Apple Apple Remote Desktop Administrator’s Guide Version 3 ARD3_AdminGuide.pdf Manuel Apple Apple Remote Desktop Administrator’s Guide Version 3 ARD3_AdminGuide.pdf Manuel Apple sur Fnac.com - Pour voir la liste complète des manuels APPLE, cliquez ici

 

 

TELECHARGER LE PDF sur :

http://images.apple.com/ca/fr/remotedesktop/pdf/ARD3_AdminGuide.pdf

Commander un produit Apple sur Fnac.com

 

 

Voir également d'autres Guides et documentation APPLE :

Apple-InstrumentsUserGuide.pdf-manuel

Apple-Logic-Pro-9-TDM-Guide-manuel

Apple-macbook_air_users_guide.pdf-manuel

Apple-macbook_air-13-inch_mid-2012-qs_ta.pdf-manuel

Apple-AppStoreMarketingGuidelines-JP.pdf-Japon-manuel

Apple-macbook_pro_retina_qs_ta.pdf-manuel

Apple-ipad_user_guide_tu.pdf-manuel

Apple-ipad_user_guide_th.pdf-manuel

Apple-iphone_user_guide_gr.pdf-manuel

Apple-Nike_Plus_iPod_Sensor_UG_2A.pdf-manuel

Apple-ipad_manual_del_usuario.pdf-manuel

Apple-ipad_uzivatelska_prirucka.pdf-manuel

Apple-ipad_wifi_informations_importantes.pdf-manuel

Apple-Xsan_2_Admin_Guide_v2.3.pdf-manuel

Apple-macbook_pro-13-inch-late-2012-quick_start.pdf-manuel

Apple-CocoaDrawingGuide.pdf-manuel

Apple-Cryptographic-Services-Guide-manuel

Apple-Resource-Programming-Guide-manuel

AppleSafariVisualEffectsProgGuide.pdf-manuel

/Apple-WorkingWithUSB.pdf-manuel

Apple-macbook_pro-retina-mid-2012-important_product_info_f.pdf-manuel

Apple-iOS_Security_May12.pdf-manue

Apple-Mac-Pro-2008-Performance-and-Productivity-for-Creative-Pros

Apple-iPod_shuffle_4thgen_Manuale_utente.pdf-Italie-Manuel

Apple-KernelProgramming.pdf-manuel

Apple-Core-Data-Model-Versioning-and-Data-Migration-Programming-Guide-manuel

Apple-RED_Workflows_with_Final_Cut_Pro_X.pdf-manuel

Apple-Transitioning-to-ARC-Release-Notes-manuel

Apple-iTunes-Connect-Sales-and-Trends-Guide-manuel

Apple-App-Sandbox-Design-Guide-manuel

Apple-String-Programming-Guide-manuel

Apple-Secure-Coding-Guide-manuel

Apple_AirPort_Networks_Early2009.pdf-manuel

Apple-TimeCapsule_SetupGuide_TA.pdf-manuel

Apple-time_capsule_4th_gen_setup.pdf-manuel

Apple-TimeCapsule_SetupGuide.pdf-manuel

Apple-TimeCapsule_SetupGuide_CH.pdf-Chinois-manuel

Apple-CodeSigningGuide.pdf-manuel

Apple-ViewControllerPGforiOS.pdf-manuel

Apple-KeyValueObserving.pdf-manuel

Apple-mac_mini-late-2012-quick_start.pdf-manuel

Apple-OS-X-Mountain-Lion-Core-Technologies-Overview-June-2012-manuel

Apple-OS-X-Server-Product-Overview-June-2012-manuel

Apple-Apple_Server_Diagnostics_UG_109.pdf-manuel

Apple-PackageMaker_UserGuide.pdf-manuel

Apple-Instrumentos_y_efectos_de_Logic_Studio.pdf-Manuel

Apple-ipod_nano_kayttoopas.pdf-Finlande-Manuel

Apple_ProRes_White_Paper_October_2012.pdf-Manuel

Apple-wp_osx_configuration_profiles.pdf-Manuel

Apple-UsingiTunesProducerFreeBooks.pdf-Manuel

Apple-ipad_manual_do_usuario.pdf-Portugais-Manuel

Apple-Instruments_et_effets_Logic_Studio.pdf-Manuel

Apple-ipod_touch_gebruikershandleiding.pdf-Neerlandais-Manuel

AppleiPod_shuffle_4thgen_Manual_del_usuario.pdf-Espagnol-Manuel

Apple-Premiers-contacts-avec-votre-PowerBook-G4-Manuel

Apple_Composite_AV_Cable.pdf-Manuel

Apple-iPod_shuffle_3rdGen_UG_DK.pdf-Danemark-Manuel

Apple-iPod_classic_160GB_Benutzerhandbuch.pdf-Allemand-Manuel

Apple-VoiceOver_GettingStarted-Manuel

Apple-iPod_touch_2.2_Benutzerhandbuch.pdf-Allemand-Manuel

Apple-Apple_TV_Opstillingsvejledning.pdf-Allemand-Manuel

Apple-iPod_shuffle_4thgen_Manuale_utente.pdf-Italie-Manuel

Apple-iphone_prirucka_uzivatela.pdf-Manuel

Apple-Aan-de-slag-Neerlandais-Manuel

Apple-airmac_express-80211n-2nd-gen_setup_guide.pdf-Thailande-Manuel

Apple-ipod_nano_benutzerhandbuch.pdf-Allemand-Manuel

Apple-aperture3.4_101.pdf-Manuel

Apple-Pages09_Anvandarhandbok.pdf-Manuel

Apple-nike_plus_ipod_sensor_ug_la.pdf-Mexique-Manuel

Apple-ResEdit-Reference-For-ResEdit02.1-Manuel

Apple-ipad_guide_de_l_utilisateur.pdf-Manuel

Apple-Compressor-4-Benutzerhandbuch-Allemand-Manuel

Apple-AirPort_Networks_Early2009_DK.pdf-Danemark-Manuel

Apple-MacBook_Pro_Mid2007_2.4_2.2GHz_F.pdf-Manuel

Apple-MacBook_13inch_Mid2010_UG_F.pdf-Manuel

Apple-Xserve-RAID-Presentation-technologique-Janvier-2004-Manuel

Apple-MacBook_Pro_15inch_Mid2010_F.pdf-Manuel

Apple-AirPort_Express-opstillingsvejledning.pdf-Danemark-Manuel

Apple-DEiPod_photo_Benutzerhandbuch_DE0190269.pdf-Allemand-Manuel

Apple-Final-Cut-Pro-X-Logic-Effects-Reference-Manuel

Apple-iPod_touch_2.1_Brugerhandbog.pdf-Danemark-Manuel

Apple-Remote-Desktop-Administratorhandbuch-Version-3.1-Allemand-Manuel

Apple-Qmaster-4-User-Manual-Manuel

Apple-Server_Administration_v10.5.pdf-Manuel

Apple-ipod_classic_features_guide.pdf-Manuel

Apple-Lecteur-Optique-Manuel

Apple-Carte-AirPort-Manuel

Apple-iPhone_Finger_Tips_Guide.pdf-Anglais-Manuel

Apple-Couvercle-Manuel

Apple-battery.cube.pdf-Manuel

Apple-Boitier-de-l-ordinateur-Manuel

Apple-Pile-Interne-Manuel

Apple-atacable.pdf-Manuel

Apple-videocard.pdf-Manuel

Apple-Guide_de_configuration_de_l_Airport_Express_5.1.pdf-Manuel

Apple-iMac_Mid2010_UG_F.pdf-Manuel

Apple-MacBook_13inch_Mid2009_F.pdf-Manuel

Apple-MacBook_Mid2007_UserGuide.F.pdf-Manuel

Apple-Designing_AirPort_Networks_10.5-Windows_F.pdf-Manuel

Apple-Administration_de_QuickTime_Streaming_et_Broadcasting_10.5.pdf-Manuel

Apple-Opstillingsvejledning_til_TimeCapsule.pdf-Danemark-Manuel

Apple-iPod_nano_5th_gen_Benutzerhandbuch.pdf-Manuel

Apple-iOS_Business.pdf-Manuel

Apple-AirPort_Extreme_Installationshandbuch.pdf-Manuel

Apple-Final_Cut_Express_4_Installation_de_votre_logiciel.pdf-Manuel

Apple-MacBook_Pro_15inch_2.53GHz_Mid2009.pdf-Manuel

Apple-Network_Services.pdf-Manuel

Apple-Aperture_Performing_Adjustments_f.pdf-Manuel

Apple-Supplement_au_guide_Premiers_contacts.pdf-Manuel

Apple-Administration_des_images_systeme_et_de_la_mise_a_jour_de_logiciels_10.5.pdf-Manuel

Apple-Mac_OSX_Server_v10.6_Premiers_contacts.pdf-Francais-Manuel

Apple-Designing_AirPort_Networks_10.5-Windows_F.pdf-Manuel

Apple-Mise_a_niveau_et_migration_v10.5.pdf-Manue

Apple-MacBookPro_Late_2007_2.4_2.2GHz_F.pdf-Manuel

Apple-Mac_mini_Late2009_SL_Server_F.pdf-Manuel

Apple-Mac_OS_X_Server_10.5_Premiers_contacts.pdf-Manuel

Apple-iPod_touch_2.0_Guide_de_l_utilisateur_CA.pdf-Manuel

Apple-MacBook_Pro_17inch_Mid2010_F.pdf-Manuel

Apple-Comment_demarrer_Leopard.pdf-Manuel

Apple-iPod_2ndGen_USB_Power_Adapter-FR.pdf-Manuel

Apple-Feuille_de_operations_10.4.pdf-Manuel

Apple-Time_Capsule_Installationshandbuch.pdf-Allemand-Manuel

Apple-F034-2262AXerve-grappe.pdf-Manuel

Apple-Mac_Pro_Early2009_4707_UG_F

Apple-imacg5_17inch_Power_Supply

Apple-Logic_Studio_Installieren_Ihrer_Software_Retail

Apple-IntroductionXserve1.0.1

Apple-Aperture_Getting_Started_d.pdf-Allemand

Apple-getting_started_with_passbook

Apple-iPod_mini_2nd_Gen_UserGuide.pdf-Anglais

Apple-Deploiement-d-iPhone-et-d-iPad-Reseaux-prives-virtuels

Apple-F034-2262AXerve-grappe

Apple-Mac_OS_X_Server_Glossaire_10.5

Apple-FRLogic_Pro_7_Guide_TDM

Apple-iphone_bluetooth_headset_userguide

Apple-Administration_des_services_reseau_10.5

Apple-imacg5_17inch_harddrive

Apple-iPod_nano_4th_gen_Manuale_utente

Apple-iBook-G4-Getting-Started

Apple-XsanGettingStarted

Apple-Mac_mini_UG-Early2006

Apple-Guide_des_fonctionnalites_de_l_iPod_classic

Apple-Guide_de_configuration_d_Xsan_2

Apple-MacBook_Late2006_UsersGuide

Apple-sur-Fnac.com

Apple-Mac_mini_Mid2010_User_Guide_F.pdf-Francais

Apple-PowerBookG3UserManual.PDF.Anglais

Apple-Installation_de_votre_logiciel_Logic_Studio_Retail

Apple-Pages-Guide-de-l-utilisateur

Apple-MacBook_Pro_13inch_Mid2009.pdf.Anglais

Apple-MacBook_Pro_15inch_Mid2009

Apple-Installation_de_votre_logiciel_Logic_Studio_Upgrade

Apple-FRLogic_Pro_7_Guide_TDM

Apple-airportextreme_802.11n_userguide

Apple-iPod_shuffle_3rdGen_UG

Apple-iPod_classic_160GB_User_Guide

Apple-iPod_nano_5th_gen_UserGuide

Apple-ipod_touch_features_guide

Apple-Wireless_Mighty_Mouse_UG

Apple-Advanced-Memory-Management-Programming-Guide

Apple-iOS-App-Programming-Guide

Apple-Concurrency-Programming-Guide

Apple-MainStage-2-User-Manual-Anglais

Apple-iMacG3_2002MultilingualUserGuide

Apple-iBookG3_DualUSBUserGuideMultilingual.PDF.Anglais

Apple-imacG5_20inch_AirPort

Apple-Guide_de_l_utilisateur_de_Mac_Pro_Early_2008

Apple-Installation_de_votre_logiciel_Logic_Express_8

Apple-iMac_Guide_de_l_utilisateur_Mid2007

Apple-imacg5_20inch_OpticalDrive

Apple-FCP6_Formats_de_diffusion_et_formats_HD

Apple-prise_en_charge_des_surfaces_de_controle_logic_pro_8

Apple-Aperture_Quick_Reference_f

Apple-Shake_4_User_Manual

Apple-aluminumAppleKeyboard_wireless2007_UserGuide

Apple-ipod_shuffle_features_guide

Apple-Color-User-Manual

Apple-XsanGettingStarted

Apple-Migration_10.4_2e_Ed

Apple-MacBook_Air_SuperDrive

Apple-MacBook_Late2007-f

ApplePowerMacG5_(Early_2005)_UserGuide

Apple-iSightUserGuide

Apple-MacBook_Pro_Early_2008_Guide_de_l_utilisateur

Apple-Nouvelles-fonctionnalites-aperture-1.5

Apple-premiers_contacts_2e_ed_10.4.pdf-Mac-OS-X-Server

Apple-premiers_contacts_2e_ed_10.4

Apple-eMac_2005UserGuide

Apple-imacg5_20inch_Inverter

Apple-Keynote2_UserGuide.pdf-Japon

Apple-Welcome_to_Tiger.pdf-Japon

Apple-XsanAdminGuide_j.pdf-Japon

Apple-PowerBookG4_UG_15GE.PDF-Japon

Apple-Xsan_Migration.pdf-Japon

Apple-Xserve_Intel_DIY_TopCover_JA.pdf-Japon

Apple-iPod_nano_6thgen_User_Guide_J.pdf-Japon

Apple-Aperture_Photography_Fundamentals.pdf-Japon

Apple-nikeipod_users_guide.pdf-Japon

Apple-QuickTime71_UsersGuide.pdf-Japon

Apple-iMacG5_iSight_UG.pdf-Japon

Apple-Aperture_Performing_Adjustments_j.pdf-Japon

Apple-iMacG5_17inch_HardDrive.pdf-Japon

Apple-iPod_shuffle_Features_Guide_J.pdf-Japon

Apple-MacBook_Air_User_Guide.pdf-Japon

Apple-MacBook_UsersGuide.pdf-Japon

Apple-iPad_iOS4_Brukerhandbok.pdf-Norge-Norvege

Apple-Apple_AirPort_Networks_Early2009_H.pd-Norge-Norvege

Apple-iPod_classic_120GB_no.pdf-Norge-Norvege

Apple-StoreKitGuide.pdf-Japon

Apple-Xserve_Intel_DIY_ExpansionCardRiser_JA.pdf-Japon

Apple-iMacG5_Battery.pdf-Japon

Apple-Logic_Pro_8_Getting_Started.pdf-Japon

Apple-PowerBook-handbok-Norge-Norveg

Apple-iWork09_formler_og_funksjoner.pdf-Norge-Norvege

Apple-MacBook_Pro_15inch_Mid2010_H.pdf-Norge-Norvege

Apple-MacPro_HardDrive_DIY.pdf-Japon

Apple-iPod_Fifth_Gen_Funksjonsoversikt.pdf-Norge-Norvege

Apple-MacBook_13inch_white_Early2009_H.pdf-Norge-Norvege

Apple-GarageBand_09_Komme_i_gang.pdf-Norge-Norvege

Apple-MacBook_Pro_15inch_Mid2009_H.pdf-Norge-Norvege

Apple-imac_mid2011_ug_h.pdf-Norge-Norvege

Apple-iDVD_08_Komme_i_gang.pdf-Norge-Norvege

Apple-MacBook_Air_11inch_Late2010_UG_H.pdf-Norge-Norvege

Apple-iMac_Mid2010_UG_H.pdf-Norge-Norvege

Apple-MacBook_13inch_Mid2009_H.pdf-Norge-Norvege

/Apple-iPhone_3G_Viktig_produktinformasjon_H-Norge-Norvege

Apple-MacBook_13inch_Mid2010_UG_H.pdf-Norge-Norvege

Apple-macbook_air_13inch_mid2011_ug_no.pdf-Norge-Norvege

Apple-Mac_mini_Early2009_UG_H.pdf-Norge-Norvege

Apple-ipad2_brukerhandbok.pdf-Norge-Norvege

Apple-iPhoto_08_Komme_i_gang.pdf-Norge-Norvege

Apple-MacBook_Air_Brukerhandbok_Late2008.pdf-Norge-Norvege

Apple-Pages09_Brukerhandbok.pdf-Norge-Norvege

Apple-MacBook_13inch_Late2009_UG_H.pdf-Norge-Norvege

Apple-iPhone_3GS_Viktig_produktinformasjon.pdf-Norge-Norvege

Apple-MacBook_13inch_Aluminum_Late2008_H.pdf-Norge-Norvege

Apple-Wireless_Keyboard_Aluminum_2007_H-Norge-Norvege

Apple-NiPod_photo_Brukerhandbok_N0190269.pdf-Norge-Norvege

Apple-MacBook_Pro_13inch_Mid2010_H.pdf-Norge-Norvege

Apple-MacBook_Pro_17inch_Mid2010_H.pdf-Norge-Norvege

Apple-Velkommen_til_Snow_Leopard.pdf-Norge-Norvege.htm

Apple-TimeCapsule_Klargjoringsoversikt.pdf-Norge-Norvege

Apple-iPhone_3GS_Hurtigstart.pdf-Norge-Norvege

Apple-Snow_Leopard_Installeringsinstruksjoner.pdf-Norge-Norvege

Apple-iMacG5_iSight_UG.pdf-Norge-Norvege

Apple-iPod_Handbok_S0342141.pdf-Norge-Norvege

Apple-ipad_brukerhandbok.pdf-Norge-Norvege

Apple-GE_Money_Bank_Handlekonto.pdf-Norge-Norvege

Apple-MacBook_Air_11inch_Late2010_UG_H.pdf-Norge-Norvege

Apple-iPod_nano_6thgen_Brukerhandbok.pdf-Norge-Norvege

Apple-iPod_touch_iOS4_Brukerhandbok.pdf-Norge-Norvege

Apple-MacBook_Air_13inch_Late2010_UG_H.pdf-Norge-Norvege

Apple-MacBook_Pro_15inch_Early2011_H.pdf-Norge-Norvege

Apple-Numbers09_Brukerhandbok.pdf-Norge-Norvege

Apple-Welcome_to_Leopard.pdf-Japon

Apple-PowerMacG5_UserGuide.pdf-Norge-Norvege

Apple-iPod_touch_2.1_Brukerhandbok.pdf-Norge-Norvege

Apple-Boot_Camp_Installering-klargjoring.pdf-Norge-Norvege

Apple-MacOSX10.3_Welcome.pdf-Norge-Norvege

Apple-iPod_shuffle_3rdGen_UG_H.pdf-Norge-Norvege

Apple-iPhone_4_Viktig_produktinformasjon.pdf-Norge-Norvege

Apple_TV_Klargjoringsoversikt.pdf-Norge-Norvege

Apple-iMovie_08_Komme_i_gang.pdf-Norge-Norvege

Apple-iPod_classic_160GB_Brukerhandbok.pdf-Norge-Norvege

Apple-Boot_Camp_Installering_10.6.pdf-Norge-Norvege

Apple-Network-Services-Location-Manager-Veiledning-for-nettverksadministratorer-Norge-Norvege

Apple-iOS_Business_Mar12_FR.pdf

Apple-PCIDualAttachedFDDICard.pdf

Apple-Aperture_Installing_Your_Software_f.pdf

Apple-User_Management_Admin_v10.4.pdf

Apple-Compressor-4-ユーザーズマニュアル Japon

Apple-Network_Services_v10.4.pdf

Apple-iPod_2ndGen_USB_Power_Adapter-DE

Apple-Mail_Service_v10.4.pdf

Apple-AirPort_Express_Opstillingsvejledning_5.1.pdf

Apple-MagSafe_Airline_Adapter.pdf

Apple-L-Apple-Multiple-Scan-20-Display

Apple-Administration_du_service_de_messagerie_10.5.pdf

Apple-System_Image_Admin.pdf

Apple-iMac_Intel-based_Late2006.pdf-Japon

Apple-iPhone_3GS_Finger_Tips_J.pdf-Japon

Apple-Power-Mac-G4-Mirrored-Drive-Doors-Japon

Apple-AirMac-カード取り付け手順-Japon

Apple-iPhone開発ガイド-Japon

Apple-atadrive_pmg4mdd.j.pdf-Japon

Apple-iPod_touch_2.2_User_Guide_J.pdf-Japon

Apple-Mac_OS_X_Server_v10.2.pdf

Apple-AppleCare_Protection_Plan_for_Apple_TV.pdf

Apple_Component_AV_Cable.pdf

Apple-DVD_Studio_Pro_4_Installation_de_votre_logiciel

Apple-Windows_Services

Apple-Motion_3_New_Features_F

Apple-g4mdd-fw800-lowerfan

Apple-MacOSX10.3_Welcome

Apple-Print_Service

Apple-Xserve_Setup_Guide_F

Apple-PowerBookG4_17inch1.67GHzUG

Apple-iMac_Intel-based_Late2006

Apple-Installation_de_votre_logiciel

Apple-guide_des_fonctions_de_l_iPod_nano

Apple-Administration_de_serveur_v10.5

Apple-Mac-OS-X-Server-Premiers-contacts-Pour-la-version-10.3-ou-ulterieure

Apple-boot_camp_install-setup

Apple-iBookG3_14inchUserGuideMultilingual

Apple-mac_pro_server_mid2010_ug_f

Apple-Motion_Supplemental_Documentation

Apple-imac_mid2011_ug_f

Apple-iphone_guide_de_l_utilisateur

Apple-macbook_air_11inch_mid2011_ug_fr

Apple-NouvellesfonctionnalitesdeLogicExpress7.2

Apple-QT_Streaming_Server

Apple-Web_Technologies_Admin

Apple-Mac_Pro_Early2009_4707_UG

Apple-guide_de_l_utilisateur_de_Numbers08

Apple-Decouverte_d_Aperture_2

Apple-Guide_de_configuration_et_d'administration

Apple-mac_integration_basics_fr_106.

Apple-iPod_shuffle_4thgen_Guide_de_l_utilisateur

Apple-ARA_Japan

Apple-081811_APP_iPhone_Japanese_v5.4.pdf-Japan

Apple-Recycle_Contract120919.pdf-Japan

Apple-World_Travel_Adapter_Kit_UG

Apple-iPod_nano_6thgen_User_Guide

Apple-RemoteSupportJP

Apple-Mac_mini_Early2009_UG_F.pdf-Manuel-de-l-utilisateur

Apple-Compressor_3_Batch_Monitor_User_Manual_F.pdf-Manuel-de-l-utilisateur

Apple-Premiers__contacts_avec_iDVD_08

Apple-Mac_mini_Intel_User_Guide.pdf

Apple-Prise_en_charge_des_surfaces_de_controle_Logic_Express_8

Apple-mac_integration_basics_fr_107.pdf

Apple-Final-Cut-Pro-7-Niveau-1-Guide-de-preparation-a-l-examen

Apple-Logic9-examen-prep-fr.pdf-Logic-Pro-9-Niveau-1-Guide-de-preparation-a-l-examen

Apple-aperture_photography_fundamentals.pdf-Manuel-de-l-utilisateu

Apple-emac-memory.pdf-Manuel-de-l-utilisateur

Apple-Apple-Installation-et-configuration-de-votre-Power-Mac-G4

Apple-Guide_de_l_administrateur_d_Xsan_2.pdf

Apple-premiers_contacts_avec_imovie6.pdf

Apple-Tiger_Guide_Installation_et_de_configuration.pdf

Apple-Final-Cut-Pro-7-Level-One-Exam-Preparation-Guide-and-Practice-Exam

Apple-Open_Directory.pdf

Apple-Nike_+_iPod_User_guide

Apple-ard_admin_guide_2.2_fr.pdf

Apple-systemoverviewj.pdf-Japon

Apple-Xserve_TO_J070411.pdf-Japon

Apple-Mac_Pro_User_Guide.pdf

Apple-iMacG5_iSight_UG.pdf

Apple-premiers_contacts_avec_iwork_08.pdf

Apple-services_de_collaboration_2e_ed_10.4.pdf

Apple-iPhone_Bluetooth_Headset_Benutzerhandbuch.pdf

Apple-Guide_de_l_utilisateur_de_Keynote08.pdf

APPLE/Apple-Logic-Pro-9-Effectsrfr.pdf

Apple-Logic-Pro-9-Effectsrfr.pdf

Apple-iPod_shuffle_3rdGen_UG_F.pdf

Apple-iPod_classic_160Go_Guide_de_l_utilisateur.pdf

Apple-iBookG4GettingStarted.pdf

Apple-Administration_de_technologies_web_10.5.pdf

Apple-Compressor-4-User-Manual-fr

Apple-MainStage-User-Manual-fr.pdf

Apple-Logic_Pro_8.0_lbn_j.pdf

Apple-PowerBookG4_15inch1.67-1.5GHzUserGuide.pdf

Apple-MacBook_Pro_15inch_Mid2010_CH.pdf

Apple-LED_Cinema_Display_27-inch_UG.pdf

Apple-MacBook_Pro_15inch_Mid2009_RS.pdf

Apple-macbook_pro_13inch_early2011_f.pdf

Apple-iMac_Mid2010_UG_BR.pdf

Apple-iMac_Late2009_UG_J.pdf

Apple-iphone_user_guide-For-iOS-6-Software

Apple-iDVD5_Getting_Started.pdf

Apple-guide_des_fonctionnalites_de_l_ipod_touch.pdf

Apple_iPod_touch_User_Guide

Apple_macbook_pro_13inch_early2011_f

Apple_Guide_de_l_utilisateur_d_Utilitaire_RAID

Apple_Time_Capsule_Early2009_Setup_F

Apple_iphone_4s_finger_tips_guide_rs

Apple_iphone_upute_za_uporabu

Apple_ipad_user_guide_ta

Apple_iPod_touch_User_Guide

apple_earpods_user_guide

apple_iphone_gebruikershandleiding

apple_iphone_5_info

apple_iphone_brukerhandbok

apple_apple_tv_3rd_gen_setup_tw

apple_macbook_pro-retina-mid-2012-important_product_info_ch

apple_Macintosh-User-s-Guide-for-Macintosh-PowerBook-145

Apple_ipod_touch_user_guide_ta

Apple_TV_2nd_gen_Setup_Guide_h

Apple_ipod_touch_manual_del_usuario

Apple_iphone_4s_finger_tips_guide_tu

Apple_macbook_pro_retina_qs_th

Apple-Manuel_de_l'utilisateur_de_Final_Cut_Server

Apple-iMac_G5_de_lutilisateur

Apple-Cinema_Tools_4.0_User_Manual_F

Apple-Personal-LaserWriter300-User-s-Guide

Apple-QuickTake-100-User-s-Guide-for-Macintosh

Apple-User-s-Guide-Macintosh-LC-630-DOS-Compatible

Apple-iPhone_iOS3.1_User_Guide

Apple-iphone_4s_important_product_information_guide

Apple-iPod_shuffle_Features_Guide_F

Liste-documentation-apple

Apple-Premiers_contacts_avec_iMovie_08

Apple-macbook_pro-retina-mid-2012-important_product_info_br

Apple-macbook_pro-13-inch-mid-2012-important_product_info

Apple-macbook_air-11-inch_mid-2012-qs_br

Apple-Manuel_de_l_utilisateur_de_MainStage

Apple-Compressor_3_User_Manual_F

Apple-Color_1.0_User_Manual_F

Apple-guide_de_configuration_airport_express_4.2

Apple-TimeCapsule_SetupGuide

Apple-Instruments_et_effets_Logic_Express_8

Apple-Manuel_de_l_utilisateur_de_WaveBurner

Apple-Macmini_Guide_de_l'utilisateur

Apple-PowerMacG5_UserGuide

Disque dur, ATA parallèle Instructions de remplacement

Apple-final_cut_pro_x_logic_effects_ref_f

Apple-Leopard_Installationshandbok

Manuale Utente PowerBookG4

Apple-thunderbolt_display_getting_started_1e

Apple-Compressor-4-Benutzerhandbuch

Apple-macbook_air_11inch_mid2011_ug

Apple-macbook_air-mid-2012-important_product_info_j

Apple-iPod-nano-Guide-des-fonctionnalites

Apple-iPod-nano-Guide-des-fonctionnalites

Apple-iPod-nano-Guide-de-l-utilisateur-4eme-generation

Apple-iPod-nano-Guide-de-l-utilisateur-4eme-generation

Apple-Manuel_de_l_utilisateur_d_Utilitaire_de_reponse_d_impulsion

Apple-Aperture_2_Raccourcis_clavier

AppleTV_Setup-Guide

Apple-livetype_2_user_manual_f

Apple-imacG5_17inch_harddrive

Apple-macbook_air_guide_de_l_utilisateur

Apple-MacBook_Early_2008_Guide_de_l_utilisateur

Apple-Keynote-2-Guide-de-l-utilisateur

Apple-PowerBook-User-s-Guide-for-PowerBook-computers

Apple-Macintosh-Performa-User-s-Guide-5200CD-and-5300CD

Apple-Macintosh-Performa-User-s-Guide

Apple-Workgroup-Server-Guide

Apple-iPod-nano-Guide-des-fonctionnalites

Apple-iPad-User-Guide-For-iOS-5-1-Software

Apple-Boot-Camp-Guide-d-installation-et-de-configuration

Apple-iPod-nano-Guide-de-l-utilisateur-4eme-generation

Power Mac G5 Guide de l’utilisateur APPLE

Guide de l'utilisateur PAGE '08 APPLE

Guide de l'utilisateur KEYNOTE '09 APPLE

Guide de l'Utilisateur KEYNOTE '3 APPLE

Guide de l'Utilisateur UTILITAIRE RAID

Guide de l'Utilisateur Logic Studio

Power Mac G5 Guide de l’utilisateur APPLE

Guide de l'utilisateur PAGE '08 APPLE

Guide de l'utilisateur KEYNOTE '09 APPLE

Guide de l'Utilisateur KEYNOTE '3 APPLE

Guide de l'Utilisateur UTILITAIRE RAID

Guide de l'Utilisateur Logic Studio

Guide de l’utilisateur ipad Pour le logiciel iOS 5.1

PowerBook G4 Premiers Contacts APPLE

Guide de l'Utilisateur iphone pour le logiciel ios 5.1 APPLE

Guide de l’utilisateur ipad Pour le logiciel iOS 4,3

Guide de l’utilisateur iPod nano 5ème génération

Guide de l'utilisateur iPod Touch 2.2 APPLE

Guide de l’utilisateur QuickTime 7  Mac OS X 10.3.9 et ultérieur Windows XP et Windows 2000

Guide de l'utilisateur MacBook 13 pouces Mi 2010

Guide de l’utilisateur iPhone (Pour les logiciels iOS 4.2 et 4.3)

