Everything In Between

In some communities, this is sort of old news, however I’ve recently become aware of an exciting and affordable security product called the YubiKey, manufactured by Yubico. The YubiKey is a $35 USD one-time password second-factor authentication token that uses 128-bit AES encryption to provide identity verification. That’s a mouthful, but what it really means is this: using a YubiKey to log in to stuff makes your logins about as secure as a military installation. Here’s how.

When you log in to just about any Web site or Internet-enabled service, say Basecamp for example, you traditionally simply type in a user name and matching password. This is known as one-factor authentication because all you need to do to log in successfully is use a matching pair of user names and their passwords. Since the user name is not hidden, the only piece of the puzzle that’s providing any security is your password.

Now, a password is something you have to remember, so this factor is called "something you know." Of course, if someone else also knows your password, this means that person can log in pretending to be you. Thus enters the need for a second factor for authentication.

The YubiKey is a physical USB fob device with a unique ID. That is, each YubiKey in the world has its own ID, meaning that no two are identical. This implies that if you have a YubiKey with you, no one else can have that same YubiKey anywhere else in the universe. Thus, this gives you a second factor with which to authenticate yourself, specifically it’s "something you have."

When you combine something you know (for instance, a password) with something you have (such as a YubiKey), you have two-factor authentication. Authenticating yourself with both of these factors is obviously more secure than relying solely on one factor because in order to compromise it an attacker needs to compromise both factors; the attacker would need to know what you know (figure out your password) and steal something you have (physically obtain your YubiKey).

If you’re familiar with one-time credit cards such as those that PayPal offers, you can think of the YubiKey like one of these cards, but instead of being used to make online purchases, it’s used for logging into stuff (and, of course, you don’t need more than one physical YubiKey). Of course, for authentication to work with the YubiKey the application or service you are logging into has to be able to understand that you’re using one of these authentication devices.

The good news here is that the entire process of using a YubiKey is a well-documented, open-source, and open-spec scheme so it’s easy for service providers to implement. And, because Yubico is also an OpenID identity provider, you can use your YubiKey to log into any site that supports the OpenID protocol right now, such as (you guessed it) Basecamp! There’s even a WordPress YubiKey plugin so you could theoretically use your YubiKey to secure your authentication to any of your WordPress blogs.

The YubiKey spec is, itself, completely independant of the OpenID spec and vice versa, which is what makes the combination so formidable. What’s so cool about this process is that the site you’re authenticating to, such as Basecamp or your WordPress blog, doesn’t have to know anything about how you’re authenticating because the OpenID provider (Yubico in this example) simply returns the answer—a perfect example of a well-constructed API at work. Either you have successfully authenticated to your OpenID provider or you haven’t, and the site can respond accordingly.

And if that’s not cool enough, want to know the coolest thing about the YubiKey? It’s environmentally friendly! The YubiKey web site states that the robust, ultra-thin and battery-free design increases lifetime and reduces environmental impact.

I’m more than seriously considering getting one of these myself, and even beyond that, getting one for all of my fellow site editors on some of the community web sites I help maintain. This is especially important for sites dealing in confidential or otherwise sensitive information, such as those which hold financial records or have other privacy concerns. Securing the authentication of privileged users such as the site administrators seems a natural step.

Even better yet, because the only cost to implementing this system is developer resources and the cost of the physical YubiKey device, I’m also seriously considering baking this right into any new sites I develop. At $35, a YubiKey is actually cheaper than an SSL certificate, and even though they don’t protect against all the same attack vectors, I think a device like the YubiKey is clearly a vastly superior solution in the majority of use cases.

I never really had a compelling reason to begin to propagate an OpenID identity before but now, at last, I do.

I subscribe to a number of really great technology newsletters because they interest me. One of these is the XML.com weekly newsletter. XML is a technology that has exploded in the last several years, and its specifically an area that I, as a front-end and semantic web specialist, find exceptionally intriguing. Most intriguing today, however, was Managing Editor of XML.com Kurt Cagle’s article titled Is Telecommuting the Next Wave for Education? in the XML.com newsletter.

Not only was it a great article that highlights a particular XML schema for education-related material produced by the Schools Interoperability Framework Association, it paints the picture of a future I’ve already lived ten years ago. I am heartened to see that, at long last, other people are beginning to see the benefits of technology used for “distance learning.” Frankly, I can’t imagine learning any other way.

