« April 2004 | Main | June 2004 »

May 21, 2004

So, for our inaugural review, we're going to look at the product that can create more emotion for Mac users than any other: Microsoft Office. Office 2004 is the first major release of Office since v.X shipped. To give you an idea of how long ago that was, Office v.X came out just after Mac OS X 10.1 shipped. We're now on Mac OS X 10.3.3, with the next major rev to be shown off in late june at the Apple WWDC. There have been a lot of changes in both the OS and in Office itself in that time period.

Table of Contents:

1. Overview
2. Project Center
3. The UI
4. Other Changes
5. AppleScript
6. Installation
7. Conclusion and Resources

Office is a huge suite that ships with a number of side applications in addition to the "big four", such as MSN Messenger, Remote Desktop Connection, Windows Media Player, and some RealBasic connectors. Since Office is such a monstrous product in size and scope, we're going to split this review up into several parts:

1. Microsoft Entourage
2. Microsoft Word
3. Microsoft PowerPoint
4. Microsoft Excel
5. Everything Else

Today's entry will talk a little about the suite overall, and Microsoft Entourage. The rest will follow as they get done. It won't be daily, but reasonably close. This way, if you want to just read one part of the review, you can.

One thing you'll notice in this review is AppleScript. Actually, you're going to see that in all reviews on this site. AppleScript is a critical technology for Mac OS X, and any application that wants a completely good review must, in addition to actually being good, have a solid AppleScript implementation. If that's lacking, then there's no way for a product to have a completely positive review. One thing you won't see is ratings. For one, they're crap. But in general, I find that a good review shouldn't tell you if the product is good or not. It can be positive, negative, it can point out those characteristics in the product, but for this site, or anyone else to say "This is a five - star product" is meaningless. To whom? Final Cut Pro drowns in the great reviews it gets, but if you aren't a video person, who cares? We'll attempt to give you a good analysis of the product, and how it performs its tasks in our eyes. You then decide if it's worth using or not.

Oh, one other thing...we're going to focus heavy scrutiny on the installation process. If that sucks, the product better make us breakfast to make up for it. You may be noticing the use of a plural pronoun here. No, I'm not 'round the bend, using the royal We. Not even I know everything. Shocking, but true. So from time to time, I'm going to post reviews that I didn't write, for products that I'm not capable of really analyzing. That way, you get a good review every time. One example will be in this review, when we talk about Excel. I know that Excel does math stuff, and people like it. I just never use it. So I'll dig up someone who does, and then beat them with a boneless cat until they give me a good review.

Now, enough rambling, on to Microsoft Entourage!

Entourage is, in many ways, the odd man out of Office 2004. It has no real Windows counterpart, it doesn't support Visual Basic for Applications, (VBA) at all, it uses a different text rendering engine, and its AppleScript dictionary is widely regarded as one of the best examples of how an AppleScript implementation should look.

While Entourage is referred to as an email client, it's far more than that. It's an email client, contact manager, calendar/appointment manager, and the centerpiece of Microsoft's new Project Center features in Office 2004. Since Project Center is the biggest new feature in Entourage, let's look at that first. _TOC

Project Center

One thing right away: Project Center is NOT Microsoft Project for Mac OS X. Microsoft Project is a tool for managing the workflow of a project. Who's doing what, when, where, with whom, etc. It's a project visualization tool for lack of a better word. It's a great tool, but it doesn't do what Project Center does. Project Center is more of a collection and organizational tool for all the files and communications that go on within a project. So instead of calculating dependencies, and showing time lines, it creates a central place where files can be stored, a way to organize email, contacts, and appointments for a project, and some very basic task management tools. By "very basic" I mean the "Tasks" feature of Microsoft Entourage. The Project Center is managed as a thing from Microsoft Entourage, although all parts of Office 2004 can access the project once it's created. One thing that doesn't get trumpeted in all the hype is that you can add any file to a project, not just Office files. So, if you're putting together a presentation on AppleScript, you can have your text outline in Omnigraffle, your PowerPoint presentation, and your AppleScript source code files all in the project.

The basics of a project are simple. You click on the new "Project Center" button in the UI, (it replaces the custom views button in Microsoft Entourage v.X, and follow the happy wizard steps. One thing you can do is either let Microsoft Entourage create the folders for the project in both itself and the Finder, or, if you have your own folders already, you can pick them manually. Got some items in a category or another project you want to import? Set them here. (Note: You set the category and the project to import from, not the individual items, and this won't import physical files, just things like email, contacts, etc.) Next, create some rules, like associate mail from any project contacts, or specific subjects, (up to three), and you can both say "Don't apply other mail rules to new messages that fit this category" and "Apply these rules to messages I already have." You can also choose to have an alias on your desktop or not. Click the happy right arrow a few more times, and bang, it's a project!

