Below are the thoughts from a computer professional who has spent the last 10 years supporting Mac, Windows, and Linux computers in a variety of network applications. By no means will this general tips section be exhaustive -- that is what a good book is all about. I am also not going to spell out how to do everything by hand -- if you have a question, please post it to the Mac forums, and let our team of moderators look into the solution.


Let's get started:

Setup
Every new computer that I receive coming out of a box, either for work or play, first gets booted up with the supplied disk setup, where I copy any vendor supplied information to a CD-ROM or network device. I then reboot with the supplied CD-ROMS and build the computer from scratch by myself. Why do this? So that I know what is installed, and can control the installation. I like to control the software that I am going to work with. I can also decided to throw in extra things, such as the development tools that OS X provides (compilers and the X environment).

Partitons. I like to partition the large hard drive into three: A system partition, an applications partition, and a data partition. By doing this, I isolate my data from logical errors, such as if the OS becomes unstable, and I need to re-install. If the system comes corrupted, that damage will be isolated from my data partition (unless the corruption deletes / destroys files). Partitioning does not protect against physical hard drive failure, but will give you more options.

OS 9. OS 9 was, in many ways, Magical that all of the system files were kept in the system folder. You could take that one system folder, and copy it to another similar machine (model number), change the sharing name, and boot it and away you go. If you wanted to backup your System folder to CD or external hard drive -- just copy it over. The newest Macs will no longer boot to OS 9, but if you have an older one, save off that OS 9 System Folder, and plug it in when you are done setting up OS X for classic programs. And if you did partiton your drive, you can easily change to boot to OS 9, and isolate the two system folders. My laptop has 3 system folders -- one for OS X, one for Classic, and one for pure OS 9. The Classic setup is a "minimal" OS 9, so that I do not load a lot of unneeded extensions within OS X.

Users. Consider setting up an administrative account, and a normal user account. Use the normal user account for daily things, and only go into the administrator account when you really need it. Also, under OS X, consider enabling the root user. This is done by using the Netinfo Manager.

Networking
OS X supports all kinds of networking options. The computers will issue DHCP requests, so you can get the dynamic IP addresses as needed. Macs can also file share, and participate in a number of networks.

Peer 2 Peer networks are when Macs turn on file sharing, and they communicate with each other. P2P networks can be defined over IP, or Appletalk. In order to turn them on, you will need to go into your System Preferences --> Sharing and then enable some services. For performance and security reasons, I would leave them disabled unless absolutely necessary. If you are going to keep various services enabled, make sure that you have accounts setup with proper security, so that outsiders do not get to information you need to protect.

Active Directory : Windows Apple is working to get Macs into Active Directory that the Windows people use to save data, and regulate permissions on a corporate network. Complete active directory logins is not fully ready to go... but for file sharing, you can, using OS X 10.3, make a connection to the server using the smb://servername/sharename syntax. The system should prompt you for a username and password. I believe they are case sensitive. Microsoft also has a UAM (user access module) available for download that will support encryption of usernames and passwords to the server. If the Microsoft server has Appletalk installed, you can also reference the share using afp://servername/sharename syntax. If you are having troubles writing to Windows sharepoints, check your permissions, and make sure that the volume is not locked. When 2003 servers setup Macintosh sharepoints, they lock the volumes by default. And, if you need to use Terminal Services, a free OS X RDP client is available from Microsoft.

Novell: Novell supports Appletalk, and you can login to their servers with typical usernames and passwords. You can print to Novell printers, although it really works well if the printer in question supports postscript. Novell has ported a number of tools to Linux, including ConsoleOne, and it is just a question of time before someone ports that to OS X. There is a version of RConsole for Mac OS X that does not use Java either.

Linux: Linux has software available to mimic Microsoft (samba), Novell (mars-nwe), and Apple (netatalk) servers. OS X will work with any of those services properly configured with username and password information, and the proper security permissions on the filesystem. OS X comes with SSH and Telnet, so you can interact with Linux from the command line rather easily.

Security
The Mac, by design, is a very secure platform. Windows Viruses (aside from Office Macro Viruses) will not affect a Mac. Macintosh computers, through file sharing and emailing of files can infect other Windows machines, but a Windows virus will not have the right executable code to work with a Macintosh. Macs also ship with a number of outside services disabled.

