple UI setting in Mac OS X Server.) Winbind is now working in Mac OS X, so integrating Samba and Active Directory is a LOT easier under Panther than it was under Jaguar. If you have your Active Directory connections set up correctly, then single signon works pretty well for Windows file shares. (SMB printing is better as well, but printing gets its own section a little later on.) I haven't seen any real speed improvements as far as File Transfers go, and Apple still hasn't figured out how to not leave .DS_Store and other file boogers all over Windows drives. Thursby figured this out years ago, so Apple really needs to clean this up.

One trick that is totally new for Panther, and not really well known is that you can now access locally connected NTFS disks with Mac OS X. Apple incorporated the mount_ntfs utility that was a part of BSD into Panther. It's not a full implementation, (writing to NTFS drives is rather limited, and I'd not try it on a drive I cared a lot about), but I can see this being a last ditch way to get data off a Windows boot drive that won't mount right under Windows. Use 'man_ntfs' fro the full details.

Unix connectivity

This hasn't changed much at the file sharing level from Jaguar. You still can use NFS with some command line knowledge, or NFSManager, from Marcel Bresink,, which is still probably the best way to set up NFS on Mac OS X, regardless of version. Printing is still the same. It's LP(R), there's not much that can change there. The only big change is the integration of X11 into Panther, which allows you to access Unix applications and other non file and print resources, such as applications, etc. X11 also makes it easier to use things like MatLab, Open Office, and other local Unix applications that don't have, nor may ever have an Aqua interface. This is not saying that things like Fink are obsolete, but that you don't need to do as much work to get basic X11 functionality on your system.

Mac connectivity

With the major exception of having to manually enable AppleTalk browsing in Directory Access, the big changes involve Rendezvous, or Zeroconf. It's everywhere. File sharing access, printer discovery, Safari uses it, (Which is really cool for Rendezvous printers that have Web page configuration abilities), almost any file sharing you do from a Mac running Panther is advertised via Rendezvous, so on a local subnet, finding another Mac's resources is dead simple. It's even a part of Terminal. That's right, Terminal is now Rendezvous - enabled. There's a new "Connect To Server" feature in Terminal, that when activated brings up a window with various connections and all the Macs it can find on the local link.

Figure 11. Rendezvous and Terminal

So, if you aren't sure as to the name of a Mac you want to connect to via SSH, SFTP, etc, just browse for it. If it's running Jaguar or Panther, you can find it. Very cool, and very unexpected. Leave it to Apple to make the Command Line simpler and easier to use. Speaking of Terminal, there are a few changes there, mainly a change to the default shell, (bash instead of tcsh), and the default terminal type, (x-term instead of vt100 or ANSI). These are more for compatibility with shell scripting needs and some other items, and other than a few potentially annoying behavioral changes, you shouldn't see any major problems coming from this. In any event, changing it back is no harder than changing your shell or terminal type was in Jaguar.


There have been some major changes to how you browse networks in the Finder, and depending on your needs, this is either very good, or quite annoying. In Jaguar, all your network browsing was done via "Connect To Server" from the "Go" menu in the Finder. While not as disconnected as the Chooser, evidently it wasn't integrated enough for Apple. So now, if you want to browse for a network, you go to "Network" in the Finder, and start from there.

Figure 12. New Browsing in Panther

Now, you can see some obvious differences. First, this is done in the Finder directly. So you don't need Connect To Server anymore. However, for this to work, you have to be able to see the server you want via browsing. Secondly, with Connect To Server, you talk to the server, but mount the share. So even if a server had fifty shares, you are only mounting the shares you explicitly choose to mount. With Panther, and Network View, once you log into the server, you have access to every share on that server you're authorized for. So in effect, you are mounting the server, not the share. Another difference is where this mount connects to locally. With Connect To Server, the mounts showed up in /Volumes, just like any other drive. With Network View, the mounts live in /var/automount/Network. So if you rely on the path to a network share in a script, you may have to change some things. Shares on a server mounted via Network View don't show up on your Desktop. They only show up in Network in the Finder. So navigating to them can be a little tedious. Finally, you can't just unmount a share. You either unmount the server, and thereby unmount all the shares from that server, or you unmount nothing.

