Randall Munroe’s XKCD has inspired interesting product features in the past. A recent one has sent a lot of Mac users scurrying to set up an audio doorbell on their Mac Minis.

Here’s how you can do it.

The Source Code

<?php
if (isset($_GET['say'])) {
  $cmd = sprintf('say "%s"', preg_replace('/[^\w\d ]/', '', $_GET['say']));
  `$cmd`;

} else if (isset($_GET['up'])) {
  $cmd = 'set output_vol to output volume of (get volume settings)
  set volume output volume (output_vol + 10)';
  `osascript -e "$cmd"`;

} else  if (isset($_GET['down'])) {
  $cmd = 'set output_vol to output volume of (get volume settings)
  set volume output volume (output_vol - 10)';
  `osascript -e "$cmd"`;
}
?>
<form action="<?= $_SERVER['PHP_SELF'] ?>" method="get">
  <p><input type="text" name="say">
  <input type="submit" value="Say"></p>
  <p>Volume:
  <input type="submit" name="up" value="Up">
  <input type="submit" name="down" value="Down"></p>
</form>
<p>Hey Randall, here's how you
  <a href="http://xkcd.com/530/">change the volume</a>.<br/>
  &ndash;<a href="http://manas.tungare.name/">Manas</a>.
</p>

Where to Put It

Copy the code to a new file, name it “say.php” (or whatever else you want to call it) and put it in Macintosh HD /Library/WebServer/Documents/. Remember, this is the top-level /Library directory, not the one under your own user account. You also need to make sure that Web Sharing has been turned on under System Preferences > Sharing.

How to Use It

Open a browser, and type in:

http://localhost/say.php

from your own machine.

To do this from another machine connected to the same router, use the Bonjour name of your Mac (this can be found under System Preferences > Sharing.) E.g.

http://Manas-Desktop.local/say.php

To do this from a machine outside your router, you need to have configured your router correctly. And if you can do that, you don’t need me to tell how to do the rest of it.

Bonus feature: this script also lets you increase and decrease the volume. Perhaps then, Randall’s roommate might have heard him.

Warning: Security Issues

To achieve what this script does, it needs to take input from the Web and use it in a command that executes in a shell. The input is sanitized and I believe that such a risk is minimal. However, if you’re concerned about this possibility, do not install this script. You are responsible for what you do with this script and your machine. If you’re really concerned, put it inside an authenticated session.

Update: Added a command injection filter suggested by Mac OS X Hints user skicker.

OmniFocus and WebDAV

OmniFocus is a GTD app for Mac OS X and iPhone. Obviously, the iPhone version would be pretty much useless if the two did not sync. The good folks at Omni have made this possible, but it requires either a little money or a little time. I have more of the latter than the former, so I chose to use my own WebDAV server (which I can run for free on my desktop Mac) instead of a paid subscription to Apple’s .Mac or Mobile Me service.

Setting up WebDAV on Leopard

The good news is that all the bits and pieces of software that you need to run a WebDAV server on Mac OS X 10.5 Leopard are already installed. You only need to configure them correctly and turn them on. Some experience with Terminal is preferred, and you should be familiar with executing UNIX commands. Let’s start!

1. Start Apache. (If you haven’t already) You will need to enable Web Sharing, since the WebDAV service will be provided by Apache, the web server on Mac OS X. You do not necessarily need to have a web site running, but you will need to activate and run Apache. Go to System Preferences > Sharing, and turn on the box labeled Web Sharing.
   
2. Enable WebDAV support in Apache. Edit the file /etc/apache2/httpd.conf, (remember to use sudo to edit it) and locate this line:

   LoadModule dav_module libexec/apache2/mod_dav.so

   Make sure it is not commented (there should be no "#" at the beginning of the line.) Then locate this line (towards the bottom of the file):

   Include /private/etc/apache2/extra/httpd-dav.conf

   Again, make sure it is not commented out. It is disabled by default, so you need to remove the "#" from this line.

3. Configure WebDAV. Next, edit the file /etc/apache2/extra/httpd-dav.conf. Add a section in it to create our new WebDAV share. Here’s what the new section should look like. As a security precaution, you should also go ahead and delete the /usr/uploads share that is set by default.