But wait, there's more...

Double - click on the project and you get some more things. The Overview shows you a week - long calendar view. Any tasks associated with the project are shown here as well. New mail or new files? Got 'em. But the real coolness is in the buttons at the bottom of the screen. For one, you can share this project. That's right, it's network - enabled. So, if you have a machine that can act as a file server, you can put this on that file server, and that way, your project team members can get to the information, even if you're not online. As well, the only requirement for sharing the project is that you can mount the disk on your system. So you don't need to play "what protocol" games. If you're using Mac OS X Server in a single - signon environment, you get kerberos access control for free. (No, not from Microsoft Entourage, but from the system.) If you want easy access, you can put it on an iDisk. There's some decent access control. Existing items are treated differently from new items, although both are a bit binary...it's share everything or nothing. If you want better security, implement it on the file server. Once that's done, you can then have Microsoft Entourage send out an email invitation to people to join the project. There's a backup button that allows for one - click backup of project files, non-project files and contacts. (I know a certain Internet Radio Show host who can use THAT little item.) There's a properties button that allows you to change the preferences of the project. Pretty cool, eh?

The Add button allows you to add new emails, contacts, events, or external files among other things to a project, and the watch folders buttons allow you to modify those. The watch folders are the folders you designate as the project folders when you create the project. Any files you add to the project from within Office are placed in the watch folders. In addition, any files added to the watch folders automatically get added to the project, so anyone, or any process can add files to project, regardless of if they have Microsoft Entourage 2004 or not. The tabs on the top of the Project Center window give you finer control of those aspects of a project. Most of those are self-explanatory, but there are three that have some pretty neat features.

The first is the Files tab. This is where you deal with non - Entourage files in a project. Any file can be used here, not just Office 2004 titles. As well, you can choose to (not) share individual files here too. Now this is not real fine - grained. It's all or nothing, so if you got 55 people in the project, everyone can see them. You can also use the Send files from here to people either by email, or via MSN Messenger. (Now you see why the new version is a part of the Office install. No, you can't use iChat. It's only MSN Messenger. As for why, I believe the "M" in "MSN" should answer that question for you.)

The Contacts tab also has MSN Messenger integration, and you can add contacts from your Microsoft Entourage Addresses here too. One quibble, the "add" window really needs a search field. If you need to create a contact, you can do that from here, and add them to the project and your Microsoft Entourage addresses at once.

Finally, the Clipping tab allows you to add items from the new Office Scrapbook, creating, on a per project basis, a networked scrapbook.

Project Center may not be MS Project, but, to steal blatantly from Bare Bones Software, It.Does.NOT.Suck! It's an amazing feature for the suite, is Mac first, and has the potential to really help people organize distributed projects without needing specialized software. _TOC

The UI

The UI for Microsoft Entourage has evolved a bit, but is essentially unchanged from Microsoft Entourage v.X. The main 6 buttons are still in the upper lefthand corner, but the last button is no longer for Custom Views, but for the Project Center. Custom Views, or Mail Views as they are now called, live in the main folder display along with the rest of your email. This makes more sense to me at least, as now, using Mail Views doesn't require a mode switch. The Main 6 buttons are changed a little, with more rollover feedback, and the active button has a translucent blue fill to differentiate it from the other five. The top toolbar is about the same as in Microsoft Entourage v.X, with only some minor adjustments. It's still not customizable, and there are an equal number of good reasons for and against allowing customization. Since I have to do quite a bit of support in my real job, I'm always in favor of a consistent UI.

There is still no preview for Tasks or Notes, and I do hope that this gets taken care of soon, for consistency with Microsoft Entourage's three-pane UI in other places, as well as convenience. Probably the biggest UI change is the new vertical three pane interface, lifted from Microsoft Outlook, and shown in comparison to the normal mode below.

Traditional three-paned view

Vertical three-paned view

Obviously, the new view is designed around Apple's latest trend of making their displays with a good bit of horizontal screen area. The vertical screen shot shows another new mail UI trick the groups. These allow you to group your mail in various ways, using date as the default, but as you can see below, there are a number of ways you can customize this.

The only problem with groups is that you can't just turn them off everywhere! They're on by default, and if you don't want them, you have to manually turn them off in.every.blasted.mail.folder. GAH! You can't even turn them off via AppleScript. Double GAH! Making me do repetitive stuff is infuriating because that's why I have a computer...IT does the boring repetitive junk. This feature desperately needs a global setting.