Guide-de-l-utilisateur-iPod-touch-pour-le-logiciel-ios-4-3-APPLE

Guide-de-l-utilisateur-iPad-2-pour-le-logiciel-ios-4-3-APPLE

Guide de déploiement en entreprise iPhone OS

Guide-de-l-administrateur-Apple-Remote-Desktop-3-1

Guide-de-l-utilisateur-Apple-Xserve-Diagnostics-Version-3X103

Guide-de-configuration-AirPort-Extreme-802.11n-5e-Generation

Guide-de-configuration-AirPort-Extreme-802-11n-5e-Generation

Guide-de-l-utilisateur-Capteur-Nike-iPod

Guide-de-l-utilisateur-iMac-21-5-pouces-et-27-pouces-mi-2011-APPLE

Guide-de-l-utilisateur-Apple-Qadministrator-4

Guide-d-installation-Apple-TV-3-eme-generation

User-Guide-iPad-For-ios-5-1-Software

Apple Remote Desktop Administrator’s Guide Version 3K Apple Computer, Inc. © 2006 Apple Computer, Inc. All rights reserved. The owner or authorized user of a valid copy of Apple Remote Desktop software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid for support services. The Apple logo is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AirPort, AppleScript, AppleTalk, AppleWorks, FireWire, iBook, iMac, iSight, Keychain, Mac, Macintosh, Mac OS, PowerBook, QuickTime, and Xserve are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. Apple Remote Desktop, Bonjour, eMac, Finder, iCal, and Safari are trademarks of Apple Computer, Inc. Adobe and Acrobat are trademarks of Adobe Systems Incorporated. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. 019-0629/02-28-06 3 3 Contents Preface 9 About This Book 10 Using This Guide 10 Remote Desktop Help 10 Notation Conventions 11 Where to Find More Information About Apple Remote Desktop Chapter 1 13 Using Apple Remote Desktop 13 Administering Computers 15 Deploying Software 18 Taking Inventory 21 Housekeeping 22 Supporting Users 23 Providing Help Desk Support 25 Interacting with Students 26 Finding More Information Chapter 2 28 Getting to Know Remote Desktop 28 Remote Desktop Human Interface Guide 29 Remote Desktop Main Window 31 Task Dialogs 32 Control and Observe Window 33 Multiple-Client Observe Window 34 Report Window 35 Changing Report Layout 36 Configuring Remote Desktop 36 Customizing the Remote Desktop Toolbar 36 Setting Preferences for the Remote Desktop Administrator Application 37 Interface Tips and Shortcuts Chapter 3 39 Installing Apple Remote Desktop 39 System Requirements for Apple Remote Desktop 40 Network Requirements 40 Installing the Remote Desktop Administrator Software 41 Setting Up an Apple Remote Desktop Client Computer for the First Time4 Contents 41 Upgrading the Remote Desktop Administrator Software 42 Upgrading the Client Software 42 Method #1—Remote Upgrade Installation 43 Method #2—Manual Installation 43 Upgrading Apple Remote Desktop Clients Using SSH 44 Creating a Custom Client Installer 46 Considerations for Managed Clients 46 Removing or Disabling Apple Remote Desktop 46 Uninstalling the Administrator Software 47 Disabling the Client Software 48 Uninstalling the Client Software from Client Computers Chapter 4 49 Organizing Client Computers Into Computer Lists 49 Finding and Adding Clients to Apple Remote Desktop Computer Lists 50 Finding Clients by Searching the Local Network 50 Finding Clients by Searching a Network Range 51 Finding Clients by Network Address 52 Finding Clients by File Import 52 Making a New Scanner 53 Making and Managing Lists 53 About Apple Remote Desktop Computer Lists 54 Creating an Apple Remote Desktop Computer List 54 Deleting Apple Remote Desktop Lists 54 Creating a Smart Computer List 55 Editing a Smart Computer List 55 Creating a List of Computers of from Existing Computer Lists 56 Importing and Exporting Computer Lists 56 Transferring Computer Lists from Apple Remote Desktop 3 to a New Administrator Computer 57 Transferring Remote Desktop 2 Computer Lists to a New Remote Desktop 3 Administrator Computer 57 Transferring Old v1.2 Computer Lists to a New Administrator Computer Chapter 5 59 Understanding and Controlling Access Privileges 59 Apple Remote Desktop Administrator Access 61 Setting Apple Remote Desktop Administrator Access Authorization and Privileges Using Local Accounts 62 Apple Remote Desktop Administrator Access Using Directory Services 62 Creating Administrator Access Groups 65 Enabling Directory Services Group Authorization 65 Apple Remote Desktop Guest Access 66 Apple Remote Desktop Nonadministrator Access 67 Virtual Network Computing AccessContents 5 68 Command-Line SSH Access 68 Managing Client Administration Settings and Privileges 69 Getting an Administration Settings Report 69 Changing Client Administrator Privileges Chapter 6 71 Setting Up the Network and Maintaining Security 71 Setting Up the Network 72 Using Apple Remote Desktop with Computers in an AirPort Wireless Network 73 Getting the Best Performance 73 Maintaining Security 75 Remote Desktop Authentication and Data Transport Encryption 75 Encrypting Observe and Control Network Data 76 Encrypting Network Data During Copy Items and Install Packages Tasks Chapter 7 77 Interacting with Users 78 Controlling 78 Controlling Apple Remote Desktop Clients 79 Control Window Options 80 Switching the Control Window Between Full Size And Fit-To-Window 80 Switching Between Control and Observe Modes 80 Sharing Control with a User 81 Hiding a User’s Screen While Controlling 81 Capturing the Control Window to a File 81 Switching Control Session Between Full Screen and In a Window 82 Sharing Clipboards for Copy and Paste 82 Controlling VNC Servers 83 Setting up a Non–Mac OS X VNC Server 84 VNC Control Options 85 Configuring an Apple Remote Desktop Client to be Controlled by a VNC Viewer 85 Observing 87 Changing Observe Settings While Observing 88 Changing Screen Titles While Observing 88 Viewing a User’s Account Picture While Observing 88 Viewing a Computer’s System Status While at the Observe Window 90 Shortcuts in the Multiple Screen Observe Window 90 Observing a Single Computer 91 Observing Multiple Computers 91 Observing a Computer in Dashboard 92 Sending Messages 92 Sending One-Way Messages 92 Interactive Chat 93 Viewing Attention Requests 93 Sharing Screens6 Contents 93 Sharing a Screen with Client Computers 94 Monitoring a Screen Sharing Tasks 94 Interacting with Your Apple Remote Desktop Administrator 94 Requesting Administrator Attention 95 Canceling an Attention Request 95 Changing Your Observed Client Icon Chapter 8 96 Administering Client Computers 96 Keeping Track of Task Progress and History 97 Enabling a Task Notification Script 98 Getting Active Task Status 98 Using the Task Feedback Display 98 Stopping a Currently Running Task 99 Getting Completed Task History 99 Saving a Task for Later Use 100 Creating and Using Task Templates 101 Editing a Saved Task 101 Installing Software Using Apple Remote Desktop 101 Installing by Package and Metapackage 103 Installing Software on Offline Computers 104 Installing by Using the Copy Items Command 104 Using Installers from Other Companies 105 Upgrading Software 106 Copying Files 107 Copy Options 108 Copying from Administrator to Clients 109 Copying Using Drag and Drop 110 Restoring Items from a Master Copy 111 Creating Reports 111 Collecting Report Data 112 Using a Task Server for Report Data Collection 113 Report Database Recommendations and Bandwidth Usage 114 Auditing Client Usage Information 116 Finding Files, Folders, and Applications 118 Comparing Software 119 Auditing Hardware 124 Testing Network Responsiveness 125 Exporting Report Information 126 Using Report Windows to Work with Computers 127 Maintaining Systems 127 Deleting Items 128 Emptying the Trash 128 Setting the Startup DiskContents 7 129 Renaming Computers 129 Synchronizing Computer Time 130 Setting Computer Audio Volume 131 Repairing File Permissions 131 Adding Items to the Dock 132 Changing Energy Saver Preferences 133 Changing Sharing Preferences for Remote Login 133 Setting Printer Preferences 135 Managing Computers 135 Opening Files and Folders 136 Opening Applications 137 Quitting Applications Without Logging Out the User 137 Putting a Computer to Sleep 138 Waking Up a Computer 138 Locking a Computer Screen 139 Displaying a Custom Picture on a Locked Screen 139 Unlocking a Computer Screen 140 Disabling a Computer Screen 140 Logging In a User at the Login Window 141 Logging Out the Current User 141 Restarting a Computer 142 Shutting Down a Computer 143 UNIX Shell Commands 143 Send UNIX Command Templates 145 Executing a Single UNIX Command 145 Executing Scripts Using Send UNIX Command 147 Built-in Command-Line Tools 152 Automating Functions 152 Setting the Client’s Data Reporting Policy 153 Creating a Template Data Reporting Policy 154 Designating the Task Server and Setting the Report Data Collection Location 155 Scheduled Tasks 156 Using AppleScript with Remote Desktop 159 Using Automator with Remote Desktop Appendix A 161 Icon and Port Reference 161 Client Status Icons 161 Apple Remote Desktop Status Icons 162 List Menu Icons 162 Task Status Icons 163 System Status Icons (Basic) 163 System Status Icons (Detailed) 164 TCP and UDP Port Reference8 Contents Appendix B 165 Report Field Definitions Reference 165 System Overview Report 167 Storage Report 169 USB Devices Report 169 FireWire Devices Report 169 Memory Report 169 PCI Cards Report 170 Network Interfaces Report 172 Network Test Report 172 Administration Settings Report 173 Application Usage Report 173 User History Report Appendix C 174 AppleScript Remote Desktop Suite 174 Classes and Commands for the Remote Desktop Application. Appendix D 180 PostgreSQL Schema Sample Index 182 9 Preface About This Book What Is Apple Remote Desktop? Apple Remote Desktop is easy-to-use, powerful, open standards-based, desktop management software for all your networked Macs. IT professionals can remotely control and configure systems, install software, offer interactive online help to end users, and assemble detailed software and hardware reports for an entire Mac network. You can use Apple Remote Desktop to:  Manage client computers and maintain, update, and distribute software  Collect more than 200 system-information attributes for any Mac on your network  Store the results in an SQL database and view the information using any of several hardware or software reports  Control and manage multiple computer systems simultaneously, making shutdown, restart, and sending UNIX commands fast and easy  Provide help and remote assistance to users when they encounter problems  Interact with users by sending text messages, observing and controlling users’ screens, and sharing their screens with other client users You can use Apple Remote Desktop to manage your client systems. IT administrators use Remote Desktop in education and business to simplify and empower the management of their organizations computer assets. For system administrators, Apple Remote Desktop can be used to administer large numbers of servers, like a virtual Keyboard-Video-Mouse (KVM) sharing unit. In computer administration environments, it’s the ideal solution for managing remote systems, reducing administration costs, and increasing productivity. Apple Remote Desktop can also be used by educators to facilitate instruction in computer labs or one-on-one learning initiatives. Used in a classroom, Apple Remote Desktop enhances the learning experience and allows teachers to monitor and control students’ computers.10 Preface About This Book Using This Guide The Apple Remote Desktop Administrator’s Guide contains chapters to help you use Remote Desktop. It contains overviews and explanations about Apple Remote Desktop’s features and commands. It also explains how to install and configure Apple Remote Desktop on clients, how to administer client computers, and how to use Remote Desktop to interact with computer users. This guide is provided on the Apple Remote Desktop installation disc and on the Apple Remote Desktop support website as a fully searchable, bookmarked PDF file. You can use Apple’s Preview application or Adobe (Acrobat) Reader to browse the contents of this guide as well as search for specific terms, features, or tasks. Remote Desktop Help Remote Desktop Help is available using Help Viewer. To open Remote Desktop Help, choose Help > Remote Desktop Help. The help files contain the same information found in this guide, and are useful when trying to accomplish a task when this guide is unavailable. Additionally, the Remote Desktop Help contains new information, corrections, and latebreaking information about Apple Remote Desktop. The most up-to-date information is available through Remote Desktop Help before it’s available on the web as an updated PDF file. Notation Conventions This guide and Remote Desktop Help contain step-by-step procedures to help you use Remote Desktop’s commands effectively. In many tasks shown in this manual and in Remote Desktop Help, you need to choose menu commands, which look like this: Choose Edit > Clear. The first term after Choose is the name of a menu in the Remote Desktop menu bar. The next term (or terms) are the items you choose from that menu.Preface About This Book 11 Terminal Command Conventions Commands or command parameters that you might type, along with other text that normally appears in a Terminal window, are shown in this font. For example: You can use the doit command to get things done. When a command is shown on a line by itself as you might type it in a Terminal window, it follows a dollar sign that represents the shell prompt. For example: $ doit To use this command, type “doit” without the dollar sign at the command prompt in a Terminal window, then press the Return key. Where to Find More Information About Apple Remote Desktop For additional information related to Apple Remote Desktop, try these resources. You’ll find more information in the Apple Remote Desktop Read Me file and on the Apple Remote Desktop website: www.apple.com/remotedesktop/ You can find the most recent edition of the Apple Remote Desktop Administrator’s Guide at:  the Apple Server Division Documentation page www.apple.com/server/documentation/  the Remote Desktop section of Apple.com, and www.apple.com/remotedesktop/  the Help Menu in the Remote Desktop application Notation Indicates monospaced font A command or other Terminal text $ A shell prompt [text_in_brackets] An optional parameter (one|other) Alternative parameters (type one or the other) underlined A parameter you must replace with a value [...] A parameter that may be repeated A displayed value that depends on your configuration or settings12 Preface About This Book The Apple Remote Desktop Support website provides a database of technical articles about product issues, use, and implementation: www.apple.com/support/remotedesktop/ To provide feedback about Apple Remote Desktop, visit the feedback page: www.apple.com/feedback/remotedesktop.html For details about how to join the Apple Remote Desktop Mailing list, visit: lists.apple.com/mailman/listinfo/remote-desktop/ To share information and learn from others in online discussions, visit the Apple Remote Desktop Discussions Forum: discussions.info.apple.com/appleremotedesktop/ For more information about PostgreSQL go to: www.postgresql.org For more information about using Apple products for IT professionals go to: apple.com/itpro/1 13 1 Using Apple Remote Desktop Apple Remote Desktop helps you keep Macintosh computers and the software running on them up to date and trouble free. And it lets you interact directly with Macintosh users to provide instructional and troubleshooting support. This chapter describes the main aspects of Apple Remote Desktop’s administration and user interaction capabilities and tells you where to find complete instructions for using them. Administering Computers Apple Remote Desktop lets you perform a wide range of client hardware and software administrative activities remotely, from an administrator computer (a computer on which administrator software resides):  Keep users’ software up to date by using Apple Remote Desktop to deploy software and related files to client computers.  Create reports that inventory the characteristics of client computer software and hardware.  Use Apple Remote Desktop’s remote administration capabilities to perform housekeeping tasks for client computers.14 Chapter 1 Using Apple Remote Desktop You can administer client computers individually, but most Apple Remote Desktop features can be used to manage multiple computers at the same time. For example, you may want to install or update the same applications on all the computers in a particular department. Or you may want to share your computer screen to demonstrate a task to a group of users, such as students in a training room. To manage multiple computers with a single action, you define Apple Remote Desktop computer lists. A computer list is a group of computers that you want to administer similarly. Computer lists let you group and organize computers for administration. Setting up computer lists is easy; you simply scan the network or import the identity of computers from files. A particular computer can belong to more than one list, giving you a lot of flexibility for multicomputer management. A computer can be categorized by its type (laptop, desktop), its physical location (building 3, 4th floor), its use (marketing, engineering, computing), and so forth. Once you’ve set up computer lists, you can perform most of the computer administration activities described next for groups of client computers. Marketing department Engineering departmentChapter 1 Using Apple Remote Desktop 15 Deploying Software Apple Remote Desktop lets you distribute software and related files to client computers from your Apple Remote Desktop administrator computer or from a computer running Mac OS X Server. Distributing Installer Packages You can distribute and automatically install packages in .pkg and .mpkg formats. Apple Remote Desktop lets you install software and software updates on one or more client computers without user interaction or interruption, or even if no user is logged in. After installation, Apple Remote Desktop erases the installer files. If the computers need to be restarted, as they do following an operating system update, you can restart them from Apple Remote Desktop. Xserve cluster node Marketing department Engineering department Deploy configuration files Deploy drag-and-drop application folders Deploy install packages (.pkg or .mpkg) Network install images NetBoot images Deploy UNIX shell scripts Set startup partition Administrator computer Mac OS X Server16 Chapter 1 Using Apple Remote Desktop For example, you can use Apple Software Update to download an iCal update or an operating system update to a test computer. If the update works as expected and introduces no compatibility issues, copy the installer package to the administrator computer to distribute to computers that need upgrading. Note that this approach conserves Internet bandwidth, because only one copy of the package needs to be downloaded. You can also use Apple Remote Desktop to deploy new versions of computational software to Xserve computers in a cluster node. You can use the PackageMaker tool (included on the Apple Remote Desktop installation CD and with Apple’s developer tools) to create your own installer packages, such as when you want to:  Distribute school project materials or business forms and templates  Automate the installation of multiple installer packages  Deploy custom applications Before performing remote installations, you can send an Apple Remote Desktop text message to notify users, perhaps letting them know that you’ll be using Apple Remote Desktop to lock their screens at a particular time before you start the installation. Using Network Install Images You can also distribute and install software, including the Mac OS X operating system, by using Network Install images. On Mac OS X Server, use the Network Image Utility to create a Network Install image. You can create the image by cloning a system that’s already installed and set up, or by using an installation disc or an image downloaded using Apple Software Update. If you choose to auto-install, you won’t have to interact with each computer. On the Apple Remote Desktop administrator computer, set the startup disk of remote client systems to point to the Network Install image, and then remotely reboot the clients to initiate installation. Before initiating installations that require computers to be restarted afterwards, send an Apple Remote Desktop text message to client users to notify them of a pending installation. For example, tell users you’ll log them off at 5:00 p.m. to install an operating system update. Using NetBoot Images Another kind of system image you can create using Mac OS X Server is a NetBoot image. Like a Network Install image, a client computer uses NetBoot images to start up. Unlike a Network Install image, the boot software is not installed on the client system. Instead, it resides on a remote server. It is recommended you use a NetBoot image that has Apple Remote Desktop installed and configured. Otherwise, administering the computer using Apple Remote Desktop after starting up from NetBoot is impossible.Chapter 1 Using Apple Remote Desktop 17 Client computers that boot from a NetBoot image get a fresh system environment every time they start up. For this reason, using NetBoot images is useful when a particular computer is shared by several users who require different work environments or refreshed work environments, or when you want to start a new experiment or use a different computing environment in a cluster node. You can use Apple Remote Desktop to set the startup disks of client systems to point to the NetBoot image, and then restart the systems remotely using Apple Remote Desktop. Users can also choose a NetBoot image for startup by using the Startup Disk pane of System Preferences. With just a few clicks you can reconfigure all the computers in a lab or cluster without having to manually restart and configure each computer individually. Distributing Preference Files Managed computers often require a standard set of preferences for each instance of an application. Use Apple Remote Desktop to distribute preference files when you need to replace or update a application preferences. For example, you can copy a standardized preference file to the currently logged in user’s Library/Preferences folder. Using UNIX Shell Scripts You can use Apple Remote Desktop to distribute and run UNIX shell scripts on client computers. For example, a script can mount an AFP server volume, from which it downloads a disk image to client computers. The script might also download an installer package and then perform a command-line installation. On an Xserve in a cluster node, you could also run a script that mounts an Xserve RAID disk designed for high throughput and then downloads large data sets for processing. You can also use Apple Remote Desktop to distribute AppleScript files that automate PDF workflows, or job instructions for computational clusters. Distributing Drag-and-Drop Applications You can distribute and install self-contained (drag-and-drop) applications by copying them to one or more client computers. Use this approach, for example, to distribute application updates. Verifying Installations To check whether an installation has been completed successfully, use Apple Remote Desktop’s remote control capabilities. For example, you can start an application remotely, or search for particular files. You can also use the File Search report to verify that all files for an application are installed correctly.18 Chapter 1 Using Apple Remote Desktop Taking Inventory Apple Remote Desktop lets you capture data describing the attributes of client computers, then generate reports based on the data. You specify how often you want to capture data, the data you want to capture, and the computers you want to profile. You can collect data just before generating a report if you need up-to-the-minute information. Or you can schedule data to be collected by Apple Remote Desktop at regular intervals and stored in its built-in SQL (Structured Query Language) database for use on an as-needed basis. You can also specify where you want the database to reside—on the local administrator computer, or on a server where the Apple Remote Desktop administrator software is installed and always running, so data can be captured on an ongoing basis. Using the collected data, Apple Remote Desktop generates reports tailored to your specifications. Xserve cluster node Marketing department Engineering department Administrator computer Mac OS X Server ARD SQL database ARD SQL database SQL toolsChapter 1 Using Apple Remote Desktop 19 File Search Report Use the File Search report to search client systems for specific files and folders and to audit installed applications. This report can help you find out how many copies of a particular application are in use so you don’t violate license agreements. Spotlight File Search Use the Spotlight Search report to search Tiger client systems for specific files and folders. The information in the report is updated as files matching your search change on the client systems. Software Version Report Use the Software Version report to make sure that all users have the latest application versions appropriate for their systems. Software Difference Report Use the Software Difference report to detect application versions that are out of date, nonstandard, or unacceptable for some other reason. Or, you can learn whether a user has installed an application that shouldn’t be installed. System Overview Report The System Overview report makes visible a wide variety of client computer characteristics. Using this report, you can review information about a client’s AirPort setup, computer and display characteristics, devices, network settings, system preferences, printer lists, and key software attributes. There are numerous uses for this report, such as identifying problems or verifying system configurations before installing new software, or determining how many devices of a particular type (such as scanners) are in a particular lab. Hardware Reports Several reports provide details about particular hardware used by client computers— storage, FireWire devices, USB devices, network interfaces, memory, and PCI cards. Use these reports to determine, for example, which computers need more memory, which computer has the fastest processor speed, and how much free space is left on a particular disk. Administration Settings Report Use the Administration Settings report to determine which Apple Remote Desktop administrator privileges are enabled or disabled for you in the Sharing pane of System Preferences on individual client computers. User History Report Use the User History report to show you who has logged in to a client, how they logged in, and for how long.20 Chapter 1 Using Apple Remote Desktop Application Usage Report Use the Application Usage report to find out which applications have been running on your client computers and who ran those applications. Network Test Report A Network Test report helps you measure and troubleshoot the communication between your administrator computer and your client computers. The Network Interfaces report might also help troubleshooting network hardware issues. Use this report to help identify reasons for network communication problems that could affect Apple Remote Desktop. For example, if you’re unable to copy items to particular client computers from the administrator computer, you may find you have a bad connection to the computers. Using this information can help you isolate the problem to a particular cable or hub. Generating Your Own Reports Because the Apple Remote Desktop database is in standard SQL format, you can also use your favorite SQL scripts to query, sort, and analyze the collected data. In addition, you can export data from the database into a file so you can import it for viewing in a different program, such as a spreadsheet application.Chapter 1 Using Apple Remote Desktop 21 Housekeeping Apple Remote Desktop provides several ways to remotely control client computers for housekeeping activities, which you can conduct using one or more Apple Remote Desktop windows. Managing Power State Use Apple Remote Desktop to control the power state of client computers. For example, you may need to have all computers turned off during maintenance of a power generation unit or during a holiday shutdown. You can send an Apple Remote Desktop text message reminding users to shut down their computers at a particular time. Any computers still running when you need to start maintenance can be detected and shut down remotely with Apple Remote Desktop. Xserve cluster node Marketing department Engineering department Administrator computer Execute UNIX shell script Restart/ shutdown/sleep Remote screen control Empty Trash Set startup partition Send text notification Mac OS X Server NetBoot images22 Chapter 1 Using Apple Remote Desktop Locking Computer Screens You can lock the screens of client computers for specified durations when you don’t want the computers to be used. For example, you may need to perform network maintenance and want to make sure computers don’t use the network for a few hours. You can display custom pictures or text messages on locked computer screens to let users know when the computers are available again. Reclaiming Disk Space Periodically empty the Trash on client computers to conserve disk space. Automating Periodic Maintenance Use AppleScript and UNIX shell scripts to automate periodic maintenance, such as checking permissions or deleting log files. Controlling Screens Use Apple Remote Desktop’s remote screen control to perform activities on the desktop of Xserve computers, or use graphical applications on them. Apple Remote Desktop replaces the need for KVM (keyboard-video-mouse) switches for accessing Xserve computers without a monitor attached. You can also remotely control a user’s computer to help determine reasons for slow performance or other problems. Changing Startup Disks Change the startup disk of a client computer to perform diagnostic or troubleshooting activities. For example, start up a computer using a server-based NetBoot image that’s been set up for troubleshooting. When you’re finished, reset the startup disk to the original boot volume. Managing Shared Computers On computers that are shared among users, check for files that need to be deleted, close applications, log users off, or perform other activities needed to prepare computers for the next users. Supporting Users Apple Remote Desktop lets you interact with users from your administrator computer in these ways:  Provide help: respond to users who need help by using Apple Remote Desktop to receive user requests and to remotely diagnose and fix problems.  Interact: conduct instructional interactions with students in a school or corporate training environment—from controlling or observing student screens to sharing your screen with all your students in order to perform a demonstration.Chapter 1 Using Apple Remote Desktop 23 Providing Help Desk Support When a user is having trouble, Apple Remote Desktop provides several ways to interact with the user and his or her computer to diagnose and fix the problem. Requesting Help A user can discreetly notify you of a problem by sending a request for help using an Apple Remote Desktop text message. Users initiate requests using the commands in the menu that appears when they click the Apple Remote Desktop icon in the menu bar. A notification on the administrator computer alerts you to the message, and you can use several techniques to obtain more information and troubleshoot the problem. Chatting with the User Conduct two-way Apple Remote Desktop text communication with the user to obtain more information. Screen Monitoring Use Apple Remote Desktop to observe the user’s screen if you need more details to understand the problem. Marketing department Engineering department Copy items Administrator computer Control, observe, and share screens Use text chat24 Chapter 1 Using Apple Remote Desktop Screen Controlling Use Apple Remote Desktop to control the user’s screen in order to diagnose and fix the problem. You may have unlimited control, or a user can grant you temporary guest access so you can control the computer only during troubleshooting. There are two levels of control available. You can take complete control of the user’s computer, or you can share control of the keyboard and mouse with the user. Screen Sharing If the problem is caused by incorrect actions by the user, share your screen with the user as you demonstrate the correct way to perform the action. Using Reports Use hardware and software reports as diagnostic tools to determine whether the client computer setup is part of the problem. For example, if a user can’t save his or her work, the storage report can help you determine whether it’s a disk space issue. Deploying New Software or Files If software or configuration settings are part of the problem, use Apple Remote Desktop to copy new configuration files, installer packages, or other items to client computers.Chapter 1 Using Apple Remote Desktop 25 Interacting with Students Apple Remote Desktop helps instructors teach more efficiently by letting them interact with student computers individually or as a group. Using Text Messages Send Apple Remote Desktop text messages to communicate with students. For example, notify them that a classroom activity will start soon or that they have ten minutes to finish an examination. Monitoring Student Computers View student computer screens on your computer, so you can monitor student activities or assess how well they’re able to perform a particular task. You can also monitor the applications running on any student’s computer. Sharing Screens Display your screen or a student’s screen on other student computers for training and demonstration purposes. Controlling Screens Show students how to perform tasks by controlling their screens from your computer, opening applications and using files as required. Classroom Administrator computer Observe and share one or multiple screens One-to-one help desk support Broadcast text messages Lock screens Distribute items electronically Open applications or files Control screen Log out students26 Chapter 1 Using Apple Remote Desktop Locking Screens Lock student screens to prevent students from using their computer when you want them to focus on other activities. Terminating Computer Use Remotely log students out or shut down their computers at the end of a class or school day. Distributing and Collecting Files Distribute handouts electronically, at a time that won’t disrupt class activities or when they’re needed for the next class activity, and collect homework files. Automating Website Access Open a webpage on all student computers. Drag a URL from Safari to your desktop, then copy it to student computers and open it in Safari. You can also copy files and open them in the appropriate applications on student computers. Providing One-to-One Assistance Provide help when a student needs it, conducting private and discreet computer-tocomputer interactions. Finding More Information You’ll find detailed instructions for performing the tasks highlighted in this chapter— and more—throughout this manual. To learn more about See information for Starting on page Remote Dekstop interface Window and icon functions page 28 Computer lists Creating computer lists page 49 Apple Remote Desktop administration Administrator privileges Administrator computers page 59 Controlling screens Controlling page 78 Observing screens Observing page 85 Deploying software Installing software Upgrading software page 101 Distributing files Copying files page 106 Taking inventory Data collection options Auditing software Auditing hardware Network responsiveness Customizing reports Exporting report data page 111 Client use reporting User login accounting Application usage page 114Chapter 1 Using Apple Remote Desktop 27 Additional information can be obtained at several Apple websites:  For information about NetBoot and Network Install, download the system imaging administration guide at: www.apple.com/server/documentation  You can find PackageMaker’s documentation at Apple’s Developer Connection: http://developer.apple.com/documentation/DeveloperTools/Conceptual/ SoftwareDistribution/index.html? Housekeeping tasks Deleting items Emptying the Trash Setting startup volumes Renaming computers Sleeping and waking Locking screens Logging users out Restart and shutdown page 127 Automating tasks Configuring data gathering Scheduling tasks Using UNIX shell scripts page 152 To learn more about See information for Starting on page2 28 2 Getting to Know Remote Desktop Remote Desktop is the administrator application for Apple Remote Desktop. Its attractive interface is powerful, yet simple to use. Remote Desktop’s interface is customizable, allowing you to get the information you want quickly, the way you want it. This chapter contains screenshots and short descriptions of Remote Desktop’s interface, as well as detailed instructions for customizing the appearance and preferences of the application. You will learn about:  “Remote Desktop Human Interface Guide” on page 28  “Configuring Remote Desktop” on page 36  “Interface Tips and Shortcuts” on page 37 Remote Desktop Human Interface Guide The following sections give basic information about the human interface of Remote Desktop, Apple Remote Desktop’s administrator application.  “Remote Desktop Main Window” on page 29  “Task Dialogs” on page 31  “Control and Observe Window” on page 32  “Multiple-Client Observe Window” on page 33  “Report Window” on page 34  “Changing Report Layout” on page 35Chapter 2 Getting to Know Remote Desktop 29 Remote Desktop Main Window The main window of Remote Desktop has a customizable toolbar, groups of lists, tasks, and scanners on the left, and the main window area to the right. “List Menu Icons” on page 162 contains icons seen in the list menu of the main window. A All Computers list: The All Computers list is a list of all client computers that you plan to administer. It includes all the clients you have authenticated to, as well as the client computers that you plan to authenticate to. Computers need to be in the All Computers list before you can command or administer them. If you have a 10-client license, the All Computers list can contain only 10 computers. B Apple Remote Desktop computer lists: A list of computers you create to group computers in ways that are convenient for you. Any list is a subset of the client computers in the All Computers list. If you add a computer directly to a computer list, it is added automatically to the All Computers list as well. C Smart computer lists: A smart computer list is a list of computers which is a subset of the client computers in the All Computers list that meet a predetermined criteria. Smart Computer lists update themselves based on your criteria compared to the contents of the All Computers list. D Group folders: Groups are tools to help you organize all your possible lists, tasks, and scanners. Groups look like folders, and can be collapsed to hide the group contents. E Saved tasks: Saved tasks are listed in the left portion of the main window. They have the icon of the type of task and have a user-changeable name. A B C D E F G I H K L J30 Chapter 2 Getting to Know Remote Desktop F Scanner: Scanners find clients to add to the All Computers list. You can make new scanners and customize them for your needs. See “Making a New Scanner” on page 52. G Task server list: This lists tasks delegated to the Task Server, rather than run those run directly from the application. When all the target computers have come online and participated in the task, the task is labeled as complete. H Active tasks list: This list shows all tasks that are currently running or scheduled and uncompleted. I Task history list: The task history list shows a list of most recently run tasks, as defined in the Remote Desktop preferences. You can inspect each task by double-clicking it. Once a task is completed (whether successfully or not) it is moved to the Task History list. J Task status icon: These icons represent the current state of a task. See “Task Status Icons” on page 162. K Client status icon: Icon representing the current state of a client computer. See “Client Status Icons” on page 161. L Customizable toolbar: The toolbar can be fully customized with icons of your most-used Apple Remote Desktop features.Chapter 2 Getting to Know Remote Desktop 31 Task Dialogs When you click a task, a dialog appears to let you set task parameters or confirm the task. A Task type header: This header area shows you the kind of task represented. B Saved task name: When you save a task, you name it for your own use. C Task configuration area: This area is different for every task. It’s where you set operating parameters for the task to be performed. D Participating computers: This area shows you the computers that will be affected by the task. You can add or remove computers in this area without changing computer list membership. E Schedule task button: When you click this button in a task dialog, you can set a time to perform the task as well as repeat the task. See “Scheduled Tasks” on page 155 for more information. F Save task button: When you click this button in a task dialog, you can name and save the task as configured. Saved tasks appear in the left side of Remote Desktop’s main window. G Task templates: This control allows you to save current task configuration settings, or apply previously saved settings to the current task. These templates are stored on a per-task basis. For example, the Send UNIX Commands template pop-up has an extensive list of built-in templates, while other tasks may have none. A B G C D E F32 Chapter 2 Getting to Know Remote Desktop Control and Observe Window This window is the same for both controlling and observing a single client. The only difference is the state of the Observe or Control toggle button. When it’s selected, you have control over the remote client. A Observe or control toggle: When this button is selected, you have control over the remote client. B Share mouse control: When this button is selected, you share mouse control with the user. C Fit screen in window: When this button is selected, the remote client is scaled to the Control window size. D Lock computer screen for control: When this button is selected, the remote client screen shows a lock, and your view allows you to view the client desktop normally. E Capture screen to file: When this button is clicked, the remote client screen is saved to a local file at the selected image quality. F Fit screen to full display: When this button is selected, your display doesn’t show your computer desktop, only that of the remote computer, at full possible resolution. G Get clipboard from client: When this button is clicked, the contents of the remote client Clipboard are transferred to the local Clipboard. A B C D E F G H J IChapter 2 Getting to Know Remote Desktop 33 Multiple-Client Observe Window When you observe many clients at the same time, they all appear in the same window. If you have more computers than will fit in the window, they are divided across several pages. H Send clipboard to the client: When clicked, the remote client Clipboard receives the contents of the local Clipboard. I Image Quality: Adjusts the screen color depth from black and white to millions of colors. J Desktop of Controlled Computer: Resize this window from the lower right corner. A Page Delay: Adjusts the number of seconds before automatically advancing to the next page of screens. B Computers Per Page: Adjusts the number of client screens visible on each page. C Image Quality: Adjusts the screen color depth from black and white to millions of colors. D Display Computer Information: Shows the computer information area, which contains desktop titles, account pictures, and status icons. E Computer title selector: Changes the titles displayed underneath the client screens (you can choose the computer name, IP address, or hostname). F Account picture: Shows the login icon of the currently logged in user. H A B C I G E I D F34 Chapter 2 Getting to Know Remote Desktop Report Window Reports serve as valuable shortcuts when you’re copying files and organizing computer lists. G Computer status: Shows basic computer status beneath each client screen. H Cycle through pages: Manually advances to the next page of screens. I View Options: Reveals the view option controls. J Observed computers: Contains the scaled desktops of the observed client computers. A Report category: Most reports have subcategories to help you find the information you want. In the report window, you switch between the subcategories using these tabs. B Save report to file: Saves the report to a plain text file. C Print: Formats and prints the report window. D Open selected: Opens the item selected in the report. The item opens on the client computer. C B A C B D E FChapter 2 Getting to Know Remote Desktop 35 Changing Report Layout You can customize report layouts for your own purposes. By default, reports include a column for each information type you selected before running the report, in the order presented in the report dialog. The columns in the report are initially sorted by computer name. You can resize or rearrange the columns of a report, as well as sort the rows by column. Additionally, in the File Search report, you can choose what information is displayed about a found item. By default, the item name, kind, parent path, actual size, and modification date are displayed. To change what information is displayed: 1 In the File Search report window, select or deselect each report column as desired. 2 After making your selections, click Generate Report as usual. When the report window appears, you can rearrange the columns or sort by a different column. E Delete selected: Deletes the item selected in the report from the remote computer. F Copy to this computer: Copies selected items to the administrator computer. Report column If checked, will show Name The item name Parent path The path to the folder that the item is in Full path The full file path Extension The file extension indicating the file type (.app, .zip, .jpg) Date modified The last date and time the file was changed and saved Date created The date and time the file was created Actual size Actual file size, in kilobytes or megabytes Size on disk Amount of disk space used by the file, in kilobytes Kind File, folder, or application Invisible A checkmark indicating whether it is visible in the Finder Version number If an application, the version reported Version string If an application, the version reported Owner The item owner’s short name Group The item’s group name Permissions The item’s UNIX permissions (for example, -rw-r--r--) Locked A checkmark indicating whether it is a locked file36 Chapter 2 Getting to Know Remote Desktop Configuring Remote Desktop You can configure the Remote Desktop administrator application to meet your work needs. Remote Desktop has an interface that is both flexible and functional. Customizing the Remote Desktop Toolbar The Remote Desktop application has a fully customizable toolbar, which provides a quick way to perform tasks. To perform a task, just click the appropriate icon in the toolbar. To show or hide the toolbar, click the toolbar button in the upper-right corner of the application window. You can add, remove, or rearrange the task icons in the toolbar to suit your needs. To customize the application toolbar: 1 Choose Window > Customize Toolbar. 2 Drag your favorite toolbar items or the default set of items to the toolbar. To remove an item, drag it from the toolbar. To rearrange items, drag them into the order you prefer. 3 Choose whether to display toolbar items as text, icons, or both. Selecting “Use Small Size” shrinks the items in the toolbar. Setting Preferences for the Remote Desktop Administrator Application In Remote Desktop preferences, you can select options that affect how the administrator application interacts with client computers. To open the Preferences window:  Choose Remote Desktop > Preferences. In the General pane, you can set:  What double-clicking a client computer does (Get Info, Control, Observe, Text Chat)  Whether to show the client idle time  What warnings may appear when quitting the application  A new serial number  A new Remote Desktop application password In the Control & Observe pane, you can set:  Whether a remote screen is shown in a window or a full screen  Whether control of the mouse and keyboard is shared with the client computer when the client is controlled  Whether a remote screen is shown at its actual size in a window or if it shrinks to fit the window In the Task Server pane, you can set:  Whether Remote desktop is using another computer as a Task Server, or whether this copy of Remote Desktop is being used as a Task ServerChapter 2 Getting to Know Remote Desktop 37  Whether other Apple Remote Desktop administrators can access your local Task Server  Whether clients collect user and application tracking data  A saved template for scheduling client reporting policies In the Labels pane, you can set:  Label colors and text for labeling computers In the Tasks pane, you can set:  Whether to automatically change focus to the active task  Whether to execute a notification script on task completion  Limits on task history list contents and time until removed In the Security pane, you can set:  Whether to accept messages from client users  Whether to allow control of the computer while Remote Desktop is active  The default encryption preference for control and observe sessions  The default encryption preference for Copy Items and Install Packages tasks  Which features of Remote Desktop are available to nonadministrator users See “Apple Remote Desktop Nonadministrator Access” on page 66. Interface Tips and Shortcuts There are a number of features of the Remote Desktop interface which make it particularly flexible and powerful. The following lists a few built-in shortcuts to features which can make using Remote Desktop more productive. Computers can be selected from any window Any computer in any window—report windows, task windows, computer lists, observe windows—can be a target for some task. For example, if you are observing 10 computer screens and need to send a text message to one, select the screen with a single click and then choose Interact > Send Text Message. Likewise, if you get a software report on 50 computers and notice that one of the computers is missing some vital piece of software, you can drop that software onto the selected computer within the report window. Treating all windows as possible computer selection lists for tasks may save you lots of time switching between the Remote Desktop window and other windows as you accomplish your work.38 Chapter 2 Getting to Know Remote Desktop Drag and drop works on configuration dialogs Configuration dialogs accept dragged items. Computer lists in the dialogs accept dragged computers. The Copy Items dialog accepts dragged files to copy, without having to browse the file system for them. Save yourself time and effort by dragging available items to dialogs rather than browsing for them. Making lists from reports or other lists You may need to make a list based on the outcome of some report, but you don’t know which computers will need to be included. After getting a report and sorting on the desired column, you can select the computers and make a new list from the selection. If you double-click the list icon, you open another window containing the computers in the list. This is useful for comparing lists, or for using the new window as a source from which to drag computers to other lists. Saved Tasks and Task Templates save you time You may spend a lot of time coming up with the perfect software search to find exactly what you need. You shouldn’t recreate that search every time you need it. Save your tasks, and duplicate them. With a little editing, you can have a number of similar saved tasks for specific uses. Alternatively, you can use task templates to save settings across task dialogs, applying the same settings through various tasks.3 39 3 Installing Apple Remote Desktop To use Apple Remote Desktop, install the administration software on the administrator computer first, and then install and enable the client software on the computers you want to manage. You’ll need your install disc, the serial number, and either the printed Welcome instructions, or these instructions. This chapter describes how to install Apple Remote Desktop for system administration and user interaction and gives complete setup instructions. You can learn about:  “System Requirements for Apple Remote Desktop” on page 39  “Installing the Remote Desktop Administrator Software” on page 40  “Setting Up an Apple Remote Desktop Client Computer for the First Time” on page 41  “Upgrading the Remote Desktop Administrator Software” on page 41  “Upgrading the Client Software” on page 42  “Creating a Custom Client Installer” on page 44  “Considerations for Managed Clients” on page 46  “Removing or Disabling Apple Remote Desktop” on page 46 System Requirements for Apple Remote Desktop Administrator and client computers:  Mac OS X or Mac OS X Server version 10.3.9 or later (Mac OS X version 10.4 or later is required for some features).  Mac OS Extended (HFS+) formatted hard disk.  For observing and controlling other platforms: a system running VNC-compatible server software. NetBoot and Network Install (optional)  Mac OS X Server version 10.3 or 10.4 with NetBoot and Network Install services enabled40 Chapter 3 Installing Apple Remote Desktop Network Requirements  Ethernet (recommended), AirPort, FireWire, or other network connection See “Setting Up the Network” on page 71 for more information. Installing the Remote Desktop Administrator Software To set up Apple Remote Desktop on administrator computers, you install the software on the computer you plan to use to administer remote computers. Then, you open the application setup assistant, and add to the main list of computers. To install Apple Remote Desktop on an administrator computer: 1 Insert the Apple Remote Desktop installation disc. 2 Double-click the Remote Desktop installer package and follow the onscreen instructions. The Remote Desktop application will be installed in the Applications folder. 3 Launch Remote Desktop (in the Applications folder). The Remote Desktop Setup Assistant appears. 4 Enter the serial number. The serial number can be found on the Apple Remote Desktop Welcome document that came with your software. Optionally, enter a registration name and organization. 5 Click Continue. 6 Enter a Remote Desktop application password and verify it. The Remote Desktop application password is used to encrypt names and passwords of client computers for Apple Remote Desktop. You can store this password in your keychain for convenience, or you can require that the password be entered each time you open Remote Desktop. 7 If you have another unlimited-licensed copy of Apple Remote Desktop acting as a Task Server (a dedicated computer running Remote Desktop for report data collection and delegated install tasks), enter the server address and click Continue. 8 Set the default data collection scope and time for newly administered computers. These settings will be stored as the default upload schedule, which can be applied to computers when you add them for administration. For more detailed information, see “Setting the Client’s Data Reporting Policy” on page 152. 9 Click Done. The main application window appears.Chapter 3 Installing Apple Remote Desktop 41 10 Configure some client computers for administration, find them in a scanner, and add them to a computer list. See:  “Setting Up an Apple Remote Desktop Client Computer for the First Time” on page 41  “Finding and Adding Clients to Apple Remote Desktop Computer Lists” on page 49 Setting Up an Apple Remote Desktop Client Computer for the First Time The following section contains information on setting up Apple Remote Desktop 3 on client computers. Since Apple Remote Desktop v1.2 was included with Mac OS X v10.3 computers and Apple Remote Desktop v2.2 was installed with Mac OS X v10.4 computers, all Apple Remote Desktop 3 client installations are upgrade installations, even if you are setting up clients for the first time. See “Upgrading the Client Software” on page 42 for more information. If the Apple Remote Desktop client software was removed from the computer, you can install a fresh copy of the most recent client software by installing Apple Remote Desktop manually. See “Method #2—Manual Installation” on page 43 for more information. If you’re setting up Mac OS X Server for the first time using Server Setup Assistant, you can enable Apple Remote Desktop as one of the initial services. This allows you to administer a server immediately after server software installation by providing Remote Desktop with the user name and password of the default system administrator. Upgrading the Remote Desktop Administrator Software Upgrading Remote Desktop is just like installing it for the first time. The only difference is that the final button in the installer reads “Upgrade” rather than “Install.” The installer upgrades existing software to its latest version, imports previously created lists, and restarts the underlying processes after completion. See “Installing the Remote Desktop Administrator Software” on page 40, for detailed instructions. If you are upgrading from version 1.2 and changing administrator computers, you’ll need to transfer your existing computer lists. See “Transferring Old v1.2 Computer Lists to a New Administrator Computer” on page 57. Be sure to transfer your lists from Apple Remote Desktop v1.2 to the new computer before upgrading to Apple Remote Desktop 3. If you upgrade from version 1.2 to version 3 on the same administrator computer, this list migration is done for you.42 Chapter 3 Installing Apple Remote Desktop Upgrading the Client Software This section contains information on installing Apple Remote Desktop 3 on client computers. Since Apple Remote Desktop client software was automatically included on the clients running Mac OS X v10.3 and v10.4, all Apple Remote Desktop 3 installations are upgrade installations, even if you are setting up clients for the first time. You can only upgrade Apple Remote Desktop v1.x and v2.x computers if they meet the minimum system requirements (see “System Requirements for Apple Remote Desktop” on page 39). Please note that there is no supported “downgrade” to any previous version, and if you upgrade the client computers to version 3, you will not be able to administer them with earlier versions of Remote Desktop. There are two methods to upgrade the client computer’s software. Method #1—Remote Upgrade Installation This method works best with existing clients already configured using a previous version of Apple Remote Desktop. If used with existing administered clients, use Remote Desktop to identify those clients running a previous version. You may then upgrade them to the latest version. The main benefit of this upgrade method is the ease of installation and the retention of previous client settings, if any. This method only works for Apple Remote Desktop 1.2 clients and later. Earlier versions of Apple Remote Desktop like 1.0 must be upgraded to version 1.2 using Mac OS X’s Software Update, or they must be updated manually. See “Method #2—Manual Installation” on page 43 for more information. To upgrade existing client software remotely using Apple Remote Desktop: 1 Enable the existing version of Apple Remote Desktop on the client computers. 2 Configure the clients for administration. See “Setting Apple Remote Desktop Administrator Access Authorization and Privileges Using Local Accounts” on page 61. 3 If the client computers are not in an existing Remote Desktop computer list, find the client computers using an Apple Remote Desktop scanner. See “Finding and Adding Clients to Apple Remote Desktop Computer Lists” on page 49 for more information. 4 Select the client computers to be upgraded. 5 Choose Manage > Upgrade Client Software. 6 Click Upgrade.Chapter 3 Installing Apple Remote Desktop 43 Method #2—Manual Installation This method works best if you have never enabled Apple Remote Desktop on your clients and have an existing software distribution infrastructure. This method also allows for the greatest power and configuration flexibility. Also, if you don’t want Apple Remote Desktop to upgrade your clients using the Upgrade Client Software feature, you can perform a manual upgrade. The custom installer not only installs the needed software but also prepares and configures the client computer for administration and can be configured to add or edit user names and passwords for Apple Remote Desktop authentication. To manually upgrade the client software: 1 Use Remote Desktop to create a client software installer package. For detailed instructions, see “Creating a Custom Client Installer” on page 44. 2 Copy and install the package on the client computers. You need the name and password of a user with administrator privileges on the computer to install the package. There are several ways to do this. For example, you can:  Distribute the package by removable media, such as a CD.  Copy the installer to the clients over the network using file sharing.  Copy the installer to the clients using command-line tools like scp (if ssh is enabled), and use Apple’s command-line installation tool, “installer,” to install the package remotely. This process is described in detail in “Upgrading Apple Remote Desktop Clients Using SSH” on page 43.  Add the custom installer package to a Network Install image, using System Image Utility to automatically include the software and your custom settings when clients install the operating system using Mac OS X Server 10.4’s NetBoot and Network Install features. Upgrading Apple Remote Desktop Clients Using SSH You may not be able to or want to use Remote Desktop to upgrade existing clients to Apple Remote Desktop 3. If the clients have SSH enabled (called Remote Login in System Preferences), and are available on the network, you can still upgrade the client computers. You still need to use Remote Desktop to create a custom installer package. You also need the user name and password of a user with system administrator privileges on the client computer. Warning: Custom install packages that create user names contain sensitive password data. Take care to store such custom installers securely.44 Chapter 3 Installing Apple Remote Desktop To upgrade existing client software using SSH: 1 Create the custom client installer package. For detailed instructions, see “Creating a Custom Client Installer” on page 44. 2 Open the Terminal application (located in /Applications/Utilities/). 3 Copy the installer package to the client computer by typing: $ scp -r @: For other options, see the scp man page. 4 Log in to the client computer by typing: $ ssh @ For other options, see the ssh man page. 5 On the client computer, install the package by typing: $ sudo installer -pkg -target / For other options, see installer man page. Creating a Custom Client Installer To install the Apple Remote Desktop client software on computers, you use the administrator application, Remote Desktop, to create a custom client installer. The custom client installer not only installs the Apple Remote Desktop system software, but can create user names and passwords on the client computer with their Apple Remote Desktop privileges already assigned. You’ll use an assistant to create a custom client installer package. Any values set in the custom installer will apply to all the computers that receive the installation. While creating a custom installer, you will have a chance to create new Apple Remote Desktop administrator user names with passwords, and automatically set Apple Remote Desktop access privileges and preferences. To create the client installer: 1 Open Remote Desktop. 2 Choose File > Create Client Installer. The Custom Installer Setup Assistant appears. 3 Choose to create a custom installer and click Continue. If you choose not to create a custom installer, you can create a basic installer that sets no preferences on the client computer. Warning: Custom installer packages that create user names contain sensitive password data. Take care to store and transmit such custom installers securely.Chapter 3 Installing Apple Remote Desktop 45 4 Click Continue to begin creating a custom installer. 5 Choose whether to start Remote Desktop sharing at system startup. This changes the setting found in the Sharing pane of System Preferences. 6 Choose whether to hide or show the Apple Remote Desktop menu bar icon. 7 Click Continue. 8 Choose whether to create a new user for Apple Remote Desktop login. Click Continue. A new user account can be created to grant Apple Remote Desktop administrator privileges. Creating a new user account does not overwrite existing user accounts or change existing user passwords. If you choose not to create a new user account, skip to step 10 after clicking Continue. 9 Add a new user by clicking Add and filling in the appropriate information. Click OK after adding each user, and click Continue when you’re ready to go on. 10 Choose whether to assign Apple Remote Desktop administrator access privileges to Directory Services groups. If you choose to do so, select “Enable directory-based administration.” See “Apple Remote Desktop Administrator Access Using Directory Services” on page 62 for more information on using this method to grant Apple Remote Desktop administrator access. 11 Choose whether to assign Apple Remote Desktop administrator access privileges to specific users. Click Continue. If you choose not to assign administrator access privileges, skip to step 14. 12 Click Add to designate a user to receive Apple Remote Desktop access privileges. 13 Provide the user’s short name and set the privileges as desired. See “Apple Remote Desktop Administrator Access” on page 59 for more information. Click OK after each user, and click Continue when you’re ready to go on. 14 Choose whether to allow temporary guest control by requesting permission on the client computers. See “Considerations for Managed Clients” on page 46 for more information. 15 Choose whether to allow non–Apple VNC viewers to control the client computers, and click Continue. See “Virtual Network Computing Access” on page 67 for more information. 16 If desired, select and enter information in any or all of the four System Data fields. This information appears in Apple Remote Desktop System Overview reports. For example, you can enter an inventory number for the computer, a serial number, or a user’s name and telephone number.46 Chapter 3 Installing Apple Remote Desktop 17 Click Continue. 18 Select a location for the installer. 19 Click Continue to create the installer. An installer metapackage (.mpkg file) is created in the designated location. 20 Click Done. Considerations for Managed Clients If you plan on restricting what applications can open on a managed client, you’ll need to make sure that Apple Remote Desktop’s processes are allowed to run. A managed client is a client computer whose environment is governed by Mac OS X Server’s Workgroup Manager. The following options need to be enabled in Workgroup Manager’s client and group application preference settings:  “Allow approved applications to launch non-approved applications”  “Allow UNIX tools to run” Removing or Disabling Apple Remote Desktop Apple Remote Desktop’s client components are bundled as part of Mac OS X and Mac OS X Server. You may choose to remove or disable parts of it to fit your own personal computing needs. The following section describes how to uninstall or disable key Apple Remote Desktop components. Uninstalling the Administrator Software To remove the administrator software completely, you must remove the application, the encrypted list of computer user names and passwords, and the client information database. To remove the administrator software: 1 Drag the Remote Desktop application to the Trash. 2 Empty the Trash. 3 Delete the Apple Remote Desktop database from /var/db/RemoteManagement/ using the following commands in the Terminal application: $ sudo rm -rf /var/db/RemoteManagement 4 Delete the Remote Desktop preferences files using the following commands in the Terminal application. $ sudo rm /Library/Preferences/com.apple.RemoteDesktop.plist $ sudo rm /Library/Preferences/com.apple.RemoteManagement.plist $ rm ~/Library/Preferences/com.apple.RemoteDesktop.plistChapter 3 Installing Apple Remote Desktop 47 5 Delete the Remote Desktop documentation using the following commands in the Terminal application. sudo rm -r /Library/Documentation/Applications/RemoteDesktop 6 Delete the Apple Remote Desktop support files from /Library/Application Support/ using the following commands in the Terminal application: $ rm -rf ~/Library/Application\ Support/Remote\ Desktop/ $ sudo rm -rf /Library/Application\ Support/Apple\ Remote\ Desktop/ 7 Delete the Apple Remote Desktop installation receipts from /Library/Receipts/ using the following commands in the Terminal application: $ rm -r /Library/Receipts/RemoteDesktopAdmin* $ rm -r /Library/Receipts/RemoteDesktopRMDB* 8 Delete the Apple Remote Desktop Dashboard Widget (after closing every instance of the Widget) using the following commands in the Terminal application: $ sudo rm -r /Library/Widgets/Remote\ Desktop/ Disabling the Client Software You may want to temporarily disable Apple Remote Desktop on a client without removing the software. To disable the client software on a client computer: 1 On the client computer, open System Preferences and click Sharing. If necessary, enter the user name and password of a user with administrator privileges on that computer. 2 Deselect Apple Remote Desktop in the Sharing pane. 3 Quit System Preferences. Apple Remote Desktop is now disabled and the underlying software is deactivated. Alternately, you can disable only the administrator privileges by doing the following: a Click Access Privileges. b Deselect each user account that you enabled for Apple Remote Desktop administration. c Click OK. d Quit System Preferences. Warning: Because Apple Remote Desktop is part of the default Mac OS X 10.3 and 10.4 installation, do not remove the Apple Remote Desktop client components.48 Chapter 3 Installing Apple Remote Desktop Uninstalling the Client Software from Client Computers To remove Apple Remote Desktop client software from Mac OS X clients, you need to remove a number of software components from each client system. To uninstall client software: 1 Open Terminal (located in /Applications/Utilities). 2 Delete the client pieces from /System/Library/ using the following commands in the Terminal application: $ sudo rm -rf /System/Library/CoreServices/Menu\ Extras/RemoteDesktop.menu $ sudo rm -rf /System/Library/CoreServices/RemoteManagement/ $ sudo rm -rf /System/Library/PreferencePanes/ARDPref.prefPane $ sudo rm -rf /System/Library/StartupItems/RemoteDesktopAgent/ 3 Delete the client preferences from /Library/Preferences/ using the following command in the Terminal application: $ sudo rm /Library/Preferences/com.apple.ARDAgent.plist $ sudo rm /Library/Preferences/com.apple.RemoteManagement.plist 4 Delete the client installation receipts from /Library/Receipts/ using the following command in the Terminal application: $ sudo rm -r /Library/Receipts/RemoteDesktopClient* $ sudo rm -rf /var/db/RemoteManagement/ Warning: It is not recommended that you uninstall the client software. Disabling the client software is sufficient to stop Apple Remote Desktop system activity. See “Disabling the Client Software” on page 47 for instructions.4 49 4 Organizing Client Computers Into Computer Lists Apple Remote Desktop uses lists of client computers to logically organize the client computers under your control. Connecting to client computers on the network and adding them to your list is necessary to administer them. This chapter describes finding clients and organizing them into lists for Apple Remote Desktop administration and user interaction. You can learn about:  “Finding and Adding Clients to Apple Remote Desktop Computer Lists” on page 49  “Making and Managing Lists” on page 53  “Importing and Exporting Computer Lists” on page 56 Finding and Adding Clients to Apple Remote Desktop Computer Lists Before you can audit, control, or maintain any client, you need to add it to an Apple Remote Desktop computer list. To find computers that aren’t on the local subnet, your local network’s routers and firewalls must be properly configured to pass network “pings,” and TCP/UDP packets on ports 3283 and 5900. Remote Desktop has four different methods for discovering possible clients: searching the local networks, searching a range of IP addresses, using a specific IP address or domain name, and importing a list of IP addresses. Once you have found a potential client, you see the following default information: Search column Description (none) Displays a small icon indicating whether the computer is already in the Master List. (none) Displays a small icon showing what kind of access the client is capable of. See “Client Status Icons” on page 161. Name The name given to the computer in the Sharing pane of System Preferences. IP Address The computer’s IP address, if any.50 Chapter 4 Organizing Client Computers Into Computer Lists If you want to change the default display list for the scanner, you can select Edit > View Options and choose any of the other available options (which include Computer Info Fields, Ethernet ID, Label, or others). To add a computer to a computer list, you first authenticate to the computer. Authenticated computers are found in the All Computers list in the Remote Desktop window. You can add a computer to the All Computers list without authenticating, but you will be unable to administer the client until you provide a valid user name and password. Finding Clients by Searching the Local Network When you select a local network scanner, Remote Desktop sends a subnet broadcast to computers in the same subnets as the administrator computer. All possible clients on the local subnets appear in a list on the right side of the Remote Desktop window. To search for clients on the local network: 1 Select a scanner at the left of the Remote Desktop window. 2 Select Local Network. All responding clients are listed in the Remote Desktop window. 3 Select the desired computers. 4 Drag the selected computers to the All Computers list. 5 Authenticate by providing a user name and password for an Apple Remote Desktop administrator. The computer is now in your All Computers list. Finding Clients by Searching a Network Range To locate computers by network range, you provide a beginning and ending IP address to scan, and Apple Remote Desktop queries each IP address in that range in sequence, asking if the computer is a client computer. This method works best when searching for clients outside the local subnet, but on the local area network. Alternatively, you can use a text file that contains IP address ranges (in this format “192.168.0.1-192.168.3.20”), and use text file import to find clients. See “Finding Clients by File Import” on page 52. DNS Name The computer’s DNS name, found by reverse lookup, if any. ARD Version Apple Remote Desktop client software version. Network Interface Which interface the client responded through. Search column DescriptionChapter 4 Organizing Client Computers Into Computer Lists 51 To search a range of network addresses: 1 Select a scanner at the left of the Remote Desktop window. 2 Select Network Range. 3 Enter the beginning and ending IP address. 4 Click the Refresh button. All responding clients are listed in the Remote Desktop window. 5 Select the desired computers. 6 Drag the selected computers to the All Computers list. 7 Authenticate by providing a user name and password for an Apple Remote Desktop administrator. The computer is now in your All Computers list. Finding Clients by Network Address If you know the exact IP address or fully qualified domain name of a computer, you can use that IP address or domain name to add the computer to your All Computers list. To add a specific address immediately to the All Computers list: 1 Choose File > Add By Address. 2 Enter the IP address or fully qualified domain name. 3 Enter the user name and password. 4 Choose whether to verify the name and password before adding it to the All Computers list. 5 Click Add. Alternatively you use the scanner to try an address or domain name and check availability before attempting to add it to the All Computers list. To search for a specific address: 1 Select a scanner at the left of the Remote Desktop window. 2 Select Network Address. 3 Enter the IP address or fully qualified domain name in the Address field. 4 Click the Refresh button. If the client responds successfully, it is listed in the Remote Desktop window. 5 Select the desired computers. 6 Drag the selected computers to the All Computers list. 7 Authenticate by providing a user name and password for an Apple Remote Desktop administrator. The computer is now in your All Computers list.52 Chapter 4 Organizing Client Computers Into Computer Lists Finding Clients by File Import You can import a list of computers into Apple Remote Desktop by importing a file listing the computers’ IP addresses. The list can be in any file format (text, spreadsheet, word processor) and must contain either IP addresses or fully qualified domain names (such as foo.example.com). File import also allows you to add ranges of IP addresses by expressing the range in the following format: xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy. For example, a text file with the line “192.168.0.2-192.168.2.200” would add all IP addresses in that address range. To import a list of computers from a file: 1 Select a scanner at the left of the Remote Desktop window. 2 Select File Import. 3 Browse for the file by clicking the Open File button, or drag a file into the window. Alternatively, you can enter the file’s pathname in the File field. All responding clients are listed in the Remote Desktop window. 4 Select the desired computers. 5 Drag the selected computers to the All Computers list. 6 Authenticate by providing a user name and password for an Apple Remote Desktop administrator. The computer is now in your All Computers list. Making a New Scanner You may want several scanners in order to search for specific address ranges or to do other types of searches. You can make and save your own scanner so you can quickly do the search at any time. You can rename scanners to make them easy to identify. To make a custom search list: 1 Choose File > New Scanner. 2 Rename the newly created scanner. 3 Select the scanner icon. 4 Choose a search type from the pop-up menu to the right.Chapter 4 Organizing Client Computers Into Computer Lists 53 5 Customize the search by entering the specific parameters for the search (such as an IP address range, or file location). You can find out how to customize the search in the following sections:  “Finding Clients by Searching the Local Network” on page 50  “Finding Clients by Searching a Network Range” on page 50  “Finding Clients by Network Address” on page 51  “Finding Clients by File Import” on page 52 6 Click the Refresh button. All responding clients are listed in the Remote Desktop window. Select your scanner icon and click the Refresh button whenever you want to run the search. Making and Managing Lists You use lists to organize and perform management tasks on client computers. You can make groups of lists, and rearrange the lists by dragging them up and down the left side of the main window. Apple Remote Desktop has several different kinds of lists. The following section describes the kinds of lists, and explains how to create lists and use them for client management. About Apple Remote Desktop Computer Lists Apple Remote Desktop displays computers in lists in the main section of the Remote Desktop window. The default computer list is called the All Computers list. This is a full list of all possible clients that you have located and authenticated to. You can create other lists to group the computers on your network in any way you wish. Computer lists have the following capabilities:  You can create as many lists as you want.  The All Computers list can have up to the number of computers your license allows.  Computers can appear in more than one list.  Lists can be made in any grouping you can imagine: geographic, functional, hardware configuration, even color.  Click a list name and keep the mouse over the list name, you can edit the list name.  If you double-click the list icon, you open another window containing the computers in the list.54 Chapter 4 Organizing Client Computers Into Computer Lists Creating an Apple Remote Desktop Computer List You can make more specific, targeted lists of computers from your All Computers list. The easiest way to make a new list is to use computers already in the All Computers list. You can also create blank lists and add computers to them later. To create an Apple Remote Desktop computer list: 1 Select the All Computers list icon in the main Remote Desktop window. 2 Select the computers you want to add to the new list. 3 Choose File > New List From Selection. 4 Name the computer list. Alternatively, you can choose File > New List to create a blank list and drag computers from the All Computers list, or from the scanner search results, to the blank list. Deleting Apple Remote Desktop Lists You can delete Apple Remote Desktop computer lists and scanner lists that you created. You cannot delete the All Computers list, Task Server list, or Task History list. To delete a list: m Select the list and press the Delete key. Creating a Smart Computer List You can create a computer list which automatically populates based on custom criteria. Once you create a smart list, any computer added to the All Computers list (or other specified list) which matches the criteria will automatically be added to the smart list. You can match any or all of the following criteria:  Name  IP Address  DNS Name  Label  Apple Remote Desktop version  Startup Volume  Installed RAM  CPU Information  Machine Model  Mac OS version  Computer is in List In order to use a smart list which populates from any list except the All Computers list, you need to add the “Computer is in List” criterion and specify the source list.Chapter 4 Organizing Client Computers Into Computer Lists 55 To create a smart computer list: 1 Choose File > New Smart List. 2 Name the smart computer list. 3 Choose “any” or “all” criteria to match. 4 Select the attribute to select by, using the pop-up windows and text entry field. 5 Add any other criteria with the Add (+) button. 6 Click OK. The new smart list appears in Remote Desktop’s main window. Editing a Smart Computer List You may want to edit the smart lists you have created. The editing window is the same as the one used to create the smart list. The options available are the same as those listed in “Creating a Smart Computer List” on page 54. To edit a smart computer list: 1 Select the smart list in Remote Desktop’s main window. 2 Choose File > Edit Smart List. 3 Change the smart computer list as desired. Creating a List of Computers of from Existing Computer Lists You may want a list which combines the results of several different lists and smart lists. You can create aggregate lists by using the “Computer is in List” option. The list created will have the computers from the source lists, but not indicate which source list they came from. To create an list of computer lists: 1 Create the lists which will serve as the sources of the smart list. See “Creating an Apple Remote Desktop Computer List” on page 54 or “Creating a Smart Computer List” on page 54 for more information. 2 Create the Smart List which will draw its computers from the previously created lists. “Creating a Smart Computer List” on page 54 for more information. 3 In the Smart List creation dialog, choose to match all of the stated conditions. 4 For the first condition, select “Computer is in List.” 5 Select a source list from the pop-up menu. 6 Add another condition by clicking the Add (+) button. 7 Repeat steps 4-6, adding Computer Lists for all of the source lists.56 Chapter 4 Organizing Client Computers Into Computer Lists 8 Add other conditions and criteria as desired. 9 Create the final Smart List by clicking OK. The new Smart List appears in Remote Desktop’s main window. Importing and Exporting Computer Lists When setting up Apple Remote Desktop 3, you may not necessarily use the same computer you used for the previous version of Apple Remote Desktop. Rather than create new lists of client computers, you can transfer existing lists between computers, with benefits and limitations depending on the transfer circumstance. The following sections will help you import or export your computer lists.  “Transferring Computer Lists from Apple Remote Desktop 3 to a New Administrator Computer” on page 56  “Transferring Remote Desktop 2 Computer Lists to a New Remote Desktop 3 Administrator Computer” on page 57  “Transferring Old v1.2 Computer Lists to a New Administrator Computer” on page 57 Transferring Computer Lists from Apple Remote Desktop 3 to a New Administrator Computer You may want to move your existing computer lists to the new administrator computer running Apple Remote Desktop 3. Lists transferred in this way retain their client computers as well as the original name of the list. You can only use these instructions to move computer lists between administrator computers which run Apple Remote Desktop 3. When you import or export a computer list, the user name and password used for Apple Remote Desktop authentication are not exported. Once you’ve imported the computer list, you will still need to authenticate to the computers. To transfer the computer lists: 1 In the main Remote Desktop window, select the list you want to move. 2 Choose File > Export List. 3 Select a name and a file location for the exported list. The default file name is the list name. Changing the file name, however, does not change the list name. 4 Click Save. A .plist file is created in the desired location. The XML-formatted .plist file is a plain text file that can be inspected with Apple’s Property List Editor or a text editor. 5 Copy the exported file to the desired administrator computer. 6 On the new administrator computer, launch Remote Desktop. 7 Choose File > Import List.Chapter 4 Organizing Client Computers Into Computer Lists 57 8 Select the exported list, and click Open. The list now appears in Remote Desktop’s main window. Transferring Remote Desktop 2 Computer Lists to a New Remote Desktop 3 Administrator Computer If you are installing Apple Remote Desktop 3 on a computer different from the version 2.x administrator computer, you may want to move your existing computer lists to the new administrator computer running Apple Remote Desktop 3. When you import or export a computer list, the user name and password used for Apple Remote Desktop authentication are not exported. Once you’ve imported the computer list, you will still need to authenticate to the computers. To transfer the computer lists: 1 In the main Remote Desktop window, select the list you want to move. 2 Make sure Remote Desktop lists the computer’s name and IP address. 3 Choose File > Export Window. 4 Select a name and a file location for the exported list, and click Save. The default file name is the window’s title. 5 Copy the exported file to the desired administrator computer. 6 On the new administrator computer, launch Remote Desktop. 7 Using the Scanner, add the clients by File Import. See “Finding Clients by File Import” on page 52, for detailed instructions. The list now appears in Remote Desktop’s main window. 8 Select the computers in the list. 9 Choose File > New List From Selection. The new list now appears in Remote Desktop’s main window. Transferring Old v1.2 Computer Lists to a New Administrator Computer If you are installing Apple Remote Desktop 3 on a computer other than an older administrator computer using Apple Remote Desktop 1.2, you need to move your existing computer lists to the new administrator computer before installing version 3. These instructions only apply when moving Apple Remote Desktop 1.2 computer lists to a new computer. Throughout these instructions, the computer with the original lists is the “source computer.” The computer that will have Apple Remote Desktop 3 installed is the “target computer.”58 Chapter 4 Organizing Client Computers Into Computer Lists To transfer the computer lists: 1 Open Keychain Access (located in /Applications/Utilities) on the source computer. 2 Choose File > New Keychain. 3 Name the new keychain, and click Create. 4 Enter a password for the new keychain. This is a temporary password that you will use to retrieve the information in the keychain. Do not use your login password or other sensitive password. 5 If necessary, click Show Keychains to show the administrator keychain. 6 Select the source computer’s main keychain. If the keychain is locked, unlock it and authenticate. 7 Select only the Apple Remote Desktop entries in the keychain. 8 Drag the Apple Remote Desktop entries to the newly created keychain. 9 Provide the source computer keychain password for each entry. 10 Quit Keychain Access on the source computer. 11 Copy the newly created keychain from the source computer (~/Library/Keychains/ ) to the same location on the target computer. You can copy the keychain over the network, or use a removable storage drive. 12 On the target computer, open Keychain Access in the Finder. 13 Choose File > Add Keychain. 14 Select the keychain that was copied from the source computer, and click Open. 15 If necessary, click Show Keychains to show the keychains. 16 Unlock the newly imported keychain, using the password designated for that keychain. 17 Select the Apple Remote Desktop entries. 18 Drag the Apple Remote Desktop entries to the main keychain on the target computer. Provide the temporary keychain password for each entry. 19 Quit Keychain Access on the source computer. When you open Apple Remote Desktop on the new computer, you will notice that the computer lists from the old computer are available.5 59 5 Understanding and Controlling Access Privileges There are several different ways to access and authenticate to Apple Remote Desktop clients. Some depend on Apple Remote Desktop settings, and others depend on other client settings, or third-party administration tools. This chapter explains the various access types, their configuration, and their uses. You can learn about:  “Apple Remote Desktop Administrator Access” on page 59  “Apple Remote Desktop Administrator Access Using Directory Services” on page 62  “Apple Remote Desktop Guest Access” on page 65  “Apple Remote Desktop Nonadministrator Access” on page 66  “Virtual Network Computing Access” on page 67  “Command-Line SSH Access” on page 68  “Managing Client Administration Settings and Privileges” on page 68 Apple Remote Desktop Administrator Access Access privileges allow an Apple Remote Desktop administrator to add computers to a list and then interact with them. If no access privileges are allowed on a client computer, that computer cannot be used with Apple Remote Desktop. Access privileges are defined in the Apple Remote Desktop section of the Sharing pane of the client computers’ System Preferences. The recommended access privileges for a client computer depend on how it’s used.  If the computer is used in a public area, such as a computer lab, you may want to allow administrators full access privileges.  If the computer is used by one person, you may not want to give administrators full access privileges. Also, you may want a user who administers his or her own computer to take responsibility for creating passwords and setting the access privileges for the computer60 Chapter 5 Understanding and Controlling Access Privileges The following table shows the settings in the Apple Remote Desktop settings in the Sharing Preference pane and the features of Remote Desktop that they correspond to. For example, if you want a certain administrator to be rename computer file sharing names, you will need to grant that user that privilege by selecting “Change Settings”. checkbox in the Apple Remote Desktop settings in the Sharing Preference pane on the client computer. Select To allow administrators to Select any other privileges. (If you select only this box, the administrator can see the client computer in the Computer Status window and include it in Network Test reports.) Generate reports Create hardware and software reports using the Report menu; use Set Reporting Policy and Spotlight Search. Open and quit applications Use these Manage menu commands: Open Application, Open Items, Send UNIX Command and Log Out Current User. Change settings Use these Manage menu commands: Rename Computer, Send UNIX Command and Set Startup Disk. Delete and replace items Use these Manage menu commands: Copy Items, Install Packages, Send UNIX Command and Empty Trash. Also delete items from report windows. This item must be enabled in order to use the Upgrade Client Software feature. Send text messages Use these Interact menu commands: Send Message and Chat. Restart and shut down Use these Manage menu commands: Sleep, Wake Up, Restart, Send UNIX Command, and Shut Down. This item must be enabled in order to use the Upgrade Client Software feature. Copy items Use these Manage menu and Server menu commands: Copy Items, Send UNIX Command and Install Packages. This item must be enabled in order to use the Upgrade Client Software and Change Client Settings features. Control Use these Interact menu commands: Control, Share Screen, Lock and Unlock Screen. This item must be enabled in order to use the Upgrade Client Software and Change Client Settings features.Chapter 5 Understanding and Controlling Access Privileges 61 Setting Apple Remote Desktop Administrator Access Authorization and Privileges Using Local Accounts To prepare a client for administration, you activate the existing version of Apple Remote Desktop on the client computer and set Apple Remote Desktop administrator access privileges by using the Sharing pane of the computer’s System Preferences. You set access privileges separately for each user account on the computer. Follow the steps in this section to set access privileges on each client computer. Note: You can skip this step if you create a custom installer that automatically enables your desired client settings. To make changes on a client computer, you must have the name and password of a user with administrator privileges on the computer. To set administrator privileges on a computer: 1 On the client computer, open System Preferences and click Sharing. If the preference pane is locked, click the lock and then enter the user name and password of a user with administrator privileges on that computer. 2 Select Apple Remote Desktop in the Sharing service pane. 3 Click Access Privileges. 4 Select each user that you want enabled for Apple Remote Desktop administration authentication. 5 Select a listed user whose access privileges you want to set, and then make the changes you want to the access privileges. Your changes take effect immediately. Hint: Holding down the Option key while clicking the user’s checkbox will automatically select all the following checkboxes for access. See “Apple Remote Desktop Administrator Access” on page 59 for more information. 6 Repeat for additional users whose access privileges you want to set. 7 If desired, enter information in any or all of the four Computer Information fields. This information appears in Apple Remote Desktop System Overview reports and optionally in the computer list views. For example, you can enter an inventory number for the computer, a serial number, or a user’s name and telephone number. 8 Click OK. 9 To activate the Apple Remote Desktop client, make sure to select the Apple Remote Desktop checkbox, or select Apple Remote Desktop and click Start.62 Chapter 5 Understanding and Controlling Access Privileges Apple Remote Desktop Administrator Access Using Directory Services You can also grant Apple Remote Desktop administrator access without enabling any local users at all by enabling group-based authorization if the client computers are bound to a directory service. When you use specially named groups from your Directory Services master domain, you don’t have to add users and passwords to the client computers for Apple Remote Desktop access and privileges. When Directory Services authorization is enabled on a client, the user name and password you supply when you authenticate to the computer are checked in the directory. If the name belongs to one of the Apple Remote Desktop access groups, you are granted the access privileges assigned to the group. Creating Administrator Access Groups In order to use Directory Services authorization to determine access privileges, you need to create groups and assign them privileges. There are two ways of doing this: Method #1 You can create groups and assign them privileges through the mcx_setting attribute on any of the following records: any computer record, any computer list record, or the guest computer record. To create an administrator access group: 1 Create groups as usual. If you are using Mac OS X Server, you use Workgroup Manager to make them. 2 After you have created groups, you edit either the computer record of the computer to be administered, its computer list record, or the guest computer record. 3 Use a text editor, or the Apple Developer tool named Property List Editor to build the mcx_setting attribute XML. The XML contains some administrator privilege key designations (ard_admin, ard_reports, etc.), and the groups that you want to possess those privileges. The following privilege keys have these corresponding Remote Desktop management privileges:Chapter 5 Understanding and Controlling Access Privileges 63 In the XML, you name a privilege key and make the value the name of the group or groups you want to possess the privilege. Use the sample XML below to make your management/key designation XML. 4 When you have created the snippet of XML, you enter this whole snippet into a computer record or computer list record. If you are using Workgroup Manager, you enable the preference to “Show All Records Tab and Inspector” and use the Inspector to copy the entire snippet of XML the value which corresponds to the “MCXSettings” attribute name. Management Privilege ard_admin ard_reports ard_manage ard_interact Generate reports X X X Open and quit applications X X Change settings X X Copy items X X Delete and replace items X X Send messages X X X Restart and shut down X X Control X X Observe X X Show being observed X X64 Chapter 5 Understanding and Controlling Access Privileges For more information on using Workgroup Manager, and Open Directory, see their documentation at: www.apple.com/server/documentation The following is the sample XML format you need to use to assign management privileges via MCX keys. It assigns the above “ard_interact” privileges to the groups named “some_group” and “staff.” It also assigns the “ard_manage” privileges to the group named “staff,” the “ard_admin” privileges to the group “my_admin_group,” and leaves no group with the “ard_reports” privilege set. Here’s the XML: mcx_application_data com.apple.remotedesktop Forced mcx_preference_settings ard_interact some_group staff ard_manage staff ard_admin my_admin_group ard_reports This example attribute defines four privileges, although any of them may be left out.Chapter 5 Understanding and Controlling Access Privileges 65 Method #2 You can create groups with special names that correspond to the privilege keys above: ard_admin, ard_reports, ard_manage, and ard_interact. The corresponding privileges are automatically assigned to these specially named groups. If you have already created these groups for use with Apple Remote Desktop 2, they will continue to work as expected with Apple Remote Desktop 3. Enabling Directory Services Group Authorization In order to enable group-based authorization for Apple Remote Desktop access, you create the appropriate groups in your Directory Services master directory domain. To complete this task, you need to be the Directory Services administrator and have access to your organization’s users and groups server. To enable Apple Remote Desktop authorization by group: 1 Use one of the methods in the section “Creating Administrator Access Groups” to create groups with Apple Remote Desktop access privileges assigned to them. 2 Add users to the groups. 3 Make sure the client computers to be administered are bound to your directory system. 4 Set the clients to use directory authorization by using the Change Client Settings feature or make a custom installer. 5 Choose to enable directory-based administration on the clients using Directory Access found in /Applications/Utilities/. Apple Remote Desktop Guest Access You can configure an Apple Remote Desktop client to give temporary, one-time access to an Apple Remote Desktop administrator who does not have a user name or password for the client computer. Each time the Apple Remote Desktop administrator would like to control the client computer, he or she must request permission from the remote client’s user. Warning: Granting access to control a screen is the most powerful feature in Apple Remote Desktop, and can be equivalent to unrestricted access.66 Chapter 5 Understanding and Controlling Access Privileges To allow guest access: 1 On the client computer, open System Preferences and click Sharing. If prompted, enter the user name and password of a user with administrator privileges on that computer. 2 Select Apple Remote Desktop in the Sharing pane. 3 Click Access Privileges. 4 Select “Guests may request permission to control screen.” 5 Click OK. Apple Remote Desktop Nonadministrator Access Remote Desktop can operate in what is referred to as “user mode.” User mode is activated when a nonadministrator user opens Remote Desktop to administer Apple Remote Desktop client computers. The administrator of the computer with Remote Desktop installed can choose which features and tasks are available to nonadministrator users. Limiting Features in the Administrator Application User mode is a great way to delegate administrative tasks, or give users only the features of Remote Desktop that they really use. For example, you might not allow nonadministrators to copy or delete files, but you may want them to be able to observe client screens and send messages to client users. You can choose to allow nonadministrators to:  Observe, control, and share screens  Lock and unlock screens  Send text messages and chat  Sleep and wake client computers  Log out users  Restart and shut down computers  Open or quit files and applications  Rename computers  Generate reports and software searches  Copy items, delete items, and empty the Trash  Create Apple Remote Desktop custom client installers  Upgrade clients and change client settings  Install packages  Set the client computer’s startup volume  Set the client’s data reporting policy  Send UNIX commandsChapter 5 Understanding and Controlling Access Privileges 67 Each of these features can be enabled or disabled independently of each other, or you can enable all of Remote Desktop’s features for nonadministrator users. To enable User Mode: 1 Make sure you are logged in as an administrator user. 2 Open Remote Desktop. 3 Choose Remote Desktop > Preferences. 4 Click the Security button. 5 Enable or disable features, as desired. 6 Close the Preference’s window. Virtual Network Computing Access You can use Apple Remote Desktop to access a Virtual Network Computing (VNC) server and view and interact with the server’s screen. VNC access is determined by the VNC server software. To access a VNC server, it is only necessary to know the IP address or fully qualified domain name and the password designated in the VNC server software. This password does not necessarily correspond to any other password on the system, and is determined by the VNC configuration. VNC access is similar to Apple Remote Desktop’s Control command. It allows you to use your keyboard and mouse to control a VNC server across a network. It doesn’t give any other Apple Remote Desktop administrator privileges except those of the currently logged-in user. Non-Apple VNC viewers can control Apple Remote Desktop clients if the client allows it. Allowing a non-Apple VNC viewer access to an Apple Remote Desktop client is less secure than using Apple Remote Desktop to control the client. The VNC protocol implemented in third-party VNC viewers may not encrypt keystrokes sent over the network, so sensitive information can be intercepted. Warning: Granting VNC access to control a screen is the most powerful feature in Apple Remote Desktop, and can be equivalent to unrestricted access.68 Chapter 5 Understanding and Controlling Access Privileges To allow VNC access: 1 On the client computer, open System Preferences and click Sharing. If prompted, enter the user name and password of a user with administrator privileges on that computer. 2 Select Apple Remote Desktop in the Sharing pane. 3 Click Access Privileges. 4 Select “VNC viewers may control screen with password.” 5 Enter a VNC password. Command-Line SSH Access Command-line SSH access is not granted or managed using Remote Desktop. This type of access is managed in the Sharing pane of System Preferences (called “Remote Login”) and is separate from Apple Remote Desktop access types. When you log in to a client remotely using SSH, you have the user privileges assigned to the user name and password. These may or may not include computer administrator privileges. You can use SSH to access a client using a user account created for Apple Remote Desktop, but you are limited to performing whatever tasks were allowed to that user when the account was created. Conversely, only the users specified in the Apple Remote Desktop access privileges can access a computer using Apple Remote Desktop. Apple Remote Desktop privileges are completely separate and distinct from local computer administrator UNIX privileges. Managing Client Administration Settings and Privileges Regular audits of administration settings can help maintain a secure Remote Desktop administration environment. Using the various administrator options given with Apple Remote Desktop administrator privileges, you can create specialized logins for certain tasks, limiting potentially disruptive power of certain sub-administrators. The following section gives detailed instructions for checking the administrator privilege settings of client computers, and changing those settings. Warning: Do not use the same password as any local user or Apple Remote Desktop login.Chapter 5 Understanding and Controlling Access Privileges 69 Getting an Administration Settings Report You can query active Apple Remote Desktop clients for a report on what commands they are accepting from your administrator authentication. The report is a list of the Apple Remote Desktop administrator access types each with an “On” or “Off” to indicate whether that access type is available to you. To get an administration settings report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > Administration Settings. 4 Click Get Report. Changing Client Administrator Privileges Once the client computers are able to be administered, you can change the administrator access privileges for multiple computers simultaneously, using the Change Client Settings command. If you are using Directory Services to designate administrator privileges, you don’t need to change the settings on the clients. To make changes on a client, you must have the name and password of a user with administrator privileges on the computer. Additionally, you must already have the Control privilege. Note: You do not have to make a selection on every page of the assistant. You can click Continue to move to the next set of settings. To change administrator privileges on each computer: 1 Select a computer list. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Change Client Settings. The client assistant appears. Click Continue. 4 Choose whether to start Remote Desktop sharing at system startup. This changes the setting found in the Sharing pane of System Preferences. 5 Choose whether to hide or show the Apple Remote Desktop menu bar icon. 6 Click Continue. 7 Choose whether to create a new user for Apple Remote Desktop login. Click Continue. New users can be used to grant Apple Remote Desktop administrator privileges. Creating a new user does not overwrite existing users or change existing user passwords. If you choose not to create a new user, skip to step 9 after clicking Continue.70 Chapter 5 Understanding and Controlling Access Privileges 8 Add a new user by clicking Add and filling in the appropriate information. Click OK after adding each user, and click Continue when you’re ready to go on. 9 Choose whether to assign Apple Remote Desktop administrator access privileges to Directory Services groups. If you choose to do so, select “Enable directory-based administration.” See “Apple Remote Desktop Administrator Access Using Directory Services” on page 62 for more information on using this method to grant Apple Remote Desktop administrator access. 10 Choose whether to assign Apple Remote Desktop administrator access privileges to specific users. Click Continue. If you choose not to assign administrator access privileges, skip to step 13. 11 Click Add to designate a user to receive Apple Remote Desktop access privileges. 12 Provide the user’s short name and assign the privileges as desired. See “Apple Remote Desktop Administrator Access” on page 59 for more information. Click OK after each user, and click Continue when you’re ready to go on. 13 Choose whether to allow temporary guest control by requesting permission on the client computers. 14 Choose whether to allow non-Apple VNC viewers to control the client computers, and click Continue. See “Virtual Network Computing Access” on page 67 for more information. 15 If desired, select and enter information in any or all of the four System Data fields. This information appears in Apple Remote Desktop System Overview reports. For example, you can enter an inventory number for the computer, a serial number, or a user’s name and telephone number. 16 Click Continue to review the clients’ settings. 17 Choose whether to execute the change using the application or a dedicated task server. 18 Click Change to change the clients’ settings The client configuration assistant contacts all of the selected computers and changes their administration settings.6 71 6 Setting Up the Network and Maintaining Security This chapter describes the main aspects of setting up your network for use with Apple Remote Desktop system administration, as well as best-practice tips for your network. Additionally, it contains information about Apple Remote Desktop security features, and detailed instructions for enabling them. You can learn about:  “Setting Up the Network” on page 71  “Using Apple Remote Desktop with Computers in an AirPort Wireless Network” on page 72  “Getting the Best Performance” on page 73  “Maintaining Security” on page 73 Setting Up the Network Your network configuration determines Apple Remote Desktop’s performance and usability. AirPort and AirPort Extreme networks offer slower performance than almost any Ethernet network. Therefore, file copying, client monitoring, and reporting are slower over AirPort and AirPort Extreme connections. Network routers and firewalls also shape, direct, or block network traffic; these things can have an effect on Apple Remote Desktop’s reliability and efficiency. Here are a few guidelines to keep in mind when setting up Apple Remote Desktop on your network:  The more AirPort clients connected to a base station, the lower the bandwidth for each computer. AirPort Base Stations are not considered “switched networks.”  Local Hostname (name using Apple’s Bonjour technology, that looks like: name.local) browsing does not extend beyond the local subnet. Local Hostnames do not resolve across routers like domain names do.  Networks with switches have fewer collisions and packet errors than networks with hubs. This means greater reliability and speed. Consider using switches instead of hubs.72 Chapter 6 Setting Up the Network and Maintaining Security  Organize computers you’re administering using Apple Remote Desktop into small groups, and close the Remote Desktop administrator application when not in use. This helps reduce the number of status queries, thus reducing network traffic.  If a client has a slow network type, consider running it in a list separate from the faster clients. A single slow client can slow down network operations.  If network traffic passes through firewalls, make sure you have a large Maximum Transmission Unit (MTU) setting (1200 or greater). Too small an MTU setting can result in black screens when sharing or sending screens.  If you are using a wide-area network (WAN), or metropolitan area network (MAN), make sure that the defrag bit is turned off in your router so packets don’t get chunked up. This can result in black screens when sharing or sending screens.  Network Address Translation (NAT) networks (such as those that use the Mac OS X Internet Sharing feature) can pose configuration and access difficulties. If you want to use Remote Desktop from behind a NAT router to access computers beyond the NAT router, you need to set TCP and UDP port forwarding for ports 3283 and 5900 to your administrator computer. Similarly, if you wish to access a single client computer that is behind a NAT router, you need to set the router to forward TCP and UDP ports 3283 and 5900 to the client computer you wish to access. Using Apple Remote Desktop with Computers in an AirPort Wireless Network Using Apple Remote Desktop to observe or control client computers connected using AirPort wireless technology can sometimes result in impaired performance or cause communication errors to appear in the Computer Status window. To get the best performance from Apple Remote Desktop with computers in an AirPort wireless network:  Make sure that all AirPort Base Stations and all Apple Remote Desktop client computers have the latest versions of Apple Remote Desktop software, AirPort software, and Mac OS X software installed.  Limit the number of clients that connect to an AirPort Base Station. AirPort clients on a base station receive all network communication packets sent to any one client on that base station. Although clients ignore packets that aren’t addressed to them, CPU resources are used to identify and discard the packet.  Scale the Control and Observe window. Apple Remote Desktop has server-side scaling that will allow for less traffic across the network as you scale the window to smaller sizes.  Try not to use tasks that multicast traffic such as Share Screen and File Copy. File Copy tries to initiate a series of individual copies if there is a significant number of multicast networking errors.Chapter 6 Setting Up the Network and Maintaining Security 73  Wireless networks also are not suited for multicast traffic. However Apple Remote Desktop’s multi-observe feature is different because it doesn’t use multicast traffic.  Display shared screens in black and white rather than in color.  Configure your AirPort Base Station with a station density of High and increase the multicast rate to 11 Mbps using AirPort Admin Utility. Using the base station density and multicast rate settings limits the range of each AirPort Base Station’s network, requiring client computers to be fewer than 50 meters from a base station. Getting the Best Performance To get the best performance when using the Share Screen, Observe, and Control commands:  Use the fastest network possible. This means favoring Ethernet over AirPort, 1000Base-T over 100Base-T, and 100Base-T over 10Base-T.  If you’re using AirPort, adjust the multicast speed higher.  Don’t mix network speeds if possible.  Reduce the use of animation on remote computers. For example, you can simplify Dock preference settings by turning off animation, automatic hiding and showing, and magnification effects.  View the client’s screen in a smaller window when using the “fit to window” option.  View the client’s screen with fewer colors.  Use a solid color for the desktop of the screen you’re sharing.  Share screens only on local networks. If you share a screen with a computer connected across a router, screen updates happen more slowly.  Set the Control and Observe image quality to the lowest acceptable for the given circumstance. Maintaining Security Remote Desktop can be a powerful tool for teaching, demonstrating, and performing maintenance tasks. For convenience, the administrator name and password used to access Remote Desktop can be stored in a keychain or can be required to be typed each time you open the application. However, the administrator name and password for each client computer are stored in the administrator’s preferences and are strongly encrypted.74 Chapter 6 Setting Up the Network and Maintaining Security Administrator Application Security  Make use of user mode to limit what nonadministrator users can do with Remote Desktop. See “Apple Remote Desktop Nonadministrator Access” on page 66.  If you leave the Remote Desktop password in your keychain, be sure to lock your keychain when you are not at your administrator computer.  Consider limiting user accounts to prevent the use of Remote Desktop. Either in a Managed Client for Mac OS X (MCX) environment, or using the Accounts pane in System Preferences, you can make sure only the users you designate can use Remote Desktop.  Check to see if the administrator computer is currently being observed or controlled before launching Remote Desktop (and stop it if it is). Remote Desktop prevents users from controlling a client with a copy of Remote Desktop already running on it at connection time, but does not disconnect existing observe or control sessions to the administrator computer when being launched. Although this functionality is helpful if you want to interact with a remote LAN which is behind a NAT gateway, it is possible to exploit this feature to get secretly get information about the administrator, administrator’s computer, and its associated client computers. User Privileges and Permissions Security  To disable or limit an administrator’s access to an Apple Remote Desktop client, open System Preferences on the client computer and make changes to settings in the Remote Desktop pane in the Sharing pane of System Preferences. The changes take effect after the current Apple Remote Desktop session with the client computer ends.  Remember that Apple Remote Desktop keeps working on client computers as long as the session remains open, even if the password used to administer the computer is changed.  Don’t use a user name for an Apple Remote Desktop access name and password. Make “dummy” accounts specifically for Apple Remote Desktop password access and limit their GUI and remote login privileges. Password Access Security  Never give the Remote Desktop password to anyone.  Never give the administrator name or password to anyone.  Use cryptographically sound passwords (no words found in a dictionary; eight characters or more, including letters, numbers and punctuation with no repeating patterns).  Regularly test your password files against dictionary attack to find weak passwords.Chapter 6 Setting Up the Network and Maintaining Security 75  Quit the Remote Desktop application when you have finished using it. If you have not stored the Remote Desktop password in your keychain, the application prompts you to enter the administrator name and password when you open it again. Physical Access Security  If you have stored the Remote Desktop password in your keychain, make sure the keychain is secured and the application isn’t running while you are away from the Remote Desktop window.  If you want to leave the Remote Desktop application open but need to be away from the computer, use a password-protected screen saver and select a hot corner so you can instantly activate the screen saver. Remote Desktop Authentication and Data Transport Encryption Authentication to Apple Remote Desktop clients uses an authentication method based on a Diffie-Hellman Key agreement protocol that creates a shared 128-bit key. This shared key is used to encrypt both the name and password using the Advanced Encryption Standard (AES). The Diffie-Hellman key agreement protocol used in Remote Desktop 3 is very similar to the one used in personal file sharing, with both of them using a 512-bit prime for the shared key calculation. With Remote Desktop 3, keystrokes and mouse events are encrypted when you control Mac OS X client computers. Additionally, all tasks except Control and Observe screen data, and files copied via Copy Items and Install Packages are encrypted for transit (though you may choose to encrypt these as well by changing your application preferences). This information is encrypted using the Advanced Encryption Standard (AES) with the 128-bit shared key that was derived during authentication. Encrypting Observe and Control Network Data Although Remote Desktop sends authentication information, keystrokes, and management commands encrypted by default, you may want additional security. You can choose to encrypt all Observe and Control traffic, at a certain performance cost. Encryption is done using an SSH tunnel between the participating computers. In order to use encryption for Observe and Control tasks, the target computers must have SSH enabled (“Remote Login” in the computer’s Sharing Preference pane). Additionally, firewalls between the participating computers must be configured to pass traffic on TCP port 22 (SSH well known port). If the you are trying to control a VNC server which is not Remote Desktop, it will not support Remote Desktop keystroke encryption. If you try to control that VNC server, you will get a warning that the keystrokes aren’t encrypted which you will have to acknowledge before you can control the VNC server. If you chose to encrypt all network data, then you will not be able to control the VNC server because Remote Desktop is not able to open the necessary SSH tunnel to the VNC server. 76 Chapter 6 Setting Up the Network and Maintaining Security To enable Observe and Control transport encryption: 1 Choose Remote Desktop > Preferences. 2 Click the Security button. 3 In the “Controlling computers” section, select “Encrypt all network data.” Encrypting Network Data During Copy Items and Install Packages Tasks Remote Desktop can send files for Copy Items and Install Packages via encrypted transport. This option is not enabled by default, and you must either enable it explicitly for each copy task, or in a global setting in Remote Desktop’s preferences. Even installer package files can be intercepted if not encrypted. To encrypt individual file copying and package installation tasks: m In the Copy Items task or Install Packages task configuration window, select “Encrypt network data.” To set a default encryption preference for file copies: 1 In the Remote Desktop Preferences window, select the Security pane. 2 Check “Encrypt transfers when using Copy Items,” or “Encrypt transfers when using Install Packages” as desired. Alternatively, you could encrypt a file archive before copying it. The encrypted archive could be intercepted, but it would be unreadable.7 77 7 Interacting with Users Apple Remote Desktop is a powerful tool for interacting with computer users across a network. You can interact by controlling or observing remote screens, text messaging with remote users, or sharing your screen with others. This chapter describes Remote Desktop’s user interaction capabilities and gives complete instructions for using them. You can learn about:  “Controlling” on page 78  “Observing” on page 85  “Sending Messages” on page 92  “Sharing Screens” on page 93  “Interacting with Your Apple Remote Desktop Administrator” on page 9478 Chapter 7 Interacting with Users Controlling Apple Remote Desktop allows you to control remote computers as if you were sitting in front of them. You can only control the keyboard and mouse of any one computer at a time. There are two kinds of remote computers that Apple Remote Desktop can control: Apple Remote Desktop clients and Virtual Network Computing (VNC) servers. Controlling Apple Remote Desktop Clients Apple Remote Desktop client computers can be controlled by any administrator computer that has the Control permission set. See “Apple Remote Desktop Administrator Access” on page 59 for more information about Apple Remote Desktop permissions. While you control an Apple Remote Desktop client computer, some keyboard shortcut commands are not sent to the remote computer, but they affect the administrator computer. These include:  Change Active Application (Command-Tab and Command-Shift-Tab)  Show or Hide Dock (Command-Option-D)  Log Out User (Command-Shift-Q)  Take Screen Shot (Command-Shift-3, -4)  Force Quit (Command-Option-Escape)Chapter 7 Interacting with Users 79 Also, special keys including the sound volume, screen brightness, and Media Eject keys do not affect the client computer. These instructions assume the that observed computer has Apple Remote Desktop installed and configured properly (see “Setting Up an Apple Remote Desktop Client Computer for the First Time” on page 41) and that the computer has been added to an Apple Remote Desktop computer list (see “Finding and Adding Clients to Apple Remote Desktop Computer Lists” on page 49). To control an Apple Remote Desktop client: 1 Select a computer list in the Remote Desktop window. 2 Select one computer from the list. 3 Choose Interact > Control. 4 To customize the control window and session, see “Control Window Options” on page 79. 5 Use your mouse and keyboard to perform actions on the controlled computer. If your Remote Desktop preferences are set to share keyboard and mouse control, the remote computer’s keyboard and mouse are active and affect the computer just as the administrator computer’s keyboard and mouse do. If your preferences aren’t set to share control, the remote computer’s keyboard and mouse do not function while the administrator computer is in control. Control Window Options When controlling a client, the control window contains several buttons in the window title bar which you can use to customize your remote control experience. There are toggle buttons that switch your control session between two different states, and there are action buttons that perform a single task. In addition to the buttons, there is a slider for image quality. The toggle buttons are:  Control mode or Observe mode  Share mouse control with user  Fit screen in window  Lock computer screen while you control  Fit screen to full display The action buttons are:  Capture screen to a file  Get the remote clipboard contents  Send clipboard contents to the remote clipboard80 Chapter 7 Interacting with Users Switching the Control Window Between Full Size And Fit-To-Window When controlling a client, you can see the client window at full size, or scaled to fit the control window. Viewing the client window at full size will show the client screen at its real pixel resolution. If the controlled computer’s screen is larger than your control window, the screen show scroll bars at the edge of the window. To switch in-a-window control between full size and fit-to-window modes: 1 Control a client computer. 2 Click the Fit Screen In Window button in the control window toolbar. Switching Between Control and Observe Modes Each control session can be switched to a single-client observe session, in which the controlled computer no longer takes mouse and keyboard input from the administrator computer. This allows you to easily give control over to a user at the client computer keyboard, or place the screen under observation without accidentally affecting the client computer. See “Observing a Single Computer” on page 90 for more information on Apple Remote Desktop observe mode. To switch between control and observe modes: 1 Control a client computer. 2 Click the Control/Observe toggle button in the control window toolbar. Sharing Control with a User You can either take complete mouse and keyboard control or share control with an Apple Remote Desktop client user. This allows you to have more control over the client interaction as well as prevents possible client side interference. This button has no effect while controlling VNC servers. See “Controlling VNC Servers” on page 82 for more information. To switch between complete control and shared mouse modes: 1 Control a client computer. 2 Click the “Share mouse and keyboard control” button in the control window toolbar.Chapter 7 Interacting with Users 81 Hiding a User’s Screen While Controlling Sometimes you may want to control a client computer with a user at the client computer, but you don’t want the user to see what you’re doing. In such a case, you can disable the client computer’s screen while preserving your own view of the client computer. This is a special control mode referred to as “curtain mode.” You can change what’s “behind the curtain” and reveal it when the mode is toggled back to the standard control mode. To switch between standard control and curtain modes: 1 Control a client computer. 2 Click the “Lock computer screen while you control” button in the control window toolbar. Capturing the Control Window to a File You can take a picture of the remote screen, and save it to a file. The file is saved to the administrator computer, and is the same resolution and color depth as the controlled screen in the window. To screen capture a controlled client’s screen: 1 Control a client computer. 2 Click the “Capture screen to a file” button in the control window toolbar. 3 Name the new file. 4 Click Save. Switching Control Session Between Full Screen and In a Window You can control a computer either in a window, or using the entire administrator computer screen. The “Fit screen to full display” toggle button changes between these two modes. In full screen mode, the client computer screen is scaled up to completely fill the administrator screen. In addition to the client screen, there are a number of Apple Remote Desktop controls still visible overlaying the client screen. In in-a-window mode, you can switch between fitting the client screen in the window or showing it actual size, possibly scrolling around the window to see the entire client screen. See “Switching the Control Window Between Full Size And Fit-To-Window” on page 80 for more information. To switch between full screen and in-a-window modes: 1 Control a client computer. 2 Click the “Fit screen to full display” button in the control window toolbar.82 Chapter 7 Interacting with Users Sharing Clipboards for Copy and Paste You can transfer data between the Clipboards of the administrator and client computer. For example, you may want to copy some text from a file on the administrator computer and paste it into a document open on the client computer. Similarly, you could copy a link from the client computer’s web browser and paste it into the web browser on the administrator computer. The keyboard shortcuts for Copy, Cut, and Paste are always passed through to the client computer. To share clipboard content with the client: 1 Control a client computer. 2 Click the “Get the remote clipboard contents” button in the control window toolbar to get the client’s Clipboard content. 3 Click the “Send clipboard contents to the remote clipboard” button in the control window toolbar to send content to the client’s Clipboard. Controlling VNC Servers Virtual Network Computing (VNC) is remote control software. It allows a user at one computer (using a “viewer”) to view the desktop and control the keyboard and mouse of another computer (using a VNC “server”) connected over the network. For the purposes of these instructions, VNC-enabled computers are referred to as “VNC clients.” VNC servers and viewers are available for a variety of computing platforms. Remote Desktop is a VNC viewer and can therefore control any computer on the network (whether that computer is running Mac OS X, Linux, or Windows) that is:  Running the VNC server software  In an Apple Remote Desktop computer list If the you are trying to control a VNC server which is not Remote Desktop, it will not support Remote Desktop keystroke encryption. If you try to control that VNC server, you will get a warning that the keystrokes aren’t encrypted which you will have to acknowledge before you can control the VNC server. If you chose to encrypt all network data, then you will not be able to control the VNC server because Remote Desktop is not able to open the necessary SSH tunnel to the VNC server. For more information, see “Encrypting Observe and Control Network Data” on page 75. These instructions assume the observed computer has been added to an Apple Remote Desktop computer list (see “Finding and Adding Clients to Apple Remote Desktop Computer Lists” on page 49). When adding a VNC server to an Apple Remote Desktop computer list, you only need to provide the VNC password, with no user name. To control a VNC client computer: 1 Select a computer list in the Remote Desktop window.Chapter 7 Interacting with Users 83 2 Select one computer from the list. 3 Choose Interact > Control. If the controlled computer’s screen is larger than your control window, the screen scrolls as the pointer approaches the edge of the window. 4 To customize the control window and session, see “Control Window Options” on page 79. 5 Use your mouse and keyboard to perform actions on the controlled computer. Regardless of your Apple Remote Desktop preferences, controlled VNC servers share keyboard and mouse control. The remote computer’s keyboard and mouse are active and affect the computer just as the administrator computer’s keyboard and mouse do. Setting up a Non–Mac OS X VNC Server This section contains very basic, high-level steps for setting up a non–Mac OS X client to be viewed with Remote Desktop. This section cannot give detailed instructions, since the client operating system, VNC software, and firewall will be different. The basic steps are: 1 Install VNC Server software on the client computer (for example, a PC, or a Linux computer). 2 Assign a VNC password on the client computer. 3 Make sure the client’s firewall has the VNC port open (TCP 5900). 4 Make sure “Encrypt all network data” is not selected in the Security section of the Remote Desktop Preferences. 5 Add the computer to the Remote Desktop’s All Computers list using the client’s IP address. 6 Put the client computer’s VNC password in the Remote Desktop authentication box. There is no user name for a VNC server, just a password. Apple Remote Desktop Control and the PC’s Ctrl-Alt-Del If you use Remote Desktop to administer a PC that’s running VNC, you may be wondering how to send the Ctrl-Alt-Del command (Control-Alternate-Delete) from a Mac to the PC. Though Mac and PC key mappings differ, you can use an alternate key combination to send the command.  For full-size (desktop) keyboards, use Control-Option-Forward Delete.  For abbreviated keyboards (on portable computers), use Function-Control-OptionCommand-Delete.84 Chapter 7 Interacting with Users VNC Control Options After you have added a VNC server to a computer list (or when you are first adding it), you can set a custom port for VNC communication, and you can designate a display to control. To set a custom port on an existing computer list member: 1 Select a computer list in the Remote Desktop window. 2 Select a VNC Server computer in the Remote Desktop window. 3 Choose File > Get Info. 4 Click Edit in the Info window. 5 At the end of the IP Address or fully qualified domain name, add a colon followed by the desired port. For example, if you want to connect to a VNC server (vncserver.example.com) that is listening on TCP port 15900, you would enter: vncserver.example.com:15900 6 Click Done. To set a custom VNC port when adding a computer by address: 1 Choose File > Add By Address. 2 Enter the IP address or fully qualified domain name. 3 At the end of the IP Address or fully qualified domain name, add a colon followed by the desired port. For example, if you want to connect to a VNC server (vncserver.example.com) that is listening on TCP port 15900, you would enter: vncserver.example.com:15900 4 Enter the user name and password. 5 Click Add. To designate a display to control: 1 Add a custom port number, as described above. 2 Use the display number for the last number in the custom port designation (display designations start at 0 for the default primary display). For example, f you want to control the default display on a VNC server (vncserver.example.com) that is listening on TCP port 5900, you would enter: vncserver.example.com:5900 If you want to control the second display, you would enter: vncserver.example.com:5901Chapter 7 Interacting with Users 85 If you want to control the third display, you would enter: vncserver.example.com:5902 Configuring an Apple Remote Desktop Client to be Controlled by a VNC Viewer When configured to do so, an Apple Remote Desktop client can be controlled with a non–Apple VNC viewer. Allowing a non–Apple VNC viewer access to an Apple Remote Desktop client is less secure than using Remote Desktop to control the client. The non–Apple VNC software expects the password to be stored in a cryptographically unsecured form and location. To configure a client to accept VNC connections: 1 On the client computer, open System Preferences. 2 Click Sharing, select Apple Remote Desktop, then click Access Privileges. 3 Select “VNC viewers may control screen with the password.” 4 Enter a VNC password. 5 Click OK. Observing You may not want to control a computer, but merely monitor what is on its screen. Observing a remote computer is similar to controlling one, except your mouse movements and keyboard input are not sent to the remote computer. Apple Remote Desktop client computers can be observed on any administrator computer that has the “Observe” permission set. See “Apple Remote Desktop Administrator Access” on page 59 for more information about Apple Remote Desktop permissions. Warning: Do not use the same password as any user or Apple Remote Desktop administrator. The password may not be secure.86 Chapter 7 Interacting with Users Remote Desktop allows you to observe multiple clients on the same screen, cycling through the list of observed computers. This allows you to monitor many screens without having to select each one individually. Dealing With Many Client Screens When observing a single client, you can see the client window at full size, or scaled it to fit the observe window. To switch between the full size and fitting to the window, click the Fit to Window button, just as you would in a control window. If you’re observing more clients than you’ve chosen to fit on one screen, you can cycle through multiple pages by clicking the Previous or Next button. Cycle Pages: Use these buttons to manually switch to the previous or next page of screens. Getting More Information on Observed Clients There is a computer information area beneath each of the observed desktops. It’s automatically disabled when the administrator is viewing more computers than the computer information area is able to show effectively (a threshhold of about 220 pixels across). This could happen if:  the initial selection of computers is too great for the window sizeChapter 7 Interacting with Users 87  the observe window is resized, shrinking the information beneath the threshold  the setting for the number of viewed machines is changed The computer information area is reenabled when the sizes are returned to more than the image size threshhold. Changing Observe Settings While Observing While you are observing multiple computers, you can adjust the Apple Remote Desktop observe settings using the controls at the top of the observe window. These settings will be visible after clicking View Options in the toolbar. To change your observe settings:  Page Delay: Adjust the number of seconds before automatically advancing to the next page of screens.  Computers per page: Adjust the number of client screens visible on each page.  Image Quality: Adjust the screen color depth from black and white to millions of colors.  Titles: Change the titles of the displayed screens in the computer information area.  Account Picture: Add the currently logged-in user’s account picture under each observed desktop. See “Viewing a User’s Account Picture While Observing” on page 88 for more information.  Computer Status: Add a status overview icon underneath the observed desktop. See “Viewing a Computer’s System Status While at the Observe Window” on page 88 for more information.88 Chapter 7 Interacting with Users Changing Screen Titles While Observing While you are observing multiple computers, you can change the title underneath the desktops shown in the observe window. The main title can be the:  Name (the computer sharing name)  IP Address  Host Name To change your observe window titles: 1 Click View Options in the observe window’s toolbar. 2 Select Display Computer Information. 3 From the Title pop-up menu, select the desired title. 4 Click Done. Viewing a User’s Account Picture While Observing Remote Desktop can display the user’s account picture and a user-created status underneath the observed desktop. The user’s account picture is their system login icon, so it might be either a picture taken from an iSight camera, or a custom image selected in the Accounts pane of System Preferences. To view a user’s account picture: 1 Click View Options in the observe window’s toolbar. 2 Select Display Computer Information. 3 Select Account Picture. 4 Click Done. Viewing a Computer’s System Status While at the Observe Window Remote Desktop can display certain system status information underneath the observed desktop. This information gives you a basic assessment of the following service statistics:  CPU Usage  Disk Usage  Free MemoryChapter 7 Interacting with Users 89 There are two levels of detail for system statistics. The top level is a single icon (a red, yellow, or green icon). You show the second level of detail by placing the mouse pointer over the high-level status icon. The icon changes to an “i” and you can click the “i” to get more information. Clicking the icon exposes per-service status icons: Icon Indicates or One or more service statistic is red. This takes precedence over any yellow or green indicator. or One or more service statistic is yellow This takes precedence over any green indicator. Service is operating within established parameters. No service informaiton available. Service Icon Status CPU Usage Usage is at 60% or less Usage is between 60% to 85% Usage is at 85% or higher No status information is available DIsk Usage Usage is at 90% or less Usage is between 90% and 95% Usage is at 95% or higher No status information is available Free Memory Less than 80% used Between 80% and 95% used90 Chapter 7 Interacting with Users To show system status in the observe window: 1 Click View Options in the observe window’s toolbar. 2 Select Display Computer Information. 3 Select Computer Status. 4 Click Done. Shortcuts in the Multiple Screen Observe Window You can access several Apple Remote Desktop commands using icons in the observe window. You can customize the observe window with the commands that are most useful to you. For example, you may want to access the Copy Items command, the Text Chat command, and the Lock Screen command, using the buttons in the observe window toolbar. You perform Remote Desktop tasks on any computer by selecting its screen and choosing a task from the Remote Desktop menus or the observe window toolbar. Regardless of your toolbar customizations, you’ll be able to advance through pages manually, change the titling of the observed screens, change the number of client screens per page, change the number of seconds before paging, or change the color depth of the observed screens. Observing a Single Computer When you observe a single computer, the observed screen appears in a window on your administrator computer. If a screen saver is active when you observe the screen, the screen saver remains in effect. The observe window contains a “Share mouse control” button to switch to controlling the screen. To observe a single computer: 1 Select a computer list in the Remote Desktop window. 2 Select a computer in the Remote Desktop window. 3 Choose Interact > Observe. If the observed computer’s screen is larger than the observe window, the screen will scroll as the pointer approaches the edge of the window. 4 To customize the single-client observe window and session, see “Control Window Options” on page 79. The observe window’s options are the same as those of the control window. Over 95% used No status information available Service Icon StatusChapter 7 Interacting with Users 91 Observing Multiple Computers When you observe multiple client computers, each client screen is scaled down, so that several computers can be viewed at the same time. You can set the number of client screens that appear at any one time. See “Setting Preferences for the Remote Desktop Administrator Application” on page 36 for more information. If a client has a screen saver running when you start observing, the screen saver remains in effect. The screens will cycle through the entire list of selected computers, a few at a time, switching every 30 seconds, altered by the speed setting. To observe multiple computers: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Interact > Observe. The remote computer screens appear in a window. Observing a Computer in Dashboard If you are using Mac OS X version 10.4 or later, you can use the Dashboard widget to observe one client computer. The computer must be in your All Computers list and be authenticated with permission to Observe. Apple Remote Desktop does not have to be launched to use the widget. To observe using Dashboard: 1 Add the computer to your All Computers list. See “Finding and Adding Clients to Apple Remote Desktop Computer Lists” on page 49 for detailed information. 2 Activate Dashboard, and click the widget’s icon to run it. 3 Click the widget’s “Info” button to flip the widget over. 4 Supply a hostname or IP address, login name, and password or simply select the computer you want to observe (if it’s listed). 5 Click Done.92 Chapter 7 Interacting with Users Sending Messages Apple Remote Desktop allows you to communicate with users of Apple Remote Desktop client computers using text messaging. You can use text messages to give instructions or announcements, to collaborate remotely, or troubleshoot with users. There are two types of text messaging: one-way messages and two-way interactive chat. Text messages and chat are available only to Apple Remote Desktop client computers; they are not available to VNC client computers. Sending One-Way Messages You can use a one-way text message to send announcements or information to users client computers. The announcements appear in front of open application windows and can be dismissed by the user. To send a one-way text message: 1 Select a computer list in the Remote Desktop window. 2 Select one computer from the list. 3 Choose Interact > Send Message. 4 Enter your message. 5 Click Send. The text message appears on the screen of all the selected computers. Interactive Chat You can start an interactive text chat with the user of an Apple Remote Desktop client computer. This allows instant feedback from users, so you can collaborate or troubleshoot. To begin an interactive chat: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Interact > Chat. 4 Enter your message, one line at a time. The message appears real-time on the user’s screen as you type.Chapter 7 Interacting with Users 93 5 Press the Return key to complete and send each line. Viewing Attention Requests After a client user sends an attention request, the Apple Remote Desktop administrator can read the attention request text. To view attention requests: 1 Choose Window > Messages From Users. 2 Select the message you want to view. 3 Click Display to view the request’s message. Sharing Screens Apple Remote Desktop allows you to show your screen (or the screen of a client computer in your list) to any or all Apple Remote Desktop client computers in the same computer list. You can, for example, show a presentation to a classroom of computers from a single computer. Sharing a Screen with Client Computers You can share a client computer’s screen, or the administrator’s screen, with any number of clients. The client screen displays what is on the shared screen, but cannot control it in any way. To share a computer’s screen: 1 Select a computer list in the Remote Desktop window. 2 Select on or more computers in the selected computer list. These computers include the target computers and the source computer. 3 Choose Interact > Share Screen. 4 Select the screen to be shared. If you want to share the Apple Remote Desktop administrator screen, select “Share your screen.” If you want to share a client screen, select “Share a different screen,” and drag a computer from an Apple Remote Desktop computer list to the dialog. 5 Click Share Screen. The selected computer shows the shared computer screen. If the target computer’s screen resolution is lower than the shared computer’s, only the top left part of the shared screen (up to the lowest screen resolution) is seen on the target screen.94 Chapter 7 Interacting with Users Monitoring a Screen Sharing Tasks You may want to keep track of the screen sharing tasks you have begun. You can get information on all active screen sharing tasks, and can sort the tasks by time started, source screen, or target computers. To view current active screen sharing tasks: m Choose Window > Active Share Screen Tasks. Interacting with Your Apple Remote Desktop Administrator Users of Apple Remote Desktop client computers can initiate contact with a Remote Desktop administrator. Clients can ask for attention from the administrator, or cancel that attention request. Additionally, users of Apple Remote Desktop client computers can set an identifying icon for a Remote Desktop administrator to view. The Remote Desktop administrator can choose whether to view the icon or not. Requesting Administrator Attention At times, Apple Remote Desktop client computer users need to get the attention of the Apple Remote Desktop administrator. If an Apple Remote Desktop administrator is currently monitoring the client computer, the client user can send an attention request. To request administrator attention: 1 Click the Apple Remote Desktop status icon and choose Message to Administrator. The attention request window appears. 2 If the network has more than one Apple Remote Desktop administrator available, choose an administrator from the “Send message to” pop-up menu. 3 Enter the message. 4 Click Send. The attention request icon appears on the administrator’s screen.Chapter 7 Interacting with Users 95 Canceling an Attention Request If a user no longer needs the Apple Remote Desktop administrator’s attention, he or she can cancel the attention request after it has been sent. To cancel an attention request: 1 Click the Apple Remote Desktop status icon and choose Message to Administrator. 2 Click the Apple Remote Desktop status icon in the menu bar and choose Cancel Message. Changing Your Observed Client Icon By default, the icon that the Remote Desktop administrator sees while observing is the login icon for the currently logged-in user. If you had an iSight camera active when setting up your computer, you may have taken a picture of yourself for your user icon. You can change this icon, and it will change on the administrator’s observation screen. To change your login icon: 1 Prepare the picture you want to use. You could use a graphic file, or take a picture using an iSight camera. 2 Open System Preferences. The System Preferences application launches. 3 Select the Accounts pane. 4 Select your account, and choose the Picture button. 5 Replace your current account picture with the new picture. 6 Close System Preferences.8 96 8 Administering Client Computers Apple Remote Desktop gives you powerful administrative control. You can manually or automatically get detailed information about every computer, install software, and maintain systems from a single administrator computer. This chapter describes Remote Desktop’s capabilities and gives complete instructions for using them. You can learn about:  “Keeping Track of Task Progress and History” on page 96  “Installing Software Using Apple Remote Desktop” on page 101  “Upgrading Software” on page 105  “Copying Files” on page 106  “Creating Reports” on page 111  “Maintaining Systems” on page 127  “Managing Computers” on page 135  “UNIX Shell Commands” on page 143  “Automating Functions” on page 152 Keeping Track of Task Progress and History The task history area is on the left side of the Remote Desktop window (see “Remote Desktop Main Window” on page 29) with all computer lists and scanners. Every time you execute a task (generating a report, copying a file, restarting a computer), the task name, affected computers, task result, and time you execute it is stored in the Task History window (accessible via Window > Task History). The Task History list, in the main Remote Desktop window, shows the task name and result. You can collapse the Task History list to reduce its size. You can select a task in the Task History list to see some information about it, and double-click it to view a more detailed description of the task, as well as the computers involved with it. Tasks in progress appear in the Active Tasks list, where you can stop and restart them.Chapter 8 Administering Client Computers 97 Remote Desktop keeps track of three kinds of task progress: active, Task Server, and completed. Active tasks are those which are currently being processed by the client computers, and the client computers have not all reported back to the administrator console. Some tasks are so short that they only briefly appear in the list of current tasks; other tasks may take a long time and remain there long enough to return to the task and view the progress as it happens. The Active Tasks list is located in the left side of the Remote Desktop window, and has a disclosure triangle to expand or hide the list. Task Server tasks are those which have been assigned to the task server (either the one running on the administrator’s computer, or a remote one) which have not yet completed for all the task participants. Completed tasks are those which have received a task status for all participating client computers. The task description and computer list then moves to the task history list. The task history list is located in the left side of the Remote Desktop window, and has a disclosure triangle for expanding or hiding the list. In addition to the task status and notification features of Remote Desktop, you can set a task notification shell script to run when any task has completed. This script is for all tasks, but it can be as complex as your needs require. Enabling a Task Notification Script When a task completes, Remote Desktop can run a script that you create. This script is for all completed tasks, and it must be a shell script. There is a default notification script provided, which you can customize for your needs. The script must be a shell script, but you can use various other scripting environments like AppleScripts with the osascript command. To enable a task notification script: 1 Make sure you are logged in as an administrator user. 2 Open Remote Desktop. 3 Choose Remote Desktop > Preferences. 4 Click the Tasks button. 5 Select “Enable task notification script.” 6 Choose the location of the script. The default notification script is located at /Library/Application Support/Apple/Remote Desktop/Notify. 7 Close the Preferences window.98 Chapter 8 Administering Client Computers Getting Active Task Status When you get a task’s current status, you see the progress of the task, the computers involved, and their feedback to the administrator computer. To get status on a currently running task: 1 Select the Active Tasks list. 2 Select the desired task in the Remote Desktop window. The task status and computers involved are shown in the Remote Desktop window. You can make sure the main window always shows the currently running task in the main work area by setting a preference. Otherwise, the main window will continue to show the last selected computer list. To automatically show task status in the main window: 1 Make sure you are logged in as an administrator user. 2 Open Remote Desktop. 3 Choose Remote Desktop > Preferences. 4 Click the Tasks button. 5 Select “Always change focus to active task.” 6 Close the Preference’s window. Using the Task Feedback Display You can use the task feedback display to:  Retry a task on selected computers  Cancel a task in progress Tasks in progress appear in the Active Tasks list, where you can stop them, or run them again. To use the task feedback window: 1 Select the task in the task history list or active task list. 2 Change the task as desired: a Click the retry button to perform the task again. b Click the stop button to cancel the active task. Stopping a Currently Running Task If a task is in progress and Remote Desktop is still waiting for feedback from the client computers, you can stop the task. You use the Active Tasks list to stop the command in progress.Chapter 8 Administering Client Computers 99 To stop a currently running task: 1 Select the Active Tasks list. 2 Select the desired task in the Remote Desktop window. The task status and computers involved are shown in the Remote Desktop window. 3 Click the Stop button in the top-right of the main window. Getting Completed Task History After a task has received feedback from all the involved client computers, or they have experienced a communication time-out, the task is moved to the Task History list. The Task History list is located in the left side of the Remote Desktop window, and has a disclosure triangle to expand or hide the list. This list stays populated as long you’ve set in the Remote Desktop preferences. The Task History list can also be viewed in a separate window with the tasks sorted by date. To get status on a completed task: 1 Open the Task History list using the disclosure triangle. 2 Select the desired task in the Remote Desktop window. The final task status and computers involved are shown in the Remote Desktop window. or m Select Window > Task History. The final task status and computers involved are shown in a separate window. Saving a Task for Later Use You may want to save a task for later, repeated use. If you find yourself repeating certain tasks, you can save those tasks and the information about which computers go with them. Observe and Control tasks cannot be saved. Saved tasks appear in a list on the left side of the Remote Desktop main window. To save a task for later use: 1 Open the task you want to save. For example, if you want to save a Copy Items task, select Manage > Copy Items. 2 Configure the task as desired. 3 Before executing the task, click Save. 4 Name the saved task. The task appears in a list on the left side of the Remote Desktop main window.100 Chapter 8 Administering Client Computers Creating and Using Task Templates In each task configuration dialog, you can save a task’s settings to a template to reuse for future tasks of that same type. For example, if you always use certain copy options for a Copy Items task, you can save those settings as a template, and have them apply to any newly created Copy Items task. Once a task template is saved, you can select any one of the saved templates from the Templates pop-up menu. Selecting a template automatically configures the dialog box according to the saved template. If you want to perform a task similar to an existing template, you start with that template using the Template pop-up menu, then you customize the resulting task configuration dialog after applying the template. For example, if you always want to use the same Copy Items options, but you want vary the group of computers you apply it to, you create a task template by configuring the copy options dialog without selecting target computers and then saving it via the Templates pop-up menu. Then whenever you make a new Copy Items task with target computers selected, you can apply the saved settings by selecting those settings from out of the Templates pop-up menu and add your own settings afterward. You are free to make as many templates as you want either from existing templates or from scratch. Once saved, a template can be made the task’s default, with all new instances of the task opening with the default template settings. You can also edit the task template list from the Template pop-up list, removing a template, or making it the task default. There are existing, built-in templates for the Send UNIX Command task which can not be removed, see “Send UNIX Command Templates” on page 143 for more information. Note: Templates are only stored for their own task type. For example, Copy Items saved templates are not available for use with Rename Computer tasks, etc. To create a task template: 1 Open a task configuration window. You can use existing saved tasks, or a newly created task. 2 Configure the task as desired. 3 Click the Template pop-up menu, and select Save as Template. 4 Name the template, and click OK. To apply a task template: 1 Open a task configuration window. You can use existing saved tasks, or a newly created task. 2 Click the Template pop-up menu, and select the template you want. The settings in the template are now applied to the dialog window. 3 If desired, customize the task further.Chapter 8 Administering Client Computers 101 Editing a Saved Task You may want to change a previously saved task, changing whether what the task does or changing the target computers. To edit a saved task: 1 Double-click the saved task you want to edit. Alternatively, you could use Control-click or right-click and choose Edit Task from contextual menu. 2 In the task description window, change the task parameters. You can alter task preferences, and change the computer list. Remove computers by selecting them and pressing the Delete key; add computers by dragging them from a list to the task. After a task is completed, the task name, result, and time you last ran it are stored for review. The task feedback window gives a detailed account of the task, and reports success or failure for each participating client computer. To view the task feedback window: m Select the task in the Task History list. Installing Software Using Apple Remote Desktop There are several methods you can use to install software with Apple Remote Desktop. The following section describes how to install software using installer packages and metapackages, using the copy command in Remote Desktop, using installers made by other software companies, or using NetBoot or Network Install. Installing by Package and Metapackage You can install new software automatically and without user intervention by copying installer packages (.pkg or .mpkg files) to one or more remote clients. Apple Remote Desktop copies the package to the computers you choose, runs the installer with no visible window or user interaction required, and then erases the installer files on completion. Warning: Distributing copyrighted software without the appropriate license agreement is a violation of copyright law.102 Chapter 8 Administering Client Computers You can choose to initiate the installation of a package from the designated Task Server rather from a Remote Desktop task. This allows you to install packages on to computers that may not be connected to the network (with a status of “Offline”) when you run the task. The Task Server monitors the network for the next time the offline client comes online again. Then the Task Server performs the installation. For more information about designating a Task Server, see “Using a Task Server for Report Data Collection” on page 112 and “Designating the Task Server and Setting the Report Data Collection Location” on page 154. For detailed instructions about installing via the Task Server, see “Installing Software on Offline Computers” on page 103. You can install multiple packages in succession. When you execute installation of multiple packages, Remote Desktop copies over all the selected packages and then installs them. It also detects whether a restart is required and will give you a visual cue. You can tell the task to restart the computers upon completion, or restart the computers manually later. It is not possible to stop the installation of a package. Once the installation starts, it will complete (assuming no errors occur on the client). However, you can click the Stop button to stop remaining packages from being copied over and therefore halt the install. Alternatively, an administrator can use the PackageMaker application (available on the Apple Remote Desktop CD or with the Apple Developer Tools) to create a metapackage that contains several installers to be run in sequence. In addition to creating metapackages, you can also use PackageMaker to create packages for custom software that your organization may have developed. More information about making and using packages and metapackages is available on the Apple Developer Connection website: developer.apple.com To copy and install software using a .pkg file: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Install Packages. 4 Select a .pkg or .mpkg file to install. Alternatively, you can drag an installer package on to the package list window. 5 Select whether to restart the target computers after installation. 6 Select the option to run the task from “This application.” This option is preferable when installing on computers that are all currently online. If you want to install the software via a Task Server, see “Installing Software on Offline Computers” on page 103.Chapter 8 Administering Client Computers 103 7 Select other installation parameters, as desired. For more information on the available options, see “Copy Options” on page 107. Note: Client computers are not restarted automatically after an installation is complete unless explicitly selected in the task command. 8 Click Install. During installation, a progress bar appears in the task header in the main window. No progress bars appear on the client computer. The copied package is deleted from the client computer if an error occurs during installation. However, a failed installation may leave behind other files created by the installer. Installing Software on Offline Computers Using Apple Remote Desktop, you can install software on a computer that is not currently connected to the network (with a status of “Offline”). The installation does not occur when initially ordered, but when the offline computer next becomes available. The installation itself is handled by a designated Task Server. The Task Server will continue to monitor the network for the next time the offline client comes online again. For more detailed information about setting up and using a Task Server, see “Designating the Task Server and Setting the Report Data Collection Location” on page 154. To install software on offline clients: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. Any or all may be offline. 3 Choose Manage > Install Packages. 4 Select a .pkg or .mpkg file to install. Alternatively, you can drag an installer package into the Packages list. 5 Choose whether to run the task from the Task Server designated by Remote Desktop’s preferences. To set up or alter the Task Server, see “Using a Task Server for Report Data Collection” on page 112 and “Designating the Task Server and Setting the Report Data Collection Location” on page 154. 6 Select other installation parameters, as desired. For more information on the available options, see “Copy Options” on page 107 and “Installing by Package and Metapackage” on page 101. 7 Click Install.104 Chapter 8 Administering Client Computers Installing by Using the Copy Items Command Many applications can be installed simply by copying the application or its folder to the client computer. Consult the application’s documentation to verify that you can simply copy the application to the hard disk to install it. To install software by copying: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Copy Items. 4 Add software to the “Items to copy” list. For more information, see “Copying Files” on page 106. Repeat this step until all the software you want to copy is in the list. 5 Select a destination. There are several preset locations available in the “Place items in” pop-up menu, including the Applications folder. If you do not see the location you want, you can specify a full pathname. 6 Select your copy options. See “Copy Options” on page 107 for more information on the available options. 7 Click Copy. The software is copied to the indicated location. If the copy operation is unsuccessful, an error message appears in the task feedback window. Using Installers from Other Companies The Install Packages command only works with installers that use the .pkg or .mpkg file format, and some applications can’t be installed by simply copying the application to the hard disk. To install software using installers with different file formats, you use a combination of tasks. To install software with third-party installers: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Copy Items. 4 Add the software installer to the “Items to copy” list. For more information, see “Copying Files” on page 106. 5 Select a copy destination. 6 Select After Copying Open Items. 7 Click Copy.Chapter 8 Administering Client Computers 105 The software is copied to the indicated destination. If the copy is operation unsuccessful, an error message appears in the task feedback window. 8 Select a computer that received the copy of the installer. 9 Choose Interact > Control. 10 Control the screen of the selected computer and complete the installation process interactively. Upgrading Software Upgrading software is similar to installing software. However, the method of upgrading software depends on the original method of installation. As a general rule, upgrades should not be done while users have their applications open. Make sure the software to be upgraded is not running. Upgrading consists of three main tasks:  Finding out if a piece needs to be updated  Removing the old version  Installing the new version To upgrade software on client computers: 1 Run a Software Version report to determine what version of the software client computers have. See “Generating a Software Version Report” on page 118 to learn how to run the report. 2 Remove the old version of the software. If the software was originally installed using a package or metapackage, it should be removed automatically when you install the new version. If the software was originally installed using the Copy Items command, you can delete the old version, or simply replace the old version with the new version when you install the new version. If the software was originally installed using another company’s installer application, you may need to use an uninstaller before installing the new version. Consult the software’s manual for instructions on removing its software. If an uninstaller application is necessary, you can copy it to each of the client computers and run it remotely. Warning: Distributing copyrighted software without the appropriate license agreement is a violation of copyright law.106 Chapter 8 Administering Client Computers 3 Use the appropriate installation method to install the new version of the software. For more information, see:  “Installing by Package and Metapackage” on page 101  “Installing by Using the Copy Items Command” on page 104  “Using Installers from Other Companies” on page 104 Copying Files Apple Remote Desktop makes it easy to copy items (other than the system software) on one or more client computers. Copying files works fastest with a small number of files. For example, ten files that are 10 KB each generally take longer than one file that is 100 KB. Consider copying a single file archive (like a .zip or .sit file) to remote computers for faster copying. Remember that Mac OS X applications are bundles of many smaller files. Although the application you want to copy looks like a single file in the Finder, it may contain hundreds, or even thousands of smaller files. If a client computer is asleep when you attempt to copy items, Remote Desktop tries to wake the client. If it can’t wake the client and the copy does not proceed, you should use Remote Desktop to wake the target computer, and then attempt the copy again.Chapter 8 Administering Client Computers 107 If you choose to copy out to many client computers simultaneously, Remote Desktop uses network multicasts to send the files. If there is a significant number of multicast networking errors, Remote Desktop tries to copy individually to each client computer. Copy Options Each time you copy an item to a remote computer, you have the chance to customize the operation to allow fine-grained control of the location and file owner of the copied file, the network bandwidth used, and what to do in case of failure or duplicate files. Copy Destination Locations There are several preset destinations available in the “Place Items In” destination popup menu, including the Applications folder. If you do not see the destination you want, you can specify a full pathname. Owner and Group for Copied File By default, the copied files inherit the owner and group of the enclosing destination folder. For additional flexibility, you have several options for handing file ownership. You can:  Preserve current owner  Set the owner to the current console user  Specify user and group Encryption You can encrypt the copy transport stream to protect the data sent across the network. By selecting the “Encrypt network data” option, you exchange performance for security. This option is also available in the Install Packages dialog. Copy Failure Handling By default, if a single computer fails to get the copied file, the copy operation continues to all participating computers. However, there may be times when you want a copy operation to stop if one of the copies fails. You can choose to cancel the entire copy operation if one participating computer reports a failure. This option is also available in the Install Packages dialog. Network Bandwidth Limits File copies are done at the maximum sustainable rate for the network. This allows Apple Remote Desktop to use all the resources at its disposal to quickly and efficiently finish the copy. Depending on what else is being done on the network, you may want to explicitly limit the copy data transfer rate. You can set an approximate maximum data rate in kilobytes per second for file copies. This option is also available in the Install Packages dialog.108 Chapter 8 Administering Client Computers More Options When the Item Already Exists If an item with the same name as the item you selected to copy already exists at the destination, you have several options for handing the name conflict. You can:  replace the existing item  replace the existing item if the existing item is older  rename the existing item  rename the item being copied  always ask which of the above options you want to use Post-Copy Action You can choose to open a copied item immediately after it’s copied. If you select this option, the file will open with the parent application that created it. Copying from Administrator to Clients Using Apple Remote Desktop, you can copy items to any number of client computers simultaneously. To copy items to clients: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the Remote Desktop window (or any window). 3 Choose Manage > Copy Items. 4 Add software to the “Items to copy” list. Click the Add button to browse local hard disks for items to copy, or drag files and folders to the list. If you want to remove an item from the list, select the item and click Remove. Repeat this step until all the software you want to copy is in the list. 5 Select your copy options. See “Copy Options” on page 107 for more information on the available options. 6 If you want to schedule this event for another time, or set it to repeat, click the Schedule button. See “Scheduled Tasks” on page 155 for more information about scheduling events. 7 Click Copy. The software is copied to the indicated destination. If the copy is unsuccessful, an error message appears in the task feedback window.Chapter 8 Administering Client Computers 109 Copying Using Drag and Drop Using Apple Remote Desktop, you can copy items by dragging them between Finder windows on your administrator computer, the Remote Desktop window, and control windows. For example, you can drag an item from a Finder window to a selected computer in the Remote Desktop window. You can use this feature to collect needed files from remote computers or distribute files between remote computers. Copying from the Finder to a Client You can copy files, applications, or folders from the administrator’s Finder windows to remote computers. You can also drag items directly on to a control window. To copy items from the Finder to a client: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers or select the desired Control window. 3 Switch to the Finder. 4 Locate the item you want to copy in the Finder. 5 Drag the item you want to copy from the Finder to the selected clients in the Remote Desktop window or control window. Copying onto a Control window puts the file wherever you drop it. 6 Select your copy options. See “Copy Options” on page 107 for more information on the available options for copy tasks. 7 Click Copy. Copying from a Client to the Finder Using Apple Remote Desktop, you can copy files, applications, or folders from a remote computer to the administrator’s computer. The process requires that you find the file you want to copy, using a report or locating them in a control window. Note: Copied items retain their original owners and permissions. To copy items from a client to the administrator’s computer: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose a file search report to find the item. See “Finding Files, Folders, and Applications” on page 116 for more information. 4 Select the item you want to copy in the report window. 5 Drag the item you want to copy from the report window to the administrator’s Finder, or click the Copy To This Computer button in the menu bar of the report window.110 Chapter 8 Administering Client Computers Alternatively, you can drag items from a control window to the administrator computer’s desktop. Restoring Items from a Master Copy Your client computers can restore non-system software from a master copy. This is helpful if you want to make sure each client computer has the same software. You can automate the software restore process by using the instructions in “Automating Functions” on page 152. You may want to start by creating a disk image that contains the Mac OS X applications and items you want to copy. Alternatively, you can copy files from any local disk, such as a hard disk, CD, disk partition, or other disk. The Copy Items command does not copy system software that is hidden (that is, not visible in the Finder). It can copy the Applications folder, Library folder, and Users folder, as well as any folders at the root of the hard disk that were created by the computer’s administrator user. Important: You cannot use the Copy Items feature to copy Mac OS X system software to client computers To restore files using the Copy Items command: 1 Make a master copy of the volume that has the files to be restored. You can use any volume, such as a spare hard disk, a CD, or a mounted disk image (.dmg) file. 2 Mount the master copy volume on the administrator computer. Master copy volumes must be local volumes, not mounted from over a network. 3 Open Remote Desktop. 4 Select a computer list in the Remote Desktop window. 5 Select one or more computers in the selected computer list. 6 Choose Manage > Copy Items. 7 Add the master copy volume to the Copy Items list. 8 Select your copy options. See “Copy Options” on page 107 for more information on the available options for copy tasks. 9 If you want to schedule this event for another time or set it to repeat, click the Schedule button. See “Scheduled Tasks” on page 155 for more information about scheduling events. 10 Click Copy.Chapter 8 Administering Client Computers 111 Creating Reports Apple Remote Desktop allows you to query client computers for many kinds of information, from installed software to network speed and reliability. Creating reports gives you valuable information about the client computers. Reports also help when you’re copying files and organizing computer lists. Collecting Report Data There are three search strategies that Apple Remote Desktop uses when searching for report information: new data, cached data, and Spotlight data. With a new data search, the Remote Desktop application queries a client directly, and waits for the client computer to respond with the desired information. A new data search gets the most recent information, but takes longer since the client computer has to gather all the data and send it over the network to the waiting administrator computer. New data reports are also generated by clients whose reporting policy is set to send data only in response to a report query. See “Setting the Client’s Data Reporting Policy” on page 152. The next source of information is a cached data search. With a cached data search, the application queries Apple Remote Desktop’s internal database of collected system information (such as hardware information and system settings), file information (including installed applications and versions, and software names), or both. You determine how often the data is collected, and what type of data is stored. See “Setting the Client’s Data Reporting Policy” on page 152.112 Chapter 8 Administering Client Computers The database, which is a PostgreSQL database located at /var/db/RemoteManagement/ RMDB/ can be accessed using other tools besides Remote Desktop. To find out more about the database schema, see “PostgreSQL Schema Sample” on page 180. The last kind of new data search is a Spotlight search. This is not a static report on saved data in a database, but it’s an interactive search of the client computers. A Spotlight search can only be done on client computers running Mac OS X 10.4 or later. Spotlight searches a comprehensive, constantly updated index that sees all the metadata inside supported files—the “what, when and who” of every piece of information saved on your Mac—including the kind of content, the author, edit history, format, size, and many more details. Spotlight searches are “live” meaning that the window reflects changes in the found files even after the command is executed. Using a Task Server for Report Data Collection You can use a computer other than the administrator computer to collect your report data, if you have another unlimited-managed computer license for Apple Remote Desktop. Using a server that is always running and has the benefits of uninterrupted power and steady uptime, you can dedicate those computing resources to report data collection. Such a server is referred to as a Task Server. To use a Task Server, you need:  a computer that will be running when the clients are set to upload their report data  an unlimited license for the Remote Desktop server  a separate unlimited license for the administrator computer To set up a Task Server, you need to: 1 Install Remote Desktop on the server. See “Installing the Remote Desktop Administrator Software” on page 40. 2 Configure the server to be the Task Server. You do this via the server settings in the Remote Desktop preferences. See “Designating the Task Server and Setting the Report Data Collection Location” on page 154 3 Install Remote Desktop on the administrator computer. See “Installing the Remote Desktop Administrator Software” on page 40. 4 Configure Remote Desktop on the administrator computer to use the Task Server as its source for report data. You do this using the server settings in the Remote Desktop preferences. See “Designating the Task Server and Setting the Report Data Collection Location” on page 154. 5 Set the client reporting policy to tell clients to send report information to the Task Server.Chapter 8 Administering Client Computers 113 You do this using the Get Info window of any client computer or the client’s own Apple Remote Desktop preferences. See “Setting the Client’s Data Reporting Policy” on page 152 and “Creating a Template Data Reporting Policy” on page 153. Report Database Recommendations and Bandwidth Usage You can have a single Apple Remote Desktop data collection database for any number of clients. However, avoid having all the clients upload their report information at the same time. As the number of clients grows, the network usage from the clients as they upload their report data could come in bursts over a short period of time overwhelming the network buffer on the Task Server. In such a case, you will probably give yourself your own denial-of-service attack. Increasing the number of Task Server computers can divide the network and computing load among several computers for better performance and better network citizenship. However, since there is no way to aggregate report data across several collectors and display it on one administrator computer, you would need multiple administrators to balance your network load in this manner. If you use a single database for a large number of clients, it is recommended that you stagger the generation of report caches over the time between which you want to run reports. For example, if you normally run a report every week, then set 1/7th of your clients to rebuild caches on day one, another 1/7th for the next day and so on. Additionally, they should stagger the cache rebuild over the course of the day as well. It is recommended that you keep in a given list the minimum number of computers necessary for your purposes. When a list is selected, the clients in the list send status updates at a minimum of every 20 seconds. If you have a large number of clients in a list (for example, 1000), this makes about 50 updates a second. Creating more lists doesn’t create more resource overhead for Remote Desktop, and can allow you to quickly and easily administer the clients you want with a minimum wait. Depending on your network and list sizes, you may find that smaller lists may result in more productive and reliable administration. What Bandwidth Does the Default System Overview Report Use on a LAN? The average System Overview Report cache is about 20 KB. While reporting, the admin and clients will always try to use all available bandwidth (most IP-based client/server applications work this way). Therefore, on a 10Mbit/sec. network, the report data collection for a single client may use 100% of the bandwidth for a period of 0.016 seconds. Assuming a list of 1000 computers, all trying to report at the same time, this may use 100% of the bandwidth for 16 seconds. Naturally, faster networks will perform better, and networks with a slow bottleneck like a DSL or modem line perform worse.114 Chapter 8 Administering Client Computers System Report Size The file system data which is uploaded to the report database (labeled “File Search data” in the Scheduling sheet of the Task Server preference pane) contains a significant amount of data. For a client with 10 GB of files on the hard disk, the report data uploaded can easily reach 5 MB in size. With hundreds or thousands of clients, this amount can add up quickly and might tax network resources. In addition, by choosing to upload user accounting data and application usage data, you are further increasing the size of the uploaded data for any one client. Since you may not want to store all the possible information for a given client computer, you can customize which type of data is collected, as desired. Auditing Client Usage Information With Apple Remote Desktop, you can get detailed information about who has been using the client computers and how. There are two reports that help you audit information about how the clients are being used:  the User History report  the Application Usage report Generating a User History Report The User History report is used to track who has logged in to a computer, when they logged in and out, and how they accessed the computer. The client stores 30 days of accumulated data, so the requested time can’t be more than the last 30 days. The report shows the following information:  computer name  user’s short name  access type (login window, tty, SSH)  login time  logout time  remote login host (originating host to the login session: localhost, or some remote computer) Note: Multiple users logged in via Fast User Switching can lead to confusing or conflicting reports. When a second or third user logs in to a computer, there is no way of knowing which user is the active user. Session length may not reflect actual usage, and login and logout times overlap. User History report information is collected by default if you are installing Remote Desktop for the first time. If you have upgraded an older version of Remote Desktop, you need to enable its collection explicitly in the clients’ reporting policy. See “Setting the Client’s Data Reporting Policy” on page 152 for instructions.Chapter 8 Administering Client Computers 115 To generate a User History report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > User History. 4 Select the time frame for the user history information. 5 Click Generate Report. The newly generated report window appears. Generating an Application Usage Report The Application Usage report shows which applications have been running on a given client, their launch and quit time, and who launched them. The client stores 30 days of accumulated data, so the requested time can’t be more than the last 30 days. The following fields are shown by default in the report:  Computer name  Name of application  Launch date  Total running time  Time as frontmost application  User name of process owner  Current state of application Application Usage report information is collected by default if you are installing Remote Desktop for the first time. If you have upgraded an older version of Remote Desktop, you need to enable its collection explicitly in the clients’ reporting policy. See “Setting the Client’s Data Reporting Policy” on page 152 for instructions. To generate an Application Usage report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > Application Usage. 4 Select the time frame for application usage. 5 Click Generate Report. The newly generated report window appears.116 Chapter 8 Administering Client Computers Finding Files, Folders, and Applications Apple Remote Desktop allows you to search the contents of client computer hard disks for specific files, folders, or applications. Additionally, it can compare the results of such searches to the items on the administrator computer. These searches can compare software versions, fonts, applications, or installed packages. Using Spotlight to Find Items You can use Spotlight to find items on client computers. A Spotlight search can be done only on client computers running Mac OS X v10.4 or later. Spotlight searches are “live,” meaning that the window reflects changes in the found files even after the command is executed. Spotlight searches cannot be used for offline client computers. The Spotlight Search window is similar to the Spotlight Search window found locally on a Mac OS X v10.4 computer. It supports many of the same features and queries as Spotlight on a local computer. For more information on running a Spotlight search, see Spotlight Help. To search for software items using Spotlight: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Interact > Spotlight Search. 4 Choose the desired search parameters and enter a search term. The results are updated immediately in the window.Chapter 8 Administering Client Computers 117 The results of the search are listed in the pane at the bottom of the window. Note: The “Home” Spotlight search location means the Home folder of the currently logged in user. Generating a File Search Report The File Search report allows you to find up to a total of 32,000 items on selected computers. The items can be files, folders, or applications, but they can only be items accessible (or visible) in the Finder. The search parameters include:  Name  Parent path  Full path  Extension  Date created  Date modified  Size on disk  Kind  Version number  Version string  Owner  Group  Lock status The search parameters for Apple Remote Desktop are slightly different from those used by the Finder’s Find command. For example, Apple Remote Desktop does not search by visibility or by label. The report display can be customized as well. See “Changing Report Layout” on page 35 for more information. To search for software items: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > File Search. 4 Choose the desired search parameter from the pop-up menu and enter a search term. 5 If you want to customize the report display, do so now. For more information about the report display, see “Changing Report Layout” on page 35 for more information. 6 To search using new data, check Rebuild Data For Report; to search using saved data only, uncheck Rebuild Data For Report.118 Chapter 8 Administering Client Computers 7 Click Search. The newly generated report window appears. Comparing Software Apple Remote Desktop has several specialized reports for comparing software on client computers with software on the administrator computer. These reports can’t be run comparing two client computers. One computer in the comparison must be the administrator computer. Generating a Software Version Report The Software Version report compares application versions on client computers with application versions on the administrator computer. You can select up to 10 applications to compare. Command-line tools and unbundled Java (.jar) applications do not report their version. To generate a Software Version report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > Software Version. 4 Select the software you want to compare, from the application list. You can select up to 10 applications. If the application you want doesn’t appear in the list, click the Add (+) button to browse for the application. 5 To search using new data, check Rebuild Data For Report. 6 Click Generate Report. The newly generated report window appears. Generating a Software Difference Report The Software Difference report compares the applications, fonts, and installed packages of the selected client computers with those on the administrator computer. The resulting report lists the items compared, their version, location, and whether or not they were found on the selected client computers. The Software Difference report can compare all executable Mac OS X and Classic applications. Unbundled Java (.jar) applications and command-line utilities are not included in the report. The report can compare all the fonts in the /System/Library/ Fonts/ and /Library/Fonts/, as well as the Fonts folder for the currently logged in user. Comparing installed packages returns a list of all package receipts in /Library/Receipts/. You can use this report to find out if your clients have the applications or fonts they need. Comparing differences in installed packages can help you troubleshoot software conflicts, and keep your client computers up to date.Chapter 8 Administering Client Computers 119 To generate a Software Difference report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > Software Difference. 4 Select the software type you want to compare. Selecting Applications compares all executable applications. You can limit which folder on the administrator computer Remote Desktop uses to look for applications. Selecting Fonts compares all fonts in /Library/Fonts/, /System/Library/Fonts/, and user font directories. Selecting Installed Packages compares all package receipts in /Library/Receipts/. 5 To search using new data, select Rebuild data for report. 6 Click Generate Report. The newly generated report window appears. Auditing Hardware You can get a report about the hardware of any client computer. Hardware information can be accessed using a number of different reports. Although some basic hardware information can be found in the System Overview report, several more focused hardware reports provide more detailed information. To get a basic System Overview report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > System Overview. 4 Select or deselect hardware items as desired. 5 To search using new data, select Rebuild data for report. 6 Click Get Report. The newly generated report window appears.120 Chapter 8 Administering Client Computers Getting Serial Numbers Although there is no specific serial number report for Apple Remote Desktop, the serial number of any client is in the Computer section of the System Overview Report. In addition to using Apple Remote Desktop to retrieve a computer’s serial number, you could use the command-line tool systemprofiler with Apple Remote Desktop’s Send UNIX Command feature. To generate a serial number report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > System Overview. 4 Select Serial Number from the Computer section. 5 Select or deselect other items as desired. 6 To search using new data, check Rebuild Data For Report. 7 Click Get Report. The newly generated report window appears. Getting Storage Information The Storage report collects information about the client computer’s internal hard disks. It can get information about the hardware itself, the volumes on the disk, file system information, and journaling information for the disk. For a complete listing of Storage report options, see “Report Field Definitions Reference” on page 165. Basic information about hard disk volumes and size can also be found in the storage section of the System Overview report. To generate a Storage report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > Storage. 4 Select the hard disk information desired. 5 To search using new data, select Rebuild Data For Report. 6 Click Get Report. The newly generated report window appears.Chapter 8 Administering Client Computers 121 Getting FireWire Device Information The FireWire Devices report gets information about FireWire devices connected to the client computer. It can get the following information from a device:  Manufacturer  Model  Device speed  Software version  Firmware revision For more information about FireWire Devices report options, see “Report Field Definitions Reference” on page 165. The number of attached FireWire devices can also be found in the Devices section of System Overview report. To generate a FireWire Devices report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > FireWire Devices. 4 Select the FireWire information desired. 5 To search using new data, select Rebuild Data For Report. 