   Alias /webdav "/Library/WebServer/WebDAV"
   
   <Directory "/Library/WebServer/WebDAV">
     Dav On
   
     Order Allow,Deny
     Allow from all
   
     AuthType Basic
     AuthName WebDAV-Realm
     AuthUserFile "/usr/webdav.passwd"
   
     <LimitExcept GET OPTIONS>
       require user YourUserName
     </LimitExcept>
   </Directory>
   

   On line 1, the name following the Alias keyword is the URL you’d like for your new WebDAV share. If you want the share to be located at http://your-server-name/your-fancy-webdav-share, then line 1 should read:

   Alias /your-fancy-webdav-share "/Library/WebServer/WebDAV"

   On line 9, we specify the authentication scheme as Basic, not Digest. The security conscious will note that this sends unencrypted passwords over plain text. In my tests, OmniFocus was not able to communicate with the server with the Digest authentication scheme. Remember not to use a particularly important password for this account.

   On line 14, substitute the username you would like to use for your WebDAV account. Note this down, because you will need this again in the next step.

4. Create user accounts and passwords. Use the htpasswd tool to create your password file.

   sudo htpasswd -c /usr/webdav.passwd "YourUserName"
   New password:
   Re-type new password:
   Adding password for user YourUserName

5. Create the necessary directories.

   sudo mkdir -p /Library/WebServer/WebDAV
   sudo mkdir -p /usr/var

6. Setup permissions correctly.

   sudo chown -R www:www /Library/WebServer/WebDAV
   sudo chown -R www:www /usr/var
   sudo chgrp www /usr/webdav.passwd

7. Restart Apache gracefully.

   sudo apachectl graceful

8. Test your server. Optionally, you can test your WebDAV configuration using litmus, a WebDAV server test tool. It is distributed as source code with no binaries, so you will need to compile it first, for which you will need Apple’s Developer Tools. You can test your server manually by using a graphical client such as Goliath. Try uploading a file and see if you can access it again.

That’s it, you can now point OmniFocus to http://your-server-name/webdav and provide the credentials you created earlier. With this setup, you will immediately be able to access your WebDAV server over your local network. If your machine has a static public IP address, you will also be able to sync from outside your local network.

If, on the other hand, your machine is behind a router, you will need to configure port forwarding on your router. If you do not have a static IP, you will need to set a dynamic hostname via services like DynDNS.

Possible Error Messages

This is by no means a zero error configuration, and sometimes things might go wrong. Here are some of the common error messages and how to fix the relevant errors:

• The locks could not be queried for verification against a possible "If:" header.
No such file or directory: Could not open property database
  The web server is not able to access the password file. In our example, you need to ensure that /usr/webdav.passwd can be read by the Apache user, www. To do that, run the following chmod command.

  sudo chgrp www /usr/webdav.passwd

• Client used wrong authentication scheme: /webdav/
  You probably set the Authentication scheme to Digest instead of Basic. Try changing to Basic. Also note that you need to regenerate the password file using htpasswd instead of htdigest.

A hat tip to Vivek for helping test these instructions on a clean Leopard installation.

After spending about an hour configuring what should, in theory, be a simple matter, I figured I’d write a blog post that might one day save another soul an hour or so from his or her life. So, for good karma, basically. In the past, I have set up port forwarding on Linux, Mac OS X and Windows, so I was a little worried that it took me about an hour trying to appease the SSH deities (and daemons).

The command itself is just a single line; the devil is in the parameters. I’m splitting the command over several lines and adding line numbers to illustrate the details and separate the parts of the long-ish command for easier explanation. Feel free to type it all on a single line (after removing the line numbers and the line-break markers ("\") of course!)

1.     ssh \
2.       -L local_port:service_host:service_port \
3.       -p ssh_server_port \
4.       -l ssh_server_username \
5.       -N \
6.       ssh_server_host

Parameters

Now for the various parameters used in the command above. Some of them may be omitted if the defaults are used, but I have included all of them in the example above to cover the most general case.

local_port

The port on your local machine that your local program expects to be able to connect to. If this is one of the reserved ports (i.e., under 1023), you will have to run your ssh tunnel command as root (using sudo). Ports above 1024 are freely available for any user to listen on.

service_host

The fully-qualified domain name or the IP address of the server that is hosting the service that you wish to connect to. For example, if this is a web site, it could be google.com or yahoo.com. It does not have to be under your control, nor does it have to be the machine that you’re SSHing into. It is just any host on the Internet that you can access from ssh_server_host. Often this is a server you are not allowed to access from your own machine, e.g. a chat server or IRC server. Or you may wish to hide the fact from the administrator of your local network that you are connecting to this server (e.g. when you’re out at a coffee shop on a sniffable insecure wireless network, or in a country with laws forbidding access to free information.)