This is one thing about Microsoft Entourage that often gets missed...although you can't customize the buttons in the main UI, there is a surprising amount of customizability for almost every other function. The trick is, that unlike Mozilla or Eudora, which put all your preferences in a single, ever growing scrolling screen, Microsoft Entourage tends to place things by function. So to get to the group customization dialog, you use the same menu you use to select or enable groups. Some like this, some don't. I tend to favor it, as it allows things to be more discrete. The one problem is that Microsoft Entourage still has an ungodly, (to my eyes at least) amount of modal dialogs. So if you're creating a new mail rule, the big list 'o' rules isn't modal, but the actual rule creation/edit window is. If the big list 'o' rules is covering the part of the message that you need to see to make the rule, you have close out of the rule creation/edit window to move the other window. It's really tedious, and not necessary.

Another improvement that's also still annoying is errors and how Er'age notifies you. It now has the option of, in addition to a dock bounce, a lovely translucent window. I turn that off. I'd LOVE to kill the Dock icon bounce, but I can't. So, when I'm at work, where my Internet connection is...interesting, I get that damned bouncing icon every.time.a.check.mail.script.runs. TRIPLE GAH! Off means OFF. Yeesh! Just badge the Dock icon, and stop spazzing. _TOC

Other changes

For anyone who was running into Microsoft Entourage v.X's 4GB database limit, the new database size is...well, you're not going to hit it anytime soon, as it's somewhere around 2⁶³ bits. That's a lot. This works with the other limit of a million items in the database. If you come close to either, you probably should rethink how you store stuff. Microsoft has also updated the tools to repair and compact the Microsoft Entourage database. You can now check for damage, compact, rebuild, and set options for checking your database in the background while Microsoft Entourage runs.

While there is a lot of controversy about the Microsoft Entourage database and it's goodness or stability, I will say this: In all the time I've been using Microsoft Entourage, which is pretty much its entire existence, i've only had two cases where the database has gone bad. Both times involved versions that were far from release code. I've never lost data with a GM release. Ever. The problem is, there are a lot of things that will pooch a database. The biggest is hidden disk damage. Everytime I've had a scare with Microsoft Entourage, I've run DiskWarrior, and LO...there were damaged directories, and the didst cause great mischief. Fixing those issues always cleared up my database problems. I'm not saying that no one with a dead DB has a legitimate beef. I'm saying that in almost every case, it wasn't the DB just up and dying, but that there were external factors. Oh, just to answer the inevitable...no, using mbox or text files does NOT prevent mail loss. I've had buggy IMAP clients like Netscape and Eudora hose IMAP messages with great speed and enthusiasm. mbox and text are just data formats, not magic spells. Having said that, I'm glad that Microsoft has made it easier to get at older versions of your database. Backups are always a good thing. Besides, Microsoft Entourage, for good or ill, is far more than just an email application, so for the way it works, a database is the most logical choice.

Microsoft Entourage's HTML email tools are still very basic, (and a good thing too!), with 2004, you can now use Microsoft Word as an email editor if you want complex HTML messages. It does a decent job of it, as it now can create...well, not clean HTML, but a lot better than the crap the Word v.X made. You can't edit Word - created emails with Microsoft Entourage, but it will send them along nicely.

Microsoft Entourage's Address Book gets only minor updates here, mostly dealing with MSN Messenger integration, so you can now tell if a contact is online ala Apple's Address Book and iChat. No, it doesn't talk directly to, nor use Apple's Address Book file. There are a number of reasons why, and I covered a lot of them here, so I'll avoid reinventing that wheel. If you want to have Microsoft Entourage's and Apple's Address Books in synch, there is a marvelous shareware solution from Paul Berkowitz, AppleScript Super-Genius, available here, (Panther Version) and here, (Jaguar Version). They're great, and they rock, like everything Paul does.

The Calendar has received some minor tweaks too, nothing terribly remarkable. One serious weakness in the calendar is with regard to reminders. All you get are those little translucent windows. Now, they're awful purty, but what if you're not looking at your monitor? Or on a different computer? Or if you need some other things to happen at this time? Email reminders, or running AppleScripts would rocks. So why is iCal the only low - end calendar application I've found that does this? GAH! Again, Paul to the rescue...but really, this is so obvious a feature that I'm almost shocked it's not there.

Now, on to the biggest non - UI change...the Exchange connectivity. It's all DAV. No SMTP/IMAP/LDAP. You can still use those with Exchange servers, but if you create an Exchange account, it will be all DAV. So there's fewer ports you need open. SSL support is there, but it's pretty much a binary thing. You also get some delegation support, but you can't set it up in Microsoft Entourage. You can query the Global Address List, or GAL, but you don't see distribution lists. Microsoft Entourage works with Exchange server rules, but you can't create or edit them in Microsoft Entourage. It's not the full Outlook experience. It probably never will be. It will probably get better with every version, but there will always be things you can't do with Exchange on a Mac. VBA workflow will never happen anyway. It does most of what you'd want, so just live with the shortcomings. No, it doesn't use MAPI. It never will. Really. MAPI is a pile of crap protocol anyway, and the day it's dead will be a day of partying o'er the land. Microsoft has been adding more of the MAPI feature set into DAV anyway, so within a few years, you won't need MAPI. Thank god for that.

