Collections and Contemplations
Volume Number: 21 (2005)
Issue Number: 11
Column Tag: Programming
Patch Panel - light
Collections and Contemplations
by John C. Welch
IT Types Finally Get A Room of Our Own
So after the last series we saw here, I thought that I'd devote this column to a collection of
items that aren't enough to merit their own columns, but still of use to Mac IT Admins and Mac Geeks
in general.
iTunes
While iTunes is indeed a wonderful thing, there are aspects of it that can be annoying on a
network in large numbers, especially the iTMS, Internet Radio, and Music Sharing. Luckily, all of
these can be managed, some of them centrally. With iTunes 5, you can now set preferences for
accessing Podcasts, the iTMS, and Shared Music from within the "Parental" section of the iTunes
preference. Yes, I know that doesn't cover Internet radio, but if you look in the "General" section,
you see the control for showing or displaying Internet Radio. Finally, you have further controls in
the "Sharing" section. These sections are shown in figures 1a - 1c below.
Figure 1a:
iTunes 5.X Parental Controls
However, you still have to get those preferences out to the user's machines. For that, you
really, really want to use Workgroup Manager and the MCX (Managed Client for OS X) capabilities that
allow you to push out individual preference files. I would go into the details of how to use this
with iTunes, but as it turns out, I don't have to. Instead, go to the .Mac site of John DeTroye,
Apple SE and MCX wizard extraordinaire. Go to his downloads section, select "Latest_Tips",
"Tiger-tips" and download the "mini-tandt-itunes5.pdf" document. It will show you how to use
Workgroup Manager to manage iTunes for everything but Internet Radio.
Now, that's not a minor issue. Internet Radio is potentially a huge bandwidth hog, especially if
you multiply each connection by a couple hundred or thousand users. However, there's two ways to
deal with this, one elegant, but requiring a more advanced firewall, and one that's not so advanced,
but works well nonetheless.
The elegant way is to block the initial request from iTunes. As it turns out, iTunes makes all
its initial requests for things like Internet radio and the iTMS as http connections. In those
connections, it has a user agent, that, on my machine shows up as: User-Agent: iTunes/5.0.1
(Macintosh; N; PPC). So, if your firewall/router setup is able to handle higher level filtering, you
simply tell it to block all outbound HTTP traffic where the User-Agent contains "iTunes". That
blocks all versions, all platforms. At that point, your iTunes traffic is now local - only. Note:
While
Figure 1b:
iTunes General Controls
there are a lot of very complex tools to discover things like this, my personal favorite here is
tcpflow, available via DarwinPorts at http://www.darwinports.org/.
If your firewall/router setup isn't able to do this, then there's a simpler, albeit uglier way.
Block TCP ports 8000-8999 and 42000-42999. That will prevent any iTunes Internet Radio streams to
your network. Doing the iTMS is a little trickier, since that all happens over ports 80 and 443, and
if you block those, you've effectively cut off the World Wide Web. However, if you kill access to
"phobos.apple.com", you
Figure 1c:
iTunes Sharing Controls
can block off the iTMS, at least until Apple changes the DNS name of the iTMS.
To block music sharing, (say if you don't yet have all your machines on iTunes 5.x yet), just set
the firewalls on the individual Macs to block all connections on TCP port 3689. (This can be done
any number of ways, from shell to Applescript; the specific implementation is really up to your
individual preferences and skillset. You can also do it as part of the imaging process for new
machines, and let attrition handle it for you.) If for no other reason, the fact that iTunes 5 lets
you block everything but Internet Radio with relative ease, is a good reason to upgrade.
AppleScript Tricks
So, as many who know me can attest to, my .sig file in Entourage is huge and varied. However, I
got rather tired at typing them in manually all the time, so...AppleScript to the rescue. I have two
scripts that handle signature creation, one from within emails in Entourage, the other for things I
see in Safari that are theft-worthy.
The Entourage script is fairly simple:
set theSigTitleRecord to display dialog "Enter a name for the signature"
default answer "RandomSig 1"
set theSigTitle to text returned of theSigTitleRecord
tell application "Microsoft Entourage"
try
set theSelection to the selection as text
set theSelection to "-- " & return & theSelection
make new signature with properties
{name:theSigTitle, content:theSelection, include in random:true}
end try
end tell
The first part is easy. We display a dialog that asks for a name to be used for the signature,
with some default text. Dialogs all return a record, so we grab the "text returned" field of that
record, and put it in theSigTitle.