Important: If you’re trying to access a service running on the same machine as ssh_server_host, remember to use 127.0.0.1, not localhost. What’s the difference, you say? Well, since IPv6 is here to stay, localhost can map to either 127.0.0.1 (IPv4) or ::1/128 (IPv6). If your applications aren’t all IPv6-compliant, this can cause some headache. Hopefully, we will all be on IPv6 in the near future, but till then, this is a way to make things work. If you’re trying to use IPv6, you need to use local_port/service_host/service_port (slashes instead of colons.)

service_port

The port number on which the desired service is running. Here are some common port numbers:

Service	Port
Web: HTTP	80
Web over SSL: HTTPS	443
Outgoing email: SMTP	25
Incoming email: POP3	110
Incoming email: IMAP	143
VNC	5900
iTunes Music Sharing	3689

ssh_server_host

The machine that you’re SSHing into. This is the one that is running sshd, the SSH daemon.

ssh_server_port

The port number on which the SSH daemon is listening on ssh_server_host. This is most likely 22; you should only use a different value if your sysadmin has told you that the SSH server is running on another port (or if you’re a sysadmin yourself and you set up your SSH server to run on a non-standard port for security through obscurity.)

ssh_server_username

The username you would use to connect to ssh_server_host in a regular SSH session. This may or may not be the same as the username you currently use on your local machine.

The Entire Command, Line by Line

1. Line 1 simply calls the ssh program;
2. Line 2 sets up the port forwarding. The -L parameter specifies that this is a remote-to-local tunnel. If you wanted to create a local-to-remote tunnel, you’d have used -R instead of -L. The next three parameters are from our list above, separated by colons. (Use slashes instead of colons for IPv6.) If you want to set up multiple tunnels from the same host, simply repeat line 2 as many times as you’d like, once for each set of local_port:service_host:service_port.
3. Line 3 selects a port on the ssh_server_host to connect to. Omit this line if you’re connecting to the default port 22.
4. Line 4 specifies the username to use on the ssh_server_host. It is also possible to use the ssh_server_username@ssh_server_host syntax instead of the -l parameter.
5. Line 5 indicates to ssh that no commands be run on the remote system. Since you’re using this SSH connection simply for tunneling, this is a useful option to set.
6. Line 6 contains the most basic parameter of this entire process. Please don’t get this wrong.

Common Errors and Solutions

If you’ve not been able to debug this so far, try passing the -v parameter to ssh to see verbose output. Add another -v for more verbose output.

If you’re reading this, and come across any specific source of trouble, please let me know so I can add it to this mini HOWTO.

A video from Apple’s 1984 Shareholders’ Meeting seems appropriate today.

I was playing with Telekinesis on Friday, which lets you use an iPhone as a remote control for your Mac. The idea is simple: Telekinesis runs a web server on your machine, and the iPhone connects to it. It ships with a few Telekinesis Applications (or “tapps”), or you can write your own to control your own programs.

I wrote one to control Keynote presentations from your iPhone. It’s fairly simple: it shows you the current slide and the presenter’s notes for that slide, and it lets you go forward and backward through your slide deck. (No, it’s not release-quality yet, but expect it in a few days.)

So here’s the real meat of this blog post: (Warning: geeky-acronym-land ahead.)

• Being a Mac OS X app, Telekinesis’s UI is written in Objective C.
• It exposes a web server that can run PHP scripts.
• My remote application is a set of PHP scripts that sit on the Mac and run when the iPhone user launches the app.
• On the iPhone, the user makes a request to the PHP script, that generates HTML, CSS and JavaScript to format the page for the iPhone
• To capture the current slide, I use a command line program (screencapture) inside a shell script from within PHP.
• I resize the large slide for the iPhone using another shell script, and push it out to the phone as a stream of bytes, via PHP.
• To change slides, the user clicks the Next and Previous functions on the iPhone, which use AJAX (JavaScript, XML, XmlHttpRequest) to send the request to a PHP script;
• the PHP script interprets this request, and wants to use AppleScript to ask Keynote to update the current slide. But since there is no direct way to invoke AppleScript from PHP, we use the command-line tool osascript in a shell script to run our AppleScript.
• Keynote hears the call to action from our AppleScript, and changes the slide.

So, our champion team now includes the following players: Objective C, PHP, HTML, CSS, JavaScript, Shell Script, and AppleScript: all with the single goal of changing a Keynote slide.

Has anyone changed lightbulbs with an iPhone yet?

Lots of you reported timezone errors in my Google Calendar Dashboard Widget. I thought I’d fixed it in 2.0 with some changes to the date parsing code, but it turned out that only worked for certain timezones. So here is another version with solely a timezone bug fix. I believe this should be the end of all troubles, but who knows.

Go forth, download v2.1, and let me know how it goes! If you still encounter any issues, please let me know.