The Junk Mail Filter is much improved over Microsoft Entourage v.X's. It's the first one I've wanted to use. Mostly because I don't have to train it. It's not a Bayesian filter, so there's no training. However, Microsoft has committed to regular updates, so you don't have to train it. Which is fine with me, since training is stupid, repetitive monkeywork, and that's what the COMPUTER is supposed to do, not me. Bayesian or not, it works really well. Turn it on, set the sensitivity, and relax. I've very few false positives or spam that gets by.

In the area of security, Entourage has improved it's SSL handling, and now uses the Keychain to store SSL information, (at least in Panther), so you don't have to use IE for that. By default, remote images in emails are never downloaded, you have to do this manually, although you can set Entourage to download images automatically for contacts in your Entourage Address Book.

Finally, displaying complex HTML, while not as fast as plain text, no longer eats your CPU alive the way it did in Entourage v.X. _TOC

AppleScript

The AppleScript dictionary in Microsoft Entourage didn't get a lot of work for Office 2004. Then again, it's a thing of beauty, it didn't need a lot of work. Contacts now have an IM element, and events got some new properties. In general, this is good. You don't want a lot of radical changes to a dictionary, that tends to break things. I would still love to see a boolean result for a mail check. This would be very handy for a lot of scripts I want to write, but it's a pretty complex bit of work. Still, I'd love to see it in the next version of Microsoft Entourage. One thing that has to get fixed is the way AppleScript just grinds Microsoft Entourage into the ground. Microsoft Entourage may have gotten a lot of work, but the application threading is still a ways from where it should be. So, AppleScripts all run in the main thread. Which means, if you have AppleScripts that run often, you'll see Microsoft Entourage slooooooow down until they're done. It's maddening, considering that Microsoft Entourage 2004 is noticeably faster than the v.X version. Considering that Microsoft Entourage's excellent scheduler can run scripts every minute, and Microsoft Entourage has a fantastic AppleScript dictionary, you're going to get a lot of scripts running on Microsoft Entourage. It really sucks to see what a script can do to Microsoft Entourage's performance.

Still, I find scripting Microsoft Entourage to be a far more pleasant experience than scripting Apple's Mail, and I simply refuse to do Eudora at all until it's dictionary no longer requires large amounts of alcohol to work with. But there's always room for improvement. Oh, one minor thing...Outlook Virii CANNOT INFECT ENTOURAGE! Is that clear to everyone? Great, thanks. _TOC

Installation

It's dead simple. Drag and Drop. You don't do any registration until the first time you run it. It behaves well, doesn't scatter crap all over your drive, (coughADOBEcough), and doesn't require authentication, unless you need that to modify the folder you're dragging in to. There's an installer if you want more fine - grained control over the process, and since it's not Apple's installer, it doesn't suck to use. (It's a VISE installer, if you really care.) Of course, the person who set this up took the time to do it correctly, which helps as well. It's amazing how a huge complex product like this has a nicer install process than many far less complicated applications. Hmm...maybe more people should follow Microsoft's lead here. _TOC

Conclusion

So, for what it's worth, I really like Microsoft Entourage 2004. It's faster, stronger, and better than the v.X version. It still has some issues, but all applications have issues. None are particularly crippling, unless you just really don't like Microsoft. This is an improved version that really does live up to that adjective. If you want some good places for help and info on Microsoft Entourage, my two favorites are:

1. The Entourage - Talk Mailing List
2. The Entourage Help Page

The Entourage Help Page is a most excellent site, and has not only top - notch information, but links to almost anything Entourage - related.

Oh...one more thing...since Microsoft Entourage is based on the WASTE text engine, and not the one that Word and the rest of the suite use, it has better support for things like RTL languages and other neat ATSUI tricks than the rest of the suite.

| Comments () | TrackBacks (1)

By the way, this one really is a debacle. No, really. I've yet to see where it's been overblown at all. This is a "Perfect Storm" - ish situation, where you have separate problems come together in a way that makes them just...amazingly worse than they would otherwise be. There are a number of good articles on this, so I'm not going into the exploit itself. My personal favorite at the moment is John Gruber's two articles on this at Daring Fireball.net. You can read them here and here. John does a solid job, so I don't see a point in repeating what he said. If you subscribe to the MDJ, they have a fantastic article on it as well. (Disclaimer: I do help out at the MDJ on many things, so I'm biased).