6 Click Get Report. The newly generated report window appears. Getting USB Device Information The USB Devices report gets information on Universal Serial Bus devices (scanners, keyboards, mice, and so forth) connected to the client computer. It can get the following information from a device:  Product name and ID  Vendor name and ID  Device speed  Bus power amps For more information about the USB Devices report options, see “Report Field Definitions Reference” on page 165. Basic information about attached USB devices can also be found in the Devices section of the System Overview report.122 Chapter 8 Administering Client Computers To generate a USB Devices report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > USB Devices. 4 Select the USB device information desired. 5 To search using new data, select Rebuild Data For Report. 6 Click Get Report. The newly generated report window appears. Getting Network Interface Information The Network Interfaces report gets information for all network interfaces, including inactive interfaces. It also gets detailed network, output, and Ethernet statistics from client computers. The Network Interfaces report can be used to find network errors or faulty network equipment, troubleshoot network performance, and query the network settings of the client computers. All detailed statistics are refreshed when the client restarts, and address information may change if your client uses DHCP to get a network address. For a complete listing of Network Interfaces report options, see “Report Field Definitions Reference” on page 165. Basic information about network settings can also be found in the Network and AirPort section of the System Overview report. To generate a Network Interfaces report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > Network Interfaces. 4 Select the interface information desired. 5 To search using new data, select Rebuild Data For Report. 6 Click Generate Report. The newly generated report window appears.Chapter 8 Administering Client Computers 123 Getting Memory Information The Memory report gets specific information about the installed memory in a client computer. In addition to reporting how much memory the client has, it shows information about each memory module, including the module’s:  Slot identifier  Size, type, and speed Memory reports can be used for managing computer resources, hardware troubleshooting, or deciding which client computer can handle a memory-intensive application or task. For more information about the Memory report options, see “Report Field Definitions Reference” on page 165. Basic information about system memory can also be found in the Computer section of the System Overview report. To generate a Memory report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > Memory. 4 Select the module information desired. 5 To search using new data, select Rebuild Data For Report. 6 Click Get Report. The newly generated report window appears. Getting PCI Card Information The PCI Cards report gets information about the PCI cards installed in a client computer. It shows information about each PCI card, including each card’s:  Slot name  Card name, type, memory, and revision  Vendor and device IDs  ROM revision For more information about the PCI Cards report options, see “Report Field Definitions Reference” on page 165. Basic information about a client’s PCI cards can also be found in the Computer section of the System Overview report.124 Chapter 8 Administering Client Computers To generate a PCI Cards report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > PCI Cards. 4 Select the PCI card information desired. 5 To search using new data, select Rebuild Data For Report. 6 Click Get Report. The newly generated report window appears. Testing Network Responsiveness Apple Remote Desktop can test network responsiveness between your administrator computer and client computers. It sends network packets to the clients and reports the time taken to receive confirmation from the clients. You can choose how many network packets to send, how often they are sent, and how long the administrator computer waits for a reply before listing a packet as lost. To generate a Network Test report: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > Network Test. 4 Select the options you want. Choose the number of packets sent from the Packets pop-up menu (Total Packets to Send). Choose how often to send the send packets from the Interval pop-up menu (Interval Between Packets). Choose how long to wait before reporting a packet as lost from the Time Out pop-up menu (Packet Time Out). 5 Click Get Report. The newly generated report window appears. Evaluating the Network Test Report You can use the Network Test report to diagnose whether task failures in Apple Remote Desktop are due to network congestion or to some other factor. You may, for example, find that a Copy Items task is failing on a particular subnet, due to network congestion on that subnet.Chapter 8 Administering Client Computers 125 Here are some suggestions for evaluating your network performance based on this report:  The number of routers between your computer and another computer can affect the time the packets take to return. When you evaluate the times for a computer, you should compare them to the times for a computer in the same area of the network or with the same number of intervening routers.  If the maximum time for a packet to return from a computer is significantly greater than the time for other computers in the same area of the network, there may be a problem with the computer.  If a single computer has a large number of lost packets, there may be a problem with the network connection to that computer.  If several computers in the same area of the network have a large number of lost packets, there may be a network connection problem or a problem with an intervening router or bridge. Exporting Report Information You can export reports into a comma-delimited or tab-delimited text file. All the columns of information in the report window are included, and the report rows are exported in the order they’re sorted at the time of export. Exported reports can be put into a database, spreadsheet, or word processor for further analysis or organization, or be sent to another administrator. You could even use certain reports as input files for network scanners for Remote Desktop. Alternatively, you could access the report’s SQL database directly with your own SQL query tools or applications. Using standard SQL database queries you can get any or all information out of the report database for use with other applications or databases. To export a report: 1 Generate any report, and bring the report window to the front. 2 If desired, sort the report rows by selecting a new column to sort by. 3 If you do not want to export the entire report, select the rows to be exported. 4 Choose File > Export Window. 5 Name the file, and choose a location to save to. 6 Select a text encoding.  Western (Mac OS Roman): Best choice if the report information uses the Roman alphabet, and the exported document will be opened in an application or on an operating system that does not support Unicode text encoding (for example, some installations of Mac OS 9).  Unicode (UTF-8): Best choice if the exported file will be opened on Mac OS X and contains no Asian language characters (such as Chinese or Japanese).126 Chapter 8 Administering Client Computers  Unicode (UTF-16): Best choice if the report contains Asian language characters. 7 Select a field separator.  Tab: Inserts a Tab character between column values.  Comma: Inserts a comma between column values. 8 If you have selected only some rows of the report and want to export only the selected rows, select Export Selected Items Only. 9 Click Save. Using Report Windows to Work with Computers After you’ve created a report, you can use it to select computers and then do any of the following:  Create new computer lists. Select computers in the report window and select File > New List From Selection.  Generate other reports. Select any number of rows in a report window; then choose another report from the Report menu. The new report will be generated based on the computers in the selected rows.  Initiate any management task. Select any row in a report window; then choose a management task from the Manage menu. This has the same effect as selecting the computer in an Apple Remote Desktop computer list.  Interact with users. Select any row in a report window; then choose a task from the Interact menu. This has the same effect as selecting the computer in an Apple Remote Desktop computer list.  Delete a file from a computer. Select a file in any file or software report window and click the Delete button.  Copy an item to your computer. Select an item in any software report window and click Copy to This Computer.Chapter 8 Administering Client Computers 127 Maintaining Systems Apple Remote Desktop provides easy and powerful tools for maintaining client computers, including tasks such as deleting files, emptying the Trash, and setting computer startup options. Deleting Items If you delete a file from a client computer, it is moved to the client’s Trash. To delete an item from a client: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Report > File Search. 4 Find the software you want to delete, using the File Search report. For more information, see “Finding Files, Folders, and Applications” on page 116. 5 Select the item or items you want to delete in the File Search report window. 6 Click Delete Selected in the report window. 7 Click Delete.128 Chapter 8 Administering Client Computers Emptying the Trash Apple Remote Desktop allows you to empty the Trash on clients to free up disk space. To find out how much free disk space is on a computer, create a System Overview or Storage report using the Report menu. As a part of routine maintenance for client computers, you can free disk space by emptying the Trash. Emptying the Trash completely removes any items you’ve previously deleted on the client. You can use the System Overview report to see how much disk space you can recover by emptying the Trash. To empty the Trash: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Empty Trash. 4 Click Empty. Setting the Startup Disk Apple Remote Desktop can set the startup disk on any client computer. You can choose between a volume on a local hard disk or any available NetBoot volume. The startup disk must have a valid operating system installed on it. To set the startup volume on a local hard disk for multiple computers at once, the local volume name must be the same for all computers. Alternatively, you can set the startup disk to be a NetBoot volume provided by Mac OS X Server. This allows you to start up a number of clients from a NetBoot server. To set the startup disk: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Set Startup Disk. The list that appears shows the client’s local hard disk, a custom NetBoot server item, and a list of all available NetBoot and Network Install servers available on the local network subnet. 4 Choose the client’s local hard disk or a NetBoot server volume. 5 If you want to choose a specific local hard disk volume, select Hard Disk, click Edit, and enter the desired volume name. 6 If you want to choose a custom NetBoot server volume, enter the server IP address or fully qualified domain name, and the NetBoot volume name. 7 If desired, select Restart When Done.Chapter 8 Administering Client Computers 129 If you select Restart When Done, the client computer will restart after having its startup volume set. You need to have Restart privileges to use this option. 8 Click Set. Renaming Computers Apple Remote Desktop can set the name that a client computer uses for file sharing. You can rename multiple computers with the same name followed by a number (such as Computer1, Computer2, and so on). This is especially useful for differentiating client computers after a clean system installation. Note: The Rename Computer feature does not change the Local Hostname or the DNS name of a client computer. To rename a computer: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Rename Computers. 4 Enter the new computer name. 5 If desired, select “Append a unique number for each computer.” Selecting this option appends a unique number to the end of the computer name. For example, if you rename three computers “Computer,” the computers will be named “Computer1,” “Computer2,” and “Computer3.” 6 Click Rename. Synchronizing Computer Time Maintaining synchronized clocks across your clients is essential for management reliability. Synchronized times allow for more precise audits and allow you to accurately correlate events between clients on the network. In addition, many internet services rely on, or benefit from, clock times that are synchronized to a Network Time Protocol (NTP) server. Any scheduled event benefits from synchronized client time. All Mac OS X clients can be set to automatically synchronize their clocks with an NTP server. Mac OS X Server can be configured to act as an NTP server as well. In order to maintain synchronization across your clients, you should choose a single NTP server to synchronize to. Apple provides an NTP server at time.apple.com. Setting computer time requires the use of Apple Remote Desktop’s Send UNIX Command feature and its built-in command-line tool, systemsetup. See “Built-in Command-Line Tools” on page 147 for more information about the tool.130 Chapter 8 Administering Client Computers To synchronize client computer clocks: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Send UNIX Command. 4 Use the provided Templates for Send UNIX Command to set the time server (see “Send UNIX Command Templates” on page 143 for more information). a Select System Setup > Network Time from the Template pop-up menu. b Click Send. c Select System Setup > Network Time Server from the Template pop-up menu. Change the time server from time.apple.com to whichever time server you want, if desired. 5 Alternatively, manually enter the UNIX command. a Type or paste the following UNIX command: systemsetup -setusingnetworktime on -setnetworktimeserver b Set the user permissions for this command to be sent as the user “root.” 6 Click Send. Setting Computer Audio Volume You may want to standardize or otherwise configure the output volume of your computers. You could use this to silence a lab of computers all playing music, or turn up the volume on a single remote computer for a user’s benefit. You can also set the alert volume separately from the output volume and input volume. Additionally you can set “output muted.” Muting the volume causes the computer to remember what the previous volume level was and return to it when the sound is enabled again. Setting computer audio volume requires the use of Apple Remote Desktop’s Send UNIX Command feature, AppleScript, and the command-line tool osascript. See “UNIX Shell Commands” on page 143 for more information. See AppleScript’s StandardAdditions dictionary for information about using this tool. To set a computer’s audio volume: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Send UNIX Command. 4 Use the provided Templates for Send UNIX Command to set the computer volume (see “Send UNIX Command Templates” on page 143 for more information). a Select Miscellaneous > Volume On from the Template pop-up menu. b Set the desired volume level in the Send UNIX Task dialog.Chapter 8 Administering Client Computers 131 5 Alternatively, manually enter the UNIX command. a Type or paste the following UNIX command: osascript -e 'set volume output volume any_number_from_0-100' b or for Mac OS X v.10.3 clients enter or paste the following: osascript -e 'set volume any_number_from_0-7' 6 Click Send. Repairing File Permissions Sometimes a client’s system file permissions can be corrupted or changed from their expected values. In such a case, it may be necessary to manually repair the permissions on the client. Repairing permissions returns system and library files to their default settings. Repairing file permissions requires the use of Apple Remote Desktop’s Send UNIX Command feature, and the command-line tool diskutil. See “UNIX Shell Commands” on page 143 for more information. For information about using this tool, see diskutil’s man page. To repair a computer’s file permissions: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Send UNIX Command. 4 Type or paste the following UNIX command: diskutil repairPermissions / 5 Set the user permissions for this command to be sent as the user “root.” 6 Click Send. Adding Items to the Dock If you install software on your client computers by dragging and dropping, the file, folder, or application isn’t immediately added to the user’s Dock. The instructions provided here are a workaround for clients that are not part of a managed client environment. Note: Dock management is best done in a Mac OS X Server Workgroup Management environment. If you use Mac OS X Server to manage client settings and preferences, the correct place to change the Dock is within the management settings of Workgroup Manager. To add an application or other item to the Dock: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Send UNIX Command.132 Chapter 8 Administering Client Computers 4 Type or paste the following UNIX command (replace /Path_To_Application with your own path to the desired application, and be sure to include the application file extension, .app): defaults write com.apple.dock persistent-apps -array-add 'tiledatafile-data _CFURLString/Path_To_Application _CFURLStringType0 ';killall -HUP Dock Use “persistent-others” instead of “persistent-apps” if the item is anything other than an application. 5 Set the permissions for those of currently logged-in user. 6 Click Send. Changing Energy Saver Preferences You can get and change the settings found in the Energy Saver pane of System Preferences. You can change the computer sleep time, as well as other Energy Saver Options. You can set all the clients to have the same sleep time and even turn on the preference necessary for them to respond to the Apple Remote Desktop Wake command (“Wake for Ethernet network administrator access”). Changing the Energy Saver preferences requires the use of Apple Remote Desktop’s Send UNIX Command, and its built-in systemsetup command-line tool. See “Built-in Command-Line Tools” on page 147 for more detailed information about the systemsetup tool. To change the Energy Saver preferences: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Send UNIX Command. 4 Use the provided Templates for Send UNIX Command to set the energy saver preferences. a Select any one of the following Energy Saver items from the System Setup group:  Restart After Freeze  Restart After Power Failure  System Sleep Time  Display Sleep Time  Wake On Network Access  Wake On Modem Activity b Change the template values to the desired values, and click Send. 5 Alternatively, manually enter the UNIX command.Chapter 8 Administering Client Computers 133 a Type or paste the following UNIX command: systemsetup -setsleep minutes number_of_minutes_to_sleep -setwakeonmodem (on | off) -setwakeonnetworkaccess (on | off) -setrestartpowerfailure (on | off) -setrestartfreeze (on | off) b Set the permissions for this command to root. 6 Click Send. Changing Sharing Preferences for Remote Login Mac OS X’s Sharing System Preference pane allows you to enable or disable SSH login access to the computer. You can use Remote Desktop to change enable or disable a remote computer’s preference. Setting the remote login sharing preference requires the use of Apple Remote Desktop’s built-in command-line tool, systemsetup. See “Built-in Command-Line Tools” on page 147 for more detailed information about the tool. To change the Remote Login sharing preference: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Send UNIX Command. 4 Use the provided Templates for Send UNIX Command to set the Remote Login (SSH) setting (see “Send UNIX Command Templates” on page 143 for more information). a Select System Setup > Remote Login (SSH) from the Template pop-up menu. b Set the login for on or off. 5 Alternatively, manually enter the UNIX command. a Type or paste the following UNIX command: systemsetup -setremotelogin (on | off) b Set the permissions for this command to root. 6 Click Send. Setting Printer Preferences You can set the default printer for your client computers so that they all have the same default and configured printer. There are several ways to set up printer preferences for a client computer. If you have a computer whose printer setup is correct, you can use Remote Desktop to copy the necessary configuration files to the client computers. If you don’t have a configured computer available, you can use the command-line tools in Mac OS X to set the printer preference. Setting the printer preference via Remote Desktop involves using the Copy Items task. See “Copying from Administrator to Clients” on page 108 for more information.134 Chapter 8 Administering Client Computers To set up printer preferences using Copy Items: 1 Set up a client computer’s print preference using the Printer Setup Utility. 2 Use the Copy Items task to copy the following file and folder to all the target computers: /private/etc/cups/printers.conf /private/etc/cups/ppd/ Because these files are hidden in the Finder, you may have to use the Terminal or the Finder’s “Go to Folder” command to add them to the “Items to copy” list. 3 Choose a “Same relative location” as the copy destination. 4 Choose to replace existing items. 5 Click Copy. 6 Restart the client computers’ printer process by restarting the clients. If you are comfortable with the command-line, you can use Remote Desktop’s Send UNIX Command to configure all the client computer preferences at once. Setting printer preferences using Send UNIX Command requires the use of the built-in lpadmin command-line tool. For more information, see the lpadmin man page. To set up printer preferences using Send UNIX Command: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Send UNIX Command. 4 Type or paste the following UNIX command: lpadmin -p printer_name -E -v lpd://printer_and_queue_address -m printer_model_ppd_file -L “text_description_of_printer_location” 5 Set the user permissions for this command to “root.” 6 Click Send.Chapter 8 Administering Client Computers 135 Managing Computers Using Apple Remote Desktop, you can control multiple client computers simultaneously, issuing commands that are found in Mac OS X’s Apple menu (Log Out, Sleep, Restart, etc.), as well as other commands. Opening Files and Folders Apple Remote Desktop can open existing items (files, folders, and applications) on client computers. The item to open must be on the administrator computer, in addition to being on the client computers, and must have the same name, type, size, permissions, and file creation date as the item on the administrator computer. The Open Items command opens files in the application used to create them, if it exists on the client computer, or in the application assigned to open files with that file’s extension. Folders open in the Finder. Applications are opened, or brought to the front, if already open.136 Chapter 8 Administering Client Computers To open an item: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Open Items. 4 Click the Add (+) button and browse for the item on the administrator computer. Alternatively, drag the item from the administrator computer’s Finder to the Open Items dialog. 5 Click Open when the item is selected. The Open Items dialog shows the icon and name of the item to open. 6 Click Open. Opening Applications Apple Remote Desktop can open applications on client computers. The application to open must be on the administrator computer, in addition to being on client computers. If the application is already open, the Open Application command brings it to the front. You can open both Mac OS X and Classic applications with this command. The application on the administrator computer must have the same name, type, and permissions as the one to be opened on the client computer. To open an application: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Open Application. The Open Application dialog shows the applications installed and found in the Applications folder at the top level of the hard disk of the administrator’s computer. 4 Select the application or click the Add (+) button and browse to find the desired application on the administrator computer. Alternatively, drag the item from the administrator computer’s Finder to the Open Application dialog. The Open Application dialog shows the icon and name of the application to open. 5 Click Open.Chapter 8 Administering Client Computers 137 Quitting Applications Without Logging Out the User Apple Remote Desktop can quit running applications on client computers. You can quit both Mac OS X and Classic applications with this command. The administrator must be able to use the Send UNIX Command on the client computer. You can get more information on the killall command by seeing its man page. Note: Unsaved changes to documents on the client will be lost. To quit an open application: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Send UNIX Command. 4 Use the provided Templates for Send UNIX Command to quit an application (see “Send UNIX Command Templates” on page 143 for more information). a Select Miscellaneous > Quit Application from the Template pop-up menu. b Fill in the desired Application Name. 5 Alternatively, manually enter the UNIX command. a Type or paste the following UNIX command: killall “application_name” b Set the user permissions for this command to be sent as the user “root.” 6 Click Send. Putting a Computer to Sleep Apple Remote Desktop can put client computers to sleep. This has the same result as choosing the Sleep command on the client: the display sleeps, the hard disks spin down, and the computer’s central processor and network interface are put in a lowpower mode. Note: Although you can put computers to sleep which are on other network subnets besides your own, and via AirPort, you will not be able to wake them using Remote Desktop. To put a computer to sleep: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Sleep. 4 Click Sleep.138 Chapter 8 Administering Client Computers Waking Up a Computer Apple Remote Desktop can wake up computers that have gone to sleep or been put to sleep with Remote Desktop. To wake a computer using Remote Desktop, the computer’s networking hardware must support waking via network packet (wakeonlan), and the computer must have “Wake For Ethernet Network Administrator Access” enabled in the Wake Options of Energy Saver preferences. You cannot wake up computers connected to the network via AirPort or computers not located on your local subnet. Apple Remote Desktop uses a “wakeonlan” packet to wake sleeping client computers. The packet can only be delivered by way of a local broadcast address, so it only works on a local area network. Also, the network hardware still needs to be powered to receive and act on the packet. AirPort and other wireless network interfaces completely power down on sleep and therefore can’t receive or act on a wakeonlan packet. If you must wake computers on a different subnet, you may want to use a computer on that subnet as a type of sentry. It never sleeps, and runs another licensed copy of Remote Desktop, as well as allows itself to be controlled by your local copy of Remote Desktop. That way you can control the “sentry” computer and instruct it to wake client computers on its local subnet. To wake a computer: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers from the list that show a status as “Sleeping” or offline. 3 Choose Manage > Wake. 4 Click Wake. Locking a Computer Screen Apple Remote Desktop can lock a computer screen. When you lock a computer screen, no one can see the desktop or use the mouse and keyboard on that computer. By default, Apple Remote Desktop displays a picture of a padlock on locked screens, but you can display a custom picture. See “Displaying a Custom Picture on a Locked Screen” on page 139 for more information. You can continue to work with computers using Remote Desktop after you’ve locked their screens.Chapter 8 Administering Client Computers 139 To lock a computer screen: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Interact > Lock Screen. 4 Enter a message to be displayed on the locked screen, if desired. 5 Click Lock Screen. The client screen goes black, except for the administrator’s name, the default picture, and any message text. Displaying a Custom Picture on a Locked Screen You can display a picture of your choice on the client screen while it is locked by Apple Remote Desktop. When creating images, make sure the image size will fit on the client computer’s screen. For example, if you have clients with 800 x 600 screens, a picture that is 1024 x 768 will be scaled down to fit the screen. To create a custom locked screen picture: 1 Create a picture using a graphics program, such as AppleWorks. 2 Save the picture in PICT, TIFF, GIF, JPEG, or any other QuickTime-compatible static image format. QuickTime-compatible movies or QuickTime VR objects cannot be used. 3 Name the picture “Lock Screen Picture”. 4 Copy the “Lock Screen Picture” file to /Library/Preferences/ on the client computer. Unlocking a Computer Screen You must use Apple Remote Desktop to unlock any computer screen locked by Remote Desktop. When you unlock a computer screen, you restore the desktop and use of the mouse and keyboard on that computer. To unlock a computer screen: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers from the list that show a “Locked Screen” status. 3 Choose Interact > Unlock Screen. 4 Click Unlock Screen.140 Chapter 8 Administering Client Computers Disabling a Computer Screen Sometimes you may want to control a client computer with a user at the client computer, but you don’t want the user to see what you’re doing. In such a case, you can disable the client computers screen while preserving your own view of the client computer. This is a special control mode referred to as “curtain mode.” You can change what’s “behind the curtain” and reveal it when the mode is toggled back to the standard control mode. This feature only works with Mac OS X v.10.4 clients. To disable a computer screen while you work: 1 Control a client computer. See “Controlling Apple Remote Desktop Clients” on page 78 or “Controlling VNC Servers” on page 82 for detailed information. 2 Click the Lock Computer Screen While You Control button in the control window toolbar. Alternatively, if you are not currently in a Control window and have added the “Control Computer in Curtain Mode” button to your toolbar, click that toolbar icon. You can also select Interact > Curtain. Logging In a User at the Login Window Apple Remote Desktop can log in any user on a client computer by using AppleScript System Events and the Send UNIX Command feature. Using these powerful features you can log in any number of client computers to the same user name simultaneously from the login window. This script is for use on computers at the login screen only. To log in a user: This method uses the osascript command. For detailed information on osascript, see the osascript man page. 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Send UNIX Command. 4 Type the following AppleScript in the UNIX Command window, adding the user name and password: osascript <" keystroke tab delay 0.5 keystroke "" delay 0.5 Chapter 8 Administering Client Computers 141 keystroke return end tell EndOfMyScript 5 Choose user “root” to run the command. 6 Click Send. The client computer executes the script. Logging Out the Current User Apple Remote Desktop can log out the current user on a client computer. Other users, besides the current active user, who are logged in using Fast User Switching are not logged out using this command. Using this command returns the client computer to the login window. Unsaved work will stop the logout process. To log out a user: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Log Out Current User. 4 Click Log Out. Restarting a Computer Apple Remote Desktop can restart a client computer. This has the same result as choosing the Restart command from the client computer’s Apple menu. This feature is especially useful when used with the Install Packages command. Install Packages doesn’t restart the computer, even if the package requires it. You can restart the computer using Remote Desktop after installing a package. To restart a computer: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Restart. 4 Select the type of restart. You can allow users to save files or cancel the restart, or you can force an immediate restart, which will cause the users to lose unsaved changes to any open files. 5 Click Restart.142 Chapter 8 Administering Client Computers Shutting Down a Computer Apple Remote Desktop can shut down a client computer. This has the same result as choosing the Shut Down command from the client computer’s Apple menu. Note: If you shut down an Apple Remote Desktop client, you cannot start it up using Remote Desktop. This command is especially useful when used with Energy Saver preferences. You can set your client computers to start up every morning at a designated time and use Remote Desktop to shut them down at night. The next morning, they will start up and be ready to administer. To shut down a computer: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Shut Down. 4 Select the type of shutdown. You can choose to allow users to save files or cancel the shutdown, or you can force an immediate shutdown, which will cause the users to lose unsaved changes to any open files. 5 Click Shut Down.Chapter 8 Administering Client Computers 143 UNIX Shell Commands In addition to its own tasks, Apple Remote Desktop provides a way to easily execute UNIX commands on client computers. In order to send UNIX commands to the client computers, the client computers must have the BSD subsystem installed. The UNIX commands are shell command, which means you can write a script with conditionals, loops, and other functions of the shell, and not just send a single command. Send UNIX Command Templates Remote Desktop has a few built-in UNIX shell command templates for use with Send UNIX Command. In the Send UNIX Command task configuration dialog, you can select any one of the commands from the Templates pop-up menu. Selecting a template pastes a generic script into the UNIX command field. All you have to do is customize the script to your situation. For example, if you want to set a manual IP address for a client computer, you would select the Manual IP template from the Template > Network Setup pop-up menu, replace the placeholder indicated in the pasted-in UNIX command with the real IP address, and send the command. You are free to make as many templates as your want from either existing templates or from scratch. Once saved, a template can be made the task’s default, with all new instances of the task opening with the default template settings.144 Chapter 8 Administering Client Computers For more information about Task Templates, see “Creating and Using Task Templates” on page 100. The built-in Send UNIX Command templates include: Template sub-menu Template name Network Setup  List All Services  Manual IP  DHCP  BOOTP  Manual with DHCP Router  DNS Servers  Search Domains  Web Proxy System Setup  Allow Power Button To Sleep  Bonjour Name  Current Date  Current Time  Time Zone  Network Time  Network Time Server  Remote Apple Events  Remote Login (SSH)  Restart After Freeze  Restart After Power Failure  System Sleep Time  Display Sleep Time  Hard Disk Sleep Time  Delay After Power Failure  Wake On Modem Activity  Wake On Network Access Miscellaneous  Login User  Quit Application  Volume Off  Volume On  List Required Software Updates  Install Required Software Updates  Repair Disk Permissions  Computer Uptime  Free Swap Space  Top UsersChapter 8 Administering Client Computers 145 Executing a Single UNIX Command Using the UNIX Command window, you can send a single command to the selected client computers. The command is executed using the bash shell. To execute a single UNIX command: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Send UNIX Command. 4 Type or paste the command. If your command is a multi-line script, enter each command on its own line. If you want to break up a single-line command for better readability, use a backslash (\) to begin a new line. 5 Set the permissions used to execute the command. You can choose the currently logged-in user, or choose the name of another user on the client computers. 6 Click Send. Executing Scripts Using Send UNIX Command There are two kinds of scripts you can execute via the command line. First, and most common with command lines, is a shell script. A shell script is a file containing a collection of UNIX commands that are all executed in sequence. Shell scripts can have normal programming procedures like loops, conditionals, and variables. Shell scripts are text files with UNIX line endings. Shell scripts are interpreted using the bash shell. The second kind of script you can execute, and the most common in the Mac OS X environment, is an AppleScript. AppleScripts are files that contain English-like commands, using the AppleScript programming language and they are created using the Script Editor application. Running a UNIX command as the current user will fail if the target computer is at the login window, since there is no current user at that point. You can use root user for tasks by entering root in the specified user field of the task dialog. You don’t actually need to have the root account enabled on the client computer to specify the root user. You should never use sudo or su to do tasks as the root user. They are interactive and expect further input and response from your script. Instead, run your script as root or whatever user you were planning on. Executing Shell Scripts with Remote Desktop Shell scripts can be copied, then executed. If a script has any degree of complexity, or if it cannot be expressed on a single line, you can use Copy Items to copy the script file to the client computers, then execute it using Send UNIX Command. To send a single-line command you can simply use Send UNIX Command.146 Chapter 8 Administering Client Computers To copy and execute a script: 1 Prepare and save your script. Make sure your script is saved as plain text with UNIX line breaks. 2 Open Remote Desktop. 3 Select a computer list in the Remote Desktop window. 4 Select one or more computers in the selected computer list. 5 Use the Copy Items command to copy your script to the client computers. See “Copy Options” on page 107 and “Copying from Administrator to Clients” on page 108 for more information. 6 After copying the script, choose Manage > Send UNIX Command. 7 Execute the script by typing: sh script pathname 8 Click Send. Executing AppleScripts with Remote Desktop AppleScripts can be executed on client computers in two ways. They can be saved and executed as an application, or sent at once using the command line. To learn more about AppleScript, see AppleScript Help in Help Viewer or go to: www.apple.com/applescript/. To send and execute an AppleScript: 1 Save the AppleScript as an application. 2 Open Remote Desktop. 3 Select a computer list in the Remote Desktop window. 4 Select one or more computers in the selected computer list. 5 Use the Copy Items command with the Open Items option selected in the Copy Items dialog. See “Copy Options” on page 107 for more information. To execute an AppleScript using the Send UNIX Command: This method uses the osascript command. See the osascript man page for more information. 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose Manage > Send UNIX Command. 4 Type or paste the AppleScript in the UNIX Command window, like this: osascript -e 'First line of script' -e 'Next line of script' [ -e ... ]Chapter 8 Administering Client Computers 147 Alternatively, you could use a UNIX “read standard input” redirection which looks like: osascript < value must be a multiple of 30 seconds. Example: systemsetup - setWaitForStartupAfterPowerFailure 30 -setwakeonmodem ( on | off ) Use this command to specify whether or not the server will wake from sleep when modem activity is detected. Example: systemsetup -setwakeonmodem on -setwakeonnetworkaccess ( on | off ) Use this command to specify whether the server wakes from sleep when a network admin packet is sent to it. Example: systemsetup -setwakeonnetworkaccess on Flag DescriptionChapter 8 Administering Client Computers 151 Any command in the Mac OS X Server command-line guide that uses systemsetup can be used in Remote Desktop using the Send UNIX Command task. Using kickstart The kickstart command-line utility is embedded within the Apple Remote Desktop client software. It allows you to install, uninstall, activate, configure, and restart components of Apple Remote Desktop without restarting the computer. You can configure all the features found in the Remote Desktop section of the Sharing System Preferences. The kickstart utility can be used via SSH to configure remote computers, including Xserves. The kickstart utility is located at: /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/ Resources/kickstart. The syntax and list of actions possible with kickstart are available by running kickstart as follows: $sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/ Resources/kickstart -help If you are running the kickstart utility through Apple Remote Desktop’sSend UNIX Command function, you don’t need the full path, just the name kickstart and root as the command’s user. You can use the sudo command with an administrator account to use the kickstart utility, or you can use the root user via Send UNIX Command. All commands presented in this section should be typed as one line of text. It’s OK if the text wraps as you enter it; just be sure not to enter return characters. The following are some examples of actions possible with kickstart:  Activate Remote Desktop sharing, enable access privileges for all users, and restart the Apple Remote Desktop Agent: $ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/ Contents/Resources/kickstart -activate -configure -access -on -restart -agent -privs -all  Activate Remote Desktop sharing, enable access privileges for the users “admin”, grant full privileges for the users “admin,” and restart the Apple Remote Desktop Agent and Menu item: $ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/ Contents/Resources/kickstart -activate -configure -access -on -users admin -privs -all -restart -agent -menu  Activate Remote Desktop sharing, and disable access privileges for all users: $ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/ Contents/Resources/kickstart -activate -configure -access -off  Shut down the Apple Remote Desktop Agent process: $ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/ Contents/Resources/kickstart -agent -stop152 Chapter 8 Administering Client Computers  Deactivate Remote Desktop access for a computer: $ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/ Contents/Resources/kickstart -deactivate -configure -access -off Automating Functions You can automate any command or function in Remote Desktop. Additionally, Remote Desktop supports scripting (either UNIX or AppleScript) to help automate their client management. Setting the Client’s Data Reporting Policy To speed up reporting and allow reporting from offline clients, Apple Remote Desktop uses saved client system and file information. You can automate the collection of this information by setting the data reporting policy. This schedule determines how often the client updates its system and file information for reports. In accordance with the collection schedule you set, each client computer connects to a central reporting database and uploads the information you designate. There are certain trade-offs to the frequency of these updates. If you require all the clients to update their information too often, you run the risk of added network traffic and slower client performance during updates. If you don’t require the clients to update often enough, the report data that you receive may be out of date. You should take care to balance your reporting needs and your network and client performance needs. The collection policy includes four kinds of information: system data, file data, user accounting data, and application usage data. System data includes all possible reported information for the following reports:  System Overview  Storage  USB Devices  FireWire Devices  Memory  PCI Cards  Network Interfaces The file data includes all possible reported information for the following reports:  File Search  Software Version  Software DifferenceChapter 8 Administering Client Computers 153 The user accounting data includes all possible reported information for the following report:  User History The application usage data includes all possible reported information for the following report:  Application Usage To set a client’s data reporting policy: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose File > Get Info. 4 If you have selected only one computer, select the Data Settings tab, and click the Edit button. If you have selected more than one computer, this tab is already selected. 5 Select “Upload on a schedule.” To disable a client’s automatic data collection, deselect “Upload on a schedule.” 6 If you have already made a default schedule, you can use it by clicking “Use default schedule” to automatically fill in the appropriate information and click Done. Otherwise, choose the day or days the data collection should occur. For more information about setting a default schedule, see “Creating a Template Data Reporting Policy” on page 153. 7 Set the time at which the collection occurs. 8 Choose which data types to upload: System Data, File Search Data, Application Usage Data or User Accounting Data, or any combination. 9 In order to upload Application Usage Data and User Accounting Data, you need to specify collection of that data. Choose Collect Application Usage Data to tell a client computer to save report information for the Application Usage Report. Choose User Accounting Data to tell a client computer to save report information for the User History Report. 10 Click Apply. Creating a Template Data Reporting Policy To speed up client configuration for data reporting, you can set a default time and frequency of report data collection. This template must be applied to any computer or group of computers that you want to use it. Afterwards, the setting can be customized on a per-computer or group basis.154 Chapter 8 Administering Client Computers To set the default data reporting policy template: 1 Choose Remote Desktop > Preferences. 2 Select Task Server. 3 Check which additional data types the clients will collect: Application Usage Data, User Accounting Data, or both. 4 Check “Upload report data to the Task Server on a schedule.” 5 Click Change Schedule. 6 Choose the day or days the data collection should occur. 7 Set the time at which the collection should occur. 8 Choose which data types to upload: “System Data,” “File Search Data,” “Application Usage Data,” “User Accounting Data,” or any combination. 9 Click OK. Designating the Task Server and Setting the Report Data Collection Location To speed up reporting, Apple Remote Desktop uses a database of client system and file information. You can automate the collection of this data for reports, and determine where the database will reside. By default, the database is stored on the administrator computer. Use these instructions to change the data collection location. First, determine where the data will be located: on the administrator computer, or a remote computer (called a Task Server). A Task Server needs to be an unlimited-client licensed Apple Remote Desktop administrator computer and have TCP and UDP ports 3283 open to all of the reporting client computers (and TCP port 5900 open, if you want to control the clients). If you choose to use another Apple Remote Desktop administrator computer’s database, you must configure it to allow data access to other Apple Remote Desktop administrators. The default Task Server is the computer upon which you installed Remote Desktop. See also “Using a Task Server for Report Data Collection” on page 112. If you choose to store the data locally and you have an unlimited client license, you can allow other Apple Remote Desktop administrators with unlimited-managed computer licenses to access the database on your computer by selecting the “Allow remote connections to this server” option. Warning: If you change the location of the report database from the one selected in the initial setup, you will need to reset the collection policies for the client computers. The database will not be moved, but will be regenerated at the next collection interval.Chapter 8 Administering Client Computers 155 To set the Task Server location: 1 Open Remote Desktop. 2 Choose Remote Desktop > Preferences. 3 Click Task Server. 4 If you want to use the database on this administrator computer, select “Use Task Server on this computer.” 5 If you use your Remote Desktop administration computer as a Task Server on the local administrator computer, click “Allow remote connections to this server.” 6 If you want to use a database on another administrator computer, select “Use remote Task Server.” Then, enter the IP address or fully qualified domain name of the other Apple Remote Desktop administrator computer, and click Select. 7 Close the window to save changes. Scheduled Tasks You can use Apple Remote Desktop to automate and schedule almost any task. For example, you can make sure a particular application or a specific set of fonts is always available on a client computer by setting Remote Desktop to copy applications and fonts to the client every night. When you schedule an automated task, information about the scheduled task is saved on the administrator computer. At the appointed time, the client software on that computer activates and initiates the task. Remote Desktop must be open to perform a scheduled task. Setting Scheduled Tasks Any task with the Schedule Task button in the task configuration window can be scheduled. Tasks that you have scheduled appear on the left in the main Remote Desktop window. To schedule a task: 1 Select a computer list in the Remote Desktop window. 2 Select one or more computers in the selected computer list. 3 Choose the task you want to schedule from the menu bar. 4 Configure the task as needed. 5 Before executing the task, click the Schedule button. The scheduling information is revealed. 6 Choose when and how often you want the task to execute. 7 If you want the task to repeat, click Repeating Every then set the repeat interval.156 Chapter 8 Administering Client Computers 8 Click OK. 9 Save the task and choose where the task will appear in the Remote Desktop window. Editing Scheduled Tasks Once saved, a task can be changed and all future executions of the task will reflect the changes. You may want to edit which computers are affected by the task or any other task parameter. To edit a task schedule: 1 Double-click a scheduled task in the Remote Desktop window. 2 Edit the task, as needed. 3 Click the Schedule Task button. 4 Edit the task schedule, as needed. 5 Click OK. 6 Click Save. Deleting Scheduled Tasks Unneeded tasks can be deleted. If you want to keep the task, but stop it from repeating, you should edit the scheduled task instead of deleting it. See “Editing Scheduled Tasks” for more information. To delete a scheduled task: 1 Select the saved task in the Remote Desktop window. 2 Press the Delete key. 3 Click Delete. Using AppleScript with Remote Desktop AppleScript is a powerful and versatile scripting language that is built into Mac OS X. You can use AppleScript to create shortcuts, automate repetitive tasks, or even make custom applications that save you a great amount of time. AppleScript is an Englishlike language you can use to write scripts that contain commands. Scripts can make decisions based on user interaction, or by parsing and analyzing data, documents, or situations. Remote Desktop is scriptable, as are many other Mac OS X applications, and it can be controlled with AppleScript commands. AppleScript is a complete language with conditional statements, comparison and arithmetic operations, and the ability to store variables. This documentation doesn’t teach AppleScript language syntax or programming practices. For information about learning how to program with AppleScript, see the AppleScript online help. This section provides a brief description of AppleScript, a brief discussion of using the Remote Desktop AppleScript Dictionary, and a sample script.Chapter 8 Administering Client Computers 157 Remote Desktop’s AppleScript Basics AppleScript scripts consist of commands that are sent to objects. Objects can be a wide variety of things, including applications, scripts, windows, settings, or the Finder. These objects can receive a specific set of commands and respond with the desired actions. Essentially, a script tells an application (Remote Desktop in this case) to either complete a certain task or retrieve information. You can give the script decision-making capabilities by using conditional statements; you can give the script a memory by defining variables. Remote Desktop has made all of its fundamental functions scriptable. The tasks that you perform as an administrator by pointing and clicking the mouse can all be accomplished by running an AppleScript. For example, you can:  Get information on or rename a computer  Add computers to a list  Copy or install items  Execute a report task Using the Remote Desktop AppleScript Dictionary Each scriptable application contains an AppleScript dictionary—the list of objects and messages that an application can understand. For example, in Remote Desktop’s dictionary there is an object named “computer list” that has this entry: A “computer list” is an object which contains other objects (“computers” in this case) and has properties like its “id” and its “name.” When queried, this object can return the values for the properties (in Unicode text as indicated), but you can’t change “id” from within the script (it’s labeled r/o for read-only). This object can be acted upon by the “verbs,” or messages, in a script. The dictionary also contains “verbs,” or messages. These verbs are commands that act on the objects in the dictionary. For example, in Remote Desktop’s dictionary there is a verb named “add,” and this is its entry: computer list n [inh. item] : A list which holds computers. ELEMENTS contains computers; contained by application. PROPERTIES id (Unicode text, r/o) : The unique identifier (UUID) of the computer list. name (Unicode text) : The name of the computer list. add v : Add a computer to a task. add computer : The computer. to computer list : The computer list (or task) to add the computer to.158 Chapter 8 Administering Client Computers This entry tells you what the verb can act on and how. This entry says that Remote Desktop can add a specified computer to a computer list. The objects “computer” and “computer list” are being acted upon by “add.” To access the full AppleScript dictionary for Remote Desktop: 1 Launch Script Editor in the /Applications/AppleScript/ folder. 2 Select File > Open Dictionary. 3 Choose Remote Desktop. 4 Click Open. The AppleScript Dictionary for Remote Desktop is also available in Appendix C, “AppleScript Remote Desktop Suite.” Sample AppleScript This AppleScript is one that could be used to do a quick cleanup of a group of computers. First, it locks the computer screens to prevent interference. Second, it deletes all items left on the currently active desktops of the client computers. Finally, it finishes by emptying the clients’ trash and unlocking the screens. This script is for educational use only and no warranty is explicit or implied as to the suitability of this script for your computing environment. Additionally, this sample script deletes items on the target computers. Use at your own risk. -- Start commanding the local copy of Remote Desktop tell application "Remote Desktop" -- decide which list to perform this on, in this case it's called "Classroom" set these_computers to computer list "Classroom" -- decide what locked screen text you want displayed set screen_message to "Please wait" as Unicode text -- make a UNIX script which executes an AppleScript on the remote computers set the UNIX_script to "osascript -e 'tell application \"Finder\" to delete every item of the desktop whose class is not disk'" -- set the lock task parameters set lock_task to make new lock screen task with properties {name:”Lock Classroom”, message:screen_message} -- perform the task execute lock_task on these_computers -- set the UNIX script parameters set clean_task to make new send unix command task with properties {name:”Clean Desktop”, showing output:false, script:UNIX_script}Chapter 8 Administering Client Computers 159 -- perform the task execute clean_task on these_computers -- empty the trash afterward execute (make new empty trash task) on these_computers -- unlock the screen when finished execute (make new unlock screen task) on these_computers end tell Using Automator with Remote Desktop Accomplish all of your time-consuming, repetitive manual tasks quickly, efficiently, and effortlessly with Automator workflows. It’s simple to create custom workflows just by dragging items, pointing, and clicking. You can easily automate Remote Desktop tasks such as Lock Screen or Install Packages, then repeat those tasks again and again. Simple and easy-to-understand application actions are the building blocks, so you don’t have to write any code. Each actions has all of the options and settings available to you. Here’s the sample AppleScript above, but done using Automator:160 Chapter 8 Administering Client Computers Using Automator actions, you can even create your own interfaces to Apple Remote Desktop functions without having to give users access to Remote Desktop. For instance, say you wanted to give all your teachers a tool to lock and unlock screens in their classrooms. You still need to configure Remote Desktop and set up computer lists, but instead of giving the teachers all access to Remote Desktop, you can create an Automator plug-in or application. This plug-in lets them select only the computers in their classroom, and the plug-in does the rest of the work for them. You can create an Automator workflow, application, Finder plug-in, or iCal alarm similar to the AppleScript mentioned above. By stringing together Remote Desktop actions in Automator, you accomplish the same work as an AppleScript, but without having to write code. 161 A Appendix A Icon and Port Reference The following tables illustrate some of the icons found in the main window of Remote Desktop. The final table shows which network port numbers are in use by Apple Remote Desktop. Client Status Icons The following icons appear next to the names of computers in a scanner search results list. The icons show the status of each computer in the list. Apple Remote Desktop Status Icons The Apple Remote Desktop status icon appears in the menu bar of each Apple Remote Desktop client. The status icon has several states, depending on the status of the client computer. Icon What it means Accessible to Apple Remote Desktop Offline Apple Remote Desktop client Ping response at IP address, but no Apple Remote Desktop client response Icon What it means Not Active Apple Remote Desktop is installed but is not currently running on the client computer. Ready Apple Remote Desktop is installed and running on the client. Administered Apple Remote Desktop is installed and running on the client computer, the administrator is actively observing or controlling, and the client is set to indicate when it is being observed.162 Appendix A Icon and Port Reference List Menu Icons The following icons are used in the Apple Remote Desktop list area of Remote Desktop’s main window. Task Status Icons The following icons are used in task list areas of Remote Desktop’s main window. Icon What it means Master list Apple Remote Desktop list Smart list Scanner Active Task list Task History list Task Server queue Icon What it means Running Finished successfully Exited with error Incomplete Queued ScheduledAppendix A Icon and Port Reference 163 System Status Icons (Basic) The following icons are shown as initial high-level status indicators for observed client computers. System Status Icons (Detailed) The following icons are shown after further inspection of observed client computer status indicators. Icon Indicates or One or more service statistic is red. This takes precedence over any yellow or green indicator. or One or more service statistic is yellow This takes precedence over any green indicator Service is operating within established parameters. No service informaiton available. Service Icon Status CPU Usage Usage is at 60% or less Usage is between 60% to 85% Usage is at 85% or higher No status information is available DIsk Usage Usage is at 90% or less Usage is between 90% and 95% Usage is at 95% or higher No status information is available Free Memory Less than 80% used Between 80% and 95% used164 Appendix A Icon and Port Reference TCP and UDP Port Reference Apple Remote Desktop uses the following TCP and UDP ports for the functions indicated. Over 95% used No status information is available Service Icon Status Port Protocol Function 5900 TCP Observe and Control 5900 UDP Send screen, share screen 3283 TCP Reporting 3283 UDP Everything else 22 TCP Encrypted file transfer, observe, and control (via SSH tunnel) 165 B Appendix B Report Field Definitions Reference The following sections describe the available fields in some of the Apple Remote Desktop reports. For information on generating reports, see “Creating Reports” on page 111. The file search reports (File Search, Software Version, and Software Difference) are not included because their fields closely match those already found in the Finder. System Overview Report List category Field name Notes or example AirPort AirPort Active Yes/No AirPort Firmware Version Version number AirPort Hardware Address 00:30:65:01:79:EC AirPort Locale AirPort Type AirPort Installed Yes/No AirPort Network Channel Channel number 1-11 AirPort Network Name Network name AppleTalk AppleTalk Active Yes/No AppleTalk Network AppleTalk Node AppleTalk Zone Computer Active Processors Number of processors Available user memory Memory in KB Boot ROM ROM version number Bus Clock Speed In MHz Bus Data Size CPU Speed In MHz Serial number 166 Appendix B Report Field Definitions Reference Velocity Engine Yes/No L2 Cache Size In KB L3 Cache Size In KB Machine Model Memory In KB Empty RAM Slots PCI slots Used Processor Count CPU Type Internal value Sales Order Number VM Size Total RAM Slots Devices ATA Device Count Firewire Device Count Keyboard Connected Mouse Connected Optical Drive Type SCSI Device Count USB Device Count Display 2nd Monitor Depth In bits 2nd Monitor Type 2nd Monitor Resolution Pixels horizontal and vertical Monitor Depth In bits Monitor Type Monitor Resolution Pixels horizontal and vertical Modem Modem Country Modem Driver Modem Firmware Version Modem Installed Yes/No Modem Interface Modem Model Network First Ethernet Address en0 MAC address NetBooted Yes/No Primary IP Address Primary Network Collisions Primary Network Flags List category Field name Notes or exampleAppendix B Report Field Definitions Reference 167 Primary Network Hardware Address Primary Network Input Errors Primary Network Input Packets Primary Network Output Errors Primary Network Output Packets Primary Network Preferences Sleep Display Yes/No Sleep Hard Disk Yes/No Sleep Computer Yes/No Wake for Ethernet Access Yes/No Printing Printer Name Printer Sharing Yes/No Printer Type Printer Version Remote Desktop Computer Info #1 Computer Info #2 Computer Info #3 Computer Info #4 Sharing Computer Name File sharing name, “Bob’s Computer” FTP Access Yes/No Remote AppleEvents Yes/No Remote Login Yes/No UNIX hostname foo.example.com Web Sharing Yes/No Windows Sharing Yes/No Software Kernel Version System Version Mac OS X v10.4.2 (8C46) Storage Free Disk Space In KB, MB, or GB Total Disk Space In KB, MB, or GB Trash Size In KB, MB, or GB List category Field name Notes or example168 Appendix B Report Field Definitions Reference Storage Report List category Field name Notes or example Hardware Options Drive Manufacturer Drive Model Drive Revision Drive Protocol Removable Yes/No Serial Number Logical Unit Number Detachable Volume Options Creation date UNIX GMT format Disk Name Macintosh HD File Count Folder Count Total Disk Space Free Space In KB, MB, or GB Startup Disk UNIX Mount Point /dev/disk0s10 File System Options Disk Format HFS, HFS+, UFS Owner Group Yes/No Permission Modes Permissions Yes/No Write Access Modification date UNIX GMT format Case Sensitive Yes/No Preserves Case Yes/No Backup Options Journaling Capable Yes/No Journaled Yes/No Last Backup date UNIX GMT format Last Check date UNIX GMT formatAppendix B Report Field Definitions Reference 169 USB Devices Report FireWire Devices Report Memory Report PCI Cards Report Field name Notes or example Product Name Product ID Vendor ID Vendor Name Device Speed 1.5Mb, 12Mb Bus Power In mA Date collected Field name Notes or example Device Speed 200, 400, 800 Mbits per second Software Version Manufacturer Model Firmware Revision Date collected Field name Notes or example Slot Identifier DIMM0/J21 Size In MB Speed PC133-222 (Mac OS X 10.3 only) Type SDRAM Date collected Field name Notes or example Card Name Slot Name Slot4 Card Type Display Vendor ID Device ID170 Appendix B Report Field Definitions Reference Network Interfaces Report ROM Revision Displays only Card Revision Card Memory Displays only Date collected Field name Notes or example List category Field name Notes or example Network Overview Name Location name Active Yes/No Primary Yes/No Configured With Ethernet Hardware Address 00:30:65:01:79:EC Interface Name en0 Flags Active Interface Domain example.com Router Address IP Address Broadcast Address DNS Server Subnet Mask IP Addresses Broadcast Addresses DNS Servers Subnet Masks Network Statistics Network Collisions Network Input Errors Network Input Packets Network Output Errors Network Output Packets Output Statistics Output Queue Capacity Output Queue Size Output Queue Peak Size Output Queue Drop Count Output Queue Output Count Output Queue Retry CountAppendix B Report Field Definitions Reference 171 Output Queue Stall Count Ethernet Statistics Ethernet Alignment Errors Ethernet FCS Errors Frame Check Sequence errors Ethernet Single Collision Frames Ethernet Multiple Collision Frames Ethernet SQE Test Errors “heartbeat” test errors Ethernet Deferred Transmissions Ethernet Late Collisions Ethernet Excessive Collisions Ethernet Internal MACTransmit Errors Ethernet Carrier Sense Errors Ethernet Frame Too Long Ethernet Internal Mac Receive Errors Ethernet Chip Set Ethernet Missed Frames Ethernet Receiver Overruns Ethernet Receiver Watchdog Timeouts Ethernet Receiver Frame Too Short Ethernet Receiver Collision Errors Ethernet Receiver PHY Errors Ethernet Receiver Timeouts Ethernet Receiver Interrupts Ethernet Receiver Resets Ethernet Receiver Resource Errors Ethernet Transmitter Underruns Ethernet Transmitter Jabber Events Ethernet Transmitter PHY Errors Physical Errors Ethernet Transmitter Timeouts Ethernet Transmitter Interrupts Ethernet Transmitter Resets List category Field name Notes or example172 Appendix B Report Field Definitions Reference Network Test Report Administration Settings Report Ethernet Transmitter Resource Errors Ethernet Collision Frequencies List category Field name Notes or example Field name Notes or example Computer Computer sharing name Min,. Time Shortest time for ping response Max. TIme Longest time for a ping response Avg. Time Average time for ping response Lost Packets Number of pings without a response Total Packets Number of pings sent. List category Field name Notes or example Computer Computer sharing name Privileges Generate Reports On or off Send Messages On or off Open & Quit On or off Restart & Shutdown On or off Change Settings On or off Copy Items On or off Delete Items On or off Control On or off Observe On or off Show Observe On or off Data Settings Collect Application Usage Data On or off Collect User Accounting Data On or off Upload Schedule Time and days to upload information Upload System Data On or off Upload File Data On or off Upload Application Usage Data On or off Upload User Accounting Data On or offAppendix B Report Field Definitions Reference 173 Application Usage Report User History Report General Version Apple Remote Desktop version and build number Last Contacted Relative date List category Field name Notes or example Field name Notes or example Computer name File sharing computer name Name Application name Launch date 24 hour local time and date Total run time Length of time the application was running Frontmost Length of time the application was the frontmost application User name Short user name of application process owner State What the application is doing now (running, terminated, etc.) Field name Notes or example Computer name file sharing computer name User name Login type) Console, tty, ssh Login time Date and 24 hour format local time Logout time Date 24 hour format local time Remote Login Host Originating host to the login session, localhost, or some remote computer174 C Appendix C AppleScript Remote Desktop Suite This appendix shows the contents of Remote Desktop’s AppleScript Dictionary. This appendix is not a substitute for the AppleScript Dictionary view in Script Editor. It is included as a quick reference so that AppleScript commands might be found by a search of PDF contents. The Dictionary itself has the most recent information about scriptable objects and events in Remote Desktop, and better usability. Classes and Commands for the Remote Desktop Application. add v: Add a computer to a task. add computer: The computer. to computer list: The computer list (or task) to add the computer to. control v: Start a control session with the computer. control computer: The computer to control. execute v: Executes a task. execute task: The task to execute. [on computer list]: The computer list (or computer) on which to run the task. observe v: Start an observation session. observe item: The computer, list, or computer list to observe. release v: Release computers from a control or observation session. release item: The computer, list, or computer list to release. remove v: Remove a computer from a task. remove computer: The computer to remove. from computer list: The computer list (or task) to remove the computer from. stop v: Stops an executing share screen task. stop task: The task to stop.Appendix C AppleScript Remote Desktop Suite 175 application n [inh. application; see also Standard Suite]: Remote Desktop’s top level scripting object. ELEMENTS contains computers, computer lists, copy items tasks, copy to me tasks, documents, empty trash tasks, install package tasks, lock screen tasks, logout tasks, open application tasks, open item tasks, rename computer tasks, restart tasks, send message tasks, send unix command tasks, set local startup disk tasks, set network startup disk tasks, share screen tasks, shutdown tasks, sleep tasks, unlock screen tasks, upgrade client tasks, wake up tasks, windows. PROPERTIES selection (item, r/o): The current selection. computer n [inh. item]: A physical computer. ELEMENTS contained by application, computer lists. PROPERTIES boot volume (Unicode text, r/o): The boot volume of the computer. CPU (Unicode text, r/o): The CPU type of the computer. current application (Unicode text, r/o): The current frontmost application on the computer. current user (Unicode text, r/o): The currently logged in user on the computer. DNS name (Unicode text, r/o): The DNS name of the computer. id (Unicode text, r/o): The unique identifier (UUID) of the computer. Internet address (Unicode text, r/o): The Internet address of the computer. last activity (date, r/o): The time of the most recent activity on the computer. last contacted (date, r/o): The time of last contact with the computer. machine model (Unicode text, r/o): The model of the computer. name (Unicode text, r/o): The name of the computer. physical memory (Unicode text, r/o): The physical ram installed in the computer. primary Ethernet address (Unicode text, r/o): The primary ethernet address of the computer. remote desktop version (Unicode text, r/o): The version of the Remote Desktop client running on the computer. status message (Unicode text, r/o): The current status of the computer. system version (Unicode text, r/o): The Mac OS version running on the computer. computer list n [inh. item]: A list which holds computers. ELEMENTS contains computers; contained by application. PROPERTIES id (Unicode text, r/o): The unique identifier (UUID) of the computer list. name (Unicode text): The name of the computer list.176 Appendix C AppleScript Remote Desktop Suite copy items task n [inh. task > item]: Copy items to the target computers. ELEMENTS contained by application. PROPERTIES bandwidth limit (integer): Network usage limit in kilobytes per second (0 = unlimited). conflict resolution (ask what to do/rename the existing item/rename the item being copied/replace/replace if older): Specifies what to do if the item(s) already exist in this location. copy items (list): A list of files and/or folders to copy. destination group (Unicode text): If ownership is set to a ‘specific owner’, a valid group name on the destination computer. destination owner (Unicode text): If ownership is set to a ‘specific owner’, a valid user name on the destination computer. destination path (alias): If the location is ‘specific folder’, a fully specified path to the destination folder. encrypting (boolean): Should the items be encrypted during copying location (applications folder/current users desktop folder/current users home directory/ same relative location/specific folder/system folder/system fonts folder/system preferences folder/top folder of the boot disk): The target location to copy to. ownership (current console user/current owner/destination folder owner/specific owner): Specifies the new ownership of the copied item(s). should open (boolean): Should the items be opened after being copied stopping on error (boolean): Should the copy terminate if an error occurs during copying copy to me task n [inh. task > item]: Copy items from the target computers to the administrator computer. ELEMENTS contained by application. PROPERTIES bandwidth limit (integer): Network usage limit in kilobytes per second (0 = unlimited). conflict resolution (ask what to do/rename the existing item/rename the item being copied/replace/replace if older): Specifies what to do if the item(s) already exist in this location. copy items (list): A list of files and/or folders to copy. destination path (alias): If the location is ‘specific folder’, a fully specified path to the destination folder. encrypting (boolean): Should the items be encrypted during copying location (applications folder/current users desktop folder/current users home directory/ same relative location/specific folder/system folder/system fonts folder/system preferences folder/top folder of the boot disk): The target location to copy to.Appendix C AppleScript Remote Desktop Suite 177 empty trash task n [inh. task > item]: Empty the trash on the target computers. ELEMENTS contained by application. install package task n [inh. task > item]: Install package(s) on the target computers. ELEMENTS contained by application. PROPERTIES after installing (attempt restart/do nothing/force immediate restart): Specifies what to do after installing the package(s). bandwidth limit (integer): Network usage limit in kilobytes per second (0 = unlimited). delegating to task server (boolean): Should this task be delegated to the task server encrypting (boolean): Should the packages be encrypted during copying packages (list): A list of packages to install. stopping on error (boolean): Should the copy terminate if an error occurs during copying lock screen task n [inh. task > item]: Lock the screen(s) on the target computers. ELEMENTS contained by application. PROPERTIES message (Unicode text): Message to display on the screen(s). logout task n [inh. task > item]: Log out the current user on the target computers. ELEMENTS contained by application. open application task n [inh. task > item]: Launch an application on the target computers. ELEMENTS contained by application. PROPERTIES application (alias): The path to the application to open. open item task n [inh. task > item]: Open files on the target computers. ELEMENTS contained by application. PROPERTIES files (list): A list of files to open. rename computer task n [inh. task > item]: Change the name of the target computers. ELEMENTS contained by application. PROPERTIES178 Appendix C AppleScript Remote Desktop Suite naming uniquely (boolean): Should each machine be forced to have a numerically unique name target name (Unicode text): The new name for the computer. restart task n [inh. task > item]: Restart the target computers. ELEMENTS contained by application. PROPERTIES user can save changes or cancel (boolean): Is the user allowed to save changes or cancel the restart send message task n [inh. task > item]: Send a text message to the target computers. ELEMENTS contained by application. PROPERTIES message (Unicode text): Message to display on the screen(s). send unix command task n [inh. task > item]: Send a UNIX command or script to the target computers. ELEMENTS contained by application. PROPERTIES script (Unicode text): The command string to be executed. showing output (boolean): Should the complete output of command be displayed in a window user (Unicode text): The user to execute the command as. set local startup disk task n [inh. task > item]: Set the startup volume on the target computers. ELEMENTS contained by application. PROPERTIES boot volume (Unicode text): Specific volume of drive to boot (optional). restarting (boolean): Should the machine be restarted after setting the startup volume set network startup disk task n [inh. task > item]: Set the startup volume on the target computers. ELEMENTS contained by application. PROPERTIES from server (Unicode text): Internet address of the server to boot from. mount volume (Unicode text): Volume name on server to mount. restarting (boolean): Should the machine be restarted after setting the startup volume Appendix C AppleScript Remote Desktop Suite 179 share screen task n [inh. task > item]: Share a computers screen to the target computers. ELEMENTS contained by application. PROPERTIES source computer (computer): The computer (other than the admin) whose screen to share. shutdown task n [inh. task > item]: Shutdown the target computers. ELEMENTS contained by application. PROPERTIES user can save changes or cancel (boolean): Is the user allowed to save changes or cancel the shutdown sleep task n [inh. task > item]: Put the target computers to sleep. ELEMENTS contained by application. task n [inh. item]: A task. This abstract class represents the tasks which can be executed by Remote Desktop. There are subclasses for each specific type of task. ELEMENTS contained by application. PROPERTIES computer list (computer list): The computer list associated with the task. id (Unicode text, r/o): The unique identifier (UUID) of the computer. name (Unicode text): The name of the task. recurrence (Unicode text, r/o): A string which describes the task recurrence, if defined. starting at (date): If the task is scheduled, the date and time of the first execution. unlock screen task n [inh. task > item]: Release the screen(s) of the target computers. ELEMENTS contained by application. upgrade client task n [inh. task > item]: Upgrade the Remote Desktop client on the target computers. ELEMENTS contained by application. wake up task n [inh. task > item]: Wake up the target computers. ELEMENTS contained by application.180 D Appendix D PostgreSQL Schema Sample This chapter contains SQL commands to assist SQL programmers in obtaining the database schema used in Apple Remote Desktop’s report database. You can use this knowledge about the schema to create your own applications that access Apple Remote Desktop report information. Sample list of main database schema Command: /System/Library/CoreServices/RemoteManagement/rmdb.bundle/bin/psql -U ard -c "\\d propertynamemap" ard Output: Table "public.propertynamemap" Column | Type | Modifiers ---------------+------------------------+----------- objectname | character varying(128) | not null propertyname | character varying(128) | not null propertymapid | integer | Sample list of system information table Command: /System/Library/CoreServices/RemoteManagement/rmdb.bundle/bin/psql -U ard -c "\\d systeminformation" ard Output: Table "public.systeminformation" Column | Type | Modifiers --------------+--------------------------+----------- computerid | character(17) | not null objectname | character varying(128) | not null propertyname | character varying(128) | not null itemseq | integer | value | character varying(512) | Appendix D PostgreSQL Schema Sample 181 lastupdated | timestamp with time zone | Sample list of property names Command: /System/Library/CoreServices/RemoteManagement/rmdb.bundle/bin/psql -U ard -c "select * from propertynamemap" ard Output: objectname | propertyname | propertymapid -----------------------+------------------------------+--------------- Mac_SystemInfoElement | WirelessCardIsActive | 0 Mac_SystemInfoElement | WirelessCardFirmwareVersion | 1 Mac_SystemInfoElement | WirelessCardHardwareAddress | 2 Mac_SystemInfoElement | WirelessCardLocale | 3 Mac_SystemInfoElement | WirelessCardType | 4 Mac_SystemInfoElement | WirelessCardInstalled | 5 Mac_SystemInfoElement | WirelessChannelNumber | 6 Mac_SystemInfoElement | WirelessNetworkAvailable | 7 Mac_SystemInfoElement | WirelessIsComputerToComputer | 8 ...... Sample list of table from one computer Command: /System/Library/CoreServices/RemoteManagement/rmdb.bundle/bin/psql -U ard -c "select * from systeminformation" ard Output: computerid | objectname | propertyname | itemseq | value | lastupdated -------------------+----------------------+-----------------+---------+----- ----------------+------------------------ 00:03:93:af:15:cc | Mac_HardDriveElement | CreationDate | 0 | 2005-02-25T03:30:07Z| 2005-02-26 22:21:38-08 00:03:93:af:15:cc | Mac_HardDriveElement | FileSystemType | 0 | 18475 | 2005-02-26 22:21:38-08 00:03:93:af:15:cc | Mac_HardDriveElement | FreeSpace | 0 | 4101610 | 2005-02-26 22:21:38-08 00:03:93:af:15:cc | Mac_HardDriveElement | GroupName | 0 | admin | 2005-02-26 22:21:38-08Index 182 Index A aborting a task 98 access changing privileges 69 group-based 62 via local account 61 Access Privileges 59 adding Dock items 131 administrator announce 92 Apple keyboard keys 79 Apple Remote Desktop menu icon 94, 95 application use report 115 asset tracking application use 115 FireWire devices 121 hardware 119 management 118 memory 123 PCI cards 123 software 118 software changes 118 USB devices 121 B basic file copy 108 best practices networking 71 reporting 113–114 security 73 C chat 92 cleaning up hard disks 128 client data upload policy 152 clipboard sharing 82 computer audio volume 130 computer list making a new 54 removing 54 smart 54 computer lists 49 description of 53 computer sharing names 129 Control/Observe preferences 36 controlling a client 78 control window 32 buttons 79–82 Copy and Open 108 copying items data encryption 107 overview 106 UNIX permissions 107 copying to relative locations 107 Copy Items options 107 CPU serial number, accessing 120 Create Custom Installer 43, 44 curtain mode 81, 140 customizing reports 35 D Dashboard observe 91 deleting files 128 demonstration mode 93 designated data collector 112 directory services 62 drag and drop copies 109 installation 104 E enabling SSH on clients 133 encryption one-time use 76 scheme description 75 setting defaults 75 Ethernet address tracking 122 F file mirroring 110 file system maintenance 131 finding free disk space 120 firewall settings 49 full screen display 81Index 183 G General preferences 36 group-based authorization 65 guest access 65 H hard disk maintenance 131 hardware asset management 119 Help Desk Mode. See sharing control human interface customizing 36 icons 29 tips and shortcuts 37 I installation, Remote Desktop 40 Install Packages options 107 K keyboard shortcut exceptions 78 kickstart tool 147, 151 L launching remote applications 136 limiting access privileges 66 limiting features to administrators 66 logging in remote users 140 logging out users 141 M main window 29 Managed Client settings 46 mcx_setting attribute 62, 64 metadata search 116 mirroring a folder 110 moving computer lists 56–57 multi-observe 85, 91 window 33 muting a computer 130 N NetBoot 128 networking best practices 71 networking with AirPort 72 Network Install 128 network interface audit 122 network performance tuning 73 networksetup tool 147 Network Time Protocol (NTP) server 129 notification script 97 O observation settings 87, 88 Observe Widget 91 observe window 32, 33 offline installation 103 Open Directory 62 P package installation 101, 105 preferences 36 preference standardization 133 printer setup 133 Property List Editor tool 62 putting wired clients to sleep 137 Q quitting applications 137 R reclaiming hard disk space 127 Remote 42 removing client software 47, 48 removing files 127 removing Remote Desktop 46 renaming copied items 108 multiple computers 129 repairing UNIX permissions 131 replacing copied items 108 report access privileges 69 Application Usage 115 File Search 117 Software Difference 118 Software Version 118 System Overview 119 User History 114 report data sources 111 reporting best practices 113–114 reporting policy template 153 report window 34 restarting client computers 141 reusing tasks 99, 100 S saving reporting policy preferences 153 saving reports 125 saving settings 99 saving tasks 99, 100 scan file import 52 IP range 50, 52 LAN 50 scanner display 49 scanners 49 screen pushing 93 screen sharing console 94 Scripting Remote Desktop AppleScript 156–159184 Index Automator 159 Secure Screen Blanking. See curtain mode. security best practices 73 preferences 36 sending scripts via UNIX command 145–147 serial number 40 setting boot disk 128 setting encryption defaults 75 setting Energy Saver preferences 132 setting up a Task Server 154 setting wake-on-LAN 132 sharing control 80 Sharing Preference 59 sharing screens 93 software installation 101 software version report 105 Spotlight search 116 SSH access description 68 start VNC server 68 system requirements 39 systemsetup tool 132, 133, 147, 149 T task history 96 task progress 96, 98 task results 99 task schedules 155 Task Server data collection 112 Install Package 103 preferences 36 setup 154 task status 98 task templates saving 100 UNIX commands 143 templates UNIX commands 143 temporary access 65 testing network performance 124–125 text announce 92 text chat 92 third-party installers 104 Tiger-only features Spotlight search 116 tips using report windows 126 using the observe window 90 tracking. See asset tracking. trashing files 127, 128 U uninstalling client software 47, 48 uninstalling Remote Desktop 46 unique computer names 129 UNIX command templates 143 updating software 118 upgrading client software 42 Remote Desktop 41 user history report 114 user interface. See human interface. user login report 114 user mode 66 user requests, viewing 93 using a time server 129 V VNC 67 connecting to server 82 Control-Alt-Delete 83 custom display designation 84 Mac OS X Client as VNC server 85 non–Mac OS X basic set-up 83 port customization 84 W wakeonlan packet 138 waking wired clients 138 window, shortcuts 37 Workgroup Manager 46, 131 X XML 64 Finger Tips Quick Start Guide Welcome to iPhone. This Quick Start guide tells you how to set up your iPhone and use its key features. To start, turn on your iPhone by pressing and holding the On/Off button for a few seconds. Then follow the onscreen instructions to set up your iPhone. Button basics. To turn off or restart iPhone, press and hold the On/Off button for a few seconds, then drag the slider to confirm. To turn off the screen but still receive calls, press On/Off once. Press the Home button at any time to return to the Home screen. To quickly switch between recently used apps, double-click the Home button and tap an app icon. Voice Control. Use Voice Control to make a hands-free call or play music. To activate Voice Control, hold down the Home button or the center button on the iPhone headset until the Voice Control screen appears. After the tone, speak a command such as “call Elliot” or “dial 555-1212.” You can also ask iPhone to play a specific album, artist, or playlist or to “play more songs like this.” You can even ask iPhone “what’s playing?” or say “play songs by the Rolling Stones,” for example. Notifications. When you receive a notification, it appears briefly at the top of the screen without interrupting what you’re doing. Ignore it or tap it to respond right away. To see a summary of your recent notifications, swipe down from the top of any screen. You can access a new notification from the Lock screen by sliding its icon to the right. Messages. Tap the Messages icon to send an iMessage to other iPhone, iPad, and iPod touch users running iOS 5, or to send an SMS or MMS to other mobile phone users. Type a name or phone number in the To field or select someone from your contacts. Type your message, then tap Send. To send photos or video, tap the Camera button. Make a call. Tap a phone number in Contacts, Favorites, an email, a text message, or almost anywhere in iPhone to make a call. Or open the Phone app and tap the Keypad button to dial manually. To silence an incoming call, press the On/Off button once. To send a call directly to voicemail, press On/Off twice. To answer a call while using the iPhone headset, press the center button once. Press it again to end your call. Search. To search your iPhone or the web, go to the main Home screen and press the Home button or swipe the screen from left to right. Type in what you’d like to find—a name, app, song, artist, movie, or any keyword. iPhone offers suggestions as you type to make searching even faster. To search within an app like Mail, Contacts, or Messages, tap the status bar. Intelligent keyboard. iPhone automatically corrects and suggests words as you type. So if you tap a wrong letter, just keep typing. To accept the suggested word, tap the space bar. Or tap the “x” to ignore the suggestion. The keyboard automatically inserts apostrophes in contractions. If you tap the space bar twice, it adds a period. You can double-tap a word to look it up in the dictionary. Cut, copy, and paste. Tap the text you want to edit, or touch and hold to bring up the magnifying glass, then slide your finger to move the insertion point. You can select a word by double-tapping it, and select more or less text by dragging the grab points. Then tap to cut, copy, or paste. To copy text from web pages, email, or text messages, touch and hold to select the text, then tap Copy. On/Off Sleep/Wake Ring/Silent Volume Up/Down HomeNot all features are available in all areas. TM and © 2011 Apple Inc. Designed by Apple in California. Printed in China. 034-6177-A Learn more. Learn more about iPhone features at www.apple.com/iphone. For the iPhone User Guide and important information, visit support.apple.com/manuals/ iphone. To view the guide on iPhone, download it from the iBookstore or use the Safari bookmark. Get support. Contact your wireless service provider for support on network services, voicemail, and billing. Visit www.apple.com/support/ iphone for support on iPhone and iTunes. Photos. Tap the Photos icon on the Home screen to see your pictures. Flick right or left to move between images. Double-tap or pinch to zoom. Tap once to bring up the onscreen controls. You can edit or enhance a photo, share it, print it, and more. If you have Photo Stream enabled in iCloud, new pictures you take are automatically pushed to all your other devices. Cars 2 will be available on iTunes beginning November 1, 2011. Cars 2 © Disney/Pixar. *Requires second-generation Apple TV. Video and song controls. While playing music or watching a movie, tap anywhere on the screen to bring up the controls. Tap again to hide them. To stream your music or video to an Apple TV, tap the AirPlay button.* From the Lock screen, you can double-click the Home button to quickly access your audio controls. See the web up close. In Safari, double-tap any element on a web page—picture or text—to zoom in. Doubletap again to zoom back out. Rotate iPhone to see the web in widescreen. Tap the Reader button at the top of the screen to view an article without clutter. Tap the Multi-page button to flick between multiple web pages or open a new one. Google, the Google logo, and Google Maps are trademarks of Google Inc. © 2011. All rights reserved. Find location. Search surroundings. To see where you are on a map, tap the Location button. A blue dot appears at your current position. To see which way you’re facing, tap the Location button again to turn on compass view. Find places around you by typing words like “Starbucks” or “pizza” in the search field. Double-tap to zoom in. Tap once with two fingers to zoom out. You can also get directions or tap the Page Curl button for additional map views. App Store. Tap the App Store icon to browse hundreds of thousands of apps in categories like games, business, travel, social networking, and more. Browse by Featured, Categories, or Top 25 or search by name. To purchase and download an app directly to your iPhone, tap Buy Now. Many apps are free. iTunes Store. You can access the iTunes Store by tapping the iTunes icon. Search the store for music, movies, TV shows, music videos, and more. Browse, purchase, and download from the store directly to your iPhone. Tap any item to hear or see a preview. Create folders. Organize apps. Touch and hold any app icon until it starts to jiggle. Then drag one app onto another to create a folder. Folders are automatically named by category, or you can rename them. You can customize your Home screen by dragging apps and folders to different positions and screens. When you’re done, press the Home button. Get directions. In Maps, tap Directions, then enter start and end points. You can use your current location, type in an address, or select an address from your contacts or bookmarked locations. Tap Route to display driving directions. Tap the Walk button for walking directions or the Bus button to view transit routes and times. iPhone can track and show your progress along whichever route you take. iCloud. iCloud stores your music, photos, apps, calendars, documents, and more. It’s seamlessly integrated into your apps and wirelessly pushes your content to all your devices. Tap the Settings icon and choose iCloud to turn on Photo Stream and other iCloud features. You can also download music and apps you’ve previously purchased from the iTunes Store and the App Store. This guide contains all the information you need to get from setup to your sofa. Welcome. You’re watching Apple TV.Contents 3 Contents Chapter 1: Connect. 7 What’s in the Box 8 Apple TV at a Glance 10 What You Need 11 Setting Up Apple TV Chapter 2: Configure. 16 Network Configuration 17 Connecting to iTunes Chapter 3: Watch. 20 Using Your Apple Remote 21 Basic Remote Functions 21 Pairing Apple TV with a Remote 22 Unpairing Apple TV from a Remote 23 Changing the Remote Battery 24 Renting Movies and Purchasing TV Shows4 Contents Chapter 4: Problem? No Problem. 26 Troubleshooting 31 Status Light 32 Service and Support 32 Serial Number 33 Care and Cleaningwww.apple.com/support/appletv Connect. 16 Chapter 1 Connect. Chapter 1 Connect. With Apple TV, you can rent high-definition movies, purchase TV shows, watch streaming content from Netflix, and enjoy podcasts, YouTube and Vimeo videos, and Internet radio. And, you can stream your personal iTunes content wirelessly from a Mac or PC, and view photos from your computer or Flickr on your widescreen HDTV, from the comfort of your couch. And with AirPlay, you can wirelessly stream videos, music, and photos from your iPhone, iPad, and iPod touch to Apple TV. Note:  Content availability varies by region. For information about See What you need to get started “What You Need” on page 10 Setting up Apple TV “Setting Up Apple TV” on page 11 Setting up your network connection “Network Configuration” on page 16 Using the Apple Remote “Using Your Apple Remote” on page 20 Troubleshooting Apple TV “Troubleshooting” on page 26 Apple TV safety and warranty The Apple TV Important Product Information GuideChapter 1 Connect. Chapter 1 Connect. 7 What’s in the Box AC power cord Apple Remote Note:  Your power cord may look different from the one pictured here.8 Chapter 1 Connect. Chapter 1 Connect. Apple TV at a Glance IR receiver Status light £ HDMI port d Micro USB port Optical digital audio port Power port G Ethernet portChapter 1 Connect. Chapter 1 Connect. 9 IR receiver Use with the included Apple Remote to control Apple TV. Status light The status light flashes slowly when Apple TV starts up.When Apple TV is on, the status light glows. See “Status Light” on page 31. d Micro USB port For service and diagnostics. ≤ Power port Connect the included AC power cord to the power port on Apple TV. G Ethernet port If your network is Ethernet-based, connect an Ethernet cable. £ HDMI port Connect Apple TV to the HDMI port of a high-definition TV using an HDMI cable. Optical digital audio port Connect Apple TV to a home theater receiver that has an optical digital audio port, using an optical digital audio (also called S/PDIF or TOSLINK) cable. Z Built-in 802.11n Wi-Fi technology Connect Apple TV to your wireless network.10 Chapter 1 Connect. Chapter 1 Connect. What You Need To start using Apple TV, you need the following: High-Definition TV A high-definition TV capable of displaying 720p video Cables  An HDMI cable to connect Apple TV to your TV  An optical digital audio cable (if you plan to use one) Network  An 802.11b, g, or n Wi-Fi wireless network (wireless video streaming requires 802.11g or 802.11n), or 10/100Base-T Ethernet network  A broadband Internet connection (DSL, cable, or LAN)  Your wireless network name and password (if you use one) Software and Accounts To play content from a Mac or PC on Apple TV, you need the following:  An Apple ID to rent movies or purchase TV shows from the iTunes store, and to use Home Sharing to stream content from a Mac or PC  iTunes 10.2 or later  A Netflix account to stream contentChapter 1 Connect. Chapter 1 Connect. 11 Setting Up Apple TV Apple TV connects to your TV through an HDMI port that delivers both audio and video. Before you set up Apple TV, look at the ports on the back of your TV to make sure you have the right cables. You can connect Apple TV to a high-definition TV or home theater receiver that has an HDMI port, using an HDMI cable for both video and audio. You can also use an optical digital audio cable to connect Apple TV to a receiver for audio. Important:  Before you connect Apple TV to a power outlet, carefully read these installation instructions and the safety information in the included Important Product Information Guide.12 Chapter 1 Connect. Chapter 1 Connect. Step 1: Connecting the cables 1 Connect one end of an HDMI cable to the back of your TV. 2 Connect the other end of the cable to the HDMI port on the back of Apple TV. 3 If you’re using an optical digital audio cable for audio, connect one end of the cable to the audio input port on your receiver or TV, and the other end to the optical digital audio port on the back of Apple TV. Apple TV Television HDMI port HDMI port HDMI cable Note:  The built-in 802.11 Wi-Fi technology connects Apple TV to your wireless network. If your network is Ethernet-based, connect Apple TV to your network using an Ethernet cable.Chapter 1 Connect. Chapter 1 Connect. 13 Step 2: Connect the power cord Connect one end of the power cord to the power port on the back of Apple TV and the other end to a power outlet. Power port Important:  Don’t place anything on top of Apple TV. Objects placed on top may interfere with the wireless signal. Don’t place Apple TV on other electronic equipment in a media cabinet. Step 3: Turn on your TV and select the input The first time you use Apple TV, it helps you choose a language, select a network, and configure Apple TV to work with your network (if necessary). See Chapter 2, “Configure.” on page 15. If you see just a black screen the first time you use Apple TV, make sure the input setting you’ve selected on your TV matches the input you connected the cables to on your TV or home theater receiver. See Chapter 4,“Problem? No Problem.” on page 25, and refer to the documentation that came with your TV for information about its inputs.www.apple.com/support/appletv Configure. 216 Chapter 2 Configure. Chapter 2 Configure. Apple TV helps you select and configure your wireless network connection, and, if you want to watch or listen to the contents of your iTunes library, connect to iTunes on your computer. Network Configuration Have your network name and password (if you use one) and your Apple Remote handy when you configure Apple TV. Make sure there are no obstructions between the remote and Apple TV. For information about using your remote, see Chapter 3,“Watch.” on page 19. If you:  Use a wired Ethernet network to connect, Apple TV automatically detects your network.  Use a wireless network to connect, Apple TV helps you select and configure your network connection. Connecting to Your Wireless Network Apple TV helps you connect to your wireless network. If you use a name and password to access your network, have them ready. Use the Apple Remote to: 1 Select your network from the list, or enter your network name if the network is hidden. 2 Enter your network password (if you use one).Chapter 2 Configure. Chapter 2 Configure. 17 If you don’t connect using DHCP, you may need to enter your IP address, subnet mask, router address, and DNS address. To complete the network connection, follow the onscreen instructions. Connecting to iTunes To access the content in your iTunes library on Apple TV, you need iTunes 10.2 or later installed on your computer. For a complete list of system requirements, see “Software and Accounts” on page 10. Updating Your iTunes Software You can update to the latest version of iTunes.  On a Mac, use Software Update to update to the latest version of iTunes. To use Software Update, choose Apple () > Software Update.  On a Windows-based computer, go to iTunes Help to update to the latest version of iTunes. Open iTunes, and then choose Help > Check for Updates. Setting Up Home Sharing After you set up your network connection, you need to set up iTunes and Apple TV to share the contents of your iTunes library. Use Home Sharing in iTunes and on Apple TV to share the iTunes library of any computer on your local network that has Home Sharing set up.18 Chapter 2 Configure. To set up Home Sharing in iTunes: 1 Open iTunes on your computer. 2 Choose Advanced > Turn On Home Sharing. 3 Type your Apple ID and password, and then click Create Home Share. 4 Repeat steps 1 through 3 on each computer you want to use for Home Sharing. For more information about iTunes, open iTunes and choose Help > iTunes Help. To set up Home Sharing on Apple TV: 1 On Apple TV, choose Settings > Computers. 2 Choose Turn On Home Sharing, and then enter the same Apple ID and password you entered on your computer.www.apple.com/support/appletv Watch. 320 Chapter 3 Watch. Chapter 3 Watch. Read on to learn about pairing and using your Apple Remote with Apple TV. Using Your Apple Remote Use the Apple Remote to control Apple TV settings and navigate your content. Make sure there are no obstructions between the remote and Apple TV. MENU Up Down Menu Play/Pause Left Right SelectChapter 3 Watch. Chapter 3 Watch. 21 Basic Remote Functions Your Apple Remote has the basic functions described below. To Do this Move through the menu options Press Up, Down, Left, or Right Select an option from a menu Press Select Return to a previous menu Press Menu Return to the main menu Hold down Menu Reset Apple TV Hold down Menu and Down until the Apple TV status light blinks rapidly Pair Apple TV and a remote Hold down Menu and Right for 6 seconds Up and Down on the Apple Remote don’t control the volume on your TV or home theater receiver. Use the remote that came with your TV or receiver to change the volume. Pairing Apple TV with a Remote The Apple Remote works with the built-in IR receiver on Apple TV. You can set Apple TV to work only with the included remote by pairing Apple TV and the remote.22 Chapter 3 Watch. Chapter 3 Watch. To pair Apple TV with the included remote: 1 Choose Settings from the Apple TV main menu. 2 Choose General > Remotes > Pair Apple Remote. You can also hold down Menu and Right for 6 seconds to pair Apple TV and the Apple Remote. When you successfully pair your Apple Remote, Apple TV displays a chainlink symbol ( ) above a picture of a remote. Apple TV now works only with the paired remote. Unpairing Apple TV from a Remote If you lose the Apple Remote that you paired Apple TV with, you can use any Apple Remote to unpair Apple TV from the lost remote by holding down Menu and Left for 6 seconds. You can also follow these steps. To unpair Apple TV from a paired remote: 1 Choose Settings from the Apple TV main menu. 2 Choose General > Remotes > Unpair Apple Remote. When you successfully unpair the lost remote, Apple TV displays a broken chainlink symbol ( ) above a picture of a remote. You can now pair Apple TV with a different remote.Chapter 3 Watch. Chapter 3 Watch. 23 Changing the Remote Battery When the battery charge in your Apple Remote is low, Apple TV displays a picture of a remote and a warning symbol (·). Replace the battery with a CR2032 battery. Battery compartment To replace the battery: 1 Use a coin to remove the battery compartment cover. 2 Remove the battery. 3 Insert a CR2032 battery with the positive side (∂) facing up. 4 Replace the battery compartment cover and use a coin to tighten it. Important:  Dispose of the used battery according to your local environmental laws and guidelines.24 Chapter 3 Watch. Renting Movies and Purchasing TV Shows You can rent standard or high-definition movies and purchase TV shows directly on Apple TV (where available). Follow the onscreen instructions to find out when a rented movie expires. Purchased TV shows don’t expire. When a rented movie expires, it’s no longer available for playback. To watch it again, you can rent it again from iTunes. Note:  Rented movies are not available in all regions.www.apple.com/support/appletv Problem? No Problem. 426 Chapter 4 Problem? No Problem. Chapter 4 Problem? No Problem. Most problems with Apple TV can be solved quickly by following the advice in this chapter. For additional tips and troubleshooting information, see the Apple TV Support page at www.apple.com/support/appletv. Troubleshooting If you have a problem with Apple TV, there’s usually a quick and simple solution. First, make sure:  The cables between Apple TV and your TV are pushed in all the way.  The power cords for Apple TV and your TV are securely connected to a working power source.  Your TV is turned on and set to the correct input.  Apple TV is connected to your network. Go to the Settings menu on Apple TV, select Network, and see if Apple TV has an IP address.  Your network and Internet connections are on and working properly. If you still have trouble, try resetting your equipment by disconnecting Apple TV, your TV, your wireless networking equipment or base station, and your router from the power outlet.Wait 30 seconds, and then reconnect everything. If the remote isn’t working  Point the remote directly at Apple TV.  If you paired Apple TV with an Apple Remote, make sure you’re using the paired remote.Chapter 4 Problem? No Problem. Chapter 4 Problem? No Problem. 27  If the Apple TV status light flashes once when you press buttons on the paired remote, the problem isn’t with the remote. See “If you can see a picture but Apple TV isn’t responding” on page 28.  If you’re using an unpaired remote, the Apple TV status light flashes three times.  If you paired Apple TV with an Apple Remote and you can’t find the paired remote, set Apple TV to work with any Apple Remote by holding down Menu and Left for 6 seconds on another remote.  Make sure the front of Apple TV isn’t blocked.  If Apple TV displays a picture of a remote and a warning symbol (·), you need to replace the battery in the remote. See “Changing the Remote Battery” on page 23. If Apple TV can’t access the network  Check the IP address Apple TV is using. If it starts with 169.x.x.x, the router or base station may not be configured properly. Check to see if DHCP access is available, or configure Apple TV with a manual IP address.  Check for any obstructions, and adjust the location of the base station or Apple TV.  If security is enabled on the network, temporarily disable it on the base station and try connecting again.  Apple TV cannot connect to a wireless network that contains high (extended) ASCII or double-byte (Unicode) characters (such as Japanese, Korean, or Chinese) in the name or password.  If your network has security enabled, make sure you enter the correct password.28 Chapter 4 Problem? No Problem. Chapter 4 Problem? No Problem. If your TV screen appears fuzzy or black  Make sure you’re using the correct HDMI cable and that it’s connected firmly to Apple TV and to your TV.  Make sure the input setting on your TV matches the input port the HDMI cable is connected to. For information, see the documentation that came with your TV.  Make sure your HDTV supports 720p video. If you can see a picture but Apple TV isn’t responding  Hold down Menu on the Apple Remote to return to the Apple TV main menu.  Make sure your TV is turned on and functioning properly. For information, see the documentation that came with your TV.  If you paired an Apple Remote with Apple TV, make sure you’re using the paired remote. See “Pairing Apple TV with a Remote” on page 21.  Reset Apple TV by doing one of the following:  Hold down both Menu and Down on the Apple Remote until the Apple TV status light blinks rapidly.  Disconnect Apple TV from the power outlet, wait about five seconds, and then reconnect it.  Choose General > Reset Settings from the main menu on Apple TV.Chapter 4 Problem? No Problem. Chapter 4 Problem? No Problem. 29 If Apple TV doesn’t respond, try restoring it  On Apple TV, choose Settings > General > Reset, and then select Restore. Restoring Apple TV can take some time, so be patient.  If your network doesn’t use DHCP, choose Configure TCP/IP and enter the TCP/IP configuration.  If Apple TV still doesn’t respond:  Disconnect the power and HDMI cables from Apple TV.  Connect one end of a micro USB cable (sold separately) to the back of Apple TV, and the other end to your computer.  Open iTunes on your computer, select Apple TV in the Source list, and then click Restore. If you can’t hear sound  If Apple TV is connected to a home theater receiver, make sure the receiver is turned on.  Make sure the input setting you selected on your TV or receiver matches the input you have your audio cable connected to. For more information, see the documentation that came with your receiver.  Make sure the volume on your TV or receiver is turned up and isn’t muted.  Make sure you’re using the correct audio cable and that it’s connected firmly to Apple TV and to your TV or receiver.  If you’re using the HDMI port for audio, make sure your TV supports audio through its HDMI port. The HDMI ports on some older TVs support only video.30 Chapter 4 Problem? No Problem. Chapter 4 Problem? No Problem. If Apple TV isn’t playing your photo albums or slideshows  Make sure you have photos in your photo library or in a folder on your computer.  Make sure Apple TV and the computer you’re using are set up for Home Sharing. See “Setting Up Home Sharing” on page 17.  Make sure the photos you want to share are selected. In iTunes, choose Advanced >“Choose Photos to Share,” and then select the photos you want to share.  Make sure Apple TV and your computer are on the same local network.  Make sure Apple TV and your computer are using the same Home Sharing account. If noise is coming from your TV speakers:  If your TV or speakers support Dolby Digital audio, make sure the Dolby Digital Out setting is correct for your TV or speakers. On Apple TV, choose Settings > Audio & Video > Dolby Digital Out, and select On or Off. If you don’t see your iTunes library under Computers on Apple TV:  Make sure Apple TV and your computer are on the same local network.  Make sure Apple TV and iTunes are using the same account name and password.Chapter 4 Problem? No Problem. Chapter 4 Problem? No Problem. 31 Status Light The status light on the front of Apple TV indicates what’s happening. If Apple TV is The status light On Glows Off or in standby Is off Starting up Flashes slowly Accepting a command from the remote Flashes once Rejecting a command from the remote (you paired a remote with Apple TV, but you’re using a remote that’s not paired) Flashes three times Having problems Flashes quickly32 Chapter 4 Problem? No Problem. Chapter 4 Problem? No Problem. Service and Support More information about using Apple TV is available in iTunes onscreen help and on the web. The following table describes where to get software and service information. To learn about Do this Service and support, discussions, tutorials, and Apple software downloads Go to: www.apple.com/support/appletv Using iTunes Open iTunes and choose Help > iTunes Help. For an onscreen iTunes tutorial (available in some areas only), go to: www.apple.com/support/itunes Using iPhoto (in Mac OS X) Open iPhoto and choose iPhoto > iPhoto Help Safety and regulatory compliance information See the Important Product Information Guide that comes with Apple TV. Serial Number The serial number is printed on the bottom of Apple TV. You can also find the serial number in the Apple TV Settings menu. On Apple TV, choose Settings > General > About.Chapter 4 Problem? No Problem. Chapter 4 Problem? No Problem. 33 Care and Cleaning NOTICE:  Failure to follow these care and cleaning instructions could result in damage to Apple TV or other property. Using Connectors and Ports Never force a connector into a port. Check for obstructions on the port. If the connector and port don’t join with reasonable ease, they probably don’t match. Make sure that the connector matches the port and that you have positioned the connector correctly in relation to the port. Keeping Apple TV Within Acceptable Temperatures Operate Apple TV in a place where the temperature is always between 0º and 40º C (32º to 104º F). Keeping the Outside of Apple TV Clean To clean Apple TV, unplug the power cord and all cables. Then use a soft, lint-free cloth. Avoid getting moisture in openings. Don’t use window cleaners, household cleaners, aerosol sprays, solvents, alcohol, ammonia, or abrasives to clean Apple TV. Disposing of Apple TV Properly For information about the proper disposal of Apple TV, and for other important regulatory compliance information, see the Important Product Information Guide.K Apple Inc. © 2011 Apple Inc. All rights reserved. Under the copyright laws, this manual may not be copied, in whole or in part, without the written consent of Apple. Every effort has been made to ensure that the information in this manual is accurate. Apple is not responsible for printing or clerical errors. Apple 1 Infinite Loop Cupertino, CA 95014 408-996-1010 www.apple.com The Apple logo is a trademark of Apple Inc., registered in the U.S. and other countries. Use of the “keyboard”Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AirPlay, Apple TV, iPad, iPhone, iPhoto, iPod touch, iTunes, Mac, and Mac OS are trademarks of Apple Inc., registered in the U.S. and other countries. Apple Store and iTunes Store are service marks of Apple Inc., registered in the U.S. and other countries. Manufactured under license from Dolby Laboratories.“Dolby,”“Pro Logic,” and the double-D symbol are trademarks of Dolby Laboratories. Confidential Unpublished Works, © 1992-1997 Dolby Laboratories, Inc. All rights reserved. Other company and product names mentioned herein may be trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products. USB Device Interface GuideContents Introduction to USB Device Interface Guide 4 Organization of This Document 4 See Also 4 USB Device Overview 6 USB Device Types and Bus Speeds 6 USB Device Architecture and Terminology 7 USB Device Component Descriptors 8 USB Composite Class Devices 8 USB Transfer Types 8 Stalls and Halts 9 Data Synchronization in Non-Isochronous Transfers 10 USB 2.0 and Isochronous Transfers 10 USB Devices on OS X 11 Finding USB Devices and Interfaces 12 USB Family Error Codes 14 Determining Which Interface Version to Use 14 Tasks and Caveats 15 Handling Stalls, Halts, and Data Toggle Resynchronization 15 Using the Low Latency Isochronous Functions 15 Errors Reported by the EHCI Hub 17 Changes in Isochronous Functions to Support USB 2.0 17 USB Device Access in an Intel-Based Macintosh 18 Working With USB Device Interfaces 20 Using USB Device Interfaces 20 Accessing a USB Device 22 Definitions and Global Variables 22 The main Function 23 Working With the Raw Device 27 Working With the Bulk Test Device 34 Working With Interfaces 36 Document Revision History 46 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 2Tables and Listings USB Device Overview 6 Table 1-1 Examples of USB devices 6 Table 1-2 Keys for finding a USB device 12 Table 1-3 Keys for finding a USB interface 13 Working With USB Device Interfaces 20 Listing 2-1 Definitions and global variables 22 Listing 2-2 The main function 24 Listing 2-3 Accessing and programming the raw device 27 Listing 2-4 Releasing the raw device objects 30 Listing 2-5 Configuring a USB device 30 Listing 2-6 Two functions to download firmware to the raw device 32 Listing 2-7 Accessing the bulk test device 34 Listing 2-8 Finding interfaces on the bulk test device 36 Listing 2-9 Two asynchronous I/O completion functions 43 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 3Note: This document was previously titled Working With USB Device Interfaces. The I/O Kit provides a device interface mechanism that allows applications to communicate with and control hardware from outside the kernel. This document focuses on how to use that mechanism to create an application that detects the attachment of a USB device, communicates with it, and detects its detachment. This document does not describe how to develop an in-kernel driver for a USB modem or networking device. If you need to do this, refer to the documentation and sample code listed in “See Also” (page 4). Important: If your application is sandboxed, it must request the com.apple.security.device.usb entitlement in order to access USB devices. Organization of This Document This document contains the following chapters: ● “USB Device Overview” (page 6) provides an overview of USB device architecture and terminology and describes how USB devices are represented in OS X. ● “Working With USB Device Interfaces” (page 20) describes how to use the device interface mechanism to create a command-line tool that accesses a USB device. ● “Document Revision History” (page 46) lists the revisions of this document. See Also The ADC Reference Library contains several documents on device driver development for OS X and numerous sample drivers and applications. ● Accessing Hardware From Applications describes various ways to access devices from outside the kernel, including the device interface mechanism provided by the I/O Kit. For an overview of the I/O Kit terms and concepts used in this document, read the chapter Device Access and the I/O Kit. 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 4 Introduction to USB Device Interface Guide● I/O Kit Framework Reference contains API reference for I/O Kit methods and functions and for specific device families. ● Sample Code > Hardware & Drivers > USB includes both application-level and in-kernel code samples. Of particular relevance to this document is the application-level sample USBPrivateDataSample . ● OS X Man Pages provides access to existing reference documentation for BSD and POSIX functions and tools in a convenient HTML format. ● The usb mailing list provides a forum for discussing technical issues relating to USB devices in OS X. If you need to develop an in-kernel driver for a USB modem or networking device, refer to the following: ● I/O Kit Fundamentals describesthe architecture ofthe I/OKit,the object-oriented framework for developing OS X device drivers. ● ADC members can view the AppleUSBCDCDriver project in the source code for OS X v10.3.7 and later, available at Darwin Releases. To find the source code, select a version of OS X equal to or greater than v10.3.7 and click Source (choose the source for the PPC version, if there's a choice). This displays a new page, which lists the open source projects available for the version of OS X you've chosen. Scroll down to AppleUSBCDCDriver and click it to view the source. Be prepared to supply your ADC member name and password. ● Additional code samples that demonstrate specific in-kernel driver programming techniques are included as part of the OS X Developer Toolsinstallation package in /Developer/Examples/Kernel/IOKit/usb. If you're ready to create a universal binary version of your USB device-access application to run in an Intel-based Macintosh,seeUniversalBinaryProgrammingGuidelines.TheUniversalBinaryProgrammingGuidelines describes the differences between the Intel and PowerPC architectures and provides tips for developing a universal binary. If you are working with a device that complies with the USB mass storage specification but declares its device class to be vendor specific, see Mass Storage Device Driver Programming Guide for information on how to ensure the correct built-in driver loads for the device. Apple provides additional USB information (including the OS X USB Debug Kits) at http://developer.apple.com/hardwaredrivers/usb/index.html. A detailed description of the USB device specification is beyond the scope of this document—for more information, see Universal Serial Bus Specification Revision 2.0 available at http://www.usb.org. Introduction to USB Device Interface Guide See Also 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 5This chapter provides a summary of USB device architecture and describes how USB devices are represented in OS X. It also presents a few specific guidelines for working with USB devices in an application.For details on the USB specification, see http://www.usb.org. USB Device Types and Bus Speeds The USB specification supports a wide selection of devices that range from lower-speed devices such as keyboards, mice, and joysticks to higher-speed devices such as scanners and digital cameras. The specification lists a number of device classes that each define a set of expected device behaviors. Table 1-1 (page 6) lists some examples of USB devices, categorized by class. Table 1-1 Examples of USB devices USB device class USB devices in class Audio class Speakers, microphones Chip Card Interface Device Class Smart cards, chip cards Communication class Speakerphone, modem A device in which all class-specific information is embedded in its interfaces Composite class HID class Keyboards, mice, joysticks, drawing tablets Hub class Hubs provide additional attachment points for USB devices Hard drives, flash memory readers, CD Read/Write drives, digital cameras, and high-end media players Mass storage class Printing class Printers A device that doesn’t fit into any other predefined class or one that doesn’t use the standard protocols for an existing class Vendor specific Digital camcorders, webcams, digital still cameras that support video streaming Video class 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 6 USB Device OverviewVersion 1.1 of the USB specification supports two bus speeds: ● Low speed (1.5 Mbps) ● Full speed (12 Mbps) Version 2.0 of the specification adds another bus speed to this list: ● High speed (480 Mbps) The USB 2.0 specification is fully compatible with low-speed and full-speed USB devices and even supports the use of cables and connectors made to meet earlier versions of the specification. Apple provides USB 2.0 ports on all new Macintosh computers and fully supports the new specification with Enhanced Host Controller Interface (EHCI) controllers and built-in, low-level USB drivers. For the most part, you do not have to change existing applications to support the faster data rate because the speed increase and other enhancements are implemented at such a low level. The exceptions to this are some differences in isochronous transfers. For information on how the USB 2.0 specification affects isochronous transfers, see “USB 2.0 and Isochronous Transfers” (page 10). USB Device Architecture and Terminology The architecture of a generic USB device is multi-layered. A device consists of one or more configurations, each of which describes a possible setting the device can be programmed into. Such settings can include the power characteristics of the configuration (for example, the maximum power consumed by the configuration and whether it is self-powered or not) and whether the configuration supports remote wake-up. Each configuration contains one or more interfacesthat are accessible after the configuration isset. An interface provides the definitions of the functions available within the device and may even contain alternate settings within a single interface. For example, an interface for an audio device may have different settings you can select for different bandwidths. Each interface contains zero or more endpoints. An endpoint is a uniquely identifiable portion of a USB device that is the source or sink of information in a communication flow between the host and the device. Each endpoint has characteristics that describe the communication it supports, such as transfer type (control, isochronous, interrupt, or bulk, described in “USB Transfer Types” (page 8)), maximum packet size, and transfer direction (input or output). Communication with a USB device is accomplished through a pipe, a logical association between an endpoint and software running on the host. Endpoint and pipe are often used synonymously although an endpoint is a component of a USB device and a pipe is a logical abstraction of the communications link between endpoint and host. USB Device Overview USB Device Architecture and Terminology 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 7USB Device Component Descriptors Each layer of a USB device providesinformation about its attributes and resource requirementsin its descriptor, a data structure accessible through device interface functions. By examining the descriptors at each layer, you can determine exactly which endpoint you need to communicate successfully with a particular device. At the top layer is the device descriptor, which has fields associated with information such as the device’s class and subclass, vendor and product numbers, and number of configurations. Each configuration in turn has a configuration descriptor containing fields that describe the number of interfaces it supports and the power characteristics of the device when it is in that configuration, along with other information. Each interface supported by a configuration has its own descriptor with fields for information such as the interface class, subclass, and protocol, and the number of endpoints in that interface. At the bottom layer are the endpoint descriptors that specify attributes such as transfer type and maximum packet size. The USB specification defines a name for each descriptor field, such as the bDeviceClass field in the device descriptor and the bNumInterfaces field in the configuration descriptor, and each field is associated with a value. For a complete listing of all descriptor fields, see the USB specification at www.usb.org. The USB family defines structures that represent the descriptors defined by the USB specification. For the definitions of these structures, see USB in Kernel Framework Reference . USB Composite Class Devices The USB specification defines a composite class device as a device whose device-descriptor fields for device class (bDeviceClass) and device subclass (bDeviceSubClass) both have the value 0. A composite class device appears to the system as a USB device using a single bus address that may present multiple interfaces, each of which represents a separate function. A good example of a composite class device is a multifunction device, such as a device that performs printing, scanning, and faxing. In such a device, each function is represented by a separate interface. In OS X, the I/O Kit loads the AppleUSBComposite device driver for composite class devices that do not already have vendor-specific device drivers to drive them. The AppleUSBComposite driver configures the device and causes drivers to be loaded for each USB interface. Although most multifunction USB devices are composite class devices, not all composite class devices are multifunction devices. The manufacturer of a single-function USB device is at liberty to classify the device as a composite class device as long as the device meets the USB specifications. For more information on how OS X represents USB devices and interfaces, see “USB Devices on OS X” (page 11). USB Transfer Types The USB specification defines four types of pipe transfer: ● Control—intended to support configuration, command, and status communication between the host software and the device. Control transfers support error detection and retry. USB Device Overview USB Device Architecture and Terminology 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 8● Interrupt—used to support small, limited-latency transfers to or from a device such as coordinates from a pointing device or status changes from a modem. Interrupt transfers support error detection and retry. ● Isochronous—used for periodic, continuous communication between the host and the device, usually involving time-relevant information such as audio or video data streams. Isochronous transfers do not support error detection or retry. ● Bulk—intended for non-periodic, large-packet communication with relaxed timing constraints such as between the host software and a printer or scanner. Bulk transfers support error detection and retry. Pipes also have a transfer direction associated with them. A control pipe can support bidirectional communication but all other pipes are strictly uni-directional. Therefore, two-way communication requires two pipes, one for input and one for output. Every USB device is required to implement a default control pipe that provides access to the device’s configuration, status, and control information. This pipe, implemented in the IOUSBDevice nub object (described in “USB Devices on OS X” (page 11)), is used when a driver such as the AppleUSBComposite driver configures the device or when device-specific control and status information is needed. For example, your application would use the default control pipe if it needs to set or choose a configuration for the device. The default control pipe is connected to the default endpoint (endpoint 0). Note that endpoint 0 does not provide an endpoint descriptor and it is never counted in the total number of endpoints in an interface. The interfaces associated with a configuration can contain any combination of the three remaining pipe types (interrupt, isochronous, and bulk), implemented in the IOUSBInterface nub objects (described in “USB Devices on OS X” (page 11)). Your application can query the interface descriptors of a device to select the pipe most suited to its needs. Stalls and Halts Although a stall and a halt are different, they are closely related in their effect on data transmission. Halt is a feature of an endpoint and it can be set by either the host or the device itself in response to an error. A stall is a type of handshake packet an endpoint returns when it is unable to transmit or receive data or when its halt feature is set (the host never sends a stall packet). When an endpoint sends a stall packet, the host can halt the endpoint. Depending on the precise circumstances and on how compliant the device is, the halt feature must be cleared in the host, the endpoint, or both before data transmission can resume. When the halt is cleared the data toggle bit, used to synchronize data transmission, is also reset (see “Data Synchronization in Non-Isochronous Transfers” (page 10) for more information about the data toggle). For information on how to handle these conditions in your application, see “Handling Stalls, Halts, and Data Toggle Resynchronization” (page 15). USB Device Overview USB Device Architecture and Terminology 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 9Data Synchronization in Non-Isochronous Transfers The USB specification defines a simple protocol to provide data synchronization across multiple packets for non-isochronoustransfers(recall that isochronoustransfers do notsupport error recovery or retry). The protocol is implemented by means of a data toggle bit in both the host and the endpoint which is synchronized at the start of a transaction (or when a reset occurs). The precise synchronization mechanism varies with the type of transfer; see the USB specification for details. Both the host and the endpoint begin a transaction with their data toggle bitsset to zero. In general, the entity receiving data toggles its data toggle bit when it is able to accept the data and it receives an error-free data packet with the correct identification. The entity sending the data toggles its data toggle bit when it receives a positive acknowledgement from the receiver. In this way, the data toggle bits stay synchronized until, for example, a packet with an incorrect identification is received. When this happens, the receiver ignores the packet and does not increment its data toggle bit. When the data toggle bits get out of synchronization (for this or any other reason), you will probably notice that alternate transactions are not getting through in your application. The solution to this is to resynchronize the data toggle bits. For information on how to do this, see “Handling Stalls, Halts, and Data Toggle Resynchronization” (page 15). USB 2.0 and Isochronous Transfers The USB 2.0 specification supports the same four transfer types as earlier versions of the specification. In addition to supporting a higher transfer rate, the new specification defines an improved protocol for high-speed transfers and new ways of handling transactions for low-speed and full-speed devices. For details on the protocols and transaction-handling methods, see the specification at http://www.usb.org. For the most part, these enhancements are implemented at the hostsoftware level and do not require changes to your code. For isochronous transfers, however, you should be aware of the following differences: ● Earlier versions of the specification divide bus time into 1-millisecond frames, each of which can carry multiple transactionsto multiple destinations. (A transaction containstwo or more packets: a token packet and one or more data packets, a handshake packet, or both.) The USB 2.0 specification divides the 1-millisecond frame into eight, 125-microsecond microframes, each of which can carry multiple transactions to multiple destinations. ● The maximum amount of data allowed in a transaction is increased to 3 KB. ● Any isochronous endpoints in a device’s default interface must have a maximum packet size of zero. (This means that the default setting for an interface containing isochronous pipes is alternate setting zero and the maximum packet size for that interface’s isochronous endpoints must be zero.) This ensures that the host can configure the device no matter how busy the bus is. For a summary of how these differences affect the OS X USB API, see “Changes in Isochronous Functions to Support USB 2.0” (page 17). USB Device Overview USB Device Architecture and Terminology 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 10USB Devices on OS X When a USB device is plugged in, the OS X USB family abstracts the contents of the device descriptor into an I/O Kit nub object called an IOUSBDevice. This nub object is attached to the IOService plane of the I/O Registry as a child of the driver for the USB controller. The IOUSBDevice nub object is then registered for matching with the I/O Kit. If the device is a composite class device with no vendor-specific driver to match against it, the AppleUSBComposite driver matches against it and starts as its provider. The AppleUSBComposite driver then configures the device by setting the configuration in the device’s list of configuration descriptors with the maximum power usage that can be satisfied by the port to which the device is attached. This allows a device with a low power and a high power configuration to be configured differently depending on whether it’s attached to a bus-powered hub or a self-powered hub. In addition, if the IOUSBDevice nub object has the “Preferred Configuration” property, the AppleUSBComposite driver will always use that value when it attempts to configure the device. The configuration of the device causes the USB family to abstract each interface descriptor in the chosen configuration into an IOUSBInterface nub object. These nub objects are attached to the I/O Registry as children of the original IOUSBDevice nub object and are registered for matching with the I/O Kit. Important: Because a composite class device is configured by the AppleUSBComposite driver, setting the configuration again from your application will result in the destruction of the IOUSBInterface nub objects and the creation of new ones. In general, the only reason to set the configuration of a composite class device that’s matched by the AppleUSBComposite driver is to choose a configuration other than the first one. For non-composite class devices or composite class devices with vendor-specific drivers that match against them, there is no guarantee that any configuration will be set and you may have to perform this task within your application. It's important to be mindful of the difference between a USB device (represented in the I/O Registry by an IOUSBDevice nub object) and its interfaces (each represented by an IOUSBInterface nub object). A multifunction USB device, for example, is represented in the I/O Registry by one IOUSBDevice object and one IOUSBInterface object for each interface. The distinction between interface and device isimportant because it determines which object your application must find in the I/O Registry and which type of device interface to get. For example, if your application needs to communicate with a specific interface in a multifunction USB device, it must find that interface and get an IOUSBInterfaceInterface to communicate with it. An application that needs to communicate with the USB device as a whole, on the other hand, would need to find the device in the I/O Registry and get an IOUSBDeviceInterface to communicate with it. For more information on finding devices and interfaces in USB Device Overview USB Devices on OS X 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 11the I/O Registry, see “Finding USB Devices and Interfaces” (page 12); for more information on how to get the proper device interface to communicate with a device or interface, see “Using USB Device Interfaces” (page 20). Finding USB Devices and Interfaces To find a USB device or interface, use the keys defined in the Universal Serial Bus Common Class Specification, Revision 1.0 (available for download from http://www.usb.org/developers/devclass_docs/usbccs10.pdf) to create a matching dictionary that defines a particular search. If you are unfamiliar with the concept of device matching, see the section “Finding Devices in the I/O Registry” in Accessing Hardware From Applications. The keys defined in the specification are listed in the tables below. Each key consists of a specific combination of elements in a device or interface descriptor. In the tables below, the elements in a key are separated by the ‘+’ character to emphasize the requirement that all a key’s elements must appear together in your matching dictionary. Both tables present the keys in order of specificity: the first key in each table defines the most specific search and the last key defines the broadest search. Before you build a matching dictionary, be sure you know whether your application needs to communicate with a device or a specific interface in a device. It’s especially important to be aware of this distinction when working with multifunction devices. A multifunction device is often a composite class device that defines a separate interface for each function. If, for example, your application needs to communicate with the scanning function of a device that does scanning, faxing, and printing, you need to build a dictionary to match on only the scanning interface (an IOUSBInterface object), not the device as a whole (an IOUSBDevice object). In this situation, you would use the keys defined for interface matching (those shown in Table 1-3 (page 13)), not the keys for device matching. Table 1-2 (page 12) lists the keys you can use to find devices (not interfaces). Each key element is a piece of information contained in the device descriptor for a USB device. Table 1-2 Keys for finding a USB device Key Notes bcdDevice contains the release number of the device idVendor + idProduct + bcdDevice idVendor + idProduct Use this key only if the device’s bDeviceClass is $FF idVendor + bDeviceSubClass + bDeviceProtocol Use this key only if the device’s bDeviceClass is $FF idVendor + bDeviceSubClass USB Device Overview USB Devices on OS X 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 12Key Notes Use this key only if the device’s bDeviceClass is not $FF bDeviceClass + bDeviceSubClass + bDeviceProtocol Use this key only if the device’s bDeviceClass is not $FF bDeviceClass + bDeviceSubClass Table 1-3 (page 13) lists the keys you can use to find interfaces (not devices). Each key element is a piece of information contained in an interface descriptor for a USB device. Table 1-3 Keys for finding a USB interface Key Notes idVendor + idProduct + bcdDevice + bConfigurationValue + bInterfaceNumber idVendor + idProduct + bConfigurationValue + bInterfaceNumber Use this key only if bInterfaceClass is $FF idVendor + bInterfaceSubClass + bInterfaceProtocol Use this key only if bInterfaceSubClass is $FF idVendor + bInterfaceSubClass Use this key only if bInterfaceSubClass is not $FF bInterfaceClass + bInterfaceSubClass + bInterfaceProtocol Use this key only if bInterfaceSubClass is not $FF bInterfaceClass + bInterfaceSubClass For a successful search, you must add the elements of exactly one key to your matching dictionary. If your matching dictionary contains a combination of elements not defined by any key, the search will be unsuccessful. For example, if you create a matching dictionary containing values representing a device’s vendor, product, and protocol, the search will be unsuccessful even if a device with those precise values in its device descriptor is currently represented by an IOUSBDevice nub in the I/O Registry. This is because there is no key in Table 1-2 (page 12) that combines the idVendor, idProduct, and bDeviceProtocol elements. USB Device Overview USB Devices on OS X 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 13USB Family Error Codes As you develop an application to access a USB device or interface, you will probably encounter error codes specific to the OS X USB family. If you are using Xcode, you can search for information about these error codes in the Xcode documentation window. To find error code documentation, select Documentation from the Xcode Help menu. Select Full-Text Search from the pull-down menu associated with the search field (click the magnifying glass icon to reveal the menu). Select Reference Library in the Search Groups pane at the left of the window. Type an error code number in the search field, such as 0xe0004057, and press Return. Select the most relevant entry in the search results to display the document in the lower portion of the window. Use the Find command (press Command-F) to find the error code in this document. Using the example of error code 0xe0004057, you’ll see that this error is returned when the endpoint has not been found. For help with deciphering I/O Kit error codes in general, see Technical Q&A QA1075, “Making sense of I/O Kit error codes.” Determining Which Interface Version to Use As described in “USB Devices on OS X” (page 11), the OS X USB family provides an IOUSBDeviceInterface object you use to communicate with a USB device as a whole and an IOUSBInterfaceInterface object you use to communicate with an interface in a USB device. There are a number of different versions of the USB family, however, some of which provide new versions of these interface objects. (One way to find the version of the USB family installed in your computer is to view the Finder preview information for the IOUSBFamily.kext located in /System/Library/Extensions.) This section describes how to make sure you use the correct interface object and how to view the documentation for the interface objects. The first version of the USB family was introduced in OS X v10.0 and contains the first versions of the interface objects IOUSBDeviceInterface and IOUSBInterfaceInterface. When new versions of the USB family introduce new functions for an interface object, a new version of the interface object is created, which gives access to both the new functions and all functions defined in all previous versions of that interface object. For example, the IOUSBDeviceInterface197 object provides two new functions you can use with version 1.9.7 of the USB family (available in OS X v10.2.3 and later), in addition to all functions available in the previous device interface objects IOUSBDeviceInterface187, IOUSBDeviceInterface182, and IOUSBDeviceInterface. As you develop an application that accesses a USB device or interface, you should use the latest version of the interface object that is available in the earliest version of OS X that you want to support. For example, if your application must run in OS X v10.0, you must use the IOUSBDeviceInterface and IOUSBInterfaceInterface objects. If, however, you develop an application to run in OS X v10.4 and later, you use the IOUSBDeviceInterface197 object to access the device as a whole and the USB Device Overview USB Devices on OS X 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 14IOUSBInterfaceInterface220 object to access an interface in it. This is because IOUSBDeviceInterface197 is available inOS X version 10.2.3 and later and IOUSBInterfaceInterface220 is available in OS X v10.4 and later. Note: When you view the documentation for these interface objects, notice that each version is documented separately. For example, the documentation for IOUSBDeviceInterface197 contains information about the two new functions introduced in this version, but does not repeat the documentation for the functions introduced in IOUSBDeviceInterface187, IOUSBDeviceInterface182, and IOUSBDeviceInterface. Tasks and Caveats This section presents some specific tasks your application might need to perform, along with some caveats related to USB 2.0 support of which you should be aware. Handling Stalls, Halts, and Data Toggle Resynchronization As described in “Stalls and Halts ” (page 9), stalls and halts are closely related in their effect on data transmission. To simplify the API, the USB family uses the pipe stall terminology in the names of the functions that handle these conditions: ● ClearPipeStall ● ClearPipeStallBothEnds The ClearPipeStall function operates exclusively on the host controller side, clearing the halt feature and resetting the data toggle bit to zero. If the endpoint’s halt feature and data toggle bit must be reset as well, your application must do so explicitly, using one of the ControlRequest functions to send the appropriate device request. See the documentation for the USB.h header file in I/O Kit Framework Reference for more information about standard device requests. In OS X version 10.2 and later, you can use the ClearPipeStallBothEnds function which, as its name suggests, clears the halt and resets the data toggle bit on both sides at the same time. Using the Low Latency Isochronous Functions In OS X, the time between when an isochronous transaction completes on the USB bus and when you receive your callback can stretch to tens of milliseconds. This is because the callback happens on the USB family work loop, which runs at a lower priority than some other threads in the system. In most cases, you can work around USB Device Overview Tasks and Caveats 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 15this delay by queuing read and write requests so that the next transaction is scheduled and ready to start before you receive the callback from the current transaction. In fact, this scheme is a good way to achieve higher performance whether or not low latency is a requirement of your application. In a few cases, however, queuing isochronous transactions to keep the pipe busy is not enough to prevent a latency problem that a user might notice. Consider an application that performs audio processing on some USB input (from a musical instrument, for example) before sending the processed data out to USB speakers. In this scenario, a user hears both the raw, unprocessed output of the instrument and the processed output of the speakers. Of course, some small delay between the time the instrument creates the raw sound waves and the time the speaker emits the processed sound waves is unavoidable. If this delay is greater than about 8 milliseconds, however, the user will notice. In OS X version 10.2.3 (version 1.9.2 of the USB family) the USB family solves this problem by taking advantage of the predictability of isochronous data transfers. By definition, isochronous mode guarantees the delivery of some amount of data every frame or microframe. In earlier versions of OS X, however, it was not possible to find out the exact amount of data that was transferred by a given time. This meant that an application could not begin processing the data until it received the callback associated with the transaction, telling it the transfer status and the actual amount of data that was transferred. Version 1.9.2 of the USB family introduced the LowLatencyReadIsochPipeAsync and LowLatencyWriteIsochPipeAsync functions. These functions update the frame list information (including the transferstatus and the number of bytes actually transferred) at primary interrupt time. Using these functions, an application can request that the frame list information be updated as frequently as every millisecond. This means an application can retrieve and begin processing the number of bytes actually transferred once a millisecond, without waiting for the entire transaction to complete. Important: Because these functions cause processing at primary interrupt time, it is essential you use them only if it is absolutely necessary. Overuse of these functions can cause degradation of system performance. To support the low latency isochronous read and write functions, the USB family also introduced functions to create and destroy the buffers that hold the frame list information and the data. Although you can choose to create a single data buffer and a single frame list buffer or multiple buffers of each type, you must use the LowLatencyCreateBuffer function to create them. Similarly, youmust use the LowLatencyDestroyBuffer function to destroy the buffers after you are finished with them. This restricts all necessary communication with kernel entities to the USB family. For reference documentation on the low latency isochronous functions, see the IOUSBLib.h documentation in I/O Kit Framework Reference . USB Device Overview Tasks and Caveats 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 16Errors Reported by the EHCI Hub The EHCI hub that supports high-speed devices (as well as low-speed and full-speed devices) provides coarser-grained error reporting than the OHCI hub does. For example, with an OHCI hub, you might receive an “endpoint timed out” error if you unplug the device while it is active. If you perform the same action with an EHCI hub, you might receive a “pipe stalled” error instead. The Apple EHCI hub driver cannot get more detailed error information from the hub, so it alternates between reporting “device not responding” and “pipe stalled” regardless of the actual error reported by the device. To avoid problems with your code, be sure your application does not rely on other, more specific errors to make important decisions. Changes in Isochronous Functions to Support USB 2.0 Recall that the USB 2.0 specification divides the 1-millisecond frame into eight, 125-microsecond microframes. The USB family handles this by reinterpreting some function parameters (where appropriate) and adding a couple of new functions. This section summarizes these changes; for reference documentation, see documentation for IOUSBLib.h in I/O Kit Framework Reference . The functions you use to read from and write to isochronous endpoints are ReadIsochPipeAsync and WriteIsochPipeAsync. Both functions include the following two parameters: ● numFrames—The number of frames for which to transfer data ● frameList—A pointer to an array of structures that describe the frames If you need to handle high-speed isochronous transfers, you can think of these parameters as referring to “transfer opportunities” instead of frames. In other words, numFrames can refer to a number of frames for full-speed devices or to a number of microframes for high-speed devices. Similarly, frameList specifies the list of transfers you want to occur, whether they are in terms of frames or microframes. Note: The ReadIsochPipeAsync and WriteIsochPipeAsync functions also have the frameStart parameter in common, but it does not get reinterpreted. Thisis because all isochronoustransactions, including high-speed isochronoustransactions,start on a frame boundary, not amicroframe boundary. To help you determine whether a device isfunctioning in full-speed or high-speed mode, the USB family added the GetFrameListTime function, which returns the number of microseconds in a frame. By examining the result (kUSBFullSpeedMicrosecondsInFrame or kUSBHighSpeedMicrosecondsInFrame) you can tell in which mode the device is operating. USB Device Overview Tasks and Caveats 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 17The USB family also added the GetBusMicroFrameNumber function which is similar to the GetBusFrameNumber function, except that it returns both the current frame and microframe number and includes the time at which that information was retrieved. To handle the new specification’s requirement that isochronous endpoints in a device’s default interface have a maximum packetsize of zero, the USB family added functionsthat allow you to balance bandwidth allocations among isochronous endpoints. A typical scenario is this: 1. Call GetBandwidthAvailable (available inOS X version 10.2 and later)to determine howmuch bandwidth is currently available for allocation to isochronous endpoints. 2. Call GetEndpointProperties (available in OS X version 10.2 and later) to examine the alternate settings of an interface and find one that uses an appropriate amount of bandwidth. 3. Call SetAlternateInterface (available in OS X version 10.0 and later) to create the desired interface and allocate the pipe objects. 4. Call GetPipeProperties (available in OS X version 10.0 and later) on the chosen isochronous endpoint. Thisis a very importantstep because SetAlternateInterface willsucceed, even if there is not enough bandwidth for the endpoints. Also, another device might have claimed the bandwidth that was available at the time the GetBandwidthAvailable function returned. If this happens, the maximum packet size for your chosen endpoint (contained in the maxPacketSize field) is now zero, which means that the bandwidth is no longer available. In addition, in OS X version 10.2, the USB family added the SetPipePolicy function, which allows you to relinquish bandwidth that might have been specified in an alternate setting. USB Device Access in an Intel-Based Macintosh This section provides an overview of some of the issues related to developing a universal binary version of an application that accesses a USB device. Before you read this section, be sure to read Universal Binary Programming Guidelines. That document covers architectural differences and byte-ordering formats and provides comprehensive guidelines for code modification and building universal binaries. The guidelines in that document apply to all types of applications, including those that access hardware. Before you build your application as a universal binary, make sure that: ● You port your project to GCC 4 (Xcode uses GCC 4 to target Intel-based Macintosh computers) ● You install the OS X v10.4 universal SDK ● You develop your project in Xcode 2.1 or later USB Device Overview USB Device Access in an Intel-Based Macintosh 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 18The USB bus is a little-endian bus. Structured data appears on the bus in the little-endian format regardless of the native endian format of the computer an application isrunning in. If you've developed a USB device-access application to run in a PowerPC-based Macintosh, you probably perform some byte swapping on data you read from the USB bus because the PowerPC processor uses the big-endian format. For example, the USB configuration descriptor structure contains a two-byte field that holds the descriptor length. If your PowerPC application reads this structure from the USB bus (instead of receiving it from a USB device interface function), you need to swap the value from the USB bus format (little endian) to the PowerPC format (big endian). The USB family provides several swapping macros that swap from USB to host and from host to USB (for more information on these macros, see USB.h). The Kernel framework also provides byte-swapping macros and functions you can use in high-level applications (see the OSByteOrder.h header file in libkern). If you use these macros in your application, you shouldn't have any trouble developing a universal binary version of your application. This is because these macros determine at compile time if a swap is necessary. If, however, your application uses hard-coded swaps from little endian to big endian, your application will not run correctly in an Intel-based Macintosh. As you develop a universal binary version of your application, therefore, be sure to use the USB family swapping macros or the macros in libkern/OSByteOrder.h for all byte swapping. Although you may need to perform byte swapping on values your application reads from the USB bus, you do not need to perform any byte swapping on values you pass in arguments to functions in the USB family API. You should pass argument values in the computer's host format. Likewise, any values you receive from the USB family functions will be in the computer's host format. USB Device Overview USB Device Access in an Intel-Based Macintosh 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 19This chapter describes how to develop a user-space tool that finds and communicates with an attached USB device and one of its interfaces. Important: The sample code featured in this document isintended to illustrate how to access a USB device from an application. It is not intended to provide guidance on error handling and other features required for production-quality code. Using USB Device Interfaces Applications running in OS X get access to USB devices by using I/O Kit functions to acquire a device interface, a type of plug-in that specifies functions the application can call to communicate with the device. The USB family provides two types of device interface: ● IOUSBDeviceInterface for communicating with the device itself ● IOUSBInterfaceInterface for communicating with an interface in the device Both device interfaces are defined in /System/Library/Frameworks/IOKit.framework/Headers/usb/IOUSBLib.h. Communicating with the device itself is usually only necessary when you need to set or change its configuration. For example, vendor-specific devices are often not configured because there are no default drivers that set a particular configuration. In this case, your application must use the device interface for the device to set the configuration it needs so the interfaces become available. Important: If your application is sandboxed, it must request the com.apple.security.device.usb entitlement in order to access USB devices. The process of finding and communicating with a USB device is divided into two sets of steps. The first set outlines how to find a USB device, acquire a device interface of type IOUSBDeviceInterface for it, and set or change its configuration. The second set describes how to find an interface in a device, acquire a device interface of type IOUSBInterfaceInterface for it, and use it to communicate with that interface. If you need to communicate with an unconfigured device or if you need to change a device’s configuration, you follow both sets of steps. If you need to communicate with a device that is already configured to your 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 20 Working With USB Device Interfacesspecification, you follow only the second set of steps. The sample code in “Accessing a USB Device” (page 22) follows both sets of steps and extends them to include setting up notifications it can receive when devices are dynamically added or removed. Follow this first set of steps only to set or change the configuration of a device. If the device you’re interested in is already configured for your needs, skip these steps and follow the second set of steps. 1. Find the IOUSBDevice object that represents the device in the I/O Registry. This includes setting up a matching dictionary with a key from the USB Common Class Specification (see “Finding USB Devices and Interfaces” (page 12)). The sample code usesthe key elements kUSBVendorName and kUSBProductName to find a particular USB device (this is the second key listed in Table 1-2 (page 12)). 2. Create a device interface of type IOUSBDeviceInterface for the device. This device interface provides functionsthat perform taskssuch assetting or changing the configuration of the device, getting information about the device, and resetting the device. 3. Examine the device’s configurations with GetConfigurationDescriptorPtr, choose the appropriate one, and call SetConfiguration to set the device’s configuration and instantiate the IOUSBInterface objects for that configuration. Follow thissecond set ofstepsto find and choose an interface, acquire a device interface for it, and communicate with the device. 1. Create an interface iterator to iterate over the available interfaces. 2. Create a device interface for each interface so you can examine its properties and select the appropriate one. To do this, you create a device interface of type IOUSBInterfaceInterface. This device interface providesfunctionsthat perform taskssuch as getting information about the interface,setting the interface’s alternate setting, and accessing its pipes. 3. Use the USBInterfaceOpen function to open the selected interface. This will cause the pipes associated with the interface to be instantiated so you can examine the properties of each and select the appropriate one. 4. Communicate with the device through the selected pipe. You can write to and read from the pipe synchronously or asynchronously—the sample code in “Accessing a USB Device” (page 22) shows how to do both. Working With USB Device Interfaces Using USB Device Interfaces 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 21Accessing a USB Device This section provides snippets of sample code that show how to access a Cypress EZ-USB chip with an 8051 microcontroller core. The sample code followsthe firstset ofstepsin section “Using USB Device Interfaces” (page 20) to find the Cypress EZ-USB chip in its default, unprogrammed state (also referred to as the “raw device”). It then configures the device and downloads firmware provided by Cypress to program the chip to behave as a device that echoes all information it receives on its bulk out pipe to its bulk in pipe. Once the chip has been programmed, the device nub representing the default, unprogrammed device is detached from the I/O Registry and a new device nub, representing the programmed chip, is attached. To communicate with the programmed chip (also referred to as the “bulk test device”), the sample code must perform the first set of steps again to find the device, create a device interface for it, and configure it. Then it performs the second set of steps to find an interface, create a device interface for it, and test the device. The sample code also shows how to set up notifications for the dynamic addition and removal of a device. Important: If your application is sandboxed, it must request the com.apple.security.device.usb entitlement in order to access USB devices. Definitions and Global Variables The code in the USB Notification Example uses the definitions and global variables shown in Listing 2-1 (page 22). The definition of USE_ASYNC_IO allows you to choose to use either synchronous or asynchronous calls to read from and write to the chip by commenting out the line or leaving it in, respectively. The definition of kTestMessage sets up a simple message to write to the device. The remaining definitions are specific to the Cypress EZ-USB chip. Listing 2-1 Definitions and global variables #define USE_ASYNC_IO //Comment this line out if you want to use //synchronous calls for reads and writes #define kTestMessage "Bulk I/O Test" #define k8051_USBCS 0x7f92 #define kOurVendorID 1351 //Vendor ID of the USB device #define kOurProductID 8193 //Product ID of device BEFORE it //is programmed (raw device) #define kOurProductIDBulkTest 4098 //Product ID of device AFTER it is //programmed (bulk test device) //Global variables Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 22static IONotificationPortRef gNotifyPort; static io_iterator_t gRawAddedIter; static io_iterator_t gRawRemovedIter; static io_iterator_t gBulkTestAddedIter; static io_iterator_t gBulkTestRemovedIter; static char gBuffer[64]; The main Function The main function in the USB Notification Example project (contained in the file main.c) accomplishes the following tasks. ● It establishes communication with the I/O Kit and sets up a matching dictionary to find the Cypress EZ-USB chip. ● It sets up an asynchronous notification to be called when an unprogrammed (raw) device is first attached to the I/O Registry and another to be called when the device is removed. ● It modifies the matching dictionary to find the programmed (bulk test) device. ● It sets up additional notifications to be called when the bulk test device is first attached or removed. ● It starts the run loop so the notifications that have been set up will be received. The main function uses I/O Kit functions to set up and modify a matching dictionary and set up notifications, and Core Foundation functions to set up the run loop for receiving the notifications. It calls the following functions to access both the raw device and the bulk test device. ● RawDeviceAdded, shown in Listing 2-3 (page 27), iterates over the set of matching devices and creates a device interface for each one. It calls ConfigureDevice (shown in Listing 2-5 (page 30)) to set the device’s configuration, and then DownloadToDevice (shown in Listing 2-6 (page 32)) to download the firmware to program it. ● RawDeviceRemoved,shown in Listing 2-4 (page 30), iterates over the set of matching devices and releases each one in turn. ● BulkTestDeviceAdded, shown in Listing 2-7 (page 34), iterates over the new set of matching devices, creates a device interface for each one, and calls ConfigureDevice (shown in Listing 2-5 (page 30)) to set the device’s configuration. It then calls FindInterfaces (shown in Listing 2-8 (page 36)) to get access to the interfaces on the device. ● BulkTestDeviceRemoved iterates over the new set of matching devices and releases each one in turn. This function is not shown in this chapter; see RawDeviceRemoved (Listing 2-4 (page 30)) for a nearly identical function. Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 23Listing 2-2 The main function int main (int argc, const char *argv[]) { mach_port_t masterPort; CFMutableDictionaryRef matchingDict; CFRunLoopSourceRef runLoopSource; kern_return_t kr; SInt32 usbVendor = kOurVendorID; SInt32 usbProduct = kOurProductID; // Get command line arguments, if any if (argc > 1) usbVendor = atoi(argv[1]); if (argc > 2) usbProduct = atoi(argv[2]); //Create a master port for communication with the I/O Kit kr = IOMasterPort(MACH_PORT_NULL, &masterPort); if (kr || !masterPort) { printf("ERR: Couldn’t create a master I/O Kit port(%08x)\n", kr); return -1; } //Set up matching dictionary for class IOUSBDevice and its subclasses matchingDict = IOServiceMatching(kIOUSBDeviceClassName); if (!matchingDict) { printf("Couldn’t create a USB matching dictionary\n"); mach_port_deallocate(mach_task_self(), masterPort); return -1; } //Add the vendor and product IDs to the matching dictionary. //This is the second key in the table of device-matching keys of the //USB Common Class Specification Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 24CFDictionarySetValue(matchingDict, CFSTR(kUSBVendorName), CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &usbVendor)); CFDictionarySetValue(matchingDict, CFSTR(kUSBProductName), CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &usbProduct)); //To set up asynchronous notifications, create a notification port and //add its run loop event source to the program’s run loop gNotifyPort = IONotificationPortCreate(masterPort); runLoopSource = IONotificationPortGetRunLoopSource(gNotifyPort); CFRunLoopAddSource(CFRunLoopGetCurrent(), runLoopSource, kCFRunLoopDefaultMode); //Retain additional dictionary references because each call to //IOServiceAddMatchingNotification consumes one reference matchingDict = (CFMutableDictionaryRef) CFRetain(matchingDict); matchingDict = (CFMutableDictionaryRef) CFRetain(matchingDict); matchingDict = (CFMutableDictionaryRef) CFRetain(matchingDict); //Now set up two notifications: one to be called when a raw device //is first matched by the I/O Kit and another to be called when the //device is terminated //Notification of first match: kr = IOServiceAddMatchingNotification(gNotifyPort, kIOFirstMatchNotification, matchingDict, RawDeviceAdded, NULL, &gRawAddedIter); //Iterate over set of matching devices to access already-present devices //and to arm the notification RawDeviceAdded(NULL, gRawAddedIter); //Notification of termination: kr = IOServiceAddMatchingNotification(gNotifyPort, kIOTerminatedNotification, matchingDict, RawDeviceRemoved, NULL, &gRawRemovedIter); Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 25//Iterate over set of matching devices to release each one and to //arm the notification RawDeviceRemoved(NULL, gRawRemovedIter); //Now change the USB product ID in the matching dictionary to match //the one the device will have after the firmware has been downloaded usbProduct = kOurProductIDBulkTest; CFDictionarySetValue(matchingDict, CFSTR(kUSBProductName), CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &usbProduct)); //Now set up two notifications: one to be called when a bulk test device //is first matched by the I/O Kit and another to be called when the //device is terminated. //Notification of first match kr = IOServiceAddMatchingNotification(gNotifyPort, kIOFirstMatchNotification, matchingDict, BulkTestDeviceAdded, NULL, &gBulkTestAddedIter); //Iterate over set of matching devices to access already-present devices //and to arm the notification BulkTestDeviceAdded(NULL, gBulkTestAddedIter); //Notification of termination kr = IOServiceAddMatchingNotification(gNotifyPort, kIOTerminatedNotification, matchingDict, BulkTestDeviceRemoved, NULL, &gBulkTestRemovedIter); //Iterate over set of matching devices to release each one and to //arm the notification. NOTE: this function is not shown in this document. BulkTestDeviceRemoved(NULL, gBulkTestRemovedIter); //Finished with master port mach_port_deallocate(mach_task_self(), masterPort); masterPort = 0; Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 26//Start the run loop so notifications will be received CFRunLoopRun(); //Because the run loop will run forever until interrupted, //the program should never reach this point return 0; } Working With the Raw Device Now that you’ve obtained an iterator for a set of matching devices, you can use it to gain access to each raw device, configure it, and download the appropriate firmware to it. The function RawDeviceAdded (shown in Listing 2-3 (page 27)) uses I/O Kit functions to create a device interface for each device and then calls the following functions to configure the device and download firmware to it. ● ConfigureDevice, shown in Listing 2-5 (page 30), uses device interface functions to get the number of configurations, examine the first one, and set the device’s configuration. ● DownloadToDevice, shown in Listing 2-6 (page 32), downloads the firmware in bulktest.c to the device. Listing 2-3 Accessing and programming the raw device void RawDeviceAdded(void *refCon, io_iterator_t iterator) { kern_return_t kr; io_service_t usbDevice; IOCFPlugInInterface **plugInInterface = NULL; IOUSBDeviceInterface **dev = NULL; HRESULT result; SInt32 score; UInt16 vendor; UInt16 product; UInt16 release; while (usbDevice = IOIteratorNext(iterator)) { //Create an intermediate plug-in Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 27kr = IOCreatePlugInInterfaceForService(usbDevice, kIOUSBDeviceUserClientTypeID, kIOCFPlugInInterfaceID, &plugInInterface, &score); //Don’t need the device object after intermediate plug-in is created kr = IOObjectRelease(usbDevice); if ((kIOReturnSuccess != kr) || !plugInInterface) { printf("Unable to create a plug-in (%08x)\n", kr); continue; } //Now create the device interface result = (*plugInInterface)->QueryInterface(plugInInterface, CFUUIDGetUUIDBytes(kIOUSBDeviceInterfaceID), (LPVOID *)&dev); //Don’t need the intermediate plug-in after device interface //is created (*plugInInterface)->Release(plugInInterface); if (result || !dev) { printf("Couldn’t create a device interface (%08x)\n", (int) result); continue; } //Check these values for confirmation kr = (*dev)->GetDeviceVendor(dev, &vendor); kr = (*dev)->GetDeviceProduct(dev, &product); kr = (*dev)->GetDeviceReleaseNumber(dev, &release); if ((vendor != kOurVendorID) || (product != kOurProductID) || (release != 1)) { printf("Found unwanted device (vendor = %d, product = %d)\n", vendor, product); Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 28(void) (*dev)->Release(dev); continue; } //Open the device to change its state kr = (*dev)->USBDeviceOpen(dev); if (kr != kIOReturnSuccess) { printf("Unable to open device: %08x\n", kr); (void) (*dev)->Release(dev); continue; } //Configure device kr = ConfigureDevice(dev); if (kr != kIOReturnSuccess) { printf("Unable to configure device: %08x\n", kr); (void) (*dev)->USBDeviceClose(dev); (void) (*dev)->Release(dev); continue; } //Download firmware to device kr = DownloadToDevice(dev); if (kr != kIOReturnSuccess) { printf("Unable to download firmware to device: %08x\n", kr); (void) (*dev)->USBDeviceClose(dev); (void) (*dev)->Release(dev); continue; } //Close this device and release object kr = (*dev)->USBDeviceClose(dev); kr = (*dev)->Release(dev); Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 29} } The function RawDeviceRemoved simply uses the iterator obtained from the main function (shown in Listing 2-2 (page 24)) to release each device object. This also has the effect of arming the raw device termination notification so it will notify the program of future device removals. RawDeviceRemoved is shown in Listing 2-4 (page 30). Listing 2-4 Releasing the raw device objects void RawDeviceRemoved(void *refCon, io_iterator_t iterator) { kern_return_t kr; io_service_t object; while (object = IOIteratorNext(iterator)) { kr = IOObjectRelease(object); if (kr != kIOReturnSuccess) { printf("Couldn’t release raw device object: %08x\n", kr); continue; } } } Although every USB device has one or more configurations, unless the device is a composite class device that’s been matched by the AppleUSBComposite driver which automatically sets the first configuration, none of those configurations may have been set. Therefore, your application may have to use device interface functions to get the appropriate configuration value and use it to set the device’s configuration. In the sample code, the function ConfigureDevice (shown in Listing 2-5 (page 30)) accomplishes this task. In fact, it is called twice: once by RawDeviceAdded to configure the raw device and again by BulkTestDeviceAdded (shown in Listing 2-7 (page 34)) to configure the bulk test device. Listing 2-5 Configuring a USB device IOReturn ConfigureDevice(IOUSBDeviceInterface **dev) Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 30{ UInt8 numConfig; IOReturn kr; IOUSBConfigurationDescriptorPtr configDesc; //Get the number of configurations. The sample code always chooses //the first configuration (at index 0) but your code may need a //different one kr = (*dev)->GetNumberOfConfigurations(dev, &numConfig); if (!numConfig) return -1; //Get the configuration descriptor for index 0 kr = (*dev)->GetConfigurationDescriptorPtr(dev, 0, &configDesc); if (kr) { printf("Couldn’t get configuration descriptor for index %d (err = %08x)\n", 0, kr); return -1; } //Set the device’s configuration. The configuration value is found in //the bConfigurationValue field of the configuration descriptor kr = (*dev)->SetConfiguration(dev, configDesc->bConfigurationValue); if (kr) { printf("Couldn’t set configuration to value %d (err = %08x)\n", 0, kr); return -1; } return kIOReturnSuccess; } Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 31Now that the device is configured, you can download firmware to it. Cypress makes firmware available to program the EZ-USB chip to emulate different devices. The sample code in this document uses firmware that programs the chip to be a bulk test device, a device that takes the data it receives from its bulk out pipe and echoesit to its bulk in pipe. The firmware, contained in the file bulktest.c, is an array of INTEL_HEX_RECORD structures (defined in the file hex2c.h). The function DownloadToDevice uses the function WriteToDevice (shown together in Listing 2-6 (page 32)) to prepare the device to receive the download and then to write information from each structure to the appropriate address on the device. When all the firmware has been downloaded, DownloadToDevice calls WriteToDevice a last time to inform the device that the download is complete. At this point, the raw device detaches itself from the bus and reattaches as a bulk test device. This causes the device nub representing the raw device to be removed from the I/O Registry and a new device nub, representing the bulk test device, to be attached. Listing 2-6 Two functions to download firmware to the raw device IOReturn DownloadToDevice(IOUSBDeviceInterface **dev) { int i; UInt8 writeVal; IOReturn kr; //Assert reset. This tells the device that the download is //about to occur writeVal = 1; //For this device, a value of 1 indicates a download kr = WriteToDevice(dev, k8051_USBCS, 1, &writeVal); if (kr != kIOReturnSuccess) { printf("WriteToDevice reset returned err 0x%x\n", kr); (*dev)->USBDeviceClose(dev); (*dev)->Release(dev); return kr; } //Download firmware i = 0; while (bulktest[i].Type == 0) //While bulktest[i].Type == 0, this is Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 32{ //not the last firmware record to //download kr = WriteToDevice(dev, bulktest[i].Address, bulktest[i].Length, bulktest[i].Data); if (kr != kIOReturnSuccess) { printf("WriteToDevice download %i returned err 0x%x\n", i, kr); (*dev)->USBDeviceClose(dev); (*dev)->Release(dev); return kr; } i++; } //De-assert reset. This tells the device that the download is complete writeVal = 0; kr = WriteToDevice(dev, k8051_USBCS, 1, &writeVal); if (kr != kIOReturnSuccess) printf("WriteToDevice run returned err 0x%x\n", kr); return kr; } IOReturn WriteToDevice(IOUSBDeviceInterface **dev, UInt16 deviceAddress, UInt16 length, UInt8 writeBuffer[]) { IOUSBDevRequest request; request.bmRequestType = USBmakebmRequestType(kUSBOut, kUSBVendor, kUSBDevice); request.bRequest = 0xa0; request.wValue = deviceAddress; request.wIndex = 0; Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 33request.wLength = length; request.pData = writeBuffer; return (*dev)->DeviceRequest(dev, &request); } Working With the Bulk Test Device After you download the firmware to the device, the raw device is no longer attached to the bus. To gain access to the bulk test device, you repeat most of the same steps you used to get access to the raw device. ● Use the iterator obtained by a call to IOServiceAddMatchingNotification in the main function (shown in Listing 2-2 (page 24)) to iterate over a set of matching devices. ● Create a device interface for each device. ● Configure the device. This time, however, the next step is to find the interfaces on the device so you can choose the appropriate one and get access to its pipes. Because of the similarities of these tasks, the function BulkTestDeviceAdded follows the same outline of the RawDeviceAdded function except that instead of downloading firmware to the device, it calls FindInterfaces (shown in Listing 2-8 (page 36)) to examine the available interfaces and their pipes. The code in Listing 2-7 (page 34) replaces most of the BulkTestDeviceAdded function’s code with comments, focusing on the differences between it and the RawDeviceAdded function. Listing 2-7 Accessing the bulk test device void BulkTestDeviceAdded(void *refCon, io_iterator_t iterator) { kern_return_t kr; io_service_t usbDevice; IOUSBDeviceInterface **device=NULL; while (usbDevice = IOIteratorNext(iterator)) { //Create an intermediate plug-in using the //IOCreatePlugInInterfaceForService function //Release the device object after getting the intermediate plug-in Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 34//Create the device interface using the QueryInterface function //Release the intermediate plug-in object //Check the vendor, product, and release number values to //confirm we’ve got the right device //Open the device before configuring it kr = (*device)->USBDeviceOpen(device); //Configure the device by calling ConfigureDevice //Close the device and release the device interface object if //the configuration is unsuccessful //Get the interfaces kr = FindInterfaces(device); if (kr != kIOReturnSuccess) { printf("Unable to find interfaces on device: %08x\n", kr); (*device)->USBDeviceClose(device); (*device)->Release(device); continue; } //If using synchronous IO, close and release the device interface here #ifndef USB_ASYNC_IO kr = (*device)->USBDeviceClose(device); kr = (*device)->Release(device); #endif } } Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 35The function BulkTestDeviceRemoved simply uses the iterator obtained from the main function (shown in Listing 2-2 (page 24)) to release each device object. This also has the effect of arming the bulk test device termination notification so it will notify the program of future device removals.The BulkTestDeviceRemoved function is identical to the RawDeviceRemoved function (shown in Listing 2-4 (page 30)), with the exception of the wording of the printed error statement. Working With Interfaces Now that you’ve configured the device, you have access to its interfaces. The FindInterfaces function (shown in Listing 2-8 (page 36)) creates an iterator to iterate over all interfaces on the device and then creates a device interface to communicate with each one. For each interface found, the function opens the interface, determines how many endpoints (or pipes) it has, and prints out the properties of each pipe. Because opening an interface causes its pipes to be instantiated, you can get access to any pipe by using its pipe index. The pipe index is the number of the pipe within the interface, ranging from one to the number of endpoints returned by GetNumEndpoints. You can communicate with the default control pipe (described in “USB Transfer Types” (page 8)) from any interface by using pipe index 0, but it is usually better to use the device interface functions for the device itself (see the use of IOUSBDeviceInterface functions in Listing 2-5 (page 30)). The sample code employs conditional compilation using #ifdef and #ifndef to demonstrate both synchronous and asynchronous I/O. If you’ve chosen to test synchronous I/O, FindInterfaces writes the test message (defined in Listing 2-1 (page 22)) to pipe index 2 on the device and readsits echo before returning. For asynchronous I/O, FindInterfaces first creates an event source and adds it to the run loop created by the main function (shown in Listing 2-2 (page 24)). It then sets up an asynchronous write and read that will cause a notification to be sent upon completion. The completion functions WriteCompletion and ReadCompletion are shown together in Listing 2-9 (page 43). Listing 2-8 Finding interfaces on the bulk test device IOReturn FindInterfaces(IOUSBDeviceInterface **device) { IOReturn kr; IOUSBFindInterfaceRequest request; io_iterator_t iterator; io_service_t usbInterface; IOCFPlugInInterface **plugInInterface = NULL; IOUSBInterfaceInterface **interface = NULL; HRESULT result; SInt32 score; Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 36UInt8 interfaceClass; UInt8 interfaceSubClass; UInt8 interfaceNumEndpoints; int pipeRef; #ifndef USE_ASYNC_IO UInt32 numBytesRead; UInt32 i; #else CFRunLoopSourceRef runLoopSource; #endif //Placing the constant kIOUSBFindInterfaceDontCare into the following //fields of the IOUSBFindInterfaceRequest structure will allow you //to find all the interfaces request.bInterfaceClass = kIOUSBFindInterfaceDontCare; request.bInterfaceSubClass = kIOUSBFindInterfaceDontCare; request.bInterfaceProtocol = kIOUSBFindInterfaceDontCare; request.bAlternateSetting = kIOUSBFindInterfaceDontCare; //Get an iterator for the interfaces on the device kr = (*device)->CreateInterfaceIterator(device, &request, &iterator); while (usbInterface = IOIteratorNext(iterator)) { //Create an intermediate plug-in kr = IOCreatePlugInInterfaceForService(usbInterface, kIOUSBInterfaceUserClientTypeID, kIOCFPlugInInterfaceID, &plugInInterface, &score); //Release the usbInterface object after getting the plug-in kr = IOObjectRelease(usbInterface); if ((kr != kIOReturnSuccess) || !plugInInterface) { printf("Unable to create a plug-in (%08x)\n", kr); Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 37break; } //Now create the device interface for the interface result = (*plugInInterface)->QueryInterface(plugInInterface, CFUUIDGetUUIDBytes(kIOUSBInterfaceInterfaceID), (LPVOID *) &interface); //No longer need the intermediate plug-in (*plugInInterface)->Release(plugInInterface); if (result || !interface) { printf("Couldn’t create a device interface for the interface (%08x)\n", (int) result); break; } //Get interface class and subclass kr = (*interface)->GetInterfaceClass(interface, &interfaceClass); kr = (*interface)->GetInterfaceSubClass(interface, &interfaceSubClass); printf("Interface class %d, subclass %d\n", interfaceClass, interfaceSubClass); //Now open the interface. This will cause the pipes associated with //the endpoints in the interface descriptor to be instantiated kr = (*interface)->USBInterfaceOpen(interface); if (kr != kIOReturnSuccess) { printf("Unable to open interface (%08x)\n", kr); (void) (*interface)->Release(interface); break; Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 38} //Get the number of endpoints associated with this interface kr = (*interface)->GetNumEndpoints(interface, &interfaceNumEndpoints); if (kr != kIOReturnSuccess) { printf("Unable to get number of endpoints (%08x)\n", kr); (void) (*interface)->USBInterfaceClose(interface); (void) (*interface)->Release(interface); break; } printf("Interface has %d endpoints\n", interfaceNumEndpoints); //Access each pipe in turn, starting with the pipe at index 1 //The pipe at index 0 is the default control pipe and should be //accessed using (*usbDevice)->DeviceRequest() instead for (pipeRef = 1; pipeRef <= interfaceNumEndpoints; pipeRef++) { IOReturn kr2; UInt8 direction; UInt8 number; UInt8 transferType; UInt16 maxPacketSize; UInt8 interval; char *message; kr2 = (*interface)->GetPipeProperties(interface, pipeRef, &direction, &number, &transferType, &maxPacketSize, &interval); if (kr2 != kIOReturnSuccess) printf("Unable to get properties of pipe %d (%08x)\n", pipeRef, kr2); else Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 39{ printf("PipeRef %d: ", pipeRef); switch (direction) { case kUSBOut: message = "out"; break; case kUSBIn: message = "in"; break; case kUSBNone: message = "none"; break; case kUSBAnyDirn: message = "any"; break; default: message = "???"; } printf("direction %s, ", message); switch (transferType) { case kUSBControl: message = "control"; break; case kUSBIsoc: message = "isoc"; break; case kUSBBulk: message = "bulk"; break; case kUSBInterrupt: message = "interrupt"; Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 40break; case kUSBAnyType: message = "any"; break; default: message = "???"; } printf("transfer type %s, maxPacketSize %d\n", message, maxPacketSize); } } #ifndef USE_ASYNC_IO //Demonstrate synchronous I/O kr = (*interface)->WritePipe(interface, 2, kTestMessage, strlen(kTestMessage)); if (kr != kIOReturnSuccess) { printf("Unable to perform bulk write (%08x)\n", kr); (void) (*interface)->USBInterfaceClose(interface); (void) (*interface)->Release(interface); break; } printf("Wrote \"%s\" (%ld bytes) to bulk endpoint\n", kTestMessage, (UInt32) strlen(kTestMessage)); numBytesRead = sizeof(gBuffer) - 1; //leave one byte at the end //for NULL termination kr = (*interface)->ReadPipe(interface, 9, gBuffer, &numBytesRead); if (kr != kIOReturnSuccess) { printf("Unable to perform bulk read (%08x)\n", kr); (void) (*interface)->USBInterfaceClose(interface); (void) (*interface)->Release(interface); Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 41break; } //Because the downloaded firmware echoes the one’s complement of the //message, now complement the buffer contents to get the original data for (i = 0; i < numBytesRead; i++) gBuffer[i] = ~gBuffer[i]; printf("Read \"%s\" (%ld bytes) from bulk endpoint\n", gBuffer, numBytesRead); #else //Demonstrate asynchronous I/O //As with service matching notifications, to receive asynchronous //I/O completion notifications, you must create an event source and //add it to the run loop kr = (*interface)->CreateInterfaceAsyncEventSource( interface, &runLoopSource); if (kr != kIOReturnSuccess) { printf("Unable to create asynchronous event source (%08x)\n", kr); (void) (*interface)->USBInterfaceClose(interface); (void) (*interface)->Release(interface); break; } CFRunLoopAddSource(CFRunLoopGetCurrent(), runLoopSource, kCFRunLoopDefaultMode); printf("Asynchronous event source added to run loop\n"); bzero(gBuffer, sizeof(gBuffer)); strcpy(gBuffer, kTestMessage); kr = (*interface)->WritePipeAsync(interface, 2, gBuffer, strlen(gBuffer), WriteCompletion, (void *) interface); if (kr != kIOReturnSuccess) Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 42{ printf("Unable to perform asynchronous bulk write (%08x)\n", kr); (void) (*interface)->USBInterfaceClose(interface); (void) (*interface)->Release(interface); break; } #endif //For this test, just use first interface, so exit loop break; } return kr; } When an asynchronous write action is complete, the WriteCompletion function is called by the notification. WriteCompletion then calls the interface function ReadPipeAsync to perform an asynchronous read from the pipe. When the read is complete, control passes to ReadCompletion which simply prints status messages and adds a NULL termination to the global buffer containing the test message read from the device. The WriteCompletion and ReadCompletion functions are shown together in Listing 2-9 (page 43). Listing 2-9 Two asynchronous I/O completion functions void WriteCompletion(void *refCon, IOReturn result, void *arg0) { IOUSBInterfaceInterface **interface = (IOUSBInterfaceInterface **) refCon; UInt32 numBytesWritten = (UInt32) arg0; UInt32 numBytesRead; printf("Asynchronous write complete\n"); if (result != kIOReturnSuccess) { printf("error from asynchronous bulk write (%08x)\n", result); (void) (*interface)->USBInterfaceClose(interface); (void) (*interface)->Release(interface); return; } Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 43printf("Wrote \"%s\" (%ld bytes) to bulk endpoint\n", kTestMessage, numBytesWritten); numBytesRead = sizeof(gBuffer) - 1; //leave one byte at the end for //NULL termination result = (*interface)->ReadPipeAsync(interface, 9, gBuffer, numBytesRead, ReadCompletion, refCon); if (result != kIOReturnSuccess) { printf("Unable to perform asynchronous bulk read (%08x)\n", result); (void) (*interface)->USBInterfaceClose(interface); (void) (*interface)->Release(interface); return; } } void ReadCompletion(void *refCon, IOReturn result, void *arg0) { IOUSBInterfaceInterface **interface = (IOUSBInterfaceInterface **) refCon; UInt32 numBytesRead = (UInt32) arg0; UInt32 i; printf("Asynchronous bulk read complete\n"); if (result != kIOReturnSuccess) { printf("error from async bulk read (%08x)\n", result); (void) (*interface)->USBInterfaceClose(interface); (void) (*interface)->Release(interface); return; } //Check the complement of the buffer’s contents for original data for (i = 0; i < numBytesRead; i++) gBuffer[i] = ~gBuffer[i]; Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 44printf("Read \"%s\" (%ld bytes) from bulk endpoint\n", gBuffer, numBytesRead); } Working With USB Device Interfaces Accessing a USB Device 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 45This table describes the changes to USB Device Interface Guide . Date Notes 2012-01-09 Added information about App Sandbox. 2007-09-04 Made minor corrections. Described how to determine which version of an interface object to use when accessing a USB device or interface. 2007-02-08 2006-04-04 Made minor corrections. Emphasized which type of device interface to get for USB devices and interfaces and clarified definition of composite class device. 2006-03-08 2005-11-09 Made minor corrections. Added information about creating a universal binary for an application that accesses a USB device. 2005-09-08 2005-08-11 Made minor bug fixes. Added information about low latency isochronous transactions and functions. 2005-06-04 Included discussion of USB 2.0 and associated changes to isochronous functions. Changed title from "Working With USB Device Interfaces." 2005-04-29 2004-05-27 Fixed URL for USB Common Class Specification. 2002-11-15 First version. 2012-01-09 | © 2002, 2012 Apple Inc. All Rights Reserved. 46 Document Revision HistoryApple Inc. © 2002, 2012 Apple Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrievalsystem, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Apple Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Apple’s copyright notice. No licenses, express or implied, are granted with respect to any of the technology described in this document. Apple retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Apple-labeled computers. Apple Inc. 1 Infinite Loop Cupertino, CA 95014 408-996-1010 Apple, the Apple logo, Finder, Mac, Macintosh, OS X, Pages, Sand, and Xcode are trademarks of Apple Inc., registered in the U.S. and other countries. Intel and Intel Core are registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. PowerPC and the PowerPC logo are trademarks of International Business Machines Corporation, used under license therefrom. Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.ASARESULT, THISDOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL,OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state. Core Data Model Versioning and Data Migration Programming GuideContents Core Data Model Versioning and Data Migration 5 At a Glance 5 Prerequisites 6 Understanding Versions 7 Model File Format and Versions 10 Lightweight Migration 12 Core Data Must Be Able to Infer the Mapping 12 Request Automatic Migration Using an Options Dictionary 13 Use a Migration Manager if Models Cannot Be Found Automatically 14 Mapping Overview 17 Mapping Model Objects 17 Creating a Mapping Model in Xcode 19 The Migration Process 20 Overview 20 Requirements for the Migration Process 20 Custom Entity Migration Policies 21 Three-Stage Migration 21 Initiating the Migration Process 23 Initiating the Migration Process 23 The Default Migration Process 24 Customizing the Migration Process 26 Is Migration Necessary 26 Initializing a Migration Manager 27 Performing a Migration 28 Multiple Passes—Dealing With Large Datasets 29 Migration and iCloud 30 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 2Document Revision History 31 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 3 ContentsFigures and Listings Understanding Versions 7 Figure 1-1 Recipes models “Version 1.0” 7 Figure 1-2 Recipes model “Version 1.1” 7 Figure 1-3 Recipes model “Version 2.0” 8 Model File Format and Versions 10 Figure 2-1 Initial version of the Core Recipes model 10 Figure 2-2 Version 2 of the Core Recipes model 11 Mapping Overview 17 Figure 4-1 Mapping model for versions 1-2 of the Core Recipes models 19 Initiating the Migration Process 23 Listing 6-1 Opening a store using automatic migration 24 Customizing the Migration Process 26 Listing 7-1 Checking whether migration is necessary 26 Listing 7-2 Initializing a Migration Manager 27 Listing 7-3 Performing a Migration 28 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 4Core Data provides support for managing changes to a managed object model as your application evolves. You can only open a Core Data store using the managed object model used to create it. Changing a model will therefore make it incompatible with (and so unable to open) the stores it previously created. If you change your model, you therefore need to change the data in existing stores to new version—changing the store format is known as migration. To migrate a store, you need both the version of the model used to create it, and the current version of the model you want to migrate to. You can create a versioned model that contains more than one version of a managed object model. Within the versioned model you mark one version as being the current version. Core Data can then use this model to open persistent stores created using any of the model versions, and migrate the stores to the current version. To help Core Data perform the migration, though, you may have to provide information about how to map from one version of the model to another. This information may be in the form of hints within the versioned model itself, or in a separate mapping model file that you create. At a Glance Typically, as it evolves from one version to another, numerous aspects of your application change: the classes you implement, the user interface, the file format, and so on. You need to be aware of and in control of all these aspects; there is no API that solves the problems associated with all these—for example Cocoa does not provide a means to automatically update your user interface if you add a new attribute to an entity in your managed object model. Core Data does not solve all the issues of how you roll out your application. It does, though, provide support for a small—but important and non-trivial—subset of the tasks you must perform as your application evolves. ● Model versioning allows you to specify and distinguish between different configurations of your schema. There are two distinct views of versioning: your perspective as a developer, and Core Data’s perspective. These may not always be the same. The differences are discussed in “Understanding Versions” (page 7). The format of a versioned managed object model, and how you add a version to a model, is discussed in “Model File Format and Versions” (page 10). ● Core Data needs to know how to map from the entities and properties in a source model to the entities and properties in the destination model. 