Connect to Server is still there, but severely limited compared to Jaguar. You cannot browse within Connect to Server, and you have to manually enter the URL for the server, or have the server in your favorites list. Any server mounted this way looks like it did in Jaguar. The mount lives in /Volumes, and it appears on your desktop. One thing to watch out for here is double mounting. If you connect to a server via Network View, then use Connect To Server with the same server, you can mount a share, or shares twice. This can cause you problems if you aren't careful.

Figure 13. New Connect To Server Dialog

Figure 14. Oops, double-mounted share

As you can see, the confusion potential is high. Especially with AppleScript, which could get really confused if the path to a share changes and a script is making now-incorrect assumptions. As well, the "mount volume" AppleScript command creates Connect to Server mounts, not Network View mounts.

Finally, since you can't obviously tell that you have fifty shares mounted, if you change network settings, or put the machine to sleep, and wake it up without a network connection, you're going to get a lot of "Oh dear, you appear to have disconnected from this share. Do you really want to do that? Are you sure" dialogs. It's an interesting change, but there are some real problems with it. Oh, one thing that seems to be fixed in Panther is the DNS serialization that made for some frustrating times in OS X prior to Panther. So, if the application is written correctly, one bad DNS lookup should not delay every other DNS lookup anymore.


Printing is of course, central to the Macintosh, and has been for many years. Now, I am not going to comment on the quality of fonts, etc, because to an IT geek like me, once you get beyond the network protocol, printing is magic. You tell the computer to print, and trees die. But there are some other changes to printing in Panther that even I can see. The most obvious one is the changing of the main printer configuration application from Print Center to Print Setup Utility. So far, the only problem the name change seemed to cause is with the Adobe Acrobat PDFMaker macro for Microsoft Office. Seems they hard-coded "Print Center" into the macro, since every time I've run it on Panther, it keeps asking me for the location of "Print Center". Other than that, I haven't seen anything break. (Well, it could make Quark unhappy, but determining that would require me to use Quark, and even I have limits to the amount of computer - induced pain I will voluntarily subject myself to.)

The basic UI in Printer Setup Utility is the same as it was in Jaguar. Once you get into the UI a bit, there are some very nice additions. You can now have Desktop or Dock printers. Just drag a printer to the Dock or the Desktop, (or wherever you want them), and you can now drag and drop documents on it. The UI for adding printers has gained a few tricks as well. For one, you can now add IPP and SMB printers without needing to hold down the option key when you click on the Add Printer button. When you add a printer, Printer Setup Utility does a much better job of discovering new drivers on your system. IP Printing now includes Rendezvous printers, LPR printers, IPP, and HP Jet Direct printers. If you have printers defined in an Mac OS X Server - hosted Open Directory domain, those show up in the Open Directory setting. Rendezvous gets its own heading in addition to being a part of IP Printing. (I'm also noticing that HP at least is behind Rendezvous in a big way. They have three models of laser printer that use Rendezvous by default, which makes for much easier network printing setup.) USB printing is the same, and Windows printing now has its own list item. This unfortunately doesn't make finding an SMB printer any easier, but at least you don't have to go through as many contortions.

The advanced selection option is still available, and if you have the Mac OS X native version of Distiller installed, you can set up a printer for that here, along with Fax printers, etc. Obviously some of the options available here are dependent on your hardware and software setup.

