Mac OS X Leopard: A perfect 10
Apple's new operating system and its massive new feature set challenge users and developers to explore new and better ways of workingFollow @infoworld
Leopard has condensed a systemwide selection of folders to be shared, and permissions attached, with Mac, Windows, and FTP clients into a single Preferences pane with the same at-a-glance, no-tabs design that Network Preferences uses. In that same pane, with a simple checkbox you can enable and disable the servers built into Leopard, such as the Web, remote login (ssh), and Internet Connection Sharing services that give others remote access to your Mac.
Leopard incorporates signed and sandboxed applications. Code signing verifies the integrity of an application, that it really is from Apple or whomever, and that it hasn't been tampered with. Leopard considers all unsigned downloaded executables as suspect. All unsigned apps require your explicit OK before they're allowed to run the first time, and for downloaded apps Leopard displays an especially stern warning. It remembers some of the Web sites from which the apps are downloaded so that you can click to find an application's origin. Once you OK a new application, you won't be asked to do it again.
Sandboxing restricts potentially vulnerable network services, such as Leopard's Web server, to operating within a safe area that blocks efforts to upgrade privileges or access files outside the realm of your personal Web server's contents. Even if an attacker manages to use a buffer overflow or the like to compromise a Leopard service into running arbitrary code, that code can't run privileged or read or write files outside the sandbox. It's a lightweight alternative to putting each vulnerable application in its own virtual machine. Sandboxing is a rare and extremely valuable feature for client systems.
Parental Controls are new to Leopard, and they're useful for more than just parents. They are a simplified interface to the limits and logging that one would ordinarily use server-issued policies and auditing to apply. Parental Controls restrict and/or log the activities of non-privileged users so that they leave a trail that can be reviewed by an administrator. Parental Controls restrict a users' access to a machine to certain times of day, or kick them off after a set number of hours per day. Web sites and Dictionary searches can be filtered for offensive content. Apple uses heuristics, not a blacklist, to filter objectionable Web sites, and any site can be manually added or removed from the restricted set.
For users that need more watching than blocking, Parental Controls logs application launches, site visits, and instant messaging conversations, and it enables remote monitoring and management, which can include shutting down the user's keyboard and mouse if they're caught messing around.
Big brother? For home users — actual parents — online threats are real enough to justify all means of protection. In a small commercial setting that doesn't justify a server to manage a set of Mac clients, Parental Controls may be advisable for new or suspect employees, and they're essential for kiosks, as well as academic and other shared and public environments.
The best made better
Automator, the zero-code scripted workflow engine, first appeared in Tiger. It lets users do the things that normally must be done in hand-coded script by hooking blocks together, with the blocks being all scriptable Mac applications; that covers nearly all native Mac GUI apps. Leopard greatly extends Automator's reach with variables, loops, and wizards, but the knock-out is UI recording. You can drive an application or set of apps with your mouse and keyboard during an Automator recording session, and then turn those actions into an Automator workflow. By adding variables and setting up loops, you can automate the most intricate procedures, not only without code, but with very little wiring.