The rest all happens within Entourage. We get the selected text, drop it into theSelection, and
make sure it's plain text. We then set up the sig format in theSelection, which by RFC is
"--". With Entourage, you need to use the return keyword, not the \r escape
for returns. We then create a new signature with the required properties; name, content, and is it
in the random list, (yes). By wrapping it in a try block, I deal with any errors. There should be
some error checking to look for me trying to run this script without selected text, but since I'm
the only one (until now), who's using it, it hasn't been a big deal.
The Safari version is similar:
set noSelectedTextFlag to 0
tell application "Safari"
set theText to (do JavaScript "getSelection()" in document 1)
if theText = "" then --some sites with frames don't allow for
the JavaScript above, so copying is the fix
tell application "Safari" to activate
tell application "System Events"
tell process "Safari"
keystroke "c" using {command down}
delay 0.5
set theText to the clipboard
end tell
end tell
end if
if theText = "" then
display dialog "You need to have something selected!"
set noSelectedTextFlag to 1
end if
end tell
if noSelectedTextFlag = 0 then
set theSigTitleRecord to display dialog "Enter a name for the signature"
default answer "RandomSig 1"
set theSigTitle to text returned of theSigTitleRecord
tell application "Microsoft Entourage"
try
set theText to "-- " & return & theText
make new signature with properties {name:theSigTitle, content:theText,
include in random:true}
end try
end tell
end if
As we can see, the script only has a few changes. The first line is a flag for some error
checking that I added to the script, and defaults to 0. In the Safari section, we first try to use
JavaScript within Safari to get the selected text and put it in theText. If that doesn't work, and
it often doesn't, we then resort to the quick 'n' dirty UI scripting method, and have Safari act as
though we hit cmd-C to get the selected text onto the clipboard. That is then dumped into theText.
The next line is a quick error check. If, after all that, theText is still empty, then we display
a dialog informing the user that hey, this won't work so well without actual selected text, and it
sets noSelectedText to 1. From there, we check to see if noSelectedText is 0. If it is, then we
create the signature. If not, then we don't and the script ends.
True, neither of these scripts are all that complex or "work - oriented" but they do give you
some ideas of how to accomplish the same thing from two different angles, and some very basic
introduction to using JavaScript and UI scripting in the same AppleScript. Besides, its fun to have
a large collection of pithy signatures.
Microsoft Office 2004 Service Pack 2
While there are always arguments for and against applying a service pack or update, if you use
Entourage in a Microsoft Exchange environment, run, don't walk to apply this. It has a host of fixes
and changes for Exchange users that people have been asking about for some time. It doesn't do
everything everyone wanted, but it hits a lot of issues like delegation, folder sharing, password
change messages, sync speed, GAL usage, quota management, and Public Folders right out of the park.
As well, the Entourage Weblog, at http://blogs.msdn.com/ entourage/default.aspx is no longer
dormant, and has a bunch of really great articles about Entourage's SP2 changes. There are some
fixes to the rest of Office, but after all, Entourage is why we really buy Office, right? (I'm so
getting in trouble for that ;-)
Conclusion
Again, nothing major here, just some small "storylets" that I've had bouncing about for a bit,
and decided to turn into a column. Sometimes, you just have to go light.
Bibliography and References
Much thanks to John DeTroye for his tips and tricks documents, they're a boon to Mac
administrators everywhere. http://homepage.mac.com/johnd
The folks at MacSurfer originally created the Safari code to make their lives easier, it works
really well, so I stole it like a thief in the night. MacSurfer is also the best news aggregation
page on the Mac web, and I hit it at least 5 times a day. http://www.macsurfer.com/.
We may not always like their parent company, but the Microsoft Macintosh Business Unit always
does great work, and I can't imagine trying to work without Entourage, Word, and PowerPoint. http://www.microsoft.com/mac/.
John Welch (jwelch@bynkii.com) is the Unix/Open
Systems Admin for Kansas City Life Insurance, a Technical Strategist for Provar, (http://www.provar.com/) and the Chief Know-It-All for TackyShirt,
(http://www.tackyshirt.com/). He has over fifteen years of
experience at making Macs work with other computer systems. John specializes in figuring out ways
in which to make the Mac do what nobody thinks it can, showing that the Mac is a superior
administrative platform, and teaching others how to use it in interesting, if sometimes frightening
ways. He also does things that don't involve computertry on occasion, or at least that's the rumor.