Figure 15. Advanced Printer Setup Options

Apple has also updated the printing event mechanism, so that if a developer takes advantage of it, you can automate printing to a much higher degree than was available in Jaguar, including bypassing the print dialog altogether. Obviously, this isn't just going to appear overnight, but the plumbing is now there. While we're talking about automation, Panther still hasn't fixed one major remaining problem, the fact that printer creation is still essentially a manual process. You can't use AppleScript to create printers. You can use it to see status on printers and jobs, and set the default printer, but even simple items like printer status are read only, so you can't easily control printing via AppleScript. You can do this all via shell scripting, and do shell script, but AppleScript print control is a critical part of the printing workflow, and Apple still not making AppleScript and print control/creation usable is definitely frustrating, and starting to border on unacceptable. If I have to use shell to automate printer control, then it makes more sense from a fiscal point of view to use Linux, or some other Unix box as a print server, and save some money over the cost of a Mac. A dedicated print server gains nothing from a nice UI, and if Apple forces you to use standard Unix methodologies to control printing anyway, what's the point in paying the premium?


This brings us to the next major part of Mac OS X, and one of the major features of the platform as a whole, AppleScript. There have been a lot of improvements, but there are still some really glaring holes, although, thankfully, most of those exist outside of the OS. (I really don't see any of the Pro applications ever becoming scriptable, not a good example of eating one's dogfood.)

The version of AppleScript that ships with Panther is not the long - awaited AppleScript X. Instead, we get version 1.9.2 with Panther. This is not to say that there are no real improvements, not by a long shot. The Finder is partially recordable again, so newcomers to AppleScript can see how to create bad syntax automatically. (That's not a shot at Apple as much as an acknowledgement that an AppleScript version of manual actions is not going to be an example of efficient AppleScript code.) Nonetheless, it's about time that one of the first applications anyone wants to script is finally recordable.

In Panther, you can send Apple events not only to a remote machine, via the eppc:// url, but also to a specific user id, and process id. Because of Fast User Switching, you can't assume that any one particular user is going to be the active session. So, you can target the specific user id and process id on a remote machine. This has some nice potential for production systems, in that you can start up a machine under a production user, start various processes, the switch back to the login screen, so if humans need to use it, they can without logging out that user. So, if you know a process is running, you can remotely determine the pid, and then target that pid and that production user with a script, and not have to worry about what another user is doing. If you don't specify uid and pid, then the current active user is targeted. If you aren't root, then you can only target processes that match your uid. The eppc server is now a part of xinetd, and is advertised through Rendezvous.

There is a new script format as of Panther, the script bundle. This is an AppleScript version of an application bundle, and while only usable with AppleScript 1.9.2, you get some nice features with it, namely the ability to include Scripting Additions with the script application. One of the big problems in using Scripting Additions has been the fact that you couldn't ensure that everyone using your script would have the required additions. This is no longer a problem, as you can place the Addition in the bundle, and it will be used when the application is run. Apple events are now handled as FIFO instead of LIFO, important for CGI uses. The "path to" command has been enhanced, with new destinations, and the ability to create a folder if it doesn't exist. It also has better support for Classic. You can get the long and short names of a user far easier than in Jaguar.

Some bug fixes include the ability to deal with https:// urls, support for larger numbers, better handling of a "quit" event sent to an application that isn't running, (it no longer starts the application just so it can quit it), and do shell script now handles failed authentication differently than canceled authentication.

There are still some really annoying holes. Keychain Scripting hasn't been updated to allow you to specify which applications have access to a given key, although the protocol setting bug has been fixed. I've also run into a problem where Keychain Scripting can't access the Keychain I brought over from Jaguar, but it can access any keychains created under Panther. I can't create network configurations in panther, but I can script Internet Connect. So as long as all you need is what Internet Connect gives you, you're golden. Switching network configurations via AppleScript requires far too much work. QuickTime allows you to use AppleScript for everything but creating custom export parameters. Xcode can't debug AppleScripts beyond event logging and "display dialog". There's no find function in the Finder dictionary. There's no "as password" ability in display dialog, so if you use it to ask a user for a password, the password is displayed as clear text. It's too tricky to run scripts when the machine is shut down or restarted. The ability to run a script when the machine wakes up would be greatly appreciated by many. Too many OS utilities use non-standard UI widgets, so UI scripting doesn't work with them.

So AppleScript is, as always a mix of good and bad, of parts given proper attention, and others seemingly ignored by Apple entirely. For the AppleScript glitterati, this is just part and parcel of the interesting way Apple has treated AppleScript since its invention, and it guarantees that scripters never get bored.