User Security: Pick good passwords to use with your Macs. Do not always work with your computer in Administrator mode. Set your screensaver to require a password to access the computer. Do not install the patches the moment they are released via Software Update. Let the world take a crack at the patches first.

Firewall: Mac OS X ships with a firewall that is off by default. It is found in the System Preferences --> Sharing --> Firewall menu. Turn the firewall on (unless you are behind another firewall), and only enable what you really need. You do have the ability to add other port options as needed.

Antivirus: A great idea, but not an absolute requirement, unless you are interacting with a lot of Windows users. I am not all that impressed with Virex... their antivirus product conflicts with the Palm Sync software under OS X, and that is not so good for us with Palms. Norton has a product out there, along with Sophos.

Encryption: Encryption is available on the Mac. I have not explored the topic in detail, but it is available.

Backup Software: The Mac is a machine. It can lose data and corrupt things. Have a backup plan in mind. If you did the partitioning scheme suggested above, then all of your data is in one place. Burn a CD from that partition, or fire it off to a file server. If you want to use tapes, or a managed backup solution, Retrospect works really well. Don't worry about your applications -- they are probably on a CD somewhere. Be concerned about your data that doesn't exist elsewhere. Back it up.

Classic
Classic refers to a version of Mac OS 9 that is running "inside" of OS X. Classic is needed to run non-OS X programs on your Macinotsh. Think of classic as an emulator, similar to SoftWindows / Virtual PC. Classic can boot right away with the computer, or you can set it to load only when you need to run a classic program. You will know when you are in classic mode... the Apple in the right hand corner will change to the rainbow traditional one, and the fonts in the menubar will change.

If you want to take your old OS 9 Folder and use it for classic, you can do that. I would use the OS 9 extensions manager to thin down the OS 9 materials. If you have an OS X version of Palm Desktop, then you can disable the Palm materials from your OS 9 boot sequence.

What I did was keep my OS 9 System folder intact, and placed it on my Applications partition (see partitioning information above). I then made a second OS 9 System folder, and disabled a lot of the extensions that I did not need. If I want to go back to my pure OS 9 environment, I can boot directly to it. If I want to use my classic one within OS X, I can do that too.

Classic mode is a OS within an OS. Thus, if you are using a classic program, and need to print, you need to have that printer defined within the Chooser first. If you want to use internet programs within OS 9, you need to make sure that IP information is setup first.

Frequently Asked Questions

What are some good internet sites to read about Macs? I like reading www.macintouch.com and www.macwindows.com. I also visit www.afp548.com

I would like to know what is inside my Mac. What are the tech specs? You can use a program called System Profiler inside your Applications --> Utilities --> System Profiler. If you want to see the whole Mac historical reference, check out Mactracker from www.mactracker.ca It has all of the Apple models in a database, along with common features and stuff. The creator even digitized the bootup tunes that the computers make.

Can I change where OS X stores user information? Yes, you can. Inside the NetInfo Manager, you can spell out where user home directories are located. Be very careful with this tool though. Read up on it before you start poking around here.

Does OS X write log files? As a UNIX, yes it does! Look in the Console utility to bring up the logs very similar to something you would see in a /var/log/messages from a Linux server.

How about Bluetooth and Rendovous? They are supported, but to what degree I am not sure. I own older Mac hardware (2000 is when my G3 Powerbook was made), and I do not have the ability to check that out yet. If someone wants to donate a computer for the cause, please contact me!

Can I minimize my install size by removing all the other languages? You betcha. I did. I do not read Chinese. I like their food, but cannot understand it, so I installed without the language extensions, and saved a lot of space.

You did not mention much about the Unix in OS X. I know. That is the subject of another day. I use Open Office on a regular basis, and really like it, but am not ready to publish here about it.

Will WIndows hardware work with my OS X computer? Yes and No. I have seen Windows-based CD-Burners work with OS X, and have seen Windows Wireless cards fail. USB floppy disks seem to work just fine across the board.

I have a Powerbook G3 with a PCMCIA slot, and looking for wireless solutions. What's available? There are not many wireless cards available for the Mac becausee a lot of the new computers come Airport ready. For those of us with good working computers yet (G3, 333 Mhz), the pickings are slim, but cards are available. I have an Ornico card that I purchased from MacMall for $80 or so, and a Buffalo Technologies AirStation 802.11(bg) port. Yes, it costs a bit more than the $30 Linksys card, but it does work, and works well.

