Mac OS X Leopard: A perfect 10

Apple's new operating system and its massive new feature set challenge users and developers to explore new and better ways of working

Page 2 of 3

I took an immediate shine to Spaces' ability to open a given application consistently in an assigned space. For example, whenever I launch Xcode, Apple's development tool suite, it launches in a Space of its own. You might create one Space for RSS and IM, another Space for browsers, another for video, and another for Office. It's so easy to create, rearrange, and remove Spaces that it becomes as familiar as using the New item in a File menu. You can also pin applications to the screen so that they are present in all Spaces.

Applications that use Apple's OS X frameworks, as all native Mac GUI apps do, inherit an integrated spell check/correction facility that works the same in all cases. Leopard has added a grammar checker that catches a surprising number of gaffes made even by expert wordsmiths such as myself. All apps with text fields are also wired into an Oxford American Dictionary, updated in Leopard so that it's the sweetest online reference book this side of a forklift; and it's also an offline reference book — always there even when your network is not. Leopard also lets you submit the same query to the Oxford Thesaurus, and you can query Wikipedia from inside the Dictionary. Apple reformats Wikipedia findings to make make them more print-like, and Leopard displays a narrowing list of matching words as you type each letter of the word you're after, even for Wikipedia.

Mail and iCal have evolved, as individuals and as a couple. The face of Leopard's Mail client is familiar to Tiger users, but those on Outlook Express and Thunderbird have some adjustments to make, for the better.

Mail is markedly faster in message searching and filtering. Mail content searches across mailboxes are finished in a very short time, while scanning huge mailboxes by sender's name is almost instantaneous. In Tiger, I set aside a Smart Folder, which is a pseudo-inbox view of mail that's been run through pattern-matching filters, to hold mail from InfoWorld. With Leopard, I was able to make a derivative Smart Folder that catches e-mail from my managers and editors, producing an in-my-face notification rule when new mail arrives.

Mail's new Activity pane constantly displays the real-time status of server connections and message transfers (in both directions) among multiple mail servers in real time. If a server is down or connectivity to it is slow, you'll know it immediately instead of assuming that a message has been sent successfully. You'll not only see connections as they're opened and closed, but also the transfer rate of the message.

I have multiple accounts on seven e-mail servers (my own, InfoWorld's, Google's, and others). That's a lot of cracks to fall through, but now I can watch priority e-mail go out, or fail to do so, and I have a chance to immediately flip to a different server if I need to. I can be on the phone with someone, send them an e-mail, and say "it's in your inbox ... now" with confidence once the message transfer progress bar fills in.

Mail is the only collaboration app that I keep open all the time, and the only one whose notifications I bother with. Leopard Mail has a new RSS pseudo-inbox that keeps up with subscribed RSS feeds. A Subject line search within Mail will pull up matching RSS entries as well, and individual feed entries are displayed in the message view pane, just like e-mail. The ringer is Mail's built-in ability to send new RSS updates to me as e-mail. I actually read blogs now because they're part of my essential e-mail workflow, rather than a separate application and task that demand my attention. It works very well, and the kicker is that Leopard Mail can make new blog entries appear in my real Mail inbox.

Mail's Data Detectors find e-mail addresses, URLs, mailing addresses, telephone numbers, dates, and times of day in message bodies. You can right-click over a detected field to show a street address in Google Maps, update Address Book contacts from a phone number or e-mail address, and create iCal events from meeting times mailed to you. A boon for me, and for a friend who doesn't see so well, is that Data Detectors will also display telephone numbers (such as long conference bridge numbers) in screen-filling type with one click.

With Leopard, Apple turned iCal, its weakest bundled app, into a proper professional calendar and scheduler. iCal can send appointments, reservations, and other events to Address Book contacts and groups via e-mail. iCal sends and consumes events packaged in the same RFC 2445 iCal (no relation) format that's understood by Outlook and all other serious calendar apps. I can e-mail an iCal event to my Nokia E61i or BlackBerry and click to add it to their calendar. Leopard's iCal supports the WebDAV protocol for easy synchronization with Web-based calendars such as Yahoo's and .Mac's.

For me, Leopard iCal's home run is the ability to create a new event by dragging an e-mail message (the sender/subject/date line in Mail's message list) and dropping it in iCal. Instead of copying the e-mail's contents into the item description, iCal constructs a hyperlink that opens the original message in Mail using its unique message ID, not its sender or subject.

Easy connections, swift security
Somebody needed to bring some ingenuity to network, file sharing, and firewall settings, which can tangle up even savvy users. System Preferences now supplies an application-based firewall that lets you specify the applications that are and aren't allowed access to the Internet. Any connection attempt from an application not on your list triggers a notification that gives you a chance to block or allow the request. It's a good idea to add downloaded apps to the deny list until you're certain they only reach out to the Internet when you ask them to. This is smarter than the common port/protocol method. App firewalls stop malware and applications that covertly phone home with your personal info. As a bonus, Apple moved firewall settings to System Preferences' Security pane, where it belongs.

Leopard's System Preferences makes network setup and troubleshooting a breeze. All network interfaces — Ethernet, Wi-Fi, Bluetooth, and FireWire on the MacBook Pro — show their real-time status in plain language, and only the minimum required configuration details are displayed and open to change. An Advanced button brings up the original, expert-level Networking preferences pane. It's quite a contrast. I'm a net-savvy guy, and I appreciate the cleaner, simpler view.

