I recently upgraded my Macbook Pro to 4GBs of RAM. My previous Apple laptop - a Powerbook - was notoriously finicky with non-Apple RAM, so I'm conditioned to thoroughly test my system after a memory upgrade, to make sure the system is fully functional and stable.

On PCs, my preferred test software is an open-source application called Memtest86+. It's easy to put a copy of the application on a bootable flash drive or CD, restart the system, and let it run. On the Mac, it's not quite as simple. Memtest86+ has been ported to OS X, but even though Memtest86+ is free, the MemtestOSX developer charges US$1.39 per download.

Now, I know that US$1.39 is pretty meager, but I still found it distasteful. Initially, I thought this was a violation of the GPL, but each download includes the MemtestOSX source code, so I believe the GPL is satisfied. Also, while I realize that bandwidth does cost money, there are plenty of places (Google Code, SourceForge, etc.) where the developer could host his project for free. Needless to say, I could not bring myself to fork over the cash.

Fortunately, there is another alternative. Kelley Computing has an application called Rember - a front-end GUI for the command-line based MemtestOSX. But it also includes MemtestOSX itself! It's not quite the latest version, but it is fairly up-to-date. You have to dig a little to find it, but it's there and freely available.

The trick with testing RAM is that you want to test as much of the RAM as possible. If you have OS X running and applications open, you are not going to be able to test a significant portion of your memory. The best option is to restart your computer into single-user mode by holding down command-s during startup. This brings the computer into a minimal console environment. It is so minimal that power management is not even enabled, so it's likely that your system fans will be spinning pretty loudly. No worries...start MemtestOSX and let it test away.

$ ./Applications/Rember.app/Contents/Resources/memtest all 3

On my 4GB system, it took a little over 3 hours to run a 3-pass test.

Note: When I ran memtest, it grabbed most of, but not all of the available memory. So I just canceled the run, and restarted it in the background.

$ ./Applications/Rember.app/Contents/Resources/memtest all 3 &

Then I launched a second instance of memtest, which grabbed and tested the remaining memory.

While printing a set of documents today, I realized that automated duplex printing wasn't working. I suspected a driver issue since I was pretty sure I was using the default Vista driver. After a brief search on the HP website, I found the download link for my printer and was mildly surprised that the install package was 163MB.

Since I have a multi-function printer, I attributed the package size to the bundled HP scanning/faxing/imaging applications. I only wanted the printer driver, so I was annoyed that there wasn't a separate driver-only download, but I got past it.

After the download finished, I launched the setup program, waded through a bunch of screens, selected the custom install option, and was confronted with this screen:

Nearly 800MB for the whole shebang! No thanks. So I quickly unchecked everything except for the drivers and was left with the following:

Huh? 600MB just for the drivers? Entire operating systems take less space! I know that hard drive space is pretty plentiful these days, but this kind of bloat is simply unconscionable.

Many PC peripherals today have general purpose CPUs, RAM, and internal storage. A fair share even have their own operating systems. You would think this would allow them to do more on their own and require less software to be installed on the user's PC. This would be a win-win for both companies and end-users. Companies can focus their resources on specific system configurations, rather than trying to ensure compatibility with the huge range of user PCs and their various flavors of Microsoft and Apple OSes. This translates into more streamlined engineering efforts and less customer support calls. And end-users get simpler and more reliable products that don't install bloated, invasive, and bug-infested software onto their systems.

1. The Case for SSH Proxies
2. SSH Setup
3. Basic Mac Setup
4. Adding Automation

1. The Case for SSH Proxies

The rise of Web 2.0 and the increasing availability of Wi-Fi access now means that you can do more than ever away from your home or office. But there is an associated risk. Using someone else's network makes you highly vulnerable to information theft. You may not realize it, but the vast majority of data transmitted across the web (including email) is unencrypted. Sure, most websites protect your password and some may even protect your username; but once you've logged in, odds are that everything else is transmitted in the clear. Consequently, when you're on an untrusted network, your personal data is at risk.