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 5 Core Data Model Versioning and Data MigrationIn many cases, Core Data can infer the mapping from existing versions of the managed object model. This is described in “Lightweight Migration” (page 12). If you make changes to your models such that Core Data cannot infer the mapping from source to destination, you need to create a mapping model. A mapping model parallels a managed object model, specifying how to transform objects in the source into instances appropriate for the destination. How you create a mapping model is discussed in “Mapping Overview” (page 17). ● Data migration allows you to convert data from one model (schema) to another, using mappings. The migration process itself is discussed in “The Migration Process” (page 20). How you perform a migration is discussed in “Initiating the Migration Process” (page 23). You can also customize the migration process—that is, how you programmatically determine whether migration is necessary; how you find the correct source and destination models and the appropriate mapping model to initialize the migration manager; and then how you perform the migration. You only customize the migration process if you want to initiate migration yourself. You might do this to, for example, search locations other than the application’s main bundle for models or to deal with large data sets by performing the migration in several passes using different mapping models. How you can customize the process is described in “Customizing the Migration Process” (page 26). ● If you are using iCloud, there are some constraints on what migration you can perform. If you are using iCloud, you must use lightweight migration. Other factors to be aware of are described in “Migration and iCloud” (page 30). Although Core Data makes versioning and migration easier than would typically otherwise be the case, these processes are still non-trivial in effect. You still need to carefully consider the implications of releasing and supporting different versions of your application. Prerequisites This document assumes that you are familiar with the Core Data architecture and the fundamentals of using Core Data. You should be able to identify the parts of the Core Data stack and understand the roles of the model, the managed object context, and the persistent store coordinator. You need to know how to create a managed object model, how to create and programmatically interact with parts of the Core Data stack. If you do not meet these requirements, you should first read the Core Data Programming Guide and related materials. You are strongly encouraged also to work through the Core Data Utility Tutorial . Core Data Model Versioning and Data Migration Prerequisites 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 6There are two distinct views of versioning: your perspective as a developer, and Core Data’s perspective. These may not always be the same—consider the following models. Figure 1-1 Recipes models “Version 1.0” Recipe Attributes cuisine directions name Relationships chef ingredients Chef Attributes name training Relationships recipes Ingredient Attributes amount name Relationships recipes Figure 1-2 Recipes model “Version 1.1” Recipe Attributes cuisine directions name Relationships chef ingredients Chef Attributes name training Relationships recipes Ingredient Attributes amount name Relationships recipes Recipe changes: • Add validation rules • Change User Info values • Use custom class 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 7 Understanding VersionsFigure 1-3 Recipes model “Version 2.0” Recipe Attributes directions name rating Relationships chef cuisines ingredients Chef Attributes firstName lastName Relationships recipes Ingredient Attributes amount name Relationships recipe Cuisine Attributes name Relationships recipes As a developer, your perspective is typically that a version is denoted by an identifier—a string or number, such as “9A218”, “2.0.7”, or “Version 1.1”. To support this view, managed object models have a set of identifiers (see versionIdentifiers)—typically for a single model you provide a single string (the attribute itself is a set so that if models are merged all the identifiers can be preserved). How the identifier should be interpreted is up to you, whether it represents the version number of the application, the version that was committed prior to going on vacation, or the last submission before it stopped working. Core Data, on the other hand, treats these identifiers simply as “hints”. To understand why, recall that the format of a persistent store is dependent upon the model used to create it, and that to open a persistent store you must have a model that is compatible with that used to create it. Consider then what would happen if you changed the model but not the identifier—for example, if you kept the identifier the same but removed one entity and added two others. To Core Data, the change in the schema is significant, the fact that the identifier did not change is irrelevant. Core Data’s perspective on versioning isthat it is only interested in features of the model that affect persistence. This means that for two models to be compatible: ● For each entity the following attributes must be equal: name, parent, isAbstract, and properties. className, userInfo, and validation predicates are not compared. ● For each property in each entity, the following attributes must be equal: name, isOptional, isTransient, isReadOnly, for attributes attributeType, and for relationships destinationEntity, minCount, maxCount, deleteRule, and inverseRelationship. userInfo and validation predicates are not compared. Notice that Core Data ignores any identifiers you set. In the examples above, Core Data treats version 1.0 (Figure 1-1 (page 7)) and 1.1 (Figure 1-2 (page 7)) as being compatible. Understanding Versions 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 8Rather than enumerating through all the relevant parts of a model, Core Data creates a 32-byte hash digest of the components which it compares for equality (see versionHash (NSEntityDescription) and versionHash (NSPropertyDescription)). These hashes are included in a store’s metadata so that Core Data can quickly determine whether the store format matches that of the managed object model it may use to try to open the store. (When you attempt to open a store using a given model, Core Data compares the version hashes of each of the entities in the store with those of the entities in the model, and if all are the same then the store is opened.) There is typically no reason for you to be interested in the value of a hash. There may, however, be some situations in which you have two versions of a model that Core Data would normally treat as equivalent that you want to be recognized as being different. For example, you might change the name of the class used to represent an entity, or more subtly you might keep the model the same but change the internal format of an attribute such as a BLOB—this is irrelevant to Core Data, but it is crucial for the integrity of your data. To support this, Core Data allows you to set a hash modifier for an entity or property see versionHashModifier (NSEntityDescription) and versionHashModifier (NSPropertyDescription). In the examples above, if you wanted to force Core Data to recognize that “Version 1.0” (Figure 1-1 (page 7)) and “Version 1.1” (Figure 1-2 (page 7)) of your models are different, you could set an entity modifier for the Recipe entity in the second model to change the version hash Core Data creates. Understanding Versions 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 9A managed object model that supports versioning is represented in the filesystem by a .xcdatamodeld document. An .xcdatamodeld document is a file package (see “Document Packages”) that groups versions of the model, each represented by an individual .xcdatamodel file, and an Info.plist file that contains the version information. The model is compiled into a runtime format—a file package with a .momd extension that containsindividually compiled model files with a .mom extension. You load the .momd model bundle using NSManagedObjectModel’s initWithContentsOfURL:. To add a version to a model, you start with a model such as that illustrated in Figure 2-1. Figure 2-1 Initial version of the Core Recipes model 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 10 Model File Format and VersionsTo add a version, select Editor > Add Model Version. In the sheet that appears, you enter the name of the new model version and select the model on which it should be based. To set the new model asthe current version of the model,select the .xcdatamodeld document in the project navigator, then select the new model in the pop-up menu in the Versioned Core Data Model area in the Attributes Inspector (see Figure 2-2). Figure 2-2 Version 2 of the Core Recipes model Model File Format and Versions 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 11If you just make simple changes to your model (such as adding a new attribute to an entity), Core Data can perform automatic data migration, referred to aslightweightmigration. Lightweight migration isfundamentally the same as ordinary migration, except that instead of you providing a mapping model (as described in “Mapping Overview” (page 17)), Core Data infers one from differences between the source and destination managed object models. Lightweight migration is especially convenient during early stages of application development, when you may be changing your managed object model frequently, but you don’t want to have to keep regenerating test data. You can migrate existing data without having to create a custom mapping model for every model version used to create a store that would need to be migrated. A further advantage of using lightweight migration—beyond the fact that you don’t need to create the mapping model yourself—is that if you use an inferred model and you use the SQLite store, then Core Data can perform the migration in situ (solely by issuing SQL statements). This can represent a significant performance benefit as Core Data doesn’t have to load any of your data. Because of this, you are encouraged to use inferred migration where possible, even if the mapping model you might create yourself would be trivial. Core Data Must Be Able to Infer the Mapping To perform automatic lightweight migration, Core Data needs to be able to find the source and destination managed object models itself at runtime. Core Data looks for models in the bundles returned by NSBundle’s allBundles and allFrameworks methods. If you store your models elsewhere, you must follow the steps described in “Use a Migration Manager if Models Cannot Be Found Automatically ” (page 14). Core Data must then analyze the schema changes to persistent entities and properties and generate an inferred mapping model. For Core Data to be able to generate an inferred mapping model, changes must fit an obvious migration pattern, for example: ● Simple addition of a new attribute ● Removal of an attribute ● A non-optional attribute becoming optional ● An optional attribute becoming non-optional, and defining a default value 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 12 Lightweight Migration● Renaming an entity or property If you rename an entity or property, you can set the renaming identifier in the destination model to the name of the corresponding property or entity in the source model. You set the renaming identifier in the managed object model using the Xcode Data Modeling tool’s property inspector (for either an entity or a property). For example, you can: ● Rename a Car entity to Automobile ● Rename a Car’s color attribute to paintColor The renaming identifier creates a “canonical name,” so you should set the renaming identifier to the name of the property in the source model (unless that property already has a renaming identifier). This means you can rename a property in version 2 of a model then rename it again version 3, and the renaming will work correctly going from version 2 to version 3 or from version 1 to version 3. In addition, Core Data supports: ● Adding relationships and changing the type of relationship ● You can add a new relationship or delete an existing relationship. ● Renaming a relationship (by using a renaming identifier, just like an attribute) ● Changing a relationship from a to-one to a to-many, or a non-ordered to-many to ordered (and visa-versa) ● Changing the entity hierarchy ● You can add, remove, rename entities ● You can create a new parent or child entity and move properties up and down the entity hierarchy ● You can move entities out of a hierarchy You cannot, however, merge entity hierarchies; if two existing entities do not share a common parent in the source, they cannot share a common parent in the destination Request Automatic Migration Using an Options Dictionary You request automatic lightweight migration using the options dictionary you pass in addPersistentStoreWithType:configuration:URL:options:error:, by setting values corresponding to both the NSMigratePersistentStoresAutomaticallyOption and the NSInferMappingModelAutomaticallyOption keys to YES: NSError *error = nil; Lightweight Migration Request Automatic Migration Using an Options Dictionary 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 13NSURL *storeURL = <#The URL of a persistent store#>; NSPersistentStoreCoordinator *psc = <#The coordinator#>; NSDictionary *options = [NSDictionary dictionaryWithObjectsAndKeys: [NSNumber numberWithBool:YES], NSMigratePersistentStoresAutomaticallyOption, [NSNumber numberWithBool:YES], NSInferMappingModelAutomaticallyOption, nil]; BOOL success = [psc addPersistentStoreWithType:<#Store type#> configuration:<#Configuration or nil#> URL:storeURL options:options error:&error]; if (!success) { // Handle the error. } If you want to determine in advance whether Core Data can infer the mapping between the source and destination models without actually doing the work of migration, you can use NSMappingModel’s inferredMappingModelForSourceModel:destinationModel:error: method. Thisreturnsthe inferred model if Core Data is able to create it, otherwise nil. Use a Migration Manager if Models Cannot Be Found Automatically To perform automatic migration, Core Data has to be able to find the source and destination managed object models itself at runtime (see “Core Data Must Be Able to Infer the Mapping” (page 12)). If you need to put your models in the locations not checked by automatic discovery, then you need to generate the inferred model and initiate the migration yourself using a migration manager (an instance of NSMigrationManager). The following code sample illustrates how to generate an inferred model and initiate the migration using a migration manager. The code assumes that you have implemented two methods—sourceModel and destinationModel—that return the source and destination managed object models respectively. - (BOOL)migrateStore:(NSURL *)storeURL toVersionTwoStore:(NSURL *)dstStoreURL error:(NSError **)outError { // Try to get an inferred mapping model. NSMappingModel *mappingModel = [NSMappingModel inferredMappingModelForSourceModel:[self sourceModel] destinationModel:[self destinationModel] error:outError]; Lightweight Migration Use a Migration Manager if Models Cannot Be Found Automatically 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 14// If Core Data cannot create an inferred mapping model, return NO. if (!mappingModel) { return NO; } // Create a migration manager to perform the migration. NSMigrationManager *manager = [[NSMigrationManager alloc] initWithSourceModel:[self sourceModel] destinationModel:[self destinationModel]]; BOOL success = [manager migrateStoreFromURL:storeURL type:NSSQLiteStoreType options:nil withMappingModel:mappingModel toDestinationURL:dstStoreURL destinationType:NSSQLiteStoreType destinationOptions:nil error:outError]; return success; } Lightweight Migration Use a Migration Manager if Models Cannot Be Found Automatically 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 15Note: Prior to OS X v10.7 and iOS 4, you need to use a store-specific migration manager to perform lightweight migration. You get the migration manager for a given persistent store type using migrationManagerClass, as illustrated in the following example. - (BOOL)migrateStore:(NSURL *)storeURL toVersionTwoStore:(NSURL *)dstStoreURL error:(NSError **)outError { // Try to get an inferred mapping model. NSMappingModel *mappingModel = [NSMappingModel inferredMappingModelForSourceModel:[self sourceModel] destinationModel:[self destinationModel] error:outError]; // If Core Data cannot create an inferred mapping model, return NO. if (!mappingModel) { return NO; } // Get the migration manager class to perform the migration. NSValue *classValue = [[NSPersistentStoreCoordinator registeredStoreTypes] objectForKey:NSSQLiteStoreType]; Class sqliteStoreClass = (Class)[classValue pointerValue]; Class sqliteStoreMigrationManagerClass = [sqliteStoreClass migrationManagerClass]; NSMigrationManager *manager = [[sqliteStoreMigrationManagerClass alloc] initWithSourceModel:[self sourceModel] destinationModel:[self destinationModel]]; BOOL success = [manager migrateStoreFromURL:storeURL type:NSSQLiteStoreType options:nil withMappingModel:mappingModel toDestinationURL:dstStoreURL destinationType:NSSQLiteStoreType destinationOptions:nil error:outError]; return success; } Lightweight Migration Use a Migration Manager if Models Cannot Be Found Automatically 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 16In many cases, Core Data may be able to infer how to transform data from one schema to another (see “Lightweight Migration” (page 12). If Core Data cannot infer the mapping from one model to another, you need a definition of how to perform the transformation. This information is captured in a mapping model. A mapping model is a collection of objects that specifies the transformations that are required to migrate part of a store from one version of your model to another (for example, that one entity is renamed, an attribute is added to another, and a third split into two). You typically create a mapping model in Xcode. Much as the managed object model editor allows you to graphically create the model, the mapping model editor allows you to customize the mappings between the source and destination entities and properties. Mapping Model Objects Like a managed object model, a mapping model is a collection of objects. Mapping model classes parallel the managed object model classes—there are mapping classes for a model, an entity, and a property (NSMappingModel, NSEntityMapping, and NSPropertyMapping respectively). ● An instance of NSEntityMapping specifies a source entity, a destination entity (the type of object to create to correspond to the source object) and mapping type (add, remove, copy as is, or transform). ● An instance of NSPropertyMapping specifiesthe name of the property in the source and in the destination entity, and a value expression to create the value for the destination property. The model does not contain instances of NSEntityMigrationPolicy or any of its subclasses, however amongst other attributes instance of NSEntityMapping can specify the name of an entity migration policy class (a subclass of NSEntityMigrationPolicy) to use to customize the migration. For more about entity migration policy classes, see “Custom Entity Migration Policies” (page 21). You can handle simple property migration changes by configuring a custom value expression on a property mapping directly in the mapping model editor in Xcode. For example, you can: ● Migrate data from one attribute to another. To rename amount to totalCost, enter the custom value expression for the totalCost property mapping as $source.amount. ● Apply a value transformation on a property. 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 17 Mapping OverviewTo convert temperature from Fahrenheit to Celsius, use the custom value expression ($source.temperature - 32.0) / 1.8. ● Migrate objects from one relationship to another. To rename trades to transactions, enter the custom value expression for the transactions property mapping as FUNCTION($manager, "destinationInstancesForEntityMappingNamed:sourceInstances:", "TradeToTrade", $source.trades). (This assumes the entity mapping that migrates Trade instances is named TradeToTrade.) There are six predefined keys you can reference in custom value expressions. To access these keys in source code, you use the constants as declared. To access them in custom value expression strings in the mapping model editor in Xcode, follow the syntax rules outlined in the predicate format string syntax guide and refer to them as: NSMigrationManagerKey: $manager NSMigrationSourceObjectKey: $source NSMigrationDestinationObjectKey: $destination NSMigrationEntityMappingKey: $entityMapping NSMigrationPropertyMappingKey: $propertyMapping NSMigrationEntityPolicyKey: $entityPolicy Mapping Overview Mapping Model Objects 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 18Creating a Mapping Model in Xcode From the File menu, you select New File and in the New File pane select Design > Mapping Model. In the following pane, you select the source and destination models. When you click Finish, Xcode creates a new mapping model that contains as many default mappings as it can deduce from the source and destination. For example, given the model files shown in Figure 1-1 (page 7) and Figure 1-2 (page 7), Xcode creates a mapping model as shown in Figure 4-1. Figure 4-1 Mapping model for versions 1-2 of the Core Recipes models Reserved words in custom value expressions: If you use a custom value expression, you must escape reserved words such as SIZE, FIRST, and LAST using a # (for example, $source.#size). Mapping Overview Creating a Mapping Model in Xcode 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 19During migration, Core Data creates two stacks, one for the source store and one for the destination store. Core Data then fetches objects from the source stack and inserts the appropriate corresponding objects into the destination stack. Note that Core Data must re-create objects in the new stack. Overview Recall that stores are bound to their models. Migration is required when the model doesn't match the store. There are two areas where you get default functionality and hooks for customizing the default behavior: ● When detecting version skew and initializing the migration process. ● When performing the migration process. To perform the migration processrequirestwo Core Data stacks—which are automatically created for you—one for the source store, one for the destination store. The migration process is performed in 3 stages, copying objects from one stack to another. Requirements for the Migration Process Migration of a persistent store is performed by an instance of NSMigrationManager. To migrate a store, the migration manager requires several things: ● The managed object model for the destination store. This is the persistent store coordinator’s model. ● A managed object model that it can use to open the existing store. ● Typically, a mapping model that defines a transformation from the source (the store’s) model to the destination model. You don’t need a mapping model if you’re able to use lightweight migration—see “Lightweight Migration” (page 12). 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 20 The Migration ProcessYou can specify custom entity migration policy classes to customize the migration of individual entities. You specify custom migration policy classesin the mapping model (note the “Custom Entity Policy Name” text field in Figure 4-1 (page 19)). Custom Entity Migration Policies If your new model simply adds properties or entities to your existing model, there may be no need to write any custom code. If the transformation is more complex, however, you might need to create a subclass of NSEntityMigrationPolicy to perform the transformation; for example: ● If you have a Person entity that also includes address information that you want to split into a separate Address entity, but you want to ensure uniqueness of each Address. ● If you have an attribute that encodes data in a string format that you want to change to a binary representation. The methods you override in a custom migration policy correspond to the different phases of the migration process—these are called out in the description of the process given in “Three-Stage Migration.” Three-Stage Migration The migration process itself is in three stages. It uses a copy of the source and destination models in which the validation rules are disabled and the class of all entities is changed to NSManagedObject. To perform the migration, Core Data sets up two stacks, one for the source store and one for the destination store. Core Data then processes each entity mapping in the mapping model in turn. It fetches objects of the current entity into the source stack, creates the corresponding objects in the destination stack, then recreates relationships between destination objects in a second stage, before finally applying validation constraints in the final stage. Before a cycle starts, the entity migration policy responsible for the current entity is sent a beginEntityMapping:manager:error: message. You can override this method to perform any initialization the policy requires. The process then proceeds as follows: 1. Create destination instances based on source instances. At the beginning of this phase, the entity migration policy is sent a createDestinationInstancesForSourceInstance:entityMapping:manager:error:message; at the end it is sent a endInstanceCreationForEntityMapping:manager:error: message. In this stage, only attributes (not relationships) are set in the destination objects. The Migration Process Custom Entity Migration Policies 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 21Instances of the source entity are fetched. For each instance, appropriate instances of the destination entity are created (typically there is only one) and their attributes populated (for trivial cases, name = $source.name). A record is kept of the instances per entity mapping since this may be useful in the second stage. 2. Recreate relationships. At the beginning of this phase, the entity migration policy is sent a createRelationshipsForDestinationInstance:entityMapping:manager:error: message; at the end it is sent a endRelationshipCreationForEntityMapping:manager:error: message. For each entity mapping (in order), for each destination instance created in the first step any relationships are recreated. 3. Validate and save. In this phase, the entity migration policy is sent a performCustomValidationForEntityMapping:manager:error: message. Validation rules in the destination model are applied to ensure data integrity and consistency, and then the store is saved. At the end of the cycle, the entity migration policy issent an endEntityMapping:manager:error: message. You can override this method to perform any clean-up the policy needs to do. Note that Core Data cannot simply fetch objects into the source stack and insert them into the destination stack, the objects must be re-created in the new stack. Core Data maintains “association tables” which tell it which object in the destination store isthe migrated version of which object in the source store, and vice-versa. Moreover, because it doesn't have a means to flush the contexts it is working with, you may accumulate many objects in the migration manager as the migration progresses. If this presents a significant memory overhead and hence gives rise to performance problems, you can customize the process as described in “Multiple Passes—Dealing With Large Datasets” (page 29). The Migration Process Three-Stage Migration 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 22This chapter describes how to initiate the migration process and how the default migration process works. It does not describe customizing the migration process—this is described in “Customizing the Migration Process” (page 26). Initiating the Migration Process When you initialize a persistent store coordinator, you assign to it a managed object model (see initWithManagedObjectModel:); the coordinator uses that model to open persistent stores. You open a persistent store using addPersistentStoreWithType:configuration:URL:options:error:. How you use this method, however, depends on whether your application uses model versioning and on how you choose to support migration—whether you choose to use the default migration process or custom version skew detection and migration bootstrapping. The following list describes different scenarios and what you should do in each: ● Your application does not support versioning You use addPersistentStoreWithType:configuration:URL:options:error: directly. If for some reason the coordinator’s model is not compatible with the store schema (that is, the version hashes current model’s entities do not equal those in the store’s metadata), the coordinator detects this, generates an error, and addPersistentStoreWithType:configuration:URL:options:error: returns NO. You must deal with this error appropriately. ● Your application does support versioning and you choose to use either the lightweight or the default migration process You use addPersistentStoreWithType:configuration:URL:options:error: as described in “Lightweight Migration” (page 12) and “The Default Migration Process” (page 24) respectively. The fundamental difference from the non-versioned approach is that you instruct the coordinator to automatically migrate the store to the current model version by adding an entry to the options dictionary where the key is NSMigratePersistentStoresAutomaticallyOption and the value is an NSNumber object that represents YES. ● Your application does support versioning and you choose to use custom version skew detection and migration bootstrapping 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 23 Initiating the Migration ProcessBefore opening a store you use isConfiguration:compatibleWithStoreMetadata: to check whether its schema is compatible with the coordinator’s model: ● If it is, you use addPersistentStoreWithType:configuration:URL:options:error: to open the store directly; ● If it is not, you must migrate the store first then open it (again using addPersistentStoreWithType:configuration:URL:options:error:). You could simply use addPersistentStoreWithType:configuration:URL:options:error: to check whether migration is required, however this is a heavyweight operation and inefficient for this purpose. It is important to realize that there are two orthogonal concepts: 1. You can execute custom code during the migration. 2. You can have custom code for version skew detection and migration bootstrapping. The migration policy classes allow you to customize the migration of entities and properties in a number of ways, and these are typically all you need. You might, however, use custom skew detection and migration bootstrapping so that you can take control of the migration process. For example, if you have very large stores you could set up a migration manager with the two data models, and then use a series of mapping models to migrate your data into your destination store (if you use the same destination URL for each invocation, Core Data adds new objects to the existing store). This allows the framework (and you) to limit the amount of data in memory during the conversion process. The Default Migration Process To open a store and perform migration (if necessary), you use addPersistentStoreWithType:configuration:URL:options:error: and add to the options dictionary an entry where the key is NSMigratePersistentStoresAutomaticallyOption and the value is an NSNumber object that represents YES. Your code looks similar to the following example: Listing 6-1 Opening a store using automatic migration NSError *error; NSPersistentStoreCoordinator *psc = <#The coordinator#>; NSURL *storeURL = <#The URL of a persistent store#>; NSDictionary *optionsDictionary = [NSDictionary dictionaryWithObject:[NSNumber numberWithBool:YES] Initiating the Migration Process The Default Migration Process 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 24forKey:NSMigratePersistentStoresAutomaticallyOption]; NSPersistentStore *store = [psc addPersistentStoreWithType:<#Store type#> configuration:<#Configuration or nil#> URL:storeURL options:optionsDictionary error:&error]; If the migration proceeds successfully, the existing store at storeURL is renamed with a “~” suffix before any file extension and the migrated store saved to storeURL. In its implementation of addPersistentStoreWithType:configuration:URL:options:error: Core Data does the following: 1. Tries to find a managed object model that it can use to open the store. Core Data searches through your application’s resources for models and tests each in turn. If it cannot find a suitable model, Core Data returns nil and a suitable error. 2. Tries to find a mapping model that maps from the managed object model for the existing store to that in use by the persistent store coordinator. Core Data searches through your application’s resources for available mapping models and tests each in turn. If it cannot find a suitable mapping, Core Data returns NO and a suitable error. Note that you must have created a suitable mapping model in order for this phase to succeed. 3. Creates instances of the migration policy objects required by the mapping model. Note that even if you use the default migration process you can customize the migration itself using custom migration policy classes. Initiating the Migration Process The Default Migration Process 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 25You only customize the migration process if you want to initiate migration yourself. You might do this to, for example, to search for models in locations other than the application’s main bundle, or to deal with large data sets by performing the migration in several passes using different mapping models (see “Multiple Passes—Dealing With Large Datasets” (page 29)). Is Migration Necessary Before you initiate a migration process, you should first determine whether it is necessary. You can check with NSManagedObjectModel’s isConfiguration:compatibleWithStoreMetadata: asillustrated in Listing 7-1 (page 26). Listing 7-1 Checking whether migration is necessary NSPersistentStoreCoordinator *psc = /* get a coordinator */ ; NSString *sourceStoreType = /* type for the source store, or nil if not known */ ; NSURL *sourceStoreURL = /* URL for the source store */ ; NSError *error = nil; NSDictionary *sourceMetadata = [NSPersistentStoreCoordinator metadataForPersistentStoreOfType:sourceStoreType URL:sourceStoreURL error:&error]; if (sourceMetadata == nil) { // deal with error } NSString *configuration = /* name of configuration, or nil */ ; NSManagedObjectModel *destinationModel = [psc managedObjectModel]; BOOL pscCompatibile = [destinationModel 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 26 Customizing the Migration ProcessisConfiguration:configuration compatibleWithStoreMetadata:sourceMetadata]; if (pscCompatibile) { // no need to migrate } Initializing a Migration Manager You initialize a migration manager using initWithSourceModel:destinationModel:; you therefore first need to find the appropriate model for the store. You get the model for the store using NSManagedObjectModel’s mergedModelFromBundles:forStoreMetadata:. If this returns a suitable model, you can create the migration manager as illustrated in Listing 7-2 (page 27) (this code fragment continues from Listing 7-1 (page 26)). Listing 7-2 Initializing a Migration Manager NSArray *bundlesForSourceModel = /* an array of bundles, or nil for the main bundle */ ; NSManagedObjectModel *sourceModel = [NSManagedObjectModel mergedModelFromBundles:bundlesForSourceModel forStoreMetadata:sourceMetadata]; if (sourceModel == nil) { // deal with error } MyMigrationManager *migrationManager = [[MyMigrationManager alloc] initWithSourceModel:sourceModel destinationModel:destinationModel]; Customizing the Migration Process Initializing a Migration Manager 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 27Performing a Migration You migrate a store using NSMigrationManager’s migrateStoreFromURL:type:options:withMappingModel:toDestinationURL:destinationType:destinationOptions:error:. To use this method you need to marshal a number of parameters; most are straightforward, the only one that requires some work is the discovery of the appropriate mapping model (which you can retrieve using NSMappingModel’s mappingModelFromBundles:forSourceModel:destinationModel:method). This is illustrated in Listing 7-3 (page 28) (a continuation of the example shown in Listing 7-2 (page 27)). Listing 7-3 Performing a Migration NSArray *bundlesForMappingModel = /* an array of bundles, or nil for the main bundle */ ; NSError *error = nil; NSMappingModel *mappingModel = [NSMappingModel mappingModelFromBundles:bundlesForMappingModel forSourceModel:sourceModel destinationModel:destinationModel]; if (mappingModel == nil) { // deal with the error } NSDictionary *sourceStoreOptions = /* options for the source store */ ; NSURL *destinationStoreURL = /* URL for the destination store */ ; NSString *destinationStoreType = /* type for the destination store */ ; NSDictionary *destinationStoreOptions = /* options for the destination store */ ; BOOL ok = [migrationManager migrateStoreFromURL:sourceStoreURL type:sourceStoreType options:sourceStoreOptions withMappingModel:mappingModel toDestinationURL:destinationStoreURL destinationType:destinationStoreType destinationOptions:destinationStoreOptions Customizing the Migration Process Performing a Migration 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 28error:&error]; Multiple Passes—Dealing With Large Datasets The basic approach shown above is to have the migration manager take two models, and then iterate over the steps (mappings) provided in a mapping model to move the data from one side to the next. Because Core Data performs a "three stage" migration—where it creates all of the data first, and then relates the data in a second stage—it must maintain “association tables" (which tell it which object in the destination store is the migrated version of which object in the source store, and vice-versa). Further, because it doesn't have a means to flush the contexts it is working with, it means you'll accumulate many objects in the migration manager as the migration progresses. In order to address this, the mapping model is given as a parameter of the migrateStoreFromURL:type:options:withMappingModel:toDestinationURL:destinationType:destinationOptions:error: call itself. What this means is that if you can segregate parts of your graph (as far as mappings are concerned) and create them in separate mapping models, you could do the following: 1. Get the source and destination data models 2. Create a migration manager with them 3. Find all of your mapping models, and put them into an array (in some defined order, if necessary) 4. Loop through the array, and call migrateStoreFromURL:type:options:withMappingModel:toDestinationURL:destinationType:destinationOptions:error: with each of the mappings This allows you to migrate "chunks" of data at a time, while not pulling in all of the data at once. From a "tracking/showing progress” point of view, that basically just creates another layer to work from, so you'd be able to determine percentage complete based on number of mapping models to iterate through (and then further on the number of entity mappings in a model you've already gone through). Customizing the Migration Process Multiple Passes—Dealing With Large Datasets 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 29If you are using iCloud, you can only migrate the contents of a store using automatic lightweight migration. To migrate a persistent store that is in iCloud, you add the store to a persistent store coordinator using addPersistentStoreWithType:configuration:URL:options:error: and pass at least the following options in the options dictionary: NSDictionary *optionsDictionary = [[NSDictionary alloc] initWithObjectsAndKeys: [NSNumber numberWithBool:YES], NSInferMappingModelAutomaticallyOption, [NSNumber numberWithBool:YES], NSMigratePersistentStoresAutomaticallyOption, <#Ubiquitous content name#>, NSPersistentStoreUbiquitousContentNameKey, nil]; Changes to a store are recorded and preserved independently for each model version that is associated with a given NSPersistentStoreUbiquitousContentNameKey. A persistent store configured with a given NSPersistentStoreUbiquitousContentNameKey only syncs data with a store on another device data if the model versions match. If you migrate a persistent store configured with a NSPersistentStoreUbiquitousContentNameKey option to a new model version, the store’s history of changes originating from the current device will also be migrated and then merged with any other devices configured with that new model version. Any changes from stores using the new version are also merged in. Existing changes can not, however, be migrated to a new model version if the migration is performed using a custom mapping model. 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 30 Migration and iCloudThis table describes the changes to Core Data Model Versioning and Data Migration Programming Guide . Date Notes 2012-01-09 Updated to describe use of migration with iCloud. 2010-02-24 Added further details to the section on Mapping Model Objects. 2009-06-04 Added an article to describe the lightweight migration feature. 2009-03-05 First version for iOS. 2008-02-08 Added a note about migrating stores from OS X v10.4 (Tiger). New document that describes managed object model versioning and Core Data migration. 2007-05-18 2012-01-09 | © 2012 Apple Inc. All Rights Reserved. 31 Document Revision HistoryApple Inc. © 2012 Apple Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrievalsystem, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Apple Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Apple’s copyright notice. No licenses, express or implied, are granted with respect to any of the technology described in this document. Apple retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Apple-labeled computers. Apple Inc. 1 Infinite Loop Cupertino, CA 95014 408-996-1010 Apple, the Apple logo, Cocoa, Mac, OS X, Tiger, and Xcode are trademarks of Apple Inc., registered in the U.S. and other countries. iCloud is a service mark of Apple Inc., registered in the U.S. and other countries. iOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license. Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.ASARESULT, THISDOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL,OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state. Kernel Programming GuideContents About This Document 9 Who Should Read This Document 9 Road Map 9 Other Apple Publications 11 Mach API Reference 11 Information on the Web 12 Keep Out 13 Why You Should Avoid Programming in the Kernel 13 Kernel Architecture Overview 14 Darwin 15 Architecture 16 Mach 17 BSD 18 I/O Kit 19 Kernel Extensions 19 The Early Boot Process 21 Boot ROM 21 The Boot Loader 21 Rooting 22 Security Considerations 24 Security Implications of Paging 25 Buffer Overflows and Invalid Input 26 User Credentials 27 Basic User Credentials 28 Access Control Lists 29 Remote Authentication 29 One-Time Pads 30 Time-based authentication 30 Temporary Files 31 /dev/mem and /dev/kmem 31 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 2Key-based Authentication and Encryption 32 Public Key Weaknesses 33 Using Public Keys for Message Exchange 35 Using Public Keys for Identity Verification 35 Using Public Keys for Data Integrity Checking 35 Encryption Summary 36 Console Debugging 36 Code Passing 37 Performance Considerations 39 Interrupt Latency 39 Locking Bottlenecks 40 Working With Highly Contended Locks 40 Reducing Contention by Decreasing Granularity 41 Code Profiling 42 Using Counters for Code Profiling 42 Lock Profiling 43 Kernel Programming Style 45 C++ Naming Conventions 45 Basic Conventions 45 Additional Guidelines 46 Standard C Naming Conventions 47 Commonly Used Functions 48 Performance and Stability Tips 50 Performance and Stability Tips 50 Stability Tips 52 Style Summary 52 Mach Overview 53 Mach Kernel Abstractions 53 Tasks and Threads 54 Ports, Port Rights, Port Sets, and Port Namespaces 55 Memory Management 57 Interprocess Communication (IPC) 58 IPC Transactions and Event Dispatching 59 Message Queues 59 Semaphores 59 Notifications 60 Locks 60 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 3 ContentsRemote Procedure Call (RPC) Objects 60 Time Management 60 Memory and Virtual Memory 61 OS X VM Overview 61 Memory Maps Explained 63 Named Entries 64 Universal Page Lists (UPLs) 65 Using Mach Memory Maps 66 Other VM and VM-Related Subsystems 68 Pagers 68 Working Set Detection Subsystem 69 VM Shared Memory Server Subsystem 69 Address Spaces 70 Background Info on PCI Address Translation 70 IOMemoryDescriptor Changes 71 VM System and pmap Changes: 72 Kernel Dependency Changes 72 Summary 72 Allocating Memory in the Kernel 73 Allocating Memory From a Non-I/O-Kit Kernel Extension 73 Allocating Memory From the I/O Kit 74 Allocating Memory In the Kernel Itself 75 Mach Scheduling and Thread Interfaces 77 Overview of Scheduling 77 Why Did My Thread Priority Change? 78 Using Mach Scheduling From User Applications 79 Using the pthreads API to Influence Scheduling 79 Using the Mach Thread API to Influence Scheduling 80 Using the Mach Task API to Influence Scheduling 83 Kernel Thread APIs 85 Creating and Destroying Kernel Threads 85 SPL and Friends 86 Wait Queues and Wait Primitives 87 Bootstrap Contexts 91 How Contexts Affect Users 92 How Contexts Affect Developers 93 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 4 ContentsI/O Kit Overview 94 Redesigning the I/O Model 94 I/O Kit Architecture 96 Families 96 Drivers 97 Nubs 97 Connection Example 98 For More Information 100 BSD Overview 101 BSD Facilities 102 Differences between OS X and BSD 103 For Further Reading 104 File Systems Overview 106 Working With the File System 106 VFS Transition 107 Network Architecture 108 Boundary Crossings 109 Security Considerations 110 Choosing a Boundary Crossing Method 110 Kernel Subsystems 111 Bandwidth and Latency 111 Mach Messaging and Mach Interprocess Communication (IPC) 112 Using Well-Defined Ports 113 Remote Procedure Calls (RPC) 113 Calling RPC From User Applications 116 BSD syscall API 116 BSD ioctl API 116 BSD sysctl API 117 General Information on Adding a sysctl 118 Adding a sysctl Procedure Call 118 Registering a New Top Level sysctl 121 Adding a Simple sysctl 122 Calling a sysctl From User Space 123 Memory Mapping and Block Copying 125 Summary 127 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 5 ContentsSynchronization Primitives 128 Semaphores 128 Condition Variables 130 Locks 132 Spinlocks 132 Mutexes 134 Read-Write Locks 136 Spin/Sleep Locks 138 Using Lock Functions 139 Miscellaneous Kernel Services 142 Using Kernel Time Abstractions 142 Obtaining Time Information 142 Event and Timer Waits 143 Handling Version Dependencies 145 Boot Option Handling 146 Queues 147 Installing Shutdown Hooks 148 Kernel Extension Overview 150 Implementation of a Kernel Extension (KEXT) 151 Kernel Extension Dependencies 151 Building and Testing Your Extension 152 Debugging Your KEXT 153 Installed KEXTs 154 Building and Debugging Kernels 155 Adding New Files or Modules 155 Modifying the Configuration Files 155 Modifying the Source Code Files 157 Building Your First Kernel 158 Building an Alternate Kernel Configuration 160 When Things Go Wrong: Debugging the Kernel 161 Setting Debug Flags in Open Firmware 161 Avoiding Watchdog Timer Problems 163 Choosing a Debugger 164 Using gdb for Kernel Debugging 164 Using ddb for Kernel Debugging 169 Bibliography 175 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 6 ContentsApple OS X Publications 175 General UNIX and Open Source Resources 175 BSD and UNIX Internals 176 Mach 177 Networking 178 Operating Systems 179 POSIX 179 Programming 179 Websites and Online Resources 180 Security and Cryptography 181 Document Revision History 182 Glossary 184 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 7 ContentsFigures, Tables, and Listings Kernel Architecture Overview 14 Figure 3-1 OS X architecture 14 Figure 3-2 Darwin and OS X 15 Figure 3-3 OS X kernel architecture 16 Kernel Programming Style 45 Table 7-1 Commonly used C functions 49 Mach Scheduling and Thread Interfaces 77 Table 10-1 Thread priority bands 77 Table 10-2 Thread policies 81 Table 10-3 Task roles 83 I/O Kit Overview 94 Figure 12-1 I/O Kit architecture 98 Synchronization Primitives 128 Listing 17-1 Allocating lock attributes and groups (lifted liberally from kern_time.c) 139 Building and Debugging Kernels 155 Table 20-1 Debugging flags 163 Table 20-2 Switch options in ddb 171 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 8The purpose of this document is to provide fundamental high-level information about the OS X core operating-system architecture. It also provides background for system programmers and developers of device drivers, file systems, and network extensions. In addition, it goes into detail about topics of interest to kernel programmers as a whole. This is not a document on drivers. It covers device drivers at a high level only. It does, however, cover some areas of interest to driver writers, such as crossing the user-kernel boundary. If you are writing device drivers, you should primarily read the document I/O Kit Fundamentals, but you may still find this document helpful as background reading. Who Should Read This Document This document has a wide and diverse audience—specifically, the set of potential system software developers for OS X, including the following sorts of developers: ● device-driver writers ● network-extension writers ● file-system writers ● developers of software that modifies file system data on-the-fly ● system programmers familiar with BSD, Linux, and similar operating systems ● developers who want to learn about kernel programming If you fall into one of these categories, you may find this document helpful. It is important to stress the care needed when writing code that resides in the kernel, however, as noted in “Keep Out” (page 13). Road Map The goal of this document is to describe the various major components of OS X at a conceptual level, then provide more detailed programming information for developers working in each major area. It is divided into several parts. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 9 About This DocumentThe first part is a kernel programming overview, which discusses programming guidelines that apply to all aspects of kernel programming. This includes issues such as security, SMP safety, style, performance, and the OS X kernel architecture as a whole. This part contains the chapters “Keep Out” (page 13), “Kernel Architecture Overview” (page 14), “The Early Boot Process” (page 21), “Security Considerations” (page 24), “Performance Considerations” (page 39), and “Kernel Programming Style” (page 45). The next part describes Mach and the bootstrap task, including information about IPC, bootstrap contexts, ports and port rights, and so on. This includes the chapters “Mach Overview” (page 53), “Memory and Virtual Memory” (page 61), “Mach Scheduling and Thread Interfaces” (page 77), and “Bootstrap Contexts” (page 91). The third part describes the I/O Kit and BSD. The I/O Kit is described at only a high level, since it is primarily of interest to driver developers. The BSD subsystem is covered in more detail, including descriptions of BSD networking and file systems. This includes the chapters “I/O Kit Overview” (page 94), “BSD Overview” (page 101), “File Systems Overview” (page 106), and “Network Architecture” (page 108). The fourth part describes kernelservices, including boundary crossings,synchronization, queues, clocks, timers, shutdown hooks, and boot option handling. This includes the chapters “Boundary Crossings” (page 109), “Synchronization Primitives” (page 128), and “Miscellaneous Kernel Services” (page 142). The fifth part explains how to build and debug the kernel and kernel extensions. This includes the chapters “Kernel Extension Overview” (page 150) and “Building and Debugging Kernels” (page 155). Each part begins with an overview chapter or chapters, followed by chapters that address particular areas of interest. The document ends with a glossary of terms used throughout the preceding chapters as well as a bibliography which provides numerous pointers to other reference materials. Glossary terms are highlighted in bold when first used. While most terms are defined when they first appear, the definitions are all in the glossary for convenience. If a term seems familiar, it probably means what you think it does. If it’s unfamiliar, check the glossary. In any case, all readers may want to skim through the glossary, in case there are subtle differences between OS X usage and that of other operating systems. The goal of this document is very broad, providing a firm grounding in the fundamentals of OS X kernel programming for developers from many backgrounds. Due to the complex nature of kernel programming and limitations on the length of this document, however, it is not always possible to provide introductory material for developers who do not have at least some background in their area of interest. It is also not possible to cover every detail of certain parts of the kernel. If you run into problems, you should join the appropriate Darwin discussion list and ask questions. You can find the lists at http://www.lists.apple.com/. For this reason, the bibliography contains high-level references that should help familiarize you with some of the basic concepts that you need to understand fully the material in this document. About This Document Road Map 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 10This document is, to a degree, a reference document. The introductory sections should be easily read, and we recommend that you do so in order to gain a general understanding of each topic. Likewise, the first part of each chapter, and in many cases, of sections within chapters, will be tailored to providing a general understanding of individual topics. However, you should not plan to read this document cover to cover, but rather, take note of topics of interest so that you can refer back to them when the need arises. Other Apple Publications This document, Kernel Programming , is part of the Apple Reference Library. Be sure to read the first document in the series, Mac Technology Overview, if you are not familiar with OS X. You can obtain other documents from the Apple Developer Documentation website at http://developer.apple.com/documentation. Mach API Reference If you plan to do extensive work inside the OS X kernel, you may find it convenient to have a complete Mach API reference, since this document only documents the most common and useful portions of the Mach API. In order to better understand certain interfaces, it may also be helpful to study the implementations that led up to those used in OS X, particularly to fill in gaps in understanding of the fundamental principles of the implementation. OS X is based on the Mach 3.0 microkernel, designed by Carnegie Mellon University, and later adapted to the Power Macintosh by Apple and the Open Software Foundation Research Institute (now part of Silicomp). This was known as osfmk, and was part of MkLinux (http://www.mklinux.org). Later, this and code from OSF’s commercial development efforts were incorporated into Darwin’s kernel. Throughout this evolutionary process, the Mach APIs used in OS X diverged in many ways from the original CMU Mach 3 APIs. You may find older versions of the Mach source code interesting, both to satisfy historical curiosity and to avoid remaking mistakes made in earlier implementations. MkLinux maintains an active CVS repository with their recent versions of Mach kernel source code. Older versions can be obtained through various Internet sites. You can also find CMU Mach white papers by searching for Mach on the CMU computer science department’s website (http://www.cs.cmu.edu), along with various source code samples. Up-to-date versions of the Mach 3 APIsthat OS X provides are described in the Mach API reference in the kernel sources. The kernel sources can be found in the xnu project on http://kernel.macosforge.org/. About This Document Other Apple Publications 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 11Information on the Web Apple maintains several websites where developers can go for general and technical information on OS X. ● Apple Developer Connection: Developer Documentation (http://developer.apple.com/documentation). Features the same documentation that is installed on OS X, except that often the documentation is more up-to-date. Also includes legacy documentation. ● Apple Developer Connection: OS X (http://developer.apple.com/devcenter/mac/). Offers SDKs, release notes, product notes and news, and other resources and information related to OS X. ● AppleCare Tech Info Library (http://www.apple.com/support/). Contains technical articles, tutorials, FAQs, technical notes, and other information. About This Document Information on the Web 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 12This document assumes a broad general understanding of kernel programming concepts. There are many good introductory operating systems texts. This is not one of them. For more information on basic operating systems programming, you should consider the texts mentioned in the bibliography at the end of this document. Many developers are justifiably cautious about programming in the kernel. A decision to program in the kernel is not to be taken lightly. Kernel programmers have a responsibility to users that greatly surpasses that of programmers who write user programs. Why You Should Avoid Programming in the Kernel Kernel code must be nearly perfect. A bug in the kernel could cause random crashes, data corruption, or even render the operating system inoperable. It is even possible for certain errant operations to cause permanent and irreparable damage to hardware, for example, by disabling the cooling fan and running the CPU full tilt. Kernel programming is a black art that should be avoided if at all possible. Fortunately, kernel programming is usually unnecessary. You can write most software entirely in user space. Even most device drivers (FireWire and USB, for example) can be written as applications, rather than as kernel code. A few low-level drivers must be resident in the kernel's address space, however, and this document might be marginally useful if you are writing drivers that fall into this category. Despite parts of this document being useful in driver writing, this is not a document about writing drivers. In OS X, you write device drivers using the I/O Kit. While this document covers the I/O Kit at a conceptual level, the details of I/O Kit programming are beyond the scope of this document. Driver writers are encouraged to read I/O Kit Fundamentals for detailed information about the I/O Kit. This document covers most aspects of kernel programmingwith the exception of device drivers. Covered topics include scheduling, virtual memory pagers and policies, Mach IPC, file systems, networking protocol stacks, process and thread management, kernel security, synchronization, and a number of more esoteric topics. To summarize, kernel programming is an immense responsibility. You must be exceptionally careful to ensure that your code does not cause the system to crash, does not provide any unauthorized user accessto someone else’s files or memory, does not introduce remote or local root exploits, and does not cause inadvertent data loss or corruption. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 13 Keep OutOS X provides many benefits to the Macintosh user and developer communities. These benefits include improved reliability and performance, enhanced networking features, an object-based system programming interface, and increased support for industry standards. In creatingOS X, Apple has completely re-engineered the MacOS core operating system. Forming the foundation of OS X is the kernel. Figure 3-1 (page 14) illustrates the OS X architecture. Figure 3-1 OS X architecture Carbon Cocoa BSD Java (JDK) Classic BSD Core Services Kernel environment Application Services QuickTime Application environment The kernel provides many enhancements for OS X. These include preemption, memory protection, enhanced performance, improved networking facilities, support for both Macintosh (Extended and Standard) and non-Macintosh (UFS, ISO 9660, and so on) file systems, object-oriented APIs, and more. Two of these features, preemption and memory protection, lead to a more robust environment. In Mac OS 9, applications cooperate to share processor time. Similarly, all applications share the memory of the computer among them. Mac OS 9 is a cooperative multitasking environment. The responsiveness of all processes is compromised if even a single application doesn’t cooperate. On the other hand, real-time applications such as multimedia need to be assured of predictable, time-critical, behavior. In contrast, OS X is a preemptive multitasking environment. In OS X, the kernel provides enforcement of cooperation,scheduling processesto share time (preemption). Thissupportsreal-time behavior in applications that require it. In OS X, processes do not normally share memory. Instead, the kernel assigns each process its own address space, controlling access to these address spaces. This control ensures that no application can inadvertently access or modify another application’s memory (protection). Size is not an issue; with the virtual memory system included in OS X, each application has access to its own 4 GB address space. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 14 Kernel Architecture OverviewViewed together, all applications are said to run in user space, but this does not imply that they share memory. User space is simply a term for the combined address spaces of all user-level applications. The kernel itself has its own address space, called kernel space. In OS X, no application can directly modify the memory of the system software (the kernel). Although user processes do not share memory by default as in Mac OS 9, communication (and even memory sharing) between applications is still possible. For example, the kernel offers a rich set of primitives to permit some sharing of information among processes. These primitives include shared libraries, frameworks, and POSIX shared memory. Mach messaging provides another approach, handing memory from one process to another. Unlike Mac OS 9, however, memory sharing cannot occur without explicit action by the programmer. Darwin The OS X kernel is an Open Source project. The kernel, along with other core parts of OS X are collectively referred to as Darwin. Darwin is a complete operating system based on many of the same technologies that underlie OS X. However, Darwin does not include Apple’s proprietary graphics or applications layers, such as Quartz, QuickTime, Cocoa, Carbon, or OpenGL. Figure 3-2 (page 15) shows the relationship between Darwin and OS X. Both build upon the same kernel, but OS X adds Core Services, Application Services and QuickTime, as well as the Classic, Carbon, Cocoa, and Java (JDK) application environments. Both Darwin and OS X include the BSD command-line application environment; however, in OS X, use of environment is not required, and thus it is hidden from the user unless they choose to access it. Figure 3-2 Darwin and OS X Carbon Cocoa BSD Java (JDK) Classic BSD Core Services Kernel environment Application Services QuickTime Application environment Darwin technology is based on BSD, Mach 3.0, and Apple technologies. Best of all, Darwin technology is Open Source technology, which meansthat developers have full accessto the source code. In effect, OS X third-party developers can be part of the Darwin core system software development team. Developers can also see how Apple is doing thingsin the core operating system and adopt (or adapt) code to use within their own products. Refer to the Apple Public Source License (APSL) for details. Kernel Architecture Overview Darwin 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 15Because the same software forms the core of both OS X and Darwin, developers can create low-level software that runs on both OS X and Darwin with few, if any, changes. The only difference is likely to be in the way the software interacts with the application environment. Darwin is based on proven technology from many sources. A large portion of this technology is derived from FreeBSD, a version of 4.4BSD that offers advanced networking, performance,security, and compatibility features. Other parts of the system software, such as Mach, are based on technology previously used in Apple’s MkLinux project, in OS X Server, and in technology acquired from NeXT. Much of the code is platform-independent. All of the core operating-system code is available in source form. The core technologies have been chosen for several reasons. Mach provides a clean set of abstractions for dealing with memory management, interprocess(and interprocessor) communication (IPC), and other low-level operating-system functions. In today’s rapidly changing hardware environment, this provides a useful layer of insulation between the operating system and the underlying hardware. BSD is a carefully engineered, mature operating system with many capabilities. In fact, most of today’s commercial UNIX and UNIX-like operating systems contain a great deal of BSD code. BSD also provides a set of industry-standard APIs. New technologies,such asthe I/OKit and Network Kernel Extensions(NKEs), have been designed and engineered by Apple to take advantage of advanced capabilities,such asthose provided by an object-oriented programming model. OS X combines these new technologies with time-tested industry standards to create an operating system that is stable, reliable, flexible, and extensible. Architecture The foundation layer of Darwin and OS X is composed of several architectural components, as shown in Figure 3-3 (page 16). Taken together, these components form the kernel environment. Figure 3-3 OS X kernel architecture Common services Kernel environment Application environments Mach File system BSD Networking NKE Drivers I/O Kit Kernel Architecture Overview Architecture 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 16Important: Note that OS X uses the term kernel somewhat differently than you might expect. “A kernel, in traditional operating-system terminology, is a small nucleus of software that provides only the minimal facilities necessary for implementing additional operating-system services.” — from The Design and Implementation of the 4.4 BSD Operating System, McKusick, Bostic, Karels, and Quarterman, 1996. Similarly, in traditional Mach-based operating systems, the kernel refers to the Mach microkernel and ignores additional low-level code without which Mach does very little. In OS X, however, the kernel environment contains much more than the Mach kernel itself. The OS X kernel environment includes the Mach kernel, BSD, the I/O Kit, file systems, and networking components. These are often referred to collectively as the kernel. Each of these components is described briefly in the following sections. For further details, refer to the specific component chapters or to the reference material listed in the bibliography. Because OS X contains three basic components (Mach, BSD, and the I/O Kit), there are also frequently as many as three APIs for certain key operations. In general, the API chosen should match the part of the kernel where it is being used, which in turn is dictated by what your code is attempting to do. The remainder of this chapter describes Mach, BSD, and the I/O Kit and outlines the functionality that is provided by those components. Mach Mach manages processor resources such as CPU usage and memory, handles scheduling, provides memory protection, and provides a messaging-centered infrastructure to the rest of the operating-system layers. The Mach component provides ● untyped interprocess communication (IPC) ● remote procedure calls (RPC) ● scheduler support for symmetric multiprocessing (SMP) ● support for real-time services ● virtual memory support ● support for pagers ● modular architecture General information about Mach may be found in the chapter “Mach Overview” (page 53). Information about scheduling can be found in the chapter “Mach Scheduling and Thread Interfaces” (page 77). Information about the VM system can be found in “Memory and Virtual Memory” (page 61). Kernel Architecture Overview Architecture 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 17BSD Above the Mach layer, the BSD layer provides “OS personality” APIs and services. The BSD layer is based on the BSD kernel, primarily FreeBSD. The BSD component provides ● file systems ● networking (except for the hardware device level) ● UNIX security model ● syscall support ● the BSD process model, including process IDs and signals ● FreeBSD kernel APIs ● many of the POSIX APIs ● kernel support for pthreads (POSIX threads) The BSD component is described in more detail in the chapter “BSD Overview” (page 101). Networking OS X networking takes advantage of BSD’s advanced networking capabilities to provide support for modern features, such as Network Address Translation (NAT) and firewalls. The networking component provides ● 4.4BSD TCP/IP stack and socket APIs ● support for both IP and DDP (AppleTalk transport) ● multihoming ● routing ● multicast support ● server tuning ● packet filtering ● Mac OS Classic support (through filters) More information about networking may be found in the chapter “Network Architecture” (page 108). Kernel Architecture Overview Architecture 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 18File Systems OS X providessupport for numeroustypes of file systems, including HFS, HFS+, UFS, NFS, ISO 9660, and others. The default file-system type is HFS+; OS X boots (and “roots”) from HFS+, UFS, ISO, NFS, and UDF. Advanced features of OS X file systems include an enhanced Virtual File System (VFS) design. VFS provides for a layered architecture (file systems are stackable). The file system component provides ● UTF-8 (Unicode) support ● increased performance over previous versions of Mac OS. More information may be found in the chapter “File Systems Overview” (page 106). I/O Kit The I/O Kit provides a framework forsimplified driver development,supporting many categories of devices.The I/O Kit features an object-oriented I/O architecture implemented in a restricted subset of C++. The I/O Kit framework is both modular and extensible. The I/O Kit component provides ● true plug and play ● dynamic device management ● dynamic (“on-demand”) loading of drivers ● power management for desktop systems as well as portables ● multiprocessor capabilities The I/O Kit is described in greater detail in the chapter “I/O Kit Overview” (page 94). Kernel Extensions OS X provides a kernel extension mechanism as a means of allowing dynamic loading of pieces of code into kernel space, without the need to recompile. These pieces of code are known generically as plug-ins or, in the OS X kernel environment, as kernel extensions or KEXTs. Because KEXTs provide both modularity and dynamic loadability, they are a natural choice for any relatively self-contained service that requires access to interfaces that are not exported to user space. Many of the components of the kernel environment support this extension mechanism, though they do so in different ways. For example, some of the new networking features involve the use of network kernel extensions (NKEs). These are discussed in the chapter “Network Architecture” (page 108). Kernel Architecture Overview Kernel Extensions 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 19The ability to dynamically add a new file-system implementation is based on VFS KEXTs. Device drivers and device familiesin the I/O Kit are implemented using KEXTs. KEXTs make development much easier for developers writing drivers or those writing code to support a new volume format or networking protocol. KEXTs are discussed in more detail in the chapter “Kernel Extension Overview” (page 150). Kernel Architecture Overview Kernel Extensions 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 20Boot ROM When the power to a Macintosh computer is turned on, the BootROM firmware is activated. BootROM (which is part of the computer’s hardware) hastwo primary responsibilities: it initializessystem hardware and itselects an operating system to run. BootROM has two components to help it carry out these functions: ● POST (Power-On Self Test) initializes some hardware interfaces and verifies that sufficient memory is available and in a good state. ● EFI does basic hardware initialization and selects which operating system to use. If multiple installations of OS X are available, BootROM chooses the one that was last selected by the Startup Disk System Preference. The user can override this choice by holding down the Option key while the computer boots, which causes EFI to display a screen for choosing the boot volume. The Boot Loader Once BootROM is finished and an OS X partition has been selected, control passes to the boot.efi boot loader. The principal job of this boot loader is to load the kernel environment. As it does this, the boot loader draws the “booting” image on the screen. If full-disk encryption is enabled, the boot loader is responsible for drawing the login UI and prompting for the user’s password, which needed to accessthe encrypted disk to boot from it. (This UI is drawn by loginwindow otherwise.) In the simplest case, the boot loader can be found in the /System/Library/CoreServices directory on the root partition, in a file named boot.efi. Note: Booting from a UFS volume is deprecated as of OS X v10.5. In order to speed up boot time, the boot loader uses several caches. The contents and location of these caches varies between versions of OS X, but knowing some details about the caching may be helpful when debugging kernel extensions. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 21 The Early Boot ProcessAfter you install or modify a kernel extension, touch the /System/Library/Extensions directory; the system rebuilds the caches automatically. Important: You should not depend on the implementation details of the kernel caches in your software. In OS X v10.7, the boot loader looks for the unified prelinked kernel. This cache contains all kernel extensions that may be needed to boot a Mac with any hardware configuration, with the extensions already linked against the kernel. It islocated at /System/Library/Caches/com.apple.kext.caches/Startup/kernelcache. In OS X v10.6 and earlier, the boot loader first looks for the prelinked kernel (also called the kernel cache). This cache contains exactly the set of kernel extensions that were needed during the previous system startup, already linked against the kernel. If the prelinked kernel is missing or unusable (for example, because a hardware configuration has changed), the booter looks for the mkext cache, which contains all kernel extensions that may be needed to boot the system. Using the mkext cache is much slower because the linker must be run. On OS X v10.5 and v10.6, these caches are located in /System/Library/Caches/com.apple.kext.caches/Startup/; on previous versions of OS X, it was located at /System/Library/Caches/com.apple.kernelcaches/. Finally, if the caches cannot be used, the boot loader searches /System/Library/Extensions for drivers and other kernel extensions whose OSBundleRequired property is set to a value appropriate to the type of boot (for example, local or network boot). This process is very slow, because the Info.plist file of every kernel extension must be parsed, and then the linker must be run. For more information on how drivers are loaded, see I/O Kit Fundamentals, the manual page for kextcache, and Kernel Extension Programming Topics. Rooting Once the kernel and all drivers necessary for booting are loaded, the boot loaderstartsthe kernel’sinitialization procedure. At this point, enough drivers are loaded for the kernel to find the root device. The kernel initializes the Mach and BSD data structures and then initializes the I/O Kit. The I/O Kit links the loaded drivers into the kernel, using the device tree to determine which drivers to link. Once the kernel finds the root device, it roots(*) BSD off of it. The Early Boot Process Rooting 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 22Note: As a terminology aside, the term “boot” was historically reserved for loading a bootstrap loader and kernel off of a disk or partition. In more recent years, the usage has evolved to allow a second meaning: the entire process from initial bootstrap until the OS is generally usable by an end user. In this case, the term is used according to the former meaning. As used here, the term “root” refersto mounting a partition asthe root, or top-level, filesystem. Thus, while the OS boots off of the root partition, the kernel rootsthe OS off of the partition before executing startup scripts from it. Boot≠Root is a technology that allows the system to boot from a partition other than the root partition. This is used to boot systems where the root partition is encrypted using full-disk encryption, or where the root partition islocated on a device which requires additional drivers(such as a RAID array). Boot≠Root uses a helper partition to store the files needed to boot, such as the kernel cache. For more information on how to set up the property in a filter-scheme driver,see “Developing a Filter Scheme” in Mass StorageDeviceDriver Programming Guide . The Early Boot Process Rooting 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 23Kernel-level security can mean many things, depending on what kind of kernel code you are writing. This chapter points out some common security issues at the kernel or near-kernel level and where applicable, describes ways to avoid them. These issues are covered in the following sections: ● “Security Implications of Paging” (page 25) ● “Buffer Overflows and Invalid Input” (page 26) ● “User Credentials” (page 27) ● “Remote Authentication” (page 29) ● “Temporary Files” (page 31) ● “/dev/mem and /dev/kmem” (page 31) ● “Key-based Authentication and Encryption” (page 32) ● “Console Debugging” (page 36) ● “Code Passing” (page 37) Many of these issues are also relevant for application programming, but are crucial for programmers working in the kernel. Others are special considerations that application programers might not expect or anticipate. Note: The terms cleartext and plaintext both refer to unencrypted text. These terms can generally be used interchangeably, although in some circles, the term cleartext is restricted to unencrypted transmission across a network. However, in other circles, the term plaintext (orsometimes plain text) refers to plain ASCII text (as opposed to HTML or rich text. To avoid any potential confusion, this chapter will use the term cleartext to refer to unencrypted text. In order to understand security in OS X, it is important to understand that there are two security models at work. One of these is the kernel security model, which is based on users, groups, and very basic per-user and per-group rights, which are, in turn, coupled with access control lists for increased flexibility. The other is a user-level security model, which is based on keys, keychains, groups, users, password-based authentication, and a host of other details that are beyond the scope of this document. The user level of security contains two basic features that you should be aware of as a kernel programmer: Security Server and Keychain Manager. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 24 Security ConsiderationsThe Security Server consists of a daemon and various accesslibrariesfor caching permission to do certain tasks, based upon various means of authentication, including passwords and group membership. When a program requests permission to do something, the Security Server basically says “yes” or “no,” and caches that decision so that further requestsfrom that user (forsimilar actions within a single context) do not require reauthentication for a period of time. The Keychain Manager is a daemon that provides services related to the keychain, a central repository for a user’s encryption/authentication keys. For more high level information on keys,see “Key-based Authentication and Encryption” (page 32). The details of the user-level security model use are far beyond the scope of this document. However, if you are writing an application that requires services of this nature, you should consider taking advantage of the Security Server and Keychain Manager from the user-space portion of your application, rather than attempting equivalent services in the kernel. More information about these services can be found in Apple’s Developer Documentation website at http://developer.apple.com/documentation. Security Implications of Paging Paging has long been a major problem for security-conscious programmers. If you are writing a program that does encryption, the existence of even a small portion of the cleartext of a document in a backing store could be enough to reduce the complexity of breaking that encryption by orders of magnitude. Indeed, many types of data,such as hashes, unencrypted versions ofsensitive data, and authentication tokens, should generally not be written to disk due to the potential for abuse. This raises an interesting problem. There is no good way to deal with this in user space (unless a program is running as root). However, for kernel code, it is possible to prevent pages from being written out to a backing store. This process is referred to as “wiring down” memory, and is described further in “Memory Mapping and Block Copying” (page 125). The primary purpose of wired memory is to allow DMA-based I/O. Since hardware DMA controllers generally do not understand virtual addressing, information used in I/O must be physically in memory at a particular location and must not move until the I/O operation is complete. This mechanism can also be used to prevent sensitive data from being written to a backing store. Because wired memory can never be paged out (until it is unwired), wiring large amounts of memory has drastic performance repercussions, particularly on systems with small amounts of memory. For this reason, you should take care not to wire down memory indiscriminately and only wire down memory if you have a very good reason to do so. In OS X, you can wire down memory at allocation time or afterwards. To wire memory at allocation time: ● In I/O Kit, call IOMalloc and IOFree to allocate and free wired memory. Security Considerations Security Implications of Paging 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 25● In other kernel extensions, call OSMalloc and OSFree and pass a tag type whose flags are set to OSMT_DEFAULT. ● In user space code, allocate page-sized quantities with your choice of API, and then call mlock(2) to wire them. ● Inside the kernel itself (not in kernel extensions), you can also use kmem_alloc and related functions. For more information on wired memory, see “Memory Mapping and Block Copying” (page 125). Buffer Overflows and Invalid Input Buffer overflows are one of the more common bugs in both application and kernel programming. The most common cause is failing to allocate space for the NULL character that terminates a string in C or C++. However, user input can also cause buffer overflows if fixed-size input buffers are used and appropriate care is not taken to prevent overflowing these buffers. The most obvious protection, in this case, is the best one. Either don’t use fixed-length buffers or add code to reject or truncate input that overflows the buffer. The implementation details in either case depend on the type of code you are writing. For example, if you are working with strings and truncation is acceptable, instead of using strcpy, you should use strlcpy to limit the amount of data to copy. OS X provides length-limited versions of a number of string functions, including strlcpy, strlcat, strncmp, snprintf, and vsnprintf. If truncation of data is not acceptable, you must explicitly call strlen to determine the length of the input string and return an error if it exceeds the maximum length (one less than the buffer size). Other types of invalid input can be somewhat harder to handle, however. As a general rule, you should be certain that switch statements have a default case unless you have listed every legal value for the width of the type. A common mistake is assuming that listing every possible value of an enum type provides protection. An enum is generally implemented as either a char or an int internally. A careless or malicious programmer could easily pass any value to a kernel function, including those not explicitly listed in the type, simply by using a different prototype that defines the parameter as, for example, an int. Another common mistake is to assume that you can dereference a pointer passed to your function by another function. You should always check for null pointers before dereferencing them. Starting a function with int do_something(bufptr *bp, int flags) { Security Considerations Buffer Overflows and Invalid Input 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 26char *token = bp->b_data; isthe surest way to guarantee thatsomeone else will passin a null buffer pointer, either maliciously or because of programmer error. In a user program, this is annoying. In a file system, it is devastating. Security is particularly important for kernel code that draws input from a network. Assumptions about packet size are frequently the cause of security problems. Always watch for packets that are too big and handle them in a reasonable way. Likewise, always verify checksums on packets. This can help you determine if a packet was modified, damaged, or truncated in transit, though it is far from foolproof. If the validity of data from a network is of vital importance, you should use remote authentication, signing, and encryption mechanisms such as those described in “Remote Authentication” (page 29) and “Key-based Authentication and Encryption” (page 32). User Credentials As described in the introduction to this chapter, OS X has two different means of authenticating users. The user-levelsecurity model (including the Keychain Manager and the Security Server) is beyond the scope of this document. The kernel security model, however, is of greater interest to kernel developers, and is much more straightforward than the user-level model. The kernel security model is based on two mechanisms: basic user credentials and ACL permissions. The first, basic user credentials, are passed around within the kernel to identify the current user and group of the calling process. The second authentication mechanism, access control lists (ACLs), provides access control at a finer level of granularity. One of the most important things to remember when working with credentials is that they are per process, not per context. This is important because a process may not be running as the console user. Two examples of this are processes started from an ssh session (since ssh runs in the startup context) and setuid programs (which run as a different user in the same login context). It is crucial to be aware of these issues. If you are communicating with a setuid root GUI application in a user’s login context, and if you are executing another application or are reading sensitive data, you probably want to treat it as if it had the same authority as the console user, not the authority of the effective user ID caused by running setuid. This is particularly problematic when dealing with programs that run as setuid root if the console user is not in the admin group. Failure to perform reasonable checks can lead to major security holes down the road. However, this is not a hard and fast rule. Sometimes it is not obvious whether to use the credentials of the running process or those of the console user. In such cases, it is often reasonable to have a helper application show a dialog box on the console to require interaction from the console user. If this is not possible, a good Security Considerations User Credentials 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 27rule of thumb is to assume the lesser of the privileges of the current and console users, as it is almost always better to have kernel code occasionally fail to provide a needed service than to provide that service unintentionally to an unauthorized user or process. It is generally easier to determine the console user from a user space application than from kernel space code. Thus, you should generally do such checks from user space. If that is not possible, however, the variable console_user (maintained by the VFS subsystem) will give you the uid of the last owner of /dev/console (maintained by a bit of code in the chown system call). Thisis certainly not an idealsolution, but it does provide the most likely identity of the console user. Since this is only a “best guess,” however, you should use this only if you cannot do appropriate checking in user space. Basic User Credentials Basic user credentials used in the kernel are stored in a variable of type struct ucred. These are mostly used in specialized parts of the kernel—generally in places where the determining factor in permissions is whether or not the caller is running as the root user. This structure has four fields: ● cr_ref—reference count (used internally) ● cr_uid—user ID ● cr_ngroups—number of groups in cr_groups ● cr_groups[NGROUPS]—list of groups to which the user belongs Thisstructure has an internal reference counter to prevent unintentionally freeing the memory associated with it while it is still in use. For this reason, you should not indiscriminately copy this object but should instead either use crdup to duplicate it or use crcopy to duplicate it and (potentially) free the original. You should be sure to crfree any copies you might make. You can also create a new, empty ucred structure with crget. The prototypes for these functions follow: ● struct ucred *crdup(struct ucred *cr) ● struct ucred *crcopy(struct ucred *cr) ● struct ucred *crget(void) ● void crfree(struct ucred *cr) Security Considerations User Credentials 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 28Note: Functions for working with basic user credential are not exported outside of the kernel, and thus are not generally available to kernel extensions. Access Control Lists Access control lists are a new feature in OS X v10.4. Access control lists are primarily used in the file system portion of the OS X kernel, and are supported through the use of the kauth API. The kauth API is described in the header file /System/Library/Frameworks/Kernel.framework/Headers/sys/kauth.h. Because this API is still evolving, detailed documentation is not yet available. Remote Authentication This is one of the more difficult problems in computer security: the ability to identify someone connecting to a computer remotely. One of the mostsecure methodsisthe use of public key cryptography, which is described in more detail in “Key-based Authentication and Encryption” (page 32). However, many other means of authentication are possible, with varying degrees of security. Some other authentication schemes include: ● blind trust ● IP-only authentication ● password (shared secret) authentication ● combination of IP and password authentication ● one-time pads (challenge-response) ● time-based authentication Most of these are obvious, and require no further explanation. However, one-time pads and time-based authentication may be unfamiliar to many people outside security circles, and are thus worth mentioning in more detail. Security Considerations Remote Authentication 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 29One-Time Pads Based on the concept of “challenge-response” pairs, one-time pad (OTP) authentication requires that both parties have an identical list of pairs of numbers, words, symbols, or whatever, sorted by the first item. When trying to access a remote system, the remote system prompts the user with a challenge. The user finds the challenge in the first column, then sends back the matching response. Alternatively, this could be an automated exchange between two pieces of software. For maximum security, no challenge should ever be issued twice. For this reason, and because these systems were initially implemented with a paper pad containing challenge-response, or CR pairs, such systems are often called one-time pads. The one-time nature of OTP authentication makesit impossible forsomeone to guessthe appropriate response to any one particular challenge by a brute force attack (by responding to that challenge repeatedly with different answers). Basically, the only way to break such a system, short of a lucky guess, is to actually know some portion of the contents of the list of pairs. For this reason, one-time pads can be used over insecure communication channels. If someone snoops the communication, they can obtain that challenge-response pair. However, that information is of no use to them, since that particular challenge will never be issued again. (It does not even reduce the potential sample space for responses, since only the challenges must be unique.) Time-based authentication Thisis probably the least understood means of authentication, though it is commonly used by such technologies as SecurID. The concept isrelatively straightforward. You begin with a mathematical function that takes a small number of parameters (two, for example) and returns a new parameter. A good example of such a function is the function that generates the set of Fibonacci numbers (possibly truncated after a certain number of bits, with arbitrary initial seed values). Take this function, and add a third parameter, t, representing time in units of k seconds. Make the function be a generating function on t, with two seed values, a and b, where f(x,y) = (x + y) MOD (2 32 ) g(t) = a, 0 t k g(t) = b, k t 2k g(t) = f (g( log k t -2),g( log k t -1)) Security Considerations Remote Authentication 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 30In other words, every k seconds, you calculate a new value based on the previous two and some equation. Then discard the oldest value, replacing it with the second oldest value, and replace the second oldest value with the value that you just generated. As long as both ends have the same notion of the current time and the original two numbers, they can then calculate the most recently generated number and use this as a shared secret. Of course, if you are writing code that does this, you should use a closed form of this equation, since calculating Fibonacci numbers recursively without additional storage grows at O(2^(t/k)), which is not practical when t is measured in years and k is a small constant measured in seconds. The security ofsuch a scheme depends on various properties of the generator function, and the details ofsuch a function are beyond the scope of this document. For more information, you should obtain an introductory text on cryptography,. such as Bruce Schneier’s Applied Cryptography . Temporary Files Temporary files are a major source of security headaches. If a program does not set permissions correctly and in the right order, this can provide a means for an attacker to arbitrarily modify or read these files. The security impact of such modifications depends on the contents of the files. Temporary files are of much less concern to kernel programmers,since most kernel code does not use temporary files. Indeed, kernel code should generally not use files at all. However, many people programming in the kernel are doing so to facilitate the use of applicationsthat may use temporary files. Assuch, thisissue is worth noting. The most common problem with temporary files is that it is often possible for a malicious third party to delete the temporary file and substitute a different one with relaxed permissions in its place. Depending on the contents of the file, this could range from being a minor inconvenience to being a relatively large security hole, particularly if the file contains a shell script that is about to be executed with the permissions of the program’s user. /dev/mem and /dev/kmem One particularly painfulsurprise to people doing security programming in most UNIX or UNIX-like environments is the existence of /dev/mem and /dev/kmem. These device files allow the root user to arbitrarily access the contents of physical memory and kernel memory, respectively. There is absolutely nothing you can do to prevent this. From a kernel perspective, root is omnipresent and omniscient. If this is a security concern for your program, then you should consider whether your program should be used on a system controlled by someone else and take the necessary precautions. Security Considerations Temporary Files 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 31Note: Support for /dev/kmem is being phased out. It is not available on Intel-based Macintosh computers in OS X v10.4. In the future, it will be removed entirely. It is not possible to write device drivers that access PCI device memory through /dev/mem in OS X. If you need to support such a driver, you must write a kernel stub driver that matches against the device and mapsits memory space into the addressspace of the user process. For more information, read about user clients in I/O Kit Fundamentals. Key-based Authentication and Encryption Key-based authentication and encryption are ostensibly some of the more secure means of authentication and encryption, and can exist in many forms. The most common forms are based upon a shared secret. The DES, 3DES (triple-DES), IDEA, twofish, and blowfish ciphers are examples of encryption schemes based on a shared secret. Passwords are an example of an authentication scheme based on a shared secret. The idea behind most key-based encryption is that you have an encryption key of some arbitrary length that is used to encode the data, and that same key is used in the opposite manner (or in some cases, in the same manner) to decode the data. The problem with shared secret security is that the initial key exchange must occur in a secure fashion. If the integrity of the key is compromised during transmission, the data integrity is lost. This is not a concern if the key can be generated ahead of time and placed at both transport endpoints in a secure fashion. However, in many cases, this is not possible or practical because the two endpoints (be they physical devices or system tasks) are controlled by different people or entities. Fortunately, an alternative exists, known as zero-knowledge proofs. The concept of a zero-knowledge proof is that two seemingly arbitrary key values, x and y, are created, and that these values are related by some mathematical function ƒ in such a way that ƒ(ƒ(a,k1),k2) = a That is, applying a well-known function to the original cleartext using the first key results in ciphertext which, when that same function is applied to the ciphertext using the second key returns the original data. This is also reversible, meaning that ƒ(ƒ(a,k2),k1) = a Security Considerations Key-based Authentication and Encryption 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 32If the function f is chosen correctly, it is extremely difficult to derive x from y and vice-versa, which would mean that there is no function that can easily transform the ciphertext back into the cleartext based upon the key used to encode it. An example of this is to choose the mathematical function to be f(a,k)=((a*k) MOD 256) + ((a*k)/256) where a is a byte of cleartext, and k is some key 8 bits in length. This is an extraordinarily weak cipher, since the function f allows you to easily determine one key from the other, but it is illustrative of the basic concept. Pick k1 to be 8 and k2 to be 32. So for a=73, (a * 8)=584. This takes two bytes, so add the bits in the high byte to the bits of the low byte, and you get 74. Repeat this process with 32. This gives you 2368. Again, add the bits from the high byte to the bits of the low byte, and you have 73 again. This mathematical concept (with very different functions), when put to practical use, is known as public key (PK) cryptography, and forms the basis for RSA and DSA encryption. Public Key Weaknesses Public key encryption can be very powerful when used properly. However, it has a number of inherent weaknesses. A complete explanation of these weaknesses is beyond the scope of this document. However, it is important that you understand these weaknesses at a high level to avoid falling into some common traps. Some commonly mentioned weakness of public key cryptography include: ● Trust model for key exchange ● Pattern sensitivity ● Short data weakness Trust Models The most commonly discussed weakness of public key cryptography is the initial key exchange process itself. If someone manages to intercept a key during the initial exchange, he or she could instead give you his or her own public key and intercept messages going to the intended party. This is known as a man-in-the-middle attack. For such services as ssh, most people either manually copy the keys from one server to another or simply assume that the initial key exchange was successful. For most purposes, this is sufficient. In particularly sensitive situations, however, this is not good enough. For this reason, there is a procedure known as key signing. There are two basic models for key signing: the central authority model and the web of trust model. Security Considerations Key-based Authentication and Encryption 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 33The central authority model is straightforward. A central certifying agency signs a given key, and says that they believe the owner of the key is who he or she claims to be. If you trust that authority, then by association, you trust keys that the authority claims are valid. The web of trust model is somewhat different. Instead of a central authority, individuals sign keys belonging to other individuals. By signing someone’s key, you are saying that you trust that the person is really who he or she claims to be and that you believe that the key really belongs to him or her. The methods you use for determining that trust will ultimately impact whether others trust your signatures to be valid. There are many different ways of determining trust, and thus many groups have their own rulesfor who should and should not sign someone else’s key. Those rules are intended to make the trust level of a key depend on the trust level of the keys that have signed it. The line between central authorities and web of trust models is not quite as clear-cut as you might think, however. Many central authorities are hierarchies of authorities, and in some cases, they are actually webs of trust among multiple authorities. Likewise, many webs of trust may include centralized repositories for keys. While those repositories don’t provide any certification of the keys, they do provide centralized access. Finally, centralized authorities can easily sign keys as part of a web of trust. There are many websites that describe webs of trust and centralized certification schemes. A good general description of several such models can be found at http://world.std.com/~cme/html/web.html. Sensitivity to Patterns and Short Messages Existing public key encryption algorithms do a good job at encrypting semi-random data. They fallshort when encrypting data with certain patterns, as these patterns can inadvertently reveal information about the keys. The particular patterns depend on the encryption scheme. Inadvertently hitting such a pattern does not allow you to determine the private key. However, they can reduce the search space needed to decode a given message. Short data weakness is closely related to pattern sensitivity. If the information you are encrypting consists of a single number, for example the number 1, you basically get a value that is closely related mathematically to the public key. If the intent is to make sure that only someone with the private key can get the original value, you have a problem. In other words, public key encryption schemes generally do not encrypt all patterns equally well. For thisreason (and because public key cryptography tendsto be slower than single key cryptography), public keys are almost never used to encrypt end-user data. Instead, they are used to encrypt a session key. This session key is then used to encrypt the actual data using a shared secret mechanism such as 3DES, AES, blowfish, and so on. Security Considerations Key-based Authentication and Encryption 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 34Using Public Keys for Message Exchange Public key cryptography can be used in many ways. When both keys are private, it can be used to send data back and forth. However this use is no more useful than a shared secret mechanism. In fact, it is frequently weaker, for the reasons mentioned earlier in the chapter. Public key cryptography becomes powerful when one key is made public. Assume that Ernie and Bert want to send coded messages. Ernie gives Bert his public key. Assuming that the key was not intercepted and replaced with someone else’s key, Bert can now send data to Ernie securely, because data encrypted with the public key can only be decrypted with the private key (which only Ernie has). Bert uses this mechanism to send a shared secret. Bert and Ernie can now communicate with each other using a shared secret mechanism, confident in the knowledge that no third party has intercepted that secret. Alternately, Bert could give Ernie his public key, and they could both encrypt data using each other’s public keys, or more commonly by using those public keys to encrypt a session key and encrypting the data with that session key. Using Public Keys for Identity Verification Public key cryptography can also be used for verification of identity. Kyle wants to know if someone on the Internet who claims to be Stan is really Stan. A few months earlier, Stan handed Kyle his public key on a floppy disk. Thus, since Kyle already has Stan’s public key (and trusts the source of that key), he can now easily verify Stan’s identity. To achieve this, Kyle sends a cleartext message and asks Stan to encrypt it. Stan encrypts it with his private key. Kyle then uses Stan’s public key to decode the ciphertext. If the resulting cleartext matches, then the person on the other end must be Stan (unless someone else has Stan’s private key). Using Public Keys for Data Integrity Checking Finally, public key cryptography can be used for signing. Ahmed is in charge of meetings of a secret society called the Stupid Acronym Preventionists club. Abraham is a member of the club and gets a TIFF file containing a notice of their next meeting, passed on by way of a fellow member of the science club, Albert. Abraham is concerned, however, that the notice might have come from Bubba, who is trying to infiltrate the SAPs. Ahmed, however, was one step ahead, and took a checksum of the original message and encrypted the checksum with his private key, and sent the encrypted checksum as an attachment. Abraham used Ahmed’s public key to decrypt the checksum, and found that the checksum did not match that of the actual document. He wisely avoided the meeting. Isaac, however, was tricked into revealing himself as a SAP because he didn’t remember to check the signature on the message. Security Considerations Key-based Authentication and Encryption 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 35The moral of thisstory? One should always beware of geekssharing TIFFs—that is, if the security ofsome piece of data isimportant and if you do not have a direct,secure means of communication between two applications, computers, people, and so on, you must verify the authenticity of any communication using signatures, keys, or some other similar method. This may save your data and also save face. Encryption Summary Encryption is a powerful technique for keeping data secure if the initial key exchange occursin a secure fashion. One meansfor thisisto have a public key,stored in a well-known (and trusted) location. This allowsfor one-way encrypted communication through which a shared secret can be transferred for later two-way encrypted communication. You can use encryption not only for protecting data, but also for verifying the authenticity of data by encrypting a checksum. You can also use it to verify the identity of a client by requiring that the client encrypt some random piece of data as proof that the client holds the appropriate encryption key. Encryption, however, is not the final word in computer security. Because it depends on having some form of trusted key exchange, additional infrastructure is needed in order to achieve total security in environments where communication can be intercepted and modified. Console Debugging Warning: Failure to follow this advice can unintentionally expose security-critical information. In traditional UNIX and UNIX-like systems, the console is owned by root. Only root sees console messages. For this reason, print statements in the kernel are relatively secure. In OS X, any user can run the Console application. This represents a major departure from other UNIX-like systems. While it is never a good idea to include sensitive information in kernel debugging statements, it is particularly important not to do so in OS X. You must assume that any information displayed to the console could potentially be read by any user on the system (since the console is virtualized in the form of a user-viewable window). Printing any information involving sensitive data, including its location on disk or in memory, represents a security hole, however slight, and you should write your code accordingly. Obviously this is of less concern if that information is only printed when the user sets a debugging flag somewhere, but for normal use, printing potentially private information to the console is strongly discouraged. Security Considerations Console Debugging 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 36You must also be careful not to inadvertently print information that you use for generating password hashes or encryption keys, such as seed values passed to a random number generator. This is, by necessity, not a complete list of information to avoid printing to the console. You must use your own judgement when deciding whether a piece of information could be valuable if seen by a third party, and then decide if it is appropriate to print it to the console. Code Passing There are many ways of passing executable code into the kernel from user space. For the purposes of this section, executable code is not limited to compiled object code. It includes any instructions passed into the kernel that significantly affect control flow. Examples of passed-in executable code range from simple rules such as the filtering code uploaded in many firewall designs to bytecode uploads for a SCSI card. If it is possible to execute your code in user space, you should not even contemplate pushing code into the kernel. For the rare occasion where no other reasonable solution exists, however, you may need to pass some form of executable code into the kernel. This section explains some of the security ramifications of pushing code into the kernel and the level of verification needed to ensure consistent operation. Here are some guidelines to minimize the potential for security holes: 1. No raw object code. Direct execution of code passed in from user space is very dangerous. Interpreted languages are the only reasonable solution for this sort of problem, and even this is fraught with difficulty. Traditional machine code can’t be checked sufficiently to ensure security compliance. 2. Bounds checking. Since you are in the kernel, you are responsible for making sure that any uploaded code does not randomly access memory and does not attempt to do direct hardware access. You would normally make this a feature of the language itself, restricting access to the data element on which the bytecode is operating. 3. Termination checking. With very, very few exceptions, the language chosen should be limited to code that can be verified to terminate, and you should verify accordingly. If your driver is stuck in a tightly rolled loop, it is probably unable to do its job, and may impact overall system performance in the process. A language that does not allow (unbounded) loops (for example, allowing for but not while or goto could be one way to ensure termination. 4. Validity checking. Security Considerations Code Passing 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 37Your bytecode interpreter would be responsible for checking ahead for any potentially invalid operations and taking appropriate punitive actions against the uploaded code. For example, if uploaded code is allowed to do math, then proper protection must be in place to handle divide by zero errors. 5. Sanity checking. You should verify that the output is something remotely reasonable, if possible. It is not always possible to verify that the output is correct, but it is generally possible to create rules that prevent egregiously invalid output. For example, a network filter rule should output something resembling packets. If the checksums are bad, or if other information is missing or corrupt, clearly the uploaded code is faulty, and appropriate actions should be taken. It would be highly inappropriate for OS X to send out bad network traffic. In general, the more restrictive the language set, the lower the security risk. For example, interpreting simple network routing policies is less likely to be a security problem than interpreting packet rewriting rules, which is less likely to be an issue than running Java bytecode in the kernel. As with anything else, you must carefully weigh the potential benefits against the potential drawbacks and make the best decision given the information available. Security Considerations Code Passing 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 38Performance is a key aspect of any software system. Nowhere is this more true than in the kernel, where small performance problems tend to be magnified by repeated execution. For this reason, it is extremely important that your code be as efficient as possible. This chapter discusses the importance of low interrupt latency and fine-grained locking and tells you how to determine what portions of your code would benefit most from more efficient design. Interrupt Latency In OS X, you will probably never need to write code that runs in an interrupt context. In general, only motherboard hardware requires this. However, in the unlikely event that you do need to write code in an interrupt context, interrupt latency should be a primary concern. Interrupt latency refers to the delay between an interrupt being generated and an interrupt handler actually beginning to service that interrupt. In practice, the worst case interrupt latency is closely tied to the amount of time spent in supervisor mode (also called kernel mode) with interrupts off while handling some other interrupt. Low interrupt latency is necessary for reasonable overall performance, particularly when working with audio and video. In order to have reasonable soft real-time performance (for example, performance of multimedia applications), the interrupt latency caused by every device driver must be both small and bounded. OS X takes great care to bound and minimize interrupt latency for built-in drivers. It doesthis primarily through the use of interrupt service threads (also known as I/O service threads). When OS X takes an interrupt, the low-level trap handlers call up to a generic interrupt handling routine that clears the pending interrupt bit in the interrupt controller and calls a device-specific interrupt handler. That device-specific handler, in turn, sends a message to an interrupt service thread to notify it that an interrupt has occurred, and then the handler returns. When no further interrupts are pending, control returns to the currently executing thread. The next time the interrupt service thread is scheduled, it checks to see if an interrupt has occurred, then services the interrupt. As the name suggests, this actually is happening in a thread context, not an interrupt context. This design causes two major differences from traditional operating system design: ● Interrupt latency is near zero, since the code executing in an interrupt context is very small. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 39 Performance Considerations● It is possible for an interrupt to occur while a device driver is executing. This means that traditional (threaded) device drivers can be preempted and must use locking or other similar methods to protect any shared data (although they need to do so anyway to work on computers with multiple processors). This model is crucial to the performance of OS X. You should not attempt to circumvent this design by doing large amounts of work in an interrupt context. Doing so will be detrimental to the overall performance of the system. Locking Bottlenecks It is difficult to communicate data between multiple threads or between thread and interrupt contexts without using locking or other synchronization. This locking protects your data from getting clobbered by another thread. However, it also has the unfortunate side effect of being a potential bottleneck. In some types of communication (particularly n-way), locking can dramatically hinder performance by allowing only one thing to happen at a time. Read-write locks, discussed in “Synchronization Primitives” (page 128), can help alleviate this problem in the most common situation where multiple clients need to be able to read information but only rarely need to modify that data. However, there are many cases where read-write locks are not helpful. This section discusses some possible problems and ways of improving performance within those constraints. Working With Highly Contended Locks When many threads need to obtain a lock (or a small number of threads need to obtain a lock frequently), this lock is considered highly contended. Highly contended locks frequently represent faulty code design, but they are sometimes unavoidable. In those cases, the lock tends to become a major performance bottleneck. Take, for example, the issue of many-to-many communication that must be synchronized through a common buffer. While some improvement can be gained by using read-write locks instead of an ordinary mutex, the issue of multiple writers means that read-write locks still perform badly. One possible solution for this many-to-many communication problem is to break the lock up into multiple locks. Instead of sharing a single buffer for the communication itself, make a shared buffer that contains accounting information for the communication (for example, a list of buffers available for reading). Then assign each individual buffer its own lock. The readers might then need to check several locations to find the right data, but this still frequently yields better performance, since writers must only contend for a write lock while modifying the accounting information. Performance Considerations Locking Bottlenecks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 40Anothersolution for many-to-many communicationsisto eliminate the buffer entirely and communicate using message passing, sockets, IPC, RPC, or other methods. Yet another solution is to restructure your code in a way that the locking is unnecessary. This is often much more difficult. One method that is often helpful isto take advantage of flags and atomic increments, as outlined in the next paragraph. For simplicity, a single-writer, single-reader example is presented, but it is possible to extend this idea to more complicated designs. Take a buffer with some number of slots. Keep a read index and a write index into that buffer. When the write index and read index are the same, there is no data in the buffer. When writing, clear the next location. Then do an atomic increment on the pointer. Write the data. End by setting a flag at that new location that says that the data is valid. Note that this solution becomes much more difficult when dealing with multiple readers and multiple writers, and as such, is beyond the scope of this section. Reducing Contention by Decreasing Granularity One of the fundamental properties of locksis granularity. The granularity of a lock refersto the amount of code or data that it protects. A lock that protects a large block of code or a large amount of data is referred to as a coarse-grained lock, while a lock that protects only a small amount of code or data isreferred to as a fine-grained lock. A coarse-grained lock is much more likely to be contended (needed by one thread while being held by another) than a more finely grained lock. There are two basic ways of decreasing granularity. The first is to minimize the amount of code executed while a lock is held. For example, if you have code that calculates a value and stores it into a table, don’t take the lock before calling the function and release it after the function returns. Instead, take the lock in that piece of code right before you write the data, and release it as soon as you no longer need it. Of course, reducing the amount of protected code is not always possible or practical if the code needs to guarantee consistency where the value it is writing depends on other values in the table, since those values could change before you obtain the lock, requiring you to go back and redo the work. It is also possible to reduce granularity by locking the data in smaller units. In the above example, you could have a lock on each cell of the table. When updating cells in the table, you would start by determining the cells on which the destination cell depends, then lock those cells and the destination cell in some fixed order. (To avoid deadlock, you must always either lock cells in the same order or use an appropriate try function and release all locks on failure.) Once you have locked all the cells involved, you can then perform your calculation and release the locks, confident that no other thread has corrupted your calculations. However, by locking on a smaller unit of data, you have also reduced the likelihood of two threads needing to access the same cell. Performance Considerations Locking Bottlenecks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 41A slightly more radical version of this is to use read-write locks on a per-cell basis and always upgrade in a particular order. This is, however, rather extreme, and difficult to do correctly. Code Profiling Code profiling means determining how often certain pieces of code are executed. By knowing how frequently a piece of code is used, you can more accurately gauge the importance of optimizing that piece of code. There are a number of good tools for profiling user space applications. However, code profiling in the kernel is a very different beast, since it isn’t reasonable to attach to it like you would a running process. (It is possible by using a second computer, but even then, it is not a trivial task.) This section describes two useful ways of profiling your kernel code: counters and lock profiling. Any changes you make to allow code profiling should be done only during development. These are not the sort of changes that you want to release to end users. Using Counters for Code Profiling The first method of code profiling is with counters. To profile a section of code with a counter, you must first create a global variable whose name describesthat piece of code and initialize it to zero. You then add something like #ifdef PROFILING foo_counter++; #endif in the appropriate piece of code. If you then define PROFILING, that counter is created and initialized to zero, then incremented each time the code in question is executed. One small snag with this sort of profiling is the problem of obtaining the data. This can be done in several ways. The simplest is probably to install a sysctl, using the address of foo_counter as an argument. Then, you could simply issue the sysctl command from the command line and read or clear the variable. Adding a sysctl is described in more detail in “BSD sysctl API ” (page 117). In addition to using sysctl, you could also obtain the data by printing its value when unloading the module (in the case of a KEXT) or by using a remote debugger to attach to the kernel and directly inspecting the variable. However, a sysctl provides the most flexibility. With a sysctl, you can sample the value at any time, not just when the module is unloaded. The ability to arbitrarily sample the value makes it easier to determine the importance of a piece of code to one particular action. Performance Considerations Code Profiling 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 42If you are developing code for use in the I/O Kit, you should probably use your driver’s setProperties call instead of a sysctl. Lock Profiling Lock profiling is another useful way to find the cause of code inefficiency. Lock profiling can give you the following information: ● how many times a lock was taken ● how long the lock was held on average ● how often the lock was unavailable Put another way, this allows you to determine the contention of a lock, and in so doing, can help you to minimize contention by code restructuring. There are many different ways to do lock profiling. The most common way is to create your own lock calls that increment a counter and then call the real locking functions. When you move from debugging into a testing cycle before release, you can then replace the functions with defines to cause the actual functions to be called directly. For example, you might write something like this: extern struct timeval time; boolean_t mymutex_try(mymutex_t *lock) { int ret; ret=mutex_try(lock->mutex); if (ret) { lock->tryfailcount++; } return ret; } void mymutex_lock(mymutex_t *lock) { if (!(mymutex_try(lock))) { mutex_lock(lock->mutex); } lock->starttime = time.tv_sec; } void mymutex_unlock(mymutex_t *lock) { Performance Considerations Code Profiling 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 43lock->lockheldtime += (time.tv_sec - lock->starttime); lock->heldcount++; mutex_unlock(lock->mutex); } This routine has accuracy only to the nearest second, which is not particularly accurate. Ideally, you want to keep track of both time.tv_sec and time.tv_usec and roll the microseconds into seconds as the number gets large. From this information, you can obtain the average time the lock was held by dividing the total time held by the number of times it was held. It also tells you the number of times a lock was taken immediately instead of waiting, which is a valuable piece of data when analyzing contention. As with counter-based profiling, after you have written code to record lock use and contention, you must find a way to obtain that information. A sysctl is a good way of doing this, since it is relatively easy to implement and can provide a “snapshot” view of the data structure at any point in time. For more information on adding a sysctl, see “BSD sysctl API ” (page 117). Another way to do lock profiling isto use the built-in ETAP (Event Trace Analysis Package). This package consists of additional code designed for lock profiling. However, since this requires a kernel recompile, it is generally not recommended. Performance Considerations Code Profiling 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 44As described in “Keep Out” (page 13), programming in the kernel is fraught with hazards that can cause instability, crashes, or security holes. In addition to these issues, programming in the kernel has the potential for compatibility problems. If you program only to the interfaces discussed in this document or other Apple documents, you will avoid the majority of these. However, even limiting yourself to documented interfaces does not protect you from a handful of pitfalls. The biggest potential problem that you face is namespace collision, which occurs when your function, variable, or class name is the same as someone else’s. Since this makes one kernel extension or the other fail to load correctly (in a non-deterministic fashion), Apple has established function naming conventions for C and C++ code within the kernel. These are described in “Standard C Naming Conventions” (page 47) and “C++ Naming Conventions” (page 45), respectively. In addition to compatibility problems, kernel extensions that misbehave can also dramatically decrease the system’s overall performance or cause crashes. Some of these issues are described in “Performance and Stability Tips” (page 50). For more thorough coverage of performance and stability, you should also read the chapters “Security Considerations” (page 24) and “Performance Considerations” (page 39). C++ Naming Conventions Basic I/O Kit C++ naming conventions are defined in the document I/O Kit Device Driver Design Guidelines. This section refines those conventions in ways that should make them more useful to you as a programmer. Basic Conventions The primary conventions are as follows: ● Use the Java-style reverse DNS naming convention, substituting underscores for periods. For example, com_apple_foo. ● Avoid the following reserved prefixes: ● OS ● os ● IO ● io 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 45 Kernel Programming Style● Apple ● apple ● AAPL ● aapl This ensures that you will not collide with classes created by other companies or with future classes added to the operating system by Apple. It does not protect you from other projects created within your company, however, and for this reason, some additional guidelines are suggested. Additional Guidelines These additional guidelines are intended to minimize the chance of accidentally breaking your own software and to improve readability of code by developers. ● To avoid namespace collisions, you should prefix the names of classes and families with project names or other reasonably unique prefix codes. For example, if you are working on a video capture driver, and one of its classes is called capture, you will probably encounter a name collision eventually. Instead, you should name the class something like com_mycompany_driver_myproduct_capture. Similarly, names like To maximize readability, you should use macros to rename classes and families at compile time. For example: #define captureClass com_mycompany_driver_myproduct_capture #define captureFamily com_mycompany_iokit_myproduct_capture ● Use prefixes in function and method names to make it easier to see relationships between them. For example, Apple uses NS, CF, IO, and other prefixesto indicate that functions belong to specific frameworks. This might be as simple as prefixing a function with the name of the enclosing or related class, or it might be some other scheme that makes sense for your project. These are only suggested guidelines. Your company or organization should adopt its own set of guidelines within the constraints of the basic conventions described in the previous section. These guidelines should provide a good starting point. Kernel Programming Style C++ Naming Conventions 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 46Standard C Naming Conventions The naming conventionsfor C++ have been defined forsome time in the document I/O Kit Device Driver Design Guidelines. However, no conventions have been given for standard C code. Because standard C has an even greater chance of namespace collision than C++, it is essential that you follow these guidelines when writing C code for use in the kernel. Because C does not have the benefit of classes, it is much easier to run into a naming conflict between two functions. For this reason, the following conventions are suggested: ● Declare all functions and (global) variables static where possible to prevent them from being seen in the global namespace. If you need to share these across files within your KEXT, you can achieve a similar effect by declaring them __private_extern__. ● Each function name should use Java-style reverse DNS naming. For example, if your company is apple.com, you should begin each function with com_apple_. ● Follow the reverse DNS name with the name of your project. For example, if you work at Apple and were working on project Schlassen, you would start each function name (in drivers) with com_apple_driver_schlassen_. Note: The term driver is reserved for actual device drivers. For families, you should instead use iokit. For example, if project Schlassen is an I/O Kit family, function namesshould all begin with com_apple_iokit_schlassen_. ● Use hierarchical names if you anticipate multiple projects with similar names coming from different parts of your company or organization. ● Use macro expansion to save typing, for example PROJECT_eat could expand to com_apple_driver_schlassen_pickle_eat. ● If you anticipate that the last part of a function name may be the same as the last part of another function name (for example, PROJECT1_eat and PROJECT2_eat), you should change the namesto avoid confusion (for example, PROJECT1_eatpickle and PROJECT2_eatburger). ● Avoid the following reserved prefixes: ● OS ● os ● IO ● io ● Apple ● apple Kernel Programming Style Standard C Naming Conventions 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 47● AAPL ● aapl ● Avoid conflicting with any names already in the kernel, and do not use prefixes similar to those of existing kernel functions that you may be working with. ● Never begin a function name with an underscore (_). ● Under no circumstances should you use common names for your functions without prefixing them with the name of your project in some form. These are some examples of unacceptable names: ● getuseridentity ● get_user_info ● print ● find ● search ● sort ● quicksort ● merge ● console_log In short, picking any name that you would normally pick for a function is generally a bad idea, because every other developer writing code is likely to pick the same name for his or her function. Occasional conflicts are a fact of life. However, by following these few simple rules, you should be able to avoid the majority of common namespace pitfalls. Commonly Used Functions One of the most common problems faced when programming in the kernel is use of “standard” functions—things like printf or bcopy. Many commonly used standard C library functions are implemented in the kernel. In order to use them, however, you need to include the appropriate prototypes, which may be different from the user space prototypes for those functions, and which generally have different names when included from kernel code. In general, any non–I/O Kit header that you can safely include in the kernel is located in xnu/bsd/sys or xnu/osfmk/mach, although there are a few specialized headers in other places like libkern and libsa. Normal headers (those in /usr/include) cannot be used in the kernel. Kernel Programming Style Commonly Used Functions 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 48Important: If you are writing an I/O Kit KEXT, most of these functions are not what you are looking for. The I/O Kit providesits own APIsfor these features, including IOLog, IOMemoryDescriptor, and IOLock. While using the lower-level functionality is not expressly forbidden, it is generally discouraged (though printf is always fine). For more information about APIs available to I/O Kit KEXTs, see Kernel Framework Reference . Table 7-1 (page 49) lists some commonly used C functions, variables, and types, and gives the location of their prototypes. Table 7-1 Commonly used C functions Function name Header path printf Buffer cache functions (bread, bwrite, and brelse) Directory entries Error numbers Kernel special variables Spinlocks malloc Queues Random number generator bzero, bcopy, copyin, and copyout timeout and untimeout Various time functions Standard type declarations User credentials OS and system information If the standard C function you are trying to use is not in one of these files, chances are the function is not supported for use within the kernel, and you need to implement your code in another way. Kernel Programming Style Commonly Used Functions 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 49The symbols in these header files are divided among multiple symbol sets, depending on the technology area where they were designed to be used. To use these, you may have to declare dependencies on any of the following: ● com.apple.kernel—You should generally avoid this. ● com.apple.kernel.bsd—BSD portions of the kernel. ● com.apple.kernel.iokit—The I/O Kit. ● com.apple.kernel.libkern—General-purpose functions. ● com.apple.kernel.mach—Mach-specific APIs. ● com.apple.kpi.bsd—BSD portions of the kernel (v10.4 and later). ● com.apple.kernel.iokit—The I/O Kit (v10.4 and later). ● com.apple.kernel.libkern—General-purpose functions (v10.4 and later). ● com.apple.kernel.mach—Mach-specific APIs (v10.4 and later). ● com.apple.kpi.unsupported—Unsupported legacy functionality (v10.4 and later). Where possible, you should specify a dependency on the KPI version of these symbols. However, these symbols are only available in v10.4 and later. For the I/O Kit and libkern, this should make little difference. For other areas, such as network kernel extensions or file system KEXTs, you must use the KPI versions if you want your extension to load in OS X v10.4 and later. For a complete list of symbols in any of these dependencies, run nm on the binaries in /System/Library/Extensions/System.kext/PlugIns. Performance and Stability Tips This section includes some basic tips on performance and stability. You should read the sections on security and performance for additional information. These tips cover only style issues, not general performance or stability issues. Performance and Stability Tips Programming in the kernel is subject to a number of restrictions that do not exist in application programming. The first and most important is the stack size. The kernel has a limited amount of space allocated for thread stacks, which can cause problems if you aren’t aware of the limitation. This means the following: ● Recursion must be bounded (to no more than a few levels). ● Recursion should be rewritten as iterative routines where possible. Kernel Programming Style Performance and Stability Tips 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 50● Large stack variables(function local) are dangerous. Do not use them. This also appliesto large local arrays. ● Dynamically allocated variables are preferred (using malloc or equivalent) over local variables for objects more than a few bytes in size. ● Functions should have as few arguments as possible. ● Pass pointers to structures, not the broken out elements. ● Don’t use arguments to avoid using global or class variables. ● Do name global variables in a way that protects you from collision. ● C++ functions should be declared static. ● Functions not obeying these rules can cause a kernel panic, or in extreme cases, do not even compile. In addition to issues of stack size, you should also avoid doing anything that would generate unnecessary load such as polling a device or address. A good example is the use of mutexes rather than spinlocks. You should also structure your locks in such a way to minimize contention and to minimize hold times on the most highly contended locks. Also, since unused memory (and particularly wired memory) can cause performance degradation, you should be careful to deallocate memory when it is no longer in use, and you should never allocate large regions of wired memory. This may be unavoidable in some applications, but should be avoided whenever possible and disposed of at the earliest possible opportunity. Allocating large contiguous blocks of memory at boot time is almost never acceptable, because it cannot be released. There are a number of issues that you should consider when deciding whether to use floating point math or AltiVec vector math in the kernel. First, the kernel takes a speed penalty whenever floating-point math or AltiVec instructions are used in a system call context (or other similar mechanisms where a user thread executes in a kernel context), as floating-point and AltiVec registers are only maintained when they are in use. Note: In cases where altivec or floating point has already been used in user space in the calling thread, there is no additional penalty for using them in the kernel. Thus, for things like audio drivers, the above does not apply. In general, you should avoid doing using floating-point math or AltiVec instructions in the kernel unless doing so will result in a significant speedup. It is not forbidden, but is strongly discouraged. Second, AltiVec was not supported in the kernel prior to OS X v10.3. It was not possible to detect this support from within the kernel until a later 10.3 software update. If you must deploy your KEXT on earlier versions of OS X, you must either provide a non-AltiVec version of your code or perform the AltiVec instructions in user space. Kernel Programming Style Performance and Stability Tips 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 51Finally, AltiVec data stream instructions (dst, dstt, dstst, dss, and dssall) are not supported in the kernel, even for processors that support them in user space. Do not attempt to use them. If you decide to use AltiVec in the kernel, your code can determine whether the CPU supports AltiVec using the sysctlbyname call to get the hw.optional.altivec property. For more information, see “The sysctlbyname System Call” (page 123). Stability Tips ● Don’tsleep while holding resources(locks, for example). While thisis not forbidden, it isstrongly discouraged to avoid deadlock. ● Be careful to allocate and free memory with matching calls. For example, do not use allocation routines from the I/O Kit and deallocation routines from BSD. Likewise, do not use IOMallocContiguous with IOFreePageable. ● Use reference counts to avoid freeing memory that is still in use elsewhere. Be sure to deallocate memory when its reference count reaches zero, but not before. ● Lock objects before operating on them, even to change reference counts. ● Never dereference pointers without verifying that they are not NULL. In particular, never do this: int foo = *argptr; unless you have already verified that argptr cannot possibly be NULL. ● Test code in sections and try to think up likely edge cases for calculations. ● Never assume that your code will be run only on big endian processors. ● Never assume that the size of an instance of a type will never change. Always use sizeof if you need this information. ● Never assume that a pointer will always be the same size as an int or long. Style Summary Kernel programming style is very much a matter of personal preference, and it is not practical to programmatically enforce the guidelines in this chapter. However, we strongly encourage you to follow these guidelines to the maximum extent possible. These guidelines were created based on frequent problems reported by developers writing code in the kernel. No one can force you to use good style in your programming, but if you do not, you do so at your own peril. Kernel Programming Style Style Summary 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 52The fundamental services and primitives of the OS X kernel are based on Mach 3.0. Apple has modified and extended Mach to better meet OS X functional and performance goals. Mach 3.0 was originally conceived as a simple, extensible, communications microkernel. It is capable of running as a stand–alone kernel, with other traditional operating-system servicessuch asI/O, file systems, and networking stacks running as user-mode servers. However, in OS X, Mach is linked with other kernel components into a single kernel address space. This is primarily for performance; it is much faster to make a direct call between linked components than it is to send messages or do remote procedure calls (RPC) between separate tasks. This modular structure results in a more robust and extensible system than a monolithic kernel would allow, without the performance penalty of a pure microkernel. Thusin OS X, Mach is not primarily a communication hub between clients and servers. Instead, its value consists of its abstractions, its extensibility, and its flexibility. In particular, Mach provides ● object-based APIs with communication channels (for example, ports) as object references ● highly parallel execution, including preemptively scheduled threads and support for SMP ● a flexible scheduling framework, with support for real-time usage ● a complete set of IPC primitives, including messaging, RPC, synchronization, and notification ● support for large virtual addressspaces,shared memory regions, and memory objects backed by persistent store ● proven extensibility and portability, for example across instruction set architectures and in distributed environments ● security and resource management as a fundamental principle of design; all resources are virtualized Mach Kernel Abstractions Mach provides a small set of abstractions that have been designed to be both simple and powerful. These are the main kernel abstractions: ● Tasks. The units of resource ownership; each task consists of a virtual addressspace, a portright namespace, and one or more threads. (Similar to a process.) 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 53 Mach Overview● Threads. The units of CPU execution within a task. ● Address space. In conjunction with memory managers, Mach implements the notion of a sparse virtual address space and shared memory. ● Memory objects. The internal units of memory management. Memory objectsinclude named entries and regions; they are representations of potentially persistent data that may be mapped into address spaces. ● Ports. Secure, simplex communication channels, accessible only via send and receive capabilities (known as port rights). ● IPC. Message queues, remote procedure calls, notifications, semaphores, and lock sets. ● Time. Clocks, timers, and waiting. At the trap level, the interface to most Mach abstractions consists of messages sent to and from kernel ports representing those objects. The trap-level interfaces (such as mach_msg_overwrite_trap) and message formats are themselves abstracted in normal usage by the Mach Interface Generator (MIG). MIG is used to compile procedural interfaces to the message-based APIs, based on descriptions of those APIs. Tasks and Threads OS X processes and POSIX threads (pthreads) are implemented on top of Mach tasks and threads, respectively. A thread is a point of control flow in a task. A task exists to provide resources for the threads it contains. This split is made to provide for parallelism and resource sharing. A thread ● is a point of control flow in a task. ● has access to all of the elements of the containing task. ● executes (potentially) in parallel with other threads, even threads within the same task. ● has minimal state information for low overhead. A task ● is a collection ofsystem resources. These resources, with the exception of the addressspace, are referenced by ports. These resources may be shared with other tasks if rights to the ports are so distributed. ● provides a large, potentially sparse address space, referenced by virtual address. Portions of this space may be shared through inheritance or external memory management. ● contains some number of threads. Mach Overview Tasks and Threads 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 54Note that a task has no life of its own—only threads execute instructions. When it is said that “task Y does X,” what is really meant is that “a thread contained within task Y does X.” A task is a fairly expensive entity. It exists to be a collection of resources. All of the threads in a task share everything. Two tasks share nothing without an explicit action (although the action is often simple) and some resources (such as port receive rights) cannot be shared between two tasks at all. A thread is a fairly lightweight entity. It is fairly cheap to create and has low overhead to operate. This is true because a thread has little state information (mostly its register state). Its owning task bears the burden of resource management. On a multiprocessor computer, it is possible for multiple threads in a task to execute in parallel. Even when parallelism is not the goal, multiple threads have an advantage in that each thread can use a synchronous programming style, instead of attempting asynchronous programming with a single thread attempting to provide multiple services. A thread is the basic computational entity. A thread belongs to one and only one task that defines its virtual address space. To affect the structure of the address space or to reference any resource other than the address space, the thread must execute a special trap instruction that causesthe kernel to perform operations on behalf of the thread or to send a message to some agent on behalf of the thread. In general, these traps manipulate resources associated with the task containing the thread. Requests can be made of the kernel to manipulate these entities: to create them, delete them, and affect their state. Mach provides a flexible framework for thread–scheduling policies. Early versions of OS X support both time-sharing and fixed-priority policies. A time-sharing thread’s priority is raised and lowered to balance its resource consumption against other time-sharing threads. Fixed-priority threads execute for a certain quantum of time, and then are put at the end of the queue of threads of equal priority. Setting a fixed priority thread’s quantum level to infinity allows the thread to run until it blocks, or until it is preempted by a thread of higher priority. High priority real-time threads are usually fixed priority. OS X also provides time constraint scheduling for real-time performance. This scheduling allows you to specify that your thread must get a certain time quantum within a certain period of time. Mach scheduling is described further in “Mach Scheduling and Thread Interfaces” (page 77). Ports, Port Rights, Port Sets, and Port Namespaces With the exception of the task’s virtual address space, all other Mach resources are accessed through a level of indirection known as a port. A port is an endpoint of a unidirectional communication channel between a client who requests a service and a server who providesthe service. If a reply isto be provided to such a service request, a second port must be used. This is comparable to a (unidirectional) pipe in UNIX parlance. Mach Overview Ports, Port Rights, Port Sets, and Port Namespaces 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 55In most cases, the resource that is accessed by the port (that is, named by it) is referred to as an object. Most objects named by a port have a single receiver and (potentially) multiple senders. That is, there is exactly one receive port, and at least one sending port, for a typical object such as a message queue. The service to be provided by an object is determined by the manager that receives the request sent to the object. It follows that the kernel is the receiver for ports associated with kernel-provided objects and that the receiver for ports associated with task-provided objects is the task providing those objects. For ports that name task-provided objects, it is possible to change the receiver of requests for that port to a different task, for example by passing the port to that task in a message. A single task may have multiple ports that refer to resources it supports. For that matter, any given entity can have multiple ports that represent it, each implying different sets of permissible operations. For example, many objects have a name port and a control port (sometimes called the privileged port). Access to the control port allows the object to be manipulated; access to the name port simply names the object so that you can obtain information about it or perform other non-privileged operations against it. Tasks have permissions to access ports in certain ways (send, receive, send-once); these are called port rights. A port can be accessed only via a right. Ports are often used to grant clients access to objects within Mach. Having the right to send to the object’sIPC port denotesthe right to manipulate the object in prescribed ways. As such, port right ownership is the fundamental security mechanism within Mach. Having a right to an object is to have a capability to access or manipulate that object. Port rights can be copied and moved between tasks via IPC. Doing so, in effect, passes capabilities to some object or server. One type of object referred to by a port is a port set. As the name suggests, a port set is a set of port rights that can be treated as a single unit when receiving a message or event from any of the members of the set. Port sets permit one thread to wait on a number of message and event sources, for example in work loops. Traditionally in Mach, the communication channel denoted by a port was always a queue of messages. However, OS X supports additional types of communication channels, and these new types of IPC object are also represented by ports and port rights. See the section “Interprocess Communication (IPC)” (page 58), for more details about messages and other IPC types. Ports and port rights do not have systemwide names that allow arbitrary ports or rights to be manipulated directly. Ports can be manipulated by a task only if the task has a port right in its port namespace. A port right is specified by a port name, an integer index into a 32-bit port namespace. Each task has associated with it a single port namespace. Tasks acquire port rights when another task explicitly insertsthem into its namespace, when they receive rights in messages, by creating objects that return a right to the object, and via Mach calls for certain special ports (mach_thread_self, mach_task_self, and mach_reply_port.) Mach Overview Ports, Port Rights, Port Sets, and Port Namespaces 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 56Memory Management As with most modern operating systems, Mach provides addressing to large, sparse, virtual address spaces. Runtime access is made via virtual addresses that may not correspond to locations in physical memory at the initial time of the attempted access. Mach is responsible for taking a requested virtual address and assigning it a corresponding location in physical memory. It does so through demand paging. A range of a virtual address space is populated with data when a memory object is mapped into that range. All data in an addressspace is ultimately provided through memory objects. Mach asksthe owner of a memory object (a pager) for the contents of a page when establishing it in physical memory and returns the possibly modified data to the pager before reclaiming the page. OS X includes two built-in pagers—the default pager and the vnode pager. The default pager handles nonpersistent memory, known as anonymous memory. Anonymous memory is zero-initialized, and it exists only during the life of a task. The vnode pager maps files into memory objects. Mach exports an interface to memory objects to allow their contents to be contributed by user-mode tasks. This interface is known as the External Memory Management Interface, or EMMI. The memory management subsystem exports virtual memory handles known as named entries or named memory entries. Like most kernel resources, these are denoted by ports. Having a named memory entry handle allows the owner to map the underlying virtual memory object or to pass the right to map the underlying object to others. Mapping a named entry in two different tasks results in a shared memory window between the two tasks, thus providing a flexible method for establishing shared memory. Beginning in OS X v10.1, the EMMI system was enhanced to support “portless” EMMI. In traditional EMMI, two Mach ports were created for each memory region, and likewise two ports for each cached vnode. Portless EMMI, in its initial implementation, replaces this with direct memory references (basically pointers). In a future release, ports will be used for communication with pagers outside the kernel, while using direct references for communication with pagers that reside in kernel space. The net result of these changes is that early versions of portless EMMI do not support pagers running outside of kernel space. This support is expected to be reinstated in a future release. Addressranges of virtual memory space may also be populated through direct allocation (using vm_allocate). The underlying virtual memory object is anonymous and backed by the default pager. Shared ranges of an address space may also be set up via inheritance. When new tasks are created, they are cloned from a parent. This cloning pertains to the underlying memory address space as well. Mapped portions of objects may be inherited as a copy, or asshared, or not at all, based on attributes associated with the mappings. Mach practices a form of delayed copy known as copy-on-write to optimize the performance of inherited copies on task creation. Mach Overview Memory Management 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 57Rather than directly copying the range, a copy-on-write optimization is accomplished by protected sharing. The two tasks share the memory to be copied, but with read-only access. When either task attempts to modify a portion of the range, that portion is copied at that time. Thislazy evaluation of memory copiesis an important optimization that permits simplifications in several areas, notably the messaging APIs. One other form of sharing is provided by Mach, through the export of named regions. A named region is a form of a named entry, but instead of being backed by a virtual memory object, it is backed by a virtual map fragment. This fragment may hold mappings to numerous virtual memory objects. It is mappable into other virtual maps, providing a way of inheriting not only a group of virtual memory objects but also their existing mapping relationships. This feature offers significant optimization in task setup, for example when sharing a complex region of the address space used for shared libraries. Interprocess Communication (IPC) Communication between tasksis an important element of the Mach philosophy. Mach supports a client/server system structure in which tasks(clients) accessservices by making requests of other tasks(servers) via messages sent over a communication channel. The endpoints of these communication channels in Mach are called ports, while port rights denote permission to use the channel. The forms of IPC provided by Mach include ● message queues ● semaphores ● notifications ● lock sets ● remote procedure calls (RPCs) The type of IPC object denoted by the port determines the operations permissible on that port, and how (and whether) data transfer occurs. Important: The IPC facilities in OS X are in a state of transition. In early versions of the system, not all of these IPC types may be implemented. There are two fundamentally different Mach APIs for raw manipulation of ports—the mach_ipc family and the mach_msg family. Within reason, both families may be used with any IPC object; however, the mach_ipc calls are preferred in new code. The mach_ipc calls maintain state information where appropriate in order to support the notion of a transaction. The mach_msg calls are supported for legacy code but deprecated; they are stateless. Mach Overview Interprocess Communication (IPC) 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 58IPC Transactions and Event Dispatching When a thread calls mach_ipc_dispatch, it repeatedly processes events coming in on the registered port set. These events could be an argument block from an RPC object (as the results of a client’s call), a lock object being taken (as a result of some other thread’s releasing the lock), a notification or semaphore being posted, or a message coming in from a traditional message queue. These events are handled via callouts from mach_msg_dispatch. Some events imply a transaction during the lifetime of the callout. In the case of a lock, the state is the ownership of the lock. When the callout returns, the lock is released. In the case of remote procedure calls, the state is the client’s identity, the argument block, and the reply port. When the callout returns, the reply is sent. When the callout returns, the transaction (if any) is completed, and the thread waits for the next event. The mach_ipc_dispatch facility is intended to support work loops. Message Queues Originally, the sole style of interprocess communication in Mach was the message queue. Only one task can hold the receive right for a port denoting a message queue. This one task is allowed to receive (read) messages from the port queue. Multiple tasks can hold rights to the port that allow them to send (write) messages into the queue. A task communicates with another task by building a data structure that contains a set of data elements and then performing a message-send operation on a port for which it holds send rights. At some later time, the task with receive rights to that port will perform a message-receive operation. A message may consist of some or all of the following: ● pure data ● copies of memory ranges ● port rights ● kernel implicit attributes, such as the sender’s security token The message transfer is an asynchronous operation. The message is logically copied into the receiving task, possibly with copy-on-write optimizations. Multiple threads within the receiving task can be attempting to receive messages from a given port, but only one thread can receive any given message. Semaphores Semaphore IPC objects support wait, post, and post all operations. These are counting semaphores, in that posts are saved (counted) if there are no threads currently waiting in that semaphore’s wait queue. A post all operation wakes up all currently waiting threads. Mach Overview Interprocess Communication (IPC) 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 59Notifications Like semaphores, notification objects also support post and wait operations, but with the addition of a state field. The state is a fixed-size, fixed-format field that is defined when the notification object is created. Each post updates the state field; there is a single state that is overwritten by each post. Locks A lock is an object that provides mutually exclusive access to a critical section. The primary interfaces to locks are transaction oriented (see “IPC Transactions and Event Dispatching” (page 59)). During the transaction, the thread holds the lock. When it returns from the transaction, the lock is released. Remote Procedure Call (RPC) Objects As the name implies, an RPC object is designed to facilitate and optimize remote procedure calls. The primary interfaces to RPC objects are transaction oriented (see “IPC Transactions and Event Dispatching” (page 59)) When an RPC object is created, a set of argument block formats is defined. When an RPC (a send on the object) is made by a client, it causes a message in one of the predefined formats to be created and queued on the object, then eventually passed to the server (the receiver). When the server returns from the transaction, the reply isreturned to the sender. Mach triesto optimize the transaction by executing the server using the client’s resources; this is called thread migration. Time Management The traditional abstraction of time in Mach is the clock, which provides a set of asynchronous alarm services based on mach_timespec_t. There are one or more clock objects, each defining a monotonically increasing time value expressed in nanoseconds. The real-time clock is built in, and is the most important, but there may be other clocksfor other notions of time in the system. Clockssupport operationsto get the current time,sleep for a given period, set an alarm (a notification that is sent at a given time), and so forth. The mach_timespec_t API is deprecated in OS X. The newer and preferred API is based on timer objects that in turn use AbsoluteTime as the basic data type. AbsoluteTime is a machine-dependent type, typically based on the platform-native time base. Routines are provided to convert AbsoluteTime values to and from other data types,such as nanoseconds. Timer objectssupport asynchronous, drift-free notification, cancellation, and premature alarms. They are more efficient and permit higher resolution than clocks. Mach Overview Time Management 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 60This chapter describes allocating memory and the low-level routinesfor modifying memory mapsin the kernel. It also describes a number of commonly used interfaces to the virtual memory system. It does not describe how to make changes in paging policy or add additional pagers. OS X does not support external pagers, although much of the functionality can be achieved in other ways, some of which are covered at a high level in this chapter. The implementation details of these interfaces are subject to change, however, and are thus left undocumented. With the exception of the section “Allocating Memory in the Kernel” (page 73), this chapter is of interest only if you are writing file systems or are modifying the virtual memory system itself. OS X VM Overview The VM system used in OS X is a descendent of Mach VM, which was created at Carnegie Mellon University in the 1980s. To a large extent, the fundamental design is the same, although some of the details are different, particularly when enhancing the VM system. It does, however, support the ability to request certain paging behavior through the use of universal page lists (UPLs). See “Universal Page Lists (UPLs)” (page 65) for more information. The design of Mach VM centers around the concept of physical memory being a cache for virtual memory. At its highest level, Mach VM consists of address spaces and ways to manipulate the contents of those address spaces from outside the space. These address spaces are sparse and have a notion of protections to limit what tasks can access their contents. At a lower level, the object level, virtual memory is seen as a collection of VM objects and memory objects, each with a particular owner and protections. These objects can be modified with object callsthat are available both to the task and (via the back end of the VM) to the pagers. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 61 Memory and Virtual MemoryNote: While memory objects and VM objects are closely related, the terms are not equivalent and should not be confused. .A VM object can be backed by one or more memory objects, which are, in turn, managed by a pager. A VM object may also be partially backed by other VM objects, as occurs in the case of shadow chains (described later in this section). The VM object is internal to the virtual memory system, and includes basic information about accessing the memory. The memory object, by contrast, is provided by the pager. The contents of the memory associated with that memory object can be retrieved from disk or some other backing store by exchanging messages with the memory object. Implicitly, each VM object is associated with a given pager through its memory object. VM objects are cached with system pages (RAM), which can be any power of two multiple of the hardware page size. In the OS X kernel,system pages are the same size as hardware pages. Each system page isrepresented in a given address space by a map entry. Each map entry has its own protection and inheritance. A given map entry can have an inheritance of shared, copy, or none. If a page is marked shared in a given map, child tasks share this page for reading and writing. If a page is marked copy, child tasks get a copy of this page (using copy-on-write). If a page is marked none, the child’s page is left unallocated. VM objects are managed by the machine-independent VM system, with the underlying virtual to physical mappings handled by the machine-dependent pmap system. The pmap system actually handles page tables, translation lookaside buffers, segments, and so on, depending on the design of the underlying hardware. When a VM object is duplicated (for example, the data pages from a process that has just called fork), a shadow object is created. A shadow object isinitially empty, and contains a reference to another object. When the contents of a page are modified, the page is copied from the parent object into the shadow object and then modified. When reading data from a page, if that page exists in the shadow object, the page listed in the shadow object is used. If the shadow object has no copy of that page, the original object is consulted. A series of shadow objects pointing to shadow objects or original objects is known as a shadow chain. Shadow chains can become arbitrarily long if an object is heavily reused in a copy-on-write fashion. However, since fork is frequently followed by exec, which replaces all of the material being shadowed, long chains are rare. Further, Mach automatically garbage collectsshadow objects, removing any intermediate shadow objects whose pages are no longer referenced by any (nondefunct) shadow object. It is even possible for the original object to be released if it no longer contains pages that are relevant to the chain. The VM calls available to an application include vm_map and vm_allocate, which can be used to map file data or anonymous memory into the address space. This is possible only because the address space is initially sparse. In general, an application can either map a file into its address space (through file mapping primitives, abstracted by BSD) or it can map an object (after being passed a handle to that object). In addition, a task can change the protections of the objects in its address space and can share those objects with other tasks. Memory and Virtual Memory OS X VM Overview 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 62In addition to the mapping and allocation aspects of virtual memory, the VM system contains a number of other subsystems. These include the back end (pagers) and the shared memory subsystem. There are also other subsystems closely tied to VM, including the VM shared memory server. These are described in “Other VM and VM-Related Subsystems” (page 68). Memory Maps Explained Each Mach task has its own memory map. In Mach, this memory map takes the form of an ordered doubly linked list. As described in “OS X VM Overview” (page 61), each of these objects contains a list of pages and shadow references to other objects. In general, you should never need to access a memory map directly unless you are modifying something deep within the VM system. The vm_map_entry structure contains task-specific information about an individual mapping along with a reference to the backing object. In essence, it is the glue between an VM object and a VM map. While the details of this data structure are beyond the scope of this document, a few fields are of particular importance. The field is_submap is a Boolean value that tells whether this map entry is a normal VM object or a submap. A submap is a collection of mappings that is part of a larger map. Submaps are often used to group mappings together for the purpose ofsharing them among multiple Mach tasks, but they may be used for many purposes. What makes a submap particularly powerful is that when several tasks have mapped a submap into their address space, they can see each other’s changes, not only to the contents of the objects in the map, but to the objects themselves. This means that as additional objects are added to or deleted from the submap, they appear in or disappear from the address spaces of all tasks that share that submap. The field behavior controls the paging reference behavior of a specified range in a given map. This value changes how pageins are clustered. Possible values are VM_BEHAVIOR_DEFAULT, VM_BEHAVIOR_RANDOM, VM_BEHAVIOR_SEQUENTIAL, and VM_BEHAVIOR_RSEQNTL, for default,random,sequential, orreverse-sequential pagein ordering. The protection and max_protection fields control the permissions on the object. The protection field indicates what rights the task currently has for the object, while the max_protection field contains the maximum access that the current task can obtain for the object. You might use the protection field when debugging shared memory. By setting the protection to be read-only, any inadvertent writes to the shared memory would cause an exception. However, when the task actually needsto write to thatshared region, it could increase its permissionsin the protection field to allow writes. Memory and Virtual Memory Memory Maps Explained 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 63It would be a security hole if a task could increase its own permissions on a memory object arbitrarily, however. In order to preserve a reasonable security model, the task that owns a memory object must be able to limit the rights granted to a subordinate task. For this reason, a task is not allowed to increase its protection beyond the permissions granted in max_protection. Possible valuesfor protection and max_protection are described in detail in xnu/osfmk/mach/vm_prot.h. Finally, the use_pmap field indicates whether a submap’s low-level mappings should be shared among all tasksinto which the submap is mapped. If the mappings are notshared, then the structure of the map isshared among all tasks, but the actual contents of the pages are not. For example,shared libraries are handled with two submaps. The read-only shared code section has use_pmap set to true. The read-write (nonshared) section has use_pmap set to false, forcing a clean copy of the library’s DATA segment to be mapped in from disk for each new task. Named Entries The OS X VM system provides an abstraction known as a named entry. A named entry is nothing more than a handle to a shared object or a submap. Shared memory support in OS X is achieved by sharing objects between the memory maps of various tasks. Shared memory objects must be created from existing VM objects by calling vm_allocate to allocate memory in your address space and then calling mach_make_memory_entry_64 to get a handle to the underlying VM object. The handle returned by mach_make_memory_entry_64 can be passed to vm_map to map that object into a given task’s address space. The handle can also be passed via IPC or other means to other tasks so that they can map it into their address spaces. This provides the ability to share objects with tasks that are not in your direct lineage, and also allows you to share additional memory with tasks in your direct lineage after those tasks are created. The other form of named entry, the submap, is used to group a set of mappings. The most common use of a submap is to share mappings among multiple Mach tasks. A submap can be created with vm_region_object_create. What makes a submap particularly powerful is that when several tasks have mapped a submap into their address space, they can see each other’s changes to both the data and the structure of the map. This means that one task can map or unmap a VM object in another task’s addressspace simply by mapping or unmapping that object in the submap. Memory and Virtual Memory Named Entries 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 64Universal Page Lists (UPLs) A universal page list, or UPL, is a data structure used when communicating with the virtual memory system. UPLs can be used to change the behavior of pages with respect to caching, permissions, mapping, and so on. UPLs can also be used to push data into and pull data from VM objects. The term is also often used to refer to the family of routines that operate on UPLs. The flags used when dealing with UPLs are described in osfmk/mach/memory_object_types.h. The life cycle of a UPL looks like this: 1. A UPL is created based on the contents of a VM object. This UPL includes information about the pages within that object. 2. That UPL is modified in some way. 3. The changes to the UPL are either committed (pushed back to the VM system) or aborted, with ubc_upl_commit or ubc_upl_abort, respectively. If you have a control handle for a given VM object (which generally means that you are inside a pager), you can use vm_object_upl_request to get a UPL for that object. Otherwise, you must use the vm_map_get_upl call. In either case, you are left with a handle to the UPL. When a pagein is requested, the pager receives a list of pages that are locked against the object, with certain pages set to not valid. The pager must either write data into those pages or must abort the transaction to prevent invalid data in the kernel. Similarly in pageout, the kernel must write the data to a backing store or abort the transaction to prevent data loss. The pager may also elect to bring additional pages into memory or throw additional pages out of memory at its discretion. Because pagers can be used both for virtual memory and for memory mapping of file data, when a pageout is requested, the data may need to be freed from memory, or it may be desirable to keep it there and simply flush the changes to disk. For this reason, the flag UPL_CLEAN_IN_PLACE exists to allow a page to be flushed to disk but not removed from memory. When a pager decides to page in or out additional pages, it must determine which pages to move. A pager can request all of the dirty pages by setting the RETURN_ONLY_DIRTY flag. It can also request all pages that are not in memory using the RETURN_ONLY_ABSENT flag. There is a slight problem, however. If a given page is marked as BUSY in the UPL, a request for information on that page would normally block. If the pager is doing prefetching or preflushing, this is not desirable, since it might be blocking on itself or on some other pager that is blocked waiting for the current transaction to complete. To avoid such deadlock, the UPL mechanism provides the UPL_NOBLOCK flag. This is frequently used in the anonymous pager for requesting free memory. Memory and Virtual Memory Universal Page Lists (UPLs) 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 65The flag QUERY_OBJECT_TYPE can be used to determine if an object is physically contiguous and to get other properties of the underlying object. The flag UPL_PRECIOUS means that there should be only one copy of the data. This prevents having a copy both in memory and in the backing store. However, this breaks the adjacency of adjacent pages in the backing store, and is thus generally not used to avoid a performance hit. The flag SET_INTERNAL is used by the BSD subsystem to cause all information about a UPL to be contained in a single memory object so that it can be passed around more easily. It can only be used if your code is running in the kernel’s address space. Since this handle can be used for multiple small transactions (for example, when mapping a file into memory block-by-block), the UPL API includes functions for committing and aborting changes to only a portion of the UPL. These functions are upl_commit_range and upl_abort_range, respectively. To aid in the use of UPLsfor handling multi-part transactions, the upl_commit_range and upl_abort_range calls have a flag that causes the UPL to be freed when there are no unmodified pages in the UPL. If you use this flag, you must be very careful not to use the UPL after all ranges have been committed or aborted. Finally, the function vm_map_get_upl is frequently used in file systems. It gets the underlying VM object associated with a given range within an address space. Since this returns only the first object in that range, it is your responsibility to determine whether the entire range is covered by the resulting UPL and, if not, to make additional calls to get UPLs for other objects. Note that while the vm_map_get_upl call is against an address space range, most UPL calls are against a vm_object. Using Mach Memory Maps Warning: Thissection describesthe low-level API for dealing with Mach VM maps. These maps cannot be modified in this way from a kernel extension. These functions are not available for use in a KEXT. They are presented strictly for use within the VM system and other parts of Mach. If you are not doing in-kernel development, you should be using the methods described in the chapter “Boundary Crossings” (page 109). From the context of the kernel (not from a KEXT), there are two maps that you will probably need to deal with. The first is the kernel map. Since your code is executing in the kernel’s address space, no additional effort is needed to use memory referenced in the kernel map. However, you may need to add additional mappings into the kernel map and remove them when they are no longer needed. Memory and Virtual Memory Using Mach Memory Maps 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 66The second map of interest is the memory map for a given task. This is of most interest for code that accepts input from user programs, for example a sysctl or a Mach RPC handler. In nearly all cases, convenient wrappers provide the needed functionality, however. Most of these functions are based around the vm_offset_t type, which is a pointer-sized integer. In effect, you can think of them as pointers, with the caveat that they are not necessarily pointers to data in the kernel’s address space, depending on usage. The low-level VM map API includes the following functions: kern_return_t vm_map_copyin(vm_map_t src_map, vm_offset_t src_addr, vm_size_t len, boolean_t src_destroy, vm_map_copy_t *copy_result); kern_return_t vm_map_copyout(vm_map_t map, vm_offset_t *addr, /* Out */ register vm_map_copy_t copy); kern_return_t vm_map_copy_overwrite(vm_map_t dst_map, vm_offset_t dst_address,vm_map_copy_t copy, boolean_t interruptible, pmap_t pmap); void vm_map_copy_discard(vm_map_copy_t copy); void vm_map_wire(vm_map_t map, vm_offset_t start, vm_offset_t end, vm_prot_t access_type, boolean_t user_wire); void vm_map_unwire(vm_map_t map, vm_offset_t start, vm_offset_t end, boolean_t user_wire); The function vm_map_copyin copies data from an arbitrary (potentially non–kernel) memory map into a copy list and returns the copy list pointer in copy_result. If something goes wrong and you need to throw away this intermediate object, it should be freed with vm_map_copy_discard. In order to actually get the data from the copy list, you need to overwrite a memory object in the kernel’s address space with vm_map_copy_overwrite. This overwrites an object with the contents of a copy list. For most purposes, the value passed for interruptible should be FALSE, and pmap should be NULL. Memory and Virtual Memory Using Mach Memory Maps 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 67Copying data from the kernel to user space is exactly the same as copying data from user space, except that you pass kernel_map to vm_map_copyin and pass the user map to vm_map_copy_overwrite. In general, however, you should avoid doing this, since you could end up with a task’s memory being fragmented into lots of tiny objects, which is undesirable. Do not use vm_map_copyout when copying data into an existing user task’s address map. The function vm_map_copyout is used for filling an unused region in an address map. If the region is allocated, then vm_map_copyout does nothing. Because it requires knowledge of the current state of the map, it is primarily used when creating a new address map (for example, if you are manually creating a new process). For most purposes, you do not need to use vm_map_copyout. The functions vm_map_wire and vm_map_unwire can be used to wire and unwire portions of an address map. If you set the argument user_wire to TRUE, then the page can be unwired from user space. This should be set to FALSE if you are about to use the memory for I/O or for some other operation that cannot tolerate paging. In vm_map_wire, the argument access_type indicates the types of accesses that should not be allowed to generate a page fault. In general, however, you should be using vm_wire to wire memory. As mentioned earlier, this information is presented strictly for use in the heart of the kernel. You cannot use anything in this section from a kernel extension. Other VM and VM-Related Subsystems There are two additional VM subsystems: pagers and the working set detection subsystem. In addition, the VM shared memory server subsystem is closely tied to (but is not part of) the VM subsystem. This section describes these three VM and VM-related subsystems. Pagers OS X has three basic pagers: the vnode pager, the default pager (or anonymous pager), and the device pager. These are used by the VM system to actually get data into the VM objects that underlie named entries. Pagers are linked into the VM system through a combination of a subset of the old Mach pager interface and UPLs. The default pager is what most people think of when they think of a VM system. It is responsible for moving normal data into and out of the backing store. In addition, there is a facility known as the dynamic pager that sits on top of the default pager and handles the creation and deletion of backing store files. These pager files are filled with data in clusters (groups of pages). When the total fullness of the paging file pool reaches a high–water mark, the default pager asks the dynamic pager to allocate a new store file. When the pool drops below its low water mark, the VM system selects a pager file, moves its contents into other pager files, and deletes it from disk. Memory and Virtual Memory Other VM and VM-Related Subsystems 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 68The vnode pager has a 1:1 (onto) mapping between objects in VM space and open files (vnodes). It is used for memory mapped file I/O. The vnode pager is generally hidden behind calls to BSD file APIs. The device pager allows you to map non–general-purpose memory with the cache characteristics required for that memory (WIMG). Non–general–purpose memory includes physical addresses that are mapped onto hardware other than main memory—for example, PCI memory, frame buffer memory, and so on. The device pager is generally hidden behind calls to various I/O Kit functions. Working Set Detection Subsystem To improve performance, OS X has a subsystem known asthe working set detection subsystem. Thissubsystem is called on a VM fault; it keeps a profile of the fault behavior of each task from the time of its inception. In addition, just before a page request, the fault code asksthissubsystem which adjacent pagesshould be brought in, and then makes a single large request to the pager. Since files on disk tend to have fairly good locality, and since address space locality is largely preserved in the backing store, this provides a substantial performance boost. Also, since it is based upon the application’s previous behavior, it tends to pull in pages that would probably have otherwise been needed later. This occurs for all pagers. The working set code works well once it is established. However, without help, its performance would be the baseline performance until a profile for a given application has been developed. To overcome this, the first time that an application is launched in a given user context, the initial working set required to start the application is captured and stored in a file. From then on, when the application is started, that file is used to seed the working set. These working set files are established on a per-user basis. They are stored in /var/vm/app_profile and are only accessible by the super-user (and the kernel). VM Shared Memory Server Subsystem The VM shared memory server subsystem is a BSD service that is closely tied to VM, but is not part of VM. This server provides two submaps that are used for shared library support in OS X. Because shared libraries contain both read-only portions (text segment) and read-write portions (data segment), the two portions are treated separately to maximize efficiency. The read-only portions are completely shared between tasks, including the underlying pmap entries. The read-write portions share a common submap, but have different underlying data objects (achieved through copy-on-write). The three functions exported by the VM shared memory server subsystem should only be called by dyld. Do not use them in your programs. Memory and Virtual Memory Other VM and VM-Related Subsystems 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 69The function load_shared_file is used to load a new shared library into the system. Once such a file is loaded, other tasks can then depend on it, so a shared library cannot be unshared. However, a new set of shared regions can be created with new_system_shared_regions so that no new tasks will use old libraries. The function reset_shared_file can be used to reset any changes that your task may have made to its private copy of the data section for a file. Finally, the function new_system_shared_regions can be used to create a new set of shared regions for future tasks. New regions can be used when updating prebinding with new shared libraries to cause new tasks to see the latest libraries at their new locations in memory. (Users of old shared libraries will still work, but they will fall off the pre-bound path and will perform less efficiently.) It can also be used when dealing with private libraries that you want to share only with your task’s descendents. Address Spaces This section explains issues that some developers may see when using their drivers in Panther or later. These changes were necessitated by a combination of hardware and underlying OS changes; however, you may see problems resulting from the changes even on existing hardware. There are three basic areas of change in OS X v10.3. These are: ● IOMemoryDescriptor changes ● VM system (pmap) changes ● Kernel dependency changes These are described in detail in the sections that follow. Background Info on PCI Address Translation To allow existing device drivers to work with upcoming 64-bit system architectures, a number of changes were required. To explain these, a brief introduction to PCI bus bridges is needed. When a PCI device needs to perform a data transaction to or from main memory, the device driver calls a series of functions intended to prepare this memory for I/O. In an architecture where both the device drivers and the memory subsystem use 32-bit addressing, everything just works, so long as the memory doesn't get paged out during the I/O operation. As kernel memory is generally not pageable, the preparation islargely superfluous. On a system whose memory subsystem uses 64-bit addressing, however, this becomes a bit of a problem. Because the hardware devices on the PCI bus can only handle 32-bit addresses, the device can only “see” a 4 gigabyte aperture into the (potentially much larger) main memory at any given time. Memory and Virtual Memory Address Spaces 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 70There are two possible solutionsfor this problem. The easy (butslow)solution would be to use “bounce buffers”. In such a design, device drivers would copy data into memory specifically allocated within the bottom 4 gigs of memory. However, this incurs a performance penalty and also puts additional constraints on the lower 4 gigs of memory, causing numerous problems for the VM system. The other solution, the one chosen in Apple's 64-bit implementation, is to use address translation to “map” blocks of memory into the 32-bit address space of the PCI devices. While the PCI device can still only see a 4 gig aperture, that aperture can then be non-contiguous, and thus bounce buffers and other restrictions are unnecessary. This address translation is done using a part of the memory controller known as DART, which stands for Device Address Resolution Table. This introduces a number of potential problems, however. First, physical addresses as seen by the processor no longer map 1:1 onto the addresses as seen by PCI devices. Thus, a new term, I/O addresses, is introduced to describe this new view. Because I/O addresses and physical addresses are no longer the same, the DART must keep a table of translations to use when mapping between them. Fortunately, if your driver is written according to Apple guidelines (using only documented APIs), this process is handled transparently. Note: This additional addressing mode has an impact when debugging I/O Kit device drivers. For more information, see “When Things Go Wrong: Debugging the Kernel” (page 161). IOMemoryDescriptor Changes When your driver calls IOMemoryDescriptor::prepare, a mapping is automatically injected into the DART. When it calls IOMemoryDescriptor::release , the mapping is removed. If you fail to do this, your driver could experience random data corruption or panics. Because the DART requires different caching for reads and writes, the DMA direction is important on hardware that includes a DART. While you may receive random failuresif the direction is wrong in general (on any system), if you attempt to call WriteBytes on a memory region whose DMA direction is set up for reading, you will cause a kernel panic on 64-bit hardware. If you attempt to perform a DMA transaction to unwired (user) memory, on previous systems, you would only get random crashes, panics, and data corruption. On machines with a DART, you will likely get no data whatsoever. As a side-effect of changes in the memory subsystem, OS X is much more likely to return physically contiguous page ranges in memory regions. Historically, OS X returned multi-page memory regions in reverse order, starting with the last page and moving towards the first page. The result of this was that multi-page memory regions essentially never had a contiguous range of physical pages. Memory and Virtual Memory Address Spaces 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 71Because of the increased probability of seeing physically contiguous blocks of memory in a memory region, this change may expose latent bugs in some drivers that only show up when handling contiguous ranges of physical pages, which could result in incorrect behavior or panics. Note that the problems mentioned above are caused by bugs in the drivers, and could result in problems on older hardware prior to Panther. These issues are more likely to occur in Panther and later versions of OS X, however, because of the new hardware designs and the OS changes that were made to support those designs. VM System and pmap Changes: In Panther, as a result of the changes described in detail in the section on PCI address translation, physical addresses obtained directly from the pmap layer have no useful purpose outside the VM system itself. To prevent their inadvertent use in device drivers, the pmap calls are no longer available from kernel extensions. A few drivers written prior to the addition of the IOMemoryDescriptor class still use pmap calls to get the physical pages associated with a virtual address. Also, a few developers have looked at the IOMemoryDescriptor implementation and chosen to obtain addresses directly from the pmap layer to remove what was perceived as an unnecessary abstraction layer. Even without removing access to the pmap calls, these drivers would not function on systems with a DART (see the PCI section above for info on DARTs). To better emphasize this upcoming failure, Panther will cause these drivers to fail to load with an undefined symbol error (generally for pmap_extract ) even on systems without a DART. Kernel Dependency Changes Beginning in Panther, device drivers that declare a dependency on version 7 (the Panther version) of the I/O Kit will no longer automatically get symbols from Mach and BSD. This change was made to discourage I/O Kit developers from relying on symbols that are not explicitly approved for use in the I/O Kit. Existing drivers are unaffected by this change. This change only affects you if you explicitly modify your device driver to declare a dependency on version 7 of the I/O Kit to take advantage of new I/O Kit features. Summary As described above, some device drivers may require minor modifications to support Panther and higher. Apple has made every effort to ensure compatibility with existing device driversto the greatest extent possible, but a few drivers may break. If your driver breaks, you should first check to see if your driver includes any of the bugs described in the previous sections. If it does not, contact Apple Developer Technical Support for additional debugging suggestions. Memory and Virtual Memory Address Spaces 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 72Allocating Memory in the Kernel As with most things in the OS X kernel, there are a number of ways to allocate memory. The choice of routines depends both on the location of the calling routine and on the reason for allocating memory. In general, you should use Mach routines for allocating memory unless you are writing code for use in the I/O Kit, in which case you should use I/O Kit routines. Allocating Memory From a Non-I/O-Kit Kernel Extension The header defines the following routines for kernel memory allocation: ● OSMalloc—allocates a block of memory. ● OSMalloc_noblock—allocates a block of memory, but immediately returns NULL if the request would block. ● OSMalloc_nowait—same as OSMalloc_noblock. ● OSFree—releases memory allocated with any of the OSMalloc variants. ● OSMalloc_Tagalloc—allows you to create a unique tag for your memory allocations. You must create at least one tag before you can use any of the OSMalloc functions. ● OSMalloc_Tagfree—releases a tag allocated with OSMalloc_Tagalloc. (You must release all allocations associated with that tag before you call this function.) For example, to allocate and free a page of wired memory, you might write code like this: #include #define MYTAGNAME "com.apple.mytag" ... OSMallocTag mytag = OSMalloc_Tagalloc(MYTAGNAME, OSMT_DEFAULT); void *datablock = OSMalloc(PAGE_SIZE_64, mytag); ... OSFree(datablock, PAGE_SIZE_64, mytag); To allocate a page of pageable memory, pass OSMT_PAGEABLE instead of OSMT_DEFAULT in your call to OSMalloc_Tagalloc. Memory and Virtual Memory Allocating Memory in the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 73Allocating Memory From the I/O Kit Although the I/O Kit is generally beyond the scope of this document, the I/O Kit memory management routines are presented here for completeness. In general, I/O Kit routinesshould not be used outside the I/O Kit. Similarly, Mach allocation routines should not be directly used from the I/O Kit because the I/O Kit has abstractions for those routines that fit the I/O Kit development model more closely. The I/O Kit includes the following routines for kernel memory allocation: void *IOMalloc(vm_size_t size); void *IOMallocAligned(vm_size_t size, vm_size_t alignment); void *IOMallocContiguous(vm_size_t size, vm_size_t alignment, IOPhysicalAddress *physicalAddress); void *IOMallocPageable(vm_size_t size, vm_size_t alignment); void IOFree(void *address, vm_size_t size); void IOFreeAligned(void *address, vm_size_t size); void IOFreeContiguous(void *address, vm_size_t size); void IOFreePageable(void *address, vm_size_t size); Most of these routines are relatively transparent wrappers around the Mach allocation functions. There are two major differences, however. First, the caller does not need to know which memory map is being modified. Second, they have a separate free call for each allocation call for internal bookkeeping reasons. The functions IOMallocContiguous and IOMallocAligned differsomewhat fromtheir Mach underpinnings. IOMallocAligned uses calls directly to Mach VM to add support for arbitrary (power of 2) data alignment, rather than aligning based on the size of the object. IOMallocContiguous adds an additional parameter, PhysicalAddress. If this pointer is not NULL, the physical address is returned through this pointer. Using Mach functions, obtaining the physical address requires a separate function call. Memory and Virtual Memory Allocating Memory in the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 74Important: If your KEXT allocates memory that will be shared, you should create a buffer of type IOMemoryDescriptor or IOBufferMemoryDescriptor and specify that the buffer should be sharable. If you are allocating memory in a user application that will be shared with the kernel, you should use valloc or vm_allocate instead of malloc and then call mach_make_memory_entry_64. Allocating Memory In the Kernel Itself In addition to the routines available to kernel extensions, there are a number of other functions you can call to allocate memory when you are modifying the Mach kernel itself. Mach routines provide a relatively straightforward interface for allocating and releasing memory. They are the preferred mechanism for allocating memory outside of the I/O Kit. BSD also offers _MALLOC and _FREE, which may be used in BSD parts of the kernel. These routines do not provide for forced mapping of a given physical address to a virtual address. However, if you need such a mapping, you are probably writing a device driver, in which case you should be using I/O Kit routines instead of Mach routines. Most of these functions are based around the vm_offset_t type, which is a pointer-sized integer. In effect, you can think of them as pointers, with the caveat that they are not necessarily pointers to data in the kernel’s address space, depending on usage. These are some of the commonly used Mach routines for allocating memory: kern_return_t kmem_alloc(vm_map_t map, vm_offset_t *addrp, vm_size_t size); void kmem_free(vm_map_t map, vm_offset_t addr, vm_size_t size); kern_return_t mem_alloc_aligned(vm_map_t map, vm_offset_t *addrp, vm_size_t size); kern_return_t kmem_alloc_wired(vm_map_t map, vm_offset_t *addrp, vm_size_t size); kern_return_t kmem_alloc_pageable(vm_map_t map, vm_offset_t *addrp, vm_size_t size); kern_return_t kmem_alloc_contig(vm_map_t map, vm_offset_t *addrp, vm_size_t size, vm_offset_t mask, int flags); These functions all take a map as the first argument. Unless you need to allocate memory in a different map, you should pass kernel_map for this argument. Memory and Virtual Memory Allocating Memory in the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 75All of the kmem_alloc functions except kmem_alloc_pageable allocate wired memory. The function kmem_alloc_pageable creates the appropriate VM structures but does not back the region with physical memory. This function could be combined with vm_map_copyout when creating a new address map, for example. In practice, it is rarely used. The function kmem_alloc_aligned allocates memory aligned according to the value of the size argument, which must be a power of 2. The function kmem_alloc_wired is synonymous with kmem_alloc and is appropriate for data structures that cannot be paged out. It is not strictly necessary; however, if you explicitly need certain pieces of data to be wired, using kmem_alloc_wired makes it easier to find those portions of your code. The function kmem_alloc_contig attempts to allocate a block of physically contiguous memory. This is not always possible, and requires a full sort of the system free list even for short allocations. After startup, this sort can cause long delays, particularly on systems with lots of RAM. You should generally not use this function. The function kmem_free is used to free an object allocated with one of the kmem_alloc functions. Unlike the standard C free function, kmem_free requires the length of the object. If you are not allocating fixed-size objects (for example, sizeof struct foo), you may have to do some additional bookkeeping, since you must free an entire object, not just a portion of one. Memory and Virtual Memory Allocating Memory in the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 76OS X is based on Mach and BSD. Like Mach and most BSD UNIX systems, it contains an advanced scheduler based on the CMU Mach 3 scheduler. This chapter describes the scheduler from the perspective of both a kernel programmer and an application developer attempting to set scheduling parameters. This chapter begins with the “Overview of Scheduling” (page 77), which describes the basic concepts behind Mach scheduling at a high level, including real-time priority support. The second section, “Using Mach Scheduling From User Applications” (page 79), describes how to access certain key Mach scheduler routines from user applications and from other parts of the kernel outside the scheduler. The third section, “Kernel Thread APIs” (page 85), explains scheduler-related topics including how to create and terminate kernel threads and describes the BSD spl macros and their limited usefulness in OS X. Overview of Scheduling The OS X scheduler is derived from the scheduler used in OSFMK 7.3. In general, much documentation about prior implementations applies to the scheduler in OS X, although you will find numerous differences. The details of those differences are beyond the scope of this overview. Mach scheduling is based on a system of run queues at various priorities that are handled in different ways. The priority levels are divided into four bands according to their characteristics, as described in Table 10-1 (page 77). Table 10-1 Thread priority bands Priority Band Characteristics Normal normal application thread priorities System high priority threads whose priority has been raised above normal threads reserved for threads created inside the kernel that need to run at a higher priority than all user space threads (I/O Kit workloops, for example) Kernel mode only threads whose priority is based on getting a well-defined fraction of total clock cycles, regardless of other activity (in an audio player application, for example). Real-time threads 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 77 Mach Scheduling and Thread InterfacesThreads can migrate between priority levels for a number of reasons, largely as an artifact of the time sharing algorithm used. However, this migration is within a given band. Threads marked as being real-time priority are also special in the eyes of the scheduler. A real-time thread tells the scheduler that it needs to run for A cycles out of the next B cycles. For example, it might need to run for 3000 out of the next 7000 clock cyclesin order to keep up. It also tellsthe scheduler whether those cycles must be contiguous. Using long contiguous quanta is generally frowned upon but is occasionally necessary for specialized real-time applications. The kernel will make every effort to honor the request, but since this is soft real-time, it cannot be guaranteed. In particular, if the real-time thread requests something relatively reasonable, its priority will remain in the real-time band, but if it lies blatantly about its requirements and behaves in a compute-bound fashion, it may be demoted to the priority of a normal thread. Changing a thread’s priority to turn it into a real-time priority thread using Mach calls is described in more detail in “Using Mach Scheduling From User Applications” (page 79). In addition to the raw Mach RPC interfaces, some aspects of a thread’s priority can be controlled from user space using the POSIX thread priority API. The POSIX thread API is able to set thread priority only within the lowest priority band (0–63). For more information on the POSIX thread priority API, see “Using the pthreads API to Influence Scheduling” (page 79). Why Did My Thread Priority Change? There are many reasons that a thread’s priority can change. This section attempts to explain the root cause of these thread priority changes. A real-time thread, as mentioned previously, is penalized (and may even be knocked down to normal thread priority) if it exceeds its time quantum without blocking repeatedly. For this reason, it is very important to make a reasonable guess about your thread’s workload if it needs to run in the real-time band. Threadsthat are heavily compute-bound are given lower priority to help minimize response time for interactive tasksso that high–priority compute–bound threads cannot monopolize the system and prevent lower–priority I/O-bound threads from running. Even at a lower priority, the compute–bound threads still run frequently, since the higher–priority I/O-bound threads do only a short amount of processing, block on I/O again, then allow the compute-bound threads to execute. All of these mechanisms are operating continually in the Mach scheduler. This meansthat threads are frequently moving up or down in priority based upon their behavior and the behavior of other threads in the system. Mach Scheduling and Thread Interfaces Why Did My Thread Priority Change? 