But what i do find fascinating is the process behind this, especially because preventing this is pretty simple. [Speculation Alert! From here on out, I'm hypothesizing, and could very well be wrong, but I don't think I'm too off the mark.] This situation really strikes me as what happens when you:

Have a lot of teams working without really talking to each other
People creating network applications that aren't being vetted by a team of security - conscious assholes

Now, by "assholes" I mean a group that lives in fear of no one and whose reason for existing is to take really good ideas that involve networks and like a pack of wild monkeys, throw crap at those ideas. If any of the crap sticks, the idea needs to be redone until it's more teflon than Reagan. Because none of the contributing factors are bad ideas, they're just ideas that missed the right kind of eyes.

For example, the disk: URI concept. Okay, at first glance, it's really cool. It allows for the remote mounting of a disk image transparently. Wow, that's pretty cool. I mean, it can make things like backup and restore pretty sweet. The problem is, it's too transparent. It allows you to mount remote disk images without any warning that this is about to happen. No "You are about to mount a disk image that resides on a remote machine, this could be a security hazard, do you still wish to do this?". No "The web site "H@xx0rz& 'R' U$ wants to mount a disk image named "PWN3D!!!LOLOLOL", do you want to allow this to happen?". It's automatic, transparent, convenient, and a great enabler of evil.

One of the problems with trying to remotely hack a machine is location. Oh sure, with Mac OS X, /Library/StartupItems/ is not only in a consistent place, but allows you to create startup items that run as root without any sort of need for root access, since it's writable by any administrator on the box. And you can assume with POSIX paths that "/" is always the startup disk. But still, sometime you need to be able to assume where you're starting from. Well, thanks to being able to mount an image remotely, you know where you are: /Volumes/Imagename. So if you are running a script that needs to copy files, it now has a source and a destination, always good to have.

Now, there are times when you need password-less remote image mounts. Like when you're booting from an OS install CD to use this function. Still, you can manage having two levels of operation in that case. Just simply requiring a modal dialog in those cases would have done much to mitigate this. You'd still have the convenience, it just wouldn't be as transparent. If you went to a (supposed) game cheat site, and all of a sudden you get dialogs about an attempt to mount a disk image, that would indeed raise an eyebrow, and prevent things from happening before you could stop them.

The other major case here is that the Help Viewer can run any AppleScript anywhere regardless of context. So I can hack say, ecto's help files to run AppleScripts that have nothing to do with ecto. If I'm running as an administrator, my reach gets a LOT longer.

There's a couple of ways to deal with this without killing the help system's ability to do its job. The first is that Application - Specific help can ONLY run scripts that are local to the help system. That is, if script is located outside of the help file's directory, it cannot be run by the help for that application. Yes, that may be a bit of a pain for developers, but not hideously so. As well, why would say, Preview's help need to run a script in /System/Library/whereever/ anyway?

To quote Johnnie Cochran, It Does not make Sense.

Secondly, if the help URI is being invoked from a non - local source, pop a friggin' dialog. Why does a remote web site need to run my help viewer? It does not make sense In fact, just disallow this completely. I can't see any bloody reason for a remote site to run my help viewer. If it's just HTML anyway, you could just oh, USE A WEB BROWSER! I hear they're kinda good at that. Those two steps right there would make the help viewer useless for remote attacks.

Oh yeah...hey guys, John's new rule of the Internet: There are NO safe files. This idea that there are somehow, some kind of magical safe file formats that can't be used for evil is stupid, and needs to be expunged. Just remove that entire concept from Safari. Download yes. Auto-open without manual initiation?

Hell.no.

But if you look at the problems here, none of them are inherently bad ideas. They just aren't anything that an IT asshole would allow. But then, programmers aren't IT assholes. They aren't even close. They're programmers. They're very good at it. IT assholes are very good at what we do. We aren't programmers. You can't expect anyone to be perfect at anything. I mean, even IT assholes specialize. There has to be a group that looks at stuff as a cracker would. From the point of view, "How can I do evil with this?" That's the only way.

Obviously neither disk: nor help: are supposed to be evil, but they are able to easily be used that way. What I would hope is that Apple doesn't get all ego-y about this and hires an internal "Goon Squad" to go around and fling evil crap everywhere until the teflon coatings are in place. For everything. That will prevent this kind of shit from happening again, and it's the only way to prevent it.