This may not be an issue for many people. More and more, people are willing to post what once were considered private thoughts on public forums. But on an untrusted network, there are other greater dangers.

Many of you have probably received phishing emails. They look like they're from some popular website or financial institution; and unlike most spam, they try to get you to reveal your username, password, account number or other sensitive private data. The obvious ones ask you to reply to the email directly. The more devious efforts include links which at first glance may seem legitimate, but in reality transport you to forged websites. Yet despite this increase in sophistication, the solution is pretty simple. Never click on a link in suspicious email. If you truly suspect problems with an account, either contact customer support by phone or directly navigate to the institution's website by manually typing in the proper URL.

When you're on an untrusted network, however, even this last step is not safe. Networks can be configured relatively easily to send you to website forgeries even if you manually key in the proper URL. So is there any hope at all? Do we surf the internet in fear every time we are away from the home or office? Fortunately, along with exercising increased caution and suspicion, there are technologies you can employ to help you deal with untrusted networks.

Medium to large companies deploy VPNs, secure ID cards, fingerprint scanners, authenticated certificates, and more to protect their confidential data. Most of these technologies are too complicated and/or too expensive for individuals, but SSH Proxies are a relatively simple and accessible solution for the tech-savvy.

A proxy is nothing more than a trusted computer. It can be your home computer, your web host, or a server provided by your ISP. The SSH utility allows you to form an encrypted connection, or tunnel, to the proxy. All network activity can then be routed through that tunnel to the proxy. So, for example, if you want to check your email, your proxy is the device that communicates directly with the email server and then sends the data back to your laptop over the SSH-encrypted tunnel. At no point does unencrypted data travel across the untrusted network.

Furthermore, SSH verifies that you're actually connected to your proxy and not some substitute or forgery. If it can't verify the identity of the proxy, it informs you and lets you assess the situation.

2. SSH Setup

With that said, hopefully I've convinced you an SSH Proxy is a good idea, so let's go about setting it up on your Mac. Lifehacker has an excellent article on using SSH proxies to encrypt your web browsing. It's the starting point for my Mac-specific tips, so if you haven't read it already, please go read it now. And then remember to come back!

3. Basic Mac Setup

Gina gave you a great how-to for creating an SSH tunnel and configuring Firefox to use that tunnel. But what if you use Safari? Or Camino? Or OmniWeb? And what about all your other apps, like email and RSS? Nearly every desktop application today has some sort of network connectivity built in. How do you configure all of them to route their traffic through the SSH tunnel?

The answer lies in System Preferences. First, go to the Network preference pane and create a new location. In my case, I've named the location "Untrusted". Then, for both the Airport and Built-in Ethernet devices, click on Proxies and enable the SOCKS Proxy checkbox. Finally, fill in "localhost" for the server and "9999" for the port and save the changes.

Now, whenever you are on an untrusted network, there are just two things to do:

1. Open Terminal and issue the ssh tunnel command (ssh -ND 9999 user@example.com)
2. Open the Network System Preference pane and change the location to Untrusted.

This will configure nearly every Cocoa/WebKit-based application to route their network traffic through your SSH proxy. However, you're probably only 95% covered because not every application uses the System Preferences. Some applications have their own proxy settings. Firefox is probably the biggest one and the Lifehacker article shows you what you need to do. For me, iChat and Adium are the other two common apps. If you look into each app's preferences, you'll find options for configuring iChat and Adium to use proxies.

Note: I have not successfully gotten iChat to work with proxies. There are a number of threads discussing this issue on the Apple Support forums but I didn't find any definitive answers.

4. Adding Automation

Now that you've reconfigured all the applications that don't rely on System Preferences to use proxies, you're probably thinking how painful it will be to do this every time you hop onto an unknown network. I definitely share your sentiments. Fortunately, there are ways to automate the process. I use an inexpensive application called rooSwitch to help out.