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 78Using Mach Scheduling From User Applications There are three basic ways to change how a user thread is scheduled. You can use the BSD pthreads API to change basic policy and importance. You can also use Mach RPC calls to change a task’s importance. Finally, you can use RPC calls to change the scheduling policy to move a thread into a different scheduling band. This is commonly used when interacting with CoreAudio. The pthreads API is a user space API, and has limited relevance for kernel programmers. The Mach thread and task APIs are more general and can be used from anywhere in the kernel. The Mach thread and task calls can also be called from user applications. Using the pthreads API to Influence Scheduling OS X supports a number of policies at the POSIX threads API level. If you need real-time behavior, you must use the Mach thread_policy_set call. This is described in “Using the Mach Thread API to Influence Scheduling” (page 80). The pthreads API adjuststhe priority of threads within a given task. It does not necessarily impact performance relative to threads in other tasks. To increase the priority of a task, you can use nice or renice from the command line or call getpriority and setpriority from your application. The API providestwo functions: pthread_getschedparam and pthread_setschedparam. Their prototypes look like this: pthread_setschedparam(pthread_t thread, int policy, struct sched_param *param); pthread_getschedparam(pthread_t thread, int *policy, struct sched_param *param) The arguments for pthread_getschedparam are straightforward. The first argument is a thread ID, and the others are pointers to memory where the results will be stored. The argumentsto pthread_setschedparam are not as obvious, however. As with pthread_getschedparam, the first argument is a thread ID. The second argument to pthread_setschedparam is the desired policy, which can currently be one of SCHED_FIFO (first in, first out), SCHED_RR (round-robin), or SCHED_OTHER. The SCHED_OTHER policy is generally used for extra policies that are specific to a given operating system, and should thus be avoided when writing portable code. The third argument is a structure that contains various scheduling parameters. Mach Scheduling and Thread Interfaces Using Mach Scheduling From User Applications 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 79Here is a basic example of using pthreads functions to set a thread’s scheduling policy and priority. int set_my_thread_priority(int priority) { struct sched_param sp; memset(&sp, 0, sizeof(struct sched_param)); sp.sched_priority=priority; if (pthread_setschedparam(pthread_self(), SCHED_RR, &sp) == -1) { printf("Failed to change priority.\n"); return -1; } return 0; } This code snippet sets the scheduling policy for the current thread to round-robin scheduling, and sets the thread’s relative importance within the task to the value passed in through the priority argument. For more information, see the manual page for pthread. Using the Mach Thread API to Influence Scheduling This API is frequently used in multimedia applications to obtain real-time priority. It is also useful in other situations when the pthread scheduling API cannot be used or does not provide the needed functionality. The API consists of two functions, thread_policy_set and thread_policy_get. kern_return_t thread_policy_set( thread_act_t thread, thread_policy_flavor_t flavor, thread_policy_t policy_info, mach_msg_type_number_t count); kern_return_t thread_policy_get( thread_act_t thread, thread_policy_flavor_t flavor, thread_policy_t policy_info, mach_msg_type_number_t *count, Mach Scheduling and Thread Interfaces Using Mach Scheduling From User Applications 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 80boolean_t *get_default); The parameters of these functions are roughly the same, except that the thread_policy_get function takes pointers for the count and the get_default arguments. The count is an inout parameter, meaning that it is interpreted as the maximum amount of storage (in units of int32_t) that the calling task has allocated for the return, but it is also overwritten by the scheduler to indicate the amount of data that was actually returned. These functions get and set several parameters, according to the thread policy chosen. The possible thread policies are listed in Table 10-2 (page 81). Table 10-2 Thread policies Policy Meaning THREAD_STANDARD_POLICY Default value THREAD_TIME_CONSTRAINT_POLICY Used to specify real-time behavior. Used to indicate the importance of computation relative to other threads in a given task. THREAD_PRECEDENCE_POLICY The following code snippet shows how to set the priority of a task to tell the scheduler that it needs real-time performance. The example values provided in comments are based on the estimated needs of esd (the Esound daemon). #include #include #include #include int set_realtime(int period, int computation, int constraint) { struct thread_time_constraint_policy ttcpolicy; int ret; thread_port_t threadport = pthread_mach_thread_np(pthread_self()); ttcpolicy.period=period; // HZ/160 ttcpolicy.computation=computation; // HZ/3300; ttcpolicy.constraint=constraint; // HZ/2200; ttcpolicy.preemptible=1; Mach Scheduling and Thread Interfaces Using Mach Scheduling From User Applications 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 81if ((ret=thread_policy_set(threadport, THREAD_TIME_CONSTRAINT_POLICY, (thread_policy_t)&ttcpolicy, THREAD_TIME_CONSTRAINT_POLICY_COUNT)) != KERN_SUCCESS) { fprintf(stderr, "set_realtime() failed.\n"); return 0; } return 1; } The time values are in terms of Mach absolute time units. Since these values differ on different CPUs, you should generally use numbers relative to HZ (a global variable in the kernel that contains the current number of ticks per second). You can either handle this conversion yourself by dividing this value by an appropriate quantity or use the conversion routines described in “Using Kernel Time Abstractions ” (page 142). Say your computer reports 133 million for the value of HZ. If you pass the example values given as arguments to this function, your thread tells the scheduler that it needs approximately 40,000 (HZ/3300) out of the next 833,333 (HZ/160) bus cycles. The preemptible value (1) indicates that those 40,000 bus cycles need not be contiguous. However, the constraint value (HZ/2200) tells the scheduler that there can be no more than 60,000 bus cycles between the start of computation and the end of computation. Note: Because the constraint sets a maximum bound for computation, it must be larger than the value for computation. A straightforward example using this API is code that displays video directly to the framebuffer hardware. It needs to run for a certain number of cycles every frame to get the new data into the frame buffer. It can be interrupted without worry, but if it isinterrupted for too long, the video hardware starts displaying an outdated frame before the software writes the updated data, resulting in a nasty glitch. Audio has similar behavior, but since it is usually buffered along the way (in hardware and in software), there is greater tolerance for variations in timing, to a point. Another policy call is THREAD_PRECEDENCE_POLICY. This is used for setting the relative importance of non-real-time threads. Its calling convention issimilar, except that itsstructure is thread_precedence_policy, and contains only one field, an integer_t called importance. While thisis a signed 32-bit value, the minimum legal value is zero (IDLE_PRI). threads set to IDLE_PRI will only execute when no other thread is scheduled to execute. Mach Scheduling and Thread Interfaces Using Mach Scheduling From User Applications 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 82In general, larger values indicate higher priority. The maximum limit is subject to change, as are the priority bands, some of which have special purposes (such as real-time threads). Thus, in general, you should use pthreads APIs to achieve this functionality rather than using this policy directly unless you are setting up an idle thread. Using the Mach Task API to Influence Scheduling This relatively simple API is not particularly useful for most developers. However, it may be beneficial if you are developing a graphical user interface for Darwin. It also provides some insight into the prioritization of tasks in OS X. It is presented here for completeness. The API consists of two functions, task_policy_set and task_policy_get. kern_return_t task_policy_set( task_t task, task_policy_flavor_t flavor, task_policy_t policy_info, mach_msg_type_number_t count); kern_return_t task_policy_get( task_t task, task_policy_flavor_t flavor, task_policy_t policy_info, mach_msg_type_number_t *count, boolean_t *get_default); As with thread_policy_set and thread_policy_get, the parameters are similar, except that the task_policy_get function takes pointers for the count and the get_default arguments. The count argument is an inout parameter. It is interpreted as the maximum amount of storage that the calling task has allocated for the return, but it is also overwritten by the scheduler to indicate the amount of data that was actually returned. These functions get and set a single parameter, that of the role of a given task, which changes the way the task’s priority gets altered over time. The possible roles of a task are listed in Table 10-3 (page 83). Table 10-3 Task roles Role Meaning TASK_UNSPECIFIED Default value Mach Scheduling and Thread Interfaces Using Mach Scheduling From User Applications 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 83Role Meaning This is set when a process is executed with nice or is modified by renice. TASK_RENICED GUI application in the foreground. There can be more than one foreground application. TASK_FOREGROUND_APPLICATION TASK_BACKGROUND_APPLICATION GUI application in the background. TASK_CONTROL_APPLICATION Reserved for the dock or equivalent (assigned FCFS). TASK_GRAPHICS_SERVER Reserved for WindowServer or equivalent (assigned FCFS). The following code snippet shows how to set the priority of a task to tell the scheduler that it is a foreground application (regardless of whether it really is). #include #include #include int set_my_task_policy(void) { int ret; struct task_category_policy tcatpolicy; tcatpolicy.role = TASK_FOREGROUND_APPLICATION; if ((ret=task_policy_set(mach_task_self(), TASK_CATEGORY_POLICY, (thread_policy_t)&tcatpolicy, TASK_CATEGORY_POLICY_COUNT)) != KERN_SUCCESS) { fprintf(stderr, "set_my_task_policy() failed.\n"); return 0; } return 1; } Mach Scheduling and Thread Interfaces Using Mach Scheduling From User Applications 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 84Kernel Thread APIs The OS X scheduler provides a number of public APIs. While many of these APIs should not be used, the APIs to create, destroy, and alter kernel threads are of particular importance. While not technically part of the scheduler itself, they are inextricably tied to it. The scheduler directly provides certain services that are commonly associated with the use of kernel threads, without which kernel threads would be of limited utility. For example, the scheduler provides support for wait queues, which are used in various synchronization primitives such as mutex locks and semaphores. Creating and Destroying Kernel Threads The recommended interface for creating threads within the kernel is through the I/O Kit. It provides IOCreateThread, IOThreadSelf, and IOExitThread functions that make it relatively painless to create threads in the kernel. The basic functions for creating and terminating kernel threads are: IOThread IOCreateThread(IOThreadFunc function, void *argument); IOThread IOThreadSelf(void); void IOExitThread(void); With the exception of IOCreateThread (which is a bit more complex), the I/O Kit functions are fairly thin wrappers around Mach thread functions. The types involved are also very thin abstractions. IOThread is really the same as thread_t. The IOCreateThread function creates a new thread that immediately begins executing the function that you specify. It passes a single argument to that function. If you need to pass more than one argument, you should dynamically allocate a data structure and pass a pointer to that structure. For example, the following code creates a kernel thread and executes the function myfunc in that thread: #include #include #include struct mydata { int three; char *string; }; Mach Scheduling and Thread Interfaces Kernel Thread APIs 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 85static void myfunc(void *myarg) { struct mydata *md = (struct mydata *)myarg; IOLog("Passed %d = %s\n", md->three, md->string); IOExitThread(); } void start_threads() { IOThread mythread; struct mydata *md = (struct mydata *)malloc(sizeof(*md)); md->three = 3; md->string = (char *)malloc(2 * sizeof(char)); md->string[0] = '3'; md->string[1] = '\0'; // Start a thread using IOCreateThread mythread = IOCreateThread(&myfunc, (void *)md); } One other useful function is thread_terminate. This can be used to destroy an arbitrary thread (except, of course, the currently running thread). This can be extremely dangerous if not done correctly. Before tearing down a thread with thread_terminate, you should lock the thread and disable any outstanding timers against it. If you fail to deactivate a timer, a kernel panic will occur when the timer expires. With that in mind, you may be able to terminate a thread as follows: thread_terminate(getact_thread(thread)); There thread is of type thread_t. In general, you can only be assured that you can kill yourself, not other threads in the system. The function thread_terminate takes a single parameter of type thread_act_t (a thread activation). The function getact_thread takes a thread shuttle (thread_shuttle_t) or thread_t and returns the thread activation associated with it. SPL and Friends BSD–based and Mach–based operating systems contain legacy functions designed for basic single-processor synchronization. These include functions such as splhigh, splbio, splx, and other similar functions. Since these functions are not particularly useful for synchronization in an SMP situation, they are not particularly useful as synchronization tools in OS X. Mach Scheduling and Thread Interfaces Kernel Thread APIs 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 86If you are porting legacy code from earlier Mach–based or BSD–based operating systems, you must find an alternate means of providing synchronization. In many cases, this is as simple as taking the kernel or network funnel. In parts of the kernel, the use of spl functions does nothing, but causes no harm if you are holding a funnel (and results in a panic if you are not). In other parts of the kernel, spl macros are actually used. Because spl cannot necessarily be used for itsintended purpose, itshould not be used in general unless you are writing code it a part of the kernel that already uses it. You should instead use alternate synchronization primitives such as those described in “Synchronization Primitives” (page 128). Wait Queues and Wait Primitives The wait queue API is used extensively by the scheduler and is closely tied to the scheduler in itsimplementation. It is also used extensively in locks, semaphores, and other synchronization primitives. The wait queue API is both powerful and flexible, and as a result issomewhat large. Not all of the API is exported outside the scheduler, and parts are not useful outside the context of the wait queue functions themselves. This section documents only the public API. The wait queue API includes the following functions: void wait_queue_init(wait_queue_t wq, int policy); extern wait_queue_t wait_queue_t wait_queue_alloc(int policy); void wait_queue_free(wait_queue_t wq); void wait_queue_lock(wait_queue_t wq); void wait_queue_lock_try(wait_queue_t wq); void wait_queue_unlock(wait_queue_t wq); boolean_t wait_queue_member(wait_queue_t wq, wait_queue_sub_t wq_sub); boolean_t wait_queue_member_locked(wait_queue_t wq, wait_queue_sub_t wq_sub); kern_return_t wait_queue_link(wait_queue_t wq, wait_queue_sub_t wq_sub); kern_return_t wait_queue_unlink(wait_queue_t wq, wait_queue_sub_t wq_sub); kern_return_t wait_queue_unlink_one(wait_queue_t wq, wait_queue_sub_t *wq_subp); void wait_queue_assert_wait(wait_queue_t wq, event_t event, int interruptible); void wait_queue_assert_wait_locked(wait_queue_t wq, event_t event, int interruptible, boolean_t unlocked); kern_return_t wait_queue_wakeup_all(wait_queue_t wq, event_t event, int result); kern_return_t wait_queue_peek_locked(wait_queue_t wq, event_t event, thread_t *tp, wait_queue_t *wqp); Mach Scheduling and Thread Interfaces Kernel Thread APIs 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 87void wait_queue_pull_thread_locked(wait_queue_t wq, thread_t thread, boolean_t unlock); thread_t wait_queue_wakeup_identity_locked(wait_queue_t wq, event_t event, int result, boolean_t unlock); kern_return_t wait_queue_wakeup_one(wait_queue_t wq, event_t event, int result); kern_return_t wait_queue_wakeup_one_locked(wait_queue_t wq, event_t event, int result, boolean_t unlock); kern_return_t wait_queue_wakeup_thread(wait_queue_t wq, event_t event, thread_t thread, int result); kern_return_t wait_queue_wakeup_thread_locked(wait_queue_t wq, event_t event, thread_t thread, int result, boolean_t unlock); kern_return_t wait_queue_remove(thread_t thread); Most of the functions and their arguments are straightforward and are not presented in detail. However, a few require special attention. Most of the functions take an event_t as an argument. These can be arbitrary 32-bit values, which leads to the potential for conflicting events on certain wait queues. The traditional way to avoid this problem is to use the address of a data object that is somehow related to the code in question as that 32-bit integer value. For example, if you are waiting for an event that indicates that a new block of data has been added to a ring buffer, and if that ring buffer’s head pointer was called rb_head, you might pass the value &rb_head as the event ID. Because wait queue usage does not generally cross address space boundaries, this is generally sufficient to avoid any event ID conflicts. Notice the functions ending in _locked. These functions require that your thread be holding a lock on the wait queue before they are called. Functions ending in _locked are equivalent to their nonlocked counterparts (where applicable) except that they do not lock the queue on entry and may not unlock the queue on exit (depending on the value of unlock). The remainder of this section does not differentiate between locked and unlocked functions. The wait_queue_alloc and wait_queue_init functions take a policy parameter, which can be one of the following: ● SYNC_POLICY_FIFO—first-in, first-out ● SYNC_POLICY_FIXED_PRIORITY—policy based on thread priority Mach Scheduling and Thread Interfaces Kernel Thread APIs 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 88● SYNC_POLICY_PREPOST—keep track of number of wakeups where no thread was waiting and allow threadsto immediately continue executing without waiting until that count reaches zero. Thisisfrequently used when implementing semaphores. You should not use the wait_queue_init function outside the scheduler. Because a wait queue is an opaque object outside that context, you cannot determine the appropriate size for allocation. Thus, because the size could change in the future, you should always use wait_queue_alloc and wait_queue_free unless you are writing code within the scheduler itself. Similarly, the functions wait_queue_member, wait_queue_member_locked, wait_queue_link, wait_queue_unlink, and wait_queue_unlink_one are operations on subordinate queues, which are not exported outside the scheduler. The function wait_queue_member determines whether a subordinate queue is a member of a queue. The functions wait_queue_link and wait_queue_unlink link and unlink a given subordinate queue from its parent queue, respectively. The function wait_queue_unlink_one unlinks the first subordinate queue in a given parent and returns it. The function wait_queue_assert_wait causes the calling thread to wait on the wait queue until it is either interrupted (by a thread timer, for example) or explicitly awakened by another thread. The interruptible flag indicates whether this function should allow an asynchronous event to interrupt waiting. The function wait_queue_wakeup_all wakes up all threads waiting on a given queue for a particular event. The function wait_queue_peek_locked returns the first thread from a given wait queue that is waiting on a given event. It does not remove the thread from the queue, nor does it wake the thread. It also returns the wait queue where the thread was found. If the thread is found in a subordinate queue, other subordinate queues are unlocked, as is the parent queue. Only the queue where the thread was found remains locked. The function wait_queue_pull_thread_locked pulls a thread from the wait queue and optionally unlocks the queue. This is generally used with the result of a previous call to wait_queue_peek_locked. The function wait_queue_wakeup_identity_locked wakes up the first thread that is waiting for a given event on a given wait queue and starts it running but leaves the thread locked. It then returns a pointer to the thread. This can be used to wake the first thread in a queue and then modify unrelated structures based on which thread was actually awakened before allowing the thread to execute. The function wait_queue_wakeup_one wakes up the first thread that is waiting for a given event on a given wait queue. The function wait_queue_wakeup_thread wakes up a given thread if and only if it is waiting on the specified event and wait queue (or one of its subordinates). Mach Scheduling and Thread Interfaces Kernel Thread APIs 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 89The function wait_queue_remove wakes a given thread without regard to the wait queue or event on which it is waiting. Mach Scheduling and Thread Interfaces Kernel Thread APIs 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 90In OS X kernel programming, the term context has several meanings that appear similar on the surface, but differ subtly. First, the term context can refer to a BSD process or Mach task. Switching from one process to another is often referred to as a context switch. Second, context can refer to the part of the operating system in which your code resides. Examples of this include thread contexts, the interrupt context, the kernel context, an application’s context, a Carbon File Manager context, and so on. Even for this use of the term, the exact meaning depends, ironically, on the context in which the term is used. Finally, context can refer to a bootstrap context. In Mach, the bootstrap task is assigned responsibility for looking up requests for Mach ports. As part of this effort, each Mach task is registered in one of two groups—either in the startup context or a user’s login context. (In theory, Mach can support any number of independent contexts, however the use of additional contexts is beyond the scope of this document.) For the purposes of this chapter, the term context refers to a bootstrap context. When OS X first boots, there is only the top-level context, which is generally referred to as the startup context. All other contexts are subsets of this context. Basic system services that rely on Mach ports must be started in this context in order to work properly. When a user logs in, the bootstrap task creates a new context called the login context. Programs run by the user are started in the login context. This allows the user to run a program that provides an alternate port lookup mechanism if desired, causing that user’s tasks to get a different port when the tasks look up a basic service. This has the effect of replacing that service with a user-defined version in a way that changes what the user’s tasks see, but does not affect any of the rest of the system. To avoid wasting memory, currently the login context is destroyed when the user logs out (orshortly thereafter). This behavior may change in the future, however. In the current implementation, programs started by the user will no longer be able to look up Mach ports after logout. If a program does not need to do any port lookup, it will not be affected. Other programs will terminate, hang, or behave erratically. For example, in Mac OS 10.1 and earlier, sshd continuesto function when started from a user context. However, since it is unable to communicate with lookupd or netinfo, it stops accepting passwords. This is not a particularly useful behavior. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 91 Bootstrap ContextsOther programs such as esound, however, continue to work correctly after logout when started from a user context. Other programs behave correctly in their default configuration but fail in other configurations—for example, when authentication support is enabled. There are no hard and fast rules for which programs will continue to operate after their bootstrap context is destroyed. Only thorough testing can tell you whether any given program will misbehave if started from a user context, since even programs that do not appear to directly use Mach communication may still do so indirectly. In OS X v10.2, a great deal of effort has gone into making sure that programs that use only standard BSD services and functions do not use Mach lookups in a way that would fail if started from a user context. If you find an application that breaks when started from a Terminal.app window, please file a bug report. How Contexts Affect Users From the perspective of a user, contexts are generally unimportant as long as they do not want a program to survive past the end of their login session. Contexts do become a problem for the administrator, however. For example, if the administrator upgrades sshd by killing the old version, starting the new one, and logging out, strange things could happen since the context in which sshd was running no longer exists. Contexts also pose an issue for usersrunning background jobs with nohup or users detaching terminalsessions using screen. There are times when it is perfectly reasonable for a program to survive past logout, but by default, this does not occur. There are three basic ways that a user can get around this. In the case of daemons, they can modify the startup scripts to start the application. On restart, the application will be started in the startup context. This is not very practical if the computer in question isin heavy use, however. Fortunately, there are other waysto startservices in a startup context. The second way to run a service in the startup context is to use ssh to connect to the computer. Since sshd is running in the startup context, programs started from an ssh session also register themselves in the startup context. (Note that a user can safely kill the main sshd process without being logged out. The user just needs to be careful to kill the right one.) The third way isto log in asthe console user (>console), which causes LoginWindow to exit and causes init to spawn a getty process on the console. Since init spawns getty, which spawns login, which spawns the user’s shell, any programs started from the text console will be in the startup context. Bootstrap Contexts How Contexts Affect Users 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 92More generally, any process that is the child of a process in the startup context (other than those inherited by init because their parent process exited) is automatically in the startup context. Any process that is the child of a process in the login context is, itself, in the login context. This means that daemons can safely fork children at any time and those children will be in the startup context, as will programs started from the console (not the Console application). This also meansthat any program started by a user in a terminal window, from Finder, from the Dock, and so on, will be in the currently logged in user’s login context, even if that user runs the application using su or sudo. How Contexts Affect Developers If you are writing only kernel code, contexts are largely irrelevant (unless you are creating a new context, of course). However, kernel developers frequently need to write a program that registers itself in the startup context in order to provide some level of driver communication. For example, you could write a user-space daemon that brokers configuration information for a sound driver based on which user is logged in at the time. In the most general case, the problem ofstarting an application in the startup context can be solved by creating a startup script for your daemon, which causesit to be run in the startup context after the next reboot. However, users generally do not appreciate having to reboot their computers to install a new driver. Asking the user to connect to his or her own computer with ssh to execute a script is probably not reasonable, either. The biggest problem with forcing a reboot, of course, is that users often install several programs at once. Rebooting between each install inconveniences the end user, and has no other benefit. For that reason, you should not force the user to restart. Instead, you should offer the user the option, noting that the software may not work correctly until the user restarts. While this does not solve the fundamental problem, it does at least minimize the most common source of complaints. There are a number of ways to force a program to start in the startup context without rebooting or using ssh. However, these are not robust solutions, and are not recommended. A standard API for starting daemons is under consideration. When an official API becomes available, this chapter will be updated to discuss it. Bootstrap Contexts How Contexts Affect Developers 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 93Those of you who are already familiar with writing device drivers for Mac OS 9 or for BSD will discover that writing driversfor OS X requiressome new ways of thinking. In creating OS X, Apple has completely redesigned the Macintosh I/O architecture, providing a framework for simplified driver development that supports many categories of devices. This framework is called the I/O Kit. From a programming perspective, the I/O Kit provides an abstract view of the system hardware to the upper layers of OS X. The I/O Kit uses an object-oriented programming model, implemented in a restricted subset of C++ to promote increased code reuse. By starting with properly designed base classes, you gain a head start in writing a new driver; with much of the driver code already written, you need only to fill in the specific code that makes your driver different. For example, all SCSI controllers deliver a fairly standard set of commands to a device, but do so via different low-level mechanisms. By properly using object-oriented programming methodology, a SCSI driver can implement those low-level transport portions without reimplementing the higher level SCSI protocol code. Similar opportunities for code reuse can be found in most types of drivers. Part of the philosophy of the I/O Kit is to make the design completely open. Rather than hiding parts of the API in an attempt to protect developers from themselves, all of the I/O Kit source is available as part of Darwin. You can use the source code as an aid to designing (and debugging) new drivers. Instead of hiding the interfaces, Apple’s designers have chosen to lead by example. Sample code and classes show the recommended (easy) way to write a driver. However, you are not prevented from doing things the hard way (or the wrong way). Instead, attention has been concentrated on making the “best” ways easy to follow. Redesigning the I/O Model You might ask why Apple chose to redesign the I/O model. At first glance, it mightseem that reusing the model from Mac OS 9 or FreeBSD would have been an easier choice. There are several reasons for the decision, however. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 94 I/O Kit OverviewNeither the Mac OS 9 driver model nor the FreeBSD model offered a feature set rich enough to meet the needs of OS X. The underlying operating-system technology of OS X is very different from that of Mac OS 9. The OS X kernel is significantly more advanced than the previous Mac OS system architecture; OS X needs to handle memory protection, preemption, multiprocessing, and other features not present (orsubstantially less pervasive) in previous versions of the Mac OS. Although FreeBSD supports these features, the BSD driver model did not offer the automatic configuration, stacking, power management, or dynamic device-loading features required in a modern, consumer-oriented operating system. By redesigning the I/O architecture, Apple’s engineers can take best advantage of the operating-system features in OS X. For example, virtual memory (VM) is not a fundamental part of the operating system in Mac OS 9. Thus, every driver writer must know about (and write for) VM. This has presented certain complications for developers. In contrast, OS X has simplified driver interaction with VM. VM capability is inherent in the OS X operating system and cannot be turned off by the user. Thus, VM capabilities can be abstracted into the I/O Kit, and the code for handling VM need not be written for every driver. OS X offers an unprecedented opportunity to reuse code. In Mac OS 9, for example, all software development kits (SDKs) were independent of each other, duplicating functionality between them. In OS X, the I/O Kit is delivered as part of the basic developer tools, and code is shared among its various parts. In contrast with traditional I/O models, the reusable code model provided by the I/O Kit can decrease your development work substantially. In porting drivers from Mac OS 9, for example, the OS X counterparts have been up to 75% smaller. In general, all hardware support is provided directly by I/O Kit entities. One exception to this rule is imaging devicessuch as printers,scanners, and digital cameras(although these do make some use of I/O Kit functionality). Specifically, although communication with these devices is handled by the I/O Kit (for instance, under the FireWire or USB families), support for particular device characteristics is handled by user-space code (see “For More Information” (page 100) for further discussion). If you need to support imaging devices, you should employ the appropriate imaging software development kit (SDK). The I/O Kit attempts to represent, in software, the same hierarchy that exists in hardware. Some things are difficult to abstract, however. When the hardware hierarchy is difficult to represent (for example, if layering violations occur), then the I/O Kit abstractions provide less help for writing drivers. In addition, all drivers exist to drive hardware; all hardware is different. Even with the reusable model provided by the I/O Kit, you still need to be aware of any hardware quirks that may impact a higher-level view of the device. The code to support those quirks still needs to be unique from driver to driver. I/O Kit Overview Redesigning the I/O Model 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 95Although most developers should be able to take full advantage of I/O Kit device families (see “Families” (page 96)), there will occasionally be some who cannot. Even those developers should be able to make use of parts of the I/O Kit, however. In any case, the source code is always available. You can replace functionality and modify the classes yourself if you need to do so. In designing the I/O Kit, one goal has been to make developers’ lives easier. Unfortunately, it is not possible to make all developers’ lives uniformly easy. Therefore, a second goal of the I/O Kit design is to meet the needs of the majority of developers, without getting in the way of the minority who need lower level access to the hardware. I/O Kit Architecture The I/O Kit provides a model of system hardware in an object-oriented framework. Each type of service or device is represented by a C++ class; each discrete service or device is represented by an instance (object) of that class. There are three major conceptual elements of the I/O Kit architecture: ● “Families” (page 96) ● “Drivers” (page 97) ● “Nubs” (page 97) Families A family defines a collection of high-level abstractions common to all devices of a particular category that takes the form of C code and C++ classes. Families may include headers, libraries, sample code, test harnesses, and documentation. They provide the API, generic support code, and at least one example driver (in the documentation). Families provide services for many different categories of devices. For example, there are protocol families (such as SCSI, USB, and FireWire), storage families (disk), network families, and families to describe human interface devices (mouse and keyboard). When devices have features in common, the software that supports those features is most likely found in a family. Common abstractions are defined and implemented by the family, allowing all drivers in a family to share similar features easily. For example, all SCSI controllers have certain things they must do, such as scanning the SCSI bus. The SCSI family defines and implementsthe functionality that is common to SCSI controllers. Because thisfunctionality has been included in the SCSI family, you do not need to include scanning code (for example) in your new SCSI controller driver. I/O Kit Overview I/O Kit Architecture 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 96Instead, you can concentrate on device-specific details that make your driver different from other SCSI drivers. The use of families means there is less code for you to write. Families are dynamically loadable; they are loaded when needed and unloaded when no longer needed. Although some common families may be preloaded at system startup, all families should be considered to be dynamically loadable (and, therefore, potentially unloaded). See the “Connection Example” (page 98) for an illustration. Drivers A driver is an I/O Kit object that manages a specific device or bus, presenting a more abstract view of that device to other parts of the system. When a driver is loaded, its required families are also loaded to provide necessary, common functionality. The request to load a driver causes all of its dependent requirements (and their requirements) to be loaded first. After all requirements are met, the requested driver is loaded as well. See “Connection Example” (page 98) for an illustration. Note that families are loaded upon demand of the driver, not the other way around. Occasionally, a family may already be loaded when a driver demands it; however, you should never assume this. To ensure that all requirements are met, each device driver should list all of its requirements in its property list. Most drivers are in a client-provider relationship, wherein the driver must know about both the family from which it inherits and the family to which it connects. A SCSI controller driver, for example, must be able to communicate with both the SCSI family and the PCI family (as a client of PCI and provider of SCSI). A SCSI disk driver communicates with both the SCSI and storage families. Nubs A nub is an I/O Kit object that represents a point of connection for a driver. It represents a controllable entity such as a disk or a bus. A nub is loaded as part of the family that instantiates it. Each nub provides access to the device or service that it represents and provides services such as matching, arbitration, and power management. The concept of nubs can be more easily visualized by imagining a TV set. There is a wire attached to your wall that provides TV service from somewhere. For all practical purposes, it is permanently associated with that provider, the instantiating class (the cable company who installed the line). It can be attached to the TV to provide a service (cable TV). That wire is a nub. Each nub provides a bridge between two drivers (and, by extension, between two families). It is most common that a driver publishes one nub for each individual device or service it controls. (In this example, imagine one wire for every home serviced by the cable company.) I/O Kit Overview I/O Kit Architecture 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 97It is also possible for a driver that controls only a single device or service to act as its own nub. (Imagine the antenna on the back of your TV that has a built-in wire.) See the “Connection Example” (page 98) for an illustration of the relationship between nubs and drivers. Connection Example Figure 12-1 (page 98) illustrates the I/O Kit architecture, using several example drivers and their corresponding nubs. Note that many different driver combinations are possible; this diagram shows only one possibility. In this case, a SCSI stack is shown, with a PCI controller, a disk, and a SCSI scanner. The SCSI disk is controlled by a kernel-resident driver. The SCSI scanner is controlled by a driver that is part of a user application. Figure 12-1 I/O Kit architecture IOPCIBridge family PCI bus driver IOSCSIParallelController family SCSI card driver IOBlockStorageDriver family SCSI disk driver IOPCIDevice nubs IOSCSIParallelDevice nubs IOMedia nub Disk User application User space Kernel space Device interface User client This example illustrates how a SCSI disk driver (Storage family) is connected to the PCI bus. The connection is made in several steps. I/O Kit Overview I/O Kit Architecture 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 981. The PCI bus driver discovers a PCI device and announces its presence by creating a nub (IOPCIDevice). The nub’s class is defined by the PCI family. IOPCIBridge family PCI bus driver IOPCIDevice nubs Video card Main logic board ATA SCSI card 2. The bus driver identifies (matches) the correct device driver and requests that the driver be loaded. At the end of this matching process, a SCSI controller driver has been found and loaded. Loading the controller driver causes all required families to be loaded as well. In this case, the SCSI family is loaded; the PCI family (also required) is already present. The SCSI controller driver is given a reference to the IOPCIDevice nub. 3. The SCSI controller driver scans the SCSI bus for devices. Upon finding a device, it announces the presence of the device by creating a nub (IOSCSIDevice). The class of this nub is defined by the SCSI family. IOPCIBridge family PCI bus driver IOSCSIParallelController family SCSI card driver IOPCIDevice nubs IOSCSIParallelDevice nubs SCSI disk Unknown device SCSI scanner 1 5 6 I/O Kit Overview I/O Kit Architecture 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 994. The controller driver identifies (matches) the correct device driver and requests that the driver be loaded. At the end of this matching process, a disk driver has been found and loaded. Loading the disk driver causes all required families to be loaded as well. In this case, the Storage family is loaded; the SCSI family (also required) is already present. The disk driver is given a reference to the IOSCSIDevice nub. IOPCIBridge family PCI bus driver IOSCSIParallelController family SCSI card driver IOBlockStorageDriver family SCSI disk driver IOPCIDevice nubs IOSCSIParallelDevice nubs IOMedia nub Disk For More Information For more information on the I/O Kit, you should read the document I/O Kit Fundamentals, available from Apple’s developer documentation website, http://developer.apple.com/documentation. It provides a good general overview of the I/O Kit. In addition to I/O Kit Fundamentals, the website contains a number of HOWTO documents and topic-specific documents that describe issues specific to particular technology areas such as FireWire and USB. I/O Kit Overview For More Information 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 100The BSD portion of the OS X kernel is derived primarily from FreeBSD, a version of 4.4BSD that offers advanced networking, performance, security, and compatibility features. BSD variants in general are derived (sometimes indirectly) from 4.4BSD-Lite Release 2 from the Computer Systems Research Group (CSRG) at the University of California at Berkeley. BSD provides many advanced features, including the following: ● Preemptive multitasking with dynamic priority adjustment. Smooth and fair sharing of the computer between applications and users is ensured, even under the heaviest of loads. ● Multiuser access. Many people can use an OS X system simultaneously for a variety of things. This means, for example, thatsystem peripheralssuch as printers and disk drives are properly shared between all users on the system or the network and that individual resource limits can be placed on users or groups of users, protecting critical system resources from overuse. ● Strong TCP/IP networking with support for industry standards such as SLIP, PPP, and NFS. OS X can interoperate easily with other systems as well as act as an enterprise server, providing vital functions such as NFS (remote file access) and email services, or Internet services such as HTTP, FTP, routing, and firewall (security) services. ● Memory protection. Applications cannot interfere with each other. One application crashing does not affect others in any way. ● Virtual memory and dynamic memory allocation. Applications with large appetitesfor memory are satisfied while still maintaining interactive response to users. With the virtual memory system in OS X, each application has access to its own 4 GB memory address space; this should satisfy even the most memory-hungry applications. ● Support for kernel threads based on Mach threads. User-level threading packages are implemented on top of kernel threads. Each kernel thread is an independently scheduled entity. When a thread from a user process blocks in a system call, other threads from the same process can continue to execute on that or other processors. By default, a process in the conventional sense has one thread, the main thread. A user process can use the POSIX thread API to create other user threads. ● SMP support. Support is included for computers with multiple CPUs. ● Source code. Developers gain the greatest degree of control over the BSD programming environment because source is included. ● Many of the POSIX APIs. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 101 BSD OverviewBSD Facilities The facilities that are available to a user process are logically divided into two parts: kernel facilities and system facilities implemented by or in cooperation with a server process. The facilities implemented in the kernel define the virtual machine in which each process runs. Like many real machines, this virtual machine has memory management, an interrupt facility, timers, and counters. The virtual machine also allows access to files and other objects through a set of descriptors. Each descriptor resembles a device controller and supports a set of operations. Like devices on real machines, some of which are internal to the machine and some of which are external, parts of the descriptor machinery are built into the operating system, while other parts are often implemented in server processes. The BSD component provides the following kernel facilities: ● processes and protection ● host and process identifiers ● process creation and termination ● user and group IDs ● process groups ● memory management ● text, data, stack, and dynamic shared libraries ● mapping pages ● page protection control ● POSIX synchronization primitives ● POSIX shared memory ● signals ● signal types ● signal handlers ● sending signals ● timing and statistics ● real time ● interval time ● descriptors ● files ● pipes BSD Overview BSD Facilities 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 102● sockets ● resource controls ● process priorities ● resource utilization and resource limits ● quotas ● system operation support ● bootstrap operations ● shut-down operations ● accounting BSD system facilities (facilities that may interact with user space) include ● generic input/output operations such as read and write, nonblocking, and asynchronous operations ● file-system operations ● interprocess communication ● handling of terminals and other devices ● process control ● networking operations Differences between OS X and BSD Although the BSD portion of OS X is primarily derived from FreeBSD, some changes have been made: ● The sbrk() system call for memory management is deprecated. Its use is not recommended in OS X. ● The OS X runtime model uses a different object file format for executables and shared objects, and a different mechanism for executing some of those executables. The primary native format is Mach-O. This format is supported by the dynamic link editor (dyld). The PEF binary file format is supported by the Code Fragment Manager (CFM). The kernel supports execve() with Mach-O binaries. Mapping and management of Mach-O dynamic shared libraries, as well as launching of PEF-based applications, are performed by user-space code. ● OS X does not support memory-mapped devices through the mmap() function. (Graphic device support and other subsystems provide similar functionality, but using different APIs.) In OS X, this interface should be done through user clients. See the Apple I/O Kit documents for additional information. ● The swapon() call is not supported; macx_swapon() is the equivalent call from the Mach pager. BSD Overview Differences between OS X and BSD 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 103● The Unified Buffer Cache implementation in OS X differs from that found in FreeBSD. ● Mach provides a number of IPC primitives that are not traditionally found in UNIX. See “Boundary Crossings” (page 109) for more information on Mach IPC. Some System V primitives are supported, but their use is discouraged in favor of POSIX equivalents. ● Several changes have been made to the BSD security model to support single-user and multiple-administrator configurations, including the ability to disable ownership and permissions on a volume-by-volume basis. ● The locking mechanism used throughout the kernel differs substantially from the mechanism used in FreeBSD. ● The kernel extension mechanism used by OS X is completely different. The OS X driver layer, the I/O Kit, is an object-oriented driver stack written in C++. The general kernel programming interfaces, or KPIs, are used to write non-driver kernel extensions. These mechanisms are described more in “I/O Kit Overview” (page 94) and KPI Reference , respectively. In addition, several new features have been added that are specific to the OS X (Darwin) implementation of BSD. These features are not found in FreeBSD. ● enhancements to file-system buffer cache and file I/O clustering ● adaptive and speculative read ahead ● user-process controlled read ahead ● time aging of the file-system buffer cache ● enhancements to file-system support ● implementation of Apple extensions for ISO-9660 file systems ● multithreaded asynchronous I/O for NFS ● addition of system calls to support semantics of Mac OS Extended (HFS+) file systems ● additions to naming conventions for pathnames, as required for accessing multiple forks in Mac OS Extended file systems For Further Reading The BSD component of the OS X kernel is complex. A complete description is beyond the scope of this document. However, many excellent references exist for this component. If you are interested in BSD, be sure to refer to the bibliography for further information. BSD Overview For Further Reading 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 104Although the BSD layer of OS X is derived from 4.4BSD, keep in mind that it is not identical to 4.4BSD. Some functionality of 4.4 BSD has not been included in OS X. Some new functionality has been added. The cited reference materials are recommended for additional reading. However, they should not be presumed as forming a definitive description of OS X. BSD Overview For Further Reading 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 105OS X provides“out-of-the-box”support forseveral different file systems. These include Mac OS Extended format (HFS+), the BSD standard file system format (UFS), NFS (an industry standard for networked file systems), ISO 9660 (used for CD-ROM), MS-DOS, SMB (Windows file sharing standard), AFP (Mac OS file sharing), and UDF. Support is also included for reading the older, Mac OS Standard format (HFS) file-system type; however, you should not plan to format new volumes using Mac OS Standard format. OS X cannot boot from these file systems, nor does the Mac OS Standard format provide some of the information required by OS X. The Mac OS Extended format provides many of the same characteristics as Mac OS Standard format but adds additional support for modern features such as file permissions, longer filenames, Unicode, both hard and symbolic links, and larger disk sizes. UFS provides case sensitivity and other characteristics that may be expected by BSD commands. In contrast, Mac OS Extended Format is not case-sensitive (but is case-preserving). OS X currently can boot and “root” from an HFS+, UFS, ISO, NFS, or UDF volume. That is, OS X can boot from and mount a volume of any of these types and use it as the primary, or root, file system. Other file systems can also be mounted, allowing usersto gain accessto additional volume formats and features. NFS provides access to network servers as if they were locally mounted file systems. The Carbon application environment mimics many expected behaviors of Mac OS Extended format on top of both UFS and NFS. These include such characteristics as Finder Info, file ID access, and aliases. By using the OS X Virtual File System (VFS) capability and writing kernel extensions, you can add support for other file systems. Examples of file systems that are not currently supported in OS X but that you may wish to add to the system include the Andrew file system (AFS) and the Reiser file system (ReiserFS). If you want to support a new volume format or networking protocol, you’ll need to write a file-system kernel extension. Working With the File System In OS X, the vnode structure providesthe internal representation of a file or directory (folder). There is a unique vnode allocated for each active file or folder, including the root. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 106 File Systems OverviewWithin a file system, operations on specific files and directories are implemented via vnodes and VOP (vnode operation) calls. VOP calls are used for operations on individual files or directories (such as open, close, read, or write). Examples include VOP_OPEN to open a file and VOP_READ to read file contents. In contrast, file-system–wide operations are implemented using VFS calls. VFS calls are primarily used for operations on entire file systems; examples include VFS_MOUNT and VFS_UNMOUNT to mount or unmount a file system, respectively. File-system writers need to provide stubs for each of these sets of calls. VFS Transition The details of the VFS subsystem in OS X are in the process of changing in order to make the VFS interface sustainable. If you are writing a leaf file system, these changes will still affect you in many ways. please contact Apple Developer Support for more information. File Systems Overview VFS Transition 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 107OS X kernel extensions (KEXTs) provide mechanisms to extend and modify the networking infrastructure of OS X dynamically, without recompiling or relinking the kernel. The effect is immediate and does not require rebooting the system. Networking KEXTs can be used to ● monitor network traffic ● modify network traffic ● receive notification of asynchronous events from the driver layer In the last case, such events are received by the data link and network layers. Examples of these events include power management events and interface status changes. Specifically, KEXTs allow you to ● create protocol stacks that can be loaded and unloaded dynamically and configured automatically ● create modulesthat can be loaded and unloaded dynamically atspecific positionsin the network hierarchy. The Kernel Extension Manager dynamically adds KEXTs to the running OS X kernel inside the kernel’s address space. An installed and enabled network-related KEXT is invoked automatically, depending on its position in the sequence of protocol components, to process an incoming or outgoing packet. All KEXTs provide initialization and termination routines that the Kernel Extension Manager invokes when it loads or unloads the KEXT. The initialization routine handles any operations that are needed to complete the incorporation of the KEXT into the kernel, such as updating protosw and domain structures (through programmatic interfaces). Similarly, the termination routine must remove references to the NKE from these structures to unload itself successfully. NKEs must provide a mechanism, such as a reference count, to ensure that the NKE can terminate without leaving dangling pointers. For additional information on the networking portions of the OS X kernel, you should read the document Network Kernel Extensions Programming Guide . 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 108 Network ArchitectureTwo applications can communicate in a number of ways—for example, by using pipes or sockets. The applicationsthemselves are unaware of the underlying mechanismsthat provide this communication. However this communication occurs by sending data from one program into the kernel, which then sends the data to the second program. As a kernel programmer, it is your job to create the underlying mechanisms responsible for communication between your kernel code and applications. This communication is known as crossing the user-kernel boundary. This chapter explains various ways of crossing that boundary. In a protected memory environment, each process is given its own address space. This means that no program can modify another program’s data unless that data also resides in its own memory space (shared memory). The same applies to the kernel. It resides in its own address space. When a program communicates with the kernel, data cannot simply be passed from one address space to the other as you might between threads (or between programs in environments like Mac OS 9 and most real-time operating systems, which do not have protected memory). We refer to the kernel’s address space as kernel space, and collectively refer to applications’ address spaces as user space. For this reason, applications are also commonly referred to as user-space programs, or user programs for short. When the kernel needs a small amount of data from an application, the kernel cannot just dereference a pointer passed in from that application, since that pointer is relative to the application’s address space. Instead, the kernel generally copies that information into storage within its own address space. When a large region of data needs to be moved, it may map entire pages into kernel space for efficiency. The same behavior can be seen in reverse when moving data from the kernel to an application. Because it is difficult to move data back and forth between the kernel and an application, this separation is called a boundary. It isinherently time consuming to copy data, even if that data isjust the user-space address of a shared region. Thus, there is a performance penalty whenever a data exchange occurs. If this penalty is a serious problem, it may affect which method you choose for crossing the user-kernel boundary. Also, by trying to minimize the number of boundary crossings, you may find ways to improve the overall design of your code. This is particularly significant if your code is involved in communication between two applications, since the user-kernel boundary must be crossed twice in that case. There are a number of ways to cross the user-kernel boundary. Some of them are covered in this chapter in the following sections: 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 109 Boundary Crossings● “Mach Messaging and Mach Interprocess Communication (IPC)” (page 112) ● “BSD syscall API ” (page 116) ● “BSD ioctl API” (page 116) ● “BSD sysctl API ” (page 117) ● “Memory Mapping and Block Copying” (page 125) In addition, the I/O Kit uses the user-client/device-interface API for most communication. Because that API is specific to the I/O Kit, it is not covered in this chapter. The user client API is covered in I/O Kit Fundamentals, Accessing Hardware From Applications, and I/O Kit Device Driver Design Guidelines. The ioctl API is also specific to the construction of device drivers, and is largely beyond the scope of this document. However, since ioctl is a BSD API, it is covered at a glance for your convenience. This chapter covers one subset of Mach IPC—the Mach remote procedure call (RPC) API. It also covers the syscall, sysctl, memory mapping, and block copying APIs. Security Considerations Crossing the user-kernel boundary represents a security risk if the kernel code operates on the data in any substantial way (beyond writing it to disk or passing it to another application). You must carefully perform bounds checking on any data passed in, and you must also make sure your code does not dereference memory that no longer belongs to the client application. Also, under no circumstances should you run unverified program code passed in from user space within the kernel. See “Security Considerations” (page 24) for further information. Choosing a Boundary Crossing Method The first step in setting up user-kernel data exchange is choosing a means to do that exchange. First, you must consider the purpose for the communication. Some crucial factors are latency, bandwidth, and the kernel subsystem involved. Before choosing a method of communication, however, you should first understand at a high-level each of these forms of communication. Mach messaging and Mach interprocess communication (IPC) are relatively low-level ways of communicating between two Mach tasks (processes), as well as between a Mach task and the kernel. These form the basis for most communication outside of BSD and the I/O Kit. The Mach remote procedure call (RPC) API is a high level procedural abstraction built on top of Mach IPC. Mach RPC is the most common use of IPC. Boundary Crossings Security Considerations 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 110The BSD syscall API is an API for calling kernel functions from user space. It is used extensively when writing file systems and networking protocols, in ways that are very subsystem-dependent. Developers are strongly discouraged from using the syscall API outside of file-system and network extensions, as no plug-in API exists for registering a new system call with the syscall mechanism. The BSD sysctl API (in its revised form) supersedes the syscall API and also provides a relatively painless way to change individual kernel variablesfrom userspace. It has a straightforward plug-in architecture, making it a good choice where possible. Memory mapping and block copying are used in conjunction with one of the other APIs mentioned, and provide ways of moving large amounts of data (more than a few bytes) or variably sized data to and from kernel space. Kernel Subsystems The choice of boundary crossing methods depends largely on the part of the kernel into which you are adding code. In particular, the boundary crossing method preferred for the I/O Kit is different from that preferred for BSD, which is different from that preferred for Mach. If you are writing a device driver or other related code, you are probably dealing with the I/O Kit. In that case, you should instead read appropriate sections in I/O Kit Fundamentals, Accessing Hardware From Applications, and I/O Kit Device Driver Design Guidelines. If you are writing code that resides in the BSD subsystem (for example, a file system), you should generally use BSD APIs such as syscall or sysctl unless you require high bandwidth or exceptionally low latency. If you are writing code that resides anywhere else, you will probably have to use Mach messaging. Bandwidth and Latency The guidelines in the previous section apply to most communication between applications and kernel code. The methods mentioned, however, are somewhat lacking where high bandwidth or low latency are concerns. If you require high bandwidth, but latency is not an issue, you should probably consider doing memory-mapped communication. For large messagesthisis handled somewhat transparently by Mach RPC, making it a reasonable choice. For BSD portions of the kernel, however, you must explicitly pass pointers and use copyin and copyout to move large quantities of data. Thisis discussed in more detail in “Memory Mapping and Block Copying” (page 125). Boundary Crossings Choosing a Boundary Crossing Method 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 111If you require low latency but bandwidth is not an issue, sysctl and syscall are not good choices. Mach RPC, however, may be an acceptable solution. Another possibility is to actually wire a page of memory (see “Memory Mapping and Block Copying” (page 125) for details),start an asynchronous Mach RPC simpleroutine (to process the data), and use either locks or high/low water marks (buffer fullness) to determine when to read and write data. This can work for high-bandwidth communication as well. If you require both high bandwidth and low latency, you should also look at the user client/device interface model used in the I/O Kit, since that model has similar requirements. Mach Messaging and Mach Interprocess Communication (IPC) Mach IPC and Mach messaging are the basis for much of the communication in OS X. In many cases, however, these facilities are used indirectly by services implemented on top of one of them. Mach messaging and IPC are fundamentally similar except that Mach messaging is stateless, which prevents certain types of error recovery, as explained later. Except where explicitly stated, this section treats the two as equivalent. The fundamental unit of Mach IPC isthe port. The concept of Mach ports can be difficult to explain in isolation, so instead this section assumes a passing knowledge of a similar concept, that of ports in TCP/IP. In TCP/IP, a server listens for incoming connections over a network on a particular port. Multiple clients can connect to the port and send and receive data in word-sized or multiple-word–sized blocks. However, only one server process can be bound to the port at a time. In Mach IPC, the concept is the same, but the players are different. Instead of multiple hosts connecting to a TCP/IP port, you have multiple Mach tasks on the same computer connecting to a Mach port. Instead of firewall rules on a port, you have port rights that specify what tasks can send data to a particular Mach port. Also, TCP/IP ports are bidirectional, while Mach ports are unidirectional, much like UNIX pipes. This means that when a Mach task connects to a port, it generally allocates a reply port and sends a message containing send rights to that reply port so that the receiving task can send messages back to the sending task. As with TCP/IP, multiple client tasks can open connections to a Mach port, but only one task can be listening on that port at a time. Unlike TCP/IP, however, the IPC mechanism itself provides an easy means for one task to hand off the right to listen to an arbitrary task. The term receive rights refers to a task’s ability to listen on a given port. Receive rights can be sent from task to task in a Mach message. In the case of Mach IPC (but not Mach messaging), receive rights can even be configured to automatically return to the original task if the new task crashes or becomes unreachable (for example, if the new task isrunning on another computer and a router crashes). Boundary Crossings Mach Messaging and Mach Interprocess Communication (IPC) 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 112In addition to specifying receive rights, Mach ports can specify which tasks have the right to send data. A task with send rights may be able to send once, or may be able to arbitrarily send data to a given port, depending on the nature of the rights. Using Well-Defined Ports Before you can use Mach IPC for task communication, the sending task must be able to obtain send rights on the receiving task’s task port. Historically, there are several ways of doing this, not all of which are supported by OS X. For example, in OS X, unlike most other Mach derivatives, there is no service server or name server. Instead, the bootstrap task and mach_init subsume this functionality. When a task is created, it is given send rights to a bootstrap port for sending messages to the bootstrap task. Normally a task would use this port to send a message that gives the bootstrap task send rights on another port so that the bootstrap task can then return data to the calling task. Various routines exist in bootstrap.h that abstract this process. Indeed, most users of Mach IPC or Mach messaging actually use Mach remote procedure calls (RPC), which are implemented on top of Mach IPC. Since direct use of IPC is rarely desirable (because it is not easy to do correctly), and because the underlying IPC implementation has historically changed on a regular basis, the details are not covered here. You can find more information on using Mach IPC directly in the Mach 3 Server Writer’s Guide from Silicomp (formerly the Open Group, formerly the Open Software Foundation Research Institute), which can be obtained from the developer section of Apple’s website. While much of the information contained in that book is not fully up-to-date with respect to OS X, it should still be a relatively good resource on using Mach IPC. Remote Procedure Calls (RPC) Mach RPC is the most common use for Mach IPC. It is frequently used for user-kernel communication, but can also be used for task to task or even computer-to-computer communication. Programmers frequently use Mach RPC for setting certain kernel parameters such as a given thread’s scheduling policy. RPC is convenient because it is relatively transparent to the programmer. Instead of writing long, complex functionsthat handle ports directly, you have only to write the function to be called and a small RPC definition to describe how to export the function as an RPC interface. After that, any application with appropriate permissions can call those functions as if they were local functions, and the compiler will convert them to RPC calls. In the directory osfmk/mach (relative to your checkout of the xnu module from CVS), there are a number of files ending in .defs; these files contain the RPC definitions. When the kernel (or a kernel module) is compiled, the Mach Interface Generator(MIG) usesthese definitionsto create IPC code to support the functions exported via RPC. Normally, if you want to add a new remote procedure call, you should do so by adding a definition to one of these existing files. (See “Building and Debugging Kernels” (page 155) for more information on obtaining kernel sources.) Boundary Crossings Mach Messaging and Mach Interprocess Communication (IPC) 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 113What follows is an example of the definition for a routine, one of the more common uses of RPC. routine thread_policy_get( thread : thread_act_t; flavor : thread_policy_flavor_t; out policy_info : thread_policy_t, CountInOut; inout get_default : boolean_t); Notice the C-like syntax of the definition. Each parameter in the routine roughly maps onto a parameter in the C function. The C prototype for this function follows. kern_return_t thread_policy_get( thread_act_t act, thread_policy_flavor_t flavor, thread_policy_t policy_info, mach_msg_type_number_t *count, boolean_t get_default); The first two parameters are integers, and are passed as call-by-value. The third is a struct containing integers. It is an outgoing parameter, which means that the values stored in that variable will not be received by the function, but will be overwritten on return. Note: The parameters are all word-sized or multiples of the word size. Smaller data are impossible because of limitations inherent to the underlying Mach IPC mechanisms. From there it becomes more interesting. The fourth parameter in the C prototype is a representation of the size of the third. In the definition file, this is represented by an added option, CountInOut. The MIG option CountInOut specifies that there is to be an inout parameter called count. An inout parameter is one in which the original value can be read by the function being called, and its value is replaced on return from that function. Unlike a separate inout parameter, however, the value initially passed through this parameter is not directly set by the calling function. Instead, it is tied to the policy_info parameter so that the number of integers in policy_info is transparently passed in through this parameter. Boundary Crossings Mach Messaging and Mach Interprocess Communication (IPC) 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 114In the function itself, the function checks the count parameter to verify that the buffer size is at least the size of the data to be returned to prevent exceeding array bounds. The function changes the value stored in count to be the desired size and returns an error if the buffer is not large enough (unless the buffer pointer is null, in which case it returns success). Otherwise, it dereferences the various fields of the policy_info parameter and in so doing, stores appropriate values into it, then returns. Note: Since Mach RPC is done via message passing, inout parameters are technically call-by-value-return and not call-by-reference. For more realistic call-by-reference, you need to pass a pointer. The distinction is not particularly significant except when aliasing occurs. (Aliasing means having a single variable visible in the same scope under two or more different names.) In addition to the routine, Mach RPC also has a simpleroutine. A simpleroutine is a routine that is, by definition, asynchronous. It can have no out or inout parameters and no return value. The caller does not wait for the function to return. One possible use for this might be to tell an I/O device to send data as soon as it is ready. In that use, the simpleroutine might simply wait for data, then send a message to the calling task to indicate the availability of data. Another important feature of MIG is that of the subsystem. In MIG, a subsystem is a group of routines and simpleroutines that are related in some way. For example, the semaphore subsystem contains related routinesthat operate on semaphores. There are also subsystemsfor varioustimers, parts of the virtual memory (VM) system, and dozens of others in various places throughout the kernel. Most of the time, if you need to use RPC, you will be doing it within an existing subsystem. The details of creating a new subsystem are beyond the scope of this document. Developers needing to add a new Mach subsystem should consult the Mach 3 ServerWriter’s Guide from The Open Group (TOG), which can be obtained from various locations on the internet. Another feature of MIG is the type. A type in MIG is exactly the same thing as it is in programming languages. However, the construction of aggregate types differs somewhat. type clock_flavor_t = int; type clock_attr_t = array[*:1] of int; type mach_timespec_t = struct[2] of int; Data of type array is passed as the user-space address of what is assumed to be a contiguous array of the base type, while a struct is passed by copying all of the individual values of an array of the base type. Otherwise, these are treated similarly. A “struct” is not like a C struct, as elements of a MIG struct must all be of the same base type. Boundary Crossings Mach Messaging and Mach Interprocess Communication (IPC) 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 115The declaration syntax issimilar to Pascal, where *:1 and 2 representsizesfor the array orstructure, respectively. The *:1 construct indicates a variable-sized array, where the size can be up to 1, inclusive, but no larger. Calling RPC From User Applications RPC, as mentioned previously, is virtually transparent to the client. The procedure call looks like any other C function call, and no additional library linkage is needed. You need only to bring the appropriate headers in with a #include directive. The compiler automatically recognizes the call as a remote procedure call and handles the underlying MIG aspects for you. BSD syscall API The syscall API is the traditional UNIX way of calling kernel functions from user space. Its implementation variesfrom one part of the kernel to the next, however, and it is completely unsupported for loadable modules. For this reason, it is not a recommended way of getting data into or out of the kernel in OS X unless you are writing a file system. File systems have to support a number of standard system calls (for example, mount), but do so by means of generic file system routinesthat call the appropriate file-system functions. Thus, if you are writing a file system, you need to implement those functions, but you do not need to write the code that handles the system calls directly. For more information on implementing syscall support in file systems,see the chapter “File Systems Overview” (page 106). BSD ioctl API The ioctl interface provides a way for an application to send certain commands or information to a device driver. These can be used for parameter tuning (though this is more commonly done with sysctl), but can also be used for sending instructions for the driver to perform a particular task (for example, rewinding a tape drive). The use of the ioctl interface is essentially the same under OS X as it is in other BSD-derived operating systems, except in the way that device drivers register themselves with the system. In OS X, unlike most BSDs, the contents of the /dev directory are created dynamically by the kernel. This file system mounted on /dev is referred to as devfs. You can, of course, still manually create device nodes with mknod, because devfs is union mounted over the root file system. Boundary Crossings BSD syscall API 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 116The I/O Kit automatically registers some types of devices with devfs, creating a node in /dev. If your device family does not do that, you can manually register yourself in devfs using cdevsw_add or bdevsw_add (for character and block devices, respectively). When registering a device manually with devfs, you create a struct cdevsw or struct bdevsw yourself. In that device structure, one of the function pointers is to an ioctl function. You must define the particular values passed to the ioctl function in a header file accessible to the person compiling the application. A user application can also look up the device using the I/O Kit function call getMatchingServices and then use various I/O Kit calls to tune parameter instead. For more information on looking up a device driver from an application, see the document Accessing Hardware From Applications. You can also find additional information about writing an ioctl in The Design and Implementation of the 4.4 BSD Operating System. See the bibliography at the end of this document for more information. BSD sysctl API The system control (sysctl) API is specifically designed for kernel parameter tuning. This functionality supersedesthe syscall API, and also provides an easy way to tune simple kernel parameters without actually needing to write a handler routine in the kernel. The sysctl namespace is divided into several broad categories corresponding to the purpose of the parameters in it. Some of these areas include ● kern—general kernel parameters ● vm—virtual memory options ● fs—filesystem options ● machdep—machine dependent settings ● net—network stack settings ● debug—debugging settings ● hw—hardware parameters (generally read-only) ● user—parameters affecting user programs ● ddb—kernel debugger Most of the time, programs use the sysctl call to retrieve the current value of a kernel parameter. For example, in OS X, the hw sysctl group includesthe option ncpu, which returnsthe number of processorsin the current computer (or the maximum number of processors supported by the kernel on that particular computer, whichever is less). Boundary Crossings BSD sysctl API 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 117The sysctl API can also be used to modify parameters (though most parameters can only be changed by the root). For example, in the net hierarchy, net.inet.ip.forwarding can be set to 1 or 0, to indicate whether the computer should forward packets between multiple interfaces (basic routing). General Information on Adding a sysctl When adding a sysctl, you must do all of the following first: ● add the following includes: #include #include #include #include ● add -no-cpp-precomp to your compiler options in Project Builder (or to CFLAGS in your makefile if building by hand). Adding a sysctl Procedure Call Adding a system control (sysctl) was once a daunting task requiring changes to dozens of files. With the current implementation, a system control can be added simply by writing the appropriate handler functions and then registering the handler with the system at runtime. The old-style sysctl, which used fixed numbers for each control, is deprecated. Note: Because this is largely a construct of the BSD subsystem, all path names in this section can be assumed to be from /path/to/xnu-version/bsd/. Also, you may safely assume that all program code snippets should go into the main source file for your subsystem or module unless otherwise noted, and that in the case of modules, function calls should be made from your start or stop routines unless otherwise noted. The preferred way of adding a sysctl looks something like the following: SYSCTL_PROC(_hw, OID_AUTO, l2cr, CTLTYPE_INT|CTLFLAG_RW, &L2CR, 0, &sysctl_l2cr, "I", "L2 Cache Register"); Boundary Crossings BSD sysctl API 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 118The _PROC part indicates that you are registering a procedure to provide the value (as opposed to simply reading from a static address in kernel memory). _hw is the top level category (in this case, hardware), and OID_AUTO indicates that you should be assigned the next available control ID in that category (as opposed to the old-style, fixed ID controls). l2cr is the name of your control, which will be used by applications to look up the number of your control using sysctlbyname. Note: Not all top level categories will necessarily accept the addition of a user-specified new-style sysctl. If you run into problems, you should try a different top-level category. CTLTYPE_INT indicates that the value being changed is an integer. Other legal values are CTLTYPE_NODE, CTLTYPE_STRING, CTLTYPE_QUAD, and CTLTYPE_OPAQUE (also known as CTLTYPE_STRUCT). CTLTYPE_NODE isthe only one that isn’tsomewhat obvious. It refersto a node in the sysctl hierarchy that isn’t directly usable, but instead is a parent to other entries. Two examples of nodes are hw and kern. CTLFLAG_RW indicatesthat the value can be read and written.Other legal values are CTLFLAG_RD, CTLFLAG_WR, CTLFLAG_ANYBODY, and CTLFLAG_SECURE. CTLFLAG_ANYBODY means that the value should be modifiable by anybody. (The default is for variables to be changeable only by root.) CTLFLAG_SECURE means that the variable can be changed only when running at securelevel <= 0 (effectively, in single-user mode). L2CR is the location where the sysctl will store its data. Since the address is set at compile time, however, this must be a global variable or a static local variable. In this case, L2CR is a global of type unsigned int. The number 0 is a second argument that is passed to your function. This can be used, for example, to identify which sysctl was used to call your handler function if the same handler function is used for more than one control. In the case of strings, this is used to store the maximum allowable length for incoming values. sysctl_l2cr is the handler function for this sysctl. The prototype for these functions is of the form static int sysctl_l2cr SYSCTL_HANDLER_ARGS; If the sysctl is writable, the function may either use sysctl_handle_int to obtain the value passed in from user space and store it in the default location or use the SYSCTL_IN macro to store it into an alternate buffer. This function must also use the SYSCTL_OUT macro to return a value to user space. "I" indicates that the argument should refer to a variable of type integer (or a constant, pointer, or other piece of data of equivalent width), as opposed to "L" for a long, "A" for a string, "N" for a node (a sysctl that is the parent of a sysctl category or subcategory), or "S" for a struct. "L2 Cache Register" is a human-readable description of your sysctl. In order for a control to be accessible from an application, it must be registered. To do this, you do the following: Boundary Crossings BSD sysctl API 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 119sysctl_register_oid(&sysctl__hw_l2cr); You should generally do this in an init routine for a loadable module. If your code is not part of a loadable module, you should add your sysctl to the list of built-in OIDs in the file kern/sysctl_init.c. If you study the SYSCTL_PROC constructor macro, you will notice that sysctl__hw_l2cr is the name of a variable created by that macro. This meansthat the SYSCTL_PROC line must be before sysctl_register_oid in the file, and must be in the same (or broader) scope. This name is in the form of sysctl_ followed by the name of it’s parent node, followed by another underscore ( _ ) followed by the name of your sysctl. A similar function, sysctl_unregister_oid exists to remove a sysctl from the registry. If you are writing a loadable module, you should be certain to do this when your module is unloaded. In addition to registering your handler function, you also have to write the function. The following is a typical example static int myhandler SYSCTL_HANDLER_ARGS { int error, retval; error = sysctl_handle_int(oidp, oidp->oid_arg1, oidp->oid_arg2, req); if (!error && req->newptr) { /* We have a new value stored in the standard location.*/ /* Do with it as you see fit here. */ printf("sysctl_test: stored %d\n", SCTEST); } else if (req->newptr) { /* Something was wrong with the write request */ /* Do something here if you feel like it.... */ } else { /* Read request. Always return 763, just for grins. */ printf("sysctl_test: read %d\n", SCTEST); retval=763; error=SYSCTL_OUT(req, &retval, sizeof retval); } /* In any case, return success or return the reason for failure */ return error; Boundary Crossings BSD sysctl API 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 120} This demonstrates the use of SYSCTL_OUT to send an arbitrary value out to user space from the sysctl handler. The “phantom” req argument is part of the function prototype when the SYSCTL_HANDLER_ARGS macro is expanded, as is the oidp variable used elsewhere. The remaining arguments are a pointer (type indifferent) and the length of data to copy (in bytes). This code sample also introduces a new function, sysctl_handle_int, which takes the arguments passed to the sysctl, and writes the integer into the usual storage area (L2CR in the earlier example, SCTEST in this one). If you want to see the new value without storing it (to do a sanity check, for example), you should instead use the SYSCTL_IN macro, whose arguments are the same as SYSCTL_OUT. Registering a New Top Level sysctl In addition to adding new sysctl options, you can also add a new category or subcategory. The macro SYSCTL_DECL can be used to declare a node that can have children. This requires modifying one additional file to create the child list. For example, if your main C file does this: SYSCTL_DECL(_net_newcat); SYSCTL_NODE(_net, OID_AUTO, newcat, CTLFLAG_RW, handler, "new category"); then this is basically the same thing as declaring extern sysctl_oid_list sysctl__net_newcat_children in your program. In order for the kernel to compile, or the module to link, you must then add this line: struct sysctl_oid_list sysctl__net_newcat_children; If you are not writing a module, this should go in the file kern/kern_newsysctl.c. Otherwise, it should go in one of the files of your module. Once you have created this variable, you can use _net_newcat as the parent when creating a new control. As with any sysctl, the node (sysctl__net_newcat) must be registered with sysctl_register_oid and can be unregistered with sysctl_unregister_oid. Boundary Crossings BSD sysctl API 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 121Note: When creating a top level sysctl, parent is simply left blank, for example, SYSCTL_NODE( , OID_AUTO, _topname, flags, handler_fn, "desc"); Adding a Simple sysctl If your sysctl only needsto read a value out of a variable, then you do not need to write a function to provide access to that variable. Instead, you can use one of the following macros: ● SYSCTL_INT(parent, nbr, name, access, ptr, val, descr) ● SYSCTL_LONG(parent, nbr, name, access, ptr, descr) ● SYSCTL_STRING(parent, nbr, name, access, arg, len, descr) ● SYSCTL_OPAQUE(parent, nbr, name, access, ptr, len, descr) ● SYSCTL_STRUCT(parent, nbr, name, access, arg, type, descr) The first four parameters for each macro are the same as for SYSCTL_PROC (described in the previous section) as is the last parameter. The len parameter (where applicable) gives a length of the string or opaque object in bytes. The arg parameters are pointersjust like the ptr parameters. However, the parameters named ptr are explicitly described as pointers because you must explicitly use the “address of” (&) operator unless you are already working with a pointer. Parameters called arg either operate on base types that are implicitly pointers or add the & operator in the appropriate place during macro expansion. In both cases, the argument should refer to the integer, character, or other object that the sysctl will use to store the current value. The type parameter is the name of the type minus the “struct”. For example, if you have an object of type struct scsipi, then you would use scsipi as that argument. The SYSCTL_STRUCT macro is functionally equivalent to SYSCTL_OPAQUE, except that it hides the use of sizeof. Finally, the val parameter for SYSCTL_INT is a default value. If the value passed in ptr is NULL, this value is returned when the sysctl is used. You can use this, for example, when adding a sysctl that is specific to certain hardware or certain compile options. One possible example of this might be a special value for feature.version that means “not present.” If that feature became available (for example, if a module were loaded by some user action), it could then update that pointer. If that module were subsequently unloaded, it could set the pointer back to NULL. Boundary Crossings BSD sysctl API 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 122Calling a sysctl From User Space Unlike RPC, sysctl requires explicit intervention on the part of the programmer. To complicate thingsfurther, there are two different ways of calling sysctl functions, and neither one worksfor every control. The old-style sysctl call can only invoke a control if it is listed in a static OID table in the kernel. The new-style sysctlbyname call will work for any user-added sysctl, but not for those listed in the static table. Occasionally, you will even find a control that isregistered in both ways, and thus available to both calls. In order to understand the distinction, you must first consider the functions used. The sysctlbyname System Call If you are calling a sysctl that was added using the new sysctl method (including any sysctl that you may have added), then your sysctl does not have a fixed number that identifies it, since it was added dynamically to the system. Since there is no approved way to get this number from user space, and since the underlying implementation is not guaranteed to remain the same in future releases, you cannot call a dynamically added control using the sysctl function. Instead, you must use sysctlbyname. sysctlbyname(char *name, void *oldp, size_t *oldlenp, void *newp, u_int newlen) The parameter name is the name of the sysctl, encoded as a standard C string. The parameter oldp is a pointer to a buffer where the old value will be stored. The oldlenp parameter is a pointer to an integer-sized buffer that holds the current size of the oldp buffer. If the oldp buffer is not large enough to hold the returned data, the call will fail with errno set to ENOMEM, and the value pointed to by oldlenp will be changed to indicate the buffer size needed for a future call to succeed. Here is an example for reading an integer, in this case a buffer size. int get_debug_bufsize() { char *name="debug.bpf_bufsize"; int bufsize, retval; size_t len; len=4; retval=sysctlbyname(name, &bufsize, &len, NULL, 0); /* Check retval here */ return bufsize; } Boundary Crossings BSD sysctl API 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 123The sysctl System Call The sysctlbyname system call is the recommended way to call system calls. However, not every built-in system control is registered in the kernel in such a way that it can be called with sysctlbyname. For this reason, you should also be aware of the sysctl system call. Note: If you are adding a sysctl, it will be accessible using sysctlbyname. You should use this system call only if the sysctl you need cannot be retrieved using sysctlbyname. In particular, you should not assume that future versions of sysctl will be backed by traditional numeric OIDs except for the existing legacy OIDs, which will be retained for compatibility reasons. The sysctl system call is part of the original historical BSD implementation of system controls. You should not depend on its use for any control that you might add to the system. The classic usage of sysctl looks like the following sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, u_int newlen) System controls, in this form, are based on the MIB, or Management Information Base architecture. A MIB is a list of objects and identifiers for those objects. Each object identifier, or OID, is a list of integers that represent a tokenization of a path through the sysctl tree. For example, if the hw class of sysctl is number 3, the first integer in the OID would be the number 3. If the l2cr option is built into the system and assigned the number 75, then the second integer in the OID would be 75. To put it another way, each number in the OID is an index into a node’s list of children. Here is a short example of a call to get the bus speed of the current computer: int get_bus_speed() { int mib[2], busspeed, retval; unsigned int miblen; size_t len; mib[0]=CTL_HW; mib[1]=HW_BUS_FREQ; miblen=2; len=4; retval=sysctl(mib, miblen, &busspeed, &len, NULL, 0); Boundary Crossings BSD sysctl API 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 124/* Check retval here */ return busspeed; } For more information on the sysctl system call, see the manual page sysctl. Memory Mapping and Block Copying Memory mapping is one of the more common means of communicating between two applications or between an application and the kernel. While occasionally used by itself, it is usually used in conjunction with one of the other means of boundary crossing. One way of using memory mapping is known as shared memory. In this form, one or more pages of memory are mapped into the address space of two processes. Either process can then access or modify the data stored in those shared pages. This is useful when moving large quantities of data between processes, as it allows direct communication without multiple user-kernel boundary crossings. Thus, when moving large amounts of data between processes, this is preferable to traditional message passing. The same holds true with memory mapping between an application and the kernel. The BSD sysctl and syscall interfaces (and to an extent, Mach IPC) were designed to transfer small units of data of known size, such as an array of four integers. In this regard, they are much like a traditional C function call. If you need to pass a large amount of data to a function in C, you should pass a pointer. This is also true when passing data between an application and the kernel, with the addition of memory mapping or copying to allow that pointer to be dereferenced in the kernel. There are a number of limitations to the way that memory mapping can be used to exchange data between an application and the kernel. For one, memory allocated in the kernel cannot be written to by applications, including those running as root (unless the kernel is running in an insecure mode, such as single user mode). For this reason, if a buffer must be modified by an application, the buffer must be allocated by that program, not by the kernel. When you use memory mapping for passing data to the kernel, the application allocates a block of memory and fillsit with data. It then performs a system call that passesthe addressto the appropriate function in kernel space. It should be noted, however, that the address being passed is a virtual address, not a physical address, and more importantly, it is relative to the address space of the program, which is not the same as the address space of the kernel. Since the address is a user-space virtual address, the kernel must call special functions to copy the block of memory into a kernel buffer or to map the block of memory into the kernel’s address space. Boundary Crossings Memory Mapping and Block Copying 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 125In the OS X kernel, data is most easily copied into kernel space with the BSD copyin function, and back out to user space with the copyout function. For large blocks of data, entire pages will be memory mapped using copy-on-write. For this reason, it is generally not useful to do memory mapping by hand. Getting data from the kernel to an application can be done in a number of ways. The most common method is the reverse of the above, in which the application passes in a buffer pointer, the kernel scribbles on a chunk of data, uses copyout to copy the buffer data into the address space of the application, and returns KERN_SUCCESS. Note that this is really using the buffer allocated in the application, even though the physical memory may have actually been allocated by the kernel. Assuming the kernel frees its reference to the buffer, no memory is wasted. A special case of memory mapping occurs when doing I/O to a device from user space. Since I/O operations can, in some cases, be performed by DMA hardware that operates based on physical addressing, it is vital that the memory associated with I/O buffers not be paged out while the hardware is copying data to or from the buffer. For this reason, when a driver or other kernel entity needs a buffer for I/O, it must take steps to mark it as not pageable. This step is referred to as wiring the pages in memory. Wiring pages into memory can also be helpful where high bandwidth, low latency communication is desired, as it prevents shared buffers from being paged out to disk. In general, however, this sort of workaround should be unnecessary, and is considered to be bad programming practice. Pages can be wired in two ways. When a memory region is allocated, it may be allocated in a nonpageable fashion. The details of allocating memory for I/O differ, depending on what part of the kernel you are modifying. This is described in more detail in the appropriate sections of this document, or in the case of the I/O Kit, in the API reference documentation (available from the developer section of Apple’s web site). Alternately, individual pages may be wired after allocation. The recommended way to do this is through a call to vm_wire in BSD parts of the kernel, with mlock from applications (but only by processes running as root), or with IOMemoryDescriptor::prepare in the I/O Kit. Because this can fail for a number of reasons, it is particularly crucial to check return values when wiring memory. The vm_wire call and other virtual memory topics are discussed in more detail in “Memory and Virtual Memory” (page 61). The IOMemoryDescriptor class is described in more detail in the I/O Kit API reference available from the developer section of Apple’s web site. Boundary Crossings Memory Mapping and Block Copying 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 126Summary Crossing the user-kernel boundary is not a trivial task. Many mechanisms exist for this communication, and each one has specific advantages and disadvantages, depending on the environment and bandwidth requirements. Security is a constant concern to prevent inadvertently allowing one program to access data or files from another program or user. It is every kernel programmer’s personal responsibility to take security into account any time that data crosses the user-kernel boundary. Boundary Crossings Summary 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 127This chapter is not intended as an introduction to synchronization. It is assumed that you have some understanding of the basic concepts of locks and semaphores already. If you need additional background reading,synchronization is covered in most introductory operating systemstexts. However,since synchronization in the kernel is somewhat different from locking in an application this chapter does provide a brief overview to help ease the transition, or for experienced kernel developers, to refresh your memory. As an OS X kernel programmer, you have many choices of synchronization mechanisms at your disposal. The kernel itself provides two such mechanisms: locks and semaphores. A lock is used for basic protection of shared resources. Multiple threads can attempt to acquire a lock, but only one thread can actually hold it at any given time (at least for traditional locks—more on this later). While that thread holds the lock, the other threads must wait. There are several different types of locks, differing mainly in what threads do while waiting to acquire them. A semaphore is much like a lock, except that a finite number of threads can hold itsimultaneously. Semaphores can be thought of as being much like piles of tokens. Multiple threads can take these tokens, but when there are none left, a thread must wait until another thread returns one. It is important to note that semaphores can be implemented in many different ways,so Mach semaphores may not behave in the same way assemaphores on other platforms. In addition to locks and semaphores, certain low-level synchronization primitives like test and set are also available, along with a number of other atomic operations. These additional operations are described in libkern/gen/OSAtomicOperations.c in the kernelsources. Such atomic operations may be helpful if you do not need something asrobust as a full-fledged lock orsemaphore. Since they are not generalsynchronization mechanisms, however, they are beyond the scope of this chapter. Semaphores Semaphores and locks are similar, except that with semaphores, more than one thread can be doing a given operation at once. Semaphores are commonly used when protecting multiple indistinct resources. For example, you might use a semaphore to prevent a queue from overflowing its bounds. OS X uses traditional counting semaphores rather than binary semaphores (which are essentially locks). Mach semaphores obey Mesa semantics—that is, when a thread is awakened by a semaphore becoming available, it is not executed immediately. This presents the potential for starvation in multiprocessor situations when the 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 128 Synchronization Primitivessystem is under low overall load because other threads could keep downing the semaphore before the just-woken thread gets a chance to run. This is something that you should consider carefully when writing applications with semaphores. Semaphores can be used any place where mutexes can occur. This precludes their use in interrupt handlers or within the context of the scheduler, and makes it strongly discouraged in the VM system. The public API for semaphores is divided between the MIG–generated task.h file (located in your build output directory, included with #include ) and osfmk/mach/semaphore.h (included with #include ). The public semaphore API includes the following functions: kern_return_t semaphore_create(task_t task, semaphore_t *semaphore, int policy, int value) kern_return_t semaphore_signal(semaphore_t semaphore) kern_return_t semaphore_signal_all(semaphore_t semaphore) kern_return_t semaphore_wait(semaphore_t semaphore) kern_return_t semaphore_destroy(task_t task, semaphore_t semaphore) kern_return_t semaphore_signal_thread(semaphore_t semaphore, thread_act_t thread_act) which are described in or xnu/osfmk/mach/semaphore.h (except for create and destroy, which are described in . The use of these functions is relatively straightforward with the exception of the semaphore_create, semaphore_destroy, and semaphore_signal_thread calls. The value and semaphore parametersfor semaphore_create are exactly what you would expect—a pointer to the semaphore structure to be filled out and the initial value for the semaphore, respectively. The task parameter refers to the primary Mach task that will “own” the lock. This task should be the one that is ultimately responsible for the subsequent destruction of the semaphore. The task parameter used when calling semaphore_destroy must match the one used when it was created. For communication within the kernel, the task parameter should be the result of a call to current_task. For synchronization with a user process, you need to determine the underlying Mach task for that process by calling current_task on the kernel side and mach_task_self on the application side. task_t current_task(void); // returns the kernel task port task_t mach_task_self(void);// returns the task port of the current thread Synchronization Primitives Semaphores 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 129Note: In the kernel, be sure to always use current_task. In the kernel, mach_task_self returns a pointer to the kernel’s VM map, which is probably not what you want. The details of user-kernel synchronization are beyond the scope of this document. The policy parameter is passed asthe policy for the wait queue contained within the semaphore. The possible values are defined in osfmk/mach/sync_policy.h. Current possible values are: ● SYNC_POLICY_FIFO ● SYNC_POLICY_FIXED_PRIORITY ● SYNC_POLICY_PREPOST The FIFO policy is, asthe name suggests, first-in-first-out. The fixed priority policy causes wait queue reordering based on fixed thread priority policies. The prepost policy causes the semaphore_signal function to not increment the counter if no threads are waiting on the queue. This policy is needed for creating condition variables (where a thread is expected to always wait until signalled). See the section “Wait Queues and Wait Primitives” (page 87) for more information. The semaphore_signal_thread call takes a particular thread from the wait queue and places it back into one of the scheduler’s wait-queues, thus making that thread available to be scheduled for execution. If thread_act is NULL, the first thread in the queue is similarly made runnable. With the exception of semaphore_create and semaphore_destroy, these functions can also be called from user space via RPC. See “Calling RPC From User Applications” (page 116) for more information. Condition Variables The BSD portion of OS X provides msleep, wakeup, and wakeup_one, which are equivalent to condition variables with the addition of an optional time-out. You can find these functions in sys/proc.h in the Kernel framework headers. msleep(void *channel, lck_mtx_t *mtx, int priority, const char *wmesg, struct timespec *timeout); msleep0(vvoid *channel, lck_mtx_t *mtx, int priority, const char *wmesg, uint64_t deadline); wakeup(void *channel); wakeup_one(void *channel); Synchronization Primitives Condition Variables 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 130The msleep call is similar to a condition variable. It puts a thread to sleep until wakeup or wakeup_one is called on that channel. Unlike a condition variable, however, you can set a timeout measured in clock ticks. This means that it is both a synchronization call and a delay. The prototypes follow: msleep(void *channel, lck_mtx_t *mtx, int priority, const char *wmesg, struct timespec *timeout); msleep0(vvoid *channel, lck_mtx_t *mtx, int priority, const char *wmesg, uint64_t deadline); wakeup(void *channel); wakeup_one(void *channel); The three sleep calls are similar except in the mechanism used for timeouts. The function msleep0 is not recommended for general use. In these functions, channel is a unique identifier representing a single condition upon which you are waiting. Normally, when msleep is used, you are waiting for a change to occur in a data structure. In such cases, it is common to use the address of that data structure as the value for channel, as this ensures that no code elsewhere in the system will be using the same value. The priority argument has three effects. First, when wakeup is called, threads are inserted in the scheduling queue at this priority. Second, if the bit (priority & PCATCH) is set, msleep0 does not allow signals to interrupt the sleep. Third, if the bit (priority & PDROP) is zero, msleep0 drops the mutex on sleep and reacquires it upon waking. If (priority & PDROP) is one, msleep0 drops the mutex if it has to sleep, but does not reacquire it. The subsystem argument is a short text string that represents the subsystem that is waiting on this channel. This is used solely for debugging purposes. The timeout argument is used to set a maximum wait time. The thread may wake sooner, however, if wakeup or wakeup_one is called on the appropriate channel. It may also wake sooner if a signal isreceived, depending on the value of priority. In the case of msleep0, this is given as a mach abstime deadline. In the case of msleep, this is given in relative time (seconds and nanoseconds). Outside the BSD portion of the kernel, condition variables may be implemented using semaphores. Synchronization Primitives Condition Variables 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 131Locks OS X (and Mach in general) has three basic types of locks: spinlocks, mutexes, and read-write locks. Each of these has different uses and different problems. There are also many other types of locks that are not implemented in OS X, such as spin-sleep locks, some of which may be useful to implement for performance comparison purposes. Spinlocks A spinlock is the simplest type of lock. In a system with a test-and-set instruction or the equivalent, the code looks something like this: while (test_and_set(bit) != 0); In other words, until the lock is available, it simply “spins” in a tight loop that keeps checking the lock until the thread’s time quantum expires and the next thread begins to execute. Since the entire time quantum for the first thread must complete before the next thread can execute and (possibly) release the lock, a spinlock is very wasteful of CPU time, and should be used only in places where a mutex cannot be used, such as in a hardware exception handler or low-level interrupt handler. Note that a thread may not block while holding a spinlock, because that could cause deadlock. Further, preemption is disabled on a given processor while a spinlock is held. There are three basic types of spinlocks available in OS X: lck_spin_t (which supersedes simple_lock_t), usimple_lock_t, and hw_lock_t. You are strongly encouraged to not use hw_lock_t; it is only mentioned for the sake of completeness. Of these, only lck_spin_t is accessible from kernel extensions. The u in usimple stands for uniprocessor, because they are the only spinlocks that provide actual locking on uniprocessorsystems. Traditionalsimple locks, by contrast, disable preemption but do notspin on uniprocessor systems. Note that in most contexts, it is not useful to spin on a uniprocessor system, and thus you usually only need simple locks. Use of usimple locks is permissible for synchronization between thread context and interrupt context or between a uniprocessor and an intelligent device. However, in most cases, a mutex is a better choice. Important: Simple and usimple locks that could potentially be shared between interrupt context and thread context must have their use coordinated with spl (see glossary). The IPL (interrupt priority level) must always be the same when acquiring the lock, otherwise deadlock may result. (This is not an issue for kernel extensions, however, as the spl functions cannot be used there.) The spinlock functions accessible to kernel extensions consist of the following: Synchronization Primitives Locks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 132extern lck_spin_t *lck_spin_alloc_init( lck_grp_t *grp, lck_attr_t *attr); extern void lck_spin_init( lck_spin_t *lck, lck_grp_t *grp, lck_attr_t *attr); extern void lck_spin_lock( lck_spin_t *lck); extern void lck_spin_unlock( lck_spin_t *lck); extern void lck_spin_destroy( lck_spin_t *lck, lck_grp_t *grp); extern void lck_spin_free( lck_spin_t *lck, lck_grp_t *grp); extern wait_result_t lck_spin_sleep( lck_spin_t *lck, lck_sleep_action_t lck_sleep_action, event_t event, wait_interrupt_t interruptible); extern wait_result_t lck_spin_sleep_deadline( lck_spin_t *lck, lck_sleep_action_t lck_sleep_action, event_t event, wait_interrupt_t interruptible, uint64_t deadline); Synchronization Primitives Locks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 133Prototypes for these locks can be found in . The arguments to these functions are described in detail in “Using Lock Functions” (page 139). Mutexes A mutex, mutex lock, or sleep lock, is similar to a spinlock, except that instead of constantly polling, it places itself on a queue of threads waiting for the lock, then yields the remainder of its time quantum. It does not execute again until the thread holding the lock wakesit (or in some userspace variations, until an asynchronous signal arrives). Mutexes are more efficient than spinlocksfor most purposes. However, they are less efficient in multiprocessing environments where the expected lock-holding time is relatively short. If the average time is relatively short but occasionally long, spin/sleep locks may be a better choice. Although OS X does not support spin/sleep locksin the kernel, they can be easily implemented on top of existing locking primitives. If your code performance improves as a result of using such locks, however, you should probably look for ways to restructure your code, such as using more than one lock or moving to read-write locks, depending on the nature of the code in question. See “Spin/Sleep Locks” (page 138) for more information. Because mutexes are based on blocking, they can only be used in places where blocking is allowed. For this reason, mutexes cannot be used in the context of interrupt handlers. Interrupt handlers are not allowed to block because interrupts are disabled for the duration of an interrupt handler, and thus, if an interrupt handler blocked, it would prevent the scheduler from receiving timer interrupts, which would prevent any other thread from executing, resulting in deadlock. For a similar reason, it is not reasonable to block within the scheduler. Also, blocking within the VM system can easily lead to deadlock if the lock you are waiting for is held by a task that is paged out. However, unlike simple locks, it is permissible to block while holding a mutex. This would occur, for example, if you took one lock, then tried to take another, but the second lock was being held by another thread. However, this is generally not recommended unless you carefully scrutinize all uses of that mutex for possible circular waits, as it can result in deadlock. You can avoid this by always taking locks in a certain order. In general, blocking while holding a mutex specific to your code isfine aslong as you wrote your code correctly, but blocking while holding a more global mutex is probably not, since you may not be able to guarantee that other developers’ code obeys the same ordering rules. A Mach mutex is of type mutex_t. The functions that operate on mutexes include: lck_mtx_t *lck_mtx_alloc_init(lck_grp_t *grp, lck_attr_t *attr); extern void lck_mtx_init( lck_mtx_t *lck, Synchronization Primitives Locks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 134lck_grp_t *grp, lck_attr_t *attr); extern void lck_mtx_lock( lck_mtx_t *lck); extern void lck_mtx_unlock( lck_mtx_t *lck); extern void lck_mtx_destroy(lck_mtx_t *lck, lck_grp_t *grp); extern void lck_mtx_free( lck_mtx_t *lck, lck_grp_t *grp); extern wait_result_tlck_mtx_sleep( lck_mtx_t *lck, lck_sleep_action_t lck_sleep_action, event_t event, wait_interrupt_t interruptible); extern wait_result_tlck_mtx_sleep_deadline( lck_mtx_t *lck, lck_sleep_action_t lck_sleep_action, event_t event, wait_interrupt_t interruptible, uint64_t deadline); extern void lck_mtx_assert( lck_mtx_t *lck, unsigned int type); as described in . The arguments to these functions are described in detail in “Using Lock Functions” (page 139). Synchronization Primitives Locks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 135Read-Write Locks Read-write locks (also called shared-exclusive locks) are somewhat different from traditional locks in that they are not always exclusive locks. A read-write lock is useful when shared data can be reasonably read concurrently by multiple threads except while a thread is modifying the data. Read-write locks can dramatically improve performance if the majority of operations on the shared data are in the form of reads(since it allows concurrency), while having negligible impact in the case of multiple writes. A read-write lock allows this sharing by enforcing the following constraints: ● Multiple readers can hold the lock at any time. ● Only one writer can hold the lock at any given time. ● A writer must block until all readers have released the lock before obtaining the lock for writing. ● Readers arriving while a writer is waiting to acquire the lock will block until after the writer has obtained and released the lock. The first constraint allows read sharing. The second constraint prevents write sharing. The third prevents read-write sharing, and the fourth prevents starvation of the writer by a steady stream of incoming readers. Mach read-write locks also provide the ability for a reader to become a writer and vice-versa. In locking terminology, an upgrade is when a reader becomes a writer, and a downgrade is when a writer becomes a reader. To prevent deadlock, some additional constraints must be added for upgrades and downgrades: ● Upgrades are favored over writers. ● The second and subsequent concurrent upgrades will fail, causing that thread’s read lock to be released. The first constraint is necessary because the reader requesting an upgrade is holding a read lock, and the writer would not be able to obtain a write lock until the reader releases its read lock. In this case, the reader and writer would wait for each other forever. The second constraint is necessary to prevents the deadlock that would occur if two readers wait for the other to release its read lock so that an upgrade can occur. The functions that operate on read-write locks are: extern lck_rw_t *lck_rw_alloc_init( lck_grp_t *grp, lck_attr_t *attr); extern void lck_rw_init( lck_rw_t *lck, lck_grp_t *grp, Synchronization Primitives Locks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 136lck_attr_t *attr); extern void lck_rw_lock( lck_rw_t *lck, lck_rw_type_t lck_rw_type); extern void lck_rw_unlock( lck_rw_t *lck, lck_rw_type_t lck_rw_type); extern void lck_rw_lock_shared( lck_rw_t *lck); extern void lck_rw_unlock_shared( lck_rw_t *lck); extern void lck_rw_lock_exclusive( lck_rw_t *lck); extern void lck_rw_unlock_exclusive( lck_rw_t *lck); extern void lck_rw_destroy( lck_rw_t *lck, lck_grp_t *grp); extern void lck_rw_free( lck_rw_t *lck, lck_grp_t *grp); extern wait_result_t lck_rw_sleep( lck_rw_t *lck, lck_sleep_action_t lck_sleep_action, Synchronization Primitives Locks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 137event_t event, wait_interrupt_t interruptible); extern wait_result_t lck_rw_sleep_deadline( lck_rw_t *lck, lck_sleep_action_t lck_sleep_action, event_t event, wait_interrupt_t interruptible, uint64_t deadline); This is a more complex interface than that of the other locking mechanisms, and actually is the interface upon which the other locks are built. The functions lck_rw_lock and lck_rw_lock lock and unlock a lock as either shared (read) or exclusive (write), depending on the value of lck_rw_type., which can contain either LCK_RW_TYPE_SHARED or LCK_RW_TYPE_EXCLUSIVE. You should always be careful when using these functions, as unlocking a lock held in shared mode using an exclusive call or vice-versa will lead to undefined results. The arguments to these functions are described in detail in “Using Lock Functions” (page 139). Spin/Sleep Locks Spin/sleep locks are not implemented in the OS X kernel. However, they can be easily implemented on top of existing locks if desired. For short waits on multiprocessor systems, the amount of time spent in the context switch can be greater than the amount of time spent spinning. When the time spent spinning while waiting for the lock becomes greater than the context switch overhead, however, mutexes become more efficient. For this reason, if there is a large degree of variation in wait time on a highly contended lock, spin/sleep locks may be more efficient than traditional spinlocks or mutexes. Ideally, a program should be written in such a way that the time spent holding a lock is always about the same, and the choice of locking is clear. However, in some cases, this is not practical for a highly contended lock. In those cases, you may consider using spin/sleep locks. Synchronization Primitives Locks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 138The basic principle ofspin/sleep locksissimple. A thread takesthe lock if it is available. If the lock is not available, the thread may enter a spin cycle. After a certain period of time (usually a fraction of a time quantum or a small number of time quanta), the spin routine’s time-out is reached, and it returns failure. At that point, the lock places the waiting thread on a queue and puts it to sleep. In other variations on this design, spin/sleep locks determine whether to spin or sleep according to whether the lock-holding thread is currently on another processor (or is about to be). For short wait periods on multiprocessor computers, the spin/sleep lock is more efficient than a mutex, and roughly as efficient as a standard spinlock. For longer wait periods, the spin/sleep lock is significantly more efficient than the spinlock and only slightly less efficient than a mutex. There is a period near the transition between spinning and sleeping in which the spin/sleep lock may behave significantly worse than either of the basic lock types, however. Thus, spin/sleep locks should not be used unless a lock is heavily contended and has widely varying hold times. When possible, you should rewrite the code to avoid such designs. Using Lock Functions While most of the locking functions are straightforward, there are a few detailsrelated to allocating, deallocating, and sleeping on locks that require additional explanation. As the syntax of these functions is identical across all of the lock types, this section explains only the usage for spinlocks. Extending this to other lock types is left as a (trivial) exercise for the reader. The first thing you must do when allocating locks is to allocate a lock group and a lock attribute set. Lock groups are used to name locks for debugging purposes and to group locks by function for general understandability. Lock attribute sets allow you to set flags that alter the behavior of a lock. The following code illustrates how to allocate an attribute structure and a lock group structure for a lock. In this case, a spinlock is used, but with the exception of the lock allocation itself, the process is the same for other lock types. Listing 17-1 Allocating lock attributes and groups (lifted liberally from kern_time.c) lck_grp_attr_t *tz_slock_grp_attr; lck_grp_t *tz_slock_grp; lck_attr_t *tz_slock_attr; lck_spin_t *tz_slock; /* allocate lock group attribute and group */ tz_slock_grp_attr = lck_grp_attr_alloc_init(); lck_grp_attr_setstat(tz_slock_grp_attr); Synchronization Primitives Locks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 139tz_slock_grp = lck_grp_alloc_init("tzlock", tz_slock_grp_attr); /* Allocate lock attribute */ tz_slock_attr = lck_attr_alloc_init(); //lck_attr_setdebug(tz_slock_attr); // set the debug flag //lck_attr_setdefault(tz_slock_attr); // clear the debug flag /* Allocate the spin lock */ tz_slock = lck_spin_alloc_init(tz_slock_grp, tz_slock_attr); The first argument to the lock initializer, of type lck_grp_t, is a lock group. This is used for debugging purposes, including lock contention profiling. The details of lock tracing are beyond the scope of this document, however, every lock must belong to a group (even if that group contains only one lock). The second argument to the lock initializer, of type lck_attr_t, contains attributes for the lock. Currently, the only attribute available islock debugging. This attribute can be set using lck_attr_setdebug and cleared with lck_attr_setdefault. To dispose of a lock, you simply call the matching free functions. For example: lck_spin_free(tz_slock, tz_slock_grp); lck_attr_free(tz_slock_attr); lck_grp_free(tz_slock_grp); lck_grp_attr_free(tz_slock_grp_attr); Note: While you can safely dispose of the lock attribute and lock group attribute structures, it is important to keep track of the lock group associated with a lock as long as the lock exists, since you will need to pass the group to the lock's matching free function when you deallocate the lock (generally at unload time). The other two interesting functions are lck_spin_sleep and lck_spin_sleep_deadline. These functions release a spinlock and sleep until an event occurs, then wake. The latter includes a timeout, at which point it will wake even if the event has not occurred. extern wait_result_t lck_spin_sleep( lck_rspin_t *lck, Synchronization Primitives Locks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 140lck_sleep_action_t lck_sleep_action, event_t event, wait_interrupt_t interruptible); extern wait_result_t lck_spin_sleep_deadline( lck_spin_t *lck, lck_sleep_action_t lck_sleep_action, event_t event, wait_interrupt_t interruptible, uint64_t deadline); The parameter lck_sleep_action controls whether the lock will be reclaimed after sleeping prior to this function returning. The valid options are: LCK_SLEEP_DEFAULT Release the lock while waiting for the event, then reclaim it. Read-write locks are held in the same mode as they were originally held. LCK_SLEEP_UNLOCK Release the lock and return with the lock unheld. LCK_SLEEP_SHARED Reclaim the lock in shared mode (read-write locks only). LCK_SLEEP_EXCLUSIVE Reclaim the lock in exclusive mode (read-write locks only). The event parameter can be any arbitrary integer, but it must be unique across the system. To ensure uniqueness, a common programming practice isto use the address of a global variable (often the one containing a lock) as the event value. For more information on these events, see “Event and Timer Waits” (page 143). The parameter interruptible indicates whether the scheduler should allow the wait to be interrupted by asynchronous signals. If this is false, any false wakes will result in the process going immediately back to sleep (with the exception of a timer expiration signal, which will still wake lck_spin_sleep_deadline). Synchronization Primitives Locks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 141This chapter containsinformation about miscellaneousservices provided by the OS X kernel. For most projects, you will probably never need to use most of these services, but if you do, you will find it hard to do without them. This chapter containsthese sections:“Using Kernel Time Abstractions” (page 142),“Boot Option Handling” (page 146), “Queues” (page 147), and “Installing Shutdown Hooks” (page 148). Using Kernel Time Abstractions There are two basic groups of time abstractionsin the kernel. One group includesfunctionsthat provide delays and timed wake-ups. The other group includesfunctions and variablesthat provide the current wall clock time, the time used by a given process, and other similar information. This section describes both aspects of time from the perspective of the kernel. Obtaining Time Information There are a number of ways to get basic time information from within the kernel. The officially approved methods are those that Mach exports in kern/clock.h. These include the following: void clock_get_uptime(uint64_t *result); void clock_get_system_microtime( uint32_t *secs, uint32_t *microsecs); void clock_get_system_nanotime( uint32_t *secs, uint32_t *nanosecs); void clock_get_calendar_microtime( uint32_t *secs, uint32_t *microsecs); void clock_get_calendar_nanotime( uint32_t *secs, uint32_t *nanosecs); 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 142 Miscellaneous Kernel ServicesThe function clock_get_uptime returns a value in AbsoluteTime units. For more information on using AbsoluteTime, see “Using Mach Absolute Time Functions” (page 144). The functions clock_get_system_microtime and clock_get_system_nanotime return 32-bit integers containing seconds and microseconds or nanoseconds, respectively, representing the system uptime. The functions clock_get_calendar_microtime and clock_get_calendar_nanotime return 32-bit integers containing seconds and microseconds or nanoseconds, respectively, representing the current calendar date and time since the epoch (January 1, 1970). In some parts of the kernel, you may find other functions that return type mach_timespec_t. This type is similar to the traditional BSD struct timespec, except that fractions of a second are measured in nanoseconds instead of microseconds: struct mach_timespec { unsigned int tv_sec; clock_res_t tv_nsec; }; typedef struct mach_timespec *mach_timespec_t; In addition to the traditional Mach functions, if you are writing code in BSD portions of the kernel you can also get the current calendar (wall clock) time as a BSD timeval, as well as find out the calendar time when the system was booted by doing the following: #include struct timeval tv=time; /* calendar time */ struct timeval tv_boot=boottime; /* calendar time when booting occurred */ For other information, you should use the Mach functions listed previously. Event and Timer Waits Each part of the OS X kernel has a distinct API for waiting a certain period of time. In most cases, you can call these functions from other parts of the kernel. The I/O Kit provides IODelay and IOSleep. Mach provides functions based on AbsoluteTime, as well as a few based on microseconds. BSD provides msleep. Miscellaneous Kernel Services Using Kernel Time Abstractions 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 143Using IODelay and IOSleep IODelay, provided by the I/O Kit, abstracts a timed spin. If you are delaying for a short period of time, and if you need to be guaranteed that your wait will not be stopped prematurely by delivery of asynchronous events, this is probably the best choice. If you need to delay for several seconds, however, this is a bad choice, because the CPU that executes the wait will spin until the time has elapsed, unable to handle any other processing. IOSleep puts the currently executing thread to sleep for a certain period of time. There is no guarantee that your thread will execute after that period of time, nor isthere a guarantee that your thread will not be awakened by some other event before the time has expired. It is roughly equivalent to the sleep call from user space in this regard. The use of IODelay and IOSleep are straightforward. Their prototypes are: IODelay(unsigned microseconds); IOSleep(unsigned milliseconds); Note the differing units. It is not practical to put a thread to sleep for periods measured in microseconds, and spinning for several milliseconds is also inappropriate. Using Mach Absolute Time Functions The following Mach time functions are commonly used. Several others are described in osfmk/kern/clock.h. Note: These are not the same functions as those listed in kern/clock.h in the Kernel framework. These functions are not exposed to kernel extensions, and are only for use within the kernel itself. void delay(uint64_t microseconds); void clock_delay_until(uint64_t deadline); void clock_absolutetime_interval_to_deadline(uint64_t abstime, uint64_t *result); void nanoseconds_to_absolutetime(uint64_t nanoseconds, uint64_t *result); void absolutetime_to_nanoseconds(uint64_t abstime, uint64_t *result); These functions are generally straightforward. However, a few points deserve explanation. Unless specifically stated, all times, deadlines, and so on, are measured in abstime units. The abstime unit is equal to the length of one bus cycle,so the duration is dependent on the busspeed of the computer. For thisreason, Mach provides conversion routines between abstime units and nanoseconds. Miscellaneous Kernel Services Using Kernel Time Abstractions 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 144Many time functions, however, provide time in seconds with nanosecond remainder. In this case, some conversion is necessary. For example, to obtain the current time as a mach abstime value, you might do the following: uint32_t secpart; uint32_t nsecpart; uint64_t nsec, abstime; clock_get_calendar_nanotime(&secpart, &nsecpart); nsec = nsecpart + (1000000000ULL * secpart); //convert seconds to nanoseconds. nanoseconds_to_absolutetime(nsec, &abstime); The abstime value is now stored in the variable abstime. Using msleep In addition to Mach and I/O Kit routines, BSD provides msleep, which is the recommended way to delay in the BSD portions of the kernel. In other parts of the kernel, you should either use wait_queue functions or use assert_wait and thread_wakeup functions, both of which are closely tied to the Mach scheduler, and are described in “Kernel Thread APIs” (page 85). Because this function is more commonly used for waiting on events, it is described further in “Condition Variables” (page 130). Handling Version Dependencies Many time-related functions such as clock_get_uptime changed as a result of the transition to KPIs in OS X v.10.4. While these changes result in a cleaner interface, this can prove challenging if you need to make a kernel extension that needs to obtain time information across multiple versions of OS X in a kernel extension that would otherwise have no version dependencies (such as an I/O Kit KEXT). Here is a list of time-related functions that are available in both pre-KPI and KPI versions of OS X: uint64_t mach_absolute_time(void); Declared In: Dependency: com.apple.kernel.mach This function returns a Mach absolute time value for the current wall clock time in units of uint64_t. Miscellaneous Kernel Services Using Kernel Time Abstractions 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 145void microtime(struct timeval *tv); Declared In: Dependency: com.apple.kernel.bsd This function returns a timeval struct containing the current wall clock time. void microuptime(struct timeval *tv); Declared In: Dependency: com.apple.kernel.bsd This function returns a timeval struct containing the current uptime. void nanotime(struct timespec *ts); Declared In: Dependency: com.apple.kernel.bsd This function returns a timespec struct containing the current wall clock time. void nanouptime(struct timespec *ts); Declared In: Dependency: com.apple.kernel.bsd This function returns a timespec struct containing the current uptime. Note: The structure declarationsfor struct timeval and struct timespec differ between 10.3 and 10.4 in their use of int, int32_t, and long data types. However, because the structure packing for the underlying data types is identical in the 32-bit world, these structures are assignment compatible. In addition to these APIs, the functionality marked __APPLE_API_UNSTABLE in was adopted as-is in OS X v.10.4 and is no longer marked unstable. Boot Option Handling OS X provides a simple parse routine, PE_parse_boot_arg, for basic boot argument passing. It supports both flags and numerical value assignment. For obtaining values, you write code similar to the following: unsigned int argval; if (PE_parse_boot_arg("argflag", &argval)) { Miscellaneous Kernel Services Boot Option Handling 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 146/* check for reasonable value */ if (argval < 10 || argval > 37) argval = 37; } else { /* use default value */ argval = 37; } Since PE_parse_boot_arg returns a nonzero value if the flag exists, you can check for the presence of a flag by using a flag that starts with a dash (-) and ignoring the value stored in argvalue. The PE_parse_boot_arg function can also be used to get a string argument. To do this, you must pass in the address of an array of type char as the second argument. The behavior of PE_parse_boot_arg is undefined if a string is passed in for a numeric variable or vice versa. Its behavior is also undefined if a string exceeds the storage space allocated. Be sure to allow enough space for the largest reasonable string including a null delimiter. No attempt is made at bounds checking, since an overflow is generally a fatal error and should reasonably prevent booting. Queues As part of its BSD infrastructure, the OS X kernel provides a number of basic support macrosto simplify handling of linked lists and queues. These are implemented as C macros, and assume a standard C struct. As such, they are probably not suited for writing code in C++. The basic types of lists and queues included are ● SLIST, a singly linked list ● STAILQ, a singly linked tail queue ● LIST, a doubly linked list ● TAILQ, a doubly linked tail queue SLIST is ideal for creating stacks or for handling large sets of data with few or no removals. Arbitrary removal, however, requires an O(n) traversal of the list. STAILQ is similar to SLIST except that it maintains pointers to both ends of the queue. This makes it ideal for simple FIFO queues by adding entries at the tail and fetching entries from the head. Like SLIST, it is inefficient to remove arbitrary elements. Miscellaneous Kernel Services Queues 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 147LIST is a doubly linked version of SLIST. The extra pointersrequire additionalspace, but allow O(1) (constant time) removal of arbitrary elements and bidirectional traversal. TAILQ is a doubly linked version of STAILQ. Like LIST, the extra pointers require additional space, but allow O(1) (constant time) removal of arbitrary elements and bidirectional traversal. Because their functionality is relatively simple, their use is equally straightforward. These macros can be found in xnu/bsd/sys/queue.h. Installing Shutdown Hooks Although OS X does not have traditional BSD-style shutdown hooks, the I/O Kit provides equivalent functionality in recent versions. Since the I/O Kit provides this functionality, you must call it from C++ code. To register for notification, you call registerSleepWakeInterest (described in IOKit/RootDomain.h) and register for sleep notification. If the system is about to be shut down, your handler is called with the message type kIOMessageSystemWillPowerOff. If the system is about to reboot, your handler gets the message type kIOMessageSystemWillRestart. If the system is about to reboot, your handler gets the message type kIOMessageSystemWillSleep. If you no longer need to receive notification (for example, if your KEXT gets unloaded), be certain to release the notifier with IONofitier::release to avoid a kernel panic on shutdown. For example, the following sample KEXT registersforsleep notifications, then logs a message with IOLog when a sleep notification occurs: #include #include #include #include #include #define ALLOW_SLEEP 1 IONotifier *notifier; extern "C" { Miscellaneous Kernel Services Installing Shutdown Hooks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 148IOReturn mySleepHandler( void * target, void * refCon, UInt32 messageType, IOService * provider, void * messageArgument, vm_size_t argSize ) { IOLog("Got sleep/wake notice. Message type was %d\n", messageType); #if ALLOW_SLEEP acknowledgeSleepWakeNotification(refCon); #else vetoSleepWakeNotification(refCon); #endif return 0; } kern_return_t sleepkext_start (kmod_info_t * ki, void * d) { void *myself = NULL; // Would pass the self pointer here if in a class instance notifier = registerPrioritySleepWakeInterest( &mySleepHandler, myself, NULL); return KERN_SUCCESS; } kern_return_t sleepkext_stop (kmod_info_t * ki, void * d) { notifier->remove(); return KERN_SUCCESS; } } // extern "C" Miscellaneous Kernel Services Installing Shutdown Hooks 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 149As discussed in the chapter “Kernel Architecture Overview” (page 14), OS X provides a kernel extension mechanism as a means of allowing dynamic loading of code into the kernel, without the need to recompile or relink. Because these kernel extensions (KEXTs) provide both modularity and dynamic loadability, they are a natural choice for any relatively self-contained service that requires access to internal kernel interfaces. Because KEXTs run in supervisor mode in the kernel’s address space, they are also harder to write and debug than user-level modules, and must conform to strict guidelines. Further, kernel resources are wired (permanently resident in memory) and are thus more costly to use than resources in a user-space task of equivalent functionality. In addition, although memory protection keeps applications from crashing the system, no such safeguards are in place inside the kernel. A badly behaved kernel extension in OS X can cause as much trouble as a badly behaved application or extension could in Mac OS 9. Bugs in KEXTs can have far more severe consequences than bugs in user-level code. For example, a memory access error in a user application can, at worst, cause that application to crash. In contrast, a memory access error in a KEXT causes a kernel panic, crashing the operating system. Finally, for security reasons, some customers restrict or don’t permit the use of third-party KEXTs. As a result, use of KEXTs is strongly discouraged in situations where user-level solutions are feasible. OS X guarantees that threading in applications is just as efficient as threading inside the kernel, so efficiency should not be an issue. Unless your application requireslow-level accessto kernel interfaces, you should use a higher level of abstraction when developing code for OS X. When you are trying to determine if a piece of code should be a KEXT, the default answer is generally no . Even if your code was a system extension in Mac OS 9, that does not necessarily mean that it should be a kernel extension in OS X. There are only a few good reasons for a developer to write a kernel extension: ● Your code needsto take a primary interrupt—that is,something in the (built-in) hardware needsto interrupt the CPU and execute a handler. ● The primary client of your code is inside the kernel—for example, a block device whose primary client is a file system. ● Your code needs to access kernel interfaces that are not exported to user space. ● Your code has other special requirements that cannot be satisfied in a user space application. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 150 Kernel Extension OverviewIf your code does not meet any of the above criteria (and possibly even if it does), you should consider developing it as a library or a user-level daemon, or using one of the user-level plug-in architectures (such as QuickTime components or the Core Graphics framework) instead of writing a kernel extension. If you are writing device drivers or code to support a new volume format or networking protocol, however, KEXTs may be the only feasible solution. Fortunately, while KEXTs may be more difficult to write than user-space code, several tools and procedures are available to enhance the development and debugging process. See “Debugging Your KEXT” (page 153) for more information. This chapter provides a conceptual overview of KEXTs and how to create them. If you are interested in building a simple KEXT, see the Apple tutorials listed in the bibliography. These provide step-by-step instructions for creating a simple, generic KEXT or a basic I/O Kit driver. Implementation of a Kernel Extension (KEXT) Kernel extensions are implemented as bundles, folders that the Finder treats as single files. See the chapter about bundles in Mac Technology Overview for a discussion of bundles.The KEXT bundle can contain the following: ● Information property list—a text file that describes the contents, settings, and requirements of the KEXT. This file is required. A KEXT bundle need contain nothing more than this file, although most KEXTs contain one or more kernel modules as well. See the chapter about software configuration in Mac Technology Overview for further information about property lists. ● KEXT binary—a file in Mach-O format, containing the actual binary code used by the KEXT. A KEXT binary (also known as a kernel module or KMOD) represents the minimum unit of code that can be loaded into the kernel. A KEXT usually contains one KEXT binary. If no KEXT binaries are included, the information property list file must contain a reference to another KEXT and change its default settings. ● Resources—for example, icons or localization dictionaries. Resources are optional; they may be useful for a KEXT that needs to display a dialog or menu. At present, no resources are explicitly defined for use with KEXTs. ● KEXT bundles—a kext can contain other KEXTs. This can be used for plug-ins that augment features of a KEXT. Kernel Extension Dependencies Any KEXT can declare that it is dependent upon any other KEXT. The developer lists these dependencies in the OSBundleLibraries dictionary in the module’s property list file. Kernel Extension Overview Implementation of a Kernel Extension (KEXT) 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 151Before a KEXT isloaded, all of itsrequirements are checked. Those required extensions(and their requirements) are loaded first, iterating back through the lists until there are no more required extensions to load. Only after all requirements are met, is the requested KEXT loaded as well. For example, device drivers (a type of KEXT) are dependent upon (require) certain families (another type of KEXT). When a driver isloaded, itsrequired families are also loaded to provide necessary, common functionality. To ensure that all requirements are met, each device drivershould list all of itsrequirements(families and other drivers) in its property list. See the chapter “I/O Kit Overview” (page 94), for an explanation of drivers and families. It is important to list all dependencies for each KEXT. If your KEXT fails to do so, your KEXT may not load due to unrecognized symbols, thusrendering the KEXT useless. Dependenciesin KEXTs can be considered analogous to required header files or librariesin code development; in fact, the Kernel Extension Manager usesthe standard linker to resolve KEXT requirements. Building and Testing Your Extension After creating the necessary property list and C or C++ source files, you use Project Builder to build your KEXT. Any errors in the source code are brought to your attention during the build and you are given the chance to edit your source files and try again. To test your KEXT, however, you need to leave Project Builder and work in the Terminal application (or in console mode). In console mode, all system messages are written directly to your screen, as well as to a log file (/var/log/system.log). If you work in the Terminal application, you must view system messages in the log file or in the Console application.You also need to log in to the root account (or use the su or sudo command), since only the root account can load kernel extensions. When testing your KEXT, you can load and unload it manually, as well as check the load status. You can use the kextload command to load any KEXT. A manual page for kextload is included in OS X. (On OS X prior to 10.2, you must use the kmodload command instead.) Note that this command is useful only when developing a KEXT. Eventually, after it has been tested and debugged, you install your KEXT in one of the standard places (see “Installed KEXTs” (page 154) for details). Then, it will be loaded and unloaded automatically at system startup and shutdown or whenever it is needed (such as when a new device is detected). Kernel Extension Overview Building and Testing Your Extension 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 152Debugging Your KEXT KEXT debugging can be complicated. Before you can debug a KEXT, you must first enable kernel debugging, as OS X is not normally configured to permit debugging the kernel. Only the root account can enable kernel debugging, and you need to reboot OS X for the changes to take effect. (You can use sudo to gain root privileges if you don’t want to enable a root password.) Kernel debugging is performed using two OS X computers, called the development or debug host and the debug target. These computers must be connected over a reliable network connection on the same subnet (or within a single local network). Specifically, there must not be any intervening IP routers or other devices that could make hardware-based Ethernet addressing impossible. The KEXT is registered (and loaded and run) on the target. The debugger is launched and run on the debug host. You can also rebuild your KEXT on the debug host, after you fix any errors you find. Debugging must be performed in this fashion because you must temporarily halt the kernel on the target in order to use the debugger. When you halt the kernel, all other processes on that computer stop. However, a debugger running remotely can continue to run and can continue to examine (or modify) the kernel on the target. Note that bugs in KEXTs may cause the target kernel to freeze or panic. If this happens, you may not be able to continue debugging, even over a remote connection; you have to reboot the target and start over, setting a breakpoint just before the code where the KEXT crashed and working very carefully up to the crash point. Developers generally debug KEXTs using gdb, a source-level debugger with a command-line interface. You will need to work in the Terminal application to run gdb. For detailed information about using gdb, see the documentation included with OS X. You can also use the help command from within gdb. Some features of gdb are unavailable when debugging KEXTs because of implementation limitations. For example: ● You can’t use gdb to call a function or method in a KEXT. ● You should not use gdb to debug interrupt routines. The former is largely a barrier introduced by the C++ language. The latter may work in some cases but is not recommended due to the potential for gdb to interrupt something upon which kdp (the kernel shim used by gdb) depends in order to function properly. Use care that you do not halt the kernel for too long when you are debugging (for example, when you set breakpoints). In a short time, internal inconsistencies can appear that cause the target kernel to panic or freeze, forcing you to reboot the target. Kernel Extension Overview Debugging Your KEXT 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 153Additional information about debugging can be found in “When Things Go Wrong: Debugging the Kernel” (page 161). Installed KEXTs The Kernel Extension Manager (KEXT Manager) is responsible for loading and unloading all installed KEXTs (commands such as kextload are used only during development). Installed KEXTs are dynamically added to the running OS X kernel as part of the kernel’s address space. An installed and enabled KEXT is invoked as needed. Important: Note that KEXTs are only wrappers(bundles) around a property list, KEXT binaries(or references to other KEXTs), and optional resources. The KEXT describes what is to be loaded; it is the KEXT binaries that are actually loaded. KEXTs are usually installed in the folder /System/Libraries/Extensions. The Kernel Extension Manager (in the form of a daemon, kextd), always checks here. KEXTs can also be installed in ROM or inside an application bundle. Installing KEXTs in an application bundle allows an application to register those KEXTs without the need to install them permanently elsewhere within the system hierarchy. This may be more convenient and allows the KEXT to be associated with a specific, running application. When it starts, the application can register the KEXT and, if desired, unregister it on exit. For example, a network packet sniffer application might employ a Network Kernel Extension (NKE). A tape backup application would require that a tape driver be loaded during the duration of the backup process. When the application exits, the kernel extension is no longer needed and can be unloaded. Note that, although the application is responsible for registering the KEXT, this is no guarantee that the corresponding KEXTs are actually ever loaded. It is still up to a kernel component, such as the I/O Kit, to determine a need, such as matching a piece of hardware to a desired driver, thus causing the appropriate KEXTs (and their dependencies) to be loaded. Kernel Extension Overview Installed KEXTs 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 154This chapter is not about building kernel extensions (KEXTs). There are a number of good KEXT tutorials on Apple’s developer documentation site (http://developer.apple.com/documentation). This chapter is about adding new in-kernel modules(optional parts of the kernel), building kernels, and debugging kernel and kernel extension builds. The discussion is divided into three sections. The first, “Adding New Files or Modules” (page 155), describes how to add new functionality into the kernel itself. You should only add files into the kernel when the use of a KEXT is not possible (for example, when adding certain low-level motherboard hardware support). The second section, “Building Your First Kernel” (page 158), describes how to build a kernel, including how to build a kernel with debugger support, how to add new options, and how to obtain sources that are of similar vintage to those in a particular version of OS X or Darwin. The third section, “When Things Go Wrong: Debugging the Kernel” (page 161), tells how to debug a kernel or kernel module using ddb and gdb. This is a must-read for anyone doing kernel development. Adding New Files or Modules In this context, the term module is used loosely to refer to a collection of related files in the kernel that are controlled by a single config option at compile time. It does not refer to loadable modules (KEXTs). This section describes how to add additional files that will be compiled into the kernel, including how to add a new config option for an additional module. Modifying the Configuration Files The details of adding a new file or module into the kernel differ according to what portion of the kernel contains the file. If you are adding a new file or module into the Mach portion of the kernel, you need to list it in various filesin xnu/osfmk/conf. For the BSD portion of the kernel, you should list it in variousfilesin xnu/bsd/conf. In either case, the procedure is basically the same, just in a different directory. This section is divided into two subsections. The first describes adding the module itself and the second describes enabling the module. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 155 Building and Debugging KernelsAdding the Files or Modules In the appropriate conf directory, you need to add your files or modules into various files. The files MASTER, MASTER.ppc, and MASTER.i386 contain the list of configuration options that should be built into the kernel for all architectures, PowerPC, and i386, respectively. These are supplemented by files, files.ppc, and files.i386, which contain associations between compile options and the files that are related to them for their respective architectures. The format for these two files is relatively straightforward. If you are adding a new module, you should first choose a name for that module. For example, if your module is called mach_foo, you should then add a new option line near the top of files that is whitespace (space or tab) delimited and looks like this: OPTIONS/mach_foo optional mach_foo The first part defines the name of the module as it will be used in #if statements in the code. (See “Modifying the Source Code Files” (page 157) for more information.) The second part is alwaysthe word optional. The third part tells the name of the option as used to turn it on or off in a MASTER file. Any line with mach_foo in the last field will be enabled only if there is an appropriate line in a MASTER file. Then, later in the file, you add osfmk/foo/foo_main.c optional mach_foo osfmk/foo/foo_bar.c optional mach_foo and so on, for each new file associated with that module. This also applies if you are adding a file to an existing module. If you are adding a file that is not associated with any module at all, you add a line that looks like the following to specify that this file should always be included: osfmk/crud/mandatory_file.c standard If you are not adding any modules, then you’re done. Otherwise, you also need to enable your option in one of the MASTER files. Enabling Module Options To enable a module option (as described in the files files), you must add an entry for that option into one of the MASTER files. If your code is not a BSD pseudo-device, you should add something like the following: options MACH_FOO Building and Debugging Kernels Adding New Files or Modules 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 156Otherwise, you should add something like this: pseudo-device mach_foo In the case of a pseudo-device (for example, /dev/random), you can also add a number. When your code checks to see if it should be included, it can also check that number and allocate resources for more than one pseudo-device. The meaning of multiple pseudo-devicesis device-dependent. An example of thisis ppp, which allocates resources for two simultaneous PPP connections. Thus, in the MASTER.ppc file, it has the line: pseudo-device ppp 2 Modifying the Source Code Files In the OS X kernel, all source code files are automatically compiled. It is the responsibility of the C file itself to determine whether its contents need to be included in the build or not. In the example above, you created a module called mach_foo. Assume that you want this file to compile only on PowerPC-based computers. In that case, you should have included the option only in MASTER.ppc and not in MASTER.i386. However, by default, merely specifying the file foo_main.c in files causes it to be compiled, regardless of compile options specified. To make the code compile only when the option mach_foo is included in the configuration, you should begin each C source file with the lines #include #if (MACH_FOO > 0) and end it with #endif /* MACH_FOO */ If mach_foo is a pseudo-device and you need to check the number of mach_foo pseudo-devices included, you can do further tests of the value of MACH_FOO. Note that the file is not something you create. It is created by the makefiles themselves. You must run make exporthdrs before make all to generate these files. Building and Debugging Kernels Adding New Files or Modules 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 157Building Your First Kernel Before you can build a kernel, you must first obtain source code. Source code for the OS X kernel can be found in the Darwin xnu project on http://www.opensource.apple.com. To find out your current kernel version, use the command uname -a. If you run into trouble, search the archives of the darwin-kernel and darwin-development mailing lists for information. If that doesn’t help, ask for assistance on either list. The list archives and subscription information can be found at http://www.lists.apple.com. Note: Before you begin, make sure you extract the sources in a directory whose path does not contain any “special” characters (non-alphanumeric characters other than dash and underscore), as having such characters in the path leading up to the build directory can cause compiling to fail. Also, make sure that /usr/local/bin is in your PATH environment variable as follows: If you are using a csh derivative such as tcsh, you should add set path = (/usr/local/bin $path) to your .tcshrc file If you are using a Bourne shell derivative, you should add export PATH=/usr/local/bin:$PATH to your .bashrc file. Important: Once you have obtained and extracted the sources, before you begin compiling kernelsupport tools, you should configure your system to build using gcc 3.3. The OS X v10.4 kernel will not build using gcc 4.0. To do this, type: sudo gcc_select 3.3 Important: Before building anything, you should make sure you are running the latest version of OS X with the latest developer tools. The xnu compile process may reference various external headers from /System/Library/Frameworks. These headers are only installed as part of a developer toolsinstallation, not as part of the normal OS X install process. Next, you will need to compile several support tools. Get the bootstrap_cmds, Libstreams, kext_tools, IOKitUser, and cctools packagesfrom http://www.opensource.apple.com. Extract the filesfrom these .tar packages, then do the following: sudo mkdir -p /usr/local/bin sudo mkdir -p /usr/local/lib cd bootstrap_cmds-version/relpath.tproj make Building and Debugging Kernels Building Your First Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 158sudo make install cd ../../Libstreams-version make sudo make install cd ../cctools-version sudo cp /usr/include/ar.h \ /System/Library/Frameworks/Kernel.framework/Headers In the cctools package, modify the Makefile, and change the COMMON_SUBDIRS line (including the continuation line after it) to read: COMMON_SUBDIRS = libstuff libmacho misc Finally, issue the following commands: make RC_OS=macos sudo cp misc/seg_hack.NEW /usr/local/bin/seg_hack cd ld make RC_OS=macos kld_build sudo cp static_kld/libkld.a /usr/local/lib sudo ranlib /usr/local/lib/libkld.a Now you’re done with the cctools project. One final step remains: compiling kextsymboltool. To do this, extract the kext_tools tarball, then do the following: sudo mkdir -p /System/Library/Frameworks/IOKit.framework/Versions/A/PrivateHeaders/kext cd /System/Library/Frameworks/IOKit.framework/ sudo ln -s Versions/A/PrivateHeaders PrivateHeaders sudo cp PATH_TO_IOKITUSER/IOKitUser-version/kext.subproj/*.h PrivateHeaders/kext cd PATH_TO_KEXT_TOOLS/kext_tools-version gcc kextsymboltool.c -o kextsymboltool sudo cp kextsymboltool /usr/local/bin Building and Debugging Kernels Building Your First Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 159Warning: If you do not use a version of kextsymboltool that is at least as current as your kernel, you will get serious compile failures. If you see the error message “exported name not in import list”, there’s a good chance you aren’t using a current kextsymboltool. Congratulations. You now have all the necessary tools, libraries, and header files to build a kernel. The next step is to compile the kernel itself. First, change directories into the xnu directory. Next, you need to set a few environment variables appropriately. For your convenience, the kernel sources contain shell scripts to do this for you. If you are using sh, bash, zsh, or some other Bourne-compatible shell, issue the following command: source SETUP/setup.sh If you are using csh, tcsh, or a similar shell, use the following command: source SETUP/setup.csh Then, you should be able to type make exporthdrs make all and get a working kernel in BUILD/obj/RELEASE_PPC/mach_kernel (assuming you are building a RELEASE kernel for PowerPC, of course). If things don’t work, the darwin-kernel mailing list a good place to get help. Building an Alternate Kernel Configuration When building a kernel, you may want to build a configuration other than the RELEASE configuration (the default shipping configuration). Additional configurations are RELEASE_TRACE, DEBUG, DEBUG_TRACE, and PROFILE. These configurations add various additional options (except PROFILE, which is reserved for future expansion, and currently maps onto RELEASE). Building and Debugging Kernels Building an Alternate Kernel Configuration 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 160The most useful and interesting configurations are RELEASE and DEBUG. The release configuration should be the same as a stock Apple-released kernel, so this is interesting only if you are building source that differs from that which was used to build the kernel you are already running. Compiling a kernel without specifying a configuration results in the RELEASE configuration being built. The DEBUG configuration enables ddb, the in-kernel serial debugger. The ddb debugger is helpful to debug panics that occur early in boot or within certain parts of the Ethernet driver. It is also useful for debugging low-level interrupt handler routines that cannot be debugged by using the more traditional gdb. To compile an alternate kernel configuration, you should follow the same basic procedure as outlined previously, changing the final make statement slightly. For example, to build the DEBUG configuration, instead of typing make all you type make KERNEL_CONFIGS=DEBUG all and wait. To turn on additional compile options, you must modify one of the MASTER files. For information on modifying these files, see the section “Enabling Module Options” (page 156). When Things Go Wrong: Debugging the Kernel No matter how careful your programming habits, sometimes things don’t work right the first time. Kernel panics are simply a fact of life during development of kernel extensions or other in-kernel code. There are a number of ways to track down problems in kernel code. In many cases, you can find the problem through careful use of printf or IOLog statements. Some people swear by this method, and indeed, given sufficient time and effort, any bug can be found and fixed without using a debugger. Of course, the key words in that statement are “given sufficient time and effort.” For the rest of us, there are debuggers: gdb and ddb. Setting Debug Flags in Open Firmware With the exception of kernel panics or calls to PE_enter_debugger, it is not possible to do remote kernel debugging without setting debug flags in Open Firmware. These flags are relevant to both gdb and ddb debugging and are important enough to warrant their own section. Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 161To set these flags, you can either use the nvram program (from the OS X command line) or access your computer’s Open Firmware. You can access Open Firmware this by holding down Command-Option-O-F at boot time. For most computers, the default is for Open Firmware to present a command–line prompt on your monitor and accept input from your keyboard. For some older computers you must use a serial line at 38400, 8N1. (Technically, such computers are not supported by OS X, but some are usable under Darwin, and thus they are mentioned here for completeness.) From an Open Firmware prompt, you can set the flags with the setenv command. From the OS X command line, you would use the nvram command. Note that when modifying these flags you should always look at the old value for the appropriate Open Firmware variables and add the debug flags. For example, if you want to set the debug flagsto 0x4, you use one of the following commands. For computers with recent versions of Open Firmware, you would type printenv boot-args setenv boot-args original_contents debug=0x4 from Open Firmware or nvram boot-args nvram boot-args="original_contents debug=0x4" from the command line (as root). For older firmware versions, the interesting variable is boot-command. Thus, you might do something like printenv boot-command setenv boot-command 0 bootr debug=0x4 from Open Firmware or nvram boot-command nvram boot-command="0 bootr debug=0x4" from the command line (as root). Of course, the more important issue is what value to choose for the debug flags. Table 20-1 (page 163) lists the debugging flags that are supported in OS X. Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 162Table 20-1 Debugging flags Symbolic name Flag Meaning DB_HALT 0x01 Halt at boot-time and wait for debugger attach (gdb). DB_PRT 0x02 Send kernel debugging printf output to console. Drop into debugger on NMI (Command–Power, Command-Option-Control-Shift-Escape, or interrupt switch). DB_NMI 0x04 DB_KPRT 0x08 Send kernel debugging kprintf output to serial port. DB_KDB 0x10 Make ddb (kdb) the default debugger (requires a custom kernel). DB_SLOG 0x20 Output certain diagnostic info to the system log. Allow debugger to ARP and route (allows debugging across routers and removes the need for a permanent ARP entry, but is a potential security hole)—not available in all kernels. DB_ARP 0x40 DB_KDP_BP_DIS 0x80 Support old versions of gdb on newer systems. DB_LOG_PI_SCRN 0x100 Disable graphical panic dialog. The option DB_KDP_BP_DIS is not available on all systems, and should not be important if your target and host systems are running the same or similar versions of OS X with matching developer tools. The last option is only available in Mac OS 10.2 and later. Avoiding Watchdog Timer Problems Macintosh computers have various watchdog timers designed to protect the system from certain types of failures. There are two primary watchdog timersin common use: the power management watchdog timer (not present on all systems) and the system crash watchdog timer. Both watchdogs are part of the power management hardware. The first of these, the power management watchdog timer, is designed to restore the system to a known safe state in the event of unexpected communication loss between the power management hardware and the CPU. Thistimer is only present in G4 and earlier desktops and laptops and in early G5 desktops. More specifically, it is present only in machines containing a PMU (Power Management Unit) chip. Under normal circumstances, when communication with the PMU chip is lost, the PMU driver will attempt to get back in sync with the PMU chip. With the possible exception of a momentary loss of keyboard and mouse control, you probably won't notice that anything has happened (and you should never even experience such a stall unless you are writing a device driver that disables interrupts for an extended period of time). Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 163The problem occurs when the disruption in communication is caused by entering the debugger while the PMU chip is in one of these "unsafe" states. If the chip is left in one of these "unsafe" states for too long, it will shut the computer down to prevent overheating or other problems. This problem can be significantly reduced by operating the PMU chip in polled mode. This prevents the watchdog timer from activating. You should only use this option when debugging, however, as it diminishes performance and a crashed system could overheat. To disable this watchdog timer, add the argument pmuflags=1 to the kernel's boot arguments. See “Setting Debug Flags in Open Firmware” (page 161) for information about how to add a boot argument. The second type of watchdog timer is the system crash watchdog timer. This is normally only enabled in OS X Server. If your target machine is running OS X Server, your system will automatically reboot within seconds after a crash to maximize server uptime. You can disable this automatic reboot on crash feature in the server administration tool. Choosing a Debugger There are two basic debugging environments supported by OS X: ddb and gdb. ddb is a built-in debugger that works over a serial line. By contrast, gdb is supported using a debugging shim built into the kernel, which allows a remote computer on the same physical network to attach after a panic (or sooner if you pass certain options to the kernel). For problems involving network extensions or low-level operating system bringups, ddb is the only way to do debugging. For other bugs, gdb is generally easier to use. For completeness, this chapter describes how to use both ddb and gdb to do basic debugging. Since gdb itself is well documented and is commonly used for application programming, this chapter assumes at least a passing knowledge of the basics of using gdb and focuses on the areas where remote (kernel) gdb differs. Note: Only systems with serial hardware support ddb. Thus, it is only possible to use ddb on PowerMac G4 and older systems. Using gdb for Kernel Debugging gdb, short for the GNU Debugger, is a piece of software commonly used for debugging software on UNIX and Linux systems. This section assumes that you have used gdb before, and does not attempt to explain basic usage. In standard OS X builds (and in your builds unless you compile with ddb support), gdb support is built into the system but is turned off except in the case of a kernel panic. Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 164Of course, many software failures in the kernel do not result in a kernel panic but still cause aberrant behavior. For these reasons, you can pass additional flags to the kernel to allow you to attach to a remote computer early in boot or after a nonmaskable interrupt (NMI), or you can programmatically drop into the debugger in your code. You can cause the test computer (the debug target) to drop into the debugger in the following ways: ● debug on panic ● debug on NMI ● debug on boot ● programmatically drop into the default debugger The function PE_enter_debugger can be called from anywhere in the kernel, although if gdb is your default debugger, a crash will result if the network hardware is not initialized or if gdb cannot be used in that particular context. This call is described in the header pexpert/pexpert.h. After you have decided what method to use for dropping into the debugger on the target, you must configure your debug host (the computer that will actually be running gdb). Your debug hostshould be running a version of OS X that is comparable to the version running on your target host. However, it should not be running a customized kernel, since a debug host crash would be problematic, to say the least. Note: It is possible to use a non-OS X system as your debug host. This is not a trivial exercise, however, and a description of building a cross-gdb is beyond the scope of this document. When using gdb, the best results can be obtained when the source code for the customized kernel is present on your debug host. This not only makes debugging easier by allowing you to see the lines of code when you stop execution, it also makes it easier to modify those lines of code. Thus, the ideal situation is for your debug host to also be your build computer. This is not required, but it makes things easier. If you are debugging a kernel extension, it generally suffices to have the source for the kernel extension itself on your debug host. However, if you need to see kernel-specific structures, having the kernel sources on your debug host may also be helpful. Once you have built a kernel using your debug host, you must then copy it to your target computer and reboot the target computer. At this point, if you are doing panic-only debugging, you should trigger the panic. Otherwise, you should tell your target computer to drop into the debugger by issuing an NMI (or by merely booting, in the case of debug=0x1). Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 165Next, unless your kernelsupports ARP while debugging (and unless you enabled it with the appropriate debug flag), you need to add a permanent ARP entry for the target. It will be unable to answer ARP requests while waiting for the debugger. This ensures that your connection won’t suddenly disappear. The following example assumes that your target is target.foo.com with an IP number of 10.0.0.69: $ ping -c 1 target_host_name ping results: .... $ arp -an target.foo.com (10.0.0.69): 00:a0:13:12:65:31 $ sudo arp -s target.foo.com 00:a0:13:12:65:31 $ arp -an target.foo.com (10.0.0.69) at00:a0:13:12:65:31 permanent Now, you can begin debugging by doing the following: gdb /path/to/mach_kernel source /path/to/xnu/osfmk/.gdbinit p proc0 source /path/to/xnu/osfmk/.gdbinit target remote-kdp attach 10.0.0.69 Note that the mach kernel passed as an argument to gdb should be the symbol–laden kernel file located in BUILD/obj/DEBUG_PPC/mach_kernel.sys (for debug kernel builds, RELEASE_PPC for non-debug builds), not the bootable kernel that you copied onto the debug target. Otherwise most of the gdb macros will fail. The correct kernel should be several times as large as a normal kernel. You must do the p proc0 command and source the .gdbinit file (from the appropriate kernel sources) twice to work around a bug in gdb. Of course, if you do not need any of the macros in .gdbinit, you can skip those two instructions. The macros are mostly of interest to people debugging aspects of Mach, though they also provide ways of obtaining information about currently loaded KEXTs. Warning: It may not be possible to detach in a way that the target computer’s kernel continues to run. If you detach, the target hangs until you reattach. It is not always possible to reattach, though the situation is improving in this area. Do not detach from the remote kernel! Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 166If you are debugging a kernel module, you need to do some additional work to get debugging symbol information about the module. First, you need to know the load address for the module. You can get this information by running kextstat (kmodstat on systems running OS X v10.1 or earlier) as root on the target. If you are already in the debugger, then assuming the target did not panic, you should be able to use the continue function in gdb to revive the target, get this information, then trigger another NMI to drop back into the debugger. If the target is no longer functional, and if you have a fully symbol–laden kernel file on your debug host that matches the kernel on your debug target, you can use the showallkmods macro to obtain this information. Obtaining a fully symbol–laden kernel generally requires compiling the kernel yourself. Once you have the load address of the module in question, you need to create a symbol file for the module. You do this in different ways on different versions of OS X. For versions 10.1 and earlier, you use the kmodsyms program to create a symbol file for the module. If your KEXT is called mykext and it is loaded at address 0xf7a4000, for example, you change directories to mykext.kext/Contents/MacOS and type: kmodsyms -k path/to/mach_kernel -o mykext.sym mykext@0xf7a4000 Be sure to specify the correct path for the mach kernel that is running on your target (assuming it is not the same as the kernel running on your debug host). For versions after 10.1, you have two options. If your KEXT does not crash the computer when it loads, you can ask kextload to generate the symbols at load time by passing it the following options: kextload -s symboldir mykext.kext It will then write the symbols for your kernel extension and its dependencies into files within the directory you specified. Of course, this only works if your target doesn’t crash at or shortly after load time. Alternately, if you are debugging an existing panic, or if your KEXT can’t be loaded without causing a panic, you can generate the debugging symbols on your debug host. You do this by typing: kextload -n -s symboldir mykext.kext If will then prompt you for the load address of the kernel extension and the addresses of all its dependencies. As mentioned previously, you can find the addresses with kextstat (or kmodstat) or by typing showallkmods inside gdb. Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 167You should now have a file or files containing symbolic information that gdb can use to determine address–to–name mappings within the KEXT. To add the symbols from that KEXT, within gdb on your debug host, type the command add-symbol-file mykext.sym for each symbol file. You should now be able to see a human-readable representation of the addresses of functions, variables, and so on. Special gdb I/O Addressing Issues As described in “Address Spaces” (page 70), some Macintosh hardware has a third addressing mode called I/O addressing which differs from both physical and virtual addressing modes. Most developers will not need to know about these modes in any detail. Where some developers may run into problems is debugging PCI device drivers and attempting to access device memory/registers. To allow I/O-mapped memory dumping, do the following: set kdp_read_io=1 To dump in physical mode, do the following: set kdp_trans_off=1 For example: (gdb) x/x 0xf8022034 0xf8022034: Cannot access memory at address 0xf8022034 (gdb) set kdp_trans_off=1 (gdb) x/x 0xf8022034 0xf8022034: Cannot access memory at address 0xf8022034 (gdb) set kdp_read_io=1 (gdb) x/x 0xf8022034 0xf8022034: 0x00000020 (gdb) Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 168If you experience problems accessing I/O addresses that are not corrected by this procedure, please contact Apple Developer Technical Support for additional assistance. Using ddb for Kernel Debugging When doing typical debugging, gdb is probably the best solution. However, there are times when gdb cannot be used or where gdb can easily run into problems. Some of these include ● drivers for built-in Ethernet hardware ● interrupt handlers (the hardware variety, not handler threads) ● early bootstrap before the network hardware is initialized When gdb is not practical (or if you’re curious), there is a second debug mechanism that can be compiled into OS X. This mechanism is called ddb, and is similar to the kdb debugger in most BSD UNIX systems. It is not quite as easy to use as gdb, mainly because of the hardware needed to use it. Unlike gdb (which uses Ethernet for communication with a kernel stub), ddb is built into the kernel itself, and interacts directly with the user over a serial line. Also unlike gdb, using ddb requires building a custom kernel using the DEBUG configuration. For more information on building this kernel, see “Building Your First Kernel” (page 158). Note: ddb requires an actual built-in hardware serial line on the debug target. Neither PCI nor USB serial adapters will work. In order to work reliably for interrupt-level debugging, ddb controls the serial ports directly with a polled-mode driver without the use of the I/O Kit. If your debug target does not have a factory serial port, third-party adapter boards may be available that replace your internal modem with a serial port. Since these devices use the built-in serial controller, they should work for ddb. It is not necessary to install OS X drivers for these devices if you are using them only to support ddb debugging. The use of these serial port adapter cards is not an officially supported configuration, and not all computers support the third-party adapter boards needed for ddb support. Consult the appropriate adapter board vendor for compatibility information. If your target computer has two serial ports, ddb uses the modem port (SCC port 0). However, if your target has only one serial port, that port is probably attached to port 1 of the SCC cell, which means that you have to change the default port if you want to use ddb. To use this port (SCC port 1), change the line: const int console_unit=0; Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 169in osfmk/ppc/serial_console.c to read: const int console_unit=1; and recompile the kernel. Once you have a kernel with ddb support, it isrelatively easy to use. First, you need to set up a terminal emulator program on your debug host. If your debug host is running Mac OS 9, you might use ZTerm, for example. For OS X computers, or for computers running Linux or UNIX, minicom provides a good environment. Setting up these programs is beyond the scope of this document. Important: Serial port settings for communicating with ddb must be 57600 8N1. Hardware handshaking may be on, but is not necessary. Note: For targets whose Open Firmware uses the serial ports, remember that the baud rate for communicating with Open Firmware is 38400 and that hardware handshaking must be off. Once you boot a kernel with ddb support, a panic will allow you to drop into the debugger, as will a call to PE_enter_debugger. If the DB_KDB flag is not set, you will have to press the D key on the keyboard to use ddb. Alternately, if both DB_KDB and DB_NMI are set, you should be able to drop into ddb by generating a nonmaskable interrupt (NMI). See “Setting Debug Flags in Open Firmware” (page 161) for more information on debug flags. To generate a nonmaskable interrupt, hold down the command, option, control, and shift keys and hit escape (OS X v10.4 and newer), hold down the command key while pressing the power key on your keyboard (on hardware with a power key), or press the interrupt button on your target computer. At this point, the system should hang, and you should see ddb output on the serial terminal. If you do not, check your configuration and verify that you have specified the correct serial port on both computers. Commands and Syntax of ddb The ddb debugger is much more gdb-like than previous versions, but it still has a syntax that is very much its own (shared only with other ddb and kdb debuggers). Because ddb is substantially different from what most developers are used to using, this section outlines the basic commands and syntax. The commands in ddb are generally in this form: command[/switch] address[,count] Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 170The switches can be one of those shown in Table 20-2 (page 171). Table 20-2 Switch options in ddb Switch Description /A Print the location with line number if possible /I Display as instruction with possible alternate machine-dependent format /a Print the location being displayed /b Display or process by bytes Display low 8 bits as a character (nonprinting characters as octal) or count instructions while executing (depends on instruction) /c /d Display as signed decimal /h Display or process by half word (16 bits) /i Display as an instruction /l Display or process by long word (32 bits) /m Display as unsigned hex with character dump for each line /o Display in unsigned octal /p Print cumulative instruction count and call tree depth at each call or return statement /r Display in current radix, signed /s Display the null-terminated string at address (nonprinting as octal). Display in unsigned decimal or set breakpoint at a user space address (depending on command). /u /x Display in unsigned hex /z Display in signed hex The ddb debugger has a rich command set that has grown over its lifetime. Its command set is similar to that of ddb and kdb on other BSD systems, and their manual pages provide a fairly good reference for the various commands. The command set for ddb includes the following commands: Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 171break[/u] addr Set a breakpoint at the address specified by addr. Execution will stop when the breakpoint is reached. The /u switch means to set a breakpoint in user space. c or continue[/c] Continue execution after reaching a breakpoint. The /c switch meansto count instructions while executing. call Call a function. cond Set condition breakpoints. This command is not supported on PowerPC. cpu cpunum Causes ddb to switch to run on a different CPU. d or delete [addr|#] Delete a breakpoint. This takes a single argument that can be either an address or a breakpoint number. dk Equivalent to running kextstat while the target computer is running. This lists loaded KEXTs, their load addresses, and various related information. dl vaddr Dumps a range of memory starting from the address given. The parameter vaddr is a kernel virtual address. If vaddr is not specified, the last accessed address is used. See also dr, dv. dm Displays mapping information for the last address accessed. dmacro name Delete the macro called name. See macro. dp Displays the currently active page table. dr addr Dumps a range of memory starting from the address given. The parameter address is a physical address. If addr is not specified, the last accessed address is used. See also dl, dv. ds Dumps save areas of all Mach tasks. dv [addr [vsid]] Dumps a range of memory starting from the address given. The parameter addr is a virtual address in the address space indicated by vsid. If addr is not specified, the last accessed address is used. Similarly, if vsid is not specified, the last vsid is used. See also dl, dr. Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 172dwatch addr Delete a watchpoint. See watch. dx Displays CPU registers. examine See print. gdb Switches to gdb mode, allowing gdb to attach to the computer. lt On PowerPC only: Dumps the PowerPC exception trace table. macro name command [ ; command .. ] Create a macro called name that executesthe listed commands. You can show a macro with the command show macro name or delete it with dmacro name. match[/p] Stop at the matching return instruction. If the /p switch is not specified, summary information is printed only at the final return. print[/AIabcdhilmorsuxz] addr1 [addr2 ...] Print the values at the addresses given in the format specified by the switch. If no switch is given, the last used switch is assumed. Synonymous with examine and x. Note that some of the listed switches may work for examine and not for print. reboot Reboots the computer. Immediately. Without doing any file-system unmounts or other cleanup. Do not do this except after a panic. s or step Single step through instructions. search[/bhl] addr value [mask[,count]] Search memory for value starting at addr. If the value is not found, this command can wreak havoc. This command may take other formatting values in addition to those listed. set $name [=] expr Sets the value of the variable or register named by name to the value indicated by expr. show Display system data. For a list of information that can be shown, type the show command by itself. Some additional options are available for certain options, particularly show all. For those suboptions, type show all by itself. Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 173trace[/u] Prints a stack backtrace. If the /u flag is specified, the stack trace extends to user space if supported by architecture-dependent code. until[/p] Stop at the next call or return. w or write[/bhl] addr expr1 [expr2 ... ] Writes the value of expr1 to the memory location stored at addr in increments of a byte, half word, or long word. If additional expressions are specified, they are written to consecutive bytes, half words, or long words. watch addr[,size] Sets a watchpoint on a particular address. Execution stops when the value stored at that address is modified. Watch points are not supported on PowerPC. Warning: Watching addresses in wired kernel memory may cause unrecoverable errors on i386. x Short for examine. See print. xb Examine backward. Execute the last examine command, but use the address previous to the last one used (jumping backward by increments of the last width displayed). xf Examine forward. Execute the last examine command, but use the address following the last one used (jumping by increments of the last width displayed). The ddb debugger should seem relatively familiar to users of gdb, and its syntax was changed radically from its predecessor, kdb, to be more gdb-like. However, it is still sufficiently different that you should take some time to familiarize yourself with its use before attempting to debug something with it. It is far easier to use ddb on a system whose memory hasn’t been scribbled upon by an errant DMA request, for example. Building and Debugging Kernels When Things Go Wrong: Debugging the Kernel 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 174This bibliography contains related material that may be of interest. The editions listed are the editions that were current when this list was compiled, but newer versions may be available. Apple OS X Publications The following Apple publications have information that could be of interest to you if you are programming in the kernel: Hello Debugger: Debugging a Device Driver With GDB (tutorial). Hello I/O Kit: Creating a Device Driver With Xcode (tutorial) Hello Kernel: Creating a Kernel Extension With Xcode (tutorial). Accessing Hardware From Applications I/O Kit Fundamentals Network Kernel Extensions Programming Guide Network Kernel Extensions (legacy) Mac Technology Overview Porting UNIX/Linux Applications to OS X I/O Kit Device Driver Design Guidelines Packaging Your KEXT for Distribution and Installation(tutorial). General UNIX and Open Source Resources A Quarter Century of UNIX . Peter H. Salus. Addison-Wesley, 1994.ISBN 0-201-54777-5. Berkeley Software Distribution . CSRG, UC Berkeley. USENIX and O’Reilly, 1994.ISBN 1-56592-082-1. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 175 BibliographyTheCathedralandtheBazaar:MusingsonLinuxandOpenSourcebyanAccidentalRevolutionary . Eric S.Raymond. O’Reilly & Associates, 1999.ISBN 1-56592-724-9. The New Hacker’s Dictionary . 3rd. Ed., Eric S. Raymond. MIT Press, 1996. ISBN 0-262-68092-0. Open Sources: Voices from the Open Source Revolution . Edited by Chris DiBona, Sam Ockman & Mark Stone. O’Reilly & Associates, 1999. ISBN 1-56592-582-3. Proceedings of the First Conference on Freely Redistributable Software . Free Software Foundation. FSF, 1996. ISBN 1-882114-47-7. The UNIX Desk Reference: The hu.man Pages. Peter Dyson. Sybex, 1996. ISBN 0-7821-1658-2. The UNIX Programming Environment. Brian W. Kernighan, Rob Pike. Prentice Hall, 1984. ISBN 0-13-937681-X (paperback), ISBN 0-13-937699-2 (hardback). BSD and UNIX Internals Advanced Topics in UNIX: Processes, Files, and Systems. Ronald J. Leach. Wiley, 1996. ISBN 1-57176-159-4. The Complete FreeBSD. Greg Lehey, Walnut Creek CDROM Books, 1999. ISBN 1-57176-246-9. The Design and Implementation of the 4.4BSD Operating System. Marshall Kirk McKusick, et al. Addison-Wesley, 1996. ISBN 0-201-54979-4. The Design of the UNIX Operating System. Maurice J. Bach. Prentice Hall, 1986. ISBN 0-13-201799-7. Linux Kernel Internals 2nd edition . Michael Beck, et al. Addison-Wesley, 1997. ISBN 0-201-33143-8. Lions’ Commentary on UNIX 6th Edition with Source Code . John Lions. Peer-to-Peer, 1996. ISBN 1-57398-013-7. Panic!: UNIX System Crash Dump Analysis. Chris Drake, Kimberly Brown. Prentice Hall, 1995. ISBN 0-13-149386-8. UNIX Internals: The New Frontiers. Uresh Vahalia. Prentice-Hall, 1995. ISBN 0-13-101908-2. UNIX Systems for Modern Architectures: Symmetric Multiprocessing and Caching for Kernel Programmers. Curt Schimmel. Addison-Wesley, 1994. ISBN 0-201-63338-8. Optimizing PowerPC Code . Gary Kacmarcik. Addison-Wesley Publishing Company, 1995. ISBN 0-201-40839-2. BerkeleySoftwareArchitectureManual4.4BSDEdition .WilliamJoy,Robert Fabry, Samuel Leffler,M.KirkMcKusick, Michael Karels. Computer Systems Research Group, Computer Science Division, Department of Electrical Engineering and Computer Science, University of California, Berkeley. Bibliography BSD and UNIX Internals 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 176Mach CMU Computer Science: A 25th Anniversary Commemorative . Richard F. Rashid, Ed. ACM Press, 1991. ISBN 0-201-52899-1. Load Distribution, Implementation for the Mach Microkernel . Dejan S. Milojicic. Vieweg Verlag, 1994. ISBN 3-528-05424-7. Programming under Mach . Boykin, et al. Addison-Wesley, 1993. ISBN 0-201-52739-1. Mach Workshop Proceedings. USENIX Association. October, 1990. Mach Symposium Proceedings.USENIX Association. November, 1991. Mach III Symposium Proceedings. USENIX Association. April, 1993, ISBN 1-880446-49-9. Mach 3 Documentation Series. Open Group Research Institute (RI), now Silicomp: Final Draft Specifications OSF/1 1.3 Engineering Release . RI. May 1993. OSF Mach Final Draft Kernel Principles. RI. May, 1993. OSF Mach Final Draft Kernel Interfaces. RI. May, 1993. OSF Mach Final Draft Server Writer’s Guide . RI. May, 1993. OSF Mach Final Draft Server Library Interfaces, RI, May, 1993. Research Institute Microkernel Series. Open Group Research Institute (RI): Operating Systems Collected Papers. Volume I. RI. March, 1993. Operating Systems Collected Papers. Volume II. RI. October,1993. Operating Systems Collected Papers. Volume III. RI. April, 1994. Operating Systems Collected Papers. Volume IV. RI. October, 1995. Mach: A New Kernel Foundation for UNIX Development. Proceedings of the Summer 1986 USENIX Conference. Atlanta, GA., http://www.usenix.org. UNIX as an Application Program. Proceedings of the Summer 1990 USENIX Conference. Anaheim, CA., http://www.usenix.org. OSF RI papers (Spec ‘93): OSF Mach Final Draft Kernel Interfaces Bibliography Mach 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 177OSF Mach Final Draft Kernel Principles OSF Mach Final Draft Server Library Interfaces OSF Mach Final Draft Server Writer's Guide OSF Mach Kernel Interface Changes OSF RI papers (Spec ‘94): OSF RI 1994 Mach Kernel Interfaces Draft OSF RI 1994 Mach Kernel Interfaces Draft (Part A) OSF RI 1994 Mach Kernel Interfaces Draft (Part B) OSF RI 1994 Mach Kernel Interfaces Draft (Part C) OSF RI papers (miscellaneous): Debugging an object oriented system using the Mach interface Unix File Access and Caching in a Multicomputer Environment Untyped MIG: The Protocol Untyped MIG: What Has Changed and Migration Guide Towards a World-Wide Civilization of Objects A Preemptible Mach Kernel A Trusted, Scalable, Real-Time Operating System Environment Mach Scheduling Framework Networking UNIX Network Programming . Volume 1, Networking APIs: Sockets and XTI . W. Richard Stevens. Prentice Hall, 1998, ISBN 0-13-490012-X. UNIX Network Programming . Volume 2, Interprocess Communications. W. Richard Stevens. Prentice Hall, 1998. ISBN 0-13-081081-9. TCP/IP Illustrated . Volume 1, The Protocols. W. Richard Stevens. Addison-Wesley, 1994. ISBN 0-201-63346-9. Bibliography Networking 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 178TCP/IP Illustrated . Volume 2, The Implementation .W. Richard Stevens.Addison-Wesley, 1995. ISBN0-201-63354-X. TCP/IP Illustrated . Volume 3, TCP for Transactions, HTTP, NNTP, and the UNIX Domain Protocols. W. Richard Stevens. Addison-Wesley, 1996. ISBN 0-201-63495-3. Operating Systems Advanced Computer Architecture: Parallelism, Scalability, Programmability . Kai Hwang. McGraw-Hill, 1993. ISBN 0-07-031622-8. Concurrent Systems: An Integrated Approach to Operating Systems, Database, and Distributed Systems. Jean Bacon. Addison-Wesley, 1993. ISBN 0-201-41677-8. Distributed Operating Systems. Andrew S. Tanenbaum. Prentice Hall, 1995. ISBN 0-13-219908-4. Distributed Operating Systems: The Logical Design . A. Goscinski. Addison-Wesley, 1991. ISBN 0-201-41704-9. Distributed Systems, Concepts, and Designs. G. Coulouris, et al. Addison-Wesley, 1994. ISBN 0-201-62433-8. Operating System Concepts. 4th Ed., Abraham Silberschatz, Peter Galvin. Addison-Wesley, 1994. ISBN 0-201-50480-4. POSIX Information Technology-PortableOperating SystemInterface (POSIX): SystemApplication ProgramInterface (API) (C Language). ANSI/IEEE Std. 1003.1. 1996 Edition. ISO/IEC 9945-1: 1996. IEEE Standards Office. ISBN 1-55937-573-6. Programming with POSIX Threads. David R. Butenhof. Addison Wesley Longman, Inc., 1997. ISBN 0-201-63392-2. Programming Advanced Programming in theUNIX Environment. RichardW. Stevens.Addison-Wesley, 1992. ISBN0-201-56317-7. Debugging with GDB: The GNU Source-Level Debugger Eighth Edition for GDB version 5.0 . Richard Stallman et al. Cygnus Support. http://developer.apple.com/documentation/DeveloperTools/gdb/gdb/gdb_toc.html. Open Source Development with CVS , Karl Franz Fogel. Coriolis Group, 1999. ISBN: 1-57610-490-7. Porting UNIX Software: From Download to Debug . Greg Lehey. O’Reilly, 1995. ISBN 1-56592-126-7. Bibliography Operating Systems 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 179The Standard C Library . P.J. Plauger. Prentice Hall, 1992. ISBN 0-13-131509-9. Websites and Online Resources Apple’s developer website (http://www.apple.com/developer/) is a general repository for developer documentation. Additionally, the following sites provide more domain-specific information. Apple’s Public Source projects and Darwin http://www.opensource.apple.com/ The Berkeley Software Distribution (BSD) http://www.FreeBSD.org http://www.NetBSD.org http://www.OpenBSD.org BSD Networking http://www.kohala.com/start/ Embedded C++ http://www.caravan.net/ec2plus GDB, GNUPro Toolkit 99r1 Documentation http://www.redhat.com/docs/manuals/gnupro/ The Internet Engineering Task Force (IETF) http://www.ietf.org jam http://www.perforce.com/jam/jam.html The PowerPC CPU http://www.freescale.com/webapp/sps/site/homepage.jsp?nodeId=0162468rH3bTdG The Single UNIX Specification Version 2 http://www.opengroup.org/onlinepubs/007908799 Bibliography Websites and Online Resources 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 180The USENIX Association; USENIX Proceedings http://www.usenix.org http://www.usenix.org/publications/library/ Security and Cryptography Applied Cryptography: Protocols, Algorithms, and Source Code in C. Bruce Schneier. John Wiley & Sons, 1994. ISBN 0-471-59756-2. comp.security newsgroup (news:comp.security). comp.security.unix newsgroup (news:comp.security.unix). Computer Security . Dieter Gollmann. John Wiley and Son Ltd, 1999. ISBN 0-471-97844-2. Foundations of Cryptography . Oded Goldreich. Cambridge University Press, 2001. ISBN 0-521-79172-3. Secrets and Lies: Digital Security in a Networked World . Bruce Schneier. John Wiley & Sons, 2000. ISBN 0-471-25311-1. Bibliography Security and Cryptography 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 181This table describes the changes to Kernel Programming Guide . Date Notes 2012-02-16 Updated for OS X v10.7. Added a chapter that discusses the early stages of the boot process. “The Early Boot Process” (page 21) was formerly part of Daemons and Services Programming Guide , and was moved here during a reorganization of that book. 2011-03-08 2006-11-07 Added security information and improved kernel build instructions. 2006-10-03 Made minor corrections. 2006-05-23 Added a note about pmuflags to the debugging section. 2006-04-04 Removed out-of-date information for OS X v10.4. 2006-03-08 Updated some stale content for OS X version 10.4. 2006-01-10 Corrected locking prototypes. Made minor fixesto the file system section. Revised networking, synchronization, and kernel services APIs for OS X v10.4. 2005-11-09 Changed terminology from "fat binary" to "universal binary." Clarified the distinction between memory objects and VM objects. 2005-08-11 2005-07-07 Fixed minor errors in build instructions. 2005-06-04 Updated kernel build instructions for OS X v10.4; other minor fixes. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 182 Document Revision HistoryDate Notes Added information about generating NMI on newer hardware in OS X v10.4 and later; various other minor changes. 2005-04-29 2005-02-03 Made minor corrections. 2004-12-02 Made section number fix to man page reference in Chapter 14. 2004-11-01 Minor wording changes. Added details comparing current_task to mach_task_self. Added information about using AltiVec and floating point in the kernel. 2004-08-01 2003-09-01 Minor corrections to kernel build information Added information relating to Power Macintosh G5 VM issues and debugging. Clarified wait queue documentation (event_t). 2003-08-01 Minor update release. Added index and tweaked wording throughout. Fixed minor errata in debugging chapter. Added a few missing details in the security chapter and cleaned up the equations presented. Corrected a few very minor OS X v10.2-specific details that weren’t caught during the first revision. 2003-02-01 OS X v10.2 update release. Changed information on KEXT management, various small corrections (mainly wording improvements). 2002-08-01 Full web release to coincide with WWDC. Corrected a few minor errata from the previous release. 2002-06-01 2002-01-01 Initial partial web release. Document Revision History 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 183abstraction (v) The process of separating the interface to some functionality from the underlying implementation in such a way that the implementation can be changed without changing the way that piece of code is used. (n) The API (interface) for some piece of functionality that has been separated in this way. address space The virtual addressranges available to a given task (note: the task may be the kernel). In OS X, processes do not share the same address space. The addressspaces of multiple processes can, however, point to the same physical addressranges. This is referred to as shared memory. anonymous memory Virtual memory backed by the default pager to swap files, rather than by a persistent object. Anonymous memory is zero-initialized and exists only for the life of the task. See also default pager; task. API (application programming interface) The interface (calling convention) by which an application program accesses a service. This service may be provided by the operating system, by libraries, or by other parts of the application. Apple Public Source License Apple’s Open Source license, available at http://www.apple.com/publicsource. Darwin is distributed under this license. See also Open Source. AppleTalk A suite of network protocols that is standard on Macintosh computers. ASCII (American Standard Code for Information Interchange) A 7-bit character set (commonly represented using 8 bits) that defines 128 unique character codes. See also Unicode. BSD (Berkeley Software Distribution Formerly known as the Berkeley version of UNIX, BSD is now simply called the BSD operating system. The BSD portion of the OS X kernel is based on FreeBSD, a version of BSD. bundle A directory thatstores executable code and the software resources related to that code. Applications, plug-ins, and frameworks represent types of bundles. Except for frameworks, bundles are presented by the Finder as if they were a single file. Carbon An application environment in OS X that features a set of programming interfaces derived from earlier versions of the Mac OS. The Carbon APIs have been modified to work properly with OS X. Carbon applications can run in OS X, Mac OS 9, and all versions of Mac OS 8 later than Mac OS 8.1 (with appropriate libraries). Classic An application environment in OS X that lets users run non-Carbon legacy Mac OS software. It supports programs built for both Power PC and 68K processor architectures. clock An object used to abstract time in Mach. 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 184 GlossaryCocoa An advanced object-oriented development platform on OS X. Cocoa is a set of frameworks with programming interfaces in both Java and Objective-C. It is based on the integration of OPENSTEP, Apple technologies, and Java. condition variable Essentially a wait queue with additional locking semantics. When a thread sleeps waiting for some event to occur, it releases a related lock so that another thread can cause that event to occur. When the second thread posts the event, the first thread wakes up, and, depending on the condition variable semantics used, either takes the lock immediately or begins waiting for the lock to become available. console (1) A text-based login environment that also displays system log messages, kernel panics, and other information. (2) A special window in OS X that displays messages that would be printed to the text console if the GUI were not in use. This window also displays output written to the standard error and standard output streams by applications launched from the Finder. (3) An application by the same name that displays the console window. control port In Mach, access to the control port allows an object to be manipulated. Also called the privileged port. See also port; name port. cooperative multitasking A multitasking environment in which a running programcan receive processing time only if other programs allow it; each application must give up control of the processor cooperatively in order to allow others to run. Mac OS 9 is a cooperative multitasking environment. See also preemptive multitasking. copy-on-write A delayed copy optimization used in Mach. The object to be copied is marked temporarily read-only. When a thread attempts to write to any page in that object, a trap occurs, and the kernel copies only the page or pages that are actually being modified. See also thread. daemon A long-lived process, usually without a visible user interface, that performs a system-related service. Daemons are usually spawned automatically by the system and may either live forever or be regenerated at intervals. They may also be spawned by other daemons. Darwin The core of OS X, Darwin is an Open Source project that includes the Darwin kernel, the BSD commands and C libraries, and several additional features.The Darwin kernel is synonymous with the OS X kernel. default pager In Mach, one of the built-in pagers. The default pager handles nonpersistent (anonymous)memory. See also anonymousmemory; vnode pager; pager. demand paging An operating-system facility that brings pages of data from disk into physical memory only as they are needed. DLIL (Data Link Interface Layer) The part of the OS X kernel’s networking infrastructure that provides the interface between protocol handling and network device driversin the I/O Kit. A generalization of the BSD “ifnet” architecture. DMA (direct memory access) A means of transferring data between host memory and a peripheral device without requiring the host processor to move the data itself. This reduces processor overhead for I/O operations and may reduce contention on the processor bus. Glossary 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 185driver Software that deals with getting data to and from a device, as well as control of that device. In the I/O Kit, an object that manages a piece of hardware (a device), implementing the appropriate I/O Kit abstractions for that device. See also object. DVD (Digital Versatile Disc) Originally, Digital Video Disc. An opticalstorage medium that provides greater capacity and bandwidth than CD-ROM; DVDs are frequently used for multimedia as well as data storage. dyld (dynamic link editor) A utility that allows programs to dynamically load (and link to) needed functions. EMMI (External Memory Management Interface) Mach’sinterface to memory objectsthat allowstheir contents to be contributed by user-mode tasks. See also external pager. Ethernet A family of high-speed local area network technologies in common use. Some common variants include 802.3 and 802.11 (Airport). exception An interruption to the normal flow of program control, caused by the program itself or by executing an illegal instruction. exception port A Mach port on which a task or thread receives messages when exceptions occur. external pager A module that manages the relationship between virtual memory and a backing store. External pagers are clients of Mach’s EMMI. The pager API is currently not exported to userspace. The built-in pagersin OS X are the default pager, the device pager, and the vnode pager. See also EMMI (External Memory Management Interface). family In the I/O Kit, a family defines a collection of software abstractions that are common to all devices of a particular category (for example, PCI, storage, USB). Families provide functionality and services to drivers. See also driver. FAT (file allocation table) A data structure used in the MS-DOS file system. Also synonymous with the file system that uses it. The FAT file system is also used as part of Microsoft Windows and has been adopted for use inside devices such as digital cameras. fat files See universal binaries. FIFO (first-in first-out) A data processing scheme in which data is read in the order in which it was written, processes are run in the order in which they were scheduled, and so forth. file descriptor A per-process unique, nonnegative integer used to identify an open file (or socket). firewall Software (or a computer running such software) that prevents unauthorized access to a network by users outside of the network. fixed-priority policy In Mach, a scheduling policy in which threads execute for a certain quantum of time, and then are put at the end of the queue of threads of equal priority. fork (1) A stream of data that can be opened and accessed individually under a common filename. The Macintosh Standard and Extended file systems store a separate “data” fork and a “resource” fork as part of every file; data in each fork can be accessed and manipulated independently of the other. (2) In BSD, fork is a system call that creates a new process. framework A bundle containing a dynamic shared library and associated resources, including image files, header files, and documentation. Frameworks Glossary 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 186are often used to provide an abstraction for manipulating device driver families from applications. FreeBSD A variant of the BSD operating system. See http://www.freebsd.org for details. gdb (GNU debugger) gdb is a powerful, source-level debugger with a command-line interface. gdb is a popular Open Source debugger and is included with the OS X developer tools. HFS (hierarchical file system) The Mac OS Standard file system format, used to represent a collection of files as a hierarchy of directories (folders), each of which may contain either files or foldersthemselves. HFS+ The Mac OS Extended file system format. This file system format was introduced as part of Mac OS 8.1, adding support for filenames longer than 31 characters, Unicode representation of file and directory names, and efficient operation on larger disks. host (1) The computer that is running (is host to) a particular program or service. The term is usually used to refer to a computer on a network. (2) In debugging, the computer that is running the debugger itself. In this context, the target is the machine running the application, kernel, or driver being debugged. host processor The microprocessor on which an application program resides. When an application is running, the host processor may call other, peripheral microprocessors, such as a digital signal processor, to perform specialized operations. IDE (integrated development environment) An application or set of tools that allows a programmer to write, compile, edit, and in some cases test and debug within an integrated, interactive environment. inheritance attribute In Mach, a value indicating the degree to which a parent process and its child process share pages in the parent process’s address space. A memory page can be inherited as copy-on-write, shared, or not at all. in-line data Data that’s included directly in a Mach message, rather than referred to by a pointer. See also out-of-line data. info plist See information property list. information property list A special form of property list with predefined keysforspecifying basic bundle attributes and information of interest, such as supported document types and offered services. See also bundle; property list. interrupt service thread A thread running in kernel space for handling I/O that is triggered by an interrupt, but does not run in an interrupt context. Also called an I/O service thread. I/O (input/output) The exchange of data between two parts of a computer system, usually between system memory and a peripheral device. I/O Kit Apple’s object-oriented I/O development model. The I/O Kit provides a framework for simplified driver development, supporting many families of devices. See also family. I/O service thread See interrupt service thread. IPC (interprocess communication) The transfer of information between processes or between the kernel and a process. IPL (interrupt priority level) A means of basic synchronization on uniprocessor systems in traditional BSD systems, set using the spl macro. Interrupts with lower priority than the current IPL will not be acted upon until the IPL is lowered. In many parts of the kernel, changing the IPL in OS X Glossary 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 187is not useful as a means ofsynchronization. New use of spl macros is discouraged. See also spl (set priority level). KDP The kernelshim used for communication with a remote debugger (gdb). Kerberos An authentication system based on symmetric key cryptography. Used in MIT Project Athena and adopted by the Open Software Foundation (OSF). kernel The complete OS X core operating-system environment that includes Mach, BSD, the I/O Kit, file systems, and networking components. kernel crash An unrecoverable system failure in the kernel caused by an illegal instruction, memory access exception, or other failure rather than explicitly triggered as in a panic. See also panic. kernel extension See KEXT (kernel extension). kernel mode See supervisor mode. kernel panic See panic. kernel port A Mach port whose receive right is held by the kernel. See also task port; thread port. KEXT (kernel extension) A bundle that extendsthe functionality of the kernel. The I/O Kit, File system, and Networking components are designed to allow and expect the creation and use of KEXTs. KEXT binary A file (or files) in Mach-O format, containing the actual binary code of a KEXT. A KEXT binary is the minimum unit of code that can be loaded into the kernel. Also called a kernel module or KMOD. See also KEXT (kernel extension); Mach-O. key signing In public key cryptography, to (electronically)state your trust that a public key really belongs to the person who claims to own it, and potentially that the person who claims to own it really is who he or she claims to be. KMOD (kernel module) See KEXT binary. lock A basic means of synchronizing multiple threads. Generally only one thread can “hold” a lock at any given time. While a thread is holding the lock, any other thread that tries to take it will wait, either by blocking or by spinning, depending on the nature of the lock. Some lock variants such as read-write locks allow multiple threads to hold a single lock under certain conditions. Mach The lowest level of the OS X kernel. Mach provides such basic services and abstractions as threads, tasks, ports, IPC, scheduling, physical and virtual address space management, VM, and timers. Mach-O Mach object file format. The preferred object file format for OS X. Mach server A task that providesservicesto clients, using a MIG-generated RPC interface. See also MIG (Mach interface generator). main thread By default, a process has one thread, the main thread. If a process has multiple threads, the main thread is the first thread in the process. A user process can use the POSIX thread API to create other user threads. makefile A makefile detailsthe files, dependencies, and rules by which an executable application is built. memory-mapped files A facility that maps virtual memory onto a physical file. Thereafter, any access to that part of virtual memory causes the corresponding page of the physical file to be accessed. The contents of the file can be changed by changing the contents in memory. Glossary 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 188memory object An object managed by a pager that represents the memory, file, or other storage that backs a VM object. See also pager. memory protection A system of memory management in which programs are prevented from being able to modify or corrupt the memory partition of another program, usually through the use of separate address spaces. message A unit of data sent by one task or thread that is guaranteed to be delivered atomically to another task or thread. In Mach, a message consists of a header and a variable-length body. Some system services are invoked by passing a message from a thread to the Mach port representing the task that provides the desired service. microkernel A kernel implementing a minimal set of abstractions. Typically, higher-level OS services such as file systems and device drivers are implemented in layers above a microkernel, possibly in trusted user-mode servers. OS X is a hybrid between microkernel and monolithic kernel architectures. See also monolithic kernel. MIG (Mach interface generator) (1) A family of software that generates and supports the use of a procedure call interface to Mach’s system of interprocess communication. (2) The interface description language supported by MIG. monolithic kernel A kernel architecture in which all pieces of the kernel are closely intertwined. A monolithic kernel providessubstantial performance improvements. It is difficult to evolve the individual components independently, however. The OS X kernel is a hybrid of the monolithic and microkernel models. See also microkernel. multicast A process in which a single packet can be addressed to multiple recipients. Multicast is used, for example, in streaming video, in which many megabytes of data are sent over the network. multihoming The ability to have multiple network addresses in one computer, usually on different networks. For example, multihoming might be used to create a system in which one address is used to talk to hosts outside a firewall and the other to talk to hosts inside; the computer provides facilities for passing information between the two. multitasking The concurrent execution of multiple programs. OS X uses preemptive multitasking. Mac OS 9 uses cooperative multitasking. mutex See mutex lock (mutual exclusion lock). mutex lock (mutual exclusion lock) A type of lock characterized by putting waiting threads to sleep until the lock is available. named (memory) entry A handle (a port) to a mappable object backed by a memory manager. The object can be a region or a memory object. name port In Mach, accessto the name port allows non-privileged operations against an object (for example, obtaining information about the object). In effect, it provides a name for the object without providing any significant access to the object. See also port; control port. named region In Mach, a form of named memory entry that provides a form of memory sharing. namespace An agreed-upon context in which names (identifiers) can be defined. Within a given namespace, all names must be unique. Glossary 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 189NAT (network address translation) A scheme that transforms network packets at a gateway so network addresses that are valid on one side of the gateway are translated into addresses that are valid on the other side. network A group of hosts that can communicate with each other. NFS (network file system) A commonly used file server protocol often found in UNIX and UNIX-based environments. NKE (network kernel extension) A type of KEXT that provides a way to extend and modify the networking infrastructure of OS X dynamically without recompiling or relinking the kernel. NMI (nonmaskable interrupt) An interrupt produced by a particular keyboard sequence or button that cannot be blocked in software. It can be used to interrupt a hung system, for example to drop into a debugger. nonsimple message In Mach, a message that contains either a reference to a port or a pointer to data. See also simple message. notify port A special Mach port that is part of a task. A task’s notify port receives messages from the kernel advising the task of changes in port access rights and of the status of messages it has sent. nub An I/O Kit object that represents a point of connection for a device or logical service. Each nub provides accessto the device orservice it represents, and provides such services as matching, arbitration, and power management. It is most common that a driver publishes one nub for each individual device or service it controls; it is possible for a driver that vends only a single device orservice to act asits own nub. NVRAM (nonvolatile RAM) RAM storage that retains its state even when the power is off. See also RAM (random-access memory). object (1) A collection of data. (2) In Mach, a collection of data, with permissions and ownership. (3) In object-oriented programming, an instance of a class. OHCI (Open Host Controller Interface) The register-level standards that are used by most USB and Firewire controller chips. Open Source Software that includesfreely available access to source code, redistribution, modification, and derived works. The full definition is available at http://www.opensource.org. Open Transport A communications architecture for implementing network protocols and other communication features on computers running classic Mac OS. Open Transport provides a set of programming interfacesthatsupports, among other things, both the AppleTalk and TCP/IP protocols. out-of-line data Data that’s passed by reference in a Mach message, rather than being included in the message. See also in-line data. packet An individual piece of information sent on a network. page (n) (1) The largest block of virtual address space for which the underlying physical address space is guaranteed contiguous—in other words, the unit of mapping between virtual and physical addresses. (2) logical page size: The minimum unit of information that an anonymous pager transfers between system memory and the backing store. (3) physical page size: The unit of information treated as a unit by a hardware MMU. The logical page size must be at least as large as the physical page size Glossary 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 190for hardware-based memory protection to be possible. (v) To move data between memory and a backing store. pager A module responsible for providing the data for the pages of a memory object. See also default pager; vnode pager. panic An unrecoverable system failure explicitly triggered by the kernel with a call to panic. See also kernel crash. PEF (Preferred Executable Format) The format of executable files used for applications and shared libraries in Mac OS 9; supported in OS X. The preferred format for OS X is Mach-O. physical address An address to which a hardware device,such as a memory chip, can directly respond. Programs, including the Mach kernel, use virtual addresses that are translated to physical addresses by mapping hardware controlled by the Mach kernel. pmap Part of Mach VM that provides an abstract way to set and fetch virtual to physical mappings from hardware. The pmap system is the machine-dependent layer of the VM system. port In Mach, a secure unidirectional channel for communication between tasks running on a single system. In IP transport protocols, an integer identifier used to select a receiving service for an incoming packet, or to specify the sender of an outgoing packet. port name In Mach, an integer index into a port namespace; a port right is specified with respect to its port name. See also port rights. portrights In Mach, the ability to send to or receive from a Mach port. Also known as port access rights. port set In Mach, a set of zero or more Mach ports. A thread can receive messages sent to any of the ports contained in a port set by specifying the port set as a parameter to msg_receive(). POSIX (Portable Operating System Interface) A standard that defines a set of operating-system services. It is supported by ISO/IEC, IEEE, and The Open Group. preemption The act of interrupting a currently running program in order to give time to another task. preemptive multitasking A type of multitasking in which the operating system can interrupt a currently running task in order to run another task, as needed. See also cooperative multitasking. priority In scheduling, a number that indicates how likely a thread is to run. The higher the thread’s priority, the more likely the thread isto run. See also scheduling policy. process A BSD abstraction for a running program. A process’s resources include an address space, threads, and file descriptors. In OS X, a process is based on one Mach task and one or more Mach threads. process identifier (PID), A number that uniquely identifies a process. Also called a process ID. programmed I/O I/O in which the CPU accomplishes data transfer with explicit load and store instructions to device registers, rather than DMA, and without the use of interrupts. This data transfer is often done in a byte-by-byte, or word-by-word fashion. Also known as direct or polled I/O. See also DMA (direct memory access). property list A textual way to represent data. Elements of the property list represent data of certain types,such as arrays, dictionaries, and strings. Glossary 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 191System routines allow programs to read property lists into memory and convert the textual data representation into “real” data. See also information property list. protected memory See memory protection. protocol handler A network module that extracts data from input packets (giving the data to interested programs) and inserts data into output packets(giving the output packet to the appropriate network device driver). pthreads The POSIX threads implementation. See also POSIX (Portable Operating System Interface); thread. quantum The fixed amount of time a thread or process can run before being preempted. RAM (random-access memory) Memory that a microprocessor can either read from or write to. real-time performance Performance characterized by guaranteed worst-case response times. Real-time support is important for applications such as multimedia. receive rights In Mach, the ability to receive messages on a Mach port. Only one task at a time can have receive rights for any one port. See also send rights. remote procedure call See RPC (remote procedure call). reply port A Mach port associated with a thread that is used in remote procedure calls. ROM (read-only memory) Memory that cannot be written to. root (1) An administrative account with special privileges. For example, only the root account can load kernel extensions.(2) In graph theory, the base of a tree. (3) root directory: The base of a file system tree. (4) root file system: The primary file system off which a computer boots, so named because it includes the root node of the file system tree. routine In Mach, a remote procedure call that returns a value. This can be used for synchronous or asynchronous operations. See also simpleroutine. RPC (remote procedure call) An interface to IPC that appears (to the caller) as an ordinary function call. In Mach, RPCs are implemented using MIG-generated interface libraries and Mach messages. scheduling The determination of when each process or task runs, including assignment of start times. scheduling policy In Mach, how the thread’s priority isset and under what circumstancesthe thread runs. See also priority. SCSI (Small Computer Systems Interface) A standard communications protocol used for connecting devicessuch as disk drivesto computers. Also, a family of physical bus designs and connectors commonly used to carry SCSI communication. semaphore Similar to a lock, except that a finite number of threads can be holding a semaphore at the same time. See also lock. send rights In Mach, the ability to send messages to a Mach port. Many tasks can have send rights for the same port. See also receive rights. session key In cryptography, a temporary key that is only used for one message, one connection session, orsimilar. Session keys are generally treated asshared secrets, and are frequently exchanged over a channel encrypted using public key cryptography. Glossary 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 192shadow object In Mach VM, a memory object that holds modified pages that originally belonged to another memory object. Thisis used when an object that was duplicated in a copy-on-write fashion is modified. If a page is not found in this shadow object, the original object is referenced. simple message In Mach, a message that contains neither references to ports nor pointers to data. See also nonsimple message. simpleroutine In Mach, a remote procedure call that does not return a value, and has no out or inout parameters. This can be used for asynchronous operations. See also routine. SMP (symmetric multiprocessing) A system architecture in which two or more processors are managed by one kernel, share the same memory, have equal access to I/O devices, and in which any task, including kernel tasks, can run on any processor. spinlock Any of a family of lock types characterized by continuously polling to see if a lock is available, rather than putting the waiting thread to sleep. spin/sleep lock Any of a family of lock types characterized by some combination of the behaviors of spinlocks and mutex (sleep) locks. spl (set priority level) A macro thatsetsthe current IPL. Interrupts with lower priority than the current IPL will not be acted upon until the IPL is lowered. The spl macros have no effect in many parts of OS X, so their use is discouraged as a means of synchronization in new programming except when modifying code that already uses spl macros. See also IPL (interrupt priority level). socket (1) In a user process, a file descriptor that has been allocated using socket(2). (2) In the kernel, the data structure allocated when the kernel’s implementation of the socket(2) call is made. (3) In AppleTalk protocols, a socket serves the same purpose as a port in IP transport protocols. submap A collection of mappingsin the VM system that is shared among multiple Mach tasks. supervisor mode Also known as kernel mode, the processor mode in which certain privileged instructions can be executed, including those related to page table management, cache management, clock setting, and so on. symmetric multiprocessing See SMP (symmetric multiprocessing). task A Mach abstraction, consisting of a virtual address space and a port namespace. A task itself performs no computation; rather, it isthe framework in which threads run. See also thread. task port A kernel port that represents a task and is used to manipulate that task. See also kernel port; thread port. TCP/IP (Transmission Control Protocol/Internet Protocol) An industry standard protocol used to deliver messages between computers over the network. TCP/IP is the primary networking protocol used in OS X. thread The unit of program execution. A thread consists of a program counter, a set of registers, and a stack pointer. See also task. thread port A kernel port that represents a thread and is used to manipulate that thread. See also kernel port; task port. thread-safe code Code that can be executed safely by multiple threads simultaneously. Glossary 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 193time-sharing policy In Mach, a scheduling policy in which a thread’s priority is raised and lowered to balance its resource consumption against other timesharing threads. UDF (Universal Disk Format) The file system format used in DVD disks. UFS (UNIX file system) An industry standard file system format used in UNIX and similar operating systems such as BSD. UFS in OS X is a derivative of 4.4BSD UFS. Unicode A 16-bit character set that defines unique character codes for characters in a wide range of languages. Unlike ASCII, which defines 128 distinct characters typically represented in 8 bits, there are as many as 65,536 distinct Unicode characters that represent the unique characters used in most foreign languages. universal binaries Executable files containing object code for more than one machine architecture. UPL (universal page list) A data structure used when communicating with the virtual memory system. UPLs can be used to change the behavior of pages with respect to caching, permissions, mapping, and so on. USB (Universal Serial Bus) A multiplatform bus standard that can support up to 127 peripheral devices, including printers, digital cameras, keyboards and mice, and storage devices. UTF-8 (Unicode Transformation Format 8) A format used to represent a sequence of 16-bit Unicode characters with an equivalent sequence of 8-bit characters, none of which are zero. This sequence of characters can be represented using an ordinary C language string. VFS (virtual file system) A set of standard internal file-system interfaces and utilities that facilitate support for additional file systems. VFS provides an infrastructure for file systems built into the kernel. virtual address An address as viewed from the perspective of an application. Each task has its own range of virtual addresses, beginning at address zero. The Mach VM system makes the CPU hardware map these addresses onto physical memory. See also physical address. virtual memory A system in which addresses as seen by software are not the same as addressesseen by the hardware. This provides support for memory protection, reduces the need for code relocatability, and allows the operating system to provide the illusion to each application that it has resources much larger than those that could actually be backed by RAM. VM See virtual memory. vnode An in-memory data structure containing information about a file. vnode pager In Mach, one of the built-in pagers. The vnode pager maps files into memory objects. See also default pager; pager. work loop The main loop of an application or KEXT that waits repeatedly for incoming events and dispatches them. XML (Extensible Markup Language) A dialect of SGML (Standard Generalized Markup Language), XML provides a metalanguage containing rules for constructing specialized markup languages. XML users can create their own tags, making XML very flexible. Glossary 2012-02-16 | © 2002, 2012 Apple Inc. All Rights Reserved. 194Apple Inc. © 2002, 2012 Apple Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrievalsystem, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Apple Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Apple’s copyright notice. No licenses, express or implied, are granted with respect to any of the technology described in this document. Apple retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Apple-labeled computers. Apple Inc. 1 Infinite Loop Cupertino, CA 95014 408-996-1010 Apple, the Apple logo, AppleTalk, Carbon, Cocoa, Finder, FireWire, Keychain, Logic, Mac, Mac OS, Macintosh, Objective-C, OS X, Pages, Panther, Power Mac,Quartz,QuickTime, Spaces, and Xcode are trademarks of Apple Inc., registered in the U.S. and other countries. .Mac is a service mark of Apple Inc., registered in the U.S. and other countries. NeXT and OPENSTEP are trademarks of NeXT Software, Inc., registered in the U.S. and other countries. DEC is a trademark of Digital Equipment Corporation. Intel and Intel Core are registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Java is a registered trademark of Oracle and/or its affiliates. OpenGL is a registered trademark of Silicon Graphics, Inc. PowerPC and the PowerPC logo are trademarks of International Business Machines Corporation, used under license therefrom. SPEC is a registered trademark of the Standard Performance Evaluation Corporation (SPEC). UNIX is a registered trademark of The Open Group. Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.ASARESULT, THISDOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL,OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state. RED Workflows with Final Cut Pro X White Paper June 2012White Paper 2 RED Workflows with Final Cut Pro X With the continuing popularity of the RED® family of cameras (www.red.com), Final Cut Pro X editors have been looking for proven workflows with REDCODE® RAW files. This white paper outlines how professional production companies are achieving excellent results when recording with RED cameras, editing in Final Cut Pro X, and finishing in applications such as DaVinci Resolve. This document outlines a complete RED-based post-production workflow, following the steps below: 1. Transcode REDCODE RAW files to Apple ProRes using REDCINE-X® PRO. 2. Batch sync audio and video files. 3. Import synced files into Final Cut Pro X. During import, Final Cut Pro X can automatically create lightweight Apple ProRes 422 (Proxy) files for editing. Or, if you have a lot of footage and multiple editors, you can use Compressor to create the Apple ProRes 422 (Proxy) files. 4. Edit and lock picture with Final Cut Pro X. 5. Export an XML file of the project from Final Cut Pro X. 6. Color grade the project in DaVinci Resolve using either high-quality Apple ProRes or R3D RAW files. You can relink the project XML file to the original R3D files in either REDCINE-X PRO or DaVinci Resolve. 7. Export an XML file from DaVinci Resolve and import it back into Final Cut Pro X. 8. Export a final master from Final Cut Pro X. This method combines the best of both worlds—the speed of editing with Apple ProRes on a wide variety of notebook and desktop systems, and the color grading advantages of RAW when finishing. You can further simplify this workflow by transcoding to high-quality Apple ProRes files and using those throughout color grading and delivery. The sections below include additional detail about each stage of the workflow. Transcode REDCODE RAW Files to Apple ProRes RED cameras record a RAW file (R3D) that must be “debayered” and decompressed to convert the original sensor data to viewable pixels, so that the file can play back in video editing software. Apple ProRes is an excellent choice for this conversion, because it’s a codec optimized for both quality and editing speed. Apple ProRes is a full frame size, intra-frame codec designed to efficiently use multiple processors for playback and rendering. The free RED application REDCINE-X PRO supports Apple ProRes encoding, which can be accelerated using the RED ROCKET® card. REDCINE-X PRO also allows you to apply a “one-light” color correction during the transcoding process, giving your footage a more finished look for editing and review.White Paper 3 RED Workflows with Final Cut Pro X In the Field As workflows expand to include field review and even rough cut editing, digital imaging technicians (DITs) are actively transcoding R3D footage to Apple ProRes using high-end portable systems. A typical field-based workflow includes these steps: • Copy the footage from the camera’s recording medium, like the REDMAG™ removable solid-state drive (SSD). • Create backups so that camera originals can be stored in two different places for data protection. • Create Apple ProRes dailies by transcoding the R3D files to Apple ProRes files for editing and H.264 files for uploading to a secure website for client review. Alternatively, after making backup copies, you can deliver the R3D files to the post facility for transcoding to Apple ProRes dailies. Choose Transcoding Settings When you transcode your files to Apple ProRes, choose the level of quality that’s appropriate to your specific production. Workflow Apple ProRes codec Disk space is a consideration, or you’re editing a large multicam project. Apple ProRes 422 (Proxy) or Apple ProRes 422 (LT) You’re delivering Apple ProRes files as a final master for the web or TV. Apple ProRes 422 or Apple ProRes 422 (HQ) You’re delivering for theater projection or effects compositing. Apple ProRes 4444 Although you can transcode to the final delivery quality and then work with that throughout post-production, it’s more efficient to work with smaller frame sizes and higher image compression during the craft edit. So even though you may have shot at 4K or 5K resolution in the field, you can transcode to a smaller frame size to save time and disk space. For example, you can set the resolution to 1920x1080 or 1280x720, and you can set the debayer quality to 1/4. If you’re generating Apple ProRes files for use as proxy media, you can also choose to superimpose, or “burn in,” the source timecode and filename over the image. This makes it easy to go back to the original R3D files at any point during post-production for a quick visual double-check that the files are correct. For more details, see the REDCINE-X PRO manual at https://www.red.com/downloads. Note: You can speed up transcoding by using a RED ROCKET card, which offloads the processor-intensive debayer and decompression tasks from software to custom hardware. RED ROCKET can be a valuable tool when transcoding a large number of shots.White Paper 4 RED Workflows with Final Cut Pro X Apply One-Light Color Correction When recording with RED cameras, it’s common to shoot a scene “flat” to avoid clipping highlights and shadows and provide more flexibility when manipulating images in post-production. This recording setup can give the footage a washed-out appearance. Many editors and clients prefer working with more visually appealing images that include higher contrast and color saturation. To accommodate this workflow, the free REDCINE-X PRO application allows you to add a one-light color correction as part of the transcoding process. You can choose from several presets to create more common looks, or you can create your own look. Be sure to keep the original names of the R3D files when you generate new Apple ProRes media so that you can easily relink to them later. After you apply the one-light color correction during transcoding, it stays with the image until you go back to the original R3D file and create a new Apple ProRes version. Batch Sync Audio and Video Files After all your media has been transcoded, you can choose to sync second-source audio to the video files. You can sync the files directly in Final Cut Pro X using the built-in synchronization feature that analyzes waveforms to match the scratch audio in your video files to the high-quality audio from your field recorder. You can also use a third-party application like Intelligent Assistance’s Sync-N-Link X (www.intelligentassistance.com), RED’s REDCINE-X PRO (www.red.com/learn), or Singular Software’s PluralEyes (www.singularsoftware.com). Simply select all the audio and Apple ProRes video files and batch sync. Then export the XML to Final Cut Pro X, and all of the synced material is imported into an event, ready for editing. Import Files into Final Cut Pro X After creating Apple ProRes files with REDCINE-X PRO, you can import these files directly into Final Cut Pro X. Even if you transcode R3D files to a high-quality Apple ProRes codec, such as Apple ProRes 4444, you may still choose to use lightweight Apple ProRes 422 (Proxy) files for editing. Final Cut Pro X allows you to generate Apple ProRes proxy files in the background and seamlessly switch to these files for editing, providing great flexibility when editing on a notebook, for example. To create proxy files while importing media 1. In Final Cut Pro, choose File > Import > Files. 2. Select a file or folder, or Command-click to select multiple files to import. 3. Do one of the following: • To add the imported files to an existing event: Select “Add to existing Event,” and choose the event from the pop-up menu. • To create a new event: Select “Create new Event,” type a name in the text field, and choose the disk where you want to store the event from the “Save to” pop-up menu. 4. To have Final Cut Pro copy your media files and add them to the Final Cut Pro Events folder you specified, select the “Copy files to Final Cut Events folder” checkbox. If you’re working with a SAN and want to keep the files in a central location and have multiple users link to them, leave this option unselected. For more information, see Final Cut Pro X: Xsan Best Practices.White Paper 5 RED Workflows with Final Cut Pro X 5. Select the “Create proxy media” checkbox. When this option is selected, Final Cut Pro creates Apple ProRes 422 (Proxy) files in the background after the media files are imported. You can begin to edit your project and, when the proxy files are created, you can open Playback preferences and switch to the proxy files with a single click. 6. Click Import. Final Cut Pro imports your media in the background, and then creates proxy files in the background. You can view the progress of the background tasks in the Background Tasks window. You can now begin editing, even if importing and transcoding are not yet complete. To switch to the Apple ProRes proxy files, select “Use proxy media” in Final Cut Pro Playback preferences. It’s just as easy to switch back to the original media when the creative editing is finished and you want to work on color or effects at the highest quality. When you change these settings, all media in events and projects is affected. Edit in Final Cut Pro X and Export XML After all your media has been imported into Final Cut Pro X, you can edit just as you would any other project. The application was designed for modern, file-based workflows, making it easy to browse, organize, and edit large amounts of material. Use skimming to quickly view your footage. Mark range-based keywords and favorites, and save custom searches as Smart Collections. Quickly and easily arrange clips in the Timeline and add titles and effects, which render in the background as you work. When you’re finished editing, you can send your project to a third-party finishing system such as DaVinci Resolve. Just select the project in the Project Library, choose File > Export XML, and select a location to save the XML file. Color Grade in DaVinci Resolve and Export XML Choose Apple ProRes or RAW for Grading Before importing the Final Cut Pro X XML file into DaVinci Resolve, you should choose between a few different color grading workflows. If you edited with Apple ProRes 422 (HQ) or Apple ProRes 4444 in Final Cut Pro X, you may want to grade these same files in DaVinci Resolve. Alternatively, you can relink the project to the original R3D files in either DaVinci Resolve or REDCINE-X PRO. These RAW files offer a wide range of values to use when grading, which can help improve the look of images that were shot without extensive lighting control or that need a unique style. You can get more image detail out of the highlights and shadows, which is why so many colorists choose to use the RAW files in the color grading stage. White Paper 6 RED Workflows with Final Cut Pro X To relink to the original R3D media in DaVinci Resolve 1. In DaVinci Resolve Preferences, add the location of the R3D files to the Media Storage Volumes list. 2. Save the preferences and reopen DaVinci Resolve. 3. On the Browse page, import the R3D files to the Media Pool. 4. On the Conform page, in the Timeline Management section, click the Load button. 5. Select the XML file that you exported from Final Cut Pro X. 6. In the Load XML window, deselect “Automatically import source clips into media pool.” 7. Choose any other options that are applicable to your project, and click Ok. The XML file is imported and relinked to the corresponding media in the Media Pool using reel name and timecode. A new session appears in the Timeline Management list, and the edit appears in the Timeline. Note: Alternatively, if you’re working with large amounts of media and DaVinci Resolve 8.1 or later, you can have DaVinci Resolve relink to the R3D files automatically when you import the XML file. Just be sure to select the following checkboxes: • Automatically import source clips into media pool • Ignore file extensions when matching Render New Media After color grading the final project in DaVinci Resolve, you can choose the render format based on your final delivery. For example, you may choose to render Apple ProRes 4444 for theater projection, or Apple ProRes 422 if you’re delivering a master for the web or TV. You may want to set a handle length for the rendered media (at least one second), so that you can make additional changes such as adding a longer dissolve or extending an edit. For more details, see the DaVinci Resolve manual at http://www.blackmagic-design.com/support. Export XML from DaVinci Resolve and Import into Final Cut Pro X After you render the media in DaVinci Resolve, you can transfer the project back to Final Cut Pro X by exporting an XML file. To export an XML file from DaVinci Resolve 1. Open the Conform page and, in the Timeline Management list, select the session you want to export an XML file from. 2. Click the Export button at the bottom of the Timeline Management list. 3. In the Export XML dialog, choose FCP X XML 1.1 Files from the Format pop-up menu, type a name and choose a location for the exported XML file, and click Save. An XML version of that session is saved, complete with internal references to the graded media you rendered, and ready for importing into Final Cut Pro X. Import the XML file back into Final Cut Pro X using the Import XML command in the File menu. Make sure that you’re linking to the high-quality media by selecting “Use original or optimized media” in the Playback pane of the Final Cut Pro Preferences window. Now you can add finished audio, adjust titles, insert graphics, and continue to make editorial changes. Because you’ve imported the individual media files and the XML metadata instead of a single QuickTime movie, you can make changes right up to the last minute before delivery. For information about Final Cut Pro X, see Final Cut Pro X Help.White Paper 7 RED Workflows with Final Cut Pro X Copyright © 2012 Apple Inc. All rights reserved. Apple, the Apple logo, Final Cut, Final Cut Pro, QuickTime, and Xsan are trademarks of Apple Inc., registered in the U.S. and other countries. R3D, RED, REDCINE, REDCINE-X, REDCODE, REDMAG, and RED ROCKET are trademarks or registered trademarks of Red.com, Inc. in the United States and other countries. The YouTube logo is a trademark of Google Inc. Other product and company names mentioned herein may be trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products. Product specifications are subject to change without notice. 019-2378 June 2012 Export a Master from Final Cut Pro X The final step in the workflow is to export a finished master from Final Cut Pro X. To export your project as a master file 1. To make sure the project’s render format is set to the quality level you want for the final master, select the project in the Project Library, click the Inspector button in the toolbar, and click the Project Properties button . The Render Format pop-up menu shows the current render codec. 2. Select the project in the Project Library and choose Share > Export Media (or press Command-E). 3. Choose an option from the Export pop-up menu. The default setting, Video and Audio, creates a movie file containing both video and audio. For information about the other options, see Final Cut Pro X Help. To export a file that matches the project’s properties, choose Current Settings from the “Video codec” pop-up menu. When you export using Current Settings, the final master is exported at the quality of the render settings, and the export is as fast as a file copy with no further compression added. 4. To see details about the file that will be output, click Summary. 5. Click Next, type a name and choose a location for the exported file, and click Save. If you’re exporting for review on the web, you can export an H.264 version directly to a private account on YouTube or Vimeo. You can also burn the project to a DVD, or to a Blu-ray disc if you have a third-party Blu-ray burner. If you have Compressor installed, you can choose Share > Send to Compressor to transfer your project to that application for total control over your final export settings. Compressor also allows you to set up render clusters that use the processors of multiple computers on a network. Create a Compressor droplet for drag-and-drop simplicity, or create custom export settings to match unique delivery requirements. If you need to output to tape, all three major video I/O device manufacturers offer free software to support tape delivery. The applications are AJA‘s VTR Xchange, Blackmagic Design’s Media Express, and Matrox’s Vetura. Download the application that works with your video I/O device and use the QuickTime export from Final Cut Pro X to lay back to tape. Conclusion Using Apple ProRes for editing and R3D RAW files for color grading enables a highly flexible workflow optimized for speed, quality, and creative control. This process also takes advantage of the metadata and XML capabilities of Final Cut Pro X, which have been designed for the future of file-based production. By using this document as a template for working with RED and Final Cut Pro X, editors and post-production facilities can further customize the process to suit their unique needs. Transitioning to ARC Release NotesContents Transitioning to ARC Release Notes 3 Summary 3 ARC Overview 4 ARC Enforces New Rules 5 ARC Introduces New Lifetime Qualifiers 7 ARC Uses a New Statement to Manage Autorelease Pools 11 Patterns for Managing Outlets Become Consistent Across Platforms 11 Stack Variables Are Initialized with nil 12 Use Compiler Flags to Enable and Disable ARC 12 Managing Toll-Free Bridging 12 The Compiler Handles CF Objects Returned From Cocoa Methods 13 Cast Function Parameters Using Ownership Keywords 14 Common Issues While Converting a Project 15 Frequently Asked Questions 19 Document Revision History 23 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 2Automatic Reference Counting (ARC) is a compiler feature that provides automatic memory management of Objective-C objects. Rather than having to think about about retain and release operations, ARC allows you to concentrate on the interesting code, the object graphs, and the relationships between objects in your application. {app_code} {app_code} {app_code} {app_code} {app_code} {app_code} {app_code} {app_code} {app_code} {app_code} Reference counting manually Automatic Reference Counting retain/release code retain/release code retain/release code retain/release code retain/release code retain/release code Time to produce Time to produce Summary ARC works by adding code at compile time to ensure that objects live as long as necessary, but no longer. Conceptually, it follows the same memory management conventions as manual reference counting (described in Advanced Memory Management Programming Guide ) by adding the appropriate memory management calls for you. 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 3 Transitioning to ARC Release NotesIn order for the compiler to generate correct code, ARC restricts the methods you can use and how you use toll-free bridging (see “Toll-Free Bridged Types”). ARC also introduces new lifetime qualifiers for object references and declared properties. ARC is supported in Xcode 4.2 for OS X v10.6 and v10.7 (64-bit applications) and for iOS 4 and iOS 5. Weak references are not supported in OS X v10.6 and iOS 4. Xcode provides a tool that automates the mechanical parts of the ARC conversion (such as removing retain and release calls) and helps you to fix issues the migrator can’t handle automatically (choose Edit > Refactor > Convert to Objective-C ARC). The migration tool converts all filesin a project to use ARC. You can also choose to use ARC on a per-file basis if it’s more convenient for you to use manual reference counting for some files. See also: ● Advanced Memory Management Programming Guide ● Memory Management Programming Guide for Core Foundation ARC Overview Instead of you having to remember when to use retain, release, and autorelease, ARC evaluates the lifetime requirements of your objects and automatically inserts appropriate memory management calls for you at compile time. The compiler also generates appropriate dealloc methods for you. In general, if you’re only using ARC the traditional Cocoa naming conventions are important only if you need to interoperate with code that uses manual reference counting. A complete and correct implementation of a Person class might look like this: @interface Person : NSObject @property NSString *firstName; @property NSString *lastName; @property NSNumber *yearOfBirth; @property Person *spouse; @end @implementation Person @end Transitioning to ARC Release Notes ARC Overview 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 4(Object properties are strong by default; the strong attribute is described in “ARC Introduces New Lifetime Qualifiers” (page 7).) Using ARC, you could implement a contrived method like this: - (void)contrived { Person *aPerson = [[Person alloc] init]; [aPerson setFirstName:@"William"]; [aPerson setLastName:@"Dudney"]; [aPerson setYearOfBirth:[[NSNumber alloc] initWithInteger:2011]]; NSLog(@"aPerson: %@", aPerson); } ARC takes care of memory management so that neither the Person nor the NSNumber objects are leaked. You could also safely implement a takeLastNameFrom: method of Person like this: - (void)takeLastNameFrom:(Person *)person { NSString *oldLastname = [self lastName]; [self setLastName:[person lastName]]; NSLog(@"Lastname changed from %@ to %@", oldLastname, [self lastName]); } ARC ensures that oldLastName is not deallocated before the NSLog statement. ARC Enforces New Rules To work, ARC imposes some new rules that are not present when using other compiler modes. The rules are intended to provide a fully reliable memory management model; in some cases, they simply enforce best practice, in some others they simplify your code or are obvious corollaries of your not having to deal with memory management. If you violate these rules, you get an immediate compile-time error, not a subtle bug that may become apparent at runtime. ● You cannot explicitly invoke dealloc, or implement or invoke retain, release, retainCount, or autorelease. The prohibition extends to using @selector(retain), @selector(release), and so on. Transitioning to ARC Release Notes ARC Overview 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 5You may implement a dealloc method if you need to manage resources other than releasing instance variables. You do not have to (indeed you cannot) release instance variables, but you may need to invoke [systemClassInstance setDelegate:nil] on system classes and other code that isn’t compiled using ARC. Custom dealloc methods in ARC do not require a call to [super dealloc] (it actually results in a compiler error). The chaining to super is automated and enforced by the compiler. You can still use CFRetain, CFRelease, and other related functions with Core Foundation-style objects (see “Managing Toll-Free Bridging” (page 12)). ● You cannot use NSAllocateObject or NSDeallocateObject. You create objects using alloc; the runtime takes care of deallocating objects. ● You cannot use object pointers in C structures. Rather than using a struct, you can create an Objective-C class to manage the data instead. ● There is no casual casting between id and void *. You must use special caststhat tell the compiler about object lifetime. You need to do thisto cast between Objective-C objects and Core Foundation types that you pass as function arguments. For more details, see “Managing Toll-Free Bridging” (page 12). ● You cannot use NSAutoreleasePool objects. ARC provides @autoreleasepool blocks instead. These have an advantage of being more efficient than NSAutoreleasePool. ● You cannot use memory zones. There is no need to use NSZone any more—they are ignored by the modern Objective-C runtime anyway. To allow interoperation with manual retain-release code, ARC imposes a constraint on method naming: ● You cannot give an accessor a name that begins with new. This in turn means that you can’t, for example, declare a property whose name begins with new unless you specify a different getter: // Won't work: @property NSString *newTitle; // Works: @property (getter=theNewTitle) NSString *newTitle; Transitioning to ARC Release Notes ARC Overview 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 6ARC Introduces New Lifetime Qualifiers ARC introduces several new lifetime qualifiers for objects, and weak references. A weak reference does not extend the lifetime of the object it points to, and automatically becomes nil when there are no strong references to the object. You should take advantage of these qualifiers to manage the object graphs in your program. In particular, ARC does not guard against strong reference cycles (previously known as retain cycles—see “Practical Memory Management”). Judicious use of weak relationships will help to ensure you don’t create cycles. Property Attributes The keywords weak and strong are introduced as new declared property attributes, asshown in the following examples. // The following declaration is a synonym for: @property(retain) MyClass *myObject; @property(strong) MyClass *myObject; // The following declaration is similar to "@property(assign) MyClass *myObject;" // except that if the MyClass instance is deallocated, // the property value is set to nil instead of remaining as a dangling pointer. @property(weak) MyClass *myObject; Under ARC, strong is the default for object types. Variable Qualifiers You use the following lifetime qualifiers for variables just like you would, say, const. __strong __weak __unsafe_unretained __autoreleasing ● __strong is the default. An object remains “alive” as long as there is a strong pointer to it. ● __weak specifies a reference that does not keep the referenced object alive. A weak reference is set to nil when there are no strong references to the object. Transitioning to ARC Release Notes ARC Overview 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 7● __unsafe_unretained specifies a reference that does not keep the referenced object alive and is not set to nil when there are no strong references to the object. If the object it references is deallocated, the pointer is left dangling. ● __autoreleasing is used to denote argumentsthat are passed by reference (id *) and are autoreleased on return. You should decorate variables correctly. When using qualifiers in an object variable declaration, the correct format is: ClassName * qualifier variableName; for example: MyClass * __weak myWeakReference; MyClass * __unsafe_unretained myUnsafeReference; Other variants are technically incorrect but are “forgiven” by the compiler. To understand the issue, see http://cdecl.org/. Take care when using __weak variables on the stack. Consider the following example: NSString * __weak string = [[NSString alloc] initWithFormat:@"First Name: %@", [self firstName]]; NSLog(@"string: %@", string); Although string is used after the initial assignment, there is no other strong reference to the string object at the time of assignment; it is therefore immediately deallocated. The log statement shows that string has a null value. (The compiler provides a warning in this situation.) You also need to take care with objects passed by reference. The following code will work: NSError *error; BOOL OK = [myObject performOperationWithError:&error]; if (!OK) { // Report the error. // ... However, the error declaration is implicitly: Transitioning to ARC Release Notes ARC Overview 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 8NSError * __strong e; and the method declaration would typically be: -(BOOL)performOperationWithError:(NSError * __autoreleasing *)error; The compiler therefore rewrites the code: NSError * __strong error; NSError * __autoreleasing tmp = error; BOOL OK = [myObject performOperationWithError:&tmp]; error = tmp; if (!OK) { // Report the error. // ... The mismatch between the local variable declaration (__strong) and the parameter (__autoreleasing) causesthe compiler to create the temporary variable. You can get the original pointer by declaring the parameter id __strong * when you take the address of a __strong variable. Alternatively you can declare the variable as __autoreleasing. Use Lifetime Qualifiers to Avoid Strong Reference Cycles You can use lifetime qualifiers to avoid strong reference cycles. For example, typically if you have a graph of objects arranged in a parent-child hierarchy and parents need to refer to their children and vice versa, then you make the parent-to-child relationship strong and the child-to-parent relationship weak. Other situations may be more subtle, particularly when they involve block objects. In manual reference counting mode, __block id x; hasthe effect of not retaining x. In ARC mode, __block id x; defaults to retaining x (just like all other values). To get the manual reference counting mode behavior under ARC, you could use __unsafe_unretained __block id x;. As the name __unsafe_unretained implies, however, having a non-retained variable is dangerous (because it can dangle) and is therefore discouraged. Two better options are to either use __weak (if you don’t need to support iOS 4 or OS X v10.6), or set the __block value to nil to break the retain cycle. The following code fragment illustrates this issue using a pattern that is sometimes used in manual reference counting. Transitioning to ARC Release Notes ARC Overview 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 9MyViewController *myController = [[MyViewController alloc] init…]; // ... myController.completionHandler = ^(NSInteger result) { [myController dismissViewControllerAnimated:YES completion:nil]; }; [self presentViewController:myController animated:YES completion:^{ [myController release]; }]; As described, instead, you can use a __block qualifier and set the myController variable to nil in the completion handler: MyViewController * __block myController = [[MyViewController alloc] init…]; // ... myController.completionHandler = ^(NSInteger result) { [myController dismissViewControllerAnimated:YES completion:nil]; myController = nil; }; Alternatively, you can use a temporary __weak variable. The following example illustrates a simple implementation: MyViewController *myController = [[MyViewController alloc] init…]; // ... MyViewController * __weak weakMyViewController = myController; myController.completionHandler = ^(NSInteger result) { [weakMyViewController dismissViewControllerAnimated:YES completion:nil]; }; For non-trivial cycles, however, you should use: MyViewController *myController = [[MyViewController alloc] init…]; // ... MyViewController * __weak weakMyController = myController; myController.completionHandler = ^(NSInteger result) { Transitioning to ARC Release Notes ARC Overview 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 10MyViewController *strongMyController = weakMyController; if (strongMyController) { // ... [strongMyController dismissViewControllerAnimated:YES completion:nil]; // ... } else { // Probably nothing... } }; In some cases you can use __unsafe_unretained if the class isn’t __weak compatible. This can, however, become impractical for nontrivial cycles because it can be hard or impossible to validate that the __unsafe_unretained pointer is still valid and still points to the same object in question. ARC Uses a New Statement to Manage Autorelease Pools Using ARC, you cannot manage autorelease pools directly using the NSAutoreleasePool class. Instead, you use @autoreleasepool blocks: @autoreleasepool { // Code, such as a loop that creates a large number of temporary objects. } This simple structure allows the compiler to reason about the reference count state. On entry, an autorelease pool is pushed. On normal exit (break, return, goto, fall-through, and so on) the autorelease pool is popped. For compatibility with existing code, if exit is due to an exception, the autorelease pool is not popped. Thissyntax is available in all Objective-C modes. It is more efficient than using the NSAutoreleasePool class; you are therefore encouraged to adopt it in place of using the NSAutoreleasePool. Patterns for Managing Outlets Become Consistent Across Platforms The patternsfor declaring outletsin iOS and OS X change with ARC and become consistent across both platforms. The pattern you should typically adopt is: outletsshould be weak, except for those from File’s Owner to top-level objects in a nib file (or a storyboard scene) which should be strong. Full details are given in “Nib Files” in Resource Programming Guide . Transitioning to ARC Release Notes ARC Overview 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 11Stack Variables Are Initialized with nil Using ARC,strong, weak, and autoreleasing stack variables are now implicitly initialized with nil. For example: - (void)myMethod { NSString *name; NSLog(@"name: %@", name); } will log null for the value of name rather than perhaps crashing. Use Compiler Flags to Enable and Disable ARC You enable ARC using a new -fobjc-arc compiler flag. You can also choose to use ARC on a per-file basis if it’s more convenient for you to use manual reference counting for some files. For projects that employ ARC as the default approach, you can disable ARC for a specific file using a new -fno-objc-arc compiler flag for that file. ARC is supported in Xcode 4.2 and later OS X v10.6 and later (64-bit applications) and for iOS 4 and later. Weak references are not supported in OS X v10.6 and iOS 4. There is no ARC support in Xcode 4.1 and earlier. Managing Toll-Free Bridging In many Cocoa applications, you need to use Core Foundation-style objects, whether from the Core Foundation framework itself (such as CFArrayRef or CFMutableDictionaryRef) or from frameworks that adopt Core Foundation conventions such as Core Graphics (you might use types like CGColorSpaceRef and CGGradientRef). The compiler does not automatically manage the lifetimes of Core Foundation objects; you must call CFRetain and CFRelease (or the corresponding type-specific variants) as dictated by the Core Foundation memory management rules (see Memory Management Programming Guide for Core Foundation ). If you cast between Objective-C and Core Foundation-style objects, you need to tell the compiler about the ownership semantics of the object using either a cast (defined in objc/runtime.h) or a Core Foundation-style macro (defined in NSObject.h): ● __bridge transfers a pointer between Objective-C and Core Foundation with no transfer of ownership. ● __bridge_retained or CFBridgingRetain casts an Objective-C pointer to a Core Foundation pointer and also transfers ownership to you. Transitioning to ARC Release Notes Managing Toll-Free Bridging 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 12You are responsible for calling CFRelease or a related function to relinquish ownership of the object. ● __bridge_transfer or CFBridgingRelease moves a non-Objective-C pointer to Objective-C and also transfers ownership to ARC. ARC is responsible for relinquishing ownership of the object. For example, if you had code like this: - (void)logFirstNameOfPerson:(ABRecordRef)person { NSString *name = (NSString *)ABRecordCopyValue(person, kABPersonFirstNameProperty); NSLog(@"Person's first name: %@", name); [name release]; } you could replace it with: - (void)logFirstNameOfPerson:(ABRecordRef)person { NSString *name = (NSString *)CFBridgingRelease(ABRecordCopyValue(person, kABPersonFirstNameProperty)); NSLog(@"Person's first name: %@", name); } The Compiler Handles CF Objects Returned From Cocoa Methods The compiler understands Objective-C methods that return Core Foundation types follow the historical Cocoa naming conventions (see Advanced Memory Management Programming Guide ). For example, the compiler knows that, in iOS, the CGColor returned by the CGColor method of UIColor is not owned. You must still use an appropriate type cast, as illustrated by this example: NSMutableArray *colors = [NSMutableArray arrayWithObject:(id)[[UIColor darkGrayColor] CGColor]]; [colors addObject:(id)[[UIColor lightGrayColor] CGColor]]; Transitioning to ARC Release Notes Managing Toll-Free Bridging 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 13Cast Function Parameters Using Ownership Keywords When you cast between Objective-C and Core Foundation objectsin function calls, you need to tell the compiler about the ownership semantics of the passed object. The ownership rules for Core Foundation objects are those specified in the Core Foundation memory management rules (see Memory Management Programming Guide for Core Foundation ); rules for Objective-C objects are specified in Advanced Memory Management Programming Guide . In the following code fragment, the array passed to the CGGradientCreateWithColors function requires an appropriate cast. Ownership of the object returned by arrayWithObjects: is not passed to the function, thus the cast is __bridge. NSArray *colors = <#An array of colors#>; CGGradientRef gradient = CGGradientCreateWithColors(colorSpace, (__bridge CFArrayRef)colors, locations); The code fragment is shown in context in the following method implementation. Notice also the use of Core Foundation memory management functions where dictated by the Core Foundation memory management rules. - (void)drawRect:(CGRect)rect { CGContextRef ctx = UIGraphicsGetCurrentContext(); CGColorSpaceRef colorSpace = CGColorSpaceCreateDeviceGray(); CGFloat locations[2] = {0.0, 1.0}; NSMutableArray *colors = [NSMutableArray arrayWithObject:(id)[[UIColor darkGrayColor] CGColor]]; [colors addObject:(id)[[UIColor lightGrayColor] CGColor]]; CGGradientRef gradient = CGGradientCreateWithColors(colorSpace, (__bridge CFArrayRef)colors, locations); CGColorSpaceRelease(colorSpace); // Release owned Core Foundation object. CGPoint startPoint = CGPointMake(0.0, 0.0); CGPoint endPoint = CGPointMake(CGRectGetMaxX(self.bounds), CGRectGetMaxY(self.bounds)); CGContextDrawLinearGradient(ctx, gradient, startPoint, endPoint, kCGGradientDrawsBeforeStartLocation | kCGGradientDrawsAfterEndLocation); CGGradientRelease(gradient); // Release owned Core Foundation object. } Transitioning to ARC Release Notes Managing Toll-Free Bridging 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 14Common Issues While Converting a Project When migrating existing projects, you are likely to run into various issues. Here are some common issues, together with solutions. You can’t invoke retain, release, or autorelease. This is a feature. You also can’t write: while ([x retainCount]) { [x release]; } You can’t invoke dealloc. You typically invoke dealloc if you are implementing a singleton or replacing an object in an init methods. Forsingletons, use the shared instance pattern. In init methods, you don't have to call dealloc anymore, because the object will be freed when you overwrite self. You can’t use NSAutoreleasePool objects. Use the new @autoreleasepool{} construct instead. This forces a block structure on your autorelease pool, and is about six times faster than NSAutoreleasePool. @autoreleasepool even works in non-ARC code. Because @autoreleasepool is so much faster than NSAutoreleasePool, many old “performance hacks” can simply be replaced with unconditional @autoreleasepool. The migrator handles simple uses of NSAutoreleasePool, but it can't handle complex conditional cases, or cases where a variable is defined inside the body of the new @autoreleasepool and used after it. ARC requires you to assign the result of [super init] to self in init methods. The following is invalid in ARC init methods: [super init]; The simple fix is to change it to: self = [super init]; The proper fix is to do that, and check the result for nil before continuing: self = [super init]; if (self) { ... Transitioning to ARC Release Notes Common Issues While Converting a Project 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 15You can’t implement custom retain or release methods. Implementing custom retain or release methods breaks weak pointers. There are several common reasons for wanting to provide custom implementations: ● Performance. Please don’t do this any more; the implementation of retain and release for NSObject is much faster now. If you still find problems, please file bugs. ● To implement a custom weak pointer system. Use __weak instead. ● To implement singleton class. Use the shared instance pattern instead. Alternatively, use class instead of instance methods, which avoids having to allocate the object at all. “Assigned” instance variables become strong. Before ARC, instance variables were non-owning references—directly assigning an object to an instance variable did not extend the lifetime of the object. To make a property strong, you usually implemented or synthesized accessor methods that invoked appropriate memory management methods; in contrast, you may have implemented accessor methods like those shown in the following example to maintain a weak property. @interface MyClass : Superclass { id thing; // Weak reference. } // ... @end @implementation MyClass - (id)thing { return thing; } - (void)setThing:(id)newThing { thing = newThing; } // ... Transitioning to ARC Release Notes Common Issues While Converting a Project 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 16@end With ARC, instance variables are strong references by default—assigning an object to an instance variable directly does extend the lifetime of the object. The migration tool is not able to determine when an instance variable is intended to be weak. To maintain the same behavior as before, you must mark the instance variable as being weak, or use a declared property. @interface MyClass : Superclass { id __weak thing; } // ... @end @implementation MyClass - (id)thing { return thing; } - (void)setThing:(id)newThing { thing = newThing; } // ... @end Or: @interface MyClass : Superclass @property (weak) id thing; // ... @end @implementation MyClass @synthesize thing; // ... @end Transitioning to ARC Release Notes Common Issues While Converting a Project 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 17You can't use strong ids in C structures. For example, the following code won’t compile: struct X { id x; float y; }; This is because x defaults to strongly retained and the compiler can’t safely synthesize all the code required to make it work correctly. For example, if you pass a pointer to one of these structures through some code that ends up doing a free, each id would have to be released before the struct is freed. The compiler cannot reliably do this, so strong ids in structures are disallowed completely in ARC mode. There are a few possible solutions: 1. Use Objective-C objects instead of structs. This is considered to be best practice anyway. 2. If using Objective-C objects is sub-optimal, (maybe you want a dense array of these structs) then consider using a void* instead. This requires the use of the explicit casts, described below. 3. Mark the object reference as __unsafe_unretained. This approach may be useful for the semi-common patterns like this: struct x { NSString *S; int X; } StaticArray[] = { @"foo", 42, @"bar, 97, ... }; You declare the structure as: struct x { NSString * __unsafe_unretained S; int X; } This may be problematic and is unsafe if the object could be released out from under the pointer, but it is very useful for things that are known to be around forever like constant string literals. You can’t directly cast between id and void* (including Core Foundation types). This is discussed in greater detail in “Managing Toll-Free Bridging” (page 12). Transitioning to ARC Release Notes Common Issues While Converting a Project 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 18Frequently Asked Questions How do I think about ARC? Where does it put the retains/releases? Try to stop thinking about where the retain/release calls are put and think about your application algorithms instead. Think about “strong and weak” pointers in your objects, about object ownership, and about possible retain cycles. Do I still need to write dealloc methods for my objects? Maybe. Because ARC does not automate malloc/free, management of the lifetime of Core Foundation objects, file descriptors, and so on, you still free such resources by writing a dealloc method. You do not have to (indeed cannot) release instance variables, but you may need to invoke [self setDelegate:nil] on system classes and other code that isn’t compiled using ARC. dealloc methods in ARC do not require—or allow—a call to [super dealloc]; the chaining to super is handled and enforced by the runtime. Are retain cycles still possible in ARC? Yes. ARC automates retain/release, and inherits the issue of retain cycles. Fortunately, code migrated to ARC rarely starts leaking, because properties already declare whether the properties are retaining or not. How do blocks work in ARC? Blocks “just work” when you pass blocks up the stack in ARC mode, such as in a return. You don’t have to call Block Copy any more. You still need to use [^{} copy] when passing “down” the stack into arrayWithObjects: and other methods that do a retain. The one thing to be aware of isthat NSString * __block myString isretained in ARC mode, not a possibly dangling pointer. To get the previous behavior, use __block NSString * __unsafe_unretained myString or (better still) use __block NSString * __weak myString. Can I develop applications for OS X with ARC using Snow Leopard? No. The Snow Leopard version of Xcode 4.2 doesn’t support ARC at all on OS X, because it doesn’t include the 10.7 SDK. Xcode 4.2 for Snow Leopard does support ARC for iOS though, and Xcode 4.2 for Lion supports both OS X and iOS. This means you need a Lion system to build an ARC application that runs on Snow Leopard. Can I create a C array of retained pointers under ARC? Transitioning to ARC Release Notes Frequently Asked Questions 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 19Yes, you can, as illustrated by this example: // Note calloc() to get zero-filled memory. __strong SomeClass **dynamicArray = (__strong SomeClass **)calloc(sizeof(SomeClass *), entries); for (int i = 0; i < entries; i++) { dynamicArray[i] = [[SomeClass alloc] init]; } // When you're done, set each entry to nil to tell ARC to release the object. for (int i = 0; i < entries; i++) { dynamicArray[i] = nil; } free(dynamicArray); There are a number of aspects to note: ● You will need to write __strong SomeClass ** in some cases, because the default is __autoreleasing SomeClass **. ● The allocated memory must be zero-filled. ● You must set each element to nil before freeing the array (memset or bzero will not work). ● You should avoid memcpy or realloc. Is ARC slow? It depends on what you’re measuring, but generally “no.” The compiler efficiently eliminates many extraneous retain/release calls and much effort has been invested in speeding up the Objective-C runtime in general. In particular, the common “return a retain/autoreleased object” pattern is much faster and does not actually put the object into the autorelease pool, when the caller of the method is ARC code. One issue to be aware of is that the optimizer is not run in common debug configurations, so expect to see a lot more retain/release traffic at -O0 than at -Os. Does ARC work in ObjC++ mode? Yes. You can even put strong/weak ids in classes and containers. The ARC compiler synthesizes retain/release logic in copy constructors and destructors etc to make this work. Which classes don’t support weak references? Transitioning to ARC Release Notes Frequently Asked Questions 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 20You cannot currently create weak references to instances of the following classes: NSATSTypesetter, NSColorSpace, NSFont, NSMenuView, NSParagraphStyle, NSSimpleHorizontalTypesetter, and NSTextView. Note: In addition, in OS X v10.7, you cannot create weak referencesto instances of NSFontManager, NSFontPanel, NSImage, NSTableCellView, NSViewController, NSWindow, and NSWindowController. In addition, in OS X v10.7 no classes in the AV Foundation framework support weak references. For declared properties, you should use assign instead of weak; for variables you should use __unsafe_unretained instead of __weak. In addition, you cannot create weak references from instances of NSHashTable, NSMapTable, or NSPointerArray under ARC. What do I have to do when subclassing NSCell or another class that uses NSCopyObject? Nothing special. ARC takes care of cases where you had to previously add extra retains explicitly. With ARC, all copy methods should just copy over the instance variables. Can I opt out of ARC for specific files? Yes. Transitioning to ARC Release Notes Frequently Asked Questions 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 21When you migrate a project to use ARC, the -fobjc-arc compiler flag is set as the default for all Objective-C source files. You can disable ARC for a specific class using the -fno-objc-arc compiler flag for that class. In Xcode, in the target Build Phasestab, open the Compile Sources group to reveal the source file list. Double-click the file for which you want to set the flag, enter -fno-objc-arc in the pop-up panel, then click Done. Is GC (Garbage Collection) deprecated on the Mac? Garbage collection is deprecated in OS X Mountain Lion v10.8, and will be removed in a future version of OS X. Automatic Reference Counting is the recommended replacement technology. To aid in migrating existing applications, the ARC migration tool in Xcode 4.3 and later supports migration of garbage collected OS X applications to ARC. Note: For apps targeting the Mac App Store, Apple strongly recommends you replace garbage collection with ARC as soon as feasible, because Mac App Store guidelines (see App Store Review Guidelines for Mac Apps) prohibit the use of deprecated technologies. Transitioning to ARC Release Notes Frequently Asked Questions 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 22This table describes the changes to Transitioning to ARC Release Notes. Date Notes 2012-07-17 Updated for OS X v10.8. 2012-03-14 Noted that under ARC properties are strong by default. 2012-02-16 Corrected out-of-date advice regarding C++ integration. 2012-01-09 Added note to search for weak references. First version of a document that describes how to transition code from manual retain/release to use ARC. 2011-10-12 2012-07-17 | © 2012 Apple Inc. All Rights Reserved. 23 Document Revision HistoryApple Inc. © 2012 Apple Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrievalsystem, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Apple Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Apple’s copyright notice. No licenses, express or implied, are granted with respect to any of the technology described in this document. Apple retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Apple-labeled computers. Apple Inc. 1 Infinite Loop Cupertino, CA 95014 408-996-1010 Apple, the Apple logo, Cocoa, Leopard, Mac, Objective-C, OS X, Snow Leopard, and Xcode are trademarks of Apple Inc., registered in the U.S. and other countries. App Store and Mac App Store are service marks of Apple Inc. iOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license. Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.ASARESULT, THISDOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL,OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state. App Sandbox Design GuideContents About App Sandbox 5 At a Glance 5 How to Use This Document 6 Prerequisites 6 See Also 6 App Sandbox Quick Start 8 Create the Xcode Project 8 Enable App Sandbox 10 Create a Code Signing Certificate for Testing 10 Specify the Code Signing Identity 11 Confirm That the App Is Sandboxed 12 Resolve an App Sandbox Violation 13 App Sandbox in Depth 15 The Need for a Last Line of Defense 15 Container Directories and File System Access 16 The App Sandbox Container Directory 16 The Application Group Container Directory 17 Powerbox and File System Access Outside of Your Container 17 Open and Save Dialog Behavior with App Sandbox 19 Entitlements and System Resource Access 20 Security-Scoped Bookmarks and Persistent Resource Access 21 Two Distinct Types of Security-Scoped Bookmark 21 Using Security-Scoped Bookmarks 22 App Sandbox and Code Signing 24 External Tools, XPC Services, and Privilege Separation 26 Designing for App Sandbox 27 Six Steps for Adopting App Sandbox 27 Determine Whether Your App Is Suitable for Sandboxing 27 Design a Development and Distribution Strategy 29 Resolve API Incompatibilities 29 Opening, Saving, and Tracking Documents 29 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 2Retaining Access to File System Resources 29 Creating a Login Item for Your App 30 Accessing User Data 30 Accessing Preferences of Other Apps 30 Apply the App Sandbox Entitlements You Need 31 Add Privilege Separation Using XPC 32 Implement a Migration Strategy 32 Migrating an App to a Sandbox 33 Creating a Container Migration Manifest 34 Undoing a Migration for Testing 36 An Example Container Migration Manifest 36 Use Variables to Specify Support-File Directories 37 Document Revision History 39 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 3 ContentsTables and Listings App Sandbox in Depth 15 Table 2-1 The App Sandbox mindset 15 Table 2-2 Open and Save class inheritance with App Sandbox 20 Migrating an App to a Sandbox 33 Table 4-1 How system directory variables resolve depending on context 37 Table 4-2 Variables for support-file directories 38 Listing 4-1 An example container migration manifest 36 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 4App Sandbox provides a last line of defense against stolen, corrupted, or deleted user data if malicious code exploits your app. App Sandbox also minimizes the damage from coding errors in your app or in frameworks you link against. Your app All system resources All user data Unrestricted access Other system resources Other user data Your app Unrestricted access No access Without App Sandbox With App Sandbox Your sandbox App Sandbox is an access control technology provided in OS X, enforced at the kernel level. Its strategy is twofold: 1. App Sandbox enables you to describe how your app interacts with the system. The system then grants your app the access it needs to get its job done, and no more. 2. App Sandbox allows the user to transparently grant your app additional access by way of Open and Save dialogs, drag and drop, and other familiar user interactions. At a Glance Based on simple security principles, App Sandbox provides strong defense against damage from malicious code. The elements of App Sandbox are container directories, entitlements, user-determined permissions, privilege separation, and kernel enforcement. It’s up to you to understand these elements and then to use your understanding to create a plan for adopting App Sandbox. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 5 About App SandboxRelevant chapters: “App Sandbox Quick Start” (page 8), “App Sandbox in Depth” (page 15) After you understand the basics, look at your app in light of this security technology. First, determine if your app issuitable forsandboxing. Most apps are. Design your developmentstrategy, resolve API incompatibilities, determine which entitlements you need, and consider applying privilege separation to maximize the defensive value of App Sandbox. Relevant chapter: “Designing for App Sandbox” (page 27) Some file system locations that your app uses are different when you adopt App Sandbox. In particular, you gain a container directory to be used for app support files, databases, caches, and other files apart from user documents. OS X and Xcode support migration of files from their legacy locations to your container. Relevant chapter: “Migrating an App to a Sandbox” (page 33) How to Use This Document To get up and running with App Sandbox, perform the tutorial in “App Sandbox Quick Start” (page 8). Before sandboxing an app you intend to distribute, be sure you understand “App Sandbox in Depth” (page 15). When you’re ready to startsandboxing a new app, or to convert an existing app to adopt App Sandbox, read “Designing for App Sandbox” (page 27). If you’re providing a new, sandboxed version of your app to users already running a version that is not sandboxed, read “Migrating an App to a Sandbox” (page 33). Prerequisites Before you read this document, make sure you understand the place of App Sandbox and code signing in the overall OS X development process by reading Mac App Programming Guide . See Also To complement the damage containment provided by App Sandbox, you must provide a first line of defense by adopting secure coding practices throughout your app. To learn how, read Security Overview and Secure Coding Guide . About App Sandbox How to Use This Document 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 6An important step in adopting App Sandbox is requesting entitlements for your app. For details on all the available entitlements, see Entitlement Key Reference . You can enhance the benefits of App Sandbox in a full-featured app by implementing privilege separation. You do this using XPC, an OS X implementation of interprocess communication. To learn the details of using XPC, read Daemons and Services Programming Guide . About App Sandbox See Also 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 7In this Quick Start you get an OS X app up and running in a sandbox. You verify that the app isindeed sandboxed and then learn how to troubleshoot and resolve a typical App Sandbox error. The apps you use are Xcode, Keychain Access, Activity Monitor, and Console. Create the Xcode Project The app you create in this Quick Start uses a WebKit web view and consequently uses a network connection. Under App Sandbox, network connections don’t work unless you specifically allow them—making this a good example app for learning about sandboxing. To create the Xcode project for this Quick Start 1. In Xcode 4, create a new Xcode project for an OS X Cocoa application. ● Name the project AppSandboxQuickStart. ● Set a company identifier, such as com.yourcompany, if none is already set. ● Ensure that Use Automatic Reference Counting is selected and that the other checkboxes are unselected. 2. In the project navigator, click the MainMenu nib file. The Interface Builder canvas appears. 3. In the Xcode dock, click the Window object. The app’s window is now visible on the canvas. 4. In the object library (in the utilities area), locate the WebView object. 5. Drag a web view onto the window on the canvas. 6. (Optional) To improve the display of the web view in the running app, perform the following steps: ● Drag the sizing controls on the web view so that it completely fills the window’s main view. ● Using the size inspector for the web view, ensure that all of the inner and outer autosizing contraints are active. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 8 App Sandbox Quick Start7. Create and connect an outlet for the web view in the AppDelegate class. In Xcode, use the following specification: Outlet connection source The WebView object of the MainMenu nib file. Outlet variable location The interface block of the AppDelegate.h header file. Outlet name webView Storage weak At this point, if you were to build the app, Xcode would report an error because the project doesn’t yet use WebKit but does have a web view in the nib file. You take care of this in the next step. 8. Add the WebKit framework to the app. ● Import the WebKit framework by adding the following statement above the interface block in the AppDelegate.h header file: #import ● Link the WebKit framework to the Quick Start project as a required framework. 9. Add the following awakeFromNib method to the AppDelegate.m implementation file: - (void) awakeFromNib { [self.webView.mainFrame loadRequest: [NSURLRequest requestWithURL: [NSURL URLWithString: @"http://www.apple.com"]]]; } On application launch, this method requeststhe specified URL from the computer’s network connection and then sends the result to the web view for display. Now, build and run the app—which is not yet sandboxed and so has free access to system resources including its network sockets. Confirm that the app’s window displays the page you specified in the awakeFromNib method. When done, quit the app. App Sandbox Quick Start Create the Xcode Project 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 9Enable App Sandbox You enable App Sandbox by selecting a checkbox in the Xcode target editor. In Xcode, click the project file in the project navigator and click the AppSandboxQuickStart target, if they’re not already selected. View the Summary tab of the target editor. To enable App Sandbox for the project 1. In the Summary tab of the target editor, click Enable Entitlements. An entitlement is a key-value pair, defined in a property list file, that confers a specific capability or security permission to a target. When you click Enable Entitlements, Xcode automatically checks the Code Sign Application checkbox and the Enable App Sandboxing checkbox. Together, these are the essential projectsettingsfor enabling App Sandbox. When you click Enable Entitlements, Xcode also creates a .entitlements property list file, visible in the project navigator. As you use the graphical entitlementsinterface in the target editor, Xcode updates the property list file. 2. Clear the contents of the iCloud entitlement fields. This Quick Start doesn’t use iCloud. Because Xcode automatically adds iCloud entitlement values when you enable entitlements, delete them as follows: ● In the Summary tab of the target editor,select and then delete the content of the iCloud Key-Value Store field. ● Click the top row in the iCloud Containers field and click the minus button. At this point in the Quick Start, you have enabled App Sandbox but have not yet provided a code signing identity for the Xcode project. Consequently, if you attempt to build the project now, the build fails. You take care of this in the next two sections. Create a Code Signing Certificate for Testing To build a sandboxed app in Xcode, you must have a code signing certificate and its associated private key in your keychain, and then use that certificate’s code signing identity in the project. The entitlements you specify, including the entitlement that enables App Sandbox, become part of the app’s code signature when you build the project. App Sandbox Quick Start Enable App Sandbox 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 10In this section, you create a code signing certificate. This simplified process lets you stay focused on the steps for enabling a sandbox. Important: A code signing certificate that you create as described in this Quick Start is not appropriate to use with an app you intend to distribute. Before you work on sandboxing an app you plan to distribute, read “App Sandbox and Code Signing” (page 24). To create a code signing certificate for testing App Sandbox 1. In Keychain Access (available in Applications/Utilities), choose KeyChain Access > Certificate Assistant > Create a Certificate. Certificate Assistant opens. Note: Before you invoke the “Create a Certificate” menu command, ensure that no key is selected in the Keychain Access main window. If a key is selected, the menu command is not available. 2. In Certificate Assistant, name the certificate something like My Test Certificate. 3. Complete the configuration of the certificate as follows: Identity type Self Signed Root Certificate type Code Signing Let me override defaults unchecked 4. Click Create. 5. In the alert that appears, click Continue. 6. In the Conclusion window, click Done. Your new code signing certificate, and its associated public and private keys, are now available in Keychain Access. Specify the Code Signing Identity Now, configure the Xcode project to use the code signing identity from the certificate you created in the previous task. App Sandbox Quick Start Specify the Code Signing Identity 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 11To specify the code signing identity for the project 1. View the Build Settings tab in the project editor. Take care that you are using the project editor, not the target editor. 2. In the Code Signing section, locate the Code Signing Identity row. 3. Click the value area of the Code Signing Identity row. 4. In the popup menu that opens, choose Other. 5. In the text entry window that opens, enter the exact name of the newly created code signing certificate, then press . If you’re using the suggested name from thisQuick Start, the name you enter is My Test Certificate. Now, build the app. The codesign tool may display an alert asking for permission to use the new certificate. If you do see this alert, click Always Allow. Confirm That the App Is Sandboxed Build and run the Quick Start app. The window opens, but if the app issuccessfully sandboxed, no web content appears. This is because you have not yet conferred permission to access a network connection. Apart from blocked behavior, there are two specific signs that an OS X app is successfully sandboxed. To confirm that the Quick Start app is successfully sandboxed 1. In Finder, look at the contents of the ~/Library/Containers/ folder. If the Quick Start app is sandboxed, there is now a container folder named after your app. The name includes the company identifier for the project, so the complete folder name would be, for example, com.yourcompany.AppSandboxQuickStart. The system creates an app’s container folder, for a given user, the first time the user runs the app. 2. In Activity Monitor, check that the system recognizes the app as sandboxed. ● Launch Activity Monitor (available in /Applications/Utilities). ● In Activity Monitor, choose View > Columns. Ensure that the Sandbox menu item is checked. ● In the Sandbox column, confirm that the value for the Quick Start app is Yes. App Sandbox Quick Start Confirm That the App Is Sandboxed 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 12To make it easier to locate the app in Activity monitor, enter the name of the Quick Start app in the Filter field. Tip: If the app crashes when you attempt to run it,specifically by receiving an EXC_BAD_INSTRUCTION signal, the most likely reason is that you previously ran a sandboxed app with the same bundle identifier but a different code signature. This crashing upon launch is an App Sandbox security feature that prevents one app from masquerading as another and thereby gaining access to the other app’s container. You learn how to design and build your apps, in light of this security feature, in “App Sandbox and Code Signing” (page 24). Resolve an App Sandbox Violation An App Sandbox violation occurs if your app tries to do something that App Sandbox does not allow. For example, you have already seen in this Quick Start that the sandboxed app is unable to retrieve content from the web. Fine-grained restriction over access to system resources is the heart of how App Sandbox provides protection should an app become compromised by malicious code. The most common source of App Sandbox violations is a mismatch between the entitlement settings you specified in Xcode and the needs of your app. In this section you observe and then correct an App Sandbox violation. To diagnose an App Sandbox violation 1. Build and run the Quick Start app. The app starts normally, but fails to display the webpage specified in its awakeFromNib method (as you’ve previously observed in “Confirm That the App Is Sandboxed” (page 12)). Because displaying the webpage worked correctly before you sandboxed the app, it is appropriate in this case to suspect an App Sandbox violation. 2. Open Console (available in /Applications/Utilities/) and ensure that All Messages is selected in the sidebar. In the filter field of the Console window, enter sandboxd to display only App Sandbox violations. sandboxd is the name of the App Sandbox daemon that reports on sandbox violations. The relevant messages, as displayed in Console, look similar to the following: 3:56:16 pm sandboxd: ([4928]) AppSandboxQuickS(4928) deny network-outbound 111.30.222.15:80 3:56:16 pm sandboxd: ([4928]) AppSandboxQuickS(4928) deny system-socket App Sandbox Quick Start Resolve an App Sandbox Violation 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 13The problem that generates these console messages is that the Quick Start app does not yet have the entitlement for outbound network access. Tip: To see the full backtraces for either violation, click the paperclip icon near the right edge of the corresponding Console message. The steps in the previous task illustrate the general pattern to use for identifying App Sandbox violations: 1. Confirm that the violation occurs only with App Sandbox enabled in your project. 2. Provoke the violation (such as by attempting to use a network connection, if your app is designed to do that). 3. Look in Console for sandboxd messages. There is also a simple, general pattern to use for resolving such violations. To resolve the App Sandbox violation by adding the appropriate entitlement 1. Quit the Quick Start app. 2. In the Summary tab of the target editor, look for the entitlement that corresponds to the reported sandboxd violation. In this case, the primary error is deny network-outbound. The corresponding entitlement is Allow Outgoing Network Connections. 3. In the Summary tab of the target editor, select the Allow Outgoing Network Connections checkbox. Doing so applies a TRUE value, for the needed entitlement, to the Xcode project. 4. Build and run the app. The intended webpage now displays in the app. In addition, there are no new App Sandbox violation messages in Console. App Sandbox Quick Start Resolve an App Sandbox Violation 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 14The access control mechanisms used by App Sandbox to protect user data are small in number and easy to understand. But the specific steps for you to take, as you adopt App Sandbox, are unique to your app. To determine what those steps are, you must understand the key concepts for this technology. The Need for a Last Line of Defense You secure your app against attack from malware by following the practices recommended in Secure Coding Guide . But despite your best efforts to build an invulnerable barrier—by avoiding buffer overflows and other memory corruptions, preventing exposure of user data, and eliminating other vulnerabilities—your app can be exploited by malicious code. An attacker needs only to find a single hole in your defenses, or in any of the frameworks and libraries that you link against, to gain control of your app’s interactions with the system. App Sandbox is designed to confront this scenario head on by letting you describe your app’s intended interactions with the system. The system then grants your app only the access your app needs to get its job done. If malicious code gains control of a properly sandboxed app, it is left with access to only the files and resources in the app’s sandbox. To successfully adopt App Sandbox, use a different mindset than you might be accustomed to, as suggested in Table 2-1. Table 2-1 The App Sandbox mindset When developing… When adopting App Sandbox… Add features Minimize system resource use Take advantage of access throughout your app Partition functionality, then distrust each part Use the most convenient API Use the most secure API View restrictions as limitations View restrictions as safeguards 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 15 App Sandbox in DepthWhen designing for App Sandbox, you are planning for the following worst-case scenario: Despite your best efforts, malicious code breaches an unintended security hole—either in your code or in a framework you’ve linked against. Capabilities you’ve added to your app become capabilities of the hostile code. Keep this in mind as you read the rest of this document. Container Directories and File System Access When you adopt App Sandbox, the system provides a special directory for use by your app—and only by your app—called a container. Each user on a system gets an individual container for your app, within their home directory; your app has unfettered read/write access to the container for the current user. The App Sandbox Container Directory The container has the following characteristics: ● It is located at a system-defined path, within the user’s home directory, that you can obtain by calling the NSHomeDirectory function. ● Your app has unrestricted read/write access to the container and its subdirectories. ● OS X path-finding APIs (above the POSIX layer) refer to locations that are specific to your app. Most of these path-finding APIsrefer to locationsrelative to your app’s container. For example, the container includes an individual Library directory (specified by the NSLibraryDirectory search path constant) for use only by your app, with individual Application Support and Preferences subdirectories. Using your container forsupport filesrequires no code change (from the pre-sandbox version of your app) but may require one-time migration, as explained in “Migrating an App to a Sandbox” (page 33). Some path-finding APIs (above the POSIX layer) refer to app-specific locations outside of the user’s home directory. In a sandboxed app, for example, the NSTemporaryDirectory function provides a path to a directory that is outside of the user’s home directory but specific to your app and within your sandbox; you have unrestricted read/write access to it for the current user. The behavior of these path-finding APIs is suitably adjusted for App Sandbox and no code change is needed. ● OS X establishes and enforces the connection between your app and its container by way of your app’s code signature. ● The container isin a hidden location, and so users do not interact with it directly. Specifically, the container is not for user documents. It is for files that your app uses, along with databases, caches, and other app-specific data. For a shoebox-style app, in which you provide the only user interface to the user’s content, that content goes in the container and your app has full access to it. App Sandbox in Depth Container Directories and File System Access 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 16iOS Note: Because it is not for user documents, an OS X container differs from an iOS container—which, in iOS, is the one and only location for user documents. In addition, an iOS container contains the app itself. This is not so in OS X. iCloud Note: Apple’s iCloud technology, as described in “iCloud Storage”, uses the name “container” as well. There is no functional connection between an iCloud container and an App Sandbox container. Thanks to code signing, no other sandboxed app can gain access to your container, even if it attempts to masquerade as your app by using your bundle identifier. Future versions of your app, however—provided that you use the same code signature and bundle identifier—do reuse your app’s container. The time at which a container directory is created for an App Sandbox–enabled app is when the app is first run. Because a container is within a user’s home folder, each user on a system gets their own container for your app. A given user’s container is created when that user first runs your app. The Application Group Container Directory In addition to per-app containers, beginning in OS X v10.7.4, an application can use entitlements to request access to a shared container that is common to multiple applications produced by the same development team. This container is intended for content that is not user-facing, such as shared caches or databases. Applicationsthat are members of an application group also gain the ability to share Mach and POSIX semaphores and to use certain other IPC mechanisms in conjunction with other group members. These group containers are automatically created or added into each app’s sandbox container as determined by the existence of these keys, and are stored in ~/Library/Group Containers/, where can be whatever name you choose. Your app can obtain the path to the group containers by calling the containerURLForSecurityApplicationGroupIdentifier: method of NSURL. For more details, see “Adding an Application to an Application Group” in Entitlement Key Reference . Powerbox and File System Access Outside of Your Container Your sandboxed app can access file system locations outside of its container in the following three ways: ● At the specific direction of the user App Sandbox in Depth Container Directories and File System Access 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 17● By using entitlements for specific file-system locations (described in “Entitlements and System Resource Access” (page 20)) ● When the file system location is in certain directories that are world readable The OS X security technology that interacts with the user to expand yoursandbox is called Powerbox. Powerbox has no API. Your app uses Powerbox transparently when you use the NSOpenPanel and NSSavePanel classes. You enable Powerbox by setting an entitlement using Xcode, as described in “Enabling User-Selected File Access” in Entitlement Key Reference . When you invoke an Open or Save dialog from your sandboxed app, the window that appears is presented not by AppKit but by Powerbox. Using Powerbox is automatic when you adopt App Sandbox—it requires no code change from the pre-sandbox version of your app. Accessory panelsthat you’ve implemented for opening or saving are faithfully rendered and used. Note: When you adopt App Sandbox, there are some important behavioral differences for the NSOpenPanel and NSSavePanel classes, described in “Open and Save Dialog Behavior with App Sandbox” (page 19). The security benefit provided by Powerbox is that it cannot be manipulated programmatically—specifically, there is no mechanism for hostile code to use Powerbox for accessing the file system. Only a user, by interacting with Open and Save dialogs via Powerbox, can use those dialogs to reach portions of the file system outside of your previously established sandbox. For example, if a user saves a new document, Powerbox expands your sandbox to give your app read/write access to the document. When a user of your app specifies they want to use a file or a folder, the system adds the associated path to your app’s sandbox. Say, for example, a user drags the ~/Documents folder onto your app’s Dock tile (or onto your app’s Finder icon, or into an open window of your app), thereby indicating they want to use that folder. In response, the system makes the ~/Documents folder, its contents, and its subfolders available to your app. If a user instead opens a specific file, or saves to a new file, the system makes the specified file, and that file alone, available to your app. In addition, the system automatically permits a sandboxed app to: ● Connect to system input methods ● Invoke services chosen by the user from the Services menu (only those services flagged as “safe” by the service provider are available to a sandboxed app) ● Open files chosen by the user from the Open Recent menu ● Participate with other apps by way of user-invoked copy and paste App Sandbox in Depth Container Directories and File System Access 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 18● Read files that are world readable, in certain directories, including the following directories: ● /bin ● /sbin ● /usr/bin ● /usr/lib ● /usr/sbin ● /usr/share ● /System After a user hasspecified a file they want to use, that file is within your app’ssandbox. The file isthen vulnerable to attack if your app is exploited by malicious code: App Sandbox provides no protection. To provide protection for the files within your sandbox, follow the recommendations in Secure Coding Guide . A critical aspect of following user intent is that throughout OS X, simulation or alteration of user input is not allowed. This has implications for assistive apps, as described in “Determine Whether Your App Is Suitable for Sandboxing” (page 27). By default, files opened or saved by the user remain within your sandbox until your app terminates, except for files that were open at the time that your app terminates. Such files reopen automatically by way of the OS X Resume feature the next time your app launches, and are automatically added back to your app’ssandbox. To provide persistent access to resources located outside of your container, in a way that doesn’t depend on Resume, use security-scoped bookmarks as explained in “Security-Scoped Bookmarks and Persistent Resource Access” (page 21). Open and Save Dialog Behavior with App Sandbox Certain NSOpenPanel and NSSavePanel methods behave differently when App Sandbox is enabled for your app: ● You cannot invoke the OK button using the ok: method. ● You cannot rewrite the user’sselection using the panel:userEnteredFilename:confirmed: method from the NSOpenSavePanelDelegate protocol. In addition, the effective, runtime inheritance path for the NSOpenPanel and NSSavePanel classesis different with App Sandbox, as illustrated in Table 2-2. App Sandbox in Depth Container Directories and File System Access 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 19Table 2-2 Open and Save class inheritance with App Sandbox Without App Sandbox NSOpenPanel : NSSavePanel : NSPanel : NSWindow : NSResponder : NSObject With App Sandbox NSOpenPanel : NSSavePanel : NSObject Because of this runtime difference, an NSOpenPanel or NSSavePanel object inherits fewer methods with App Sandbox. If you attempt to send a message to an NSOpenPanel or NSSavePanel object, and that method is defined in the NSPanel, NSWindow, or NSResponder classes, the system raises an exception. The Xcode compiler does not issue a warning or error to alert you to this runtime behavior. Entitlements and System Resource Access An app that is notsandboxed has accessto all user-accessible system resources—including the built-in camera and microphone, network sockets, printing, and most of the file system. If successfully attacked by malicious code, such an app can behave as a hostile agent with wide-ranging potential to inflict harm. When you enable App Sandbox for your app, you remove all but a minimalset of privileges and then deliberately restore them, one-by-one, using entitlements. An entitlement is a key-value pair that identifies a specific capability, such as the capability to open an outbound network socket. One special entitlement—Enable App Sandboxing—turns on App Sandbox. When you enable sandboxing, Xcode creates a .entitlements property list file and shows it in the project navigator. If your app requires a capability, request it by adding the corresponding entitlement to your Xcode project using the Summary tab of the target editor. If you don’t require a capability, take care to not include the corresponding entitlement. You request entitlements on a target-by-target basis. If your app has a single target—the main application—you request entitlements only forthat target. If you design your app to use a main application along with helpers (in the form of XPC services), you request entitlements individually, and as appropriate, for each target. You learn more about this in “XPC and Privilege Separation” (page 26). You may require finer-grained control over your app’s entitlements than is available in the Xcode target editor. For example, you might request a temporary exception entitlement because App Sandbox does not support a capability your app needs, such as the ability to send Apple events. To work with temporary exception entitlements, use the Xcode property list editor to edit a target’s .entitlements property list file directly. App Sandbox in Depth Entitlements and System Resource Access 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 20Note: If you request a temporary exception entitlement, be sure to follow the guidance regarding entitlements provided on the iTunes Connect website. In particular, use the Review Notes field in iTunes Connect to explain why your app needs the temporary exception. OS X App Sandbox entitlements are described in “Enabling App Sandbox” in Entitlement Key Reference . For a walk-through of requesting an entitlement for a target in an Xcode project,see “App Sandbox Quick Start” (page 8). Security-Scoped Bookmarks and Persistent Resource Access Your app’s access to file-system locations outside of its container—as granted to your app by way of user intent, such as through Powerbox—does not automatically persist across app launches or system restarts. When your app reopens, you have to start over. (The one exception to this is for files open at the time that your app terminates, which remain in your sandbox thanks to the OS X Resume feature). Starting in OS X v10.7.3, you can retain access to file-system resources by employing a security mechanism, known as security-scoped bookmarks, that preserves user intent. Here are a few examples of app features that can benefit from this: ● A user-selected download, processing, or output folder ● An image browser library file, which points to user-specified images at arbitrary locations ● A complex document format that supports embedded media stored in other locations Two Distinct Types of Security-Scoped Bookmark Security-scoped bookmarks, available starting in OS X v10.7.3, support two distinct use cases: ● An app-scoped bookmark provides your sandboxed app with persistent access to a user-specified file or folder. For example, if your app employs a download or processing folder that is outside of the app container, obtain initial access by presenting an NSOpenPanel dialog to obtain the user’s intent to use a specific folder. Then, create an app-scoped bookmark for that folder and store it as part of the app’s configuration (perhaps in a property list file or using the NSUserDefaults class). With the app-scoped bookmark, your app can obtain future access to the folder. ● A document-scoped bookmark provides a specific document with persistent access to a file. App Sandbox in Depth Security-Scoped Bookmarks and Persistent Resource Access 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 21For example, a code editor typically supports the notion of a project document that refers to other files and needs persistent access to those files. Other examples are an image browser or editor that maintains an image library, in which the library file needs persistent accessto the imagesit owns; or a word processor that supports embedded images, multimedia, or font files in its document format. In these cases, you configure the document format (of the project file, library file, word processing document, and so on) to be able to store security-scoped bookmarks to the files a document refers to. Obtain initial access to a referred item by asking for user intent to use that item. Then, create a document-scoped bookmark for the item and store the bookmark as part of the document’s data. A document-scoped bookmark can be resolved by any app that has access to the bookmark data itself and to the document that owns the bookmark. This supports portability, allowing a user, for example, to send a document to another user; the document’s secure bookmarks remain usable for the recipient. The document can be a flat file or a document distributed as a bundle. A document-scoped bookmark can point only to a file, not a folder, and only to a file that is not in a location used by the system (such as /private or /Library). Using Security-Scoped Bookmarks To use either type of security-scoped bookmark requires you to perform five steps: 1. Set the appropriate entitlement in the target that needs to use security-scoped bookmarks. Do this once per target as part of configuring your Xcode project. 2. Create a security-scoped bookmark. Do this when a user has indicated intent (such as via Powerbox) to use a file-system resource outside of your app’s container, and you want to preserve your app’s ability to access the resource. 3. Resolve the security-scoped bookmark. Do this when your app later (for example, after app relaunch) needs access to a resource you bookmarked in step 2. The result of this step is a security-scoped URL. 4. Explicitly indicate that you want to use the file-system resource whose URL you obtained in step 3. Do this immediately after obtaining the security-scoped URL (or, when you later want to regain access to the resource after having relinquished your access to it). 5. When done using the resource, explicitly indicate that you want to stop using it. Do this as soon as you know that you no longer need access to the resource (typically, after you close it). After you relinquish access to a file-system resource, to use that resource again you must return to step 4 (to again indicate you want to use the resource). If your app is relaunched, you must return to step 3 (to resolve the security-scoped bookmark). App Sandbox in Depth Security-Scoped Bookmarks and Persistent Resource Access 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 22The first step in the preceding list, requesting entitlements, is the prerequisite for using either type of security-scoped bookmark. Perform this step as follows: ● To use app-scoped bookmarksin a target,setthe com.apple.security.files.bookmarks.app-scope entitlement value to true. ● To use document-scoped bookmarks in a target, set the com.apple.security.files.bookmarks.document-scope entitlement value to true. You can request either or both of these entitlements in a target, as needed. These entitlements are available starting in OS X v10.7.3 and are described in “Enabling Security-Scoped Bookmark and URL Access” in Entitlement Key Reference . With the appropriate entitlements, you can create a security-scoped bookmark by calling the bookmarkDataWithOptions:includingResourceValuesForKeys:relativeToURL:error: method of the NSURL class (or its Core Foundation equivalent, the CFURLCreateBookmarkData function). When you later need access to a bookmarked resource, resolve its security-scoped bookmark by calling the the URLByResolvingBookmarkData:options:relativeToURL:bookmarkDataIsStale:error:method of the NSURL class (or its Core Foundation equivalent, the CFURLCreateByResolvingBookmarkData function). In a sandboxed app, you cannot access the file-system resource that a security-scoped URL points to until you call the startAccessingSecurityScopedResource method (or its Core Foundation equivalent, the CFURLStartAccessingSecurityScopedResource function) on the URL. When you no longer need access to a resource that you obtained using security scope (typically, after you close the resource) you must call the stopAccessingSecurityScopedResource method (or its Core Foundation equivalent, the CFURLStopAccessingSecurityScopedResource function) on the resource’s URL. Calls to start and stop access are nestable on a per-process basis. This means that if your app calls the start method on a URL twice, to fully relinquish access to the referenced resource you must call the corresponding stop method twice. If you call the stop method on a URL whose referenced resource you do not have access to, nothing happens. Warning: You must balance every call to the startAccessingSecurityScopedResource method with a corresponding call to the stopAccessingSecurityScopedResource method. If you fail to relinquish your access when you no longer need a file-system resource, your app leaks kernel resources. If sufficient kernel resources are leaked, your app loses its ability to add file-system locations to its sandbox, such as via Powerbox or security-scoped bookmarks, until relaunched. App Sandbox in Depth Security-Scoped Bookmarks and Persistent Resource Access 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 23For detailed descriptions of the methods, constants, and entitlementsto use for implementing security-scoped bookmarks in your app, read NSURL Class Reference or CFURL Reference , and read “Enabling Security-Scoped Bookmark and URL Access” in Entitlement Key Reference . App Sandbox and Code Signing After you enable App Sandbox and specify other entitlements for a target in your Xcode project, you must code sign the project. Take note of the distinction between how you set entitlements and how you set a code signing identity: ● Use the Xcode target editor to set entitlements on a target-by-target basis ● Use the Xcode project build settings to set the code signing identity for a project as a whole You must perform code signing because entitlements (including the special entitlement that enables App Sandbox) are built into an app’s code signature. From another perspective, an unsigned app is not sandboxed and has only default entitlements, regardless of settings you’ve applied in the Xcode target editor. OS X enforces a tie between an app’s container and the app’s code signature. This important security feature ensures that no other sandboxed app can access your container. The mechanism works as follows: After the system creates a container for an app, each time an app with the same bundle ID launches, the system checks that the app’s code signature matches a code signature expected by the container. If the system detects a mismatch, it prevents the app from launching. OS X’s enforcement of container integrity impacts your development and distribution cycle. This is because, in the course of creating and distributing an app, the app is code signed using various signatures. Here’s how the process works: 1. Before you create a project, you obtain two code signing certificatesfrom Apple: a development certificate and a distribution certificate. (To learn how to obtain code signing certificates, read “Creating Signing Certificates” in Tools Workflow Guide for Mac .) For development and testing, you sign your app with the development code signature. 2. When the Mac App Store distributes your app, it is signed with an Apple code signature. For testing and debugging, you may want to run both versions of your app: the version you sign and the version Apple signs. But OS X sees the Apple-signed version of your app as an intruder and won’t allow it to launch: Its code signature does not match the one expected by your app’s existing container. If you try to run the Apple-signed version of your app, you get a crash report containing a statement similar to this: App Sandbox in Depth App Sandbox and Code Signing 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 24Exception Type: EXC_BAD_INSTRUCTION (SIGILL) The solution is to adjust the access control list (ACL) on your app’s container to recognize the Apple-signed version of your app. Specifically, you add the designated code requirement of the Apple-signed version of your app to the app container’s ACL. To adjust an ACL to recognize an Apple-signed version of your app 1. Open Terminal (in /Applications/Utilities). 2. Open a Finder window that contains the Apple-signed version of your app. 3. In Terminal, enter the following command: asctl container acl add -file In place of the placeholder, substitute the path to the Apple-signed version of your app. Instead of manually typing the path, you can drag the app’s Finder icon to the Terminal window. The container’s ACL now includes the designated code requirements for both versions of your app. OS X then allows you to run either version of your app. You can use this same technique to share a container between (1) a version of an app that you initially signed with a self-generated code signature, such as the one you created in “App Sandbox Quick Start” (page 8), and (2) a later version that you signed with a development code signature from Apple. You can view the list of code requirements in a container’s ACL. For example, after adding the designated code requirement for the Apple-signed version of your app, you can confirm that the container’s ACL lists two permissible code requirements. To display the list of code requirements in a container’s ACL 1. Open Terminal (in /Applications/Utilities). 2. In Terminal, enter the following command: asctl container acl list -bundle In place of the placeholder,substitute the name of your app’s container directory. (The name of your app’s container directory is typically the same as your app’s bundle identifier.) App Sandbox in Depth App Sandbox and Code Signing 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 25For more information about working with App Sandbox container access control lists and their code requirements, read the man page for the asctl (App Sandbox control) tool. External Tools, XPC Services, and Privilege Separation Some app operations are more likely to be targets of malicious exploitation. Examples are the parsing of data received over a network, and the decoding of video frames. By using XPC, you can improve the effectiveness of the damage containment offered by App Sandbox by separating such potentially dangerous activities into their own address spaces. XPC is an OS X interprocess communication technology that complements App Sandbox by enabling privilege separation. Privilege separation, in turn, is a development strategy in which you divide an app into pieces according to the system resource access that each piece needs. The component pieces that you create are called XPC services. You create an XPC service as an individual target in your Xcode project. Each service gets its own sandbox—specifically, it gets its own container and its own set of entitlements. In addition, an XPC service that you include with your app is accessible only by your app. These advantages add up to making XPC the best technology for implementing privilege separation in an OS X app. By contrast, a child process created by using the posix_spawn function, by calling fork and exec (discouraged), or by using the NSTask class simply inherits the sandbox of the process that created it. You cannot configure a child process’s entitlements. For these reasons, child processes do not provide effective privilege separation. To use XPC with App Sandbox: ● Confer minimal privileges to each XPC service, according to its needs. ● Design the data transfers between the main app and each XPC service to be secure. ● Structure your app’s bundle appropriately. The life cycle of an XPC service, and its integration with Grand Central Dispatch (GCD), is managed entirely by the system. To obtain this support, you need only to structure your app’s bundle correctly. For more on XPC, see “Creating XPC Services” in Daemons and Services Programming Guide . App Sandbox in Depth External Tools, XPC Services, and Privilege Separation 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 26There’s a common, basic workflow for designing or converting an app for App Sandbox. The specific steps to take for your particular app, however, are as unique as your app. To create a work plan for adopting App Sandbox, use the process outlined here, along with the conceptual understanding you have from the earlier chapters in this document. Six Steps for Adopting App Sandbox The workflow to convert an OS X app to work in a sandbox typically consists of the following six steps: 1. Determine whether your app is suitable for sandboxing. 2. Design a development and distribution strategy. 3. Resolve API incompatibilities. 4. Apply the App Sandbox entitlements you need. 5. Add privilege separation using XPC. 6. Implement a migration strategy. Determine Whether Your App Is Suitable for Sandboxing Most OS X apps are fully compatible with App Sandbox. If you need behavior in your app that App Sandbox does not allow, consider an alternative approach. For example, if your app depends on hard-coded paths to locationsin the user’s home directory, consider the advantages of using Cocoa and Core Foundation path-finding APIs, which use the sandbox container instead. If you choose to not sandbox your app now, or if you determine that you need a temporary exception entitlement, use Apple’s bug reporting system to let Apple know what’s not working for you. Apple considers feature requests as it develops the OS X platform. Also, if you request a temporary exception, be sure to use the Review Notes field in iTunes Connect to explain why the exception is needed. The following app behaviors are incompatible with App Sandbox: ● Use of Authorization Services 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 27 Designing for App SandboxWith App Sandbox, you cannot do work with the functions described in Authorization Services C Reference . ● Use of accessibility APIs in assistive apps With App Sandbox, you can and should enable your app for accessibility, as described in Accessibility Overview for OS X . However, you cannot sandbox an assistive app such as a screen reader, and you cannot sandbox an app that controls another app. ● Sending Apple events to arbitrary apps With App Sandbox, you can receive Apple events and respond to Apple events, but you cannotsend Apple events to arbitrary apps. By using a temporary exception entitlement, you can enable the sending of Apple eventsto a list ofspecific apps that you specify, as described in Entitlement Key Reference . ● Sending user-info dictionaries in broadcast notifications to other tasks With App Sandbox, you cannot include a user-info dictionary when posting to an NSDistributedNotificationCenter object for messaging other tasks. (You can , as usual, include a user-info dictionary when messaging other parts of your app by way of posting to an NSNotificationCenter object.) ● Loading kernel extensions Loading of kernel extensions is prohibited with App Sandbox. ● Simulation of user input in Open and Save dialogs If your app depends on programmatically manipulating Open or Save dialogs to simulate or alter user input, your app is unsuitable for sandboxing. ● Setting preferences on other apps With App Sandbox, each app maintains its preferences inside its container. Your app has no access to the preferences of other apps. ● Configuring network settings With App Sandbox, your app cannot modify the system’s network configuration (whether with the System Configuration framework, the CoreWLAN framework, or other similar APIs) because doing so requires administrator privileges. ● Terminating other apps With App Sandbox, you cannot use the NSRunningApplication class to terminate other apps. Designing for App Sandbox Determine Whether Your App Is Suitable for Sandboxing 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 28Design a Development and Distribution Strategy During development, you may have occasion to run versions of your app that are signed with different code signatures. After you’ve run your app signed using one signature, the system won’t allow a second version of your app, signed with a second signature, to launch—unless you modify the app’s container. Be sure to understand how to handle this, as described in “App Sandbox and Code Signing” (page 24), as you design your development strategy. When a customer first launches a sandboxed version of your app, the system creates a container for your app. The access control list (ACL) for the container is established at that time, and the ACL istied to the code signature of that version of your app. The implication for you is that all future versions of the app that you distribute must use the same code signature. To learn how to obtain code signing certificatesfrom Apple, read “Creating Signing Certificates” in Tools Workflow Guide for Mac . Resolve API Incompatibilities If you are using OS X APIs in ways that were not intended, or in ways that expose user data to attack, you may encounter incompatibilities with App Sandbox. This section provides some examples of app design that are incompatible with App Sandbox and suggests what you can do instead. Opening, Saving, and Tracking Documents If you are managing documents using any technology other than the NSDocument class, you should convert to using this classto benefit from its built-in App Sandbox support. The NSDocument class automatically works with Powerbox. NSDocument also provides support for keeping documents within your sandbox if the user moves them using the Finder. Remember that the inheritance path of the NSOpenPanel and NSSavePanel classes is different when your app is sandboxed. See “Open and Save Dialog Behavior with App Sandbox” (page 19). If you don’t use the NSDocument class to manage your app’s documents, you can craft your own file-system support for App Sandbox by using the NSFileCoordinator class and the NSFilePresenter protocol. Retaining Access to File System Resources If your app depends on persistent access to file system resources outside of your app’s container, you need to adopt security-scoped bookmarks as described in “Security-Scoped Bookmarks and Persistent Resource Access” (page 21). Designing for App Sandbox Design a Development and Distribution Strategy 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 29Creating a Login Item for Your App To create a login item for your sandboxed app, use the SMLoginItemSetEnabled function (declared in ServiceManagement/SMLoginItem.h) as described in “Adding Login Items Using the Service Management Framework” in Daemons and Services Programming Guide . (With App Sandbox, you cannot create a login item using functions in the LSSharedFileList.h header file. For example, you cannot use the function LSSharedFileListInsertItemURL. Nor can you manipulate the state of launch services, such as by using the function LSRegisterURL.) Accessing User Data OS X path-finding APIs, above the POSIX layer, return paths relative to the container instead of relative to the user’s home directory. If your app, before you sandbox it, accesses locations in the user’s actual home directory (~) and you are using Cocoa or Core Foundation APIs, then, after you enable sandboxing, your path-finding code automatically uses your app’s container instead. For first launch of your sandboxed app, OS X automatically migrates your app’s main preferences file. If your app uses additional support files, perform a one-time migration of those files to the container, as described in “Migrating an App to a Sandbox” (page 33). If you are using a POSIX function such as getpwuid to obtain the path to the user’s actual home directory, consider instead using a Cocoa or Core Foundation symbol such as the NSHomeDirectory function. By using Cocoa or Core Foundation, you support the App Sandbox restriction against directly accessing the user’s home directory. If your app requires access to the user’s home directory in order to function, let Apple know about your needs using the Apple bug reporting system. In addition, be sure to follow the guidance regarding entitlements provided on the iTunes Connect website. Accessing Preferences of Other Apps Because App Sandbox directs path-finding APIs to the container for your app, reading or writing to the user’s preferencestakes place within the container. Preferencesfor othersandboxed apps are inaccessible. Preferences for appsthat are notsandboxed are placed in the ~/Library/Preferences directory, which is also inaccessible to your sandboxed app. If your app requires access to another app’s preferences in order to function—for example, if it requires access to the playlists that a user has defined for iTunes—let Apple know about your needs using the Apple bug reporting system. In addition, be sure to follow the guidance regarding entitlements provided on the iTunes Connect website. Designing for App Sandbox Resolve API Incompatibilities 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 30With these provisosin mind, you can use a path-based temporary exception entitlement to gain programmatic accessto the user’s ~/Library/Preferences folder. Use a read-only entitlement to avoid opening the user’s preferences to malicious exploitation. A POSIX function, such as getpwuid, can provide the file system path you need. For details on entitlements, see Entitlement Key Reference . Apply the App Sandbox Entitlements You Need To adopt App Sandbox for a target in an Xcode project, apply the value to the com.apple.security.app-sandbox entitlement key for that target. Do this in the Xcode target editor by selecting the Enable App Sandboxing checkbox. Apply other entitlements as needed. For a complete list, refer to Entitlement Key Reference . Important: App Sandbox protects user data most effectively when you minimize the entitlements you request. Take care not to request entitlements for privileges your app does not need. Consider whether making a change in your app could eliminate the need for an entitlement. Here’s a basic workflow to use to determine which entitlements you need: 1. Run your app and exercise its features. 2. In the Console app (available in /Applications/Utilities/), look for sandboxd violations in the All Messages system log query. Each such violation indicates that your app attempted to do something not allowed by your sandbox. Here’s what a sandboxd violation looks like in Console: 3:56:16 pm sandboxd: ([4928]) AppSandboxQuickS(4928) deny network-outbound 111.30.222.15:80 3:56:16 pm sandboxd: ([4928]) AppSandboxQuickS(4928) deny system-socket Click the paperclip icon to the right of a violation message to view the backtrace that shows what led to the violation. 3. For each sandboxd violation you find, determine how to resolve the problem. In same cases, a simple change to your app,such as using your Container instead of other file system locations,solvesthe problem. In other cases, applying an App Sandbox entitlement using the Xcode target editor is the best choice. 4. Using the Xcode target editor, enable the entitlement that you think will resolve the violation. 5. Run the app and exercise its features again. Either confirm that you have resolved the sandboxd violation, or investigate further. Designing for App Sandbox Apply the App Sandbox Entitlements You Need 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 31If you choose not to sandbox your app now or to use a temporary exception entitlement, use Apple’s bug reporting system to let Apple know about the issue you are encountering. Apple considers feature requests as it develops the OS X platform. Also, be sure use the Review Notes field in iTunes Connect to explain why the exception is needed. Add Privilege Separation Using XPC When developing for App Sandbox, look at your app’s behaviors in terms of privileges and access. Consider the potential benefitsto security and robustness ofseparating high-risk operationsinto their own XPC services. When you determine that a feature should be placed into an XPC service, do so by referring to “Creating XPC Services” in Daemons and Services Programming Guide . Implement a Migration Strategy Ensure that customers who are currently using a pre-sandbox version of your app experience a painless upgrade when they install the sandboxed version. For details on how to implement a container migration manifest, read “Migrating an App to a Sandbox” (page 33). Designing for App Sandbox Add Privilege Separation Using XPC 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 32An app that is not sandboxed places its support files in locations that are inaccessible to a sandboxed version of the same app. For example, the typical locations for support files are shown here: Path Description Legacy location ~/Library/Application Support// Sandbox location ~/Library/Containers//Data/Library/Application Support// As you can see, the sandbox location for the Application Support directory is within an app’s container—thus allowing the sandboxed app unrestricted read/write access to those files. If you previously distributed your app without sandboxing and you now want to provide a sandboxed version, you must move support files into their new, sandbox-accessible locations. Note: The system automatically migrates your app’s preferences file (~/Library/Preferences/com.yourCompany.YourApp.plist) on firstlaunch of yoursandboxed app. OS X provides support-file migration, on a per-user basis, when a user first launches the sandboxed version of your app. This support depends on a special property list file you create, called a container migration manifest. A container migration manifest consists of an array of strings that identify the support files and directories you want to migrate when a user first launches the sandboxed version of your app. The file’s name must be container-migration.plist. For each file or directory you specify for migration, you have a choice of allowing the system to place the item appropriately in your container, or explicitly specifying the destination location. OS X moves—it does not copy—the files and directories you specify in a container migration manifest. That is, the files and directories migrated into your app’s container no longer exist at their original locations. In addition, container migration is a one-way process: You are responsible for providing a way to undo it, should you need to do so during development or testing. The section “Undoing a Migration for Testing” (page 36) provides a suggestion about this. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 33 Migrating an App to a SandboxCreating a Container Migration Manifest To support migration of app support files when a user first launches the sandboxed version of your app, create a container migration manifest. To create and add a container migration manifest to an Xcode project 1. Add a property list file to the Xcode project. The Property List template is in the OS X “Resource” group in the file template dialog. Important: Be sure to name the file container-migration.plist spelled and lowercased exactly this way. 2. Add a Move property to the container migration manifest. The Move property is the lone top-level key in a container migration manifest. You add it to the empty file as follows: ● Right-click the empty editor for the new .plist file, then choose Add Row. ● In the Key column, enter Move as the name of the key. You must use this exact casing and spelling. ● In the Type column, choose Array. 3. Add a string to the Move array for the first file or folder you want to migrate. For example, suppose you want to migrate your Application Support directory (along with its contained files and subdirectories) to your container. If your directory is called App Sandbox Quick Start and is currently within the ~/Library/Application Support directory, use the following string as the value for the new property list item: ${ApplicationSupport}/App Sandbox Quick Start No trailing slash character is required, and space characters are permitted. The search-path constant in the path is equivalent to ~/Library/Application Support. This constant is described, along with other commonly used directories, in “Use Variables to Specify Support-File Directories” (page 37). Similarly, add additional strings to identify the original (before sandboxing) paths of additional files or folders you want to migrate. Migrating an App to a Sandbox Creating a Container Migration Manifest 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 34When you specify a directory to be moved, keep in mind that the move is recursive—it includes all the subdirectories and files within the directory you specify. Before you first test a migration manifest, provide a way to undo the migration, such as suggested in “Undoing a Migration for Testing” (page 36). To test a container migration manifest 1. In the Finder, open two windows as follows: ● In one window, view the contents of the ~/Library/Containers/ directory. ● In the other window, view the contents of the directory containing the support files named in the container migration manifest—that is, the files you want to migrate. 2. Build and run the Xcode project. Upon successful migration, the support files disappear from the original (nonsandbox) directory and appear in your app’s container. If you want to alter the arrangement ofsupport files during migration, use a slightly more complicated .plist structure. Specifically, for a file or directory whose migration destination you want to control, provide both a starting and an ending path. The ending path is relative to the Data directory in your container. In specifying an ending path, you can use any of the search-path constants described in “Use Variablesto Specify Support-File Directories” (page 37). If your destination path specifies a custom directory (one that isn’t part of a standard container), the system creates the directory during migration. The following task assumes that you’re using the Xcode property list editor and working with the container migration manifest you created earlier in this chapter. To control the destination of a migrated file or directory 1. In the container migration manifest, add a new item to the Move array. 2. In the Type column, choose Array. 3. Add two strings as children of the new array item. 4. In the top string of the pair, specify the origin path of the file or directory you want to migrate. 5. In the bottom string of the pair, specify the destination (sandbox) custom path for the file or directory you want to migrate. Migrating an App to a Sandbox Creating a Container Migration Manifest 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 35File migration proceeds from top-to-bottom through the container migration manifest. Take care to list items in an order that works. For example,suppose you want to move your entire Application Support directory as-is, except for one file. You want that file to go into a new directory parallel to Application Support in the container. For this approach to work, you must specify the individual file move before you specify the move of the Application Support directory—that is, specify the individual file move higher in the container migration manifest. (If Application Support were specified to be moved first, the individual file would no longer be at its original location at the time the migration process attempted to move it to its new, custom location in the container.) Undoing a Migration for Testing When testing migration of support files, you may find it necessary to perform migration more than once. To support this, you need a way to restore your starting directory structures—that is, the structures as they exist prior to migration. One way to do this is to make a copy of the directories to migrate, before you perform a first migration. Save this copy in a location unaffected by the migration manifest. The following task assumes you have created this sort of backup copy. To manually undo a container migration for testing purposes 1. Manually copy the files and directories—those specified in the manifest—from your backup copy to their original (premigration) locations. 2. Delete your app’s container. The next time you launch the app, the system recreates the container and migrates the support files according to the current version of the container migration manifest. An Example Container Migration Manifest Listing 4-1 shows an example manifest as viewed in a text editor. Listing 4-1 An example container migration manifest Migrating an App to a Sandbox Undoing a Migration for Testing 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 36 Move ${Library}/MyApp/MyConfiguration.plist ${Library}/MyApp/MyDataStore.xml ${ApplicationSupport}/MyApp/MyDataStore.xml This manifest specifies the migration of two items from the user’s Library directory to the app’s container. For the first item, MyConfiguration.plist, only the origin path is specified, leaving it to the migration process to place the file appropriately. For the second item, MyDataStore.xml, both an origin and a custom destination path are specified. The ${Library} and ${ApplicationSupport} portions of the paths are variables you can use as a convenience. For a list of variables you can use in a container migration manifest, see “Use Variables to Specify Support-File Directories” (page 37). Use Variables to Specify Support-File Directories When you specify a path in a container migration manifest, you can use certain variables that correspond to commonly used support file directories. These variables work in origin and destination paths, but the path that a variable resolves to depends on the context. Refer to Table 4-1. Table 4-1 How system directory variables resolve depending on context Context Variable resolves to Origin path Home-relative path (relative to the ~ directory) Destination path Container-relative path (relative to the Data directory in the container) Migrating an App to a Sandbox Use Variables to Specify Support-File Directories 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 37The variables you can use for specifying support-file directories are described in Table 4-2 (page 38). For an example of how to use these variables, see Listing 4-1 (page 36). You can also use a special variable that resolves to your app’s bundle identifier, allowing you to conveniently incorporate it into an origin or destination path. This variable is ${BundleId}. Table 4-2 Variables for support-file directories Variable Directory The directory containing application support files. Corresponds to the NSApplicationSupportDirectory search-path constant. ${ApplicationSupport} The directory containing the user’s autosaved documents. Corresponds to the NSAutosavedInformationDirectory search-path constant. ${AutosavedInformation} The directory containing discardable cache files. Corresponds to the NSCachesDirectory search-path constant. ${Caches} Each variable correspondsto the directory containing the user’s documents. Corresponds to the NSDocumentDirectory search-path constant. ${Document} ${Documents} The current user’s home directory. Corresponds to the directory returned by the NSHomeDirectory function. When in a destination path in a manifest, resolves to the Container directory. ${Home} The directory containing application-related support and configuration files. Corresponds to the NSLibraryDirectory search-path constant. ${Library} Migrating an App to a Sandbox Use Variables to Specify Support-File Directories 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 38This table describes the changes to App Sandbox Design Guide . Date Notes 2012-09-19 Clarified information about launching external tools. 2012-07-23 Added an explanation of app group containers. Improved the explanation of security-scoped bookmarks in “Security-Scoped Bookmarks and Persistent Resource Access” (page 21); updated that section for OS X v10.7.4. 2012-05-14 Added a brief section in the “Designing for App Sandbox” chapter: “Retaining Access to File System Resources” (page 29). Improved the discussion in “Opening, Saving, and Tracking Documents” (page 29), adding information about using file coordinators. Corrected the information in “Creating a Login Item for Your App” (page 30). Improved explanation ofsecurity-scoped bookmarksin “Security-Scoped Bookmarks and Persistent Resource Access” (page 21). 2012-03-14 Clarified the explanation of the container directory in “The App Sandbox Container Directory” (page 16) Updated for OS X v10.7.3, including an explanation of how to use security-scoped bookmarks. 2012-02-16 Added a section explaining how to provide persistent accessto file-system resources, “Security-Scoped Bookmarks and Persistent Resource Access” (page 21). 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 39 Document Revision HistoryDate Notes Expanded the discussion in “Powerbox and File System Access Outside of Your Container” (page 17) to better explain how user actions expand your app’s file system access. Added a section detailing the changes in behavior of Open and Save dialogs, “Open and Save Dialog Behavior with App Sandbox” (page 19). New document that explains Apple's security technology for damage containment, and how to use it. 2011-09-27 Portions of this document were previously published in Code Signing and Application Sandboxing Guide . Document Revision History 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 40Apple Inc. © 2012 Apple Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrievalsystem, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Apple Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Apple’s copyright notice. No licenses, express or implied, are granted with respect to any of the technology described in this document. Apple retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Apple-labeled computers. Apple Inc. 1 Infinite Loop Cupertino, CA 95014 408-996-1010 Apple, the Apple logo, Cocoa, Finder, iTunes, Keychain, Mac, OS X, Sand, and Xcode are trademarks of Apple Inc., registered in the U.S. and other countries. QuickStart is a trademark of Apple Inc. iCloud is a service mark of Apple Inc., registered in the U.S. and other countries. App Store and Mac App Store are service marks of Apple Inc. iOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license. Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.ASARESULT, THISDOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL,OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state. iTunes Connect Sales and Trends Guide App Store  Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 1Apple Inc. © 2012 Apple Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Apple Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Apple’s copyright notice. The Apple logo is a trademark of Apple Inc. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. No licenses, express or implied, are granted with respect to any of the technology described in this document. Apple retains all intellectual property rights associated with the technology described in this document. This document is intended to assist partners in understanding the Sales and Trends module of iTunes Connect. Every effort has been made to ensure that the information in this document is accurate. Apple is not responsible for typographical errors. Apple Inc. 1 Infinite Loop Cupertino, CA 95014 408-996-1010 Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE. AS A RESULT, THIS DOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 2Contents 1. Getting Started 4 2. Navigating and Viewing Your Sales and Trends Data 5 2.1. Dashboard View 6 2.2. Sales View 11 3. Downloading, Reading and Understanding Sales and Trends Data 13 3.1. Downloading Reports 13 3.2. Auto-Ingest Tool 14 3.3. Reading Reports 16 3.4. Understanding Units 18 4. Contact Us 19 Appendix A - Sales Report Field Definitions 20 Appendix B - Opt-In Report Field Definitions 21 Appendix C - Apple Fiscal Calendar 22 Appendix D - Definition of Day and Week 23 Appendix E – Product Type Identifiers 24 Appendix F – Country Codes 25 Appendix G – Promotional Codes 26 Appendix H – Currency Codes 27 Appendix I - Subscription and Period Field Values 28 Appendix J - FAQs 29 Appendix K - Sample Sales Report 30 Appendix L – Other Uses 32 Appendix M - Newsstand Report Field Definitions 33 Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 31. Getting Started iTunes Connect can be accessed at http://itunesconnect.apple.com. Once you login, you will be presented with the Welcome page below, which contains notifications at the top and module links to help you navigate through iTunes Connect. The Welcome page you will see is based on the modules applicable to you and may be different from what is shown below. This guide is primarily intended to cover the Sales and Trends module. The initial user who entered into the program license agreement has the “Admin” role, which provides access to all modules, including the ability to add other “Admin” users (using the Manage Users module). The “Admin” users associated with your account are expected to manage (add, modify, and delete) your users based on your needs. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 42. Navigating and Viewing Your Sales and Trends Data The iTunes Connect Sales and Trends module allows you to interact with your sales data in various ways: ■ A summary that provides total units, percent differences, graphs, top selling content and largest market information (Dashboard view). ■ Previews that provide the top 50 transactions of sales aggregated at the title level in descending sorted order (Sales view). ■ Download full transaction reports for import and further analysis (Sales view). When you are ready to access the Sales and Trends module, click on the following link located on the Welcome page: Upon selecting the Sales and Trends module, you will be taken to the Dashboard view. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 52.1. Dashboard View The Dashboard will load and display the most recent daily data available. The following identifies the various components of the dashboard. The “Selection” controls located above the graph allow you to change the information displayed. Vendor Selection The Vendor Selection display lists the legal entity name for the Sales and Trends that you are viewing. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 6View Selection The View Selection allows you to switch between different views. In addition to the Dashboard view, you can toggle to the Sales view (the Sales view is covered in section 2.2). Period Selection You can choose the type (daily or weekly), as well as the period of interest. The date menu will display all periods available up to the last 13 weeks or 14 days. Category Selection You can choose the specific category you wish to view in the Dashboard if you sell more than one type of content (i.e. iOS and MacOS). Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 7Type Selection You can choose the specific type of content within a category to view in the Dashboard’s graph, Top Products and Top Markets. The available types are the same for both the iOS and MacOS category. Refer to Appendix E for the complete product breakdown by product type. Graph Selection You can choose between a line graph and bar graph by clicking on the graph buttons located on the right top corner of the graph. Graph The data displayed in the graph is based on the period (specific day or week), category and type selected. When you hover over a specific day or week in the graph (bar or line), the date, number of units and type will be displayed. The following displays the graph for the period of August 30, 2010 and the Free Apps category while mousing over the August 30, 2010 bar. When viewing daily reports, the graph will also display the percentage change from the same day in the prior period. In the graph above you see the percentage change of free apps sold on 8/30 (Monday) to those sold on 8/24 (Monday of prior week) based on units. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 8Top Products Display The Top Products display is based on the period (specific day or week), category (iOS or Mac OS) and the type (Free Apps, Paid Apps, In Apps, Updates) selected. The section provides a summary of net units at the Product level. A Product can be reported as separate lines in your reports due to differences such as territories but will be reported as combined in terms of units in this display since the units are aggregated at the Product level world-wide based on unique product identifier. The “Change” column in the display shows units and percentage change from the prior period (selected day over same day of the prior week, or selected week over prior week). Top Markets Display The Top Markets display is based on the period (specific day or week), category (iOS and Mac OS) and the type (e.g. Free Apps) selected. This section provides a summary of net units for all products at the country (iTunes Storefront) level. The “Change” column in the display shows units and percentage change from the prior period (selected day over same day of the prior week, or selected week over prior week). See Appendix F for iTunes Storefront listing. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 9Resources At the bottom left of all pages you will find three links: ■ Fiscal Calendar - Opens a new window that displays Apple’s fiscal calendar ■ User Guide - Provides the most current version of this guide ■ Mobile Guide - Provides the user guide for the iTC Mobile Application. Done Button The “Done” button at the bottom right of all pages takes you to the Dashboard from the Sales view, and to the iTunes Connect Welcome page from the Dashboard. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 102.2. Sales View The Sales view allows you to analyze at the specific content level. You can preview the Top 50 products delivered based on transaction volume summarized and sorted descending by Units, and can download the available daily and weekly reports for additional information about all your transactions. You can also download detailed Newsstand reports or contact information for customers that have elected to “opt-in” when purchasing an In-App Purchase subscription. The following is an example of the Sales view. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 11Understanding The Sales Preview When you land on the Sales view, the Period presented is the latest daily data available. Using the Period Selection menu, you can preview all available daily and weekly data for all content types in all categories. Once you have selected a period, the Preview will be displayed. The Preview summarizes the data based on the columns displayed, including any promotional transactions indicated with (Promo Indicator). You can hover over the Promo Indicator to see the type of promotion. See Appendix G for Promotional Codes. Autorenewable subscription transactions are indicated with (Subscription Indicator). The preview functionality does not contain the full report. To view or analyze all transactions you must download the full reports. The previews summarize data differently than the reports based on the information available (i.e. the preview may summarize sales at a higher level as the downloaded report has more fields to consider). Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 123. Downloading, Reading and Understanding Sales and Trends Data 3.1. Downloading Reports You may download the Sales reports from the respective Sales view. To download a report (tab delimited zipped text file), you must select a report period (day of week or week ended) and press the download button to the right of the period selection menu. For a complete listing of fields please see Appendix A, B and M. If you are using Mac OS X the reports will automatically open when downloaded. If you are using a Windows OS you will need to download an application (for example WinZip) to decompress the “.gz” file prior to use. You can then import the tab delimited text file to a database or spreadsheet application (Numbers, MS Excel) and analyze or manipulate your data as needed. Weekly reports cover Monday through Sunday and are available on Mondays. The daily reports represent the 24 hour period in the time zone of the respective storefront (territory). Please refer to Appendix D for the definition of Day and Week. We do not store or regenerate the data after the periods have expired (14 rolling days and 13 rolling weeks); you will need to download and store this data on a regular basis if you intend to use it in the future. Downloading Customer Opt-In Information If your apps have auto-renewable subscriptions, you can download contact information for customers who have elected to “opt-in” to personal information sharing. To download the report (tab delimited zipped text file), you must select a weekly report period and click Opt-In Report next to Download Report. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 13To open the encrypted .zip file that is downloaded, you need to use the Opt-In Passkey. To obtain the Opt-In Passkey, click the Opt-In Passkey button in the upper right of the screen. The passkey will be displayed in a lightbox. Copy and paste this value to use it to unpack the .zip file and access the Opt-In Report. You will need to use a decompression tool like Stuff-It Expander or Winzip to open the encrypted file once you have downloaded it. Downloading Newsstand Reports If you have one or more Newsstand apps available for sale, you can download Newsstand reports by clicking Newsstand Detailed. Newsstand reports are also available via auto-ingest. 3.2. Auto-Ingest Tool Apple provides access to a Java based tool to allow you to automate the download of your iTunes Connect Sales and Trends reports. To use the auto-ingest tool, configuration on your part will be required. This tool allows you to automate the retrieval of: •Daily Summary Reports •Weekly Summary Reports •Opt-In Reports •Newsstand Reports As new reports become available we will modify and redeliver the java package or new parameters to use to download new products (i.e. we will modify the script for new features). We will communicate both the anticipated date of the report release and the date that the tool will be able to retrieve reports. You may not alter or disseminate the auto-ingest tool for any reason. We reserve the right to revoke access for usage or distribution beyond its intended use. Auto-Ingest Instructions You must have Java installed on the machine where you are running the auto-ingest tool. The tool will work as expected with Java version 1.6 or above. Follow the steps below to setup the environment for auto-ingestion: Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 141. Download and save the file Autoingestion.class to the directory where you want the reports delivered. http://www.apple.com/itunesnews/docs/Autoingestion.class.zip 2. To run the Java class file, change the command line directory to the directory where the class file is stored. 3. Invoke the following from the command line: java Autoingestion All items contained within “< >” are variable and will require you to define them. Of the 7 parameters only the date is optional. If you do not put a date in the parameter we will provide you the latest available report (the other parameters are mandatory). You will need to delimit the parameters with a space. Parameters Definitions Variable Value Notes username Your user name The user name you use to log into iTunes Connect password Your password The password you use to log into iTunes Connect vendorid 8####### (your unique number) Vendor ID for the entity which you want to download the report report_type Sales or Newsstand This is the report type you want to download. date_type Daily or Weekly Selecting Weekly will provide you the Weekly version of the report. Selecting Daily will provide you the Daily version of the report. report_subtype Summary, Detailed or Opt-In This is the parameter for the Sales Reports. Note: Detailed can only be used for Newsstand reports. Date (optional) YYYYMMDD This is the date of report you are requesting. If the value for Date parameter is not provided, you will get the latest report available. Example: You access iTunes Connect with user name “john@xyz.com” and your password is “letmein” for company 80012345, and you want to download a sales - daily - summary report for February 4, 2010. You will need to invoke the job by running the following command from the directory where the class file is stored: java Autoingestion john@xyz.com letmein 80012345 Sales Daily Summary 20100204 Newsstand Reports via Auto-Ingest If you are using auto-ingest, you can create the reports using the following auto-ingest parameters: Daily java Autoingestion Newsstand Daily Detailed java Autoingestion N D D java Autoingestion 5 2 1 Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 15Weekly java Autoingestion Newsstand Weekly Detailed java Autoingestion N W D java Autoingestion 5 1 1 3.3. Reading Reports Report File Names The file names for downloaded reports follow a standard naming convention. Please refer to the matrix below for details. Report Data Report Type Reporting Range Naming Convention Description Sales Summary Daily S_D__ Example: S_D_80000000_20111104 The first letter identifies that the report provides Sales data at a Summary level. Second letter denotes that it is a Daily report. This is followed by the Vendor Account Number and the Date of reporting data ('YYYYMMDD'). Sales Summary Weekly S_W__ Example: S_W_80000000_20111104 The first letter identifies that the report provides Sales data at a Summary level. Second letter denotes that it is a Weekly report. This is followed by the Vendor Account Number and the Date of reporting data ('YYYYMMDD'). Opt_in Summary Weekly O_S_W__ Example: O_S_W_80000000_20111104 The first and second letters identify that the report provides customer Opt-in data at a Summary level. The third letter identifies that it is a Weekly report. This is followed by the Vendor Account Number and the Date of reporting data ('YYYYMMDD'). Newsstand Detailed Daily N_D_D__ Example: N_D_D_80000000_20111104 The first and second letters identify that the report provides customer Newsstand data at a Detailed level. The third letter identifies that it is a Daily report. This is followed by the Vendor Account Number and the Date of reporting data ('YYYYMMDD'). Newsstand Detailed Weekly N_D_W__ Example: N_D_W_80000000_20111104 The first and second letters identify that the report provides customer Newsstand data at a Detailed level. The third letter identifies that it is a Weekly report. This is followed by the Vendor Account Number and the Date of reporting data ('YYYYMMDD'). Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 16Report Field Names All reports have a header row which contains the field names of each column. The reports present transactions that can be tracked with your SKU and/or the Apple Identifier. For a complete listing of fields please see Appendix A, B and M. Key Field Mapping The following table and screenshots will help you understand which fields in the report were setup by you in iTunes Connect and where they are in the App Store: Reference Field Name In Report Field in iTunes Connect Field in App Store 1 Developer Company Name Displayed after genre 2 Title App Name Displayed at top of product page 3 SKU SKU Number Not displayed on App Store Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 17Apple Identifier The Apple Identifier is the unique product identifier assigned by Apple. It is always included in each row of your sales reports. We recommend you provide the Apple Identifier of your app whenever you contact us for support so that your request can be expedited. You can also access the Apple Identifier by using the links in the App Store: The menu will offer an option for “Copy Link”. The link will look like the link below. The string of numbers highlighted is the Apple Identifier of the app. http://itunes.apple.com/us/app/remote/id284417350?mt=85 3.4. Understanding Units The reports are designed to provide valuable information about the activity of your product on the App Store. This can result in many lines for a given product. For each product with a unique Apple Identifier and SKU, units are split by: ■ Storefront / Country Code (US, UK) ■ Sales vs. Refunds ■ Product Type ■ Price ■ Promo Code ■ App Version Here are some examples of how units are grouped and displayed in both Preview and downloaded reports. Example 1: If you have one product and you are selling the product in the US, you will see 1 row (1 for US sales) assuming there are no refunds, price changes and promo codes during the period. Example 2: If you are selling 30 products in the US, and 10 of the products have refunds, then the preview and the downloaded report will have 40 rows and you will see a row for sales and a row for refunds. Example 3: If you are selling 30 products in the US, and 5 products have a price change in the middle of the week, then your full report and your previews will have 35 rows and you will see 2 lines per app with a price change. Example 4: If 10 new customers purchase your app and 10 existing customers update to the latest version of your app in the US, then your preview and downloaded report will have 1 row for purchases and 1 row for updates. Example 5: If 10 customers purchase version 1.1 of your product in the US, and those customers then update to version 1.2 of the same product, then your preview and downloaded report will have 2 rows, 1 row for purchases of version 1.1 and 1 row for updates to version 1.2. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 184. Contact Us If you have any questions or have difficulties viewing or downloading your sales and trends information, please do not hesitate to contact us. The easiest way to ensure your request is routed correctly is to use the Contact Us module. A Contact Us link is available on all pages as part of the footer. You can also find the Contact Us module on the iTunes Connect Homepage: The link will take you to a page that allows you to select the topic you need help with and will ask a series of questions and provide answers where available. For Sales and Trends inquiries, select the “Sales and Trends” topic. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 19Appendix A - Sales Report Field Definitions The definitions apply to Daily and Weekly Reports. Report Field Report Data Type Values Notes Provider CHAR(5) - APPLE Up to 5 Characters The service provider in your reports will typically be Apple Provider Country CHAR(2) - US Up to 2 Characters The service provider country code will typically be US SKU VARCHAR(100) Up to 100 Characters This is a product identifier provided by you when the app is set up ∇ Developer VARCHAR(4000) Up to 4000 Characters You provided this on initial setup . ∇ Title VARCHAR(600) Up to 600 Characters You provided this when setting up the app ∇ Version VARCHAR(100) Up to 100 Characters You provided this when setting up the app ∇ Product Type Identifier VARCHAR(20) Up to 20 Characters This field defines the type of transaction (e.g. initial download, update, etc) – See Appendix E Units DECIMAL(18,2) Up to 18 Characters This is the aggregated number of units Developer Proceeds (per item) DECIMAL(18,2) Up to 18 Characters Your proceeds for each item delivered Begin Date Date Date in MM/DD/YYYY Date of beginning of report End Date Date Date in MM/DD/YYYY Date of end of report Customer Currency CHAR(3) Up to 3 Characters Three character ISO code indicates the currency the customer paid in - See Appendix H Country Code CHAR(2) Up to 2 Characters Two character ISO country code indicates what App Store the purchase occurred in – See Appendix F Currency of Proceeds CHAR(3) Up to 3 Characters Currency your proceeds are earned in – See Appendix H Apple Identifier DECIMAL(18,0) Up to 18 Characters This is Apple's unique identifier. If you have questions about a product, it is best to include this identifier. Customer Price DECIMAL(18,2) Up to 18 Characters Retail Price displayed on the App Store and charged to the customer. Promo Code VARCHAR(10) Up to 10 Characters If the transaction was part of a promotion this field will contain a value. For all non-promotional items this field will be blank - See Appendix G Parent Identifier VARCHAR(100) Up to 100 Characters For In-App Purchases this will be populated with the SKU from the originating app. Subscription VARCHAR(10) Up to 10 Characters This field defines whether an autorenewable subscription purchase is a new purchase or a renewal. See Appendix I. Period VARCHAR(30) Up to 30 Characters This field defines the duration of an auto-renewable subscription purchase. See Appendix I. ∇ Apple generally does not modify this field. What you provided when setting up your app is passed through on the report. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 20Appendix B - Opt-In Report Field Definitions The definitions apply to Weekly Opt-In Reports. Report Field Report Data Type Values Notes First Name VARCHAR(100) Up to 100 Characters First Name of Customer Last Name VARCHAR(100) Up to 100 Characters Last Name of Customer Email Address VARCHAR(100) Up to 100 Characters Email Address of Customer Postal Code VARCHAR(50) Up to 50 Characters Postal Code of Customer Apple Identifier DECIMAL(18,0) Up to 18 Characters This is Apple's unique identifier. If you have questions about a product, it is best to include this identifier. Report Start Date DATE Date in MM/DD/YYYY Date of beginning of report Report End Date DATE Date in MM/DD/YYYY Date of end of report Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 21Appendix C - Apple Fiscal Calendar Monthly Financial Reports are based on Apple’s reporting calendar shown below. Months represent either four (4) or five (5) weeks (the first month of each quarter has an extra week) and the weeks run from Sunday through Saturday. All months start on Sunday and end on Saturday. Monthly reports are also distributed on iTunes Connect and available based on the contractually agreed timeframes. Sales and Trends reports are generated using different time frames and represent near immediate feedback of transactions. Finance Reports are based on customer invoicing and financial processing. Reconciliation between the reports is not recommended due to the timing and reporting differences. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 22Appendix D - Definition of Day and Week What is a Day? 12:00:00 AM to 11:59:59 PM in the time zone used for that territory (see table below). What is a Week? Monday 12:00:00 AM to Sunday 11:59:59 PM What time is the report date based on? Territory Time Zone US, Canada, Latin America Pacific Time (PT) Europe, Middle East, Africa, Asia Pacific Central Europe Time (CET) Japan Japan Standard Time (JST) Australia, New Zealand Western Standard Time (WST) When are reports available? Reports are generated after the close of business in the final time zone (which is PT). As such, all reports are generally available by 8:00 AM PT for the prior day or week. Earlier access to reporting for other time zones (where the close of business is earlier) is not available. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 23Appendix E – Product Type Identifiers Product Type Identifier Type Description 1 Free or Paid Apps iPhone and iPod Touch, iOS 7 Updates iPhone and iPod Touch, iOS IA1 In Apps Purchase, iOS IA9 In Apps Subscription, iOS IAY In Apps Auto-Renewable Subscription, iOS IAC In Apps Free Subscription, iOS 1F Free or Paid Apps Universal, iOS 7F Updates Universal, iOS 1T Free or Paid Apps iPad, iOS 7T Updates iPad, iOS F1 Free or Paid Apps Mac OS F7 Updates Mac OS FI1 In Apps Mac OS 1E Paid Apps Custom iPhone and iPod Touch, iOS 1EP Paid Apps Custom iPad, iOS 1EU Paid Apps Custom Universal, iOS Dashboard Types Type Product Type Identifier Description Free Apps 1, 1F, 1T, F1 Where price = ‘0’ Paid Apps 1, 1F, 1T, F1 Where price > ‘0’ In Apps IA1, IA9, IAY. FI1 Updates 7, 7F, 7T, F7 Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 24Appendix F – Country Codes Country Code Country Name Country Code Country Name Country Code Country Name AE United Arab Emirates GD Grenada NG Nigeria AG Antigua and Barbuda GH Ghana NI Nicaragua AI Anguilla GR Greece NL Netherlands AM Armenia GT Guatemala NO Norway AO Angola GY Guyana NZ New Zealand AR Argentina HK Hong Kong OM Oman AT Austria HN Honduras PA Panama AU Australia HR Croatia PE Peru AZ Azerbaijan HU Hungary PH Philippines BB Barbados ID Indonesia PK Pakistan BE Belgium IE Ireland PL Poland BG Bulgaria IL Israel PT Portugal BH Bahrain IN India PY Paraguay BM Bermuda IS Iceland QA Qatar BN Brunei IT Italy RO Romania BO Bolivia JM Jamaica RU Russia BR Brazil JO Jordan SA Saudi Arabia BS Bahamas JP Japan SE Sweden BW Botswana KE Kenya SG Singapore BY Belarus KN St. Kitts and Nevis SI Slovenia BZ Belize KR Republic Of Korea SK Slovakia CA Canada KW Kuwait SN Senegal CH Switzerland KY Cayman Islands SR Suriname CL Chile KZ Kazakstan SV El Salvador CN China LB Lebanon TC Turks and Caicos CO Colombia LC St. Lucia TH Thailand CR Costa Rica LK Sri Lanka TN Tunisia CY Cyprus LT Lithuania TR Turkey CZ Czech Republic LU Luxembourg TT Trinidad and Tobago DE Germany LV Latvia TW Taiwan DK Denmark MD Republic Of Moldova TZ Tanzania DM Dominica MG Madagascar UG Uganda DO Dominican Republic MK Macedonia US United States DZ Algeria ML Mali UY Uruguay EC Ecuador MO Macau UZ Uzbekistan EE Estonia MS Montserrat VC St. Vincent and The Grenadines EG Egypt MT Malta VE Venezuela ES Spain MU Mauritius VG British Virgin Islands FI Finland MX Mexico VN Vietnam FR France MY Malaysia YE Yemen GB United Kingdom NE Niger ZA South Africa Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 25Appendix G – Promotional Codes The promo code field contains different values depending on the type of promotion. The following definitions describe the possible values that may appear in the field other than null (null means the item is a standard transaction). Only one value is possible per line in the report: Promo Code Description CR - RW Promotional codes where the proceeds have been waived (The customer price will be 0 and the proceeds will be 0). These transactions are the result of iTunes Connect Developer Code redemptions. GP Purchase of a Gift by the giver GR Redemption of a Gift by the receiver EDU Education Store transaction Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 26Appendix H – Currency Codes Currency Code Currency Country AUD Australian Dollar CAD Canadian Dollar CHF Swiss Franc DKK Danish Kroner EUR European Euro GBP British Pound JPY Japanese Yen MXN Mexican Peso NOK Norwegian Kroner NZD New Zealand Dollar SEK Swedish Kronor USD United States Dollar Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 27Appendix I - Subscription and Period Field Values The Subscription field indicates whether the auto-renewable subscription purchase is a new purchase or a renewal. Subscription Field Value New Renewal The Period field indicates the duration of the auto-renewable subscription purchase or renewal. Period Field Value 7 Days 1 Month 2 Months 3 Months 6 Months 1 Year Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 28Appendix J - FAQs What does each column represent in my reports? Please refer to Appendix A and B. I am seeing differences between Financial Reports and Sales and Trends reports, why? The daily and weekly reports are based on customer interaction (clicks) and are coming from real-time systems while the monthly reports are based on settled financial transactions and are coming from our financial systems. There are intentional differences in processing and time-frames between those two types of reports. For example, the weekly reports are from Monday to Sunday, while the Financial Reports are based on the Apple Fiscal Calendar and always end on Saturday. Reconciliation between the reports is not recommended due to the timing and reporting differences. Do weekly reports reconcile with the daily reports? Yes. Both daily and weekly reports are coming from the same system and they are based on customer interaction (clicks). They will reconcile. I see a high volume of sales for a short period of time (could be up to a week) and the sales drop down, what does this mean? It is very common that some items get a high amount of sales for a short period of time and the numbers get back to normal. It is generally due to a particular promotion related with a web blog or a sales campaign that includes an item that might be associated with iTunes or the content. There is also a very common case where a content's sales drop to zero.  In this case, this might be an indication of content being unavailable in iTunes due to number of reasons. I don’t see any sales for a particular item, why? This can be an indication of an item not being available in the store for different reasons. Check the product availability in iTunes Connect and ensure that the latest contracts are agreed to and in place. How can I identify refunds? Sales and Trends reports expose refunds to allow you to monitor refund rate by product. You will see a negative unit value for refund transactions. Why there are refunds on my reports? We will provide a refund if the customer experience was in our opinion unsatisfactory (generally quality issues). One thing you can monitor on your reports is the rate of refunds and the content that is refunded since it is an indication of quality issues with your content. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 29Appendix K - Sample Sales Report The following is a sample Sales report to help you interpret its contents. Price fields are dependent on the storefront 1 from which the customer purchases the app, and the price of the app at the time of purchase 2 . (For complete field definitions see Appendix A) Reading the Report The example above is the most likely scenario you will see: ■ SKU – “SKU1” is the SKU attached to this app by the developer. ■ Developer – “Vendor” is the name that the app is sold under on the store ■ Title – “App-1” is the name of the app ■ Product Type Identifier – “1” denotes the type of transaction (initial download) ■ Units – “352” is the number of units sold for a given day/week ■ Developer Proceeds – “3.65” is proceeds, net of commission, you will receive for each sale of the app ■ Customer Currency – “GBP” (Great Britain Pounds) is the currency in which the customer purchased the app ■ Currency of Proceeds – “GBP” (Great Britain Pounds) is the currency in which your proceeds were earned for the app ■ Customer Price – “5.99” is the price paid by the customer for the app Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 30 1 As new territories are added, storefronts will further differentiate records 2 If you change your price during the reporting period, the report will show multiple price points for the same countryAdditional Reporting Scenarios We have provided some additional scenarios and sample extract to help you further understand your reports. In your reports the Product Type Identifier denotes the type of transaction (See Appendix E for a list of all types). The Product Type Identifier must be taken into account in all of the following scenarios. Scenario 1 (Product Type Identifier=1; Units=16; Developer Proceeds=4.86) This is similar to the first line; the Developer Proceeds value will always be greater than zero for all paid apps and zero for free apps. Scenario 2 (Product Type Identifier=7; Units=1; Developer Proceeds=0) Certain line items will have 0 in the Developer Proceeds field. Even if you only have paid apps on the store, the Developer Proceeds will be 0 for all updates (Product Type Identifier = 7). Scenario 3 (Product Type Identifier=1; Units=-1; Developer Proceeds=7; Customer Price=-9.99) You may see negative units when a customer returns a product. All returns will have a Product Type Identifier of 1 and both Units and Customer Price will be a negative value. Refer to Appendix J for additional information on returns. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 31Appendix L – Other Uses Below you will see some sample ideas that the data can be used for on a daily basis. 1. Business Health Monitoring By tracking volume of sales per unit or revenue, the health of your business can be tracked. Sudden drop in sales may indicate issues such as top seller being not available any more. 2. Content Quality Issues By tracking the refunds, you can identify and replace the asset that is being refunded to the customer if the refunds are specific to one or more items. Typical ratio of refunds to overall sales shall not exceed 0.10%. 3. Pricing Issues When organizations get larger, it is always challenging to have fast/efficient communication between the operational teams that are providing the metadata to iTunes and the Management, Marketing, Finance and Business Development team. Tracking pricing will indicate any disconnect between different groups and will provide opportunity to fix issues sooner and minimize the impact. 4. Price Elasticity We believe that careful management of price can increase your sales. By using the reports you can monitor percent change in sales in correlation with a percent change in customer price. If applied correctly this type of analysis will help you set the best price for your product to maximize your revenue. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 32Appendix M - Newsstand Report Field Definitions The definitions apply to Newsstand reports. Report Field Report Data Type Values Notes Provider CHAR(5) - APPLE Up to 5 Characters The service provider in your reports will typically be Apple Provider Country CHAR(2) - US Up to 2 Characters The service provider country code will typically be US SKU VARCHAR(100) Up to 100 Characters This is a product identifier provided by you when the app is set up Developer VARCHAR(4000) Up to 4000 Characters You provided this on initial setup. Title VARCHAR(600) Up to 600 Characters You provided this when setting up the app Version VARCHAR(100) Up to 100 Characters You provided this when setting up the app Product Type Identifier VARCHAR(20) Up to 20 Characters This field defines the type of transaction (e.g. initial download, update, etc) – See Appendix E Units DECIMAL(18,2) Up to 18 Characters This is the aggregated number of units Developer Proceeds (per item) DECIMAL(18,2) Up to 18 Characters Your proceeds for each item delivered Customer Currency CHAR(3) Up to 3 Characters Three character ISO code indicates the currency the customer paid in - See Appendix H Country Code CHAR(2) Up to 2 Characters Two character ISO country code indicates what App Store the purchase occurred in – See Appendix F Currency of Proceeds CHAR(3) Up to 3 Characters Currency your proceeds are earned in – See Appendix H Apple Identifier DECIMAL(18,0) Up to 18 Characters This is Apple's unique identifier. If you have questions about a product, it is best to include this identifier. Customer Price DECIMAL(18,2) Up to 18 Characters Retail Price displayed on the App Store and charged to the customer. Promo Code VARCHAR(10) Up to 10 Characters If the transaction was part of a promotion this field will contain a value. For all non-promotional items this field will be blank - See Appendix G Parent Identifier VARCHAR(100) Up to 100 Characters For In-App Purchases this will be populated with the SKU from the originating app. Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 33Subscription VARCHAR(10) Up to 10 Characters This field defines whether an auto-renewable subscription purchase is a new purchase or a renewal. See Appendix I. Period VARCHAR(30) Up to 30 Characters This field defines the duration of an auto-renewable subscription purchase. See Appendix I. Download Date (PST) TIMESTAMP(0) Date in MM/DD/YYYY Download Date Customer Identifier DECIMAL(18,0) Up to 18 Characters Customer Identification Report Date (Local) DATE Date in MM/DD/YYYY Report Date Sales/Return CHAR(1) Up to 1 character S or R; R is always a refund, R is not a reversal Apple Inc. iTunes Connect Sales and Trends Guide, App Store Version 5.3  iTunes Connect Sales and Trends Guide, App Store (Version 5.3, August 2012) 34 Secure Coding GuideContents Introduction to Secure Coding Guide 7 At a Glance 7 Hackers, Crackers, and Attackers 7 No Platform Is Immune 8 How to Use This Document 9 See Also 10 Types of Security Vulnerabilities 11 Buffer Overflows 11 Unvalidated Input 12 Race Conditions 13 Interprocess Communication 13 Insecure File Operations 13 Access Control Problems 14 Secure Storage and Encryption 15 Social Engineering 16 Avoiding Buffer Overflows and Underflows 17 Stack Overflows 18 Heap Overflows 20 String Handling 22 Calculating Buffer Sizes 25 Avoiding Integer Overflows and Underflows 27 Detecting Buffer Overflows 28 Avoiding Buffer Underflows 29 Validating Input and Interprocess Communication 33 Risks of Unvalidated Input 33 Causing a Buffer Overflow 33 Format String Attacks 34 URLs and File Handling 36 Code Insertion 37 Social Engineering 37 Modifications to Archived Data 38 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 2Fuzzing 39 Interprocess Communication and Networking 40 Race Conditions and Secure File Operations 43 Avoiding Race Conditions 43 Time of Check Versus Time of Use 44 Signal Handling 46 Securing Signal Handlers 46 Securing File Operations 47 Check Result Codes 47 Watch Out for Hard Links 48 Watch Out for Symbolic Links 49 Case-Insensitive File Systems Can Thwart Your Security Model 49 Create Temporary Files Correctly 50 Files in Publicly Writable Directories Are Dangerous 51 Other Tips 57 Elevating Privileges Safely 59 Circumstances Requiring Elevated Privileges 59 The Hostile Environment and the Principle of Least Privilege 60 Launching a New Process 61 Executing Command-Line Arguments 61 Inheriting File Descriptors 61 Abusing Environment Variables 62 Modifying Process Limits 62 File Operation Interference 63 Avoiding Elevated Privileges 63 Running with Elevated Privileges 63 Calls to Change Privilege Level 64 Avoiding Forking Off a Privileged Process 65 authopen 65 launchd 66 Limitations and Risks of Other Mechanisms 67 Factoring Applications 69 Example: Preauthorizing 69 Helper Tool Cautions 71 Authorization and Trust Policies 72 Security in a KEXT 72 Designing Secure User Interfaces 73 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 3 ContentsUse Secure Defaults 73 Meet Users’ Expectations for Security 74 Secure All Interfaces 75 Place Files in Secure Locations 75 Make Security Choices Clear 76 Fight Social Engineering Attacks 78 Use Security APIs When Possible 79 Designing Secure Helpers and Daemons 81 Avoid Puppeteering 81 Use Whitelists 82 Use Abstract Identifiers and Structures 82 Use the Smell Test 83 Treat Both App and Helper as Hostile 83 Run Daemons as Unique Users 84 Start Other Processes Safely 84 Security Development Checklists 86 Use of Privilege 86 Data, Configuration, and Temporary Files 88 Network Port Use 89 Audit Logs 91 Client-Server Authentication 93 Integer and Buffer Overflows 97 Cryptographic Function Use 97 Installation and Loading 98 Use of External Tools and Libraries 100 Kernel Security 101 Third-Party Software Security Guidelines 103 Respect Users’ Privacy 103 Provide Upgrade Information 103 Store Information in Appropriate Places 103 Avoid Requiring Elevated Privileges 104 Implement Secure Development Practices 104 Test for Security 104 Helpful Resources 105 Document Revision History 106 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 4 ContentsGlossary 107 Index 110 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 5 ContentsFigures, Tables, and Listings Avoiding Buffer Overflows and Underflows 17 Figure 2-1 Schematic view of the stack 19 Figure 2-2 Stack after malicious buffer overflow 20 Figure 2-3 Heap overflow 21 Figure 2-4 C string handling functions and buffer overflows 22 Figure 2-5 Buffer overflow crash log 29 Table 2-1 String functions to use and avoid 23 Table 2-2 Avoid hard-coded buffer sizes 25 Table 2-3 Avoid unsafe concatenation 26 Race Conditions and Secure File Operations 43 Table 4-1 C file functions to avoid and to use 55 Elevating Privileges Safely 59 Listing 5-1 Non-privileged process 70 Listing 5-2 Privileged process 71 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 6Secure coding is the practice of writing programs that are resistant to attack by malicious or mischievous people or programs. Secure coding helps protect a user’s data from theft or corruption. In addition, an insecure program can provide accessfor an attacker to take control of a server or a user’s computer, resulting in anything from a denial of service to a single user to the compromise of secrets, loss of service, or damage to the systems of thousands of users. Secure coding is important for all software; if you write any code that runs on Macintosh computers or on iOS devices, from scripts for your own use to commercial software applications, you should be familiar with the information in this document. At a Glance Every program is a potential target. Attackers will try to find security vulnerabilities in your applications or servers. They will then try to use these vulnerabilities to steal secrets, corrupt programs and data, and gain control of computer systems and networks. Your customers’ property and your reputation are at stake. Security is notsomething that can be added to software as an afterthought; just as a shed made out of cardboard cannot be made secure by adding a padlock to the door, an insecure tool or application may require extensive redesign to secure it. You must identify the nature of the threats to your software and incorporate secure coding practices throughout the planning and development of your product. This chapter explains the types of threatsthat yoursoftware may face. Other chaptersin this document describe specific types of vulnerabilities and give guidance on how to avoid them. Hackers, Crackers, and Attackers Contrary to the usage by most news media, within the computer industry the term hacker refers to an expert programmer—one who enjoyslearning about the intricacies of code or an operating system. In general, hackers are not malicious. When most hackers find security vulnerabilities in code, they inform the company or organization that’s responsible for the code so that they can fix the problem. Some hackers—especially if they feel their warnings are being ignored—publish the vulnerabilities or even devise and publish exploits (code that takes advantage of the vulnerability). 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 7 Introduction to Secure Coding GuideThe malicious individuals who break into programs and systems in order to do damage or to steal something are referred to as crackers, attackers, or black hats. Most attackers are not highly skilled, but take advantage of published exploit code and known techniques to do their damage. People (usually, though not always, young men) who use published code (scripts) to attack software and computer systems are sometimes called script kiddies. Attackers may be motivated by a desire to steal money, identities, and othersecretsfor personal gain; corporate secrets for their employer’s or their own use; or state secrets for use by hostile governments or terrorist organizations. Some crackers break into applications or operating systems just to show that they can do it; nevertheless, they can cause considerable damage. Because attacks can be automated and replicated, any weakness, no matter how slight, can be exploited. The large number of insiders who are attacking systems is of importance to security design because, whereas malicious hackers and script kiddies are most likely to rely on remote access to computers to do their dirty work, insiders might have physical access to the computer being attacked. Your software must be resistant to both attacks over a network and attacks by people sitting at the computer keyboard—you cannot rely on firewalls and server passwords to protect you. No Platform Is Immune So far, OS X has not fallen prey to any major, automated attack like the MyDoom virus. There are several reasons for this. One is that OS X is based on open source software such as BSD; many hackers have searched this software over the years looking for security vulnerabilities, so that not many vulnerabilities remain. Another is that the OS X turns off all routable networking services by default. Also, the email and internet clients used most commonly on OS X do not have privileged access to the operating system and are less vulnerable to attack than those used on some other common operating systems. Finally, Apple actively reviewsthe operating system and applications for security vulnerabilities, and issues downloadable security updates frequently. iOS is based on OS X and shares many of its security characteristics. In addition, it is inherently more secure than even OS X because each application is restricted in the files and system resources it can access. Beginning in version 10.7, Mac apps can opt into similar protection. That’s the good news. The bad news is that applications and operating systems are constantly under attack. Every day, black hat hackers discover new vulnerabilities and publish exploit code. Criminals and script kiddies then use that exploit code to attack vulnerable systems. Also, security researchers have found many vulnerabilities on a variety of systems that, if exploited, could have resulted in loss of data, allowing an attacker to steal secrets, or enabling an attacker to run code on someone else’s computer. Introduction to Secure Coding Guide At a Glance 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 8A large-scale, widespread attack is not needed to cause monetary and other damages; a single break-in is sufficient if the system broken into contains valuable information. Although major attacks of viruses or worms get a lot of attention from the media, the destruction or compromising of data on a single computer is what matters to the average user. For your users’sake, you should take every security vulnerability seriously and work to correct known problems quickly. If every Macintosh and iOS developer followsthe advice in this document and other books on electronic security, and if the owner of each Macintosh takes common-sense precautions such as using strong passwords and encrypting sensitive data, then OS X and iOS will maintain their reputationsfor being safe, reliable operating systems, and your company’s products will benefit from being associated with OS X or iOS. How to Use This Document This document assumes that you have already read Security Overview. The document begins with “Types of Security Vulnerabilities” (page 11), which gives a brief introduction to the nature of each of the types of security vulnerability commonly found in software. This chapter provides background information that you should understand before reading the other chapters in the document. If you’re not sure what a race condition is, for example, or why it poses a security risk, this chapter is the place to start. The remaining chapters in the document discuss specific types of security vulnerabilities in some detail. These chapters can be read in any order, or as suggested by the software development checklist in “Security Development Checklists” (page 86). ● “Avoiding Buffer Overflows And Underflows” (page 17) describes the various types of buffer overflows and explains how to avoid them. ● “Validating Input And Interprocess Communication” (page 33) discusses why and how you must validate every type of input your program receives from untrusted sources. ● “Race Conditions and Secure File Operations” (page 43) explains how race conditions occur, discusses ways to avoid them, and describes insecure and secure file operations. ● “Elevating Privileges Safely” (page 59) describes how to avoid running code with elevated privileges and what to do if you can’t avoid it entirely. ● “Designing Secure User Interfaces” (page 73) discusses how the user interface of a program can enhance or compromise security and gives some guidance on how to write a security-enhancing UI. ● “Designing Secure Helpers And Daemons” (page 81) describes how to design helper applications in ways that are conducive to privilege separation. Introduction to Secure Coding Guide How to Use This Document 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 9In addition, the appendix “Security Development Checklists” (page 86) provides a convenient list of tasks that you should perform before shipping an application, and the appendix “Third-Party Software Security Guidelines” (page 103) provides a list of guidelines for third-party applications bundled with OS X. See Also This document concentrates on security vulnerabilities and programming practices of special interest to developers using OS X or iOS. For discussions of secure programming of interest to all programmers, see the following books and documents: ● See Viega and McGraw, Building Secure Software , Addison Wesley, 2002; for a general discussion of secure programming, especially as it relates to C programming and writing scripts. ● SeeWheeler, Secure Programming for Linux andUnixHOWTO, available athttp://www.dwheeler.com/secureprograms/; for discussions ofseveral types ofsecurity vulnerabilities and programming tipsfor UNIX-based operating systems, most of which apply to OS X. ● See Cranor and Garfinkel, Security and Usability: Designing Secure Systems that People Can Use , O’Reilly, 2005; for information on writing user interfaces that enhance security. For documentation of security-related application programming interfaces (APIs) for OS X (and iOS, where noted), see the following Apple documents: ● For an introduction to some security concepts and to learn about the security features available in OS X, see Security Overview. ● For information on secure networking, see Cryptographic Services Guide , Secure Transport Reference and CFNetwork Programming Guide . ● For information on OS X authorization and authentication APIs, see Authentication, Authorization, and Permissions Guide , Authorization Services Programming Guide , Authorization Services C Reference , and Security Foundation Framework Reference . ● If you are using digital certificates for authentication, see Cryptographic Services Guide , Certificate, Key, and Trust Services Reference (iOS version available) and Certificate, Key, and Trust Services Programming Guide . ● For secure storage of passwords and other secrets, see Cryptographic Services Guide , Keychain Services Reference (iOS version available) and Keychain Services Programming Guide . For information about security in web application design, visit http://www.owasp.org/. Introduction to Secure Coding Guide See Also 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 10Most software security vulnerabilities fall into one of a small set of categories: ● buffer overflows ● unvalidated input ● race conditions ● access-control problems ● weaknesses in authentication, authorization, or cryptographic practices This chapter describes the nature of each type of vulnerability. Buffer Overflows A buffer overflow occurs when an application attempts to write data past the end (or, occasionally, past the beginning) of a buffer. Buffer overflows can cause applications to crash, can compromise data, and can provide an attack vector for further privilege escalation to compromise the system on which the application is running. Books on software security invariably mention buffer overflows as a major source of vulnerabilities. Exact numbers are hard to come by, but as an indication, approximately 20% of the published exploits reported by the United States Computer Emergency Readiness Team (US-CERT) for 2004 involved buffer overflows. Any application or system software that takes input from the user, from a file, or from the network has to store that input, at least temporarily. Except in special cases, most application memory isstored in one of two places: ● stack—A part of an application’s addressspace thatstores data that isspecific to a single call to a particular function, method, block, or other equivalent construct. ● heap—General purpose storage for an application. Data stored in the heap remains available as long as the application is running (or until the application explicitly tells the operating system that it no longer needs that data). Class instances, data allocated with malloc, core foundation objects, and most other application data resides on the heap. (Note, however, that the local variables that actually point to the data are stored in the stack.) 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 11 Types of Security VulnerabilitiesBuffer overflow attacks generally occur by compromising either the stack, the heap, or both. For more information, read “Avoiding Buffer Overflows And Underflows” (page 17) Unvalidated Input As a general rule, you should check all input received by your program to make sure that the data isreasonable. For example, a graphics file can reasonably contain an image that is 200 by 300 pixels, but cannot reasonably contain an image that is 200 by -1 pixels. Nothing prevents a file from claiming to contain such an image, however (apart from convention and common sense). A naive program attempting to read such a file would attempt to allocate a buffer of an incorrect size, leading to the potential for a heap overflow attack or other problem. For this reason, you must check your input data carefully. This process is commonly known as input validation or sanity checking. Any input received by your program from an untrusted source is a potential target for attack. (In this context, an ordinary user is an untrusted source.) Examples of input from an untrusted source include (but are not restricted to): ● text input fields ● commands passed through a URL used to launch the program ● audio, video, or graphics files provided by users or other processes and read by the program ● command line input ● any data read from an untrusted server over a network ● any untrusted data read from a trusted server over a network (user-submitted HTML or photos on a bulletin board, for example) Hackers look at every source of input to the program and attempt to pass in malformed data of every type they can imagine. If the program crashes or otherwise misbehaves, the hacker then triesto find a way to exploit the problem. Unvalidated-input exploits have been used to take control of operating systems, steal data, corrupt users’ disks, and more. One such exploit was even used to “jail break” iPhones. “Validating Input And Interprocess Communication” (page 33) describes common types of input-validation vulnerabilities and what to do about them. Types of Security Vulnerabilities Unvalidated Input 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 12Race Conditions A race condition exists when changes to the order of two or more events can cause a change in behavior. If the correct order of execution is required for the proper functioning of the program, this is a bug. If an attacker can take advantage of the situation to insert malicious code, change a filename, or otherwise interfere with the normal operation of the program, the race condition is a security vulnerability. Attackers can sometimes take advantage of small time gaps in the processing of code to interfere with the sequence of operations, which they then exploit. For more information about race conditions and how to prevent them, read “Race Conditions and Secure File Operations” (page 43). Interprocess Communication Separate processes—either within a single program or in two different programs—sometimes have to share information. Common methods include using shared memory or using some messaging protocol, such as Sockets, provided by the operating system. These messaging protocols used for interprocess communication are often vulnerable to attack; thus, when writing an application, you must always assume that the process at the other end of your communication channel could be hostile. For more information on how to perform secure interprocess communication, read “Validating Input And Interprocess Communication” (page 33). Insecure File Operations In addition to time-of-check–time-of-use problems, many other file operations are insecure. Programmers often make assumptions about the ownership, location, or attributes of a file that might not be true. For example, you might assume that you can always write to a file created by your program. However, if an attacker can change the permissions or flags on that file after you create it, and if you fail to check the result code after a write operation, you will not detect the fact that the file has been tampered with. Examples of insecure file operations include: ● writing to or reading from a file in a location writable by another user ● failing to make the right checks for file type, device ID, links, and other settings before using a file ● failing to check the result code after a file operation ● assuming that if a file has a local pathname, it has to be a local file These and other insecure file operations are discussed in more detail in “Securing File Operations” (page 47). Types of Security Vulnerabilities Race Conditions 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 13Access Control Problems Access control is the process of controlling who is allowed to do what. This ranges from controlling physical access to a computer—keeping your servers in a locked room, for example—to specifying who has access to a resource (a file, for example) and what they are allowed to do with that resource (such as read only). Some access control mechanisms are enforced by the operating system,some by the individual application orserver, some by a service (such as a networking protocol) in use. Many security vulnerabilities are created by the careless or improper use of access controls, or by the failure to use them at all. Much of the discussion of security vulnerabilities in the software security literature is in terms of privileges, and many exploits involve an attacker somehow gaining more privileges than they should have. Privileges, also called permissions, are access rights granted by the operating system, controlling who is allowed to read and write files, directories, and attributes of files and directories (such as the permissions for a file), who can execute a program, and who can perform other restricted operations such as accessing hardware devices and making changes to the network configuration. File permissions and access control in OS X are discussed in File System Programming Guide . Of particular interest to attackers is the gaining of root privileges, which refers to having the unrestricted permission to perform any operation on the system. An application running with root privileges can access everything and change anything. Many security vulnerabilities involve programming errors that allow an attacker to obtain root privileges. Some such exploits involve taking advantage of buffer overflows or race conditions, which in some special circumstances allow an attacker to escalate their privileges. Others involve having access to system files that should be restricted or finding a weakness in a program—such as an application installer—that is already running with root privileges. For this reason, it’s important to always run programs with as few privileges as possible. Similarly, when it is necessary to run a program with elevated privileges, you should do so for as short a time as possible. Much access control is enforced by applications, which can require a user to authenticate before granting authorization to perform an operation. Authentication can involve requesting a user name and password, the use of a smart card, a biometric scan, or some other method. If an application calls the OS X Authorization Services application interface to authenticate a user, it can automatically take advantage of whichever authentication method is available on the user’s system. Writing your own authentication code is a less secure alternative, as it might afford an attacker the opportunity to take advantage of bugs in your code to bypass your authentication mechanism, or it might offer a less secure authentication method than the standard one used on the system. Authorization and authentication are described further in Security Overview. Digital certificates are commonly used—especially over the Internet and with email—to authenticate users and servers, to encrypt communications, and to digitally sign data to ensure that it has not been corrupted and was truly created by the entity that the user believes to have created it. Incorrect or careless use of digital certificates can lead to security vulnerabilities. For example, a server administration program shipped with a Types of Security Vulnerabilities Access Control Problems 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 14standard self-signed certificate, with the intention that the system administrator would replace it with a unique certificate. However, many system administrators failed to take this step, with the result that an attacker could decrypt communication with the server. [CVE-2004-0927] It’s worth noting that nearly all access controls can be overcome by an attacker who has physical access to a machine and plenty of time. For example, no matter what you set a file’s permissions to, the operating system cannot prevent someone from bypassing the operating system and reading the data directly off the disk. Only restricting access to the machine itself and the use of robust encryption techniques can protect data from being read or corrupted under all circumstances. The use of access controls in your program is discussed in more detail in “Elevating Privileges Safely” (page 59). Secure Storage and Encryption Encryption can be used to protect a user’s secrets from others, either during data transmission or when the data is stored. (The problem of how to protect a vendor’s data from being copied or used without permission is not addressed here.) OS X provides a variety of encryption-based security options, such as ● FileVault ● the ability to create encrypted disk images ● keychain ● certificate-based digital signatures ● encryption of email ● SSL/TLS secure network communication ● Kerberos authentication The list of security options in iOS includes ● passcode to prevent unauthorized use of the device ● data encryption ● the ability to add a digital signature to a block of data ● keychain ● SSL/TLS secure network communication Types of Security Vulnerabilities Secure Storage and Encryption 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 15Each service has appropriate uses, and each haslimitations. For example, FileVault, which encryptsthe contents of a user’s root volume (in OS X v10.7 and later) or home directory (in earlier versions), is a very important security feature for shared computers or computers to which attackers might gain physical access, such as laptops. However, it is not very helpful for computers that are physically secure but that might be attacked over the network while in use, because in that case the home directory is in an unencrypted state and the threat is from insecure networks or shared files. Also, FileVault is only as secure as the password chosen by the user—if the userselects an easily guessed password, or writesit down in an easily found location, the encryption is useless. It is a serious mistake to try to create your own encryption method or to implement a published encryption algorithm yourself unless you are already an expert in the field. It is extremely difficult to write secure, robust encryption code that generates unbreakable ciphertext, and it is almost always a security vulnerability to try. For OS X, if you need cryptographic services beyond those provided by the OS X user interface and high-level programming interfaces, you can use the open-source CSSM Cryptographic Services Manager. See the documentation provided with the Open Source security code, which you can download at http://developer.apple.com/darwin/projects/security/. For iOS, the development APIs should provide all the services you need. For more information about OS X and iOS security features, read Authentication, Authorization, and Permissions Guide . Social Engineering Often the weakest link in the chain ofsecurity features protecting a user’s data and software isthe user himself. As developers eliminate buffer overflows, race conditions, and othersecurity vulnerabilities, attackersincreasingly concentrate on fooling users into executing malicious code or handing over passwords, credit-card numbers, and other private information. Tricking a user into giving up secrets or into giving access to a computer to an attacker is known as social engineering. For example, in February of 2005, a large firm that maintains credit information, Social Security numbers, and other personal information on virtually all U.S. citizens revealed that they had divulged information on at least 150,000 people to scam artists who had posed as legitimate businessmen. According to Gartner (www.gartner.com), phishing attacks cost U.S. banks and credit card companies about $1.2 billion in 2003, and this number is increasing. They estimate that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing. Software developers can counter such attacks in two ways: through educating their users, and through clear and well-designed user interfaces that give users the information they need to make informed decisions. For more advice on how to design a user interface that enhances security, see “Designing Secure User Interfaces” (page 73). Types of Security Vulnerabilities Social Engineering 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 16Buffer overflows, both on the stack and on the heap, are a major source of security vulnerabilities in C, Objective-C, and C++ code. This chapter discusses coding practicesthat will avoid buffer overflow and underflow problems, lists tools you can use to detect buffer overflows, and provides samples illustrating safe code. Every time your program solicits input (whether from a user, from a file, over a network, or by some other means), there is a potential to receive inappropriate data. For example, the input data might be longer than what you have reserved room for in memory. When the input data islonger than will fit in the reserved space, if you do not truncate it, that data will overwrite other data in memory. When this happens, it is called a buffer overflow. If the memory overwritten contained data essential to the operation of the program, this overflow causes a bug that, being intermittent, might be very hard to find. If the overwritten data includes the address of other code to be executed and the user has done this deliberately, the user can point to malicious code that your program will then execute. Similarly, when the input data is or appearsto be shorter than the reserved space (due to erroneous assumptions, incorrect length values, or copying raw data as a C string), this is called a buffer underflow. This can cause any number of problems from incorrect behavior to leaking data that is currently on the stack or heap. Although most programming languages check input againststorage to prevent buffer overflows and underflows, C, Objective-C, and C++ do not. Because many programs link to C libraries, vulnerabilities in standard libraries can cause vulnerabilities even in programs written in “safe” languages. For thisreason, even if you are confident that your code isfree of buffer overflow problems, you should limit exposure by running with the least privileges possible. See “Elevating Privileges Safely” (page 59) for more information on this topic. Keep in mind that obvious forms of input, such as strings entered through dialog boxes, are not the only potential source of malicious input. For example: 1. Buffer overflowsin one operating system’s help system could be caused by maliciously prepared embedded images. 2. A commonly-used media player failed to validate a specific type of audio files, allowing an attacker to execute arbitrary code by causing a buffer overflow with a carefully crafted audio file. [ 1 CVE-2006-1591 2 CVE-2006-1370] There are two basic categories of overflow: stack overflows and heap overflows. These are described in more detail in the sections that follow. 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 17 Avoiding Buffer Overflows and UnderflowsStack Overflows In most operating systems, each application has a stack (and multithreaded applications have one stack per thread). This stack contains storage for locally scoped data. The stack is divided up into units called stack frames. Each stack frame contains all data specific to a particular call to a particular function. This data typically includes the function’s parameters, the complete set of local variables within that function, and linkage information—that is, the address of the function call itself, where execution continues when the function returns). Depending on compiler flags, it may also contain the address of the top of the next stack frame. The exact content and order of data on the stack depends on the operating system and CPU architecture. Each time a function is called, a new stack frame is added to the top of the stack. Each time a function returns, the top stack frame is removed. At any given point in execution, an application can only directly access the data in the topmost stack frame. (Pointers can get around this, but it is generally a bad idea to do so.) This design makes recursion possible because each nested call to a function gets its own copy of local variables and parameters. Avoiding Buffer Overflows and Underflows Stack Overflows 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 18Figure 2-1 illustrates the organization of the stack. Note that this figure is schematic only; the actual content and order of data put on the stack depends on the architecture of the CPU being used. See OS X ABI Function Call Guide for descriptions of the function-calling conventions used in all the architectures supported by OS X. Figure 2-1 Schematic view of the stack Function A Function B Function C Function A data Parameters for call to function B Function A return address Function B data Parameters for call to function C Function B return address Function C data Space for parameters for next subroutine call Function C return address In general, an application should check all input data to make sure it is appropriate for the purpose intended (for example, making sure that a filename is of legal length and contains no illegal characters). Unfortunately, in many cases, programmers do not bother, assuming that the user will not do anything unreasonable. This becomes a serious problem when the application stores that data into a fixed-size buffer. If the user is malicious (or opens a file that contains data created by someone who is malicious), he or she might provide data that is longer than the size of the buffer. Because the function reserves only a limited amount of space on the stack for this data, the data overwrites other data on the stack. As shown in Figure 2-2, a clever attacker can use this technique to overwrite the return address used by the function, substituting the address of his own code. Then, when function C completes execution, rather than returning to function B, it jumps to the attacker’s code. Avoiding Buffer Overflows and Underflows Stack Overflows 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 19Because the application executes the attacker’s code, the attacker’s code inherits the user’s permissions. If the user islogged on as an administrator (the default configuration in OS X), the attacker can take complete control of the computer, reading data from the disk, sending emails, and so forth. (In iOS, applications are much more restricted in their privileges and are unlikely to be able to take complete control of the device.) Figure 2-2 Stack after malicious buffer overflow Function A Function B Function C Function A data Parameters for call to function B Function A return address Function B data Parameters for call to function C Function B return address Function C data Space for parameters for next subroutine call Function C return address Parameter overflow Address of attackerʼs code In addition to attacks on the linkage information, an attacker can also alter program operation by modifying local data and function parameters on the stack. For example, instead of connecting to the desired host, the attacker could modify a data structure so that your application connects to a different (malicious) host. Heap Overflows As mentioned previously, the heap is used for all dynamically allocated memory in your application. When you use malloc, new, or equivalent functions to allocate a block of memory or instantiate an object, the memory that backs those pointers is allocated on the heap. Avoiding Buffer Overflows and Underflows Heap Overflows 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 20Because the heap is used to store data but is not used to store the return address value of functions and methods, and because the data on the heap changes in a nonobvious way as a program runs, it is less obvious how an attacker can exploit a buffer overflow on the heap. To some extent, it is this nonobviousness that makes heap overflows an attractive target—programmers are less likely to worry about them and defend against them than they are for stack overflows. Figure 2-1 illustrates a heap overflow overwriting a pointer. Figure 2-3 Heap overflow Buffer overflow Data Buffer Data Pointer Data Data Data Data In general, exploiting a buffer overflow on the heap is more challenging than exploiting an overflow on the stack. However, many successful exploits have involved heap overflows. There are two ways in which heap overflows are exploited: by modifying data and by modifying objects. An attacker can exploit a buffer overflow on the heap by overwriting critical data, either to cause the program to crash or to change a value that can be exploited later (overwriting a stored user ID to gain additional access, for example). Modifying this data is known as a non-control-data attack. Much of the data on the heap is generated internally by the program rather than copied from user input;such data can be in relatively consistent locations in memory, depending on how and when the application allocates it. Avoiding Buffer Overflows and Underflows Heap Overflows 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 21An attacker can also exploit a buffer overflow on the heap by overwriting pointers. In many languages such as C++ and Objective-C, objects allocated on the heap contain tables of function and data pointers. By exploiting a buffer overflow to change such pointers, an attacker can potentially substitute different data or even replace the instance methods in a class object. Exploiting a buffer overflow on the heap might be a complex, arcane problem to solve, but crackers thrive on just such challenges. For example: 1. A heap overflow in code for decoding a bitmap image allowed remote attackersto execute arbitrary code. 2. A heap overflow vulnerability in a networking server allowed an attacker to execute arbitrary code by sending an HTTP POST request with a negative “Content-Length” header. [ 1 CVE-2006-0006 2 CVE-2005-3655] String Handling Strings are a common form of input. Because many string-handling functions have no built-in checks for string length, strings are frequently the source of exploitable buffer overflows. Figure 2-4 illustrates the different ways three string copy functions handle the same over-length string. Figure 2-4 C string handling functions and buffer overflows L A R G E R \0 L A R G E L A R G \0 Char destination[5]; char *source = “LARGER”; strcpy(destination, source); strncpy(destination, source, sizeof(destination)); strlcpy(destination, source, sizeof(destination)); As you can see, the strcpy function merely writes the entire string into memory, overwriting whatever came after it. The strncpy function truncates the string to the correct length, but without the terminating null character. When this string is read, then, all of the bytes in memory following it, up to the next null character, might be read as part of the string. Although this function can be used safely, it is a frequent source of programmer Avoiding Buffer Overflows and Underflows String Handling 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 22mistakes, and thus is regarded as moderately unsafe. To safely use strncpy, you must either explicitly zero the last byte of the buffer after calling strncpy or pre-zero the buffer and then pass in a maximum length that is one byte smaller than the buffer size. Only the strlcpy function is fully safe, truncating the string to one byte smaller than the buffer size and adding the terminating null character. Table 2-1 summarizes the common C string-handling routines to avoid and which to use instead. Table 2-1 String functions to use and avoid Don’t use these functions Use these instead strcat strlcat strcpy strlcpy strncat strlcat strncpy strlcpy snprintf or asprintf (See note) sprintf vsnprintf or vasprintf (See note) vsprintf fgets (See note) gets Avoiding Buffer Overflows and Underflows String Handling 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 23Security Note for snprintf and vsnprintf: The functions snprintf, vsnprintf, and variants are dangerous if used incorrectly. Although they do behave functionally like strlcat and similar in that they limit the bytes written to n-1, the length returned by these functions is the length that would have been printed if n were infinite . For this reason, you must not use this return value to determine where to null-terminate the string or to determine how many bytes to copy from the string at a later time. Security Note for fgets: Although the fgets function provides the ability to read a limited amount of data, you must be careful when using it. Like the other functions in the “safer” column, fgets alwaysterminatesthe string. However, unlike the other functionsin that column, it takes a maximum number of bytes to read, not a buffer size. In practical terms, this means that you must always pass a size value that is one fewer than the size of the buffer to leave room for the null termination. If you do not, the fgets function will dutifully terminate the string past the end of your buffer, potentially overwriting whatever byte of data follows it. You can also avoid string handling buffer overflows by using higher-level interfaces. ● If you are using C++, the ANSI C++ string class avoids buffer overflows, though it doesn’t handle non-ASCII encodings (such as UTF-8). ● If you are writing code in Objective-C, use the NSString class. Note that an NSString object has to be converted to a C string in order to be passed to a C routine, such as a POSIX function. ● If you are writing code in C, you can use the Core Foundation representation of a string, referred to as a CFString, and the string-manipulation functions in the CFString API. The Core Foundation CFString is “toll-free bridged” with its Cocoa Foundation counterpart, NSString. This means that the Core Foundation type is interchangeable in function or method calls with its equivalent Foundation object. Therefore, in a method where you see an NSString * parameter, you can pass in a value of type CFStringRef, and in a function where you see a CFStringRef parameter, you can pass in an NSString instance. This also applies to concrete subclasses of NSString. See CFString Reference , Foundation Framework Reference , and Carbon-Cocoa IntegrationGuide formore details on using these representations of strings and on converting between CFString objects and NSString objects. Avoiding Buffer Overflows and Underflows String Handling 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 24Calculating Buffer Sizes When working with fixed-length buffers, you should always use sizeof to calculate the size of a buffer, and then make sure you don’t put more data into the buffer than it can hold. Even if you originally assigned a static size to the buffer, either you or someone else maintaining your code in the future might change the buffer size but fail to change every case where the buffer is written to. The first example, Table 2-2, shows two ways of allocating a character buffer 1024 bytes in length, checking the length of an input string, and copying it to the buffer. Table 2-2 Avoid hard-coded buffer sizes Instead of this: Do this: #define BUF_SIZE 1024 ... char buf[BUF_SIZE]; ... if (size < BUF_SIZE) { ... } char buf[1024]; ... if (size <= 1023) { ... } char buf[1024]; ... if (size < sizeof(buf)) { ... } char buf[1024]; ... if (size < 1024) { ... } The two snippets on the left side are safe as long as the original declaration of the buffer size is never changed. However, if the buffer size gets changed in a later version of the program without changing the test, then a buffer overflow will result. The two snippets on the right side show safer versions of this code. In the first version, the buffer size is set using a constant that is set elsewhere, and the check uses the same constant. In the second version, the buffer is set to 1024 bytes, but the check calculates the actual size of the buffer. In either of these snippets, changing the original size of the buffer does not invalidate the check. TTable 2-3, shows a function that adds an .ext suffix to a filename. Avoiding Buffer Overflows and Underflows Calculating Buffer Sizes 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 25Table 2-3 Avoid unsafe concatenation Instead of this: Do this: { char file[MAX_PATH]; ... addsfx(file, sizeof(file)); ... } static *suffix = ".ext"; size_t addsfx(char *buf, uint size) { size_t ret = strlcat(buf, suffix, size); if (ret >= size) { fprintf(stderr, "Buffer too small....\n"); } return ret; } { char file[MAX_PATH]; ... addsfx(file); ... } static *suffix = ".ext"; char *addsfx(char *buf) { return strcat(buf, suffix); } Both versions use the maximum path length for a file as the buffer size. The unsafe version in the left column assumes that the filename does not exceed this limit, and appends the suffix without checking the length of the string. The safer version in the right column uses the strlcat function, which truncates the string if it exceeds the size of the buffer. Important: You should always use an unsigned variable (such as size_t) when calculating sizes of buffers and of data going into buffers. Because negative numbers are stored as large positive numbers, if you use signed variables, an attacker might be able to cause a miscalculation in the size of the buffer or data by writing a large number to your program. See “Avoiding Integer Overflows And Underflows” (page 27) for more information on potential problems with integer arithmetic. For a further discussion of this issue and a list of more functions that can cause problems, see Wheeler, Secure Programming for Linux and Unix HOWTO (http://www.dwheeler.com/secure-programs/). Avoiding Buffer Overflows and Underflows Calculating Buffer Sizes 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 26Avoiding Integer Overflows and Underflows If the size of a buffer is calculated using data supplied by the user, there is the potential for a malicious user to enter a number that is too large for the integer data type, which can cause program crashes and other problems. In two’s-complement arithmetic (used forsigned integer arithmetic by most modern CPUs), a negative number is represented by inverting all the bits of the binary number and adding 1. A 1 in the most-significant bit indicates a negative number. Thus, for 4-byte signed integers, 0x7fffffff = 2147483647, but 0x80000000 = -2147483648 Therefore, int 2147483647 + 1 = - 2147483648 If a malicious user specifies a negative number where your program is expecting only unsigned numbers, your program might interpret it as a very large number. Depending on what that number is used for, your program might attempt to allocate a buffer of thatsize, causing the memory allocation to fail or causing a heap overflow if the allocation succeeds. In an early version of a popular web browser, for example, storing objects into a JavaScript array allocated with negative size could overwrite memory. [CVE-2004-0361] In other cases, if you use signed values to calculate buffer sizes and test to make sure the data is not too large for the buffer, a sufficiently large block of data will appear to have a negative size, and will therefore pass the size test while overflowing the buffer. Depending on how the buffer size is calculated, specifying a negative number could result in a buffer too small for its intended use. For example, if your program wants a minimum buffer size of 1024 bytes and adds to that a number specified by the user, an attacker might cause you to allocate a buffer smaller than the minimum size by specifying a large positive number, as follows: 1024 + 4294966784 = 512 0x400 + 0xFFFFFE00 = 0x200 Also, any bits that overflow past the length of an integer variable (whether signed or unsigned) are dropped. For example, when stored in a 32-bit integer, 2**32 == 0. Because it is not illegal to have a buffer with a size of 0, and because malloc(0) returns a pointer to a small block, your code might run without errors if an attacker specifies a value that causes your buffer size calculation to be some multiple of 2**32. In other words, for any values of n and m where (n * m) mod 2**32 == 0, allocating a buffer of size n*m results in a valid pointer to a buffer of some very small (and architecture-dependent) size. In that case, a buffer overflow is assured. Avoiding Buffer Overflows and Underflows Avoiding Integer Overflows and Underflows 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 27To avoid such problems, when performing buffer math, you should always include checks to make sure no integer overflow occurred. A common mistake when performing these tests is to check the result of the multiplication or other operation: size_t bytes = n * m; if (bytes < n || bytes < m) { /* BAD BAD BAD */ ... /* allocate "bytes" space */ } Unfortunately, the C language specification allows the compiler to optimize out such tests [CWE-733, CERT VU#162289]. Thus, the only correct way to test for integer overflow is to divide the maximum allowable result by the multiplier and comparing the result to the multiplicand or vice-versa. If the result is smaller than the multiplicand, the product of those two values would cause an integer overflow. For example: size_t bytes = n * m; if (n > 0 && m > 0 && SIZE_MAX/n >= m) { ... /* allocate "bytes" space */ } Detecting Buffer Overflows To test for buffer overflows, you should attempt to enter more data than is asked for wherever your program accepts input. Also, if your program accepts data in a standard format, such as graphics or audio data, you should attempt to pass it malformed data. This process is known as fuzzing. If there are buffer overflows in your program, it will eventually crash. (Unfortunately, it might not crash until some time later, when it attempts to use the data that was overwritten.) The crash log might provide some clues that the cause of the crash was a buffer overflow. If, for example, you enter a string containing the Avoiding Buffer Overflows and Underflows Detecting Buffer Overflows 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 28uppercase letter “A” several times in a row, you might find a block of data in the crash log that repeats the number 41, the ASCII code for “A” (see Figure 2-2). If the program is trying to jump to a location that is actually an ASCII string, that’s a sure sign that a buffer overflow was responsible for the crash. Figure 2-5 Buffer overflow crash log Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0x41414140 Thread 0 Crashed: Thread 0 crashed with PPC Thread State 64: srr0: 0x0000000041414140 srr1: 0x000000004200f030 vrsave: 0x0000000000000000 cr: 0x48004242 xer: 0x0000000020000007 1r: 0x0000000041414141 ctr: 0x000000009077401c r0: 0x0000000041414141 r1: 0x00000000bfffe660 r2: 0x0000000000000000 r3: 000000000000000001 r4: 0x0000000000000041 r5: 0x00000000bfffdd50 r6: 0x0000000000000052 r7: 0x00000000bfffe638 r8: 0x0000000090774028 r9: 0x00000000bfffddd8 r10: 0x00000000bfffe380 r11: 0x0000000024004248 r12: 0x000000009077401c r13: 0x00000000a365c7c0 r14: 0x0000000000000100 r15: 0x0000000000000000 r16: 0x00000000a364c75c r17: 0x00000000a365c75c r18: 0x00000000a365c75c r19: 0x00000000a366c75c r20: 0x0000000000000000 r21: 0x0000000000000000 r22: 0x00000000a365c75c r23: 0x000000000034f5b0 r24: 0x00000000a3662aa4 r25: 0x000000000054c840 r26: 0x00000000a3662aa4 r27: 0x0000000000002f44 r28: 0x000000000034c840 r29: 0x0000000041414141 r30: 0x0000000041414141 r31: 0x0000000041414141 If there are any buffer overflows in your program, you should always assume that they are exploitable and fix them. It is much harder to prove that a buffer overflow is not exploitable than to just fix the bug. Also note that, although you can test for buffer overflows, you cannot test for the absence of buffer overflows; it is necessary, therefore, to carefully check every input and every buffer size calculation in your code. For more information on fuzzing, see “Fuzzing” (page 39) in “Validating Input And Interprocess Communication” (page 33). Avoiding Buffer Underflows Fundamentally, buffer underflows occur when two parts of your code disagree about the size of a buffer or the data in that buffer. For example, a fixed-length C string variable might have room for 256 bytes, but might contain a string that is only 12 bytes long. Buffer underflow conditions are not always dangerous; they become dangerous when correct operation depends upon both parts of your code treating the data in the same way. This often occurs when you read the buffer to copy it to another block of memory, to send it across a network connection, and so on. There are two broad classes of buffer underflow vulnerabilities: short writes, and short reads. Avoiding Buffer Overflows and Underflows Avoiding Buffer Underflows 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 29A short write vulnerability occurs when a short write to a buffer fails to fill the buffer completely. When this happens, some of the data that was previously in the buffer is still present after the write. If the application later performs an operation on the entire buffer (writing it to disk or sending it over the network, for example), that existing data comes along for the ride. The data could be random garbage data, but if the data happens to be interesting, you have an information leak. Further, when such an underflow occurs, if the values in those locations affect program flow, the underflow can potentially cause incorrect behavior up to and including allowing you to skip past an authentication or authorization step by leaving the existing authorization data on the stack from a previous call by another user, application, or other entity. Short write example (systemcall): For example, consider a UNIX system call that requires a command data structure, and includes an authorization token in that data structure. Assume that there are multiple versions of the data structure, with different lengths, so the system call takes both the structure and the length. Assume that the authorization token is fairly far down in the structure. Suppose a malicious application passesin a command structure, and passes a size that encompasses the data up to, but not including, the authorization token. The kernel’s system call handler calls copyin, which copies a certain number of bytes from the application into the data structure in the kernel’s address space. If the kernel does not zero-fill that data structure, and if the kernel does not check to see if the size is valid, there is a narrow possibility that the stack might still contain the previous caller’s authorization token at the same address in kernel memory. Thus, the attacker is able to perform an operation that should have been disallowed. A short read vulnerability occurs when a read from a buffer fails to read the complete contents of a buffer. If the program then makes decisions based on that short read, any number of erroneous behaviors can result. This usually occurs when a C string function is used to read from a buffer that does not actually contain a valid C string. A C string is defined as a string containing a series of bytes that ends with a null terminator. By definition, it cannot contain any null bytes prior to the end of the string. As a result, C-string-based functions, such as strlen, strlcpy, and strdup, copy a string until the first null terminator, and have no knowledge of the size of the original source buffer. By contrast, strings in other formats (a CFStringRef object, a Pascal string, or a CFDataRef blob) have an explicit length and can contain null bytes at arbitrary locations in the data. If you convert such a string into a C string and then evaluate that C string, you get incorrect behavior because the resulting C string effectively ends at the first null byte. Avoiding Buffer Overflows and Underflows Avoiding Buffer Underflows 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 30Short read example (SSL verification): An example of a short read vulnerability occurred in many SSL stacks a few years ago. By applying for an SSL cert for a carefully crafted subdomain of a domain that you own, you could effectively create a certificate that was valid for arbitrary domains. Consider a subdomain in the form targetdomain.tld[null_byte].yourdomain.tld. Because the certificate signing request contains a Pascalstring, assuming that the certificate authority interprets it correctly, the certificate authority would contact the owner of yourdomain.tld and would ask for permission to deliver the certificate. Because you own the domain, you would agree to it. You would then have a certificate that is valid for the rather odd-looking subdomain in question. When checking the certificate for validity, however, many SSL stacksincorrectly converted that Pascal string into a C string without any validity checks. When this happened, the resulting C string contained only the targetdomain.tld portion. The SSL stack then compared that truncated version with the domain the user requested, and interpreted the certificate as being valid for the targeted domain. In some cases, it was even possible to construct wildcard certificatesthat were valid for every possible domain in such browsers (*.com[null].yourdomain.tld would match every .com address, for example). If you obey the following rules, you should be able to avoid most underflow attacks: ● Zero-fill all buffers before use. A buffer that contains only zeros cannot contain stale sensitive information. ● Always check return values and fail appropriately. ● If a call to an allocation or initialization function fails (AuthorizationCopyRights, for example), do not evaluate the resulting data, as it could be stale. ● Use the value returned from read system calls and other similar calls to determine how much data was actually read. Then either: ● Use that result to determine how much data is present instead of using a predefined constant or ● fail if the function did not return the expected amount of data. ● Display an error and fail if a write call, printf call, or other output call returns without writing all of the data, particularly if you might later read that data back. ● When working with data structures that contain length information, always verify that the data is the size you expected. ● Avoid converting non-C strings (CFStringRef objects, NSString objects, Pascal strings, and so on) into C strings if possible. Instead, work with the strings in their original format. If this is not possible, always perform length checks on the resulting C string or check for null bytes in the source data. Avoiding Buffer Overflows and Underflows Avoiding Buffer Underflows 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 31● Avoid mixing buffer operations and string operations. If this is not possible, always perform length checks on the resulting C string or check for null bytes in the source data. ● Save files in a fashion that prevents malicious tampering or truncation. (See “Race Conditions and Secure File Operations” (page 43) for more information.) ● Avoid integer overflows and underflows. (See “Calculating Buffer Sizes” (page 25) for details.) Avoiding Buffer Overflows and Underflows Avoiding Buffer Underflows 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 32A major, and growing, source of security vulnerabilities is the failure of programs to validate all input from outside the program—that is, data provided by users, from files, over the network, or by other processes. This chapter describes some of the ways in which unvalidated input can be exploited, and some coding techniques to practice and to avoid. Risks of Unvalidated Input Any time your program accepts input from an uncontrolled source, there is a potential for a user to pass in data that does not conform to your expectations. If you don’t validate the input, it might cause problems ranging from program crashes to allowing an attacker to execute his own code. There are a number of ways an attacker can take advantage of unvalidated input, including: ● Buffer overflows ● Format string vulnerabilities ● URL commands ● Code insertion ● Social engineering Many Apple security updates have been to fix input vulnerabilities, including a couple of vulnerabilities that hackers used to “jailbreak” iPhones. Input vulnerabilities are common and are often easily exploitable, but are also usually easily remedied. Causing a Buffer Overflow If your application takesinput from a user or other untrusted source, itshould never copy data into a fixed-length buffer without checking the length and truncating it if necessary. Otherwise, an attacker can use the input field to cause a buffer overflow. See “Avoiding Buffer Overflows And Underflows” (page 17) to learn more. 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 33 Validating Input and Interprocess CommunicationFormat String Attacks If you are taking input from a user or other untrusted source and displaying it, you need to be careful that your display routines do not processformatstringsreceived from the untrusted source. For example, in the following code the syslog standard C library function is used to write a received HTTP request to the system log. Because the syslog function processes format strings, it will process any format strings included in the input packet: /* receiving http packet */ int size = recv(fd, pktBuf, sizeof(pktBuf), 0); if (size) { syslog(LOG_INFO, "Received new HTTP request!"); syslog(LOG_INFO, pktBuf); } Many formatstrings can cause problemsfor applications. For example,suppose an attacker passesthe following string in the input packet: "AAAA%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%n" This string retrieves eight items from the stack. Assuming that the format string itself is stored on the stack, depending on the structure of the stack, this might effectively move the stack pointer back to the beginning of the format string. Then the %n token would cause the print function to take the number of bytes written so far and write that value to the memory address stored in the next parameter, which happens to be the format string. Thus, assuming a 32-bit architecture, the AAAA in the format string itself would be treated as the pointer value 0x41414141, and the value at that address would be overwritten with the number 76. Doing this will usually cause a crash the next time the system has to access that memory location, but by using a string carefully crafted for a specific device and operating system, the attacker can write arbitrary data to any location. See the manual page for printf(3) for a full description of format string syntax. To prevent format string attacks, make sure that no input data is ever passed as part of a format string. To fix this, just include your own format string in each such function call. For example, the call printf(buffer) may be subject to attack, but the call printf("%s", buffer) is not. In the second case, all characters in the buffer parameter—including percent signs (%)—are printed out rather than being interpreted as formatting tokens. Validating Input and Interprocess Communication Risks of Unvalidated Input 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 34This situation can be made more complicated when a string is accidentally formatted more than once. In the following example, the informativeTextWithFormat argument of the NSAlert method alertWithMessageText:defaultButton:alternateButton:otherButton:informativeTextWithFormat: calls the NSString method stringWithFormat:GetLocalizedString rather than simply formatting the message string itself. As a result, the string is formatted twice, and the data from the imported certificate is used as part of the format string for the NSAlert method: alert = [NSAlert alertWithMessageText:"Certificate Import Succeeded" defaultButton:"OK" alternateButton:nil otherButton:nil informativeTextWithFormat:[NSString stringWithFormat: @"The imported certificate \"%@\" has been selected in the certificate pop-up.", [selectedCert identifier]]]; [alert setAlertStyle:NSInformationalAlertStyle]; [alert runModal]; Instead, the string should be formatted only once, as follows: [alert informativeTextWithFormat:@"The imported certificate \"%@\" has been selected in the certificate pop-up.", [selectedCert identifier]]; The following commonly-used functions and methods are subject to format-string attacks: ● Standard C ● printf and other functions listed on the printf(3) manual page ● scanf and other functions listed on the scanf(3) manual page ● syslog and vsyslog ● Carbon ● CFStringCreateWithFormat ● CFStringCreateWithFormatAndArguments ● CFStringAppendFormat ● AEBuildDesc Validating Input and Interprocess Communication Risks of Unvalidated Input 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 35● AEBuildParameters ● AEBuildAppleEvent ● Cocoa ● [NSString stringWithFormat:] and other NSString methods that take formatted strings as arguments ● [NSString initWithFormat:] and other NSStringmethodsthattake formatstrings as arguments ● [NSMutableString appendFormat:] ● [NSAlert alertWithMessageText:defaultButton:alternateButton:otherButton:informativeTextWithFormat:] ● [NSPredicate predicateWithFormat:] and [NSPredicate predicateWithFormat:arguments:] ● [NSException raise:format:] and [NSException raise:format:arguments:] ● NSRunAlertPanel and other Application Kit functions that create or return panels or sheets URLs and File Handling If your application has registered a URL scheme, you have to be careful about how you process commands sent to your application through the URL string. Whether you make the commands public or not, hackers will try sending commandsto your application. If, for example, you provide a link or linksto launch your application from your web site, hackers will look to see what commands you’re sending and will try every variation on those commands they can think of. You must be prepared to handle, or to filter out, any commands that can be sent to your application, not only those commands that you would like to receive. For example, if you accept a command that causes your application to send credentials back to your web server, don’t make the function handler general enough so that an attacker can substitute the URL of their own web server. Here are some examples of the sorts of commands that you should not accept: ● myapp://cmd/run?program=/path/to/program/to/run ● myapp://cmd/set_preference?use_ssl=false ● myapp://cmd/sendfile?to=evil@attacker.com&file=some/data/file ● myapp://cmd/delete?data_to_delete=my_document_ive_been_working_on ● myapp://cmd/login_to?server_to_send_credentials=some.malicious.webserver.com In general, don’t accept commands that include arbitrary URLs or complete pathnames. Validating Input and Interprocess Communication Risks of Unvalidated Input 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 36If you accept text or other data in a URL command that you subsequently include in a function or method call, you could be subject to a format string attack (see “Format String Attacks” (page 34)) or a buffer overflow attack (see “Causing a Buffer Overflow” (page 33)). If you accept pathnames, be careful to guard againststrings that might redirect a call to another directory; for example: myapp://use_template?template=/../../../../../../../../some/other/file Code Insertion Unvalidated URL commands and textstringssometimes allow an attacker to insert code into a program, which the program then executes. For example, if your application processes HTML and Javascript when displaying text, and displays strings received through a URL command, an attacker could send a command something like this: myapp://cmd/adduser='>"> Similarly, HTML and other scripting languages can be inserted through URLs, text fields, and other data inputs, such as command lines and even graphics or audio files. You should either not execute scripts in data from an untrusted source, or you should validate all such data to make sure it conforms to your expectations for input. Never assume that the data you receive is well formed and valid; hackers and malicious users will try every sort of malformed data they can think of to see what effect it has on your program. Social Engineering Social engineering—essentially tricking the user—can be used with unvalidated input vulnerabilities to turn a minor annoyance into a major problem. For example, if your program accepts a URL command to delete a file, but first displays a dialog requesting permission from the user, you might be able to send a long-enough string to scroll the name of the file to be deleted past the end of the dialog. You could trick the user into thinking he was deleting something innocuous, such as unneeded cached data. For example: myapp://cmd/delete?file=cached data that is slowing down your system.,realfile The user then might see a dialog with the text “Are you sure you want to delete cached data that is slowing down your system.” The name of the real file, in this scenario, is out of sight below the bottom of the dialog window. When the user clicks the “OK” button, however, the user’s real data is deleted. Other examples of social engineering attacks include tricking a user into clicking on a link in a malicious web site or following a malicious URL. For more information about social engineering, read “Designing Secure User Interfaces” (page 73). Validating Input and Interprocess Communication Risks of Unvalidated Input 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 37Modifications to Archived Data Archiving data, also known as object graph serialization, refers to converting a collection of interconnected objects into an architecture-independent stream of bytes that preserves the identity of and the relationships between the objects and values. Archives are used for writing data to a file, transmitting data between processes or across a network, or performing other types of data storage or exchange. For example, in Cocoa, you can use a coder object to create and read from an archive, where a coder object is an instance of a concrete subclass of the abstract class NSCoder. Object archives are problematic from a security perspective for several reasons. First, an object archive expands into an object graph that can contain arbitrary instances of arbitrary classes. If an attacker substitutes an instance of a different class than you were expecting, you could get unexpected behavior. Second, because an application must know the type of data stored in an archive in order to unarchive it, developers typically assume that the values being decoded are the same size and data type as the values they originally coded. However, when the data is stored in an insecure manner before being unarchived, this is not a safe assumption. If the archived data is not stored securely, it is possible for an attacker to modify the data before the application unarchives it. If your initWithCoder: method does not carefully validate all the data it’s decoding to make sure it is well formed and does not exceed the memory space reserved for it, then by carefully crafting a corrupted archive, an attacker can cause a buffer overflow or trigger another vulnerability and possibly seize control of the system. Third, some objects return a different object during unarchiving (see the NSKeyedUnarchiverDelegate method unarchiver:didDecodeObject:) or when they receive the message awakeAfterUsingCoder:. NSImage is one example of such a class—it may register itself for a name when unarchived, potentially taking the place of an image the application uses. An attacker might be able to take advantage of this to insert a maliciously corrupt image file into an application. It’s worth keeping in mind that, even if you write completely safe code, there mightstill be security vulnerabilities in libraries called by your code. Specifically, the initWithCoder: methods of the superclasses of your classes are also involved in unarchiving. To be completely safe, you should avoid using archived data as a serialization format for data that could potentially be stored or transmitted in an insecure fashion or that could potentially come from an untrusted source. Note that nib files are archives, and these cautions apply equally to them. A nib file loaded from a signed application bundle should be trustable, but a nib file stored in an insecure location is not. Validating Input and Interprocess Communication Risks of Unvalidated Input 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 38See “Risks of Unvalidated Input” (page 33) for more information on the risks of reading unvalidated input, “Securing File Operations” (page 47) for techniques you can use to keep your archive files secure, and the other sections in this chapter for details on validating input. Fuzzing Fuzzing, or fuzz testing, is the technique of randomly or selectively altering otherwise valid data and passing it to a program to see what happens. If the program crashes or otherwise misbehaves, that’s an indication of a potential vulnerability that might be exploitable. Fuzzing is a favorite tool of hackers who are looking for buffer overflows and the other types of vulnerabilities discussed in this chapter. Because it will be employed by hackers against your program, you should use it first, so you can close any vulnerabilities before they do. Although you can never prove that your program is completely free of vulnerabilities, you can at least get rid of any that are easy to find this way. In this case, the developer’s job is much easier than that of the hacker. Whereas the hacker has to not only find input fields that might be vulnerable, but also must determine the exact nature of the vulnerability and then craft an attack that exploits it, you need only find the vulnerability, then look at the source code to determine how to close it. You don’t need to prove that the problem is exploitable—just assume that someone will find a way to exploit it, and fix it before they get an opportunity to try. Fuzzing is best done with scripts orshort programsthat randomly vary the input passed to a program. Depending on the type of input you’re testing—text field, URL, data file, and so forth—you can try HTML, javascript, extra long strings, normally illegal characters, and so forth. If the program crashes or does anything unexpected, you need to examine the source code that handles that input to see what the problem is, and fix it. For example, if your program asksfor a filename, you should attempt to enter a string longer than the maximum legal filename. Or, if there is a field that specifies the size of a block of data, attempt to use a data block larger than the one you indicated in the size field. The most interesting valuesto try when fuzzing are usually boundary values. For example, if a variable contains a signed integer, try passing the maximum and minimum values allowed for a signed integer of thatsize, along with 0, 1, and -1. If a data field should contain a string with no fewer than 1 byte and no more than 42 bytes, try zero bytes, 1 byte, 42 bytes, and 43 bytes. And so on. In addition to boundary values, you should also try values that are way, way outside the expected values. For example, if your application is expecting an image that is up to 2,000 pixels by 3,000 pixels, you might modify the size fields to claim that the image is 65,535 pixels by 65,535 pixels. Using large values can uncover integer overflow bugs (and in some cases, NULL pointer handling bugs when a memory allocation fails). See “Avoiding Integer Overflows And Underflows” (page 27) in “Avoiding Buffer Overflows And Underflows” (page 17) for more information about integer overflows. Validating Input and Interprocess Communication Fuzzing 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 39Inserting additional bytes of data into the middle or end of a file can also be a useful fuzzing technique in some cases. For example, if a file’s header indicates that it contains 1024 bytes after the header, the fuzzer could add a 1025th byte. The fuzzer could add an additional row or column of data in an image file. And so on. Interprocess Communication and Networking When communicating with another process, the most important thing to remember isthat you cannot generally verify that the other process has not been compromised. Thus, you must treat it as untrusted and potentially hostile. All interprocess communication is potentially vulnerable to attacks if you do not properly validate input, avoid race conditions, and perform any other tests that are appropriate when working with data from a potentially hostile source. Above and beyond these risks, however,some forms of interprocess communication have specific risksinherent to the communication mechanism. This section describes some of those risks. Mach messaging When working with Mach messaging, it is important to never give the Mach task port of your process to any other. If you do, you are effectively allowing that process to arbitrarily modify the address space your process, which makes it trivial to compromise your process. Instead, you should create a Mach port specifically for communicating with a given client. Note: Mach messaging in OS X is not a supported API. No backwards compatibility guarantees are made for applications that use it anyway. Remote procedure calls (RPC) and Distributed Objects: If your application uses remote procedure calls or Distributed Objects, you are implicitly saying that you fully trust whatever processis at the other end of the connection. That process can call arbitrary functions within your code, and may even be able to arbitrarily overwrite portions of your code with malicious code. For thisreason, you should avoid using remote procedure calls or DistributedObjects when communicating with potentially untrusted processes, and in particular, you should never use these communication technologies across a network boundary. Shared Memory: If you intend to share memory across applications, be careful to allocate any memory on the heap in page-aligned, page-sized blocks. If you share a block of memory that is not a whole page (or worse, if you share some portion of your application’s stack), you may be providing the process at the other end Validating Input and Interprocess Communication Interprocess Communication and Networking 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 40with the ability to overwrite portions of your code,stack, or other data in waysthat can produce incorrect behavior, and may even allow injection of arbitrary code. In addition to these risks, some forms of shared memory can also be subject to race condition attacks. Specifically, memory mapped files can be replaced with other files between when you create the file and when you open it. See “Securing File Operations” (page 47) for more details. Finally, named shared memory regions and memory mapped files can be accessed by any other process running as the user. For this reason, it is not safe to use non-anonymous shared memory for sending highly secret information between processes. Instead, allocate your shared memory region prior to creating the child processthat needsto share that region, then pass IPC_PRIVATE asthe key for shmget to ensure that the shared memory identifier is not easy to guess. Note: Shared memory regions are detached if you call exec or other similar functions. If you need to pass data in a secure way across an exec boundary, you must pass the shared memory ID to the child process. Ideally, you should do this using a secure mechanism, such as a pipe created using a call to pipe. After the last child process that needs to use a particular shared memory region is running, the process that created the region should call shmctl to remove the shared memory region. Doing so ensures that no further processes can attach to that region even if they manage to guess the region ID. shmctl(id, IPC_RMID, NULL); Signals: A signal, in this context, is a particular type of content-free message sent from one process to another in a UNIX-based operating system such as OS X. Any program can register a signal handler function to perform specific operations upon receiving a signal. In general, it is not safe to do a significant amount of work in a signal handler. There are only a handful of library functions and system callsthat are safe to use in a signal handler (referred to as async-signal-safe calls), and this makes it somewhat difficult to safely perform work inside a call. More importantly, however, as a programmer, you are not in control of when your application receives a signal. Thus, if an attacker can cause a signal to be delivered to your process (by overflowing a socket buffer, for example), the attacker can cause your signal handler code to execute at any time, between any two lines of code in your application. This can be problematic if there are certain places where executing that code would be dangerous. For example, in 2004, a signal handler race condition was found in open-source code present in many UNIX-based operating systems. This bug made it possible for a remote attacker to execute arbitrary code Validating Input and Interprocess Communication Interprocess Communication and Networking 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 41or to stop the FTP daemon from working by causing it to read data from a socket and execute commands while it was still running as the root user. [CVE-2004-0794] For this reason, signal handlers should do the minimum amount of work possible, and should perform the bulk of the work at a known location within the application’s main program loop. For example, in an application based on Foundation or Core Foundation, you can create a pair of connected sockets by calling socketpair, call setsockopt to set the socket to non-blocking, turn one end into a CFStream object by calling CFStreamCreatePairWithSocket, and then schedule that stream on your run loop. Then, you can install a minimal signal handler that uses the write system call (which is async-signal-safe according to POSIX.1) to write data into the other socket. When the signal handler returns, your run loop will be woken up by data on the other socket, and you can then handle the signal at your convenience. Important: If you are writing to a socket in a signal handler and reading from it in a run loop on your main program thread, you must set the socket to non-blocking. If you do not, it is possible to cause your application to hang by sending it too many signals. The queue for a socket is of finite size. When it fills up, if the socket is set to non-blocking, the write call fails, and the global variable errno is set to EAGAIN. If the socket is blocking, however, the write call blocks until the queue empties enough to write the data. If a write call in a signal handler blocks, this prevents the signal handler from returning execution to the run loop. If that run loop is responsible for reading data from the socket, the queue will never empty, the write call will never unblock, and your application will basically hang (at least until the write call isinterrupted by anothersignal). Validating Input and Interprocess Communication Interprocess Communication and Networking 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 42When working with shared data, whether in the form of files, databases, network connections,shared memory, or other forms of interprocess communication, there are a number of easily made mistakesthat can compromise security. This chapter describes many such pitfalls and how to avoid them. Avoiding Race Conditions A race condition exists when changes to the order of two or more events can cause a change in behavior. If the correct order of execution is required for the proper functioning of the program, this is a bug. If an attacker can take advantage of the situation to insert malicious code, change a filename, or otherwise interfere with the normal operation of the program, the race condition is a security vulnerability. Attackers can sometimes take advantage of small time gaps in the processing of code to interfere with the sequence of operations, which they then exploit. OS X, like all modern operating systems, is a multitasking OS; that is, it allows multiple processes to run or appear to run simultaneously by rapidly switching among them on each processor. The advantagesto the user are many and mostly obvious; the disadvantage, however, is that there is no guarantee that two consecutive operations in a given process are performed without any other process performing operations between them. In fact, when two processes are using the same resource (such as the same file), there is no guarantee that they will access that resource in any particular order unless both processes explicitly take steps to ensure it. For example, if you open a file and then read from it, even though your application did nothing else between these two operations, some other process might alter the file after the file was opened and before it was read. If two different processes (in the same or different applications) were writing to the same file, there would be no way to know which one would write first and which would overwrite the data written by the other. Such situations cause security vulnerabilities. There are two basic types of race condition that can be exploited: time of check–time of use (TOCTOU), and signal handling. 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 43 Race Conditions and Secure File OperationsTime of Check Versus Time of Use It is fairly common for an application to need to check some condition before undertaking an action. For example, it might check to see if a file exists before writing to it, or whether the user has access rights to read a file before opening it for reading. Because there is a time gap between the check and the use (even though it might be a fraction of a second), an attacker can sometimes use that gap to mount an attack. Thus, this is referred to as a time-of-check–time-of-use problem. Temporary Files A classic example isthe case where an application writestemporary filesto publicly accessible directories. You can set the file permissions of the temporary file to prevent another user from altering the file. However, if the file already exists before you write to it, you could be overwriting data needed by another program, or you could be using a file prepared by an attacker, in which case it might be a hard link or symbolic link, redirecting your output to a file needed by the system or to a file controlled by the attacker. To prevent this, programs often check to make sure a temporary file with a specific name does not already exist in the target directory. If such a file exists, the application deletes it or chooses a new name for the temporary file to avoid conflict. If the file does not exist, the application opensthe file for writing, because the system routine that opens a file for writing automatically creates a new file if none exists. An attacker, by continuously running a program that creates a new temporary file with the appropriate name, can (with a little persistence and some luck) create the file in the gap between when the application checked to make sure the temporary file didn’t exist and when it opens it for writing. The application then opensthe attacker’sfile and writesto it (remember, the system routine opens an existing file if there is one, and creates a new file only if there is no existing file). The attacker’s file might have different access permissions than the application’s temporary file, so the attacker can then read the contents. Alternatively, the attacker might have the file already open. The attacker could replace the file with a hard link or symbolic link to some other file (either one owned by the attacker or an existing system file). For example, the attacker could replace the file with a symbolic link to the system password file, so that after the attack, the system passwords have been corrupted to the point that no one, including the system administrator, can log in. For a real-world example, in a vulnerability in a directory server, a server script wrote private and public keys into temporary files, then read those keys and put them into a database. Because the temporary files were in a publicly writable directory, an attacker could have created a race condition by substituting the attacker’s own files (or hard links or symbolic links to the attacker’s files) before the keys were reread, thus causing the script to insert the attacker’s private and public keys instead. After that, anything Race Conditions and Secure File Operations Avoiding Race Conditions 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 44encrypted or authenticated using those keys would be under the attacker’s control. Alternatively, the attacker could have read the private keys, which can be used to decrypt encrypted data. [CVE-2005-2519] Similarly, if an application temporarily relaxes permissions on files or folders in order to perform some operation, an attacker might be able to create a race condition by carefully timing his or her attack to occur in the narrow window in which those permissions are relaxed. To learn more about creating temporary files securely, read “Create Temporary Files Correctly” (page 50). Interprocess Communication Time-of-check–time-of-use problems do not have to involve files, of course. They can apply to any data storage or communications mechanism that does not perform operations atomically. Suppose, for example, that you wrote a program designed to automatically count the number of people entering a sports stadium for a game. Each turnstile talks to a web service running on a server whenever someone walks through. Each web service instance inherently runs as a separate process. Each time a turnstile sends a signal, an instance of the web service starts up, retrievesthe gate count from a database, increments it by one, and writes it back to the database. Thus, multiple processes are keeping a single running total. Now suppose two people enter different gates at exactly the same time. The sequence of events might then be as follows: 1. Server process A receives a request from gate A. 2. Server process B receives a request from gate B. 3. Server process A reads the number 1000 from the database. 4. Server process B reads the number 1000 from the database. 5. Server process A increments the gate count by 1 so that Gate == 1001. 6. Server process B increments the gate count by 1 so that Gate == 1001. 7. Server process A writes 1001 as the new gate count. 8. Server process B writes 1001 as the new gate count. Because server process B read the gate count before process A had time to increment it and write it back, both processesread the same value. After process A incrementsthe gate count and writesit back, process B overwrites the value of the gate count with the same value written by process A. Because of this race condition, one of the two people entering the stadium was not counted. Since there might be long lines at each turnstile, this condition might occur many times before a big game, and a dishonest ticket clerk who knew about this undercount could pocket some of the receipts with no fear of being caught. Other race conditions that can be exploited, like the example above, involve the use of shared data or other interprocess communication methods. If an attacker can interfere with important data after it is written and before it isre-read, he orshe can disrupt the operation of the program, alter data, or do other Race Conditions and Secure File Operations Avoiding Race Conditions 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 45mischief. The use of non-thread-safe calls in multithreaded programs can result in data corruption. If an attacker can manipulate the program to cause two such threads to interfere with each other, it may be possible to mount a denial-of-service attack. In some cases, by using such a race condition to overwrite a buffer in the heap with more data than the buffer can hold, an attacker can cause a buffer overflow. As discussed in “Avoiding Buffer Overflows And Underflows” (page 17), buffer overflows can be exploited to cause execution of malicious code. The solution to race conditions involving shared data is to use a locking mechanism to prevent one process from changing a variable until another is finished with it. There are problems and hazards associated with such mechanisms, however, and they must be implemented carefully. And, of course, locking mechanisms only apply to processes that participate in the locking scheme. They cannot prevent an untrusted application from modifying the data maliciously. For a full discussion, see Wheeler, Secure Programming for Linux and Unix HOWTO, at http://www.dwheeler.com/secure-programs/. Time-of-check–time-of-use vulnerabilities can be prevented in different ways, depending largely on the domain of the problem. When working with shared data, you should use locking to protect that data from other instances of your code. When working with data in publicly writable directories, you should also take the precautions described in “Files In Publicly Writable Directories Are Dangerous” (page 51). Signal Handling Because signal handlers execute code at arbitrary times, they can be used to cause incorrect behavior. In daemons running as root, running the wrong code at the wrong time can even cause privilege escalation. “Securing Signal Handlers” (page 46) describes this problem in more detail. Securing Signal Handlers Signal handlers are another common source of race conditions. Signalsfrom the operating system to a process or between two processes are used for such purposes as terminating a process or causing it to reinitialize. If you include signal handlers in your program, they should not make any system calls and should terminate as quickly as possible. Although there are certain system calls that are safe from within signal handlers, writing a safe signal handler that does so is tricky. The best thing to do is to set a flag that your program checks periodically, and do no other work within the signal handler. Thisis because the signal handler can be interrupted by a new signal before it finishes processing the first signal, leaving the system in an unpredictable state or, worse, providing a vulnerability for an attacker to exploit. Race Conditions and Secure File Operations Securing Signal Handlers 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 46For example, in 1997, a vulnerability wasreported in a number of implementations of the FTP protocol in which a user could cause a race condition by closing an FTP connection. Closing the connection resulted in the near-simultaneous transmission of two signals to the FTP server: one to abort the current operation, and one to log out the user. The race condition occurred when the logout signal arrived just before the abort signal. When a user logged onto an FTP server as an anonymous user, the server would temporarily downgrade its privilegesfrom root to nobody so that the logged-in user had no privilegesto write files. When the user logged out, however, the server reassumed root privileges. If the abort signal arrived at just the right time, it would abort the logout procedure after the server had assumed root privileges but before it had logged out the user. The user would then be logged in with root privileges, and could proceed to write files at will. An attacker could exploit this vulnerability with a graphical FTP client simply by repeatedly clicking the “Cancel” button. [CVE-1999-0035] For a brief introduction to signal handlers, see the Little Unix Programmers Group site at http://users.actcom.co.il/~choo/lupg/tutorials/signals/signals-programming.html. For a discourse on how signal handler race conditions can be exploited,see the article by Michal Zalewski at http://www.bindview.com/Services/razor/Papers/2001/signals.cfm. Securing File Operations Insecure file operations are a major source of security vulnerabilities. In some cases, opening or writing to a file in an insecure fashion can give attackers the opportunity to create a race condition (see “Time of Check Versus Time of Use” (page 44)). Often, however, insecure file operations give an attacker the ability to read confidential information, perform a denial of service attack, take control of an application, or even take control of the entire system. This section discusses what you should do to make your file operations more secure. Check Result Codes Always check the result codes of every routine that you call. Be prepared to handle the situation if the operation fails. Most file-based security vulnerabilities could have been avoided if the developers of the programs had checked result codes. Some common mistakes are listed below. When writing to files or changing file permissions A failure when change permissions on a file or to open a file for writing can be caused by many things, including: ● Insufficient permissions on the file or enclosing directory. Race Conditions and Secure File Operations Securing File Operations 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 47● The immutable flag (set with the chflags utility or the chflags system call). ● A network volume becoming unavailable. ● An external drive getting unplugged. ● A drive failure. Depending on the nature of your software, any one of these could potentially be exploited if you do not properly check error codes. See the manual pages for the chflags, chown, and chgrp commands and the chflags and chown functions for more information. When removing files Although the rm command can often ignore permissions if you pass the -f flag, it can still fail. For example, you can’t remove a directory that has anything inside it. If a directory is in a location where other users have access to it, any attempt to remove the directory might fail because another process might add new files while you are removing the old ones. The safest way to fix this problem is to use a private directory that no one else has access to. If that’s not possible, check to make sure the rm command succeeded and be prepared to handle failures. Watch Out for Hard Links A hard link is a second name for a file—the file appears to be in two different locations with two different names. If a file has two (or more) hard links and you check the file to make sure that the ownership, permissions, and so forth are all correct, but fail to check the number of links to the file, an attacker can write to or read from the file through their own link in their own directory. Therefore, among other checks before you use a file, you should check the number of links. Do not, however, simply fail if there’s a second link to a file, because there are some circumstances where a link is okay or even expected. For example, every directory islinked into at least two placesin the hierarchy—the directory name itself and the special . record from the directory that links back to itself. Also, if that directory contains other directories, each of those subdirectories contains a .. record that points to the outer directory. You need to anticipate such conditions and allow for them. Even if the link is unexpected, you need to handle the situation gracefully. Otherwise, an attacker can cause denial of service just by creating a link to the file. Instead, you should notify the user of the situation, giving them as much information as possible so they can try to track down the source of the problem. Race Conditions and Secure File Operations Securing File Operations 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 48Watch Out for Symbolic Links A symbolic link is a special type of file that contains a path name. Symbolic links are more common than hard links. Functions that follow symbolic links automatically open, read, or write to the file whose path name is in the symbolic link file rather than the symbolic link file itself. Your application receives no notification that a symbolic link was followed; to your application, it appears as if the file addressed is the one that was used. An attacker can use a symbolic link, for example, to cause your application to write the contents intended for a temporary file to a critical system file instead, thus corrupting the system. Alternatively, the attacker can capture data you are writing or can substitute the attacker’s data for your own when you read the temporary file. In general, you should avoid functions,such as chown and stat, that follow symbolic links(see Table 4-1 (page 55) for alternatives). As with hard links, your program should evaluate whether a symbolic link is acceptable, and if not, should handle the situation gracefully. Case-Insensitive File Systems Can Thwart Your Security Model In OS X, any partition (including the boot volume) can be either case-sensitive, case-insensitive but case-preserving, or, for non-boot volumes, case-insensitive. For example, HFS+ can be either case-sensitive or case-insensitive but case-preserving. FAT32 is case-insensitive but case-preserving. FAT12, FAT16, and ISO-9660 (without extensions) are case-insensitive. An application that is unaware of the differences in behavior between these volume formats can cause serious security holes if you are not careful. In particular: ● If your program uses its own permission model to provide or deny access (for example, a web server that allows access only to files within a particular directory), you must either enforce this with a chroot jail or be vigilant about ensuring that you correctly identify paths even in a case-insensitive world. Among other things, this meansthat you should ideally use a whitelisting scheme rather than a blacklisting scheme (with the default behavior being “deny”). If this is not possible, for correctness, you must compare each individual path part against your blacklist using case-sensitive or case-insensitive comparisons, depending on what type of volume the file resides on. For example, if your program has a blacklist that prevents users from uploading or downloading the file /etc/ssh_host_key, if your software is installed on a case-insensitive volume, you must also reject someone who makes a request for /etc/SSH_host_key, /ETC/SSH_HOST_KEY, or even /ETC/ssh_host_key. ● If your program periodically accesses a file on a case-sensitive volume using the wrong mix of uppercase and lowercase letters, the open call will fail... until someone creates a second file with the name your program is actually asking for. Race Conditions and Secure File Operations Securing File Operations 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 49If someone creates such a file, your application will dutifully load data from the wrong file. If the contents of that file affect your application’s behavior in some important way, this represents a potential attack vector. This also presents a potential attack vector if that file is an optional part of your application bundle that gets loaded by dyld when your application is launched. Create Temporary Files Correctly The temporary directories in OS X are shared among multiple users. This requires that they be writable by multiple users. Any time you work on files in a location to which others have read/write access, there’s the potential for the file to be compromised or corrupted. The following list explains how to create temporary files using APIs at various layers of OS X. POSIX Layer In general, you should always use the mkstemp function to create temporary files at the POSIX layer. The mkstemp function guarantees a unique filename and returns a file descriptor, thus allowing you skip the step of checking the open function result for an error, which might require you to change the filename and call open again. If you must create a temporary file in a public directory manually, you can use the open function with the O_CREAT and O_EXCL flags set to create the file and obtain a file descriptor. The O_EXCL flag causes this function to return an error if the file already exists. Be sure to check for errors before proceeding. After you’ve opened the file and obtained a file descriptor, you can safely use functions that take file descriptors, such as the standard C functions write and read, for as long as you keep the file open. See the manual pages for open(2), mkstemp(3), write(2), and read(2) for more on these functions, and see Wheeler, Secure Programming for Linux and Unix HOWTO for advantages and shortcomings to using these functions. Carbon To find the default location to store temporary files, you can call the FSFindFolder function and specify a directory type of kTemporaryFolderType. This function checks to see whether the UID calling the function owns the directory and, if not, returns the user home directory in ~/Library. Therefore, this function returns a relatively safe place to store temporary files. Thislocation is not assecure as a directory that you created and that is accessible only by your program. The FSFindFolder function is documented in Folder Manager Reference . If you’ve obtained the file reference of a directory (from the FSFindFolder function, for example), you can use the FSRefMakePath function to obtain the directory’s path name. However, be sure to check the function result, because if the FSFindFolder function fails, it returns a null string. If you don’t Race Conditions and Secure File Operations Securing File Operations 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 50check the function result, you might end up trying to create a temporary file with a pathname formed by appending a filename to a null string. Cocoa There are no Cocoa methods that create a file and return a file descriptor. However, you can call the standard C open function from an Objective-C program to obtain a file descriptor (see “Working With Publicly Writable Files Using POSIX Calls” (page 54)). Or you can call the mkstemp function to create a temporary file and obtain a file descriptor. Then you can use the NSFileHandle method initWithFileDescriptor: to initialize a file handle, and other NSFileHandle methods to safely write to or read from the file. Documentation for the NSFileHandle class is in Foundation Framework Reference . To obtain the path to the default location to store temporary files (stored in the $TMPDIR environment variable), you can use the NSTemporaryDirectory function, which calls the FSFindFolder and FSRefMakePath functions for you (see “Working With Publicly Writable Files Using Carbon” (page 55)). Note that NSTemporaryDirectory can return /tmp under certain circumstances such as if you link on a pre-OS X v10.3 development target. Therefore, if you’re using NSTemporaryDirectory, you either have to be sure that using /tmp is suitable for your operation or, if not, you should consider that an error case and create a more secure temporary directory if that happens. The changeFileAttributes:atPath: method in the NSFileManager class is similar to chmod or chown, in that it takes a file path rather than a file descriptor. You shouldn’t use this method if you’re working in a public directory or a user’s home directory. Instead, call the fchown or fchmod function (see Table 4-1 (page 55)). You can call the NSFileHandle class’s fileDescriptor method to get the file descriptor of a file in use by NSFileHandle. In addition, when working with temporary files, you should avoid the writeToFile:atomically methods of NSString and NSData. These are designed to minimize the risk of data loss when writing to a file, but do so in a way that is not recommended for use in directories that are writable by others. See “Working With Publicly Writable Files Using Cocoa” (page 56) for details. Files in Publicly Writable Directories Are Dangerous Files in publicly writable directories must be treated as inherently untrusted. An attacker can delete the file and replace it with another file, replace it with a symbolic link to another file, create the file ahead of time, and so on. There are ways to mitigate each of these attacks to some degree, but the best way to prevent them is to not read or write files in a publicly writable directory in the first pace. If possible, you should create a subdirectory with tightly controlled permissions, then write your files inside that subdirectory. If you must work in a directory to which your process does not have exclusive access, however, you must check to make sure a file does not exist before you create it. You must also verify that the file you intend to read from or write to is the same file that you created. Race Conditions and Secure File Operations Securing File Operations 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 51To this end, you should always use routines that operate on file descriptors rather than pathnames wherever possible, so that you can be certain you’re always dealing with the same file. To do this, pass the O_CREAT and O_EXCL flags to the open system call. This creates a file, but fails if the file already exists. Note: If you cannot use file descriptors directly for some reason, you should explicitly create files as a separate step from opening them. Although this does not prevent someone from swapping in a new file between those operations, at least it narrows the attack window by making it possible to detect if the file already exists. Before you create the file, however, you should first set your process’s file creation mask (umask). The file creation mask is a bitmask that alters the default permissions of all new files and directories created by your process. This bitmask is typically specified in octal notation, which means that it must begin with a zero (not 0x). For example, if you set the file creation mask to 022, any new files created by your process will have rw-r--r-- permissions because the write permission bits are masked out. Similarly, any new directories will have rw-r-xr-x permissions. Note: New files never have the execute bit set. Directories, however, do. Therefore, you should generally mask out execute permission when masking out read permission unless you have a specific reason to allow users to traverse a directory without seeing its contents. To limit access to any new files or directories so that only the user can access them, set the file creation mask to 077. You can also mask out permissions in such a way that they apply to the user, though this is rare. For example, to create a file that no one can write or execute, and that only the user can read, you could set the file creation mask to 0377. This is not particularly useful, but it is possible. There are several ways to set the file creation mask: In C code: In C code, you can set the file creation mask globally using the umask system call. You can also passthe file creation mask to the open or mkdir system call when creating a file or directory. Race Conditions and Secure File Operations Securing File Operations 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 52Note: For maximum portability when writing C code, you should always create your masks using the file mode constants defined in . For example: umask(S_IRWXG|S_IRWXO); In shell scripts: In shell scripts, you set the file creation mask by using the umask shell builtin. This is documented in the manual pages for sh or csh. For example: umask 0077; As an added security bonus, when a process calls another process, the new processinheritsthe parent process’s file creation mask. Thus, if your process starts another process that creates a file without resetting the file creation mask, that file similarly will not be accessible to other users on the system. This is particularly useful when writing shell scripts. For more information on the file creation mask,see the manual page for umask and Viega and McGraw, Building Secure Software , Addison Wesley, 2002. For a particularly lucid explanation of the use of a file creation mask, see http://web.archive.org/web/20090517063338/http://www.sun.com/bigadmin/content/submitted/umask_permissions.html?. Before you read a file (but after opening it), make sure it has the owner and permissions you expect (using fstat). Be prepared to fail gracefully (rather than hanging) if it does not. Here are some guidelines to help you avoid time-of-check–time-of-use vulnerabilities when working with files in publicly writable directories. For more detailed discussions, especially for C code, see Viega and McGraw, Building Secure Software , Addison Wesley, 2002, and Wheeler, Secure Programming for Linux and Unix HOWTO, available at http://www.dwheeler.com/secure-programs/. ● If at all possible, avoid creating temporary files in a shared directory, such as /tmp, or in directories owned by the user. If anyone else has access to your temporary file, they can modify its content, change its ownership or mode, or replace it with a hard or symbolic link. It’s much safer to either not use a temporary file at all (use some other form of interprocess communication) or keep temporary files in a directory you create and to which only your process (acting as your user) has access. ● If your file must be in a shared directory, give it a unique (and randomly generated) filename (you can use the C function mkstemp to do this), and never close and reopen the file. If you close such a file, an attacker can potentially find it and replace it before you reopen it. Race Conditions and Secure File Operations Securing File Operations 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 53Here are some public directories that you can use: ● ~/Library/Caches/TemporaryItems When you use this subdirectory, you are writing to the user’s own home directory, not some other user’s directory or a system directory. If the user’s home directory has the default permissions, it can be written to only by that user and root. Therefore, this directory is not as susceptible to attack from outside, nonprivileged users as some other directories might be. ● /var/run This directory is used for process ID (pid) files and other system files needed just once per startup session. This directory is cleared out each time the system starts up. ● /var/db This directory is used for databases accessible to system processes. ● /tmp This directory is used for general shared temporary storage. It is cleared out each time the system starts up. ● /var/tmp This directory is used for general shared temporary storage. Although you should not count on data stored in this directory being permanent, unlike /tmp, the /var/tmp directory is currently not cleared out on reboot. For maximum security, you should always create temporary subdirectories within these directories, set appropriate permissions on those subdirectories, and then write files into those subdirectories. The following sections give some additional hints on how to follow these principles when you are using POSIX-layer C code, Carbon, and Cocoa calls. Working with Publicly Writable Files Using POSIX Calls If you need to open a preexisting file to modify it or read from it, you should check the file’s ownership, type, and permissions, and the number of links to the file before using it. To safely opening a file for reading, for example, you can use the following procedure: 1. Call the open function and save the file descriptor. Pass the O_NOFOLLOW to ensure that it does not follow symbolic links. 2. Using the file descriptor, call the fstat function to obtain the stat structure for the file you just opened. 3. Check the user ID (UID) and group ID (GID) of the file to make sure they are correct. Race Conditions and Secure File Operations Securing File Operations 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 544. Check the file's mode flags to make sure that it is a normal file, not a FIFO, device file, or other special file. Specifically, if the stat structure is named st, then the value of (st.st_mode & S_IFMT) should be equal to S_IFREG. 5. Check the read, write, and execute permissions for the file to make sure they are what you expect. 6. Check that there is only one hard link to the file. 7. Pass around the open file descriptor for later use rather than passing the path. Note that you can avoid all the status checking by using a secure directory instead of a public one to hold your program’s files. Table 4-1 shows some functions to avoid—and the safer equivalent functions to use—in order to avoid race conditions when you are creating files in a public directory. Table 4-1 C file functions to avoid and to use Functions to avoid Functions to use instead open returns a file descriptor; creates a file and returns an error if the file already exists when the O_CREAT and O_EXCL options are used fopen returns a file pointer; automatically creates the file if it does not exist but returns no error if the file does exist chmod takes a file path fchmod takes a file descriptor fchown takes a file descriptor and does not follow symbolic links chown takes a file path and follows symbolic links lstat takes a file path but does not follow symbolic links; fstat takes a file descriptor and returns information about an open file stat takes a file path and follows symbolic links mkstemp creates a temporary file with a unique name, opens it for reading and writing, and returns a file descriptor mktemp creates a temporary file with a unique name and returns a file path; you need to open the file in another call Working with Publicly Writable Files Using Carbon If you are using the Carbon File Manager to create and open files, you should be aware of how the File Manager accesses files. ● The file specifier FSSpec structure uses a path to locate files, not a file descriptor. Functions that use an FSSpec file specifier are deprecated and should not be used in any case. Race Conditions and Secure File Operations Securing File Operations 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 55● The file reference FSRef structure uses a path to locate files and should be used only if your files are in a safe directory, not in a publicly accessible directory. These functions include FSGetCatalogInfo, FSSetCatalogInfo, FSCreateFork, and others. ● The File Manager creates and opensfilesin separate operations. The create operation failsif the file already exists. However, none of the file-creation functions return a file descriptor. If you’ve obtained the file reference of a directory (from the FSFindFolder function, for example), you can use the FSRefMakePath function to obtain the directory’s path name. However, be sure to check the function result, because if the FSFindFolder function fails, it returns a null string. If you don’t check the function result, you might end up trying to create a temporary file with a pathname formed by appending a filename to a null string. Working with Publicly Writable Files Using Cocoa The NSString and NSData classes have writeToFile:atomically methods designed to minimize the risk of data loss when writing to a file. These methods write first to a temporary file, and then, when they’re sure the write is successful, they replace the written-to file with the temporary file. This is not always an appropriate thing to do when working in a public directory or a user’s home directory, because there are a number of path-based file operationsinvolved. Instead, initialize an NSFileHandle object with an existing file descriptor and use NSFileHandle methods to write to the file, as mentioned above. The following code, for example, usesthe mkstemp function to create a temporary file and obtain a file descriptor, which it then usesto initialize NSFileHandle: fd = mkstemp(tmpfile); // check return for -1, which indicates an error NSFileHandle *myhandle = [[NSFileHandle alloc] initWithFileDescriptor:fd]; Working with Publicly Writable Files in Shell Scripts Scripts must follow the same general rules as other programs to avoid race conditions. There are a few tips you should know to help make your scripts more secure. First, when writing a script, set the temporary directory ($TMPDIR) environment variable to a safe directory. Even if your script doesn’t directly create any temporary files, one or more of the routines you call might create one, which can be a security vulnerability if it’s created in an insecure directory. See the manual pages for setenv and setenv for information on changing the temporary directory environment variable. For the same reason, set your process’ file code creation mask (umask) to restrict access to any files that might be created by routines run by your script (see “Securing File Operations” (page 47) for more information on the umask). Race Conditions and Secure File Operations Securing File Operations 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 56It’s also a good idea to use the dtruss command on a shell script so you can watch every file access to make sure that no temporary files are created in an insecure location. See the manual pages for dtrace and dtruss for more information. Do not redirect output using the operators > or >> to a publicly writable location. These operators do not check to see whether the file already exists, and they follow symbolic links. Instead, pass the -d flag to the mktemp command to create a subdirectory to which only you have access. It’s important to check the result to make sure the command succeeded. if you do all your file operations in this directory, you can be fairly confident that no one with less than root access can interfere with your script. For more information, see the manual page for mktemp. Do not use the test command (or its left bracket ([) equivalent) to check for the existence of a file or other statusinformation for the file before writing to it. Doing so alwaysresultsin a race condition; that is, it is possible for an attacker to create, write to, alter, or replace the file before you start writing. See the manual page for test for more information. For a more in-depth look at security issues specific to shell scripts, read “Shell Script Security” in Shell Scripting Primer. Other Tips Here are a few additional things to be aware of when working with files: ● Before you attempt a file operation, make sure it is safe to perform the operation on that file. For example, before attempting to read a file (but after opening it), you should make sure that it is not a FIFO or a device special file. ● Just because you can write to a file, that doesn’t mean you should write to it. For example, the fact that a directory exists doesn’t mean you created it, and the fact that you can append to a file doesn’t mean you own the file or no one else can write to it. ● OS X can perform file operations on files in several different file systems. Some operations can be done only on certain systems. For example, certain file systems honor setuid files when executed from them and some don’t. Be sure you know what file system you’re working with and what operations can be carried out on that system. ● Local pathnames can point to remote files. For example, the path /volumes/foo might actually be someone’s FTP server rather than a locally-mounted volume. Just because you’re accessing something by a pathname, that does not guarantee that it’s local or that it should be accessed. ● A user can mount a file system anywhere they have write access and own the directory. In other words, almost anywhere a user can create a directory, they can mount a file system on top of it. Because this can be done remotely, an attacker running as root on a remote system could mount a file system into your home directory. Files in that file system would appear to be files in your home directory owned by root. Race Conditions and Secure File Operations Securing File Operations 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 57For example, /tmp/foo might be a local directory, or it might be the root mount point of a remotely mounted file system. Similarly, /tmp/foo/bar might be a local file, or it might have been created on another machine and be owned by root over there. Therefore, you can’t trust files based only on ownership, and you can’t assume that setting the UID to 0 was done by someone you trust. To tell whether the file is mounted locally, use the fstat call to check the device ID. If the device ID is different from that of files you know to be local, then you’ve crossed a device boundary. ● Remember that users can read the contents of executable binariesjust as easily asthe contents of ordinary files. For example, the user can run strings(1) to quickly see a list of (ostensibly) human-readable strings in your executable. ● When you fork a new process, the child process inherits all the file descriptors from the parent unless you set the close-on-exec flag. If you fork and execute a child process and drop the child process’ privileges so its real and effective IDs are those of some other user (to avoid running that process with elevated privileges), then that user can use a debugger to attach the child process. They can then run arbitrary code from that running process. Because the child process inherited all the file descriptors from the parent, the user now has access to every file opened by the parent process. See “Inheriting File Descriptors” (page 61) for more information on this type of vulnerability. Race Conditions and Secure File Operations Securing File Operations 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 58By default, applications run as the currently logged in user. Different users have different rights when it comes to accessing files, changing systemwide settings, and so on, depending on whether they are admin users or ordinary users. Some tasks require additional privileges above and beyond what even an admin user can do by default. An application or other process with such additional rights is said to be running with elevated privileges. Running code with root or administrative privileges can intensify the dangers posed by security vulnerabilities. This chapter explains the risks, provides alternatives to privilege elevation, and describes how to elevating privileges safely when you can’t avoid it. Note: Elevating privileges is not allowed in applications submitted to the Mac App Store (and is not possible in iOS). Circumstances Requiring Elevated Privileges Regardless of whether a user is logged in as an administrator, a program might have to obtain administrative or root privileges in order to accomplish a task. Examples of tasks that require elevated privileges include: ● manipulating file permissions, ownership ● creating, reading, updating, or deleting system and user files ● opening privileged ports (those with port numbers less than 1024) for TCP and UDP connections ● opening raw sockets ● managing processes ● reading the contents of virtual memory ● changing system settings ● loading kernel extensions If you have to perform a task that requires elevated privileges, you must be aware of the fact that running with elevated privileges means that if there are any security vulnerabilities in your program, an attacker can obtain elevated privileges as well, and would then be able to perform any of the operations listed above. 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 59 Elevating Privileges SafelyThe Hostile Environment and the Principle of Least Privilege Any program can come under attack, and probably will. By default, every process runs with the privileges of the user or process that started it. Therefore, if a user has logged on with restricted privileges, your program should run with those restricted privileges. This effectively limits the amount of damage an attacker can do, even if he successfully hijacks your program into running malicious code. Do not assume that the user islogged in with administrator privileges; you should be prepared to run a helper application with elevated privileges if you need them to accomplish a task. However, keep in mind that, if you elevate your process’s privileges to run asroot, an attacker can gain those elevated privileges and potentially take over control of the whole system. Note: Although in certain circumstances it’s possible to mount a remote attack over a network, for the most part the vulnerabilities discussed here involve malicious code running locally on the target computer. If an attacker uses a buffer overflow or othersecurity vulnerability (see “Types of Security Vulnerabilities” (page 11)) to execute code on someone else’s computer, they can generally run their code with whatever privileges the logged-in user has. If an attacker can gain administrator privileges, they can elevate to root privileges and gain accessto any data on the user’s computer. Therefore, it is good security practice to log in as an administrator only when performing the rare tasks that require admin privileges. Because the default setting for OS X is to make the computer’s owner an administrator, you should encourage your usersto create a separate non-admin login and to use that for their everyday work. In addition, if possible, you should not require admin privileges to install your software. The idea of limiting risk by limiting access goes back to the “need to know” policy followed by government security agencies (no matter what your security clearance, you are not given access to information unless you have a specific need to know that information). In software security, this policy is often termed “the principle of least privilege,” first formally stated in 1975: “Every program and every user of the system should operate using the leastset of privileges necessary to complete the job.”(Saltzer,J.H. AND Schroeder, M.D.,“The Protection of Information in Computer Systems,” Proceedings of the IEEE , vol. 63, no. 9, Sept 1975.) In practical terms, the principle of least privilege means you should avoid running asroot, or—if you absolutely must run asroot to perform some task—you should run a separate helper application to perform the privileged task (see “Factoring Applications” (page 69)). By running with the least privilege possible, you: ● Limit damage from accidents and errors, including maliciously introduced accidents and errors ● Reduce interactions of privileged components, and therefore reduce unintentional, unwanted, and improper uses of privilege (side effects) Elevating Privileges Safely The Hostile Environment and the Principle of Least Privilege 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 60Keep in mind that, even if your code is free of errors, vulnerabilities in any libraries your code links in can be used to attack your program. For example, no program with a graphical user interface should run with privileges because the large number of libraries used in any GUI application makes it virtually impossible to guarantee that the application has no security vulnerabilities. There are a number of ways an attacker can take advantage of your program if you run as root. Some possible approaches are described in the following sections. Launching a New Process Because any new process runs with the privileges of the process that launched it, if an attacker can trick your process into launching his code, the malicious code runs with the privileges of your process. Therefore, if your process is running with root privileges and is vulnerable to attack, the attacker can gain control of the system. There are many ways an attacker can trick your code into launching malicious code, including buffer overflows, race conditions, and social engineering attacks (see “Types of Security Vulnerabilities” (page 11)). Executing Command-Line Arguments Because all command-line arguments, including the program name (argv(0)), are under the control of the user, you should not use the command line to execute any program without validating every parameter, including the name. If you use the command line to re-execute your own code or execute a helper program, for example, a malicious user might have substituted his own code with that program name, which you are now executing with your privileges. Inheriting File Descriptors When you create a new process, the child process inherits its own copy of the parent process’s file descriptors (see the manual page for fork(2)). Therefore, if you have a handle on a file, network socket, shared memory, or other resource that’s pointed to by a file descriptor and you fork off a child process, you must be careful to either close the file descriptor or you must make sure that the child process cannot be tampered with. Otherwise, a malicious user can use the subprocess to tamper with the resources referenced by the file descriptors. For example, if you open a password file and don’t close it before forking a process, the new subprocess has access to the password file. To set a file descriptor so that it closes automatically when you execute a new process (such as by using the execve system call), use the fcntl(2) command to set the close-on-exec flag. You mustset thisflag individually for each file descriptor; there’s no way to set it for all. Elevating Privileges Safely The Hostile Environment and the Principle of Least Privilege 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 61Abusing Environment Variables Most libraries and utilities use environment variables. Sometimes environment variables can be attacked with buffer overflows or by inserting inappropriate values. If your program links in any libraries or calls any utilities, your program is vulnerable to attacks through any such problematic environment variables. If your program is running as root, the attacker might be able to bring down or gain control of the whole system in this way. Examples of environment variables in utilities and libraries that have been attacked in the past include: 1. The dynamic loader: LD_LIBRARY_PATH, DYLD_LIBRARY_PATH are often misused, causing unwanted side effects. 2. libc: MallocLogFile 3. Core Foundation: CF_CHARSET_PATH 4. perl: PERLLIB, PERL5LIB, PERL5OPT [ 2 CVE-2005-2748 (corrected in Apple Security Update 2005-008) 3 CVE-2005-0716 (corrected in Apple Security Update 2005-003) 4 CVE-2005-4158] Environment variables are also inherited by child processes. If you fork off a child process, your parent process should validate the values of all environment variables before it uses them in case they were altered by the child process (whether inadvertently or through an attack by a malicious user). Modifying Process Limits You can use the setrlimit call to limit the consumption of system resources by a process. For example, you can set the largest size of file the process can create, the maximum amount of CPU time the process can consume, and the maximum amount of physical memory a process may use. These process limits are inherited by child processes. In order to prevent an attacker from taking advantage of open file descriptors, programsthat run with elevated privileges often close all open file descriptors when they start up. However, if an attacker can use setrlimit to alter the file descriptor limit, he can fool the program into leaving some of the files open. Those files are then vulnerable. Similarly, a vulnerability was reported for a version of Linux that made it possible for an attacker, by decreasing the maximum file size, to limit the size of the /etc/passwd and /etc/shadow files. Then, the next time a utility accessed one of these files, it truncated the file, resulting in a loss of data and denial of service. [CVE-2002-0762] Elevating Privileges Safely The Hostile Environment and the Principle of Least Privilege 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 62File Operation Interference If you’re running with elevated privileges in order to write or read files in a world-writable directory or a user’s directory, you must be aware of time-of-check–time-of-use problems; see “Time of Check Versus Time of Use” (page 44). Avoiding Elevated Privileges In many cases, you can accomplish your task without needing elevated privileges. For example, suppose you need to configure the environment (add a configuration file to the user’s home directory or modify a configuration file in the user’s home directory) for your application. You can do this from an installer running asroot (the installer command requires administrative privileges;see the manual page for installer(8)). However, if you have the application configure itself, or check whether configuration is needed when it starts up, then you don’t need to run as root at all. An example of using an alternate design in order to avoid running with elevated privileges is given by the BSD ps command, which displaysinformation about processesthat have controlling terminals. Originally, BSD used the setgid bit to run the ps command with a group ID of kmem, which gave it privilegesto read kernel memory. More recent implementations of the ps command use the sysctl utility to read the information it needs, removing the requirement that ps run with any special privileges. Running with Elevated Privileges If you do need to run code with elevated privileges, there are several approaches you can take: ● You can run a daemon with elevated privileges that you call on when you need to perform a privileged task. The preferred method of launching a daemon is to use the launchd daemon (see “launchd” (page 66)). It is easier to use launchd to launch a daemon and easier to communicate with a daemon than it is to fork your own privileged process. ● You can use the authopen command to read, create, or update a file (see “authopen” (page 65)). ● You can set the setuid and setgid bitsfor the executable file of your code, and set the owner and group of the file to the privilege level you need; for example, you can set the owner to root and the group to wheel. Then when the code is executed, it runs with the elevated privileges of its owner and group rather than with the privileges of the process that executed it. (See the “Permissions” section in the “Security Concepts” chapter in Security Overview.) This technique is often used to execute the privileged code in a factored application (see “Factoring Applications” (page 69)). As with other privileged code, you must be very sure that there are no vulnerabilities in your code and that you don’t link in any libraries or call any utilities that have vulnerabilities. Elevating Privileges Safely Avoiding Elevated Privileges 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 63If you fork off a privileged process, you should terminate it as soon as it has accomplished its task (see “Factoring Applications” (page 69)). Although architecturally thisis often the bestsolution, it is very difficult to do correctly, especially the first time you try. Unless you have a lot of experience with forking off privileged processes, you might want to try one of the other solutions first. ● You can use a BSD system call to change privilege level (see “Calls to Change Privilege Level” (page 64)). These commands have confusing semantics. You must be careful to use them correctly, and it’s very important to check the return values of these calls to make sure they succeeded. Note that in general, unless your process was initially running as root, it cannot elevate its privilege with these calls. However, a process running as root can discard (temporarily or permanently) those privileges. Any process can change from acting on behalf of one group to another (within the set of groups to which it belongs). Calls to Change Privilege Level There are several commands you can use to change the privilege level of a program. The semantics of these commands are tricky, and vary depending on the operating system on which they’re used. Important: If you are running with both a group ID (GID) and user ID (UID) that are different from those of the user, you have to drop the GID before dropping the UID. Once you’ve changed the UID, you may no longer have sufficient privileges to change the GID. Important: As with every security-related operation, you must check the return values of your calls to setuid, setgid, and related routines to make sure they succeeded. Otherwise you might still be running with elevated privileges when you think you have dropped privileges. For more information on permissions,see the “Permissions”section in the “Security Concepts” chapter in Security Overview. For information on setuid and related commands, see Setuid Demystified by Chen, Wagner, and Dean (Proceedings of the 11th USENIX Security Symposium, 2002), available at http://www.usenix.org/publications/library/proceedings/sec02/full_papers/chen/chen.pdf and the manual pages for setuid(2), setreuid(2), setregid(2), and setgroups(2). The setuid(2)manual page includesinformation about seteuid, setgid, and setegid as well. Here are some notes on the most commonly used system calls for changing privilege level: Elevating Privileges Safely Calls to Change Privilege Level 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 64● The setuid function sets the real and effective user IDs and the saved user ID of the current process to a specified value. The setuid function is the most confusing of the UID-setting system calls. Not only does the permission required to use this call differ among different UNIX-based systems, but the action of the call differs among different operating systems and even between privileged and unprivileged processes. If you are trying to set the effective UID, you should use the seteuid function instead. ● The setreuid function modifies the real UID and effective UID, and in some cases, the saved UID. The permission required to use this call differs among different UNIX-based systems, and the rule by which the saved UID is modified is complicated. For this function as well, if your intent is to set the effective UID, you should use the seteuid function instead. ● The seteuid function sets the effective UID, leaving the real UID and saved UID unchanged. In OS X, the effective user ID may be set to the value of the real user ID or of the saved set-user-ID. (In some UNIX-based systems, thisfunction allows you to set the EUID to any of the real UID,saved UID, or EUID.) Of the functions available on OS X that set the effective UID, the seteuid function is the least confusing and the least likely to be misused. ● The setgid function acts similarly to the setuid function, except that it sets group IDs rather than user IDs. It suffers from the same shortcomings as the setuid function; use the setegid function instead. ● The setregid function acts similarly to the setreuid function, with the same shortcomings; use the setegid function instead. ● The setegid function sets the effective GID. This function is the preferred call to use if you want to set the EGID. Avoiding Forking Off a Privileged Process There are a couple of functions you might be able to use to avoid forking off a privileged helper application. The authopen command lets you obtain temporary rights to create, read, or update a file. You can use the launchd daemon to start a process with specified privileges and a known environment. authopen When you run the authopen command, you provide the pathname of the file that you want to access. There are options for reading the file, writing to the file, and creating a new file. Before carrying out any of these operations, the authopen command requests authorization from the system security daemon, which authenticates the user (through a password dialog or other means) and determines whether the user has sufficient rights to carry out the operation. See the manual page for authopen(1) for the syntax of this command. Elevating Privileges Safely Avoiding Forking Off a Privileged Process 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 65launchd Starting with OS X v10.4, the launchd daemon is used to launch daemons and other programs automatically, without user intervention. (If you need to support systems running versions of the OS earlier than OS X v10.4, you can use startup items.) The launchd daemon can launch both systemwide daemons and per-user agents, and can restart those daemons and agents after they quit if they are still needed. You provide a configuration file that tells launchd the level of privilege with which to launch your routine. You can also use launchd to launch a privileged helper. By factoring your application into privileged and unprivileged processes, you can limit the amount of code running as the root user (and thus the potential attack surface). Be sure that you do not request higher privilege than you actually need, and always drop privilege or quit execution as soon as possible. There are several reasons to use launchd in preference to writing a daemon running as the root user or a factored application that forks off a privileged process: ● Because launchd launches daemons on demand, your daemon needs not worry about whether other services are available yet. When it makes a request for one of those services, the service gets started automatically in a manner that is transparent to your daemon. ● Because launchd itself runs as the root user, if your only reason for using a privileged process is to run a daemon on a low-numbered port, you can let launchd open that port on your daemon’s behalf and pass the open socket to your daemon, thus eliminating the need for your code to run as the root user. ● Because launchd can launch a routine with elevated privileges, you do not have to set the setuid or setgid bits for the helper tool. Any routine that has the setuid or setgid bit set is likely to be a target for attack by malicious users. ● A privileged routine started by launchd runs in a controlled environment that can’t be tampered with. If you launch a helper tool that has the setuid bit set, it inherits much of the launching application’s environment, including: ● Open file descriptors (unless their close-on-exec flag is set). ● Environment variables (unless you use posix_spawn, posix_spawnp, or an exec variant that takes an explicit environment argument). ● Resource limits. ● The command-line arguments passed to it by the calling process. ● Anonymous shared memory regions (unattached, but available to reattach, if desired). ● Mach port rights. There are probably others. It is much safer to use launchd, which completely controls the launch environment. Elevating Privileges Safely Avoiding Forking Off a Privileged Process 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 66● It’s much easier to understand and verify the security of a protocol between your controlling application and a privileged daemon than to handle the interprocess communication needed for a process you forked yourself. When you fork a process, it inheritsits environment from your application, including file descriptors and environment variables, which might be used to attack the process (see “The Hostile Environment and the Principle of Least Privilege” (page 60)). You can avoid these problems by using launchd to launch a daemon. ● It’s easier to write a daemon and launch it with launchd than to write factored code and fork off a separate process. ● Because launchd is a critical system component, it receives a lot of peer review by in-house developers at Apple. It is less likely to contain security vulnerabilities than most production code. ● The launchd.plist file includes key-value pairs that you can use to limit the system services—such as memory, number of files, and cpu time—that the daemon can use. For more information on launchd, see the manual pages for launchd, launchctl, and launchd.plist, and Daemons and Services Programming Guide . For more information about startup items, see Daemons and Services Programming Guide . Limitations and Risks of Other Mechanisms In addition to launchd, the following lesser methods can be used to obtain elevated privileges. In each case, you must understand the limitations and risks posed by the method you choose. ● setuid If an executable's setuid bit is set, the program runs as whatever user owns the executable regardless of which process launches it. There are two approaches to using setuid to obtain root (or another user’s) privileges while minimizing risk: ● Launch your program with root privileges, perform whatever privileged operations are necessary immediately, and then permanently drop privileges. ● Launch a setuid helper tool that runs only as long as necessary and then quits. If the operation you are performing needs a group privilege or user privilege other than root, you should launch your program or helper tool with that privilege only, not with root privilege, to minimize the damage if the program is hijacked. It’s important to note that if you are running with both a group ID (GID) and user ID (UID) that are different from those of the user, you have to drop the GID before dropping the UID. Once you’ve changed the UID, you can no longer change the GID. As with every security-related operation, you must check the return values of your calls to setuid, setgid, and related routines to make sure they succeeded. Elevating Privileges Safely Limitations and Risks of Other Mechanisms 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 67For more information about the use of the setuid bit and related routines, see “Elevating Privileges Safely” (page 59). ● SystemStarter When you put an executable in the /Library/StartupItems directory, it is started by the SystemStarter program at boot time. Because SystemStarter runs with root privileges, you can start your program with any level of privilege you wish. Be sure to use the lowest privilege level that you can use to accomplish your task, and to drop privilege as soon as possible. Startup items run daemons with root privilege in a single global session; these processes serve all users. For OS X v10.4 and later, the use of startup items is deprecated; use the launchd daemon instead. For more information on startup items and startup item privileges,see “Startup Items” in Daemons and Services Programming Guide . ● AuthorizationExecWithPrivilege The Authorization Services API provides the AuthorizationExecWithPrivilege function, which launches a privileged helper as the root user. Although this function can execute any process temporarily with root privileges, it is not recommended except for installersthat have to be able to run from CDs and self-repairing setuid tools. See Authorization Services Programming Guide for more information. ● xinetd In earlier versions of OS X, the xinetd daemon was launched with root privileges at system startup and subsequently launched internetservices daemons when they were needed. The xinetd.conf configuration file specified the UID and GID of each daemon started and the port to be used by each service. Starting with OS X v10.4, you should use launchd to perform the services formerly provided by xinetd. SeeDaemonsandServicesProgrammingGuide forinformation about convertingfromxinetdtolaunchd. See the manual pages for xinetd(8) and xinetd.conf(5) for more information about xinetd. ● Other If you are using some other method to obtain elevated privilege for your process, you should switch to one of the methods described here and follow the cautions described in this chapter and in “Elevating Privileges Safely” (page 59). Elevating Privileges Safely Limitations and Risks of Other Mechanisms 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 68Factoring Applications If you’ve read this far and you’re still convinced you need to factor your application into privileged and nonprivileged processes, this section provides some tips and sample code. In addition, see Authorization Services Programming Guide for more advice on the use of Authorization Services and the proper way to factor an application. As explained in the Authorization Services documentation, it is very important that you check the user’s rights to perform the privileged operation, both before and after launching your privileged helper tool. Your helper tool, owned by root and with the setuid bit set, has sufficient privileges to perform whatever task it has to do. However, if the user doesn’t have the rights to perform this task, you shouldn’t launch the tool and—if the tool gets launched anyway—the tool should quit without performing the task. Your nonprivileged process should first use Authorization Services to determine whether the user is authorized and to authenticate the user if necessary (this is called preauthorizing ; see Listing 5-1 (page 70)). Then launch your privileged process. The privileged process then should authorize the user again, before performing the task that requires elevated privileges; see Listing 5-2 (page 71). As soon as the task is complete, the privileged process should terminate. In determining whether a user has sufficient privileges to perform a task, you should use rights that you have defined and put into the policy database yourself. If you use a right provided by the system or by some other developer, the user might be granted authorization for that right by some other process, thus gaining privileges to your application or access to data that you did not authorize or intend. For more information about policies and the policy database, (see the section “The Policy Database” in the “Authorization Concepts” chapter of Authorization Services Programming Guide ). In the code samples shown here, the task that requires privilege is killing a process that the user does not own. Example: Preauthorizing If a user tries to kill a process that he doesn’t own, the application has to make sure the user is authorized to do so. The following numbered items correspond to comments in the code sample: 1. If the process is owned by the user, and the process is not the window server or the login window, go ahead and kill it. 2. Call the permitWithRight method to determine whether the user has the right to kill the process. The application must have previously added this right—in this example, called com.apple.processkiller.kill—to the policy database. The permitWithRight method handles the interaction with the user (such as an authentication dialog). If this method returns 0, it completed without an error and the user is considered preauthorized. 3. Obtain the authorization reference. 4. Create an external form of the authorization reference. 5. Create a data object containing the external authorization reference. Elevating Privileges Safely Factoring Applications 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 696. Pass this serialized authorization reference to the setuid tool that will kill the process (Listing 5-2 (page 71)). Listing 5-1 Non-privileged process if (ownerUID == _my_uid && ![[contextInfo processName] isEqualToString:@"WindowServer"] && ![[contextInfo processName] isEqualToString:@"loginwindow"]) { [self killPid:pid withSignal:signal]; // 1 } else { SFAuthorization *auth = [SFAuthorization authorization]; if (![auth permitWithRight:"com.apple.proccesskiller.kill" flags: kAuthorizationFlagDefaults|kAuthorizationFlagInteractionAllowed| kAuthorizationFlagExtendRights|kAuthorizationFlagPreAuthorize]) // 2 { AuthorizationRef authRef = [auth authorizationRef]; // 3 AuthorizationExternalForm authExtForm; OSStatus status = AuthorizationMakeExternalForm(authRef, &authExtForm);// 4 if (errAuthorizationSuccess == status) { NSData *authData = [NSData dataWithBytes: authExtForm.bytes length: kAuthorizationExternalFormLength]; // 5 [_agent killProcess:pid signal:signal authData: authData]; // 6 } } } The external tool is owned by root and has its setuid bit set so that it runs with root privileges. It imports the externalized authorization rights and checks the user’s authorization rights again. If the user has the rights, the tool killsthe process and quits. The following numbered items correspond to commentsin the code sample: 1. Convert the external authorization reference to an authorization reference. 2. Create an authorization item array. 3. Create an authorization rights set. Elevating Privileges Safely Factoring Applications 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 704. Call the AuthorizationCopyRights function to determine whether the user has the right to kill the process. You pass this function the authorization reference. If the credentials issued by the Security Server when it authenticated the user have not yet expired, this function can determine whether the user is authorized to kill the process without reauthentication. If the credentials have expired, the Security Server handles the authentication (for example, by displaying a password dialog). (You specify the expiration period for the credentials when you add the authorization right to the policy database.) 5. If the user is authorized to do so, kill the process. 6. If the user is not authorized to kill the process, log the unsuccessful attempt. 7. Release the authorization reference. Listing 5-2 Privileged process AuthorizationRef authRef = NULL; OSStatus status = AuthorizationCreateFromExternalForm( (AuthorizationExternalForm *)[authData bytes], &authRef); // 1 if ((errAuthorizationSuccess == status) && (NULL != authRef)) { AuthorizationItem right = {"com.apple.proccesskiller.kill", 0L, NULL, 0L}; // 2 AuthorizationItemSet rights = {1, &right}; // 3 status = AuthorizationCopyRights(authRef, &rights, NULL, kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights, NULL); // 4 if (errAuthorizationSuccess == status) kill(pid, signal); // 5 else NSLog(@"Unauthorized attempt to signal process %d with %d", pid, signal); // 6 AuthorizationFree(authRef, kAuthorizationFlagDefaults); // 7 } Helper Tool Cautions If you write a privileged helper tool, you need to be very careful to examine your assumptions. For example, you should always check the results of function calls; it is dangerousto assume they succeeded and to proceed on that assumption. You must be careful to avoid any of the pitfalls discussed in this document, such as buffer overflows and race conditions. Elevating Privileges Safely Factoring Applications 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 71If possible, avoid linking in any extra libraries. If you do have to link in a library, you must not only be sure that the library has no security vulnerabilities, but also that it doesn’t link in any other libraries. Any dependencies on other code potentially open your code to attack. In order to make your helper tool as secure as possible, you should make it as short as possible—have it do only the very minimum necessary and then quit. Keeping it short makes it less likely that you made mistakes, and makes it easier for others to audit your code. Be sure to get a security review from someone who did not help write the tool originally. An independent reviewer is less likely to share your assumptions and more likely to spot vulnerabilities that you missed. Authorization and Trust Policies In addition to the basic permissions provided by BSD, the OS X Authorization Services API enables you to use the policy database to determine whether an entity should have access to specific features or data within your application. Authorization Services includes functions to read, add, edit, and delete policy database items. You should define your own trust policies and put them in the policy database. If you use a policy provided by the system or by some other developer, the user might be granted authorization for a right by some other process, thus gaining privileges to your application or access to data that you did not authorize or intend. Define a different policy for each operation to avoid having to give broad permissions to users who need only narrow privileges. For more information about policies and the policy database, see the section “The Policy Database” in the “Authorization Concepts” chapter of Authorization Services Programming Guide . Authorization Services does not enforce access controls; rather, it authenticates users and lets you know whether they have permission to carry out the action they wish to perform. It is up to your program to either deny the action or carry it out. Security in a KEXT Because kernel extensions have no user interface, you cannot call Authorization Servicesto obtain permissions that you do not already have. However, in portions of your code that handle requests from user space, you can determine what permissions the calling process has, and you can evaluate access control lists (ACLs; see the section “ACLs” in the “Security Concepts” section of Security Overview). In OS X v10.4 and later, you can also use the Kernel Authorization (Kauth) subsystem to manage authorization. For more information on Kauth, see Technical Note TN2127, Kernel Authorization (http://developer.apple.com/technotes/tn2005/tn2127.html). Elevating Privileges Safely Authorization and Trust Policies 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 72The user is often the weak link in the security of a system. Many security breaches have been caused by weak passwords, unencrypted filesleft on unprotected computers, and successfulsocial engineering attacks. Therefore, it is vitally important that your program’s user interface enhance security by making it easy for the user to make secure choices and avoid costly mistakes. In a social engineering attack, the user is tricked into either divulging secret information or running malicious code. For example, the Melissa virus and the Love Letter worm each infected thousands of computers when users downloaded and opened files sent in email. This chapter discusses how doing things that are contrary to user expectations can cause a security risk, and gives hints for creating a user interface that minimizes the risk from social engineering attacks. Secure human interface design is a complex topic affecting operating systems as well as individual programs. This chapter gives only a few hints and highlights. For an extensive discussion of this topic, see Cranor and Garfinkel, Security and Usability: Designing Secure Systems that People Can Use , O’Reilly, 2005. There is also an interesting weblog on this subject maintained by researchers at the University of California at Berkeley (http://usablesecurity.com/). Use Secure Defaults Most users use an application’s default settings and assume that they are secure. If they have to make specific choices and take multiple actions in order to make a program secure, few will do so. Therefore, the default settings for your program should be as secure as possible. For example: ● If your program launches other programs, it should launch them with the minimum privileges they need to run. ● If your program supports optionally connecting by SSL, the checkbox should be checked by default. ● If your program displays a user interface that requires the user to decide whether to perform a potentially dangerous action, the default option should be the safe choice. If there is no safe choice, there should be no default. (See “UI Element Guidelines: Controls” in OS X Human Interface Guidelines.) And so on. 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 73 Designing Secure User InterfacesThere is a common belief that security and convenience are incompatible. With careful design, this does not have to be so. In fact, it is very important that the user not have to sacrifice convenience for security, because many users will choose convenience in thatsituation. In many cases, a simpler interface is more secure, because the user is less likely to ignore security features and less likely to make mistakes. Whenever possible, you should make security decisions for your users: in most cases, you know more about security than they do, and if you can’t evaluate the evidence to determine which choice is most secure, the chances are your users will not be able to do so either. For a detailed discussion of this issue and a case study, see the article “Firefox and the Worry-Free Web” in Cranor and Garfinkel, Security and Usability: Designing Secure Systems that People Can Use . Meet Users’ Expectations for Security If your program handles data that the user expects to be kept secret, make sure that you protect that data at all times. That means not only keeping it in a secure location or encrypting it on the user’s computer, but not handing it off to another program unless you can verify that the other program will protect the data, and not transmitting it over an insecure network. If for some reason you cannot keep the data secure, you should make this situation obvious to users and give them the option of canceling the insecure operation. Important: The absence of an indication that an operation is secure is not a good way to inform the user that the operation is insecure. A common example of this is any web browser that adds a lock icon (usually small and inconspicuous) on web pages that are protected by SSL/TLS or some similar protocol. The user has to notice that this icon is not present (or that it’s in the wrong place, in the case of a spoofed web page) in order to take action. Instead, the program should prominently display some indication for each web page or operation that is not secure. The user must be made aware of when they are granting authorization to some entity to act on their behalf or to gain access to their files or data. For example, a program might allow users to share files with other users on remote systems in order to allow collaboration. In this case, sharing should be off by default. If the user turns it on, the interface should make clear the extent to which remote users can read from and write to files on the local system. If turning on sharing for one file also lets remote users read any other file in the same folder, for example, the interface must make this clear before sharing is turned on. In addition, as long as sharing is on, there should be some clear indication that it is on, lest users forget that their files are accessible by others. Designing Secure User Interfaces Meet Users’ Expectations for Security 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 74Authorization should be revocable: if a user grants authorization to someone, the user generally expects to be able to revoke that authorization later. Whenever possible, your program should not only make this possible, it should make it easy to do. If for some reason it will not be possible to revoke the authorization, you should make that clear before granting the authorization. You should also make it clear that revoking authorization cannot reverse damage already done (unless your program provides a restore capability). Similarly, any other operation that affects security but that cannot be undone should either not be allowed or the user should be made aware of the situation before they act. For example, if all files are backed up in a central database and can’t be deleted by the user, the user should be aware of that fact before they record information that they might want to delete later. As the user’s agent, you must carefully avoid performing operations that the user does not expect or intend. For example, avoid automatically running code if it performsfunctionsthat the user has not explicitly authorized. Secure All Interfaces Some programs have multiple user interfaces, such as a graphical user interface, a command-line interface, and an interface for remote access. If any of these interfaces require authentication (such as with a password), then all the interfaces should require it. Furthermore, if you require authentication through a command line or remote interface, be sure the authentication mechanism is secure—don’t transmit passwords in cleartext, for example. Place Files in Secure Locations Unless you are encrypting all output, the location where you save files has important security implications. For example: ● FileVault can secure the root volume (or the user’s home folder prior to OS X v10.7), but not other locations where the user might choose to place files. ● Folder permissions can be set in such a way that others can manipulate their contents. You should restrict the locations where users can save files if they contain information that must be protected. If you allow the user to select the location to save files, you should make the security implications of a particular choice clear; specifically, they must understand that, depending on the location of a file, it might be accessible to other applications or even remote users. Designing Secure User Interfaces Secure All Interfaces 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 75Make Security Choices Clear Most programs, upon detecting a problem or discrepancy, display a dialog box informing the user of the problem. Often this approach does not work, however. For one thing, the user might not understand the warning or its implications. For example, if the dialog warns the user that the site to which they are connecting has a certificate whose name does not match the name of the site, the user is unlikely to know what to do with that information, and is likely to ignore it. Furthermore, if the program puts up more than a few dialog boxes, the user is likely to ignore all of them. To solve this problem, when giving the user a choice that has security implications, make the potential consequences of each choice clear. The user should never be surprised by the results of an action. The choice given to the user should be expressed in terms of consequences and trade-offs, not technical details. For example, a choice of encryption methods should be based on the level of security (expressed in simple terms,such asthe amount of time it might take to break the encryption) versusthe time and disk space required to encrypt the data, rather than on the type of algorithm and the length of the key to be used. If there are no practical differences of importance to the user (as when the more secure encryption method is just as efficient as the less-secure method), just use the most secure method and don’t give the user the choice at all. Be sensitive to the fact that few users are security experts. Give as much information—in clear, nontechnical terms—as necessary for them to make an informed decision. In some cases, it might be best not to give them the option of changing the default behavior. For example, most users don’t know what a digital certificate is, let alone the implications of accepting a certificate signed by an unknown authority. Therefore, it is probably not a good idea to let the user permanently add an anchor certificate (a certificate that is trusted for signing other certificates) unless you can be confident that the user can evaluate the validity of the certificate. (Further, if the user is a security expert, they’ll know how to add an anchor certificate to the keychain without the help of your application anyway.) If you are providing security features, you should make their presence clear to the user. For example, if your mail application requires the user to double click a small icon in order to see the certificate used to sign a message, most users will never realize that the feature is available. In an often-quoted but rarely applied monograph, Jerome Saltzer and Michael Schroeder wrote “It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly. Also, to the extent that the user’s mental image of his protection goals matchesthe mechanisms he must use, mistakes will be minimized. If he must translate hisimage of his protection needs into a radically different specification language, he will make errors.” (Saltzer and Schroeder, “The Protection of Information in Computer Systems,” Proceedings of the IEEE 63:9, 1975.) Designing Secure User Interfaces Make Security Choices Clear 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 76For example, you can assume the user understandsthat the data must be protected from unauthorized access; however, you cannot assume the user has any knowledge of encryption schemes or knows how to evaluate password strength. In this case, your program should present the user with choices like the following: ● “Is your computer physically secure, or is it possible that an unauthorized user will have physical access to the computer?” ● “Is your computer connected to a network?” From the user’s answers, you can determine how best to protect the data. Unless you are providing an “expert” mode, do not ask the user questions like the following: ● “Do you want to encrypt your data, and if so, with which encryption scheme?” ● “How long a key should be used?” ● “Do you want to permit SSH access to your computer?” These questions don’t correspond with the user’s view of the problem. Therefore, the user’s answers to such questions are likely to be erroneous. In this regard, it is very important to understand the user’s perspective. Very rarely is an interface thatseemssimple or intuitive to a programmer actually simple or intuitive to average users. To quote Ka-Ping Yee (User Interaction Design for Secure Systems, at http://www.eecs.berkeley.edu/Pubs/TechRpts/2002/CSD-02-1184.pdf): In order to have a chance of using a system safely in a world of unreliable and sometimes adversarial software, a user needs to have confidence in all of the following statements: ● Things don’t become unsafe all by themselves. (Explicit Authorization) ● I can know whether things are safe. (Visibility) ● I can make things safer. (Revocability) ● I don’t choose to make things unsafe. (Path of Least Resistance) ● I know what I can do within the system. (Expected Ability) ● I can distinguish the things that matter to me. (Appropriate Boundaries) ● I can tell the system what I want. (Expressiveness) ● I know what I’m telling the system to do. (Clarity) ● The system protects me from being fooled. (Identifiability, Trusted Path) For additional tips, read “Dialogs” in OS X Human Interface Guidelines and “Alerts, Action Sheets, and Modal Views” in iOS Human Interface Guidelines. Designing Secure User Interfaces Make Security Choices Clear 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 77Fight Social Engineering Attacks Social engineering attacks are particularly difficult to fight. In a social engineering attack, the attacker fools the user into executing attack code or giving up private information. A common form of social engineering attack is referred to as phishing . Phishing refers to the creation of an official-looking email or web page that fools the user into thinking they are dealing with an entity with which they are familiar,such as a bank with which they have an account. Typically, the user receives an email informing them that there is something wrong with their account, and instructing them to click on a link in the email. The link takes them to a web page that spoofs a real one; that is, it includes icons, wording, and graphical elements that echo those the user is used to seeing on a legitimate web page. The user is instructed to enter such information as their social security number and password. Having done so, the user has given up enough information to allow the attacker to access the user’s account. Fighting phishing and other social engineering attacks is difficult because the computer’s perception of an email or web page is fundamentally different from that of the user. For example, consider an email containing a link to http://scamsite.example.com/ but in which the link’s text says Apple Web Store. From the computer’s perspective, the URL links to a scam site, but from the user’s perspective, it links to Apple’s online store. The user cannot easily tell that the link does not lead to the location they expect until they see the URL in their browser; the computer similarly cannot determine that the link’s text is misleading. To further complicate matters, even when the user looks at the actual URL, the computer and user may perceive the URL differently. The Unicode characterset includes many charactersthat look similar or identical to common English letters. For example, the Russian glyph that is pronounced like “r” looks exactly like an English “p” in many fonts, though it has a different Unicode value. These characters are referred to as homographs. When web browsers began to support internationalized domain names (IDN), some phishers set up websites that looked identical to legitimate ones, using homographs in their web addresses to fool users into thinking the URL was correct. Some creative techniques have been tried for fighting social engineering attacks, including trying to recognize URLsthat are similar to, but not the same as, well-known URLs, using private email channelsfor communications with customers, using emailsigning, and allowing usersto see messages only if they come from known, trusted sources. All of these techniques have problems, and the sophistication ofsocial engineering attacksisincreasing all the time. For example, to foil the domain name homograph attack, many browsers display internationalized domain names IDN) in an ASCII format called “Punycode.” For example, an impostor website with the URL http://www.apple.com/ that uses a Roman script for all the characters except for the letter “a”, for which it uses a Cyrillic character, is displayed as http://www.xn--pple-43d.com. Designing Secure User Interfaces Fight Social Engineering Attacks 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 78Different browsers use different schemes when deciding which internationalized domain names to show and which ones to translate. For example, Safari uses this form when a URL contains characters in two or more scripts that are not allowed in the same URL, such as Cyrillic characters and traditional ASCII characters. Other browsers consider whether the characterset is appropriate for the user’s default language. Still others maintain a whitelist of registries that actively prevent such spoofing and use punycode for domains from all other registries. For a more in-depth analysis of the problem, more suggested approaches to fighting it, and some case studies, see Security and Usability: Designing Secure Systems that People Can Use by Cranor and Garfinkel. To learn more aboutsocial engineering techniquesin general, read The Art of Deception: Controlling the Human Element of Security by Mitnick, Simon, and Wozniak. Use Security APIs When Possible One way to avoid adding security vulnerabilities to your code is to use the available security APIs whenever possible. The Security Interface Framework API provides a number of user interface viewsto support commonly performed security tasks. iOS Note: The Security Interface Framework is not available in iOS. In iOS, applications are restricted in their use of the keychain, and it is not necessary for the user to create a new keychain or change keychain settings. The Security Interface Framework API provides the following views: ● TheSFAuthorizationView class implements an authorization view in a window. An authorization view is a lock icon and accompanying text that indicates whether an operation can be performed. When the user clicks a closed lock icon, an authorization dialog displays. Once the user is authorized, the lock icon appears open. When the user clicksthe open lock, Authorization Servicesrestricts access again and changes the icon to the closed state. ● The SFCertificateView and SFCertificatePanel classes display the contents of a certificate. ● The SFCertificateTrustPanel class displays and optionally lets the user edit the trust settings in a certificate. ● The SFChooseIdentityPanel class displays a list of identities in the system and lets the user select one. (In this context, identity refers to the combination of a private key and its associated certificate.) ● The SFKeychainSavePanel class adds an interface to an application that lets the user save a new keychain. The user interface is nearly identical to that used for saving a file. The difference is that this class returns a keychain in addition to a filename and lets the user specify a password for the keychain. Designing Secure User Interfaces Use Security APIs When Possible 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 79● The SFKeychainSettingsPanel class displays an interface that lets the user change keychain settings. Documentation for the Security Interface framework is in Security Interface Framework Reference . Designing Secure User Interfaces Use Security APIs When Possible 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 80Privilege separation is a common technique for making applications more secure. By breaking up an application into functional units that each require fewer privileges, you can make it harder to do anything useful with any single part of that application if someone successfully compromises it. However, without proper design, a privilege-separated app is not significantly more secure than a non-privilege-separated app. For proper security, each part of the app must treat other parts of the app as untrusted and potentially hostile. To that end, this chapter provides dos and don’ts for designing a helper app. There are two different ways that you can perform privilege separation: ● Creating a pure computation helper to isolate risky operations. Thistechnique requiresthe main application to be inherently suspicious of any data that the helper returns, but does not require that the helper be suspicious of the application. ● Creating a helper or daemon to perform tasks without granting the application the right to perform them. This requires not only that the main application not trust the helper, but also that the helper not trust the main application. The techniques used for securing the two types of helpers differ only in the level of paranoia required by the helper. Avoid Puppeteering When a helper application is so tightly controlled by the main application that it does not make any decisions by itself, thisis called puppeteering. Thisisinherently bad design because if the application gets compromised, the attacker can then control the helper similarly, in effect taking over pulling the helper’s “strings”. This completely destroys the privilege separation boundary. Therefore, unless you are creating a pure computation helper, splitting code into a helper application that simply does whatever the main app tells it to do is usually not a useful division of labor. In general, a helper must be responsible for deciding whether or not to perform a particular action. If you look at the actions that an application can perform with and without privilege separation, those lists should be different; if they are not, then you are not gaining anything by separating the functionality out into a separate helper. 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 81 Designing Secure Helpers and DaemonsFor example, consider a helper that downloads help content for a word processor. If the helper fetches any arbitrary URL that the word processor sends it, the helper can be trivially exploited to send arbitrary data to an arbitrary server. For example, an attacker who took control of the browser could tell the helper to access the URL http://badguy.example.com/saveData?hereIsAnEncodedCopyOfTheUser%27sData. The subsections that follow describe solutions for this problem. Use Whitelists One way to fix this is with whitelists. The helper should include a specific list of resources that it can access. For example, this helper could include: ● A host whitelist that includes only the domain example.org. Requests to URLs in that domain would succeed, but the attacker could not cause the helper to access URLs in a different domain. ● An allowed path prefix whitelist. The attacker would not be able to use cross-site scripting on the example.org bulletin board to redirect the request to another location. (This applies mainly to apps using a web UI.) You can also avoid this by handling redirection manually. ● An allowed file type whitelist. This could limit the helper to the expected types of files. (Note that file type whitelists are more interesting for helpers that access files on the local hard drive.) ● A whitelist of specific URIs to which GET or POST operations are allowed. Use Abstract Identifiers and Structures A second way to avoid puppeteering is by abstracting away the details of the request itself, using data structures and abstract identifiers instead of providing URIs, queries, and paths. A trivial example of thisis a help system. Instead of the app passing a fully-formed URI for a help search request, it might pass a flag field whose value tells the helper to “search by name” or “search by title” and a string value containing the search string. This flag field is an example of an abstract identifier; it tells the helper what to do without telling it how to do it. Taken one step further, when the helper returns a list of search results, instead of returning the names and URIs for the result pages, it could return the names and an opaque identifier (which may be an index into the last set of search results). By doing so, the application cannot access arbitrary URIs because it never interacts with the actual URIs directly. Similarly, if you have an application that works with project files that reference other files, in the absence of API to directly support this, you can use a temporary exception to give a helper access to all files on the disk. To make this more secure, the helpershould provide access only to filesthat actually appear in the user-opened Designing Secure Helpers and Daemons Avoid Puppeteering 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 82project. The helper might do this by requiring the application to request files by some arbitrary identifier generated by the helper rather than by name or path. This makes it harder for the application to ask the helper to open arbitrary files. This can further be augmented with sniffing, as described in “Use the Smell Test” (page 83). The same concept can be extended to other areas. For example, if the application needs to change a record in a database, the helper could send the record as a data structure, and the app could send back the altered data structure along with an indication of which values need to change. The helper could then verify the correctness of the unaltered data before modifying the remaining data. Passing the data abstractly also allows the helper to limit the application’s access to other database tables. It also allows the helper to limit what kinds of queries the application can perform in ways that are more fine-grained than would be possible with the permissions system that most databases provide. Use the Smell Test If a helper application has access to files that the main application cannot access directly, and if the main application asks the helper to retrieve the contents of that file, it is useful for the helper to perform tests on the file before sending the data to ensure that the main application has not substituted a symbolic link to a different file. In particular, it is useful to compare the file extension with the actual contents of the file to see whether the bytes on disk make sense for the apparent file type. This technique is called file type sniffing. For example, the first few bytes of any image file usually provide enough information to determine the file type. If the first four bytes are JFIF, the file is probably a JPEG image file. If the first four bytes are GIF8, the file is probably a GIF image file. If the first four bytes are MM.