I would also add my voice to the chorus asking Apple to be far more open where security issues are concerned. If someone reports it, communicate for Pete's sake. Ask them to work with you on it. Don't just say "Okay, we'll take it from here", and expect the person who reported it to go away. The Big Daddy Apple attitude won't cut it in the world of security. It may with the MacMacs, but as a rule, security people aren't MacMacs. They're pros, they want to see things done right. But if you won't talk to them, they'll happily go public, and they won't give a rat's ass if you ban them from the WWDC, MacWorld, or your granny's birthday party.

Apple needs to communicate better here, it's a major problem. Don't be making Microsoft's mistakes here. I imagine the fix for this will be out soon, if not soon enough for some. There's a number of ways you can protect yourself in the meantime, I urge you to avail yourself of them. (except for the one where you try and change or delete 349 script files. that one's real dumb, and doesn't really fix much.) Hopefully, Apple learned a lesson from this, because they got really lucky this time. I would hope that's not a strategy.

| Comments ()

May 17, 2004

If you spend any time on any of the various Mac OS X Administration - related mailing lists, you will soon see the question, "Is there anything like Citrix or Windows Terminal Server available for Mac OS X?" This question will get many responses, well thought out, and reasoned recommending Apple Remote Desktop, (ARD), Timbuktu Pro, VNC, or NetBoot. These response will tout the advantages and disadvantages of each, with firm technical arguments marshaled in support of their arguments. The problem is, the only correct answer to that question is: "No, there is currently nothing like Citrix or Windows Terminal Services for Mac OS X unless you mean a client for a Citrix or Windows Terminal Services server", although NetBoot comes the closest. Which is a real shame.

What Citrix/WTS do is give you X11 - like capabilities on Windows. In essence, they make Windows a true multi-user OS. Now, I can hear the flames starting now, so let me clarify. Windows supports multiple users. In the right configurations, thousands. But, we are talking about things like email, file/print services, application serving, even remote home directories. When you log into your Windows machine, without Citrix/WTS, you are logging into your local machine, which then may, (if you use roaming profiles), talk to the domain controller to authenticate you and connect to your home directory. Your home directory is then downloaded/synchronized to your local machine home directory and you work. When you log out, the local home is uploaded/synchronized to your network home directory. (This is how it works up through Windows 2000 to the best of my knowledge. If this is changed/fixed in 2003 server let me know. I don't care about Longhorn Server, it's still two years from being anything but ExpoWare.)

However, with Citrix/WTS, it's different. First, your local machine is only used to connect to the Citrix/WTS server, and provide minimal local services, such as input device, display, etc. Everything else happens on the server. You have your own user session on the server. You have remote home directories, but they stay on the server. Your applications run on the server. In other words, the box you are using locally is a terminal. (Hence the name, Windows Terminal Server) You are logged into the server and all your actions happen on the server. This can be done from almost any platform, be it the Mac OS, WIndows, *nix, etc. So with the former, you're simply using the server to get work done locally. With the latter, you're logged into the server, and that's where you do all your work.

This is analogous, although not a perfect comparison to using X11. (X11 does a lot more, but this type of use is a subset of what X11 is for.) It makes a Windows server a true multi-user server. In fact, Citrix started out to bring X11 - like functionality to OS/2, and later Windows. Versions of Citrix that ran on Windows 3.5.1 actually had a custom kernel, so it was more CitWin than Windows with Citrix. This means that you can have hundreds of users logged into a Citrix/WTS server or server farm, all with remote graphical displays all running off of the server (farm). The actual bandwidth used is quite small, to the point that you can, with minor tweaking, get a usable session over a dialup. (This is really handy for email and surfing from a hotel with only dialup. You run Citrix/WTS over dialup and use the faster connection at the server to do your email and web work. You end up working a LOT faster.)

In addition to not being bandwidth - intensive, Citrix/WTS support disconnected operation. When you end your Citrix/WTS session, you can do it two ways: Logout, or Disconnect. If you log out, the session is done, just like it is when you log out of a Mac OS X box. Your processes end, your session is terminated, your work on that server is done.

However, if you just disconnect, well, then everything you started continues to run. Disconnect from work, reconnect from home, and bang, you're right back where you were. It's ALMOST like Fast User Switching, only much cooler and better. So, you start a long process, like a Really Big Database Operation in Oracle at work. Ruh-roh, quitting time, and it's still running. Normally, you have to stay logged on to your box. But not if you run this in a Citrix/WTS session. Just disconnect, and go home. Now from home, connect via the VPN, (of course you use a VPN, because we're all thinking securely here), fire up your Citrix/WTS client and reconnect. BAM!, you're back watching your Really Big Database Operation in Oracle do its thing. It's been chugging away while you drove home, ate dinner, etc.

Disconnected.Operation.Rocks

You can also just publish applications so that your Citrix/WTS users don't get the full Windows desktop, but just specific applications. This is, BTW, a fantastic solution for Mac shops needing access to Windows vertical market applications. No need to buy PC hardware, and copies of windows. Just use Citrix/WTS, and publish the applications. Makes licensing a breeze.