I tried to find this article online so I could link to it, but I could not. Instead, I’m reposting the article in full here. If this is available somewhere on the ‘net that I just haven’t found yet, please let me know.

Is Telecommuting the Next Wave for Education? by Kurt Cagle, Managing Editor,xml.com.

In the great analysis game, I have two particularly adept spies - my daughters. Over the years I’ve noticed that both of my daughters tend to be remarkably good barometers about the way that the wind is blowing with regard to youth trends, which in turn tend to be significant because teenagers in particular often tend to be the earliest adopters of new technologies. If something doesn’t resonate with them, no matter how big a marketing budget, it usually doesn’t fly.

One of the things I’ve noticed with my eldest daughter in particular is how many of her friends either are or have been recently “home-schooled”. Now, for many, home-schooling has long been associated with religious organizations, particularly evangelical Christians, who feel that the school system is too secular for raising their kids. However, given that the kids I know (and their parents) are generally not in that community, I was a little puzzled with what was going on.

Instead, what seems to be happening is a phenomenon that I think will have major ramifications for society, and certainly for the tech community. As the Internet was taking off around 2000, a lot of school districts began implementing a program to help those people who were often at significant distances from a school by offering certain classes online - with exercises online, video conferencing and periodic tests. At first, these classes were ones that you would expect to make the migration - science and math courses - but over time, they have extended to cover everything except those classes that require group participation - band, or choir, for example - or need physical facilities, such as wood-working. Physical education requirements could generally be met by agreeing to some form of monitored activity - swimming classes at a recreational center, for instance.

Yet a funny thing happened while setting up these distance learning programs. While remote users became enthusiastic participants in this new wave, the largest group of users have been urban or suburban kids who, for one reason or another, didn’t fit well within the school paradigm. In some cases, the people who took advantage of these courses were students who were involved in focused activities that involved travel - talented musicians who were often on the road, dancers, athletes who were often involved in activities at different schools or other events, or those whose family travelled frequently, who took to the distance courses because they were able to learn better around their other activities. In some cases, the students were people who were going through emotional issues at home - a death or divorce, for instance, though increasingly that has made its way up into those students who just couldn’t face the high-pressure world of middle-school or high-school dynamics.

In other words, the kids and teenagers who were taking advantage of these courses just recognized that it gave them an opportunity to learn in the same way that they are increasingly interacting with the rest of the world - through the computer. Teenagers are hard wired to be more alert in the evening, and typically to be sluggish in the morning, yet school as it is set up right now forces them to be capable of handling complex math and science first thing in the day, when they are generally least reponsive to learning much of anything. Then they are forced to take home dozens of pages of homework that will force them to stay up until late in the evening anyway, meaning that by the time they reach the end of the week, they are physically and mentally exhausted.

Distance Learning lets them combine the homework with the schoolwork, so they can practice new concepts when they’re presented, not after the concepts have become hazy after a full day. It moves them away from the tyranny of the timetable so that if they are having trouble learning a concept, they can spend the time they need to master it, rather than stopping abruptly halfway through because they have to move onto their next class. It also means that if they have mastered a concept, they do not have to sit around bored while others are still trying to figure out something.

It also lets them have access to the rest of the Internet to use as a research tool. While traditional academics may shudder at this notion, as a recent controversy at one university showcased when a student was expelled for setting up a study group on Facebook, the reality is that we’re moving past the point at which we need to keep a vast storehouse of information locked up in within our brains. In an era of information ubiquity, many of the skills that are taught in schools are beginning to seem increasingly quaint, and the teachers that are effective are typically the ones that have managed to incorporate this info-sphere in their own teachings. One social studies teacher of my acquaintance in particular has become quite effective at teaching using PowerPoint, Wikipedia, and other multimedia resources, and he goes out of his way to teach children not the history itself (which they can generally look up) but how to research and analyze that history and take from it any lessons that a given period may have to offer.