Leopard has condensed a systemwide selection of folders to be shared, and permissions attached, with Mac, Windows, and FTP clients into a single Preferences pane with the same at-a-glance, no-tabs design that Network Preferences uses. In that same pane, with a simple checkbox you can enable and disable the servers built into Leopard, such as the Web, remote login (ssh), and Internet Connection Sharing services that give others remote access to your Mac.

Leopard incorporates signed and sandboxed applications. Code signing verifies the integrity of an application, that it really is from Apple or whomever, and that it hasn't been tampered with. Leopard considers all unsigned downloaded executables as suspect. All unsigned apps require your explicit OK before they're allowed to run the first time, and for downloaded apps Leopard displays an especially stern warning. It remembers some of the Web sites from which the apps are downloaded so that you can click to find an application's origin. Once you OK a new application, you won't be asked to do it again.

Sandboxing restricts potentially vulnerable network services, such as Leopard's Web server, to operating within a safe area that blocks efforts to upgrade privileges or access files outside the realm of your personal Web server's contents. Even if an attacker manages to use a buffer overflow or the like to compromise a Leopard service into running arbitrary code, that code can't run privileged or read or write files outside the sandbox. It's a lightweight alternative to putting each vulnerable application in its own virtual machine. Sandboxing is a rare and extremely valuable feature for client systems.

Parental Controls are new to Leopard, and they're useful for more than just parents. They are a simplified interface to the limits and logging that one would ordinarily use server-issued policies and auditing to apply. Parental Controls restrict and/or log the activities of non-privileged users so that they leave a trail that can be reviewed by an administrator. Parental Controls restrict a users' access to a machine to certain times of day, or kick them off after a set number of hours per day. Web sites and Dictionary searches can be filtered for offensive content. Apple uses heuristics, not a blacklist, to filter objectionable Web sites, and any site can be manually added or removed from the restricted set.

For users that need more watching than blocking, Parental Controls logs application launches, site visits, and instant messaging conversations, and it enables remote monitoring and management, which can include shutting down the user's keyboard and mouse if they're caught messing around.

Big brother? For home users — actual parents — online threats are real enough to justify all means of protection. In a small commercial setting that doesn't justify a server to manage a set of Mac clients, Parental Controls may be advisable for new or suspect employees, and they're essential for kiosks, as well as academic and other shared and public environments.

The best made better
Automator, the zero-code scripted workflow engine, first appeared in Tiger. It lets users do the things that normally must be done in hand-coded script by hooking blocks together, with the blocks being all scriptable Mac applications; that covers nearly all native Mac GUI apps. Leopard greatly extends Automator's reach with variables, loops, and wizards, but the knock-out is UI recording. You can drive an application or set of apps with your mouse and keyboard during an Automator recording session, and then turn those actions into an Automator workflow. By adding variables and setting up loops, you can automate the most intricate procedures, not only without code, but with very little wiring.

Automator workflows work just like scripts because they are, and through the magic of integration, Automator workflows can be triggered by such events as incoming e-mail and the appearance of a new file in a folder. But Leopard adds command-line support to Automator so that non-user-facing processes (background processes) and shell scripts can kick off Automator workflows, even injecting variables. I'm all over that. It bridges the immense gap between the OS X GUI and Unix without exposing you to AppleScript, which is powerful but arcane.

Finder is a great example of integration through Apple's consumption of its own dog food. Remote file servers now appear in Finder's sidebar rather than in a separate Network Neighborhood, making file servers as easy to access as DVD-ROMs and local drives. If a listed server supports remote console access through Leopard screen-sharing or the open VNC protocol, one click gives you access to the display, mouse, and keyboard.

To support Spotlight desktop search, Tiger was equipped with the ability to extract data from a wide range of native and foreign content types, such as XML and HTML files, PDF documents, Word documents, and PowerPoint/Keynote presentations, to populate its search database. Apple used this to create QuickLook, which previews any of Leopard's understood file types with one click, without opening the application that created it or even requiring that the application be present on the computer. For presentations and PDFs, you can page through the entire document in QuickLook, and you can expand any QuickLook preview to fill the screen.

Time Machine provides exceptional automatic, continuous backup of client data, handled in the background. For home and individual professional users, Time Machine backs up to an external hard drive attached via FireWire or USB. In a commercial setting, Time Machine can make use of Xserve, which includes Time Machine Server, to protect groups of Mac clients on a LAN. Time Machine isn't archive-like backup that requires a special app for recovery; you can use Time Machine to recover lost files from any point in your system's history. But for me, Time Machine's greatest value lies in its ability to restore an entire Mac from a Time Machine disk or server backup in one click. You're not just covered for lost files and folders. Because Time Machine can be used to recover a full system, you can use it to clone a machine as well. Even in the worst case, you'll lose a few hours' work.

Leopard is remarkable. It's more and better software than anyone should sell for $129 and more than I can stuff into a story that's already way too long. I'll keep riffing on Leopard in my Enterprise Mac blog, where you'll find my take on other Leopard features as I transcribe my experiences and create new ones. If you feel you've been denied a chance to get your geek on, I am now working on a review of OS X Leopard Server, which will describe the Leopard Unix architecture that exists in identical form in the Leopard client reviewed here.

About 11 years ago, I wrote a column (in another publication) in response to letters I had received that called me to task for hailing the arrival of computers that were performance overkill for the majority of users. I wrote that the reason to look forward to the faster personal computer is that it would have the spare firepower and resources to look after itself, to stay out of the user's way while being a microsecond away from answering any user demand, and to make sure that the user never has to do anything twice. That's Leopard.

| 1 2 3 Page 2