What about Mac OS X ? This is all neat stuff, but don't we have this on Mac OS X already?

Well, no, no we don't.

NetBoot kind of comes close, but there's some things it doesn't support, and I triple dog - dare you to try NetBoot on a wonky modem line from a Motel 6. ARD, Timbuktu, and VNC are all remote control applications. They're designed to let one person remotely control one or more client boxes from a single station. They are not designed to allow multiple clients run interactive user sessions from a single machine. They're all fairly bandwidth intensive, although Timbuktu is better than most, having been around a verrrrrrrrrrrrry long time. They sort of support disconnected operations, in that, if no one else connects, or sits down at the console, the machine will be left in the state it was in when you disconnected. But that's not really the same as what Citrix/WTS do.

So there's nothing like Citrix/WTS on Mac OS X. (Ironically, Citrix does have its Metaframe server ported to Solaris, and HP-UX, so you can use a single client to talk to Windows Servers, or Unix servers, and the client side is tons simpler to set up than X11.) This is a shame, because giving Mac OS X this capability would really help sell things like Mac OS X Server, Xserves and Xserve RAIDS.

For example, if you have a school with older macs that can't afford to upgrade the clients AND the servers, but can do one, then, with Citrix/WTS capabilities, they could get an Xserve, and turn even ancient Macs into clients. That way, they'd be able to phase in Mac OS X clients in a way that was less abusive to their budgets. If you have a lab full of windows machines, and you wanted to use iMovie and iDVD to teach the basics of Video production, then with Citrix/WTS services, you could buy a set of Xserves and Xserve RAIDs, put a MacTerminalServices client on the lab machines, and bang! you're running. You'd still have limits on burning DVDs, but that's hardware. If you put burners in the Xserves, then you could get around that somewhat.

It would be great for FCP jockeys, Maya Jockeys, etc. With FCP, once you have all the footage moved from tape to disk, you could run FCP on some big, fat G5 Xserves via the MacTerminalServices client from almost anything. Got a 24 hour render job? Go home. Log in here and there and check on it. It'll run, and you don't have to leave your main machine on.

What's nice is that it allows you to have longer client upgrade cycles. (Yes, obviously a single server won't support 200 FCP jockeys. But there's this concept of load balancing, and this thing called a server farm that can help you with that.) Citrix/WTS capabilities in Mac OS X and Mac OS X Server would greatly expand the platform, and give companies that are considering the platform another reason to write the check for it. It could also be a HUGE push of Xserve and Xserve RAID sales as well. I know when I'm at this year's WWDC, I'm going to prod quite a few people about it.

| Comments ()

May 15, 2004

So Moveable Type 3 is going to cost money.

Now, I like my current version. I don't HAVE to upgrade. But were I to upgrade, this would cost me between $120 and $150. And honestly, MT is not a product that has this level of quality.

The install sucks.total.ass

Really.

The documentation is on the shoddy side, and it's tedious to do certain things.

But if it's free, oh well, it's free.

If I have to pay, I become less willing to do the dev's work for them.

So,

What would be another choice?

With the following requirements:

1) Import my old stuff. If I have to retype, no way Jose
2) Use my old style sheets. Again, I'm not redoing this crap.
3) it has to run on OS X and FreeBSD
4) It has to support ecto

So...suggestions?

Update: So, not surprisingly, Six Apart decided that maybe making the licensing terms clearer would be a good idea. A site such as this one, counts as 1 weblog, since it all happens under 1 URL. That's good. Because honestly, it seemed as though before, I had 6. And while I have no problem paying for software, I've yet to see anything from 3.0 that says paying for it gets me anything that I didn't have before. As John Gruber said in his most excellent missive on this:

“The problem with making MT 3.0 a paid upgrade is that it offers very few new features.”

Read the post. He says everything I'd say, and probably better. Again, I have no problem with commercial software. But, should you choose to stick a hand in my pocket, you're going to do a lot of work to actually get money out of it. Maybe when I see that, I'll pay, even though I don't have to.

| Comments ()

May 11, 2004

So we're going to take a look at one of the most common, and silliest concepts known in business: That technical competence and time in a position somehow magically translate to management skill. The equally silly corollary is that someone can somehow magically "grow" into a position with little or no formal training.

The only thing this kind of thinking is good at is the creation of failure. Oh, this is directed at people in charge, because they're the ones responsible for making bad managers.