Distance Learning programs are also becoming more popular for the same reason that telecommuting is becoming popular - school districts are facing increasing prices for gas and food as a typical family is, but multiplied by several thousand. Many school districts are responding to this by cutting down on the routes that their school buses follow (or in some cases eliminating bus systems entirely) forcing parents to take their kids themselves, often, ironically, increasing the total gas use dramatically and certainly causing headaches for parents who have to integrate their kids into their own commuting schedules. Similarly, school cafeteria programs are being scaled back or eliminated entirely because the cost of the food is becoming painfully high. Add into that aging infrastructures for schools, in a time when the population itself is aging (and hence less likely to fund school initiatives if it affects property taxes), and what you have is a recipe for disintegrating school systems.

Given that, the idea of distance learning as an alternative is one that may be popular at the school board level, as in general, you can generally buy a whole lot of educational training and assistance for what it normally costs to move and feed kids. While it does require some retraining on the part of the teachers, they’re also attracted to it because their job frequently involves trying to keep order over thirty to as many as forty kids, many of whom simply do not want to be there - and the same time-shifting that occurs for the students typically occurs for them as well. Indeed, in many cases what ends up happening is that the teachers pre-record certain segments of their lectures (and are increasingly posting them up on YouTube), then set up one-on-one or group chat sessions with the students.

As for the parents in this equation, I’ve often suspected that one of the reasons for the decline in the quality of contemporary education has been the fact that school has become the place where parents warehouse their kids for the day. Home-schooling does require more parental involvement, but in general it is also far easier for those parents to keep a fairly close eye on what their kids are up to in this day and age when the parents are not at home, at least for kids of a certain age. What’s more, schools are in many ways like hospitals - while their ostensible purpose is education, the chance of their kids learning bad habits is far higher in school settings than they generally are at home - and the kids that are trying to be good aren’t distracted by the ones determined to make trouble.

That’s not to say that there aren’t distractions. My eldest daughter has been known to keep a chat window up talking to friends when she should be concentrating on homework, though in fairness to her, what she’s chatting about often involves that same homework, albeit in a rather disconnected fashion:

Kat: I'm :-( ):-\. Zuko shippeded Kataara. Urgh ..
Neechan: Urrgghhhhh.
Hey, what's I if volts is 10 and ohms = 3 % (can't write the squiggle for
ohms)?
Kat: Um V =IR so, uhm, I is RV ...
Neechan: No, R over V.
Kat: Oh. Right. :-) .... so 3 divided by 10 - .3. Bad Zuko! ...

Is this bad? No - it’s only different from the way that those of us who grew up pre-Internet see the world. Distance Learning does not change the amount of homework (though I suspect that it cuts down pretty dramatically on the makework that tends to deaden interest in a subject rather than reinforcing the concepts), nor does it change the need for accountability. The kids still need to test, and still need to show that they have learned, but I suspect that their retention rates will likely be considerably higher if they can learn in a way that works well for them.

Long term, I think that this will likely end up deconstructing the traditional school system, though this is a process that will take decades to happen completely. It means, for the aggressive learners, that they could in fact complete a formal curriculum in a fraction of the time necessary, though a good teacher can work with those particular students to provide additional areas of study for them to engage with. It means that slower students can learn at their own pace, and can generally be flagged for additional help if they fall sufficiently behind. Money that school districts save in terms of providing physical infrastructure in transportation can be spent on those activities that do promote socialization - music, art, theatre, sports, civic days, and so forth - and monthly activities that bring students together can keep the bond in place of school as community.

Distributed education is part of the larger process of social redistribution that is occurring because of the Internet. Modern education emerged about the same time that the modern corporation emerged - in the 1930s - during an era when the dominant forces at play involved hierarchies, centralization, consolidation and economies of scale. In this decade, the dominant forces are network related - decentralization, the economies of global localities, the disintermediation of authority and the a shift away from the geographical. Just as these forces are resisted at the corporate level despite the obvious benefits (and just as workers in places that can telecommute are increasingly doing so) , these same forces are resisted at the educational level with much the same results - students (and their parents) are taking advantage of any loophole they can to make it available to their kids because it results in a better education for them).

So far, most educational software is boutiqueware, typically Flash-like applications. This won’t necessarily change moving forward (it is hard in general to make educational software that doesn’t have a strong “games-like” component, and for the most part that game approach makes the educational software far more engaging than it would be otherwise), but one thing that will need to happen as the distributed systems move forward is for the emergence of some kind of general framework for the exchange of educational related information. One particularly promising start in this direction is the development of the Schools Interoperability Framework (SIF) (http://www.sifinfo.org/sif-specification.asp), which is an XML standard most recently updated in March 2008. Its mandate is fairly broad - providing XML schemas for describing grade-books, library services, student information, instructional services and so forth - (see Figure 1. SIF Zone Services).Figure 1. SIF Zone Services.