Is there a Citrix Client? Yes there is. Look at their website.

What browser do you like to use? I like Safari, although I tend to use Mozilla's Firefox browser. I like blocking pop-ups, and not having to deal with other flaky issues that IE brings along. IE for OS X is a dead program -- Microsoft is no longer updating it.

How about email? I am a Eudora user from many years. I like the free Eudora client, and one of these days, should pay for it. I have also seen Mozilla's Thunderbird email client, and liked that. I just have an army of filters in Eudora that I am not ready to port to some other software.

How do I contact you? Send me a note through DaniWeb, or post to the Mac forum.

What is KC0ARF? That is my Amateur Radio (ham) callsign. I am very involved in ham radio, and particularly involved in severe weather spotting.


I hope you have learned some things about Macs, and if there are any comments / corrections, please send them forth.

Christian

John A commented: Excellent post. --joeprogrammer +3

You say, "I like to partition the large hard drive into three: A system partition, an applications partition, and a data partition."

I tried a 3 partition setup about a week ago, but I ran into an issue where OS X would demand certain apps be installed only on the boot disk. Is there a way around that? I like the idea of having all apps in the same place.

Thanks,

Jeff

Hello,

Unless you do a lot of doctoring of the Netinfo manager, EVERYTHING is going to try and go to the system partition. I have found that applications such as Firefox, that you drag and drop to the installation location, work fine. Make a folder on the Apps partition, and drag it over there.

Now, certain things are going to just simply insist on being on the System partition. Things that are hard-core Unix are especially in line with this, such as Open-Office, where it places hooks to things in the various unix directories such as /bin and /usr and /usr/local and so forth. You can install them to the system, and then copy out the main application and stick it on your Apps partitions too.

For the most part, I have the big applications -- Dreamweaver, OpenOffice, MS Office, GIMP, and Ragtime running from the Apps partition. Unfortunately, a few utilities such as Stuffit require System locations. I guess you cannot completely win unless you doctor Netinfo to re-direct a lot of the folders.

Suggestion is to make the System partition a little larger, and just realize that some applications are going to force themselves to that location. You may be able to copy the "meat" from one disk to the other, and then remove the meat. Expirement.

Oh, If you do install some hard-core Unix programs such as OpenOffice to your Apps partition, it will make a bunch of small support folders on the root of the volume. Just leave them alone. MOve them out of the window or something to ignore them. The directory structure will have to be preserved.

Not the perfect world, but then again, by setting up different partitions, we are pushing the machines a little bit.

Christian

I'd dispute that the Apple-supplied-control for the built-in firewall is useful at all. It actually renders the firewall (ipfw) nearly worthless. If you are concerned about protecting yourself with a firewall, use a 3rd party controller for ipfw, or learn to control/config it via the command line.

Why is the Apple-supplied-control for ipfw so bad?

A large point of contention is, there is NO WAY to turn on logging in the Apple control! What good is a firewall if you have no idea what is happening with it? Are you just going to press the "on" button and hope that it's doing a good job? How do you know if you're being targeted? How can you know who is touching which port? Logging is a very important part of a firewall and it's just no an option.

The biggest problem of all..

The Apple GUI control offers NO way to block specific IPs or ranges of IPs. It's all or nothing. This renders the firewall completely useless. It's about as effective as not running a firewall at all. Any service that is running and listening for external connections will show up through a port scan when the Mac is firewalled using the Apple-config, the same as it would if there was no firewall "running" (technically, ipfw is ALWAYS running, it's default rule set is "allow all from any to any", but this is equivalent to it being "off"). You cannot specify, hey, I'll let my buddy Foo from so-and-so connect to my FTP server, but everyone else can keep the hell out.

So, without being able to block IPs, nor have logging to know whom is touching my box (no pun), Apple has rendered ipfw impotent. It's benefits are miniscule.


Using ipfw from the command line (or BrickHouse/SunShield if you need/want GUI) allows for MUCH greater control.