Being a manager at almost any level is a lot harder than it looks. I mean, everyone can get an the relative difficulty of being a non-manager. You come in, you do a job, right? The job description is a pretty good indication of the level of difficulty and what kind. For example, being a janitor may not be the mental challenge that being a mathematician is, but on the other hand, it requires a lot more physical ability, emotional maturity, and a strong stomach. The point is, no matter what the job is, you can look at the title, or the description and have a pretty fair idea of what is involved in that job.

WIth one exception.

Being a manager is not so simple. First, you lose the one thing that non-managers have: control over your own destiny. If you're the person doing the work, then you've got pretty good control over your destiny. If you do the job really well, your career will do well. Screw it up continuously, and you're fired. Pretty simple, right? But when you're a manager, your job performance, and therefore your career is based on how the people you're in charge of do. So the way your boss decides how well you do is by looking at the work done by the people you're in charge of. They do well, so do you. They don't do well, you don't do well.

If that was the worst of it, being a manager would still be pretty easy. Just make sure your people do well. But it gets trickier. You have to worry about "soft" issues, like "morale" and "attitude", "employee satisfaction", and the like. If one person on your team has a death in the family, you need to not only know, but know how to help them deal with it in the best way for them, so they don't adversely affect everyone else on the team. If it sounds like you have to be somewhat involved with your subordinate's lives, well, yes, you do.

Oh, and you also have to keep an eye on their job performance, interpersonal relationships, coworker relationships both in and out of the workplace, keep an eye on the larger picture, and ensure that both your boss's and your employee's needs are met.

Yet somehow, if you have X years of experience, you're just supposed to magically know this? It's ridiculous to do this, yet I see it constantly. i've been on projects where they took someone with no management or leadership training, and put them in charge of a high - profile project, and wondered why it floundered. Well, maybe throwing a kitten in a shark tank isn't the best way to teach the kitten to swim?

Since I mentioned the word, let me clarify something. Leadership and Management may be interrelated, but they are not the same. You manage things, you lead people. I know that "Leadership" sounds awfully reactionary, and militaristic. Well, that tends to be because Leadership is a critical thing in the military. If you look at the recent Abu Ghraib debacle in Iraq, and read the Taguba report, a large chunk of the findings of fact all point to a breakdown in Leadership. If you're in charge, and you can't lead people, then you're doomed. It sounds terribly obvious, but having someone in charge who knows how to lead is a constant of any good team, regardless of size. Apple is a great example. Jobs leaves, and Sculley takes over. Well, Sculley's not much of a leader. But he does okay, although circumstances help him more than he'll ever know. He leaves and we start the death march of bad Apple CEOs. The company has no head. Steve Jobs returns, and BAM, the company is doing well. It may never have the market share it once did, but the company is leading the industry in innovation at almost every level.

Steve Jobs did not do this by himself, but he provided the one thing that Apple, or any company needs...a good leader. Someone who is not afraid to say "no", or "yes" for that matter. Someone who is willing to take a risk, then stand and take the arrows if something fails. (I'm speaking specifically about the Cube here. When it came time to admit it was a failure, who stood up there at the podium and said the words? Jobs. That's important, and a sign that he is one of the better leaders in the business community.) Jobs killed popular projects, such as Hypercard, and the Newton, and he created even better ones, like the iPod, the iMac, and the iTMS. but the most important thing he is, is in charge. There is no doubt about who is in charge of Apple. It's Steve.

Strong leadership, even if it's bad, is better than weak leadership. Even if the person in charge is really messing up, if they are in charge, it's an easy fix, far easier than if the problem is weak leadership. Weak leadership can hide as quite a few different problems, and you can spend a lot of time putting out the wrong fires.

People, not resources are the hardest, and most critical part of a manager's job. If you're thinking, "But people are resources, stop it. That's putting the people on your team at the same level as your network switch. You can get a new switch, but a team that works well together is priceless. You cannot lose with a good team, you cannot win with a bad one.

The critical thing here is that Management and Leadership is a learned skill. There are no true "Natural Born Leaders". That's charisma, and someone who's a moron with charisma is a charismatic moron, not a good manager. "Natural Born Leader" also translates to "leads by force of personality", and that's bad far more often than it's good. If you're going to put someone in charge, require them to take management and leadership classes before they're put in charge of anything. This isn't a one time deal either. Require continuing education on this. Yes, it's expensive, but it'll never be as expensive as putting someone who has a lot of experience, but no management skills in charge.

If you're about to be made a manager, pester your bosses relentlessly about management training prior to you starting in that position. If your only training is in what form to fill out for office furniture and a refresher in the company rules, you're screwed.

I could literally write for months about this, and others have, it's a popular field of literature. So I won't, it would be redundant. Just always remember, and please never forget...being a manager is a specialized skill, so considering what a bad manager will do to your company, isn't it worth it to create a good one?

| Comments ()