A great little utility, rooSwitch allows you to easily create and manage multiple profiles for each application. You may know that Firefox allows you to create multiple identities, each with different settings and configuration options. RooSwitch gives you the ability to create multiple identities for every application on your system.

What I've done on my system is I've created "untrusted" profiles for both Firefox and Adium. In these profiles, I've configured the application settings to use a SOCKS proxy on port 9999.

Technically, you don't need rooSwitch to create these profiles. You could manually generate and manage multiple identities by duplicating and shuffling the appropriate files and folders in ~/Library/Application Support/, ~/Library/Caches/, and ~/Library/Preferences/. This is what rooSwitch does underneath the hood, but it's interface makes the whole process so much easier, so it's what I prefer. Plus, rooSwitch has AppleScript support, so it's easy to automate.

Here's my AppleScript for switching to the "untrusted" profile:

tell application "rooSwitch"
    tell document "Firefox.rooSwitch"
        tell profile "untrusted" to make active with allow quit
    end tell
    tell document "Adium.rooSwitch"
        tell profile "untrusted" to make active with allow quit
    end tell
end tell
tell application "rooSwitch" to quit

If raw AppleScript is not your cup of tea, rooSwitch also provides a "Switch Profile" Automator action. Check out the screencast for more details.

This simplifies the SSH proxy process down to (1) switching rooSwitch profiles, (2) switching to the Untrusted location, and (3) creating the SSH tunnel. We can combine these steps with a little shell script and the help of scselect and osascript. The scselect program allows you to switch locations from the command-line. Similarly, osascript allows you to execute AppleScript from the command-line.

Here's what the end result looks like:

#!/bin/bash
scselect Untrusted
osascript switch_to_untrusted.scpt
ssh -ND 9999 user@example.com

If you save this script with a .command extension, then you can run it by double-clicking on the icon in the Finder like a regular application. When it runs, it will change the location, switch your profile, and start up the SSH tunnel. Enter your password and off you go!

It's also a good idea to create a script for switching your location and profiles back to the default. I'll leave it for you to do. Enjoy and safe surfing!

Parting tip: This is mentioned in the Lifehacker article, but it's worth reiterating. If you happen to be on a very slow untrusted network, adding the -C option to the ssh command may speed things up. The -C option compresses all data send through the SSH tunnel, in effect trading CPU cycles for increased bandwidth. The speedup isn't really noticeable on faster connections, but can be quite significant on slower networks.

UPDATE: I crossed out the portion where I claim that iChat and Adium cannot use the proxy settings specified through System Preferences. Sorry about that...not sure what I was thinking. Also, I fixed a few typos and grammatical errors. Hopefully the article reads better than a 3rd grade level now.

It's a good practice in computer maintenance to periodically run a filesystem or disk check. This can alert you if your hard drive is showing signs of failure so that you can take the appropriate measures. In Windows XP and Vista, if you try to run a disk check on the same drive that the OS installation, then Windows informs you that it must schedule the check to run on the next reboot.

Because hard drives are so large, I generally reboot at the end of the day and let the disk check run overnight. Certainly, it doesn't take the whole night, but at least I'm not sitting there waiting. Last night, I forgot to reboot, so I was a little surprised by the disk checking messages when I restarted the computer today.

Before the disk check starts, it gives you 10 seconds to press a key to cancel the check. But all my button mashing was to no avail. Though I'm not 100% sure, I think it's because I'm using a USB keyboard. No problem. I have a PS/2 keyboard laying around. To my extreme annoyance however, my PC (a relatively new Dell) does not have PS/2 connectors. It has nearly a dozen USB ports, but nothing for legacy mice and keyboards. Rebooting is no help since the disk check utility restarts automatically. So basically an entire afternoon wasted with a useless computer.

Contrast this scenario with both Linux and OS X, where you can run fsck and/or Disk Utility without rebooting. True, the computer is noticeably slower during the process, but it's not offline and it's not unusable.