One of the jobs that the XML community needs to do is to reach out to the developers of educational software and insure that they are aware of the SIF standards, in order to provide better interoperability between their core applications and the growing educational educational noosphere, and to reach out to educators and education IT departments (which are all too typically the math teacher in his spare time) to make them cognizant of these same standards and to help implement solutions around these standards. As more students opt to go “virtual” the ability to maintain consistent, and more important interoperable, records becomes ever more paramount.

Long term, the move towards distributed education will shape society in some very profound ways. The kids going to school in such an environment today are more adept at the art of self-education, are usually more capable at analysis and research, and because they managed to avoid the often harsh emotional trauma of dealing with several hundred other kids of the same age daily, usually have more self-confidence than their school-based peers. They’ll likely have little patience for the Tayloresque approach to college education and will continue their lives in a similar manner by educating themselves within the college’s online environment (and will tend to shun those colleges that don’t offer such services) and when they start coming into the workforce in sufficient numbers, they will reshape the way that organizations are set up. On the flip side, I think this is likely to cause a huge amount of cultural friction between this generation and those educated more traditionally in previous generations, because their respective realities will be very different.

So far, the movement is still just a trickle, but watch this space closely - it will become a flood soon enough - and the bricks in the wall will come tumbling down (to paraphrase Pink Floyd).

I think it’s important—for a lot of reasons—to let people do what they want rather than to try to force people to do what you think is right. Ning is a company that gets it:

In a nutshell, we aren’t pro-porn, but we are pro-freedom.

To prevent porn, you have to take an activist stand against freedom of expression — you have to get in there and judge content, judge people, judge intent, and take action based on your judgments. I would never criticize a company for doing so, but I don’t want to do that, and we as a company don’t want to do that.

We think a better approach is to let people fundamentally do what they want, as long as it isn’t illegal and doesn’t otherwise violate our terms of service.

A heartfelt applause to Marc and everyone at Ning for putting their user’s personal choices ahead of their own. It’s not only good social justice, it’s excellent business.

Marc even provides some history:

From the very beginning of the Internet as a mass medium, porn has been present, and all of the Internet companies that have come before us have had to figure out where they stand.

[…]

[D]uring my time at AOL, I was fascinated to see how AOL dealt with porn. AOL had to balance two facts. One, their entire marketing thrust to be a mass market service meant that they had to come across as — and be — highly family-friendly. And in fact, they did a lot of work with parental controls and other features to make sure that families would use AOL safely. But the other fact was that a huge part of AOL’s actual usage all through the 90’s was for adult content — chat rooms, bulletin boards, and all the rest.

In practice, I think they balanced those two facts quite well — AOL could be used as a family-friendly service or as an open environment for people to do whatever they want, and it worked quite well for everyone.

This is a model that Yahoo then followed, and Google more recently.

Yahoo has always had an enormous amount of adult activity and material — some estimates are that as much as half of Yahoo Groups’ activity is adult in nature, for example.

And Google of course famously crawls and serves up search results and images for all kinds of adult topics, among every other topic in the world.

In light of many high-profile anti-porn practices by social networking sites such as MySpace, Facebook, and to a lesser degree, LiveJournal, it’s great to see that at least one company has put its own business ahead of other people’s politics. It’s precisely that sort of thing that’s made Marc an entrepreneurial blockbuster time and time again.

And frankly, I think the social agenda called freedom is just as important.

Via Susan Mernit

From the everything-you-say-can-and-will-be-used-against-you department:

• Computer scientists will almost always be able to de-anonymize “anonymous” data, in this case thanks to movie ratings,
• Google offers users another way to store personal data,
• and all of this is old news

I’ve been doing this for years, and my solution is pretty simple: no regrets.

As an aside, these days when you punch in “privacy concern” into Googlepedia, you get the Wikipedia entry for Facebook. I was kind of expecting the entry for “US Government,” but whatever.