If you’re a programmer, you might appreciate knowing what was wrong: the JavaScript parseInt function expects a radix as its second argument. (Radix is the base to which numbers should be parsed, e.g. decimal, octal or hex.) If you don’t provide a radix, the function guesses a radix based on the string you pass to it. If the number starts with 1-9, then the radix is assumed to be 10; if it’s 01-09, then it’s octal, and 001-009 are parsed as hex. So the timezone parsing was being affected by this for all the 01-09 hours of difference. Long story short, I added the radix explicitly, and things should be OK now.

This long-pending update to my Google Calendar Dashboard Widget is now finally ready!

Changes in Version 2.0

1. There were some problems handling time-zones in version 1.0 for some users. These issues have been (hopefully!) fixed in version 2.0.
2. A highly-requested feature was to be able to look-ahead several days into the future, not just today and tomorrow’s events. Version 2.0 lets you preview up to one week ahead of today.
3. The top part of the widget now features a button that takes you to Google Calendar in a browser. Trivial, yet highly useful, feature.

Download this free update if you’re using version 1.0. And keep the comments flowing in!

Related posts: Announcing the Google Calendar Dashboard Widget.

Users who bought music from Microsoft’s MSN Music Store (no one I know, but still) will not be able to play it on the newly-announced Zune portable player. (Oh, did I mention Zune is made by Microsoft too?)

Let’s see how many different classes of people they’ve alienated this time:

1. There are the users who bought players from their hardware partners. If they want to “upgrade” to a Zune, they’ll have to re-buy their music.
2. Their hardware partners, because this is going to affect their sales, no doubt.
3. Their music suppliers, because they’re discontinuing the MSN Store.
4. And this is in addition to all of us Mac OS X and Linux users for whom Microsoft doesn’t even have a media player (not that we care, but still.)

From playsforsure.com:

Look for the PlaysForSure logo if you’re shopping for a music or video device and you want to make sure the digital music and video you purchase will play back on it every time.

Heh. I’d just buy an iPod, then.

And the irony to top it all is that this initiative was called ‘Plays for Sure’. Yeah, right.

In the tradition of writing gadgets for Google Desktop and other Google properties, here’s one more from me: the Google Calendar Widget for Mac OS X Dashboard.

Since my switch to the Mac, I’ve been missing Google Desktop and using Dashboard more and more. And a calendar’s a nice thing to keep an eye on from time to time. So, without much further ado, here’s the gadget, oops, widget!

I’ve been reading Presentation Zen lately, and various related resources. I’ll credit Stanford Law School Professor, Larry Lessig, with exposing me to “alternate” styles of presentation when he gave a talk at Google last Summer.

Some interesting quotes and links I picked up along the way, with credits.

“If someone that did not attend to [sic] my presentation can understand anything if I mail them my slides, I have made a really bad set of slides. Really bad.” — eirikso.com.

“What a computer is to me is it’s the most remarkable tool that we’ve ever come up with, and it’s the equivalent of a bicycle for our minds.” — Steve Jobs.

An excellent presentation from Seth Godin at the Gel Conference, on all things broken!

Jonathan Shewchuk’s tips for academic talks.

“Start-up a PowerPoint presentation and the average IQ of the room drops by 10 points.” – Anon

A suicide PowerPoint presentation featured on The Onion.

Well, what’s to stop someone from picking up your PowerBook or MacBook Pro and running away? Macs aren’t really secure now, are they?

Given that I’ll soon be moving cross-country to work at Google, I felt a little insecure about my laptop: the many ways in which it could be stolen. I’m not the kind who would use one of those chain-locks at all times, so I devised a software solution.

I wrote up a combination of two scripts, a shell script to run on your laptop, and a script to put on a web server somewhere else. The idea is that the laptop will keep informing the server about itself, and a stolen laptop may thus be recovered. It reports back the obvious stuff such as network names, what ISP it’s connecting to, and a traceroute to Google (so you can look it up backwards to see where it went.) It also sends back screenshots of the current user — so you can see what the thief has been upto! Perhaps you could catch a glimpse of an email account, an IM window, a website — something that can help you track down the thief.

Go check it out, it’s in my list of projects as Laptop Theft Protector. As usual, free as in beer, free as in freedom. In this case, it’s also free as in puppy (meaning you will have to spend some time with it.) And, as I’ve come to believe, the best things in life run only on a Mac. Don’t try this on Windows. Or Linux.

I’m installing Windows XP on a Mac. Well, a lot of folks are doing that today thanks to BootCamp, but there’s a difference: I own a PowerBook, not a MacIntel. (For the non-technologists, the PowerBook uses a PowerPC processor, not an Intel x86 processor.) I came across a qemu port for Mac OS X named Q that emulates an x86 very, very, slowly. So I’m installing Windows, well, because you can.