Well, we've covered a lot, and there are volumes I haven't even touched on. But that's how it is in a review. I tried to get to areas I haven't seen covered in other reviews, and avoid the ones that have been done to death, (Expose!). From the networking/IT point of view, there are a lot of needed improvements. One thing that should also be mentioned, although I've never gotten why it's important as anything more than a trivia item is the boot and shutdown times. Both are much faster under Panther. My 17" PowerBook can go from a cold start to a login screen in well under a minute, and shutdown averages less than ten seconds, both a noticeable improvement over Jaguar, particularly the shutdown time.

From my POV, Panther contains enough improvements to justify the upgrade cost with ease, and if you have to play on non-Mac networks, Panther is head and shoulders above Jaguar. If you haven't made the jump yet, I hope this review was of some help to you.

John Welch <> is an IT Staff Member for Kansas City Life Insurance, a Technical Strategist for Provar, ( and the Chief Know-It-All for TackyShirt, ( He has over fifteen years of experience at making Macs work with other computer systems. John specializes in figuring out ways in which to make the Mac do what nobody thinks it can, showing that the Mac is a superior administrative platform, and teaching others how to use it in interesting, if sometimes frightening ways. He also does things that don't involve computertry on occasion, or at least that's the rumor.


Community Search:
MacTech Search:

Software Updates via MacUpdate

Latest Forum Discussions

See All

Bid farewell to Penacony as Honkai: Star...
Penacony has been a story of twists, exciting new characters, and strong allies, and soon Honkai: Star Rail will be finishing it with a bang. Version 2.3, fittingly titled Farewell Penacony, will be launching June 19th and will feature updates to... | Read more »
HoYoverse roll out their plans for Anime...
For those who are looking to book a getaway in July, you might give some thought to Los Angeles between the 4th and 7th, which just so happens to coincide with the Anime Expo 2024. Amongst all the storied attendees is HoYoverse, who will be... | Read more »
The first rule of Brok the InvestiGator...
Mobile gamers were recently able to get their hands on BROK the InvestiGator, a point-and-click following the adventures of the titular reptile, a detective who can solve crimes through wit or brawn. If you were one that chose the latter then... | Read more »
Diablo Immortal celebrates second annive...
It has been two years since Diablo Immortal launched and despite some very valid criticism of its business model, it has done pretty well for itself. The Tempest class also gives it a lot of grace. To celebrate this anniversary, the March of the... | Read more »
Pokemon GO pulls on its jersey for a foo...
There have been a lot of jokes about this, some by me, but Pokemon Go has genuinely done a lot of good by getting people out and about.Pokemon GO Fest 2024: Madrid is fast approaching, and Niantic has set up a new area in a bit to get people to... | Read more »
Stumble Guys dials up the calamity 1000%...
Credit where it is due, Stumble Guys has had a few top-class crossovers in its’ life; Dungeons and Dragons, Rabbids and SpongeBob Squarepants to name but a few. It is such a shame, though, that all of these have now been well and truly trounced... | Read more »
You’re going to need a bigger boat as wa...
I am sure we all know that Finding Nemo quote of fish being friends and not food, however, Play Together is going in a completely opposite direction with their latest update. Introducing the Monstrous Fish, these behemoths are proving themselves... | Read more »
Supercell's hotly anticipated Squad...
If you've ever picked up a mobile, even without looking at an App storefront, you will have heard of Supercell, the massive company behind Clash of Clans, Brawl Stars, and Clash Royale. Now, the catalogue grows as Squad Busters prepares to take... | Read more »
Top Mobile Game Discounts
Every day, we pick out a curated list of the best mobile discounts on the App Store and post them here. This list won't be comprehensive, but it every game on it is recommended. Feel free to check out the coverage we did on them in the links below... | Read more »
Osseous has a bone to pick with you as t...
We recently quelled the immense threat brought about by Zemouregal and the giant dragon Vorkath in Runescape, and you might think that earnt adventurers a little break, but no. Instead, Jagex has decided it is time to face off against an equally... | Read more »