Huzzah! Google (finally) updated GMail for free IMAP support. However, their setup instructions for Apple Mail stop short of actually completeing the configuration in a way that makes using GMail’s IMAP service feel seamless. Sure, everything will work fine, but how do you archive a message?

The answer is tricky: you have to drag the message into your “[GMail]/All Mail” folder way down hidden inside the nested list of IMAP mailboxes on the left-hand side of the Mail Viewer window. That’s hardly as easy as pushing GMail’s “Archive” button. So, if you really want to get the most of your GMail over IMAP in Apple Mail experience, you have to do all of the following:

1. First, of course enable IMAP for your account.
2. Second, follow all of Google’s instructions on their own configuration for Apple Mail page.
3. Next, set your account’s Mailbox Preferences in Mail to never delete email automatically and to store all messages of all types on GMail’s servers, as shown in the screenshot below:
   

   When this is done, close the Preferences window and save your changes.

4. Finally, these last few steps involve telling Apple Mail which GMail folders should be used for which purpose, such as your drafting folder, your sent mail folder, and so on. This is how you will map Apple Mail-native commands like “Delete” to GMail-native commands like “Archive.” To complete this process, perform the following steps:
   • Expand your GMail IMAP account in the list of mailboxes and also expand your “[GMail]” folder. You’ll see a third list of folders that include “All Mail,” “Drafts,” “Sent Mail,” “Spam,” “Starred,” and “Trash.”
   • Select the “Drafts” folder, and then choose Mailbox → Use This Mailbox For → Drafts from the menu bar.
   • Select the “Sent Mail” folder and then choose Mailbox → Use This Mailbox For → Sent from the menu bar.
   • Select the “Spam” folder and then choose Mailbox → Use This Mailbox For → Junk from the menu bar.
   • You’ve now mapped Drafts, Sent, and Junk to the proper GMail mailboxes, but still have Apple’s notion of the Trash mailbox. You can map this in one of two ways. Either you can map it to the “Trash” folder in which case you when you delete a message in Apple Mail you will also delete it from GMail, or you can map it to the “All Mail” folder in which case when you a delete a message in Apple Mail you will archive it in GMail. The choice is up to you.

That’s all. Now you have a much more Apple-like GMail over IMAP experience.

There is always a ton of discussion about the business of programming by programmers and project managers alike. Of course, there are always (at least) two sides of this coin: the programmer and the client. For employed developers (such as myself), the client is typically also the employer, and this creates a situation that is extremely treacherous. A similar situation exists for system administrators—I know, I’ve been in that situation, too.

It’s frustrating that people’s lack of understanding about the various computer industries leads to situations that affect so many innocent bystanders. The fact that computer programmers and sysadmins (in the US) are currently considered ineligible for overtime pay because “all they do is implement someone else’s desires”, even though every computer professional knows how much independent thought and judgement is required in their everyday jobs to produce a quality result, is a classic example of this. (How sad is it that we actually have a “classic” example, by the way?)

In a recent post by Greg Jorgensen over at the Typical Programmer blog, Greg cites Joel Spolsky (programmer extraordinaire), as saying that working ’til midnight is a sure-fire way to get software projects to fail. However, while this is certainly sound reasoning as far as I can tell, what’s even more frustrating to me than being made to work long hours is having my desires for learning and skill development brushed off and made less important than the project deadlines.

Joel says that the first thing you can do to destroy the hope of a successful software project is to hire mediocre programmers, instead of the best ones. Greg makes the good point that we were all mediocre programmers once. How did we get better? Greg says,

The best way to use the people on the team and to help them gain experience is to have them work together as much as possible. Even without keyboard sharing it’s better to have programmers mentor and learn from each other than to let each carve out a domain no one else understands.

And indeed, search the job listings on any career search board and you’ll see companies trying to sell themselves to you in exactly that fashion. But once you’re hired, it’s often a very, very different tune. Suddenly your interests in skill development take a back seat to project deadlines, tight schedules, and more work. This is all, of course, understandable to some degree, but as an all-encompassing truism that provides no wiggle room, I can’t tolerate it.