I deny most external ICMP requests, and log when they connect:

02003 deny log icmp from any to any in icmptype 8,10,13,15,17

I have a blacklist of hosts that are naughty, and log when they try to connect:

# naughty host blacklist:
00500 unreach host-unknown log ip from 216.42.81.141 to any in
00501 unreach host-unknown log ip from 216.42.81.143 to any in
00502 unreach host-unknown log ip from 211.0.0.0/8 to any in
00503 unreach host-unknown log ip from 80.116.0.0/16 to any in
00504 unreach host-unknown log ip from 207.103.247.50 to any in
00505 unreach host-unknown log ip from 221.0.0.0/8 to any in
00506 unreach host-unknown log ip from 220.0.0.0/8 to any in
00507 unreach host-unknown log ip from 80.117.0.0/16 to any in
00509 unreach host-unknown log ip from 210.0.0.0/8 to any in

Unless I'm on vacation, I only allow ssh connections from a "trusted" source range of IPs, and I log all connections:

00935 allow log tcp from 152.16.0.0/16 to any 22 in

I only allow DNS from "trusted" sources, limiting my exposure to DNS spoofing:

00920 allow udp from 209.x.x.x 53 to any in
00921 allow udp from 209.x.x.x 53 to any in

Etc, etc, etc,...

No need to bore you anymore, I think you get the idea.

Hello,

Yellow, thank you for the firewall information. I did not go too deep into it, as this topic was more of a "general" posting. I am glad you went onto some depth though.

My Mac lives behind a RedHat Linux box, and I use IPTABLES on that computer to manage the internet access. Other people may have a wireless router / hub that does firewalling for them too. If I had a choice, I would deny all incoming materials, unless I specifically need them, such as AIM perhaps. As my Mac rarely goes on the wild internet all by herself, that works for me just fine.

Christian

Dear Christian,
many thanks for your illuminating article - it does answer some questions for me as a new convert to OSX - after having been a confirmed PC user for many years.
I would, however, like to know whether there is any way to 'tweak' performance like I used to in my PC, i.e. by swop file settings, ram and cache sizes etc.
I would also like to know whether there is any utility for disk defragmentation in MAC OSX? :rolleyes:

I would also like to know whether there is any utility for disk defragmentation in MAC OSX? :rolleyes:

There are, but Panther automatically defrags and files that are over a certain size (20MB I think). Really, defragging isn't necessary in OS X. Speed gains are minimal.

I have a 200 gigs hard drive and os 9 would only see 120 gigs... can somebody help me?

I'm trying to make the switch to mac :cry: from windows...

I have a 200 gigs hard drive and os 9 would only see 120 gigs... can somebody help me?

I'm trying to make the switch to mac :cry: from windows...

The problem is with the ATA hardware in your Mac. Only the last version of the Quicksilver and all subsequent Mirrored Door Drive Macs can see volumes larger then 120GBs on the internal ATA bus. The only "fix" you can do is to purchased a new PCI ATA card. They don't have the limitation and you should then be able to see the rest of the drive.

Unless this is a firewire drive, and in that case, you should be able to see all 200GB.

thank you....

hey man,

bought a powerbook and i am trying to partition my 80 gig hardrive..

My question is How big should ur systems partition be compared to app compared to data.. whats a good size for a each partiton.. i plan to install big apps like photoshop, dreamweaver.etc..

another question is... what kinds of files or folders go in the data partition.
yeah not good with computers, so can someone explain to me wut a data partition would be used for..

I read your words of wisdom before I installed OS X 10.4.6 onto a ibook G4 that was given to me because it was "working not so good" and it had old software on it" . Well the good news is after I followed the advice of you and the others .. my install went flawlessly and i now have a year old notebook that kicks but.. i only invested in some family packs. Since then .. I've revived some more G4 ibooks and G4 mac minis and distributed them to my teaching staff and students.. Mahalo for the Great Advice.

Hello, has anyone any ideas about .tmp files being created when saving illustrator files and .qxp files being created when saving Quark Xpress files on a mac Xraid. And why a message when trying to save some files, particularly Photoshop files, that says "file already open for writing" so I save to my desktop and then try to move the file back on the Xraid and overwrite the now "old" file, but a message says I dont have the right privileges and when I try to delete the "old" file on the Xraid it says it is busy?

Help: I cannot download software from software Update. I get: /tmp/501/TemporaryItems/com.apple.SoftwareUpdate. I have tried everything listed on the web and NOTHING works. So I get no downloads. Can you help? : (

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.