Price Scanner via

Could A Smarter Siri Infused With AI (‘Apple...
FEATURE – The iPhone is already smart, but it’s about to become more intelligent. AI — short for artificial intelligence — is widely expected to be the main topic of discussion at this year’s WWDC (... Read more
Update: For WWDC, Amazon has lowered prices o...
Amazon has every configuration and color of Apple’s M3 MacBook Airs now on sale for $170-$210 off MSRP, starting at only $899 shipped, as Apple holds their annual WWDC conference this week. Their... Read more
Deal Alert! 2nd-generation Apple AirPods on s...
Amazon has 2nd generation Apple AirPods on sale right now for only $79.99 shipped. That’s $50 (38%) off Apple’s MSRP. Their price is the lowest currently available for a new set of AirPods from any... Read more
13-inch M3 MacBook Airs on sale for $150-$200...
Amazon has every configuration and color of Apple’s 13″ M3 MacBook Air on sale for $150-$200 off MSRP, now starting at only $899 shipped. Their prices are the lowest available for these Airs among... Read more
Apple is now selling 13-inch M3 MacBook Airs...
Apple has Certified Refurbished 13″ M3 MacBook Airs now in stock for $170-$230 off MSRP, Certified Refurbished. Prices start at $929. These are the cheapest M3-powered MacBooks for sale at Apple and... Read more
Amazon is offering $150-$200 discounts on 15-...
Amazon is offering a $150-$200 discount on every configuration and color of Apple’s M3-powered 15″ MacBook Airs. Prices start at $1149 for models with 8GB of RAM and 256GB of storage: – 15″ M3... Read more
Apple is now selling 15-inch M3 MacBook Airs...
Apple has Certified Refurbished 15″ M3 MacBook Airs in stock today starting at only $1099 and ranging up to $260 off MSRP. These are the cheapest M3-powered 15″ MacBook Airs for sale today at Apple.... Read more
13-inch M3 MacBook Air prices drop to record...
B&H Photo is offering discounts on new 13-inch M3 MacBook Airs ranging up to $200 off MSRP ahead of Apple’s WWDC conference next week. Prices start at only $899! These are the lowest prices... Read more
Apple HomePods on rare sale for $20-$30 off M...
Best Buy is offering a $20-$30 discount on Apple HomePods this weekend on their online store. The HomePod mini is on sale for $79.99, $20 off MSRP, while Best Buy has the full-size HomePod on sale... Read more
Base 14-inch M3 MacBook Pro on sale for $1399...
Amazon and B&H Photo both have the base 14″ M3 MacBook Pro on sale for $200 off Apple’s MSRP, only $1399. Shipping is free at both retailers (free 1-2 day shipping at B&H): – 14″ M3 MacBook... Read more

Jobs Board

*Apple* Systems Administrator - JAMF - Activ...
…**Public Trust/Other Required:** None **Job Family:** Systems Administration **Skills:** Apple Platforms,Computer Servers,Jamf Pro **Experience:** 3 + years of Read more
*Apple* Systems Administrator - JAMF - Activ...
…**Public Trust/Other Required:** None **Job Family:** Systems Administration **Skills:** Apple Platforms,Computer Servers,Jamf Pro **Experience:** 3 + years of Read more
Operations Associate - *Apple* Blossom Mall...
Operations Associate - Apple Blossom Mall Location:Winchester, VA, United States ( - Apple Read more
Armed Security Officer - *Apple* Store - NA...
…provide services in which the client's health, safety, and security is our #1 priority. The Apple Store is located on the 2 nd floor of the 5 th Avenue Mall. Read more
Liquor Stock Clerk - S. *Apple* St. - Idaho...
Liquor Stock Clerk - S. Apple St. Boise Posting Begin Date: 2023/10/10 Posting End Date: 2024/10/14 Category: Retail Sub Category: Customer Service Work Type: Part Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.