What irritates me even further is that companies and recruiters only seem to seek the already-skilled. I may be fortunate to be on this list for some skills and so am thankfully not living on the street, but I know better than most that I am not a world-class programmer or an exceptional system administrator. Frankly, I think I am a mile wide and an inch deep in most of the things that I know. Thus, it is irritating that this isn’t seen as a skill when, in fact, it is the one thing that has given me the most success: my speciality is being a generalist, and my ability to learn new technologies’s baseline quickly is what’s enabled me to hold so many different kinds of tech jobs.

And why have I held so many different kinds of tech jobs? Because not a single job I’ve ever held has actually encouraged me (except on my own time, as opposed to on the company’s dime) to broaden my skill set. Frankly, broadening my skill set is why I like to work. And having employees who like to work seems like it would be good for business.

So why is skills development only paid lip service by every company I’ve ever worked for?

Things that are absolutely nuts:

• Net Neutrality is finally a completely obvious good thing, as opposed to just the sort of obvious good thing it used to be. (Of course, that issue isn’t really about Net Neutrality, but it’s at least tangentially related, which makes this bullshit an order of magnitude less bullshitty than what usually happens.)
• Verizon’s greed knows “unlimited” bounds.
• If we can’t impeach Bush, we can sue him, right? Yeah, that’s how we solve things in States.

In completely unrelated news, maybe here’s why I’m such a pessimist.

• This story of air pollution from leaded fuel sources being linked to violent behavior is eerily similar to the Reapers of Joss Whedon’s Serenity.
• GMail gets IMAP (finally!).
• I really am not that all different; I’m just ahead of my time. From the article:
  

  “Young people aren’t choosing computer science majors because they take technology for granted — it’s something to use not something to make a career. “By and large, this generation is very fluent with technology and with a networked world,” according to James Ware, executive producer at The Work Design Collaborative LLC, a Berkeley, Calif., consortium exploring workplace values and the future of the workforce. That future may be in managing technology, which requires skills today’s college students don’t have: writing, critical thinking, hard work and just plain showing up. One of their primary concerns is a flexible schedule and healthy work/life balance.”

  (Emphasis added.)

This is already horribly old news, and by old I mean several days ago since that’s about as fast as it takes technology news to grow old, but Apple is releasing Mac OS X 10.5 “Leopard” at the end of this month. Apple is calling this release a “major upgrade,” and indeed Apple has rarely made its users wait so long between operating system releases as they have done between Tiger (Mac OS X 10.4) and Leopard. So, I’m already excited.

But then today I was glossing over Apple’s featured features list and I got even more excited. There are the usual, largely meaningless, fluff updates that are nice for Joe Schmo or his mother, but that power users simply don’t care about, like the new iChat support for animated buddy icons, but the list is also chock-full of really cool, really useful features.

What’s interesting is that a good deal of these features aren’t really new features at all. For instance, if you knew how to manipulate the NetInfo database on your Mac, you could already share any folder via Apple’s “Personal File Sharing” feature. (Here’s a Mac OS X Hints hint explaining how to do it.) In Leopard, however, Apple claims that this functionality is now integrated straight into a folder’s Get Info… window. If it works as smoothly as Apple claims, this is finally going to bring Mac OS X (client) into decent competition with Windows XP Professional in terms of GUI-level power-user features.

However, while all of these features are really cool, here’s a list of the ten geekiest features I will probably absolutely love, for one reason or another.