Apart from the performance, the other thing that’s been bothering me is Microsoft’s counter: there’s a little counter by the side which has been saying “Setup will complete in approximately 23 minutes” for the last couple of hours. I mean, if you’re gonna put a counter there, shouldn’t it accurately reflect the time remaining, based on the speed of the processor you’re running on? Right now, it seems to me like the timestamps have been hardcoded, and even if it takes days to install, it will still maintain a cheery-faced “23 minutes to completion.”

Here’s a preview of Windows Vista. The soundtrack seems to be a Microsoft original; the operating system on the other hand, ahem. This is an interesting followup to a previous post by me.

Copyright notice: I did not find copyright information about this video on either Google Video or MetaCafe. If you are the copyright owner, and would like me to remove this video (embedded from Google Video), please contact me.

This is a pretty interesting (and sadly true) parody of the iPod packaging.

Reminds me of Antoine de Saint Exupéry’s comment on design: "Perfection in engineering is achieved not when there is nothing left to add, but when there is nothing left to take away." This reflects the important distinction between Apple and Microsoft …

Michael Desmond has a piece in PC World, titled, Ten Reasons to Buy Windows Vista. Frankly, after reading his article, it seemed to me like, “Ten Features that Windows Vista borrowed from Mac OS X Tiger”. And even on the PC platform, there are free (as in beer or as in freedom) third-party utilities that give you everything. If you’re running Windows XP, the only reason to upgrade seems to be a shiny new Aqua-inspired UI called Aero, and that too, if your graphics card can handle it.

Here’s what I mean:

1. Security, security, security: Mac OS is based on OpenBSD, has only had one virus worthy of mention so far (which, BTW, spreads by relying on the user clicking it and then wilfully giving it the administrator password. Vista is only now getting User Account Protection (and it’s a Microsoft version-one feature, we all know what that means). On Mac OS X, it’s been like that ever since the switch to OpenBSD, so administrator privileges are not required for regular use (like running programs, you know.)
2. Internet Explorer 7, a Firefox-inspired makeover: (Those are Desmond’s words, not mine.) Mac OS has Safari, that is better than either Firefox or IE. It’s the only browser to pass the ACID-2 test; even Firefox cannot boast of that much standards compliance. I’m still not sure why buying a new operating system to get a browser makes more sense than downloading the better browser for free on your current OS.
3. Righteous eye candy: Windows plays catch-up to Mac OS. Yet again. Yawwwnn.
4. Desktop search: Spotlight has been here for how long now? And on Windows, trust it to the guys who know search: Google. Google Desktop is a free download for Windows 2000/XP. (Disclaimer: I worked on Google Desktop.)
5. Better updates: Good thing they corrected yet another mistake. And yet another feature that has been the right way on Mac OS. Why was checking for operating system updates ever a feature accessed by a web browser?
6. More media: Desmond boasts Windows’ new media player, dvd creation software and photo manager. Hmm, that sounds like iTunes, iDVD and iPhoto to me. And now, iWeb, since 2006. Available free with every Mac.
7. Parental controls: Seen that, but never had to use it. So I don’t know how good it is on Mac OS X, but it exists.
8. Better backups: Copy and Paste. Because your data isn’t stored in C:\Documents and Settings\Username\Application Data\Company\Program\somewhere. Pick up your home directory, and put it where you want to back it up. Your documents and settings go with it. For more power, get the free Apple Backup.
9. Peer-to-peer collaboration: Bon jour, mes amis.
10. Quick setup: This is one where I can’t compare Windows and Mac OS. Mac OS came preinstalled on my PowerBook (obviously), and I haven’t ever had to reinstall it. Windows, on the other hand, has stolen precious days out of my life, because the only way to make my system faster was to reinstall it. Of course, the 15-minute installation time is only for the OS itself … (but even that is a huge help to those have to live with it).

I must add that (most of) these features have existed on Mac OS for quite a long time, so they have been better tested and exercised. I’ve never been able to rely on first-generation Microsoft products, so I have my reservations there. The only reason to stay with Windows is if you have Windows-only applications. Then again, they work fine on your machine today, so why upgrade?

I switched from being a heavy Windows user (and developer; check out the Projects section on my website) to a Mac user last year. The transition has been smooth and painless, and I’m still discovering features and applications that make me go wow. If you’re in the market for a new computer, do seriously consider a Mac. You’ll thank yourself for it for years to come.

Update: This comic sums it up nicely.