• Ruby on Rails, out of the box — The hot thing in web development right now is Ruby on Rails. Macs have already been the best personal desktop and web development platform because they have built-in support for the Apache web server and a host of other features, but now they will come with a ready-to-roll installation of Ruby on Rails, sporting Mongrel and (better yet) Capistrano! Specifically with the addition of Capistrano, which is terribly undersold as simply a Ruby on Rails deployment platform, these UNIX-y “toolbox” items are bound to make Macs that much more useful right out of the box.
• Safari’s full history search — As their recent public partnerships with Google have shown, Apple is very clearly invested in search technologies. Spotlight gets a huge number of improvements in Leopard, but none which I think are going to be more useful to more people than this one: spotlight searches on the full text of each web page in your visited history list. That’s just awesome. Also awesome: using spotlight as a calculator and as a dictionary, which also shows just how Google-like Apple is trying to be. (Google also lets you ask it arithmetic questions and a dictionary.)
• Wikipedia articles in Dictionary.app — I love Wikipedia because it’s one of the fastest ways to get (relatively) reliable information quickly. Now that Dictionary.app has built-in integration with Wikipedia, imagine the possibilities for getting that knowledge instant-gratification craving fixed. Apple has not yet announced this capability, but I can easily envision a scenario where all Cocoa text fields are instantly “wikified” (with text that matches Wikipedia articles highlighted) much in the same way that current Cocoa text fields allow you to right-click on a misspelled word and have it corrected by Dictionary.app.
• Application-based firewall — In classic Apple fashion, functionality that was previously available via third-party additions is now available from Apple itself. In this case, I have to wonder how well Apple’s updates to its firewall will obviate the need for Little Snitch, which is basically an application-based firewall, too, and a good one at that.
• Built-in guest log-in account — If you’re as paranoid about security as I am, you’ve already created a special, limited-access user on your system (called Guest or Visitor or whatever) and whenever friends are over, you tell them to use that account instead of your own. Now in Leopard, Apple has gone through the trouble of setting this up for us already. A small change that is going to have a big impact.
• Scriptable System Preferences & applications — With AppleScript, you can automate the things your computer does with scripts, as long as those things are “scriptable.” In previous versions of Mac OS X, huge gaping holes of what things shipped by Apple were scriptable existed, causing me (personally) some really annoying headaches. AppleScript GUI scripting helped me get around many of those roadblocks, but now it seems Apple is finally filling in some of the most notorious gaps in this functionality with scriptable System Preferences. Yay!
• Automator workflow variables — Automator brings the power of AppleScript I just mentioned to more people with a completely graphic programming environment. There is no need to open up a text document and write AppleScript code because Automator lets you create a script (called a Workflow in Automator jargon) using your mouse by dragging and dropping actions into the order you want them to be performed. It’s very slick, but until now it’s been very limited. With Leopard, Apple is beefing up Automator so that it includes things like variables, basic programmatic capability that was sorely lacking before. (Also majorly cool: a command-line utility to access Automator!)
• Finder.app’s path bar — Every serious Mac user knows that the Finder needs a lot of help. Now, it’s getting some. Something the Windows Explorer has had forever (as had every desktop environment for Linux, of course) is a visual cue to show you where in your filesystem tree a given folder is located when you are viewing said folder. Now the Finder gains this capability (though Apple’s description implies that it’s going to be off by default) with what Apple is calling a “Path Bar”. Finally!
• Cocoa and scripting bridges — Even though no one really seems to know about it, it has long been possible for languages other than AppleScript to do things like send Apple Events to Mac OS X applications. Specifically, Ruby and JavaScript, two of the most well-known web development languages in existence, can already do this with a single ScriptingAddition (OSAX). But now Apple is making this functionality a central feature and fully extending it to their Objective-C (and Cocoa) language and applications such as Xcode and Interface Builder. This means people like me will have a shallower learning curve before we’re able to create full-fledged, native Mac OS X applications. Now that’s exciting!
• Xcode 3 refactoring — This is something you kind of have to see to believe. I got the opportunity to see it demoed at Apple’s Leopard Tech Talks last year and I was really excited by it. With the new Xcode, Apple’s development IDE, you can do away with find-and-replace searches for things like renaming functions because Xcode understands what parts of your code are what structures and, when you tell it to “change the function named myFunction to myNewFunction,” it’ll only find-and-replace function names instead of every instance of the string “myFunction.” That’s pretty big, and if it were available for more languages, it’s almost enough to make me ditch vim.

So there you have it. Ten features you might not have already known about that are some of the most promising features I can see in Leopard. And I didn’t even get into Wide-Area Bonjour, which could make services like DynDNS or No-IP a thing of the past (and which I still want to learn more about), or the new Terminal application (finally with tabs!), or even the multiple user certificates for S/MIME encrypted email.

Note: One of the least known security features available on Mac OS X is also possibly one of the best, and the simplest. Evidently, all Intel-based Macs are shipped with the XD (aka. NX, aka. DEP) bit turned on—and thankfully there doesn’t seem to be any way for users to turn it off. However, this isn’t a silver bullet and if you want to learn why you should check out this excellent Anandtech article: A Bit About the NX Bit.

When I first saw this video showing Windows XP booting off an Intel iMac, I was really excited. Of course, Sara’s reaction was far more realistic:

I don’t see why it’s cool that an annoying program works on a good machine.