* or II*., the file is probably a TIFF file. And so on. If the request passes this smell test, then the odds are good that the request is not malicious. Treat Both App and Helper as Hostile Because the entire purpose of privilege separation is to prevent an attacker from being able to do anything useful after compromising one part of an application, both the helper and the app must assume that the other party is potentially hostile. This means each piece must: ● Avoid buffer overflows (“Avoiding Buffer Overflows And Underflows” (page 17)). ● Validate all input from the other side (“Validating Input And Interprocess Communication” (page 33)). ● Avoid insecure interprocess communication mechanisms (“Validating Input And Interprocess Communication” (page 33)) ● Avoid race conditions (“Avoiding Race Conditions” (page 43)). Designing Secure Helpers and Daemons Treat Both App and Helper as Hostile 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 83● Treat the contents of any directory or file to which the other process has write access as fundamentally untrusted (“Securing File Operations” (page 47)). This list potentially includes: ● The entire app container directory. ● Preference files. ● Temporary files. ● User files. And so on. If you follow these design principles, you will make it harder for an attacker to do anything useful if he or she compromises your app. Run Daemons as Unique Users For daemonsthatstart with elevated privileges and then drop privileges, you should always use a locally unique user ID for your program. If you use some standard UID such as _unknown or nobody, then any other process running with thatsame UID can interact with your program, either directly through interprocess communication, or indirectly by altering configuration files. Thus, if someone hijacks another daemon on the same server, they can then interfere with your daemon; or, conversely, ifsomeone hijacks your daemon, they can use it to interfere with other daemons on the server. You can use Open Directory services to obtain a locally unique UID. Note that UIDs from 0 through 500 are reserved for use by the system. Note: You should generally avoid making security decisions based on the user’s ID or name for two reasons: ● Many APIs for determining the user ID and user name are inherently untrustworthy because they return the value of the USER. ● Someone could trivially make a copy of your app and change the string to a different value, then run the app. Start Other Processes Safely When it comes to security, not all APIs for running external tools are created equal. In particular: Avoid the POSIX system(3) function. Its simplicity makes it a tempting choice, but also makes it much more dangerous than other functions. When you use system, you become responsible for completely sanitizing the entire command, which means protecting any characters that are treated as special by the shell. You are Designing Secure Helpers and Daemons Run Daemons as Unique Users 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 84responsible for understanding and correctly using the shell’s quoting rules, knowing which characters are interpreted within each type of quotation marks, and so on. This is no small feat even for expert shell script programmers, and is strongly inadvisable for everyone else. Bluntly put, you will get it wrong. Set up your own environment correctly ahead of time. Many APIs search for the tool you want to run in locations specified by the PATH environment variable. If an attacker can modify that variable, the attacker can potentially trick your app into starting a different tool and running it as the current user. You can avoid this problem by either explicitly setting the PATH environment variable yourself or by avoiding variants of exec(3) or posix_spawn(2) that use the PATH environment variable to search for executables. Use absolute paths where possible, or relative paths if absolute paths are not available. By explicitly specifying a path to an executable rather than just its name, the PATH environment variable is not consulted when the OS determines which tool to run. For more information about environment variables and shell special characters, read Shell Scripting Primer. Designing Secure Helpers and Daemons Start Other Processes Safely 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 85This appendix presents a set of security audit checklists that you can use to help reduce the security vulnerabilities of your software. These checklists are designed to be used during software development. If you read this section all the way through before you start coding, you may avoid many security pitfalls that are difficult to correct in a completed program. Note that these checklists are not exhaustive; you might not have any of the potential vulnerabilities discussed here and still have insecure code. Also, as the author of the code, you are probably too close to the code to be fully objective, and thus may overlook certain flaws. For this reason, it’s very important that you have your code reviewed for security problems by an independent reviewer. A security expert would be best, but any competent programmer, if aware of what to look for, might find problems that you may have missed. In addition, whenever the code is updated or changed in any way, including to fix bugs, it should be checked again for security problems. Important: All code should have a security audit before being released. Use of Privilege This checklist is intended to determine whether your code ever runs with elevated privileges, and if it does, how best to do so safely. Note that it’s best to avoid running with elevated privileges if possible; see “Avoiding Elevated Privileges” (page 63). 1. Reduce privileges whenever possible. If you are using privilege separation with sandboxing or other privilege-limiting techniques, you should be careful to ensure that your helper tools are designed to limit the damage that they can cause if the main application gets compromised, and vice-versa. Read “Designing Secure Helpers And Daemons” (page 81) to learn how. Also, for daemons that start with elevated privileges and then drop privileges, you should always use a locally unique user ID for your program. See “Run Daemons As Unique Users” (page 84) to learn more. 2. Use elevated privileges sparingly, and only in privileged helpers. In most cases, a program can get by without elevated privileges, butsometimes a program needs elevated privileges to perform a limited number of operations, such as writing files to a privileged directory or opening a privileged port. 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 86 Security Development ChecklistsIf an attacker finds a vulnerability that allows execution of arbitrary code, the attacker’s code runs with the same privilege as the running code, and can take complete control of the computer if that code has root privileges. Because of this risk, you should avoid elevating privileges if at all possible. If you must run code with elevated privileges, here are some rules: ● Never run your main process as a different user. Instead, create a separate helper tool that runs with elevated privileges. ● Your helper tool should do as little as possible. ● Your helper tool should restrict what you can ask it to do as much as possible. ● Your helper tool should either drop the elevated privileges or stop executing as soon as possible. Important: If all or most of your code runs with root or other elevated privileges, or if you have complex code that performs multiple operations with elevated privileges, then your program could have a serious security vulnerability. You should seek help in performing a security audit of your code to reduce your risk. See “Elevating Privileges Safely” (page 59) and “Designing Secure Helpers And Daemons” (page 81) for more information. 3. Use launchd when possible. If you are writing a daemon or other process that runs with elevated privileges, you should always use launchd to start it. (To learn why other mechanisms are not recommended, read “Limitations And Risks Of Other Mechanisms” (page 67).) For more information on launchd,see the manual pagesfor launchd, launchctl, and launchd.plist, and Daemons and Services Programming Guide . For more information about startup items, see Daemons and Services Programming Guide . For more information on ipfw, see the ipfw manual page. 4. Avoid using sudo programmatically. If authorized to do so in the sudoers file, a user can use sudo to execute a command as root. The sudo command is intended for occasional administrative use by a user sitting at the computer and typing into the Terminal application. Its use in scripts or called from code is not secure. After executing the sudo command—which requires authenticating by entering a password—there is a five-minute period (by default) during which the sudo command can be executed without further authentication. It’s possible for another process to take advantage of this situation to execute a command as root. Further, there is no encryption or protection of the command being executed. Because sudo is used to execute privileged commands, the command arguments often include user names, passwords, and other information that should be kept secret. A command executed in this way by a script or other code can expose confidential data to possible interception and compromise. Security Development Checklists Use of Privilege 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 875. Minimize the amount of code that must be run with elevated privileges. Ask yourself approximately how many lines of code need to run with elevated privileges. If this answer is either “all” or is a difficult number to compute, then it will be very difficult to perform a security review of your software. If you can’t determine how to factor your application to separate out the code that needs privileges, you are strongly encouraged to seek assistance with your project immediately. If you are an ADC member, you are encouraged to ask for help from Apple engineers with factoring your code and performing a security audit. If you are not an ADC member, see the ADC membership page at http://developer.apple.com/programs/. 6. Never run a GUI application with elevated privileges. You should never run a GUI application with elevated privileges. Any GUI application linksin many libraries over which you have no control and which, due to their size and complexity, are very likely to contain security vulnerabilities. In this case, your application runs in an environment set by the GUI, not by your code. Your code and your user’s data can then be compromised by the exploitation of any vulnerabilities in the libraries or environment of the graphical interface. Data, Configuration, and Temporary Files Some security vulnerabilities are related to reading or writing files. This checklist is intended to help you find any such vulnerabilities in your code. 1. Be careful when working with files in untrusted locations. If you write to any directory owned by the user, then there is a possibility that the user will modify or corrupt your files. Similarly, if you write temporary files to a publicly writable place (for example, /tmp, /var/tmp, /Library/Caches or another specific place with this characteristic), an attacker may be able to modify your files before the next time you read them. If your code reads and writes files (and in particular if it uses files for interprocess communication), you should put those files in a safe directory to which only you have write access. For more information about vulnerabilities associated with writing files, and how to minimize the risks, see “Time of Check Versus Time of Use” (page 44). 2. Avoid untrusted configuration files, preference files, or environment variables. In many cases, the user can control environment variables, configuration files, and preferences. If you are executing a program for the user with elevated privileges, you are giving the user the opportunity to perform operations that they cannot ordinarily do. Therefore, you should ensure that the behavior of your privileged code does not depend on these things. Security Development Checklists Data, Configuration, and Temporary Files 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 88This means: ● Validate all input, whether directly from the user or through environment variables, configuration files, preferences files, or other files. In the case of environment variables, the effect might not be immediate or obvious; however the user might be able to modify the behavior of your program or of other programs or system calls. ● Make sure that file paths do not contain wildcard characters, such as ../ or ~, which an attacker can use to switch the current directory to one under the attacker’s control. ● Explicitly set the privileges, environment variables, and resources available to the running process, rather than assuming that the process has inherited the correct environment. 3. Load kernel extensions carefully (or not at all). A kernel extension is the ultimate privileged code—it has access to levels of the operating system that cannot be touched by ordinary code, even running as root. You must be extremely careful why, how, and when you load a kernel extension to guard against being fooled into loading the wrong one. It’s possible to load a root kit if you’re notsufficiently careful. (A root kit is malicious code that, by running in the kernel, can not only take over control of the system but can cover up all evidence of its own existence.) To make sure that an attacker hasn’t somehow substituted his or her own kernel extension for yours, you should always store kernel extensions in secure locations. You may, if desired, use code signing or hashes to further verify their authenticity, but this does not remove the need to protect the extension with appropriate permissions. (Time-of-check vs. time-of-use attacks are still possible.) Note that in recent versions of OS X, this is partially mitigated by the KEXT loading system, which refuses to load any kext binary whose owner is not root or whose group is not wheel. In general, you should avoid writing kernel extensions (see “Keep Out” in Kernel Programming Guide ). However, if you must use a kernel extension, use the facilities built into OS X to load your extension and be sure to load the extension from a separate privileged process. See “Elevating Privileges Safely” (page 59) to learn more about the safe use of root access. See Kernel Programming Guide for more information on writing and loading kernel extensions. For help on writing device drivers, see I/O Kit Fundamentals. Network Port Use This checklist is intended to help you find vulnerabilities related to sending and receiving information over a network. If your project does not contain any tool or application that sends or receives information over a network, skip to “Audit Logs” (page 91) (for servers) or “Integer and Buffer Overflows” (page 97) for all other products. 1. Use assigned port numbers. Security Development Checklists Network Port Use 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 89Port numbers 0 through 1023 are reserved for use by certain services specified by the Internet Assigned Numbers Authority (IANA; see http://www.iana.org/). On many systems including OS X, only processes running asroot can bind to these ports. It is notsafe, however, to assume that any communications coming over these privileged ports can be trusted. It’s possible that an attacker has obtained root access and used it to bind to a privileged port. Furthermore, on some systems, root access is not needed to bind to these ports. You should also be aware that if you use the SO_REUSEADDR socket option with UDP, it is possible for a local attacker to hijack your port. Therefore, you should always use port numbers assigned by the IANA, you should always check return codes to make sure you have connected successfully, and you should check that you are connected to the correct port. Also, as always, never trust input data, even if it’s coming over a privileged port. Whether data is being read from a file, entered by a user, or received over a network, you must validate all input. See “Validating Input And Interprocess Communication” (page 33) for more information about validating input. 2. Choose an appropriate transport protocol. Lower-level protocols, such as UDP, provide higher performance for some types of traffic, but are easier to spoof than higher-level protocols, such as TCP. Note that if you’re using TCP, you still need to worry about authenticating both ends of the connection, but there are encryption layers you can add to increase security. 3. Use existing authentication services when authentication is needed. If you’re providing a free and nonconfidential service, and do not process user input, then authentication is not necessary. On the other hand, if any secret information is being exchanged, the user is allowed to enter data that your program processes, or there is any reason to restrict user access, then you should authenticate every user. OS X provides a variety of secure network APIs and authorization services, all of which perform authentication. You should always use these services rather than creating your own authentication mechanism. For one thing, authentication is very difficult to do correctly, and dangerous to get wrong. If an attacker breaks your authentication scheme, you could compromise secrets or give the attacker an entry to your system. The only approved authorization mechanism for networked applications is Kerberos; see “Client-Server Authentication” (page 93). For more information on secure networking, see Secure Transport Reference and CFNetwork Programming Guide . 4. Verify access programmatically. UI limitations do not protect your service from attack. If your service provides functionality that should only be accessible to certain users, that service must perform appropriate checks to determine whether the current user is authorized to access that functionality. Security Development Checklists Network Port Use 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 90If you do not do this, then someone sufficiently familiar with your service can potentially perform unauthorized operations by modifying URLs, sending malicious Apple events, and so on. 5. Fail gracefully. If a server is unavailable, either because of some problem with the network or because the server is under a denial of service attack, your client application should limit the frequency and number of retries and should give the user the opportunity to cancel the operation. Poorly-designed clientsthat retry connectionstoo frequently and too insistently, or that hang while waiting for a connection, can inadvertently contribute to—or cause their own—denial of service. 6. Design your service to handle high connection volume. Your daemon should be capable of surviving a denial of service attack without crashing or losing data. In addition, you should limit the total amount of processor time, memory, and disk space each daemon can use, so that a denial of service attack on any given daemon does not result in denial of service to every process on the system. You can use the ipfwfirewall program to control packets and traffic flow for internet daemons. For more information on ipfw, see the ipfw(8) manual page. See Wheeler, Secure Programming for Linux and Unix HOWTO, available at http://www.dwheeler.com/secure-programs/, for more advice on dealing with denial of service attacks. 7. Design hash functions carefully. Hash tables are often used to improve search performance. However, when there are hash collisions(where two items in the list have the same hash result), a slower (often linear) search must be used to resolve the conflict. If it is possible for a user to deliberately generate different requeststhat have the same hash result, by making many such requests an attacker can mount a denial of service attack. It is possible to design hash tables that use complex data structures such as trees in the collision case. Doing so can significantly reduce the damage caused by these attacks. Audit Logs It’s very important to audit attempts to connect to a server or to gain authorization to use a secure program. If someone is attempting to attack your program, you should know what they are doing and how they are doing it. Furthermore, if your program is attacked successfully, your audit log is the only way you can determine what happened and how extensive the security breach was. This checklist is intended to help you make sure you have an adequate logging mechanism in place. Security Development Checklists Audit Logs 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 91Important: Don’t log confidential data, such as passwords, which could then be read later by a malicious user. 1. Audit attempts to connect. Your daemon orsecure program should audit connection attempts(both successful attempts and failures). Note that an attacker can attempt to use the audit log itself to create a denial of service attack; therefore, you should limit the rate of entering audit messages and the total size of the log file. You also need to validate the input to the log itself, so that an attacker can’t enter special characters such as the newline character that you might misinterpret when reading the log. See Wheeler, Secure Programming for Linux and Unix HOWTO for some advice on audit logs. 2. Use the libbsm auditing library where possible. The libbsm auditing library is part of the TrustedBSD project, which in turn is a set of trusted extensions to the FreeBSD operating system. Apple has contributed to this project and has incorporated the audit library into the Darwin kernel of the OS X operating system. (This library is not available in iOS.) You can use the libbsm auditing library to implement auditing of your program for login and authorization attempts. This library gives you a lot of control over which events are audited and how to handle denial of service attacks. The libbsm project is located at http://www.opensource.apple.com/darwinsource/Current/bsm/. For documentation of the BSM service, see the “Auditing Topics” chapter in Sun Microsystems’ System Administration Guide: Security Services located at http://docs.sun.com/app/docs/doc/806- 4078/6jd6cjs67?a=view. 3. If you cannot use libbsm, be careful when writing audit trails. When using audit mechanisms other than libbsm, there are a number of pitfalls you should avoid, depending on what audit mechanism you are using: ● syslog Prior to the implementation of the libbsm auditing library, the standard C library function syslog was most commonly used to write data to a log file. If you are using syslog, consider switching to libbsm, which gives you more options to deal with denial of service attacks. If you want to stay with syslog, be sure your auditing code is resistant to denial of service attacks, as discussed in step 1. ● Custom log file If you have implemented your own custom logging service, consider switching to libbsm to avoid inadvertently creating a security vulnerability. In addition, if you use libbsm your code will be more easily maintainable and will benefit from future enhancements to the libbsm code. If you stick with your own custom logging service, you must make certain that it is resistant to denial of service attacks (see step 1) and that an attacker can’t tamper with the contents of the log file. Security Development Checklists Audit Logs 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 92Because your log file must be either encrypted or protected with access controlsto prevent tampering, you must also provide tools for reading and processing your log file. Finally, be sure your custom logging code is audited for security vulnerabilities. Client-Server Authentication If any private or secret information is passed between a daemon and a client process, both ends of the connection should be authenticated. This checklist is intended to help you determine whether your daemon’s authentication mechanism is safe and adequate. If you are not writing a daemon, skip to “Integer and Buffer Overflows” (page 97). 1. Do not store, validate, or modify passwords yourself. It’s a very bad idea to store, validate, or modify passwords yourself, as it’s very hard to do so securely, and OS X and iOS provide secure facilities for just that purpose. ● In OS X, you can use the keychain to store passwords and Authorization Services to create, modify, delete, and validate user passwords (see Keychain Services Programming Guide and Authorization Services Programming Guide ). ● In OS X, if you have access to an OS X Server setup, you can use Open Directory (see Open Directory Programming Guide ) to store passwords and authenticate users. ● On an iOS device, you can use the keychain to store passwords. iOS devices authenticate the application that is attempting to obtain a keychain item rather than asking the user for a password. By storing data in the keychain, you also ensure that they remain encrypted in any device backups. 2. Never send passwords over a network connection in cleartext form. You should never assume that an unencrypted network connection issecure. Information on an unencrypted network can be intercepted by any individual or organization between the client and the server. Even an intranet, which does not go outside of your company, is not secure. A large percentage of cyber crime is committed by company insiders, who can be assumed to have accessto a network inside a firewall. OS X provides APIs for secure network connections; see Secure Transport Reference and CFNetwork Programming Guide for details. 3. Use server authentication as an anti-spoofing measure. Although server authentication is optional in the SSL/TLS protocols, you should always do it. Otherwise, an attacker might spoof your server, injuring your users and damaging your reputation in the process. 4. Use reasonable pasword policies. ● Password strength Security Development Checklists Client-Server Authentication 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 93In general, it is better to provide the user with a meansto evaluate the strength of a proposed password rather than to require specific combinations of letters, numbers, or punctuation, as arbitrary rules tend to cause people to choose bad passwords to fit the standard (Firstname.123) instead of choosing good passwords. ● Password expiration Password expiration has pros and cons. If your service transmits passwords in cleartext form, it is absolutely essential. If your password transmission is considered secure, however, password expiration can actually weaken security by causing people to choose weaker passwords that they can remember or to write their passwords down on sticky notes on their monitors. See Password Expiration Considered Harmful for more information. ● Non-password authentication Hardware-token-based authentication providesfar more security than any password scheme because the correct response changes every time you use it. These tokens should always be combined with a PIN, and you should educate your users so that they do not write their username or PIN on the token itself. ● Disabled accounts When an employee leaves or a user closes an account, the accountshould be disabled so that it cannot be compromised by an attacker. The more active accounts you have, the greater the probability that one will have a weak password. ● Expired accounts Expiring unused accounts reduces the number of active accounts, and in so doing, reduces the risk of an old account getting compromised by someone stealing a password that the user has used for some other service. Note, however, that expiring a user account without warning the user first is generally a bad idea. If you do not have a means of contacting the user, expiring accounts are generally considered poor form. ● Changing passwords You can require that the client application support the ability to change passwords, or you can require that the user change the password using a web interface on the server itself. In either case, the user (or the client, on behalf of the user) must provide the previous password along with the new password (twice unless the client is updating it programmatically over a sufficiently robust channel). ● Lost password retrieval (such as a system that triggers the user’s memory or a series of questions designed to authenticate the user without a password) Security Development Checklists Client-Server Authentication 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 94Make sure your authentication method is not so insecure that an attacker doesn’t even bother to try a password, and be careful not to leak information, such as the correct length of the password, the email address to which the recovered password is sent, or whether the user ID is valid. You should always allow (and perhaps even require) customer to choose their own security questions. Pre-written questions are inherently dangerous because any question that is general enough for you to ask it of a large number of people is: ● likely to be a request for information that a large number of that person’s friends already know. In all likelihood, everyone who attended your high school can guess (in a handful of guesses) who your kindergarten teacher was, who your high school mascot was, and so on. ● probably on your public profile on a social networking site. For example, if you ask where you were born, chances are that’s public information. Even if it isn’t on your profile, someone can dig it up through government records. ● potentially guessable given other information about the person. For example, given the last four digits of a social security number, someone’s birthdate, and the city in which that person was born, you can fairly easily guess then entire social security number. Finally, you should always allow your users the option of not filing out security questions. The mere existence of security questions makes their accounts less secure, so security-conscious individuals should be allowed to refuse those questions entirely. ● Limitations on password length (adjustable by the system administrator) In general, you should require passwords to be at least eight characters in length. (As a side note, if yourserver limits passwordsto a maximum of eight characters, you need to rethink your design. There should be no maximum password length at all, if possible.) The more of these policies you enforce, the more secure your server will be. Rather than creating your own password database—which is difficult to do securely—you should use the Apple Password Server. See Open Directory Programming Guide for more information about the Password Server, Directory Service Framework Reference for a list of Directory Services functions, and the manual pages for pwpolicy(8), passwd(1), passwd(5), and getpwent(3) at http://developer.apple.com/documentation/Darwin/Reference/ManPages/index.html for tools to access the password database and set password policies. 5. Do not store unencrypted passwords and do not reissue passwords. In order to reissue a password, you first have to cache the unencrypted password, which is bad security practice. Furthermore, when you reissue a password, you might also be reusing that password in an inappropriate security context. For example, suppose your program is running on a web server, and you use SSL to communicate with clients. If you take a client’s password and use it to log into a database server to do something on the client’s behalf, there’s no way to guarantee that the database server keeps the password secure and does Security Development Checklists Client-Server Authentication 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 95not pass it on to another server in cleartext form. Therefore, even though the password was in a secure context when it was being sent to the web server over SSL, when the web server reissues it, it’s in an insecure context. If you want to spare your client the trouble of logging in separately to each server, you should use some kind of forwardable authentication, such as Kerberos. For more information on Apple’s implementation of Kerberos, see http://developer.apple.com/darwin/projects/kerberos/. Under no circumstances should you design a system in which system administrators or other employees can see users’ passwords. Your users are trusting you with passwords that they may use for other sites; therefore, it is extremely reckless to allow anyone else to see those passwords. Administrators should be allowed to reset passwords to new values, but should never be allowed to see the passwords that are already there. 6. Support Kerberos. Kerberos is the only authorization service available over a network for OS X servers, and it offers single-sign-on capabilities. If you are writing a server to run on OS X, you should support Kerberos. When you do: a. Be sure you’re using the latest version (v5). b. Use a service-specific principal, not a host principal. Each service that uses Kerberos should have its own principal so that compromise of one key does not compromise more than one service. If you use a host principal, anyone who has your host key can spoof login by anybody on the system. The only alternative to Kerberos is combining SSL/TLS authentication with some other means of authorization such as an access control list. 7. Restrict guest access appropriately. If you allow guest access, be sure that guests are restricted in what they can do, and that your user interface makes clear to the system administrator what guests can do. Guest access should be off by default. It’s best if the administrator can disable guest access. Also, as noted previously, be sure to limit what guests can do in the code that actually performs the operation, not just in the code that generates the user interface. Otherwise, someone with sufficient knowledge ofthe systemcan potentially performthose unauthorized operationsin other ways(bymodifying URLs, for example). 8. Do not implement your own directory service. Open Directory is the directory server provided by OS X for secure storage of passwords and user authentication. It is important that you use this service and not try to implement your own, as secure directory servers are difficult to implement and an entire directory’s passwords can be compromised if it’s done wrong. See Open Directory Programming Guide for more information. 9. Scrub (zero) user passwords from memory after validation. Security Development Checklists Client-Server Authentication 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 96Passwords must be kept in memory for the minimum amount of time possible and should be written over, not just released, when no longer needed. It is possible to read data out of memory even if the application no longer has pointers to it. Integer and Buffer Overflows As discussed in “Avoiding Buffer Overflows And Underflows” (page 17), buffer overflows are a major source of security vulnerabilities. This checklist is intended to help you identify and correct buffer overflows in your program. 1. Use unsigned values when calculating memory object offsets and sizes. Signed values make it easier for an attacker to cause a buffer overflow, creating a security vulnerability, especially if your application accepts signed values from user input or other outside sources. Be aware that data structures referenced in parameters might contain signed values. See “Avoiding Integer Overflows And Underflows” (page 27) and “Calculating Buffer Sizes” (page 25) for details. 2. Check for integer overflows (or signed integer underflows) when calculating memory object offsets and sizes. You must always check for integer overflows or underflows when calculating memory offsets or sizes. Integer overflows and underflows can corrupt memory in ways that can lead to execution of arbitrary code. See “Avoiding Integer Overflows And Underflows” (page 27) and “Calculating Buffer Sizes” (page 25) for details. 3. Avoid unsafe string-handling functions. The functions strcat, strcpy, strncat, strncpy, sprintf, vsprintf, gets have no built-in checks for string length, and can lead to buffer overflows. For alternatives, read “String Handling” (page 22). Cryptographic Function Use This checklist is intended to help you determine whether your program has any vulnerabilities related to use of encryption, cryptographic algorithms, or random number generation. 1. Use trusted random number generators. Do not attempt to generate your own random numbers. Security Development Checklists Integer and Buffer Overflows 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 97There are several ways to obtain high-quality random numbers: ● In iOS, use the Randomization Services programming interface. ● In OS X: ● Read from /dev/random in OS X (see the manual page for random). ● Use the read_random function in the header file random.h in the Apple CSP module, which is part of Apple’simplementation ofthe CDSA framework (available at http://developer.apple.com/darwin/projects/security/). Note that rand does not return good random numbers and should not be used. 2. Use TLS/SSL instead of custom schemes. You should always use accepted standard protocols for secure networking. These standards have gone through peer review and so are more likely to be secure. In addition, you should always use the most recent version of these protocols. To learn more about the secure networking protocols available in OS X and iOS, read “Secure Network Communication APIs” in Cryptographic Services Guide . 3. Don’t roll your own crypto algorithms. Always use existing optimized functions. It is very difficult to implement a secure cryptographic algorithm, and good, secure cryptographic functions are readily available. To learn about the cryptographic services available in OS X and iOS, read Cryptographic Services Guide . Installation and Loading Many security vulnerabilities are caused by problems with how programs are installed or code modules are loaded. This checklist is intended to help you find any such problems in your project. 1. Don’t install components in /Library/StartupItemsor/System/Library/Extensions. Code installed into these directories runs with root permissions. Therefore, it is very important that such programs be carefully audited forsecurity vulnerabilities(as discussed in this checklist) and that they have their permissions set correctly. For information on proper permissions for startup items, see “Startup Items”. (Note that in OS X v10.4 and later,startup items are deprecated; you should use launchd to launch your daemonsinstead. See Daemons and Services Programming Guide for more information.) For information on permissions for kernel extensions, see Kernel Extension Programming Topics. (Note that beginning in OS X v10.2, OS X checks for permissions problems and refuses to load extensions unless the permissions are correct.) Security Development Checklists Installation and Loading 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 982. Don’t use custom install scripts. Custom install scripts add unnecessary complexity and risk, so when possible, you should avoid them entirely. If you must use a custom install script, you should: ● If your installerscript runsin a shell, read and follow the advice in “Shell Script Security” in Shell Scripting Primer. ● Be sure that yourscript followsthe guidelinesin this checklist just asthe rest of your application does. In particular: ● Don’t write temporary files to globally writable directories. ● Don’t execute with higher privileges than necessary. In general, your script should execute with the same privileges the user has normally, and should do its work in the user’s directory on behalf of the user. ● Don’t execute with elevated privileges any longer than necessary. ● Set reasonable permissions on your installed app. For example, don’t give everyone read/write permission to files in the app bundle if only the owner needs such permission. ● Set your installer’s file code creation mask (umask) to restrict access to the files it creates (see “Securing File Operations” (page 47)). ● Check return codes, and if anything is wrong, log the problem and report the problem to the user through the user interface. For advice on writing installation code that needs to perform privileged operations, see Authorization Services Programming Guide . For more information about writing shell scripts, read Shell Scripting Primer. 3. Load plug-ins and libraries only from secure locations. An application should load plug-ins only from secure directories. If your application loads plug-ins from directories that are not restricted, then an attacker might be able to trick the user into downloading malicious code, which your application might then load and execute. Important: In code running with elevated privileges, directories writable by the user are not considered secure locations. Be aware that the dynamic link editor (dyld) might link in plugins, depending on the environment in which your code is running. If your code uses loadable bundles (CFBundle or NSBundle), then it is dynamically loading code and could potentially load bundles written by a malicious hacker. See Code Loading Programming Topics for more information about dynamically loaded code. Security Development Checklists Installation and Loading 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 99Use of External Tools and Libraries If your program includes or uses any command-line tools, you have to look for security vulnerabilities specific to the use of such tools. This checklist is intended to help you find and correct such vulnerabilities. 1. Execute tools safely. If you are using routines such as popen or system to send commands to the shell, and you are using input from the user or received over a network to construct the command, you should be aware that these routines do not validate their input. Consequently, a malicious user can pass shell metacharacters—such as an escape sequence or other special characters—in command line arguments. These metacharacters might cause the following text to be interpreted as a new command and executed. In addition, when calling functions such as execlp, execvp, popen, or system that use the PATH environment variable to search for executables, you should always specify a complete absolute path to any tool that you want to run. If you do not, a malicious attacker can potentially cause you to run a different tool using an environment variable attack. When possible, use execvP (which takes an explicit search path argument) or avoid these functions altogether. See Viega and McGraw, Building Secure Software , AddisonWesley, 2002, andWheeler, Secure Programming for Linux andUnixHOWTO, available at http://www.dwheeler.com/secure-programs/, formore information on problems with these and similar routines and for secure ways to execute shell commands. 2. Do not pass sensitive information on the command line. If your application executes command-line tools, keep in mind that your process environment is visible to other users (see man ps(1)). You must be careful not to pass sensitive information in an insecure manner. Instead, pass sensitive information to your tool through some other means such as: ● Pipe or standard input A password is safe while being passed through a pipe; however, you must be careful that the process sending the password obtains and stores it in a safe manner. ● Environment variables Environment variables can potentially be read by other processes and thus may not be secure. If you use environment variables, you must be careful to avoid passing them to any processes that your command-line tool or script might spawn. See “Shell Script Security” in Shell Scripting Primer for details. ● Shared memory Named and globally-shared memory segments can be read by other processes. See “Interprocess Communication And Networking” (page 40) for more information aboutsecure use ofshared memory. ● Temporary file Security Development Checklists Use of External Tools and Libraries 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 100Temporary files are safe only if kept in a directory to which only your program has access. See “Data, Configuration, and Temporary Files” (page 88), earlier in this chapter, for more information on temporary files. 3. Validate all arguments (including the name). Also, remember that anyone can execute a tool—it is not executable exclusively through your program. Because all command-line arguments, including the program name (argv(0)), are under the control of the user, your tool should validate every parameter (including the name, if the tool’s behavior depends on it). Kernel Security This checklist is intended to help you program safely in the kernel. Note: Coding in the kernel poses special security risks and is seldom necessary. See Coding in the Kernel for alternatives to writing kernel-level code. 1. Verify the authenticity of Mach-based services. Kernel-level code can work directly with the Mach component. A Mach port is an endpoint of a communication channel between a client who requests a service and a server that provides the service. Mach ports are unidirectional; a reply to a service request must use a second port. If you are using Mach ports for communication between processes, you should check to make sure you are contacting the correct process. Because Mach bootstrap ports can be inherited, it is important for servers and clients to authenticate each other. You can use audit trailers for this purpose. You should create an audit record for each security-related check your program performs. See “Audit Logs” (page 91), earlier in this chapter, for more information on audit records. 2. Verify the authenticity of other user-space services. If your kernel extension was designed to communicate with only a specific user-space daemon, you should check not only the name of the process, but also the owner and group to ensure that you are communicating with the correct process. 3. Handle buffers correctly. When copying data to and from user space, you must: a. Check the bounds of the data using unsigned arithmetic—just as you check all bounds (see “Integer and Buffer Overflows” (page 97), earlier in this chapter)—to avoid buffer overflows. b. Check for and handle misaligned buffers. c. Zero all pad data when copying to or from user-space memory. Security Development Checklists Kernel Security 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 101If you or the compiler adds padding to align a data structure in some way, you should zero the padding to make sure you are not adding spurious (or even malicious) data to the user-space buffer, and to make sure that you are not accidentally leaking sensitive information that may have been in that page of memory previously. 4. Limit the memory resources a user may request. If your code does not limit the memory resources a user may request, then a malicious user can mount a denial of service attack by requesting more memory than is available in the system. 5. Sanitize any kernel log messages. Kernel code often generates messages to the console for debugging purposes. If your code does this, be careful not to include any sensitive information in the messages. 6. Don’t log too much. The kernel logging service has a limited buffer size to thwart denial of service attacks against the kernel. This means that if your kernel code logs too frequently or too much, data can be dropped. If you need to log large quantities of data for debugging purposes, you should use a different mechanism, and you must disable that mechanism before deploying your kernel extension. If you do not, then your extension could become a denial-of-service attack vector. 7. Design hash functions carefully. Hash tables are often used to improve search performance. However, when there are hash collisions(where two items in the list have the same hash result), a slower (often linear) search must be used to resolve the conflict. If it is possible for a user to deliberately generate different requeststhat have the same hash result, by making many such requests an attacker can mount a denial of service attack. It is possible to design hash tables that use complex data structures such as trees in the collision case. Doing so can significantly reduce the damage caused by these attacks. Security Development Checklists Kernel Security 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 102This appendix provides secure coding guidelines for software to be bundled with Apple products. Insecure software can pose a risk to the overall security of users’ systems. Security issues can lead to negative publicity and end-user support problems for Apple and third parties. Respect Users’ Privacy Your bundled software may use the Internet to communicate with your servers or third party servers. If so, you should provide clear and concise information to the user about what information is sent or retrieved and the reason for sending or receiving it. Encryption should be used to protect the information while in transit. Servers should be authenticated before transferring information. Provide Upgrade Information Provide information on how to upgrade to the latest version. Consider implementing a “Check for updates…” feature. Customers expect (and should receive) security fixes that affect the software version they are running. You should have a way to communicate available security fixes to customers. If possible, you should use the Mac App Store for providing upgrades. The Mac App Store provides a single, standard interface for updating all of a user’s software. The Mac App Store also provides an expedited app review process for handling critical security fixes. Store Information in Appropriate Places Store user-specific information in the home directory, with appropriate file system permissions. Take special care when dealing with shared data or preferences. Follow the guidelines about file system permissions set forth in File System Programming Guide . 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 103 Third-Party Software Security GuidelinesTake care to avoid race conditions and information disclosure when using temporary files. If possible, use a user-specific temporary file directory. Avoid Requiring Elevated Privileges Do not require or encourage users to be logged in as an admin user to install or use your application. You should regularly test your application as a normal user to make sure that it works as expected. Implement Secure Development Practices Educate your developers on how to write secure code to avoid the most common classes of vulnerabilities: ● Buffer overflows ● Integer overflows ● Race conditions ● Format string vulnerabilities Pay special attention to code that: ● deals with potentially untrusted data, such as documents or URLs ● communicates over the network ● handles passwords or other sensitive information ● runs with elevated privileges such as root or in the kernel Use APIs appropriate for the task: ● Use APIs that take security into account in their design. ● Avoid low-level C code when possible (e.g. use NSString instead of C-strings). ● Use the security features of OS X to protect user data. Test for Security As appropriate for your product, use the following QA techniques to find potential security issues: Third-Party Software Security Guidelines Avoid Requiring Elevated Privileges 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 104● Test for invalid and unexpected data in addition to testing what is expected. (Use fuzzing tools, include unit tests that test for failure, and so on.) ● Static code analysis ● Code reviews and audits Helpful Resources The other chaptersin this document describe best practicesfor writing secure code, including more information on the topics referenced above. Security Overview and Cryptographic Services Guide contain detailed information on security functionality in OS X that developers can use. Third-Party Software Security Guidelines Helpful Resources 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 105This table describes the changes to Secure Coding Guide . Date Notes 2012-06-11 Made minor typographical fixes. 2012-02-16 Fixed minor errors throughout. 2012-01-09 Updated for OS X v10.7. 2010-02-12 Added security guidelines. Added article on validating input--including the dangers of loading insecurely stored archives--and added information about the iOS where relevant. 2008-05-23 New document that describes techniques to use and factors to consider to make your code more secure from attack. 2006-05-23 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 106 Document Revision HistoryAES encryption Abbreviation for Advanced Encryption Standard encryption. A Federal Information Processing Standard (FIPS), described in FIPS publication 197. AES has been adopted by the U.S. government for the protection of sensitive, non-classified information. attacker Someone deliberately trying to make a program or operating system do something that it’s not supposed to do, such as allowing the attacker to execute code or read private data. authentication The process by which a person or other entity (such as a server) proves that it is who (or what) it says it is. Compare with authorization. authorization The process by which an entity such as a user or a server gets the right to perform a privileged operation. (Authorization can also refer to the right itself, as in “Bob has the authorization to run that program.”) Authorization usually involves first authenticating the entity and then determining whether it has the appropriate privileges. See also authentication. buffer overflow The insertion of more data into a memory buffer than was reserved for the buffer, resulting in memory locations outside the buffer being overwritten. See also heap overflow and stack overflow. CDSA Abbreviation for Common Data Security Architecture. An open software standard for a security infrastructure that provides a wide array of security services, including fine-grained access permissions, authentication of users, encryption, and secure data storage. CDSA has a standard application programming interface, called CSSM. CERT Coordination Center A center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. CERT is an acronym for Computer Emergency Readiness Team.) certificate See digital certificate. Common Criteria A standardized process and set of standards that can be used to evaluate the security of software products developed by the governments of the United States, Canada, the United Kingdom, France, Germany, and the Netherlands. cracker See attacker. CSSM Abbreviation for Common Security Services Manager. A public application programming interface for CDSA. CSSM also defines an interface for plug-ins that implement security services for a particular operating system and hardware environment. CVE Abbreviation for Common Vulnerabilities and Exposures. A dictionary of standard names for security vulnerabilities located at http://www.cve.mitre.org/. You can run an Internet search on the CVE number to read details about the vulnerability. 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 107 Glossarydigital certificate A collection of data used to verify the identity of the holder. OS X supports the X.509 standard for digital certificates. exploit A program or sample code that demonstrates how to take advantage of a vulnerability.) FileVault An OS X feature, configured through the Security system preference, that encrypts everything in on the root volume (or everything in the user’s home directory prior to OS X v10.7). hacker An expert programmer—generally one with the skill to create an exploit. Most hackers do not attack other programs, and some publish exploits with the intent of forcing software developers to fix vulnerabilities. See also script kiddie. heap A region of memory reserved for use by a program during execution. Data can be written to or read from any location on the heap, which grows upward (toward highermemory addresses). Compare with stack. heap overflow A buffer overflow in the heap. homographs Characters that look the same but have different Unicode values, such as the Roman character p and the Russian glyph that is pronounced like “r”. integer overflow A buffer overflow caused by entering a number that is too large for an integer data type. Kerberos An industry-standard protocol created by the Massachusetts Institute of Technology (MIT) to provide authentication over a network. keychain A database used in OS X to store encrypted passwords, private keys, and othersecrets. It is also used to store certificates and other non-secret information that is used in cryptography and authentication. Keychain Access utility An application that can be used to manipulate data in the keychain. Keychain Services A public API that can be used to manipulate data in the keychain. level of trust The confidence a user can have in the validity of a certificate. The level of trust for a certificate is used together with the trust policy to answer the question “Should I trust this certificate for this action?” nonrepudiation A process or technique making it impossible for a user to deny performing an operation (such as using a specific credit card number). Open Directory The directory server provided by OS X for secure storage of passwords and user authentication. permissions See privileges. phishing A social engineering technique in which an email or web page that spoofs one from a legitimate businessis used to trick a user into giving personal data and secrets (such as passwords) to someone who has malicious intent. policy database A database containing the set of rules the Security Server uses to determine authorization. privileged operation An operation that requires special rights or privileges. privileges The type of access to a file or directory (read, write, execute, traverse, and so forth) granted to a user or to a group. Glossary 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 108race condition The occurrence of two events out of sequence. root kit Malicious code that, by running in the kernel, can not only take over control of the system but can also cover up all evidence of its own existence. root privileges Having the unrestricted permission to perform any operation on the system. script kiddie Someone who uses published code (scripts) to attack software and computer systems. signal A message sent from one processto another in a UNIX-based operating system (such as OS X) social engineering As applied to security, tricking a user into giving up secrets or into giving access to a computer to an attacker. smart card A plastic card similar in size to a credit card that has memory and a microprocessor embedded in it. A smart card can store and process information, including passwords, certificates, and keys. stack A region of memory reserved for use by a specific program and used to control program flow. Data is put on the stack and removed in a last-in–first-out fashion. The stack grows downward (toward lower memory addresses). Compare with heap. stack overflow A buffer overflow on the stack. time of check–time of use (TOCTOU) A race condition in which an attacker creates, writes to, or alters a file between the time when a program checks the status of the file and when the program writes to it. trust policy A set of rules that specify the appropriate uses for a certificate that has a specific level of trust. For example, the trust policy for a browser might state that if a certificate has expired, the user should be prompted for permission before a secure session is opened with a web server. vulnerability A feature of the way a program was written—either a design flaw or a bug—that makes it possible for a hacker or script kiddie to attack the program. Glossary 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 109Symbols _unknown user 84 A access control 14 applications factoring 69 interfaces 73–78 arguments, command line 61, 101 argv(0) 61 attackers 8 audit logs 91 authentication 14, 90 authopen 65 Authorization Services 72 authorization granting 14 revoking 75 AuthorizationExecWithPrivilege 68 B buffer overflows 11, 17–29 calculating buffer sizes 25–26 checklist 97 detecting 28 integer arithmetic 27 strings 22 buffer overflows See also heap , stack 17 C certificates digital certificates 14 CFBundle 99 chflags 48 chmod 55 chown 55 close-on-exec flag 58 code insertion 37 command-line arguments 61, 101 command-line tools 100 configuration files 88 crackers 8 D default settings 73 denial of service 91 device ID 58 digital certificate identity 79 digital certificates 14 document organization 9 dyld 99 dynamic link editor 99 E elevated privileges 59, 86 encryption 15 environment variables 62, 88 F factoring applications 69 fchmod 55 fchown 55 file descriptor 50, 52 inheriting 58 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 110 Indexfile descriptors 61 file locations 75 file operations Carbon 55 Cocoa 51 insecure 13, 47–58 POSIX 50 file system, remotely mounted 57 files temporary 88 FileVault 75 firewall 91 fopen 55 format string attacks 34 FSFindFolder 50 fstat 55 fuzzing 39 G GID 64 group ID 64 guest access 96 GUI 88 H hackers 7 hard link 48 hash function 91, 102 heap 11 overflow 20, 22 I identity 79 input validation 12 input data structures 97 inappropriate 17 testing 28 to audit logs 92 types of 17 validating 19, 33–40, 100 insecure file operations 13, 47–58 installer 63 integer overflows 27 interface, user 76 ipfw 91 K Kerberos 96 kernel extensions 72, 89 kernel messages 102 kernel checklist 101 KEXT 72 L launchd 66, 87 least privilege, principle of 60 left bracket 57 libbsm 92 /Library/StartupItems 68 logs, audit 91 lstat 55 M Mach ports 101 mkstemp 53, 55 mktemp 55 N negative numbers 27 network ports 90 nobody user 84 NSBundle 99 NSTemporaryDirectory 51 Index 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 111O open 55 organization of document 9 P passwords 93 permissions 52 permissions See also privileges phishing 16, 78 plug-ins 99 policy database 69, 72 port numbers 90 ports, Mach 101 private key identity 79 privileges 14, 59–72 elevated 59, 86 level, changing 64 principle of least privilege 60 root 14 process limits 62 R race conditions 13, 43 interprocess communication 13 scripts 56 time of check–time of use 44–46 44–46 random numbers 97 references 10 remotely mounted file system 58 rm 48 root kit 89 root privileges 14 S script kiddies 8 scripts, avoiding race conditions 56 Security Objective-C API 79 setegid 65 seteuid 65 setgid 65 setregid 65 setreuid 65 setrlimit 62 setuid 65, 67 SFAuthorizationView 79 SFCertificatePanel 79 SFCertificateTrustPanel 79 SFCertificateView 79 SFChooseIdentityPanel 79 SFKeychainSavePanel 79 SFKeychainSettingsPanel 80 shell commands 100 signal handler 46 social engineering 16, 37, 78 stack 11 overflow 18–20 stat 55 statistics of threats and attacks 16 string-handling functions 22, 97 sudo 87 symbolic link 49 syslog 92 SystemStarter 68 T temporary files 50, 53, 88 and scripts 56 default location 50, 51 test 57 twos-complement arithmetic 27 U UID 64 Index 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 112unique 84 umask 52 URL commands 12, 36 user ID 64 user interface 76 V validating input 12, 33–40 W wildcard characters 89 X xinetd 68 Index 2012-06-11 | © 2012 Apple Inc. All Rights Reserved. 113Apple Inc. © 2012 Apple Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrievalsystem, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Apple Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Apple’s copyright notice. No licenses, express or implied, are granted with respect to any of the technology described in this document. Apple retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Apple-labeled computers. Apple Inc. 1 Infinite Loop Cupertino, CA 95014 408-996-1010 Apple, the Apple logo, Carbon, Cocoa, eMac, FileVault, iPhone, Keychain, Mac, Macintosh, Numbers, Objective-C, OS X, Pages, and Safari are trademarks of Apple Inc., registered in the U.S. and other countries. .Mac is a service mark of Apple Inc., registered in the U.S. and other countries. App Store and Mac App Store are service marks of Apple Inc. Java is a registered trademark of Oracle and/or its affiliates. Ping is a registered trademark of Karsten Manufacturing and is used in the U.S. under license. UNIX is a registered trademark of The Open Group. iOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license. Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.ASARESULT, THISDOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL,OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state. String Programming GuideContents Introduction to String Programming Guide for Cocoa 5 Who Should Read This Document 5 Organization of This Document 5 See Also 6 Strings 7 Creating and Converting String Objects 8 Creating Strings 8 NSString from C Strings and Data 8 Variable Strings 9 Strings to Present to the User 10 Combining and Extracting Strings 10 Getting C Strings 11 Conversion Summary 12 Formatting String Objects 13 Formatting Basics 13 Strings and Non-ASCII Characters 14 NSLog and NSLogv 14 String Format Specifiers 15 Format Specifiers 15 Platform Dependencies 17 Reading Strings From and Writing Strings To Files and URLs 19 Reading From Files and URLs 19 Reading data with a known encoding 19 Reading data with an unknown encoding 20 Writing to Files and URLs 21 Summary 21 Searching, Comparing, and Sorting Strings 22 Search and Comparison Methods 22 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 2Searching strings 22 Comparing and sorting strings 23 Search and Comparison Options 24 Examples 24 Case-Insensitive Search for Prefix and Suffix 24 Comparing Strings 25 Sorting strings like Finder 26 Paragraphs and Line Breaks 28 Line and Paragraph Separator Characters 28 Separating a String “by Paragraph” 28 Characters and Grapheme Clusters 30 Character Sets 33 Character Set Basics 33 Creating Character Sets 33 Performance considerations 34 Creating a character set file 35 Standard Character Sets and Unicode Definitions 35 Scanners 36 Creating a Scanner 36 Using a Scanner 36 Example 38 Localization 39 String Representations of File Paths 40 Representing a Path 40 User Directories 41 Path Components 42 File Name Completion 43 Drawing Strings 44 Document Revision History 45 Index 47 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 3Tables String Format Specifiers 15 Table 1 Format specifiers supported by the NSString formatting methods and CFString formatting functions 15 Table 2 Length modifiers supported by the NSString formatting methods and CFString formatting functions 16 Table 3 Format specifiers for data types 17 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 4String Programming Guide for Cocoa describes how to create, search, concatenate, and draw strings. It also describes character sets, which let you search a string for characters in a group, and scanners, which convert numbers to strings and vice versa. Who Should Read This Document You should read this document if you need to work directly with strings or character sets. Organization of This Document This document contains the following articles: ● “Strings” (page 7) describes the characteristics of string objects in Cocoa. ● “Creating and Converting String Objects” (page 8) explains the ways in which NSString and its subclass NSMutableString create string objects and convert their contents to and from the various character encodings they support. ● “Formatting String Objects” (page 13) describes how to format NSString objects. ● “String Format Specifiers” (page 15) describes printf-style format specifiers supported by NSString. ● “Reading Strings From and Writing Strings To Files and URLs” (page 19) describes how to read strings from and write strings to files and URLs. ● “Searching, Comparing, and Sorting Strings” (page 22) describes methods for finding characters and substrings within strings and for comparing one string to another. ● “Paragraphs and Line Breaks” (page 28) describes how paragraphs and line breaks are represented. ● “Characters and Grapheme Clusters” (page 30) describes how you can break strings down into user-perceived characters. ● “Character Sets” (page 33) explains how to use character set objects, and how to use NSCharacterSet methods to create standard and custom character sets. ● “Scanners” (page 36) describes NSScanner objects, which interpret and convert the characters of an NSString object into number and string values. 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 5 Introduction to String Programming Guide for Cocoa● “String Representations of File Paths” (page 40) describes the NSString methods that manipulate strings as file-system paths. ● “Drawing Strings” (page 44) discusses the methods of the NSString class that support drawing directly in an NSView object. See Also For more information, refer to the following documents: ● Attributed String Programming Guide is closely related to String Programming Guide for Cocoa . It provides information about NSAttributedString objects, which manage sets of attributes, such as font and kerning, that are associated with character strings or individual characters. ● Data Formatting Guide describes how to format data using objects that create, interpret, and validate text. ● Internationalization Programming Topics provides information about localizing strings in your project, including information on how string formatting arguments can be ordered. ● String Programming Guide for Core Foundation in Core Foundation, discussesthe Core Foundation opaque type CFString, which is toll-free bridged with the NSString class. Introduction to String Programming Guide for Cocoa See Also 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 6String objects represent character strings in Cocoa frameworks. Representing strings as objects allows you to use strings wherever you use other objects. It also providesthe benefits of encapsulation,so thatstring objects can use whatever encoding and storage is needed for efficiency while simply appearing as arrays of characters. A string object is implemented as an array of Unicode characters (in other words, a text string). An immutable string is a text string that is defined when it is created and subsequently cannot be changed. To create and manage an immutable string, use the NSString class. To construct and manage a string that can be changed after it has been created, use NSMutableString. The objects you create using NSString and NSMutableString are referred to as string objects (or, when no confusion will result, merely as strings). The term C string refers to the standard C char * type. A string object presents itself as an array of Unicode characters. You can determine how many characters it contains with the length method and can retrieve a specific character with the characterAtIndex: method. These two “primitive” methods provide basic access to a string object. Most use of strings, however, is at a higher level, with the strings being treated as single entities: You compare strings against one another, search them for substrings, combine them into new strings, and so on. If you need to access string objects character-by-character, you must understand the Unicode character encoding—specifically, issues related to composed character sequences. For details see: ● The Unicode Standard, Version 4.0 . The Unicode Consortium. Boston: Addison-Wesley, 2003. ISBN 0-321-18578-1. ● The Unicode Consortium web site: http://www.unicode.org/. 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 7 StringsNSString and its subclass NSMutableString provide several ways to create string objects, most based around the various character encodingsitsupports. Although string objects always present their own contents as Unicode characters, they can convert their contents to and from many other encodings, such as 7-bit ASCII, ISO Latin 1, EUC, and Shift-JIS. The availableStringEncodings class method returns the encodings supported. You can specify an encoding explicitly when converting a C string to or from a string object, or use the default C string encoding, which varies from platform to platform and is returned by the defaultCStringEncoding class method. Creating Strings The simplest way to create a string object in source code is to use the Objective-C @"..." construct: NSString *temp = @"Contrafibularity"; Note that, when creating a string constant in this fashion, you should use UTF-8 characters. Such an object is created at compile time and exists throughout your program’s execution. The compiler makes such object constants unique on a per-module basis, and they’re never deallocated. You can also send messages directly to a string constant as you do any other string: BOOL same = [@"comparison" isEqualToString:myString]; NSString from C Strings and Data To create an NSString object from a C string, you use methods such as initWithCString:encoding:. You must correctly specify the character encoding of the C string. Similar methods allow you to create string objects from characters in a variety of encodings. The method initWithData:encoding: allows you to convert string data stored in an NSData object into an NSString object. char *utf8String = /* Assume this exists. */ ; NSString *stringFromUTFString = [[NSString alloc] initWithUTF8String:utf8String]; 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 8 Creating and Converting String Objectschar *macOSRomanEncodedString = /* assume this exists */ ; NSString *stringFromMORString = [[NSString alloc] initWithCString:macOSRomanEncodedString encoding:NSMacOSRomanStringEncoding]; NSData *shiftJISData = /* assume this exists */ ; NSString *stringFromShiftJISData = [[NSString alloc] initWithData:shiftJISData encoding:NSShiftJISStringEncoding]; The following example converts an NSString object containing a UTF-8 character to ASCII data then back to an NSString object. unichar ellipsis = 0x2026; NSString *theString = [NSString stringWithFormat:@"To be continued%C", ellipsis]; NSData *asciiData = [theString dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES]; NSString *asciiString = [[NSString alloc] initWithData:asciiData encoding:NSASCIIStringEncoding]; NSLog(@"Original: %@ (length %d)", theString, [theString length]); NSLog(@"Converted: %@ (length %d)", asciiString, [asciiString length]); // output: // Original: To be continued… (length 16) // Converted: To be continued... (length 18) Variable Strings To create a variable string, you typically use stringWithFormat:: or initWithFormat: (or for localized strings, localizedStringWithFormat:). These methods and theirsiblings use a formatstring as a template into which the values you provide (string and other objects, numerics values, and so on) are inserted. They and the supported format specifiers are described in “Formatting String Objects” (page 13). Creating and Converting String Objects Creating Strings 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 9You can build a string from existing string objects using the methods stringByAppendingString: and stringByAppendingFormat: to create a new string by adding one string after another, in the second case using a format string. NSString *hString = @"Hello"; NSString *hwString = [hString stringByAppendingString:@", world!"]; Strings to Present to the User When creating strings to present to the user, you should consider the importance of localizing your application. In general, you should avoid creating user-visible strings directly in code. Instead you should use strings in your code as a key to a localization dictionary that will supply the user-visible string in the user's preferred language. Typically thisinvolves using NSLocalizedString and similar macros, asillustrated in the following example. NSString *greeting = NSLocalizedStringFromTable (@"Hello", @"greeting to present in first launch panel", @"greetings"); For more about internationalizing your application, see Internationalization Programming Topics. “Localizing String Resources” describes how to work with and reorder variable arguments in localized strings. Combining and Extracting Strings You can combine and extract strings in various ways. The simplest way to combine two strings is to append one to the other. The stringByAppendingString: method returns a string object formed from the receiver and the given argument. NSString *beginning = @"beginning"; NSString *alphaAndOmega = [beginning stringByAppendingString:@" and end"]; // alphaAndOmega is @"beginning and end" You can also combine several strings according to a template with the initWithFormat:, stringWithFormat:, and stringByAppendingFormat: methods; these are described in more detail in “Formatting String Objects” (page 13). Creating and Converting String Objects Combining and Extracting Strings 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 10You can extract substrings from the beginning or end of a string to a particular index, or from a specific range, with the substringToIndex:, substringFromIndex:, and substringWithRange: methods. You can also split a string into substrings (based on a separator string) with the componentsSeparatedByString: method. These methods are illustrated in the following examples—notice that the index of the index-based methods starts at 0: NSString *source = @"0123456789"; NSString *firstFour = [source substringToIndex:4]; // firstFour is @"0123" NSString *allButFirstThree = [source substringFromIndex:3]; // allButFirstThree is @"3456789" NSRange twoToSixRange = NSMakeRange(2, 4); NSString *twoToSix = [source substringWithRange:twoToSixRange]; // twoToSix is @"2345" NSArray *split = [source componentsSeparatedByString:@"45"]; // split contains { @"0123", @"6789" } If you need to extract strings using pattern-matching rather than an index, you should use a scanner—see “Scanners” (page 36). Getting C Strings To get a C string from a string object, you are recommended to use UTF8String. This returns a const char * using UTF8 string encoding. const char *cString = [@"Hello, world" UTF8String]; The C string you receive is owned by a temporary object, and will become invalid when automatic deallocation takes place. If you want to get a permanent C string, you must create a buffer and copy the contents of the const char * returned by the method. Similar methods allow you to create string objects from characters in the Unicode encoding or an arbitrary encoding, and to extract data in these encodings. initWithData:encoding: and dataUsingEncoding: perform these conversions from and to NSData objects. Creating and Converting String Objects Getting C Strings 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 11Conversion Summary This table summarizes the most common means of creating and converting string objects: Source Creation method Extraction method In code @"..." compiler construct N/A UTF8 encoding stringWithUTF8String: UTF8String getCharacters: getCharacters:range: Unicode encoding stringWithCharacters: length: Arbitrary encoding initWithData: encoding: dataUsingEncoding: stringByAppendingString: N/A stringByAppendingFormat: Existing strings localizedStringWithFormat: Use NSScanner initWithFormat: locale: Format string Localized strings NSLocalizedString and similar N/A Creating and Converting String Objects Conversion Summary 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 12This article describes how to create a string using a format string, how to use non-ASCII characters in a format string, and a common error that developers make when using NSLog or NSLogv. Formatting Basics NSString uses a format string whose syntax is similar to that used by other formatter objects. It supports the format characters defined for the ANSI C function printf(), plus %@ for any object (see “String Format Specifiers” (page 15) and the IEEE printf specification). If the object responds to descriptionWithLocale: messages, NSString sends such a message to retrieve the text representation. Otherwise, it sends a description message. “Localizing String Resources” describes how to work with and reorder variable arguments in localized strings. In formatstrings, a ‘%’ character announces a placeholder for a value, with the charactersthat follow determining the kind of value expected and how to format it. For example, a format string of "%d houses" expects an integer value to be substituted for the format expression '%d'. NSString supportsthe format characters defined for the ANSI C functionprintf(), plus ‘@’ for any object. If the object responds to the descriptionWithLocale: message, NSString sends that message to retrieve the text representation, otherwise, it sends a description message. Value formatting is affected by the user’s current locale, which is an NSDictionary object that specifies number, date, and other kinds of formats. NSString uses only the locale’s definition for the decimal separator (given by the key named NSDecimalSeparator). If you use a method that doesn’t specify a locale, the string assumes the default locale. You can use NSString’s stringWithFormat: method and other related methods to create strings with printf-style formatspecifiers and argument lists, as described in “Creating and Converting StringObjects” (page 8). The examples below illustrate how you can create a string using a variety of formatspecifiers and arguments. NSString *string1 = [NSString stringWithFormat:@"A string: %@, a float: %1.2f", @"string", 31415.9265]; // string1 is "A string: string, a float: 31415.93" NSNumber *number = @1234; 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 13 Formatting String ObjectsNSDictionary *dictionary = @{ [NSDate date]:@"date" }; NSString *baseString = @"Base string."; NSString *string2 = [baseString stringByAppendingFormat: @" A number: %@, a dictionary: %@", number, dictionary]; // string2 is "Base string. A number: 1234, a dictionary: {date = 2005-10-17 09:02:01 -0700; }" Strings and Non-ASCII Characters You can include non-ASCII characters(including Unicode) in strings usingmethodssuch as stringWithFormat: and stringWithUTF8String:. NSString *s = [NSString stringWithFormat:@"Long %C dash", 0x2014]; Since \xe2\x80\x94 is the 3-byte UTF-8 string for 0x2014, you could also write: NSString *s = [NSString stringWithUTF8String:"Long \xe2\x80\x94 dash"]; NSLog and NSLogv The utility functions NSLog() and NSLogv() use the NSString string formatting servicesto log error messages. Note that as a consequence of this, you should take care when specifying the argument for these functions. A common mistake isto specify a string that includesformatting characters, asshown in the following example. NSString *string = @"A contrived string %@"; NSLog(string); // The application will probably crash here due to signal 10 (SIGBUS) It is better (safer) to use a format string to output another string, as shown in the following example. NSString *string = @"A contrived string %@"; NSLog(@"%@", string); // Output: A contrived string %@ Formatting String Objects Strings and Non-ASCII Characters 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 14This article summarizes the format specifiers supported by string formatting methods and functions. Format Specifiers The format specifiers supported by the NSString formatting methods and CFString formatting functions follow the IEEE printf specification; the specifiers are summarized in Table 1 (page 15). Note that you can also use the “n$” positional specifiers such as %1$@ %2$s. For more details, see the IEEE printf specification. You can also use these format specifiers with the NSLog function. Table 1 Format specifiers supported by the NSString formatting methods and CFString formatting functions Specifier Description Objective-C object, printed as the string returned by descriptionWithLocale: if available, or description otherwise. Also works with CFTypeRef objects, returning the result of the CFCopyDescription function. %@ %% '%' character. %d, %D Signed 32-bit integer (int). %u, %U Unsigned 32-bit integer (unsigned int). Unsigned 32-bit integer (unsigned int), printed in hexadecimal using the digits 0–9 and lowercase a–f. %x Unsigned 32-bit integer (unsigned int), printed in hexadecimal using the digits 0–9 and uppercase A–F. %X %o, %O Unsigned 32-bit integer (unsigned int), printed in octal. %f 64-bit floating-point number (double). 64-bit floating-point number (double), printed in scientific notation using a lowercase e to introduce the exponent. %e 64-bit floating-point number (double), printed in scientific notation using an uppercase E to introduce the exponent. %E 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 15 String Format SpecifiersSpecifier Description 64-bit floating-point number (double), printed in the style of %e if the exponent is less than –4 or greater than or equal to the precision, in the style of %f otherwise. %g 64-bit floating-point number (double), printed in the style of %E if the exponent is less than –4 or greater than or equal to the precision, in the style of %f otherwise. %G 8-bit unsigned character (unsigned char), printed by NSLog() as an ASCII character, or, if not an ASCII character, in the octal format \\ddd or the Unicode hexadecimal format \\udddd, where d is a digit. %c 16-bit Unicode character (unichar), printed by NSLog() as an ASCII character, or, if not an ASCII character, in the octal format \\ddd or the Unicode hexadecimal format \\udddd, where d is a digit. %C Null-terminated array of 8-bit unsigned characters. Because the %s specifier causes the characters to be interpreted in the system default encoding, the results can be variable, especially with right-to-left languages. For example, with RTL, %s inserts direction markers when the characters are not strongly directional. For this reason, it’s best to avoid %s and specify encodings explicitly. %s %S Null-terminated array of 16-bit Unicode characters. Void pointer (void *), printed in hexadecimal with the digits 0–9 and lowercase a–f, with a leading 0x. %p 64-bit floating-point number (double), printed in scientific notation with a leading 0x and one hexadecimal digit before the decimal point using a lowercase p to introduce the exponent. %a 64-bit floating-point number (double), printed in scientific notation with a leading 0X and one hexadecimal digit before the decimal point using a uppercase P to introduce the exponent. %A %F 64-bit floating-point number (double), printed in decimal notation. Table 2 Length modifiers supported by the NSString formatting methods and CFString formatting functions Length Description modifier Length modifier specifying that a following d, o, u, x, or X conversion specifier applies to a short or unsigned short argument. h Length modifier specifying that a following d, o, u, x, or X conversion specifier applies to a signed char or unsigned char argument. hh String Format Specifiers Format Specifiers 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 16Length Description modifier Length modifier specifying that a following d, o, u, x, or X conversion specifier applies to a long or unsigned long argument. l Length modifiers specifying that a following d, o, u, x, or X conversion specifier applies to a long long or unsigned long long argument. ll, q Length modifier specifying that a following a, A, e, E, f, F, g, or G conversion specifier applies to a long double argument. L Length modifier specifying that a following d, o, u, x, or X conversion specifier applies to a size_t or the corresponding signed integer type argument. z Length modifier specifying that a following d, o, u, x, or X conversion specifier applies to a ptrdiff_t or the corresponding unsigned integer type argument. t Length modifier specifying that a following d, o, u, x, or X conversion specifier applies to a intmax_t or uintmax_t argument. j Platform Dependencies OS X uses several data types—NSInteger, NSUInteger,CGFloat, and CFIndex—to provide a consistent means of representing values in 32- and 64-bit environments. In a 32-bit environment, NSInteger and NSUInteger are defined as int and unsigned int, respectively. In 64-bit environments, NSInteger and NSUInteger are defined as long and unsigned long, respectively. To avoid the need to use different printf-style type specifiers depending on the platform, you can use the specifiers shown in Table 3. Note that in some cases you may have to cast the value. Table 3 Format specifiers for data types Type Format specifier Considerations NSInteger %ld or %lx Cast the value to long. NSUInteger %lu or %lx Cast the value to unsigned long. %f works for floats and doubles when formatting; but note the technique described below for scanning. CGFloat %f or %g CFIndex %ld or %lx The same as NSInteger. %p adds 0x to the beginning of the output. If you don't want that, use %zx and no typecast. pointer %p or %zx String Format Specifiers Platform Dependencies 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 17The following example illustrates the use of %ld to format an NSInteger and the use of a cast. NSInteger i = 42; printf("%ld\n", (long)i); In addition to the considerations mentioned in Table 3, there is one extra case with scanning: you must distinguish the types for float and double. You should use %f for float, %lf for double. If you need to use scanf (or a variant thereof) with CGFloat, switch to double instead, and copy the double to CGFloat. CGFloat imageWidth; double tmp; sscanf (str, "%lf", &tmp); imageWidth = tmp; It is important to remember that %lf does not represent CGFloat correctly on either 32- or 64-bit platforms. This is unlike %ld, which works for long in all cases. String Format Specifiers Platform Dependencies 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 18Reading files or URLs using NSString is straightforward provided that you know what encoding the resource uses—if you don't know the encoding, reading a resource is more challenging. When you write to a file or URL, you must specify the encoding to use. (Where possible, you should use URLs because these are more efficient.) Reading From Files and URLs NSString provides a variety of methods to read data from files and URLs. In general, it is much easier to read data if you know its encoding. If you have plain text and no knowledge of the encoding, you are already in a difficult position. You should avoid placing yourself in this position if at all possible—anything that calls for the use of plain text files should specify the encoding (preferably UTF-8 or UTF-16+BOM). Reading data with a known encoding To read from a file or URL for which you know the encoding, you use stringWithContentsOfFile:encoding:error: or stringWithContentsOfURL:encoding:error:, or the corresponding init... method, as illustrated in the following example. NSURL *URL = ...; NSError *error; NSString *stringFromFileAtURL = [[NSString alloc] initWithContentsOfURL:URL encoding:NSUTF8StringEncoding error:&error]; if (stringFromFileAtURL == nil) { // an error occurred NSLog(@"Error reading file at %@\n%@", URL, [error localizedFailureReason]); // implementation continues ... You can also initialize a string using a data object, as illustrated in the following examples. Again, you must specify the correct encoding. 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 19 Reading Strings From and Writing Strings To Files and URLsNSURL *URL = ...; NSData *data = [NSData dataWithContentsOfURL:URL]; // Assuming data is in UTF8. NSString *string = [NSString stringWithUTF8String:[data bytes]]; // if data is in another encoding, for example ISO-8859-1 NSString *string = [[NSString alloc] initWithData:data encoding: NSISOLatin1StringEncoding]; Reading data with an unknown encoding If you find yourself with text of unknown encoding, it is best to make sure that there is a mechanism for correcting the inevitable errors. For example, Apple's Mail and Safari applications have encoding menus, and TextEdit allows the user to reopen the file with an explicitly specified encoding. If you are forced to guess the encoding (and note that in the absence of explicit information, it is a guess): 1. Try stringWithContentsOfFile:usedEncoding:error: or initWithContentsOfFile:usedEncoding:error: (or the URL-based equivalents). These methods try to determine the encoding of the resource, and if successful return by reference the encoding used. 2. If (1) fails, try to read the resource by specifying UTF-8 as the encoding. 3. If (2) fails, try an appropriate legacy encoding. "Appropriate" here depends a bit on circumstances; it might be the default C string encoding, it might be ISO or Windows Latin 1, or something else, depending on where your data are coming from. 4. Finally, you can try NSAttributedString's loading methods from the Application Kit (such as initWithURL:options:documentAttributes:error:). These methods attempt to load plain text files, and return the encoding used. They can be used on more-or-less arbitrary text documents, and are worth considering if your application has no special expertise in text. They might not be as appropriate for Foundation-level tools or documents that are not natural-language text. Reading Strings From and Writing Strings To Files and URLs Reading From Files and URLs 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 20Writing to Files and URLs Compared with reading data from a file or URL, writing isstraightforward—NSString providestwo convenient methods, writeToFile:atomically:encoding:error: and writeToURL:atomically:encoding:error:. You must specify the encoding that should be used, and choose whether to write the resource atomically or not. If you do not choose to write atomically, the string is written directly to the path you specify. If you choose to write it atomically, it is written first to an auxiliary file, and then the auxiliary file is renamed to the path. This option guarantees that the file, if it exists at all, won’t be corrupted even if the system should crash during writing. If you write to an URL, the atomicity option is ignored if the destination is not of a type that can be accessed atomically. NSURL *URL = ...; NSString *string = ...; NSError *error; BOOL ok = [string writeToURL:URL atomically:YES encoding:NSUnicodeStringEncoding error:&error]; if (!ok) { // an error occurred NSLog(@"Error writing file at %@\n%@", path, [error localizedFailureReason]); // implementation continues ... Summary This table summarizes the most common means of reading and writing string objects to and from files and URLs: Source Creation method Extraction method writeToURL: atomically:encoding: error: stringWithContentsOfURL: encoding:error: stringWithContentsOfURL: usedEncoding:error: URL contents writeToFile: atomically:encoding: error: stringWithContentsOfFile: encoding:error: stringWithContentsOfFile: usedEncoding:error: File contents Reading Strings From and Writing Strings To Files and URLs Writing to Files and URLs 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 21The string classes provide methods for finding characters and substrings within strings and for comparing one string to another. These methods conform to the Unicode standard for determining whether two character sequences are equivalent. The string classes provide comparison methods that handle composed character sequences properly, though you do have the option of specifying a literal search when efficiency is important and you can guarantee some canonical form for composed character sequences. Search and Comparison Methods The search and comparison methods each come in several variants. The simplest version of each searches or compares entire strings. Other variants allow you to alter the way comparison of composed charactersequences is performed and to specify a specific range of characters within a string to be searched or compared; you can also search and compare strings in the context of a given locale. These are the basic search and comparison methods: Search methods Comparison methods rangeOfString: compare: rangeOfString: options: compare:options: rangeOfString: options:range: compare:options: range: rangeOfString: options:range: locale: compare:options: range:locale: rangeOfCharacterFromSet: rangeOfCharacterFromSet: options: rangeOfCharacterFromSet: options:range: Searching strings You use the rangeOfString:... methods to search for a substring within the receiver. The rangeOfCharacterFromSet:... methodssearch for individual charactersfrom a supplied set of characters. 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 22 Searching, Comparing, and Sorting StringsSubstrings are found only if completely contained within the specified range. If you specify a range for a search or comparison method and don’t request NSLiteralSearch (see below), the range must not break composed character sequences on either end; if it does, you could get an incorrect result. (See the method description for rangeOfComposedCharacterSequenceAtIndex: for a code sample that adjusts a range to lie on character sequence boundaries.) You can also scan a string object for numeric and string values using an instance of NSScanner. For more about scanners, see “Scanners” (page 36). Both the NSString and the NSScanner class clusters use the NSCharacterSet class cluster forsearch operations. For more about charactersets,see “Character Sets” (page 33). If you simply want to determine whether a string contains a given pattern, you can use a predicate: BOOL match = [myPredicate evaluateWithObject:myString]; For more about predicates, see Predicate Programming Guide . Comparing and sorting strings The compare:... methods return the lexical ordering of the receiver and the supplied string. Several other methods allow you to determine whether two strings are equal or whether one isthe prefix orsuffix of another, but they don’t have variants that allow you to specify search options or ranges. The simplest method you can use to compare strings is compare:—this is the same as invoking compare:options:range: with no options and the receiver’s full extent as the range. If you want to specify comparison options(NSCaseInsensitiveSearch, NSLiteralSearch, or NSNumericSearch) you can use compare:options:; if you want to specify a locale you can use compare:options:range:locale:. NSString also provides various convenience methodsto allow you to perform common comparisons without the need to specify ranges and options directly, for example caseInsensitiveCompare: and localizedCompare:. Important: For user-visible sorted lists, you should always use localized comparisons. Thustypically instead of compare: or caseInsensitiveCompare: you should use localizedCompare: or localizedCaseInsensitiveCompare:. If you want to compare strings to order them in the same way as they’re presented in Finder, you should use compare:options:range:locale: with the user’s locale and the following options: NSCaseInsensitiveSearch, NSNumericSearch, NSWidthInsensitiveSearch, and NSForcedOrderingSearch. For an example, see “Sorting strings like Finder” (page 26). Searching, Comparing, and Sorting Strings Search and Comparison Methods 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 23Search and Comparison Options Several of the search and comparison methods take an “options” argument. This is a bit mask that adds further constraints to the operation. You create the mask by combining the following options (not all options are available for every method): Search option Effect NSCaseInsensitive- Ignores case distinctions among characters. Search Performs a byte-for-byte comparison. Differing literal sequences (such as composed character sequences) that would otherwise be considered equivalent are considered not to match. Using this option can speed some operations dramatically. NSLiteralSearch NSBackwardsSearch Performs searching from the end of the range toward the beginning. Performs searching only on characters at the beginning or end of the range. No match at the beginning or end means nothing is found, even if a matching sequence of characters occurs elsewhere in the string. NSAnchoredSearch When used with the compare:options: methods, groups of numbers are treated as a numeric value for the purpose of comparison. For example, Filename9.txt < Filename20.txt < Filename100.txt. NSNumericSearch Search and comparison are currently performed as if the NSLiteralSearch option were specified. Examples Case-Insensitive Search for Prefix and Suffix NSString provides the methods hasPrefix: and hasSuffix: that you can use to find an exact match for a prefix or suffix. The following example illustrates how you can use rangeOfString:options: with a combination of options to perform case insensitive searches. NSString *searchString = @"age"; NSString *beginsTest = @"Agencies"; NSRange prefixRange = [beginsTest rangeOfString:searchString Searching, Comparing, and Sorting Strings Search and Comparison Options 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 24options:(NSAnchoredSearch | NSCaseInsensitiveSearch)]; // prefixRange = {0, 3} NSString *endsTest = @"BRICOLAGE"; NSRange suffixRange = [endsTest rangeOfString:searchString options:(NSAnchoredSearch | NSCaseInsensitiveSearch | NSBackwardsSearch)]; // suffixRange = {6, 3} Comparing Strings The following examples illustrate the use of various string comparison methods and associated options. The first shows the simplest comparison method. NSString *string1 = @"string1"; NSString *string2 = @"string2"; NSComparisonResult result; result = [string1 compare:string2]; // result = -1 (NSOrderedAscending) You can compare strings numerically using the NSNumericSearch option: NSString *string10 = @"string10"; NSString *string2 = @"string2"; NSComparisonResult result; result = [string10 compare:string2]; // result = -1 (NSOrderedAscending) result = [string10 compare:string2 options:NSNumericSearch]; // result = 1 (NSOrderedDescending) You can use convenience methods (caseInsensitiveCompare: and localizedCaseInsensitiveCompare:) to perform case-insensitive comparisons: Searching, Comparing, and Sorting Strings Examples 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 25NSString *string_a = @"Aardvark"; NSString *string_A = @"AARDVARK"; result = [string_a compare:string_A]; // result = 1 (NSOrderedDescending) result = [string_a caseInsensitiveCompare:string_A]; // result = 0 (NSOrderedSame) // equivalent to [string_a compare:string_A options:NSCaseInsensitiveSearch] Sorting strings like Finder To sort strings the way Finder does in OS X v10.6 and later, use the localizedStandardCompare: method. It should be used whenever file names or other strings are presented in lists and tables where Finder-like sorting is appropriate. The exact behavior of this method is different under different localizations, so clients should not depend on the exact sorting order of the strings. The following example shows another implementation of similar functionality, comparing strings to order them in the same way as they’re presented in Finder, and it also shows how to sort the array of strings. First, define a sorting function that includes the relevant comparison options (for efficiency, pass the user's locale as the context—this way it's only looked up once). int finderSortWithLocale(id string1, id string2, void *locale) { static NSStringCompareOptions comparisonOptions = NSCaseInsensitiveSearch | NSNumericSearch | NSWidthInsensitiveSearch | NSForcedOrderingSearch; NSRange string1Range = NSMakeRange(0, [string1 length]); return [string1 compare:string2 options:comparisonOptions range:string1Range locale:(NSLocale *)locale]; } Searching, Comparing, and Sorting Strings Examples 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 26You pass the function as a parameter to sortedArrayUsingFunction:context: with the user’s current locale as the context: NSArray *stringsArray = @[@"string 1", @"String 21", @"string 12", @"String 11", @"String 02"]; NSArray *sortedArray = [stringsArray sortedArrayUsingFunction:finderSortWithLocale context:[NSLocale currentLocale]]; // sortedArray contains { "string 1", "String 02", "String 11", "string 12", "String 21" } Searching, Comparing, and Sorting Strings Examples 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 27This article describes how line and paragraph separators are defined and how you can separate a string by paragraph. Line and Paragraph Separator Characters There are a number of ways in which a line or paragraph break may be represented. Historically \n, \r, and \r\n have been used. Unicode defines an unambiguous paragraph separator, U+2029 (for which Cocoa provides the constant NSParagraphSeparatorCharacter), and an unambiguous line separator, U+2028 (for which Cocoa provides the constant NSLineSeparatorCharacter). In the Cocoa text system, the NSParagraphSeparatorCharacter is treated consistently as a paragraph break, and NSLineSeparatorCharacter is treated consistently as a line break that is not a paragraph break—that is, a line break within a paragraph. However, in other contexts, there are few guarantees as to how these characters will be treated. POSIX-level software, for example, often recognizes only \n as a break. Some older Macintosh software recognizes only \r, and some Windows software recognizes only \r\n. Often there is no distinction between line and paragraph breaks. Which line or paragraph break character you should use depends on how your data may be used and on what platforms. The Cocoa text system recognizes \n, \r, or \r\n all as paragraph breaks—equivalent to NSParagraphSeparatorCharacter.When it inserts paragraph breaks, for example with insertNewline:, it uses \n. Ordinarily NSLineSeparatorCharacter is used only for breaks that are specifically line breaks and not paragraph breaks, for example in insertLineBreak:, or for representing HTML
elements. If your breaks are specifically intended as line breaks and not paragraph breaks, then you should typically use NSLineSeparatorCharacter. Otherwise, you may use \n, \r, or \r\n depending on what other software is likely to process your text. The default choice for Cocoa is usually \n. Separating a String “by Paragraph” A common approach to separating a string “by paragraph” is simply to use: NSArray *arr = [myString componentsSeparatedByString:@"\n"]; 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 28 Paragraphs and Line BreaksThis, however, ignores the fact that there are a number of other ways in which a paragraph or line break may be represented in a string—\r, \r\n, or Unicode separators. Instead you can use methods—such as lineRangeForRange: or getParagraphStart:end:contentsEnd:forRange:—that take into account the variety of possible line terminations, as illustrated in the following example. NSString *string = /* assume this exists */; unsigned length = [string length]; unsigned paraStart = 0, paraEnd = 0, contentsEnd = 0; NSMutableArray *array = [NSMutableArray array]; NSRange currentRange; while (paraEnd < length) { [string getParagraphStart:¶Start end:¶End contentsEnd:&contentsEnd forRange:NSMakeRange(paraEnd, 0)]; currentRange = NSMakeRange(paraStart, contentsEnd - paraStart); [array addObject:[string substringWithRange:currentRange]]; } Paragraphs and Line Breaks Separating a String “by Paragraph” 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 29It's common to think of a string as a sequence of characters, but when working with NSString objects, or with Unicode strings in general, in most cases it is better to deal with substrings rather than with individual characters. The reason for this is that what the user perceives as a character in text may in many cases be represented by multiple characters in the string. NSString has a large inventory of methods for properly handling Unicode strings, which in general make Unicode compliance easy, but there are a few precautions you should observe. NSString objects are conceptually UTF-16 with platform endianness. That doesn't necessarily imply anything about their internalstorage mechanism; what it meansisthat NSString lengths, character indexes, and ranges are expressed in terms of UTF-16 units, and that the term “character” in NSString method names refers to 16-bit platform-endian UTF-16 units. This is a common convention for string objects. In most cases, clients don't need to be overly concerned with this; aslong as you are dealing with substrings, the precise interpretation of the range indexes is not necessarily significant. The vast majority of Unicode code points used for writing living languages are represented by single UTF-16 units. However, some less common Unicode code points are represented in UTF-16 by surrogate pairs. A surrogate pair is a sequence of two UTF-16 units, taken from specific reserved ranges, that together represent a single Unicode code point. CFString has functions for converting between surrogate pairs and the UTF-32 representation of the corresponding Unicode code point. When dealing with NSString objects, one constraint is that substring boundaries usually should not separate the two halves of a surrogate pair. This is generally automatic for rangesreturned from most Cocoa methods, but if you are constructing substring ranges yourself you should keep this in mind. However, this is not the only constraint you should consider. In many writing systems, a single character may be composed of a base letter plus an accent or other decoration. The number of possible letters and accents precludes Unicode from representing each combination as a single code point, so in general such combinations are represented by a base character followed by one or more combining marks. For compatibility reasons, Unicode does have single code points for a number of the most common combinations; these are referred to as precomposed forms, and Unicode normalization transformations can be used to convert between precomposed and decomposed representations. However, even if a string is fully precomposed, there are still many combinations that must be represented using a base character and combining marks. For most text processing, substring ranges should be arranged so that their boundaries do not separate a base character from its associated combining marks. 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 30 Characters and Grapheme ClustersIn addition, there are writing systems in which characters represent a combination of parts that are more complicated than accent marks. In Korean, for example, a single Hangul syllable can be composed of two or three subparts known as jamo. In the Indic and Indic-influenced writing systems common throughout South and Southeast Asia, single written characters often represent combinations of consonants, vowels, and marks such as viramas, and the Unicode representations of these writing systems often use code points for these individual parts,so that a single character may be composed of multiple code points. For most text processing, substring ranges should also be arranged so that their boundaries do not separate the jamo in a single Hangul syllable, or the components of an Indic consonant cluster. In general, these combinations—surrogate pairs, base characters plus combining marks, Hangul jamo, and Indic consonant clusters—are referred to as grapheme clusters. In order to take them into account, you can use NSString’s rangeOfComposedCharacterSequencesForRange: or rangeOfComposedCharacterSequenceAtIndex: methods, or CFStringGetRangeOfComposedCharactersAtIndex. These can be used to adjuststring indexes orsubstring ranges so that they fall on grapheme cluster boundaries, taking into account all of the constraints mentioned above. These methods should be the default choice for programmatically determining the boundaries of user-perceived characters.: In some cases, Unicode algorithms deal with multiple charactersin waysthat go beyond even grapheme cluster boundaries. Unicode casing algorithms may convert a single character into multiple characters when going from lowercase to uppercase; for example, the standard uppercase equivalent of the German character “ß” is the two-letter sequence “SS”. Localized collation algorithms in many languages consider multiple-character sequences as single units; for example, the sequence “ch” is treated as a single letter for sorting purposes in some European languages. In order to deal properly with cases like these, it is important to use standard NSString methods for such operations as casing, sorting, and searching, and to use them on the entire string to which they are to apply. Use NSString methods such as lowercaseString, uppercaseString, capitalizedString, compare: and its variants, rangeOfString: and its variants, and rangeOfCharacterFromSet: and its variants, or their CFString equivalents. These all take into account the complexities of Unicode string processing, and the searching and sorting methods in particular have many options to control the types of equivalences they are to recognize. In some less common cases, it may be necessary to tailor the definition of grapheme clusters to a particular need. The issues involved in determining and tailoring grapheme cluster boundaries are covered in detail in Unicode Standard Annex #29, which gives a number of examples and some algorithms. The Unicode standard in general is the best source for information about Unicode algorithms and the considerations involved in processing Unicode strings. If you are interested in grapheme cluster boundaries from the point of view of cursor movement and insertion point positioning, and you are using the Cocoa text system, you should know that on OS X v10.5 and later, NSLayoutManager has API support for determining insertion point positions within a line of text as it is laid Characters and Grapheme Clusters 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 31out. Note that insertion point boundaries are not identical to glyph boundaries; a ligature glyph in some cases, such as an “fi” ligature in Latin script, may require an internal insertion point on a user-perceived character boundary. See Cocoa Text Architecture Guide for more information. Characters and Grapheme Clusters 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 32An NSCharacterSet object represents a set of Unicode characters. NSString and NSScanner objects use NSCharacterSet objects to group characters together for searching operations, so that they can find any of a particular set of characters during a search. Character Set Basics A character set object represents a set of Unicode characters. Character sets are represented by instances of a class cluster. The cluster’s two public classes, NSCharacterSet and NSMutableCharacterSet, declare the programmatic interface for immutable and mutable character sets, respectively. An immutable character set is defined when it is created and subsequently cannot be changed. A mutable character set can be changed after it’s created. A character set object doesn’t perform any tasks; it simply holds a set of character values to limit operations on strings. The NSString and NSScanner classes define methods that take NSCharacterSet objects as argumentsto find any ofseveral characters. For example, this code excerpt findsthe range of the first uppercase letter in myString:. NSString *myString = @"some text in an NSString..."; NSCharacterSet *characterSet = [NSCharacterSet uppercaseLetterCharacterSet]; NSRange letterRange = [myString rangeOfCharacterFromSet:characterSet]; After this fragment executes, letterRange.location is equal to the index of the first “N” in “NSString” after rangeOfCharacterFromSet: isinvoked. If the first letter of the string were “S”, then letterRange.location would be 0. Creating Character Sets NSCharacterSet defines class methodsthat return commonly used charactersets,such asletters(uppercase or lowercase), decimal digits, whitespace, and so on. These “standard” character sets are always immutable, even if created by sending a message to NSMutableCharacterSet. See “Standard Character Sets and Unicode Definitions” (page 35) for more information on standard character sets. 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 33 Character SetsYou can use a standard character set as a starting point for building a custom set by making a mutable copy of it and changing that. (You can also start from scratch by creating a mutable character set with alloc and init and adding characters to it.) For example, this fragment creates a character set containing letters, digits, and basic punctuation: NSMutableCharacterSet *workingSet = [[NSCharacterSet alphanumericCharacterSet] mutableCopy]; [workingSet addCharactersInString:@";:,."]; NSCharacterSet *finalCharacterSet = [workingSet copy]; To define a custom character set using Unicode code points, use code similar to the following fragment (which creates a character set including the form feed and line separator characters): UniChar chars[] = {0x000C, 0x2028}; NSString *string = [[NSString alloc] initWithCharacters:chars length:sizeof(chars) / sizeof(UniChar)]; NSCharacterSet *characterSet = [NSCharacterSet characterSetWithCharactersInString:string]; Performance considerations Because character sets often participate in performance-critical code, you should be aware of the aspects of their use that can affect the performance of your application. Mutable character sets are generally much more expensive than immutable character sets. They consume more memory and are costly to invert (an operation often performed in scanning a string). Because of this, you should follow these guidelines: ● Create as few mutable character sets as possible. ● Cache character sets (in a global dictionary, perhaps) instead of continually recreating them. ● When creating a custom set that doesn’t need to change after creation, make an immutable copy of the final character set for actual use, and dispose of the working mutable character set. Alternatively, create a character set file as described in “Creating a character set file” (page 35) and store it in your application’s main bundle. ● Similarly, avoid archiving characterset objects;store them in characterset filesinstead. Archiving can result in a character set being duplicated in different archive files, resulting in wasted disk space and duplicates in memory for each separate archive read. Character Sets Performance considerations 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 34Creating a character set file If your application frequently uses a custom character set, you should save its definition in a resource file and load that instead of explicitly adding individual characters each time you need to create the set. You can save a character set by getting its bitmap representation (an NSData object) and saving that object to a file: NSData *charSetRep = [finalCharacterSet bitmapRepresentation]; NSURL *dataURL = <#URL for character set#>; NSError *error; BOOL result = [charSetRep writeToURL:dataURL options:NSDataWritingAtomic error:&error]; By convention, characterset filenames use the extension .bitmap. If you intend for othersto use your character set files, you should follow this convention. To read a character set file with a .bitmap extension, simply use the characterSetWithContentsOfFile: method. Standard Character Sets and Unicode Definitions The standard character sets, such as that returned by letterCharacterSet, are formally defined in terms of the normative and informative categories established by the Unicode standard, such as Uppercase Letter, Combining Mark, and so on. The formal definition of a standard character set is in most cases given as one or more of the categories defined in the standard. For example, the set returned by lowercaseLetterCharacterSet include all characters in normative category Lowercase Letters, while the set returned by letterCharacterSet includes the characters in all of the Letter categories. Note that the definitions of the categoriesthemselves may change with new versions of the Unicode standard. You can download the files that define category membership from http://www.unicode.org/. Character Sets Creating a character set file 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 35An NSScanner object scans the characters of an NSString object, typically interpreting the characters and converting them into number and string values. You assign the scanner’s string on creation, and the scanner progresses through the characters of that string from beginning to end as you request items. Creating a Scanner NSScanner is a class cluster with a single public class, NSScanner. Generally, you instantiate a scanner object by invoking the class method scannerWithString: or localizedScannerWithString:. Either method returns a scanner object initialized with the string you pass to it. The newly created scanner starts at the beginning of its string. You scan components using the scan... methods such as scanInt:, scanDouble:, and scanString:intoString:. If you are scanning multiple lines, you typically create a while loop that continues until the scanner is at the end of the string, as illustrated in the following code fragment: float aFloat; NSScanner *theScanner = [NSScanner scannerWithString:aString]; while ([theScanner isAtEnd] == NO) { [theScanner scanFloat:&aFloat]; // implementation continues... } You can configure a scanner to consider or ignore case using the setCaseSensitive: method. By default a scanner ignores case. Using a Scanner Scan operationsstart at the scan location and advance the scanner to just past the last character in the scanned value representation (if any). For example, after scanning an integer from the string “137 small cases of bananas”, a scanner’s location will be 3, indicating the space immediately after the number. Often you need to advance the scan location to skip characters in which you are not interested. You can change the implicit 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 36 Scannersscan location with the setScanLocation: method to skip ahead a certain number of characters (you can also use the method to rescan a portion of the string after an error). Typically, however, you either want to skip characters from a particular character set, scan past a specific string, or scan up to a specific string. You can configure a scanner to skip a set of characters with the setCharactersToBeSkipped: method. A scanner ignores characters to be skipped at the beginning of any scan operation. Once it finds a scannable character, however, it includes all characters matching the request. Scanners skip whitespace and newline characters by default. Note that case is always considered with regard to characters to be skipped. To skip all English vowels, for example, you must set the characters to be skipped to those in the string “AEIOUaeiou”. If you want to read content from the current location up to a particular string, you can use scanUpToString:intoString: (you can pass NULL as the second argument if you simply want to skip the intervening characters). For example, given the following string: 137 small cases of bananas you can find the type of container and number of containers using scanUpToString:intoString: asshown in the following example. NSString *bananas = @"137 small cases of bananas"; NSString *separatorString = @" of"; NSScanner *aScanner = [NSScanner scannerWithString:bananas]; NSInteger anInteger; [aScanner scanInteger:&anInteger]; NSString *container; [aScanner scanUpToString:separatorString intoString:&container]; It is important to note that the search string (separatorString) is " of". By default a scanner ignores whitespace, so the space character after the integer is ignored. Once the scanner begins to accumulate characters, however, all characters are added to the output string until the search string is reached. Thus if the search string is "of" (no space before), the first value of container is “small cases ” (includes the space following); if the search string is " of" (with a space before), the first value of container is “small cases” (no space following). Scanners Using a Scanner 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 37After scanning up to a given string, the scan location is the beginning of that string. If you want to scan past thatstring, you must therefore firstscan in the string you scanned up to. The following code fragment illustrates how to skip past the search string in the previous example and determine the type of product in the container. Note the use of substringFromIndex: to in effect scan up to the end of a string. [aScanner scanString:separatorString intoString:NULL]; NSString *product; product = [[aScanner string] substringFromIndex:[aScanner scanLocation]]; // could also use: // product = [bananas substringFromIndex:[aScanner scanLocation]]; Example Suppose you have a string containing lines such as: Product: Acme Potato Peeler; Cost: 0.98 73 Product: Chef Pierre Pasta Fork; Cost: 0.75 19 Product: Chef Pierre Colander; Cost: 1.27 2 The following example uses alternating scan operationsto extract the product names and costs(costs are read as a float forsimplicity’ssake),skipping the expected substrings“Product:” and “Cost:”, as well asthe semicolon. Note that because a scanner skips whitespace and newlines by default, the loop does no special processing for them (in particular there is no need to do additional whitespace processing to retrieve the final integer). NSString *string = @"Product: Acme Potato Peeler; Cost: 0.98 73\n\ Product: Chef Pierre Pasta Fork; Cost: 0.75 19\n\ Product: Chef Pierre Colander; Cost: 1.27 2\n"; NSCharacterSet *semicolonSet; NSScanner *theScanner; NSString *PRODUCT = @"Product:"; NSString *COST = @"Cost:"; NSString *productName; float productCost; Scanners Example 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 38NSInteger productSold; semicolonSet = [NSCharacterSet characterSetWithCharactersInString:@";"]; theScanner = [NSScanner scannerWithString:string]; while ([theScanner isAtEnd] == NO) { if ([theScanner scanString:PRODUCT intoString:NULL] && [theScanner scanUpToCharactersFromSet:semicolonSet intoString:&productName] && [theScanner scanString:@";" intoString:NULL] && [theScanner scanString:COST intoString:NULL] && [theScanner scanFloat:&productCost] && [theScanner scanInteger:&productSold]) { NSLog(@"Sales of %@: $%1.2f", productName, productCost * productSold); } } Localization A scanner bases some of its scanning behavior on a locale, which specifies a language and conventions for value representations. NSScanner uses only the locale’s definition for the decimal separator (given by the key named NSDecimalSeparator). You can create a scanner with the user’s locale by using localizedScannerWithString:, or set the locale explicitly using setLocale:. If you use a method that doesn’t specify a locale, the scanner assumes the default locale values. Scanners Localization 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 39NSString provides a rich set of methodsfor manipulating strings asfile-system paths. You can extract a path’s directory, filename, and extension, expand a tilde expression (such as “~me”) or create one for the user’s home directory, and clean up paths containing symbolic links, redundant slashes, and references to “.” (current directory) and “..” (parent directory). Note: Where possible, you should use instances of NSURL to represent paths—the operating system deals with URLs more efficiently than with string representations of paths. Representing a Path NSString represents paths generically with ‘/’ asthe path separator and ‘.’ asthe extension separator. Methods that accept strings as path arguments convert these generic representations to the proper system-specific form as needed. On systems with an implicit root directory, absolute paths begin with a path separator or with a tilde expression (“~/...” or “~user/...”). Where a device must be specified, you can do that yourself—introducing a system dependency—or allow the string object to add a default device. You can create a standardized representation of a path using stringByStandardizingPath. This performs a number of tasks including: ● Expansion of an initial tilde expression; ● Reduction of empty components and references to the current directory (“//” and “/./”) to single path separators; ● In absolute paths, resolution of references to the parent directory (“..”) to the real parent directory; for example: NSString *path = @"/usr/bin/./grep"; NSString *standardizedPath = [path stringByStandardizingPath]; // standardizedPath: /usr/bin/grep path = @"~me"; 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 40 String Representations of File PathsstandardizedPath = [path stringByStandardizingPath]; // standardizedPath (assuming conventional naming scheme): /Users/Me path = @"/usr/include/objc/.."; standardizedPath = [path stringByStandardizingPath]; // standardizedPath: /usr/include path = @"/private/usr/include"; standardizedPath = [path stringByStandardizingPath]; // standardizedPath: /usr/include User Directories The following examples illustrate how you can use NSString’s path utilities and other Cocoa functions to get the user directories. // Assuming that users’ home directories are stored in /Users NSString *meHome = [@"~me" stringByExpandingTildeInPath]; // meHome = @"/Users/me" NSString *mePublic = [@"~me/Public" stringByExpandingTildeInPath]; // mePublic = @"/Users/me/Public" You can find the home directory for the current user and for a given user with NSHomeDirectory and NSHomeDirectoryForUser respectively: NSString *currentUserHomeDirectory = NSHomeDirectory(); NSString *meHomeDirectory = NSHomeDirectoryForUser(@"me"); Note that you should typically use the function NSSearchPathForDirectoriesInDomains to locate standard directories for the current user. For example, instead of: NSString *documentsDirectory = [NSHomeDirectory() stringByAppendingPathComponent:@"Documents"]; String Representations of File Paths User Directories 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 41you should use: NSString *documentsDirectory; NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES); if ([paths count] > 0) { documentsDirectory = [paths objectAtIndex:0]; } Path Components NSString provides a rich set of methods for manipulating strings as file-system paths, for example: Interprets the receiver as a path and returns the receiver’s extension, if any. pathExtension Returns a new string made by deleting the extension (if any, and only the last) from the receiver. stringByDeletingPathExtension Returns a new string made by deleting the last path component from the receiver, along with any final path separator. stringByDeletingLastPathComponent Using these and related methods described in NSString Class Reference , you can extract a path’s directory, filename, and extension, as illustrated by the following examples. NSString *documentPath = @"~me/Public/Demo/readme.txt"; NSString *documentDirectory = [documentPath stringByDeletingLastPathComponent]; // documentDirectory = @"~me/Public/Demo" NSString *documentFilename = [documentPath lastPathComponent]; // documentFilename = @"readme.txt" NSString *documentExtension = [documentPath pathExtension]; // documentExtension = @"txt" String Representations of File Paths Path Components 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 42File Name Completion You can find possible expansions of file names using completePathIntoString:caseSensitive:matchesIntoArray:filterTypes:. For example, given a directory ~/Demo that contains the following files: ReadMe.txt readme.html readme.rtf recondite.txt test.txt you can find all possible completions for the path ~/Demo/r as follows: NSString *partialPath = @"~/Demo/r"; NSString *longestCompletion; NSArray *outputArray; unsigned allMatches = [partialPath completePathIntoString:&longestCompletion caseSensitive:NO matchesIntoArray:&outputArray filterTypes:NULL]; // allMatches = 3 // longestCompletion = @"~/Demo/re" // outputArray = (@"~/Demo/readme.html", "~/Demo/readme.rtf", "~/Demo/recondite.txt") You can find possible completions for the path ~/Demo/r that have an extension “.txt” or “.rtf” as follows: NSArray *filterTypes = @[@"txt", @"rtf"]; unsigned textMatches = [partialPath completePathIntoString:&outputName caseSensitive:NO matchesIntoArray:&outputArray filterTypes:filterTypes]; // allMatches = 2 // longestCompletion = @"~/Demo/re" // outputArray = (@"~/Demo/readme.rtf", @"~/Demo/recondite.txt") String Representations of File Paths File Name Completion 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 43You can draw string objects directly in a focused NSView using methods such as drawAtPoint:withAttributes: (to draw a string with multiple attributes, such as multiple text fonts, you must use an NSAttributedString object). These methods are described briefly in “Text” in Cocoa Drawing Guide . The simple methods, however, are designed for drawing small amounts of text or text that is only drawn rarely—they create and dispose of various supporting objects every time you call them. To draw strings repeatedly, it is more efficient to use NSLayoutManager, as described in “Drawing Strings”. For an overview of the Cocoa text system, of which NSLayoutManager is a part, see Cocoa Text Architecture Guide . 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 44 Drawing StringsThis table describes the changes to String Programming Guide . Date Notes 2012-07-17 Updated code snippets to adopt new Objective-C features. Corrected string constant character set to UTF-8. Added guidance about using localizedStandardCompare: for Finder-like sorting. Added caveat to avoid using %s with RTL languages. Revised "String Format Specifiers" article. 2012-06-11 2009-10-15 Added links to Cocoa Core Competencies. Added new aricle on character clusters; updated list of string format specifiers. 2008-10-15 2007-10-18 Corrected minor typographical errors. Added notes regarding NSInteger and NSUInteger to "String Format Specifiers". 2007-07-10 2007-03-06 Corrected minor typographical errors. 2007-02-08 Corrected sentence fragments and improved the example in "Scanners." 2006-12-05 Added code samples to illustrate searching and path manipulation. 2006-11-07 Made minor revisions to "Scanners" article. 2006-10-03 Added links to path manipulation methods. 2006-06-28 Corrected typographical errors. Added a new article, "Reading Strings From and Writing Strings To Files and URLs"; significantly updated "Creating and Converting Strings." 2006-05-23 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 45 Document Revision HistoryDate Notes Included “Creating a Character Set” into “Character Sets” (page 33). Changed title from "Strings" to conform to reference consistency guidelines. 2006-01-10 Added “Formatting String Objects” (page 13) article. Added Data Formatting and the Core Foundation Strings programming topics to the introduction. 2004-06-28 Added information about custom Unicode character sets and retrieved missing code fragments in “Creating a Character Set”. Added information and cross-reference to “Drawing Strings” (page 44). Rewrote introduction and added an index. 2004-02-06 Added NSNumericSearch description to “Searching, Comparing, and Sorting Strings” (page 22). 2003-09-09 2003-03-17 Reinstated the sample code that was missing from “Scanners” (page 36). Updated “Creating and Converting String Objects” (page 8) to recommend the use of UTF8 encoding, and noted the pending deprecation of the cString... methods. 2003-01-17 2002-11-12 Revision history was added to existing topic. Document Revision History 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 46A alloc method 34 archiving character set objects 34 ASCII character encoding converting string object contents 8 availableStringEncodings method 8 C C strings Cocoa string objects and 7 creating and converting 11 character encodings string manipulation and 8 character sets custom 34 example code 34 guidelines for use 34 mutable and immutable 33 saving to a file 35 standard 33, 35 characterAtIndex: method 7 characterSetWithContentsOfFile: method 35 compare: method 22 compare:options: method 22, 24 compare:options:range: method 22 comparing strings 22–23 comparison methods for strings 22 componentsSeparatedByString: method 11 current directories resolving references to 40 D dataUsingEncoding: method 11, 12 defaultCStringEncoding method 8 description method 13 descriptionWithLocale: method 13 directories manipulating strings as paths 40, 42 E encodings, character string manipulation and 8 EUC character encoding 8 F file-system paths and strings 42 format strings 13 G getCharacters:length: method 12 I init method for mutable character sets 34 initWithData:encoding: method 8, 11, 12 initWithFormat: method 10 initWithFormat:locale: method 12 ISO Latin 1 character encoding 8 L length method 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 47 Indexfor string objects 7 letterCharacterSet method 35 localization scanning strings and 39 value formatting and 13 localizedScannerWithString: method 36, 39 localizedStringWithFormat: method 9, 12 lowercaseLetterCharacterSet method 35 M myString: method 33 N NSCharacterSet class 33 NSLayoutManager class 44 NSMutableCharacterSet class 33 NSMutableString class 7, 8 NSScanner class 23, 36–38 NSString class creating string objects from 8 described 7 methods for representing file-system paths 40 scanners and 36 NSView class 44 P parent directories resolving references to 40 paths and strings 42 primitive methods of NSString 7 printf function NSString and 13 R rangeOfCharacterFromSet: method 22, 33 rangeOfCharacterFromSet:options: method 22 rangeOfCharacterFromSet:options:range: method 22 rangeOfComposedCharacterSequenceAtIndex: method 23 rangeOfString: method 22 rangeOfString:options: method 22 rangeOfString:options:range: method 22 S scan... methods 36 scanners 36, 38 instantiating 36 operation of 36 sample code 38 scannerWithString: method 36 scanUpToString:intoString: method 37 search methods for strings 22 setCaseSensitive: method 36 setCharactersToBeSkipped: method 37 setLocale: method 39 setScanLocation: method 37 Shift-JIS character encoding 8 standard character sets 33, 35 string objects combining and extracting 10 comparison methods 22 creating and converting 8–12 described 7 drawing 44 searching and comparing 22–23 stringByAppendingFormat: method 10, 12 stringByAppendingString: method 10, 12 stringWithCharacters:length: method 12 stringWithContentsOfFile: method 21 stringWithFormat: method 10 stringWithUTF8String: method 12 substringFromIndex: method 11 substringToIndex: method 11 Index 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 48substringWithRange: method 11 U Unicode characters in string objects 8 code points used to define character sets 34 in string objects 7 NSCharacterSet and 33 standard character sets 35 string comparison standard 22 UTF8 character encoding 11 UTF8String method 11, 12 V value formatting string conversion and 13 W writeToFile:atomically: method 21 Index 2012-07-17 | © 1997, 2012 Apple Inc. All Rights Reserved. 49Apple Inc. © 1997, 2012 Apple Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrievalsystem, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Apple Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Apple’s copyright notice. No licenses, express or implied, are granted with respect to any of the technology described in this document. Apple retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Apple-labeled computers. Apple Inc. 1 Infinite Loop Cupertino, CA 95014 408-996-1010 Apple, the Apple logo, Cocoa, Finder, Mac, Macintosh, Objective-C, OS X, and Safari are trademarks of Apple Inc., registered in the U.S. and other countries. Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.ASARESULT, THISDOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL,OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state. Apple AirPort Networks2 1 Contents Chapter 1 3 Getting Started 5 Configuring an Apple Wireless Device for Internet Access Using AirPort Utility 6 Extending the Range of Your AirPort Network 6 Sharing a USB Hard Disk Connected to an AirPort Extreme Base Station or Time Capsule 6 Printing with an Apple Wireless Device 6 Sharing Your Computer’s Internet Connection Chapter 2 9 AirPort Security 9 Security for AirPort Networks at Home 10 Security for AirPort Networks in Businesses and Classrooms 11 Wi-Fi Protected Access (WPA) and WPA2 Chapter 3 14 AirPort Network Designs 15 Using AirPort Utility 17 Setting Up the AirPort Extreme Network 24 Configuring and Sharing Internet Access 41 Setting Advanced Options 43 Extending the Range of an 802.11n Network 45 Keeping Your Network Secure 49 Directing Network Traffic to a Specific Computer on Your Network (Port Mapping) 51 Logging 52 Using Back to My Mac on your Wireless Network 53 Setting up IPv6 54 Sharing and Securing USB Hard Disks on Your Network 55 Using a Time Capsule in Your Network 55 Connecting a USB Printer to an Apple Wireless Device 56 Adding a Wireless Client to Your 802.11n Network 57 Solving Problems Chapter 4 59 Behind the Scenes 59 Basic Networking 63 Items That Can Cause Interference with AirPort Glossary 641 3 1 Getting Started AirPort offers the easiest way to provide wireless Internet access and networking anywhere in the home, classroom, or office. AirPort is based on the latest Institute of Electrical and Electronics Engineers (IEEE) 802.11n draft specification and provides fast and reliable wireless networking in the home, classroom, or small office. You can enjoy data transfer rates of up to five times faster than data rates provided by the 802.11g standard and more than twice the network range. The new AirPort Extreme Base Station and the new Time Capsule are based on simultaneous dual-band technology, so they work in both the 2.4 gigahertz (GHz) or 5 GHz spectrum at the same time. And they are 100 percent backward-compatible, so Mac computers and PCs that use 802.11a, 802.11b, 802.11g, or IEEE draft specification 802.11n wireless cards can connect to an AirPort wireless network. They also work flawlessly with the AirPort Express for wireless music streaming and more. The AirPort Extreme Base Station and Time Capsule have three additional 10/100/1000BaseT Gigabit Ethernet ports, so you don’t need to include another router in your network. To set up an AirPort Extreme Base Station, an AirPort Express, or a Time Capsule, you use AirPort Utility, the easy-to-use setup and management application. AirPort Utility has a simple user experience, with all software controls accessible from the same application. It provides better management of several Apple wireless devices, with client-monitoring features and logging. If you’re using AirPort Utility version 5.4 or later, you can set up a guest network, in both the 2.4 GHz and 5 GHz bands, so that guests can connect to the Internet using your AirPort network, while you keep your private network secure. You can also choose to set up guest accounts that expire, to grant temporary access to your network; you no longer need to give your network password to visitors in your home or office. You can even set up accounts with time constraints for the best in parental controls. AirPort Utility supports IPv6 and Bonjour, so you can “advertise” network services such as printing and sharing a hard disk over the Wide Area Network (WAN) port.4 Chapter 1 Getting Started Note: When the features discussed in this document apply to the AirPort Extreme Base Station, AirPort Express, and Time Capsule, the devices are referred to collectively as Apple wireless devices. With an AirPort Extreme Base Station or a Time Capsule, you can connect a USB hard disk so that everyone on the network can back up, store, and share files. Every Time Capsule includes an internal AirPort disk, so you don’t need to connect an external one. If you want, you can connect additional USB disks to the USB port on your Time Capsule. You can also connect a USB printer to the USB port on any Apple wireless device, so that everyone on the network can access the printer or hub. All Apple wireless devices provide strong, wireless security. They offer a built-in firewall and support industry-standard encryption technologies. Yet the simple setup utility and powerful access controls make it easy for authorized users to connect to the AirPort network they create. You can use an Apple wireless device to provide wireless Internet access and share a single Internet connection among several computers in the following ways:  Set up the device to act as a router and provide Internet Protocol (IP) addresses to computers on the network using Dynamic Host Configuration Protocol (DHCP) and Network Address Translation (NAT). When the wireless device is connected to a DSL or cable modem that is connected to the Internet, it receives webpages and email content from the Internet through its Internet connection, and then sends the content to wireless-enabled computers, using the wireless network or using Ethernet if there are computers connected to the Ethernet ports.  Set up the Apple wireless device to act as a bridge on an existing network that already has Internet access and a router providing IP addresses. The device passes IP addresses and the Internet connection to AirPort or wireless-enabled computers, or computers connected to the wireless device by Ethernet. This document provides information about the latest AirPort Extreme Base Station, AirPort Express, and Time Capsule, and detailed information about designing 802.11n networks with AirPort Utility for computers using Mac OS X v10.5 or later, and Windows Vista or Windows XP with Service Pack 2. If you’re using previous versions of Mac OS X, or are setting up earlier versions of AirPort devices, you’ll find more information at www.apple.com/support/airport.Chapter 1 Getting Started 5 You can set up an Apple wireless device and connect to the Internet wirelessly in minutes. But because Apple wireless devices are flexible and powerful networking products, you can also create an AirPort network that does much more. If you want to design an AirPort network that provides Internet access to non-AirPort computers via Ethernet, or take advantage of some of your wireless device’s more advanced features, use this document to design and implement your network. You can find more general wireless networking information and an overview of AirPort technology in the earlier AirPort documents, located at www.apple.com/support/manuals/airport. Note: The images of AirPort Utility in this document are from Mac OS X v10.5. If you’re using a Windows computer, the images you see in this document may be slightly different from what you see on your screen. Configuring an Apple Wireless Device for Internet Access Using AirPort Utility Like your computer, Apple wireless devices must be set up with the appropriate hardware and IP networking information to connect to the Internet. Install AirPort Utility, which came on the CD with your wireless device, and use it to provide Internet configuration information and other network settings. AirPort Utility combines the ease of use of AirPort Setup Assistant and the power of AirPort Admin Utility. It is installed in the Utilities folder in the Applications folder on a Macintosh computer using Mac OS X, and in Start > All Programs > AirPort on computers using Windows. AirPort Utility walks you through the setup process by asking a series of questions to determine how the device’s Internet connection and other interfaces should be set up. Enter the settings you received from your ISP or network administrator for Ethernet, PPP over Ethernet (PPPoE), or your local area network (LAN); give your AirPort network a name and password; set up a device as a wireless bridge to extend the range of your existing AirPort network; and set other options. When you’ve finished entering the settings, AirPort Utility transfers the settings to your wireless device. Then it connects to the Internet and shares its Internet connection with computers that join its AirPort network. You can also create an AirPort network that takes advantage of the more advanced networking features of Apple wireless devices. To set more advanced AirPort options, use AirPort Utility to manually set up your wireless device’s configuration, or make quick adjustments to one you’ve already set up. Some of the AirPort advanced networking features can be configured only using the manual setup features in AirPort Utility. 6 Chapter 1 Getting Started Set up your Apple wireless device manually using AirPort Utility when:  You want to provide Internet access to computers that connect to the wireless device using Ethernet  you’ve already set up your device, but you need to change one setting, such as your account information  You need to configure advanced settings such as channel frequency, advanced security options, closed networks, DHCP lease time, access control, WAN privacy, power controls, or port mapping or other options For instructions on using AirPort Utility to manually set up your wireless device and network, see “Using AirPort Utility” on page 15. Extending the Range of Your AirPort Network You can extend the range of your network by using AirPort Utility to set up wireless connections among several devices in your network, or to connect a device using Ethernet to create a roaming network. For more information on extending the range of your network, see “Connecting Additional Wireless Devices to Your AirPort Network” on page 41. Sharing a USB Hard Disk Connected to an AirPort Extreme Base Station or Time Capsule If you’re using an AirPort Extreme Base Station or a Time Capsule, you can connect a USB hard disk to it, and computers connected to the network—wired or wireless, Mac or Windows—can share files using the hard disk. Every Time Capsule includes an internal AirPort disk, so you don’t need to connect an external one. If you want, you can connect additional USB disks to the USB port on your Time Capsule. See “Sharing and Securing USB Hard Disks on Your Network” on page 54. Printing with an Apple Wireless Device If you have a compatible USB printer connected to your Apple wireless device, computers on the AirPort network can use Bonjour (Apple’s zero-configuration networking technology) to print to the printer. For instructions about printing to a USB printer from a computer, see “Connecting a USB Printer to an Apple Wireless Device” on page 55. Sharing Your Computer’s Internet Connection If your computer is connected to the Internet, you can share your Internet connection with other computers using Mac OS X version 10.2 or later, or Windows XP with Service Pack 2. This is sometimes called using your computer as a software base station.Chapter 1 Getting Started 7 You can share your Internet connection as long as your computer is connected to the Internet. If your computer goes to sleep or is restarted, or if you lose your Internet connection, you need to restart Internet sharing. To start Internet sharing on a computer using Mac OS X v10.5 or later: 1 Open System Preferences and click Sharing. 2 Choose the port you want to use to share your Internet connection from the “Share your connection using” pop-up menu. 3 Select the port you want to use to share your Internet connection in the “To computers using” list. You can choose to share your Internet connection with AirPort-enabled computers or computers with built-in Ethernet, for example. 4 Select Internet Sharing in the Services list. 5 If you want to share your Internet connection with computers using AirPort, click AirPort Options to give your network a name and password. 8 Chapter 1 Getting Started To start Internet sharing on a computer using Windows: 1 Open Control Panel from the Start menu, and then click “Network and Internet.” 2 Click “Network and Sharing Center.” 3 Click “Manage network connections” in the Tasks list. 4 Right-click the network connection you want to share, and then select Properties. 5 Click Sharing and then select “Allow other network users to connect through this computer’s Internet connection.” Note: If your Internet connection and your local network use the same port (built-in Ethernet, for example), contact your ISP before you turn on Internet sharing. In some cases (if you use a cable modem, for example) you might unintentionally affect the network settings of other ISP customers, and your ISP might terminate your service to prevent you from disrupting its network. The following chapters explain AirPort security options, AirPort network design and setup, and other advanced options.2 9 2 AirPort Security This chapter provides an overview of the security features available in AirPort. Apple has designed its wireless devices to provide several levels of security, so you can enjoy peace of mind when you access the Internet, manage online financial transactions, or send and receive email. The AirPort Extreme Base Station and Time Capsule also include a slot for inserting a lock to deter theft. For information and instructions for setting up these security features, see “Setting Up the AirPort Extreme Network” on page 17. Security for AirPort Networks at Home Apple gives you ways to protect your wireless AirPort network as well as the data that travels over it. NAT Firewall You can isolate your wireless network with firewall protection. Apple wireless devices have a built-in Network Address Translation (NAT) firewall that creates a barrier between your network and the Internet, protecting data from Internet-based IP attacks. The firewall is automatically turned on when you set up the device to share a single Internet connection. For computers with a cable or DSL modem, AirPort can actually be safer than a wired connection. Closed Network Creating a closed network keeps the network name and the very existence of your network private. Prospective users of your network must know the network name and password to access it. Use AirPort Utility, located in the Utilities folder in the Applications folder on a Macintosh computer using Mac OS X, or in Start > All Programs > AirPort on a computer using Windows, to create a closed network.10 Chapter 2 AirPort Security Password Protection and Encryption AirPort uses password protection and encryption to deliver a level of security comparable to that of traditional wired networks. Users can be required to enter a password to log in to the AirPort network. When transmitting data and passwords, the wireless device uses up to 128-bit encryption, through either Wi-Fi Protected Access (WPA), WPA2, or Wired Equivalent Privacy (WEP), to scramble data and help keep it safe. If you’re setting up an 802.11n-based AirPort device, you can also use WEP (Transitional Security Network) if both WEP-compatible and WPA/WPA2-compatible computers will join your network. Note: WPA security is available only to AirPort Extreme wireless devices; AirPort and AirPort Extreme clients using Mac OS X 10.3 or later and AirPort 3.3 or later; and to non-Apple clients using other 802.11 wireless adapters that support WPA. WPA2 security requires firmware version 5.6 or later for an AirPort Extreme Base Station, firmware version 6.2 or later for an AirPort Express, firmware version 7.3 or later for a Time Capsule, and a Macintosh computer with an AirPort Extreme wireless card using AirPort 4.2 or later. If your computer uses Windows XP or Windows Vista, check the documentation that came with your computer to see if your computer supports WPA2. Security for AirPort Networks in Businesses and Classrooms Businesses and schools need to restrict network communications to authorized users and keep data safe from prying eyes. To meet this need, Apple wireless devices and software provide a robust suite of security mechanisms. Use AirPort Utility to set up these advanced security features. Transmitter Power Control Because radio waves travel in all directions, they can extend outside the confines of a specific building. The Transmit Power setting in AirPort Utility lets you adjust the transmission range of your device’s network. Only users within the network vicinity have access to the network. MAC Address Access Control Every AirPort and wireless card have a unique Media Access Control (MAC) address. For AirPort Cards and AirPort Extreme Cards, the MAC address is sometimes referred to as the AirPort ID. Support for MAC address access control lets administrators set up a list of MAC addresses and restrict access to the network to only those users whose MAC addresses are in the access control list.Chapter 2 AirPort Security 11 RADIUS Support The Remote Authentication Dial-In User Service (RADIUS) makes securing a large network easy. RADIUS is an access control protocol that allows a system administrator to create a central list of the user names and passwords of computers that can access the network. Placing this list on a centralized server allows many wireless devices to access the list and makes it easy to update. If the MAC address of a user’s computer (which is unique to each 802.11 wireless card) is not on your approved MAC address list, the user cannot join your network. Wi-Fi Protected Access (WPA) and WPA2 There has been increasing concern about the vulnerabilities of WEP. In response, the Wi-Fi Alliance, in conjunction with the IEEE, has developed enhanced, interoperable security standards called Wi-Fi Protected Access (WPA) and WPA2. WPA and WPA2 use specifications that bring together standards-based, interoperable security mechanisms that significantly increase the level of data protection and access control for wireless LANs. WPA and WPA2 provide wireless LAN users with a high-level assurance that their data remains protected and that only authorized network users can access the network. A wireless network that uses WPA or WPA2 requires all computers that access the wireless network to have WPA or WPA2 support. WPA provides a high level of data protection and (when used in Enterprise mode) requires user authentication. The main standards-based technologies that constitute WPA include Temporal Key Integrity Protocol (TKIP), 802.1X, Message Integrity Check (MIC), and Extensible Authentication Protocol (EAP). TKIP provides enhanced data encryption by addressing the WEP encryption vulnerabilities, including the frequency with which keys are used to encrypt the wireless connection. 802.1X and EAP provide the ability to authenticate a user on the wireless network. 802.1X is a port-based network access control method for wired as well as wireless networks. The IEEE adopted 802.1X as a standard in August 2001. The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them, and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, the data is assumed to have been tampered with and the packet is dropped. If multiple MIC failures occur, the network may initiate countermeasures.12 Chapter 2 AirPort Security The EAP protocol known as TLS (Transport Layer Security) presents a user’s information in the form of digital certificates. A user’s digital certificates can comprise user names and passwords, smart cards, secure IDs, or any other identity credentials that the IT administrator is comfortable using. WPA uses a wide variety of standards-based EAP implementations, including EAP-Transport Layer Security (EAP-TLS), EAP-Tunnel Transport Layer Security (EAP-TTLS), and Protected Extensible Authentication Protocol (PEAP). AirPort Extreme also supports the Lightweight Extensible Authentication Protocol (LEAP), a security protocol used by Cisco access points to dynamically assign a different WEP key to each user. AirPort Extreme is compatible with Cisco’s LEAP security protocol, enabling AirPort users to join Cisco-hosted wireless networks using LEAP. In addition to TKIP, WPA2 supports the AES-CCMP encryption protocol. Based on the very secure AES national standard cipher, combined with sophisticated cryptographic techniques, AES-CCMP was specifically designed for wireless networks. Migrating from WEP to WPA2 requires new firmware for the AirPort Extreme Base Station (version 5.6 or later), and for AirPort Express (version 6.2 or later). Devices using WPA2 mode are not backward compatible with WEP. WPA and WPA2 have two modes:  Personal mode, which relies on the capabilities of TKIP or AES-CCMP without requiring an authentication server  Enterprise mode, which uses a separate server, such as a RADIUS server, for user authentication WPA and WPA2 Personal  For home or Small Office/Home Office (SOHO) networks, WPA and WPA2 operates in Personal mode, taking into account that the typical household or small office does not have an authentication server. Instead of authenticating with a RADIUS server, users manually enter a password to log in to the wireless network. When a user enters the password correctly, the wireless device starts the encryption process using TKIP or AES-CCMP. TKIP or AES-CCMP takes the original password and derives encryption keys mathematically from the network password. The encryption key is regularly changed and rotated so that the same encryption key is never used twice. Other than entering the network password, the user isn’t required to do anything to make WPA or WPA2 Personal work in the home.Chapter 2 AirPort Security 13 WPA and WPA2 Enterprise WPA is a subset of the draft IEEE 802.11i standard and effectively addresses the wireless local area network (WLAN) security requirements for the enterprise. WPA2 is a full implementation of the ratified IEEE 802.11i standard. In an enterprise with IT resources, WPA should be used in conjunction with an authentication server such as RADIUS to provide centralized access control and management. With this implementation in place, the need for add-on solutions such as virtual private networks (VPNs) may be eliminated, at least for securing wireless connections in a network. For more information about setting up a WPA or WPA2 protected network, see “Using Wi-Fi Protected Access” on page 45.3 14 3 AirPort Network Designs This chapter provides overview information and instructions for the types of AirPort Extreme networks you can set up, and some of the advanced options of AirPort Extreme. Use this chapter to design and set up your AirPort Extreme network. Configuring your Apple wireless device to implement a network design requires three steps: Step 1: Setting Up the AirPort Extreme Network Computers communicate with the wireless device over the AirPort wireless network. When you set up the AirPort network created by the wireless device, you can name the wireless network, assign a password that will be needed to join the wireless network, and set other options. Step 2: Configuring and Sharing Internet Access When computers access the Internet through the AirPort Extreme network, the wireless device connects to the Internet and transmits information to the computers over the AirPort Extreme network. You provide the wireless device with settings appropriate for your ISP and configure how the device shares this connection with other computers. Step 3: Setting Advanced Options These settings are optional for most users. They include using the Apple wireless device as a bridge between your AirPort Extreme network and an Ethernet network, setting advanced security options, extending the AirPort network to other wireless devices, and fine-tuning other settings. For specific instructions on all these steps, refer to the sections later in this chapter. You can do most of your setup and configuration tasks using AirPort Utility, and following the onscreen instructions to enter your ISP and network information. To set advanced options, you need to use AirPort Utility to manually set up your Apple wireless device and AirPort network.Chapter 3 AirPort Network Designs 15 Using AirPort Utility To set up and configure your computer or Apple wireless device to use AirPort Extreme for basic wireless networking and Internet access, use AirPort Utility and answer a series of questions about your Internet settings and how you would like to set up your network. 1 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Mac, or in Start > All Programs > AirPort on a Windows computer. 2 Select your device in the list on the left if there is more than one device in your network. Click Continue, and then follow the onscreen instructions to enter the settings from your ISP or network administrator for the type of network you want to set up. See the network diagrams later in this chapter for the types of networks you can set up using AirPort Utility. To set up a more complicated network, or to make adjustments to a network you’ve already set up, use the manual setup features in AirPort Utility. Setting AirPort preferences Use AirPort preferences to set up your wireless device to alert you when there are updates available for your device. You can also set it up to notify you if there are problems detected, and to provide instructions to help solve the problems. To set AirPort preferences: 1 Open AirPort Utility, located in the Utilities folder inside the Applications folder on a Mac, and in Start > All Programs > AirPort on a Windows computer. 2 Do one of the following:  On a Mac, choose AirPort Utility > Preferences  On a Windows computer, choose File > Preferences16 Chapter 3 AirPort Network Designs Select from the following checkboxes:  Select “Check for Updates when opening AirPort Utility” to automatically check the Apple website for software and firmware updates each time you open AirPort Utility.  Select the “Check for updates” checkbox, and then choose a time interval from the pop-up menu, such as weekly, to check for software and firmware updates in the background. AirPort Utility opens if updates are available.  Select “Monitor Apple wireless devices for problems” to investigate problems that may cause the device’s status light to blink amber. With the checkbox selected, AirPort Utility opens if a problem is detected, and then provides instructions to help resolve the problem. This option monitors all of the wireless devices on the network.  Select “Only Apple wireless devices that I have configured” to monitor only the devices you’ve set up using this computer. Monitoring devices for problems requires an AirPort wireless device that supports firmware version 7.0 or later. To set up your wireless device manually: 1 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Mac, or in Start > All Programs > AirPort on a Windows computer. 2 Select your device in the list. 3 Choose Base Station > Manual Setup and enter the password if necessary. The default device password is public. If you don’t see your wireless device in the list: 1 Open the AirPort status menu in the menu bar on a Mac and make sure that you’ve joined the AirPort network created by your wireless device. On a Windows computer, hover the cursor over the wireless network icon in the status tray to make sure the computer is connected to the correct network. The default network name for an Apple wireless device is AirPort Network XXXXXX, where XXXXXX is replaced with the last six digits of the AirPort ID, (or MAC address). The AirPort ID is printed on the bottom of Apple wireless devices. 2 Make sure your computer’s network and TCP/IP settings are configured properly. On a computer using Mac OS X, choose AirPort from the Show pop-up menu in the Network pane of System Preferences. Then choose Using DHCP from the Configure IPv4 pop-up menu in the TCP/IP pane. On a computer using Windows, right-click the wireless connection icon that displays the AirPort network, and choose Status. Click Properties, select Internet Protocol (TCP/IP), and then click Properties. Make sure “Obtain an IP address automatically” is selected.Chapter 3 AirPort Network Designs 17 If you can’t open the wireless device settings: 1 Make sure your network and TCP/IP settings are configured properly. On a computer using Mac OS X, select AirPort from the network connection services list in the Network pane of System Preferences. Click Advanced, and then choose Using DHCP from the Configure IPv4 pop-up menu in the TCP/IP pane. On a computer using Windows, right-click the wireless connection icon that displays the AirPort network, and choose Status. Click Properties, select Internet Protocol (TCP/IP), and then click Properties. Make sure “Obtain an IP address automatically” is selected. 2 Make sure you entered the wireless device password correctly. The default password is public. If you’ve forgotten the device password, you can reset it to public by resetting the device. To temporarily reset the device password to public, hold down the reset button for one second. To reset the device back to its default settings, hold the reset button for five full seconds. If you’re on an Ethernet network that has other devices, or you’re using Ethernet to connect to the device: AirPort Utility scans the Ethernet network to create the list of devices. As a result, when you open AirPort Utility, you may see devices that you cannot configure. Setting Up the AirPort Extreme Network The first step in configuring your Apple wireless device is setting up the device and the network it will create. You can set up most features using AirPort Utility and following the onscreen instructions to enter the information from your ISP or network administrator. To configure a network manually or set advanced options, open your wireless device’s configuration in AirPort Utility and manually set up your device and network. 1 Choose the network of the wireless device you want to configure from the AirPort status menu on a computer using Mac OS X, or from the wireless connection icon in the status tray on a computer using Windows. 2 Open AirPort Utility and select the wireless device from the list. If you don’t see the device you want to configure, click Rescan to scan for available wireless devices, and then select the one you want from the list. 18 Chapter 3 AirPort Network Designs 3 Choose Base Station > Manual Setup and enter the password if necessary. The default device password is public. You can also double-click the name of the wireless device to open its configuration in a separate window. When you open the manual setup window, the Summary pane is displayed. The summary pane provides information and status about your wireless device and network.Chapter 3 AirPort Network Designs 19 If the wireless device reports a problem, the status icon turns yellow. Click Base Station Status to display the problem and suggestions to resolve it. Wireless Device Settings Click the AirPort button, and then click Base Station or Time Capsule, depending on the device you’re setting up, to enter information about the wireless device. Give the Device a Name Give the device an easily identifiable name. This makes it easy for administrators to locate a specific device on an Ethernet network with several devices. Change the Device Password The device password protects its configuration so that only the administrator can modify it. The default password is public. It is a good idea to change the device password to prevent unauthorized changes to it. If the password is not changed from public, you’ll not be prompted for a password when you select it from the list and click Configure. Other Information  Allow configuration over the WAN port. This allows you to administer the wireless device remotely.  Advertise the wireless device over the Internet using Bonjour. If you have an account with a dynamic DNS service, you can connect to it over the Internet.  Set the device time automatically. If you have access to a Network Time Protocol server, whether on your network or on the Internet, choose it from the pop-up menu. This ensures your wireless device is set to the correct time.20 Chapter 3 AirPort Network Designs Set Device Options Click Base Station Options and set the following:  Enter a contact name and location for the wireless device. The name and location are included in some logs the device generates. The contact and location fields may be helpful if you’ve more than one wireless device on your network.  Set status light behavior to either Always On or Flash On Activity. If you choose Flash On Activity, the device status light blinks when there is network traffic.  If your wireless device supports it, select “Check for firmware updates” and choose an increment, such as Daily from the pop-up menu. Wireless Network Settings Click Wireless, and enter the network name, radio mode, and other wireless information. Setting the Wireless Mode AirPort Extreme supports two wireless modes:  Create a wireless network. Choose this option if you’re creating a new AirPort Extreme network.  Extend a wireless network. Choose this option if you plan to connect another Apple wireless device to the network you’re setting up. Naming the AirPort Extreme Network Give your AirPort network a name. This name appears in the AirPort status menu on the AirPort-enabled computers that are in range of your AirPort network.Chapter 3 AirPort Network Designs 21 Choosing the Radio Mode Choose 802.11a/n - 802.11b/g from the Radio Mode pop-up menu if computers with 802.11a, 802.11n, 802.11g, or 802.11b wireless cards will join the network. Each client computer will connect to the network and transmit network traffic at the highest possible speed. Choose 802.11n - 802.11b/g if only computers with 802.11n, 802.11b, or 802.11g compatible wireless cards will join the network. Note: If you don’t want to use an 802.11n radio mode, hold down the Option key and chose a radio mode that doesn’t include 802.11n. Changing the Channel The “channel” is the radio frequency over which your wireless device communicates. If you use only one device (for example, at home), you probably won’t need to change the channel frequency. If you set up several wireless devices in a school or office, use different channel frequencies for devices that are within approximately 150 feet of each other. Adjacent wireless devices should have at least 4 channels between their channel frequencies. So if device A is set to channel 1, device B should be set to channel 6 or 11. For best results, use channels 1, 6, or 11 when operating your device in the 2.4 GHz range. Choose Manually from the Radio Channel Selection pop-up menu, and then click Edit to set the channels manually. AirPort-enabled computers automatically tune to the channel frequency your wireless device is using when they join the AirPort network. If you change the channel frequency, AirPort client computers do not need to make any changes. Password-protect Your Network To password-protect your network, you can choose from a number of wireless security options. In the AirPort pane of AirPort Utility, click Wireless and choose one of the following options from the Wireless Security pop-up menu:  None: Choosing this option turns off all password protection for the network. Any computer with a wireless adapter or card can join the network, unless the network is set up to use access control. See “Setting Up Access Control” on page 47.  WEP: If your device supports it, choose this option and enter a password to protect your network with a Wired Equivalent Privacy (WEP) password. Your Apple wireless device supports 40-bit and 128-bit encryption. To use 40-bit WEP, don’t use an 802.11n radio mode.22 Chapter 3 AirPort Network Designs  WPA/WPA2 Personal: Choose this option to protect your network with Wi-Fi Protected Access. You can use a password between 8 and 63 ASCII characters or a Pre-Shared Key of exactly 64 hexadecimal characters. Computers that support WPA and computers that support WPA2 can join the network. Choose WPA2 Personal if you want only computers that support WPA2 to join your network.  WPA/WPA2 Enterprise: Choose this option if you’re setting up a network that includes an authentication server, such as a RADIUS server, with individual user accounts. Enter the IP address and port number for the primary and optional secondary server, and enter a “shared secret,” which is the password for the server. Choose WPA2 Enterprise if you want only computers that support WPA2 to join the network.  WEP (Transitional Security Network): If your device supports it, you can use this option to allow computers using WPA or WPA2 to join the network. Computers or devices that use WEP can also join the network. WEP (Transitional Security Network) supports 128-bit encryption. To use this option, the wireless device use an 802.11n radio mode. Hold the Option key on your keyboard while clicking the Wireless Security pop-up menu to use WEP (Transitional Security Netowrk). For more information and instructions for setting up WPA or WPA2 on your network, see “Using Wi-Fi Protected Access” on page 45. Setting Wireless Options Click Wireless Options to set additional options for your network.Chapter 3 AirPort Network Designs 23 Setting Additional Wireless Options Use the Wireless Options pane to set the following:  5 GHz network name: Provide a name for the 5 GHz segment of the dual-band network if you want it to have a different name than the 2.4 GHz network.  Country: Choose the country for the location of your network from the Country pop-up menu.  Multicast rate: Choose a multicast rate from the pop-up menu. If you set the multicast rate high, only clients on the network that are within range and can achieve the speed you set will receive transmissions.  Transmit power: Choose a setting from the Transmit Power pop-up menu to set the network range (the lower the percentage, the shorter the network range).  WPA Group Key Timeout: Enter a number in the text field, and choose an increment from the pop-up menu to change the frequency of key rotation.  Use Wide Channels: If you set up your network to use the 5 GHz frequency range, you can use wide channels to provide higher network throughput. Note: Using wide channels is not permitted in some countries.  Create a closed network: Selecting a closed network hides the name of the network so that users must enter the exact network name and password to join the AirPort Extreme network.  Use interference robustness: Interference robustness can solve interference problems caused by other devices or networks. To set more advanced security options, see “Keeping Your Network Secure” on page 45.24 Chapter 3 AirPort Network Designs Setting up a Guest Network Click Guest Network and then enter the network name and other options for the guest network. When you set up a guest network, a portion of your connection to the Internet is reserved for “guests”, wireless clients that can join the guest network and connect to the Internet without accessing your private network. Select “Allow guest network clients to communicate with each other” to allow client computers to share files and services with each other while they’re connected to the guest network. Make sure sharing services are set up on the client computers. Configuring and Sharing Internet Access The next step is setting up your wireless device’s Internet connection and sharing its Internet access with client computers. The following sections tell you what to do, depending on how your device connects to the Internet. You’re Using a DSL or Cable Modem In most cases, you can implement this network design using AirPort Utility and following the onscreen instructions to set up your wireless device and network. You need to use AirPort Utility to manually set up your device only if you want to set up or adjust optional advanced settings.Chapter 3 AirPort Network Designs 25 What It Looks Like How It Works  The Apple wireless device (in this example, a Time Capsule) connects to the Internet through its Internet WAN (<) connection to your DSL or cable modem.  Computers using AirPort or computers connected to the wireless device’s Ethernet LAN port (G) connect to the Internet through the device.  The device is set up to use a single, public IP address to connect to the Internet, and uses DHCP and NAT to share the Internet connection with computers on the network using private IP addresses.  AirPort computers and Ethernet computers communicate with one another through the wireless device. Important: Connect Ethernet computers that are not connected to the Internet to the device’s LAN port (G) only. Since the device can provide network services, you must set it up carefully to avoid interfering with other services on your Ethernet network. What You Need for a DSL or Cable Modem Connection DSL or cable modem to Internet to Ethernet port Time Capsule < Ethernet WAN port 2.4 or 5 GHz Components Check Comments Internet account with DSL or cable modem service provider Does your service provider use a static IP or DHCP configuration? You can get this information from your service provider or the Network preferences pane on the computer you use to access the Internet through this service provider. Apple wireless device (an AirPort Extreme Base Station, an AirPort Express, or a Time Capsule) Place the device near your DSL or cable modem.26 Chapter 3 AirPort Network Designs What to Do If you’re using AirPort Utility to assist you with configuring the Apple wireless device for Internet access: 1 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Mac, or in Start > All Programs > AirPort on a Windows computer. 2 Follow the onscreen instructions and enter the settings you received from your service provider to connect to the Internet, and then set up the device to share the Internet connection with computers on the network. If you’re using AirPort Utility to manually set up your wireless device: 1 Make sure that your DSL or cable modem is connected to the Ethernet WAN port (<) on your Apple wireless device. 2 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Mac, or in Start > All Programs > AirPort on a Windows computer. Select your wireless device and choose Base Station > Manual Setup, or double-click your device’s icon in the list to open the configuration in a separate window. 3 Click the Internet button. Click Internet Connection and choose Ethernet or PPPoE from the Connect Using pop-up menu, depending on which one your service provider requires. If your service provider gave you PPPoE connection software, such as EnterNet or MacPoET, choose PPPoE. Note: If you’re connecting to the Internet through a router using PPPoE and your Apple wireless device is connected to the router via Ethernet, you do not need to use PPPoE on your wireless device. Choose Ethernet from the Connect Using pop-up menu in the Internet pane, and deselect the “Distribute IP addresses” checkbox in the Network pane. Contact your service provider if you aren’t sure which one to select. 4 Choose Manually or Using DHCP from the Configure IPv4 pop-up menu if you chose Ethernet from the Connect Using pop-up menu, depending on how your service provider provides IP addresses.  If your provider gave you an IP address and other numbers with your subscription, use that information to configure the wireless device IP address manually. If you aren’t sure, ask your service provider. Enter the IP address information in the fields below the Configure IPv4 pop-up menu.Chapter 3 AirPort Network Designs 27  If you chose PPPoE, your ISP provides your IP address automatically using DHCP. If your service provider asks you for the MAC address of your wireless device, use the address of the Ethernet WAN port (<), printed on the label on the bottom of the device. If you’ve already used AirPort Utility to set up your wireless device, the fields below the Configure IPv4 pop-up menu may already contain the information appropriate for your service provider. You can change the WAN Ethernet speed if you have specific requirements for the network you’re connected to. In most cases, the settings that are configured automatically are correct. Your service provider should be able to tell you if you need to adjust these settings. Changing the WAN Ethernet speed can affect the way the wireless device interacts with the Internet. Unless your service provider has given you specific settings, use the automatic settings. Entering the wrong settings can affect network performance. Contact your service provider for the information you should enter in these fields. Use this pop-up menu if you need to adjust the speed of the Ethernet WAN port.28 Chapter 3 AirPort Network Designs If you configure TCP/IP using DHCP, choose Using DHCP from the Configure IPv4 pop-up menu. Your IP information is provided automatically by your ISP using DHCP. 5 If you chose PPPoE from the Connect Using pop-up menu, enter the PPPoE settings your service provider gave you. Leave the Service Name field blank unless your service provider requires a service name. Note: With AirPort, you don’t need to use a third-party PPPoE connection application. You can connect to the Internet using AirPort. Your service provider may require you to enter information in these fields. Contact your service provider for the information you should enter in these fields.Chapter 3 AirPort Network Designs 29 If you’re connecting to the Internet through a router that uses PPPoE to connect to the Internet, and your wireless device is connected to the router via Ethernet, you do not need to use PPPoE on your device. Choose Ethernet from the Connect Using pop-up menu in the Internet pane, and deselect the “Distribute IP addresses” checkbox in the Network pane. Because your router is distributing IP addresses, your wireless device doesn’t need to. More than one device on a network providing IP addresses can cause problems. 6 Click PPPoE to set PPPoE options for your connection.  Choose Always On, Automatic, or Manual, depending on how you want to control when your wireless device is connected to the Internet. If you choose Always On, your device stays connected to your modem and the Internet as long as the modem is turned on. If you choose Automatic, the wireless device connects to the modem, which connects to the Internet when you use an application that requires an Internet connection, such as email or an instant message or web application. If you choose Manual, you need to connect the modem to the Internet when you use an application that requires an Internet connection. If you chose Automatic or Manual from the Connection pop-up menu, you need to choose an increment, such as “10 minutes,” from the “Disconnect if idle” pop-up menu. If you don’t use an Internet application after the increment of time has passed, you’ll be disconnected from the Internet. Note: If your wireless device is connected to your modem using an Ethernet LAN port, and your modem is connected to the Internet using PPPoE, you may not be able to use the manual setting.30 Chapter 3 AirPort Network Designs  Enter Domain Name System (DNS) server addresses and a specific domain name your wireless device accesses when you connect to the Internet. 7 Click the Network button and configure how the device will share its Internet access with AirPort and Ethernet computers. If you chose Ethernet from the Connect Using pop-up menu, choose how your device will share the Internet connection from the Connection Sharing pop-up menu.  To share a single Internet connection with AirPort computers and computers connected to the device with Ethernet using DHCP and NAT, choose “Share a public IP address” from the Connection Sharing pop-up menu. Using DHCP and NAT lets the wireless device dynamically and automatically assign IP addresses to client computers, which simplifies each computer’s TCP/IP configuration. See “Setting DHCP and NAT Options” on page 31. By default, the wireless device allows other devices, computers using Ethernet, and computers using AirPort to communicate with each other using non-IP protocols like AppleTalk. If you want to connect an AppleTalk Ethernet printer to the Apple wireless device or use AppleTalk between wired and wireless computers, make sure the devices are connected to the Ethernet LAN port (G) on the device.  To distribute a range of IP addresses using only DHCP, choose “Distribute a range of IP addresses.” See “Setting DHCP Only Options” on page 33.Chapter 3 AirPort Network Designs 31  If you don’t want your wireless device to share its IP address, choose “Off (Bridge Mode).” If you set up your device in bridge mode, AirPort computers have access to all services on the Ethernet network, and the device does not provide Internet sharing services. See “You’re Using an Existing Ethernet Network” on page 37 for more information about setting up your wireless device as a bridge. Using the wireless device as a bridge can be a way to address incompatibilities between the device’s Internet sharing features and your ISP’s connection method. Setting DHCP and NAT Options If you chose “Share a public IP address” from the Connection Sharing pop-up menu, you can set DHCP and NAT options. Click DHCP.  Choose a range of IP addresses from the DHCP Range pop-up menu. Choose 10.0, 192.168, or 172.16 and then enter a beginning and ending address in the DHCP Beginning Address and the DHCP Ending Address fields, depending on which addresses you want the wireless device to provide.  Enter a number in the DHCP Lease field, and then choose minutes, hours, or days from the pop-up menu.  Type a welcome message in the DHCP Message field. This message is displayed when a computer joins your network.  If your network is set up to use a Lightweight Directory Access Protocol (LDAP) server on your network, you can enter the address of the server in the LDAP Server field, and computers on your network will have access to it.32 Chapter 3 AirPort Network Designs  To provide specific IP addresses to specific computers on your wireless network, click the Add (+) button below the DHCP Reservations list, and follow the onscreen instructions to name the reservation and reserve the address by MAC address or DHCP client ID. If you choose MAC address, click Continue and enter the MAC address and specific IP address. Next you can set NAT options for the network. Click NAT.  You can set up a default host on your network. A default host (sometimes known as a DMZ) is a computer on your network that is exposed to the Internet and receives all inbound traffic. A default host may be useful if you use a computer on your AirPort network to play network games, or want to route all Internet traffic through a single computer.  You can set up NAT Port Mapping Protocol (NAT-PMP). NAT-PMP is an Internet Engineering Task Force Internet Draft, an alternative to the more common Universal Plug and Play (UPnP) protocol implemented in many network address translation (NAT) routers. NAT-PMP allows a computer in a private network (behind a NAT router) to automatically configure the router to allow parties outside the private network to contact this computer. Included in the protocol is a method for retrieving the public IP address of a NAT gateway, allowing a client to make this public IP address and port number known to peers that may wish to communicate with it. This protocol is implemented in current Apple products, including Mac OS X 10.4 Tiger and later, AirPort Extreme, AirPort Express, and Time Capsule networking products, and Bonjour for Windows.Chapter 3 AirPort Network Designs 33 You can also set up port mapping. To ensure that requests are properly routed to your web, AppleShare, or FTP server, or a specific computer on your network, you need to establish a permanent IP address for the server or computer, and provide “inbound port mapping” information to the Apple wireless device. See “Directing Network Traffic to a Specific Computer on Your Network (Port Mapping)” on page 49. Setting DHCP Only Options If you chose “Distribute a range of IP addresses” from the Connection Sharing pop-up menu, your wireless device is set up to use DHCP to distribute a range of IP addresses using only DHCP. You cannot use NAT if you chose this option. Click DHCP and enter the beginning and ending addresses you want to distribute to computers joining your wireless network. You can set the additional DHCP options, such as DHCP Lease, DHCP Message, and other options following the instructions above. Setting Up Client Computers To configure TCP/IP on client computers using Mac OS X v10.5: 1 Open System Preferences on the client computer and then click Network. 2 Do one of the following: a If the client computer is using AirPort, select AirPort in the network connection services list, and then click Advanced.34 Chapter 3 AirPort Network Designs Next, choose DHCP from the Configure IPv4 pop-up menu. b If you enabled a DHCP server when you set up the wireless device’s network, and the client computer is using Ethernet, select Ethernet in the network connection services list, and then choose Using DHCP from the Configure pop-up menu.Chapter 3 AirPort Network Designs 35 c If you selected “Distribute a range of IP addresses” when you set up the wireless device’s network, you can provide Internet access to client computers using Ethernet by setting the client IP addresses manually. Select Ethernet in the network connection services list, and then choose Manually from the Configure pop-up menu. When you configure Ethernet clients manually for a wireless device that provides NAT over Ethernet, you can use IP addresses in the range 10.0.1.2 to 10.0.1.200. In the Subnet Mask field, enter 255.255.255.0. In the Router field, enter 10.0.1.1. Enter the same name server address and search domain information that you entered in the wireless device configuration. To configure TCP/IP on client computers using Windows Make sure you’ve installed the wireless adapter in your computer and the software necessary to set up the adapter. To configure TCP/IP on client computers: 1 Open Control Panel from the Start menu, and then click “Network and Internet.” 2 Click “Network and Sharing Center.” 3 Click “Manage network connections” in the Tasks list. 4 Right-click the wireless connection you want to share, and then select Properties. Enter the IP and router addresses from the range your device is providing. Enter the DNS and Search Domain addresses if necessary.36 Chapter 3 AirPort Network Designs 5 Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.  If you chose “Share a public IP address” in the Network pane of AirPort Utility, select “Obtain an IP address automatically.”  If you chose “Distribute a range of IP addresses” when you set up the wireless device’s network, you can provide Internet access to client computers by setting the client IP addresses manually. Select “Use the following IP address.” When you configure clients manually for a wireless device that provides NAT service, use IP addresses in the range 10.0.1.2 to 10.0.1.200, 172.16.1.2 to 172.16.1.200, or 192.168.1.2 to 192.168.1.200. In the “Subnet mask” field, enter 255.255.255.0. In the “Default gateway” field, enter 10.0.1.1, 172.16.1.1, or 192.168.1.1, depending on which addressing scheme you used. Enter the same name server address and search domain information that you entered in the wireless device configuration.Chapter 3 AirPort Network Designs 37 You’re Using an Existing Ethernet Network You can use AirPort Utility to easily set up the Apple wireless device for Internet access through an existing Ethernet network that already has a router, switch, or other network device providing IP addresses. Use the manual setup features of AirPort Utility if you need to adjust optional advanced settings. What It Looks Like How It Works  The Apple wireless device (in this example, a Time Capsule) uses your Ethernet network to communicate with the Internet through the Ethernet WAN port (<).  AirPort and Ethernet clients access the Internet and the Ethernet network through the Apple wireless device. What You Need for an Ethernet Connection Router to Internet to Ethernet port Time Capsule All Programs > AirPort on a Windows computer. 2 Click Continue and follow the onscreen instructions to connect to your local area network (LAN). If you’re using AirPort Utility to manually set up your wireless device: 1 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Mac, or in Start > All Programs > AirPort on a Windows computer. 2 Select your device and choose Base Station > Manual Setup, or double-click your device icon to open the configuration in a separate window. 3 Click Internet and choose Ethernet from the Connect Using pop-up menu. 4 Choose Manually or Using DHCP from the Configure IPv4 pop-up menu, depending on how IP addresses are provided on your Ethernet network. If you aren’t sure, ask your service provider or network administrator. If your addresses are provided manually, choose Manually from the Configure IPv4 pop-up menu. Enter your IP address information in the fields below the Configure IPv4 pop-up menu. If you’ve already used AirPort Utility to set up your Apple wireless device, the fields below the Configure IPv4 pop-up menu may already contain the appropriate information. Contact your network administrator for the information you should enter in these fields.Chapter 3 AirPort Network Designs 39 If your IP address is provided by DHCP, choose Using DHCP from the Configure IPv4 pop-up menu. 5 Choose Off (Bridge Mode) from the Connection Sharing pop-up menu. Your wireless device “bridges” the Ethernet networks Internet connection to computers connected to the device wirelessly or by Ethernet. See “Setting Up Client Computers” on page 33 for information about how to set up client computers to connect to the Ethernet network.40 Chapter 3 AirPort Network Designs Connecting Additional Devices to Your AirPort Extreme Network Connect a USB printer to the USB port of your Apple wireless device (in this example, a Time Capsule) and everyone on the network can print to it. Connect a USB hub to the USB port of an AirPort Extreme Base Station or a Time Capsule, and then connect a hard disk and a printer so everyone on the network can access them. If you connect a Time Capsule, you can use Time Machine in Mac OS X Leopard (v10.5.2 or later) to back up all of the Mac OS X Leopard computers on the network. What It Looks Like What to Do Follow the instructions in the previous sections to set up your AirPort Extreme network depending on how you connect to the Internet or set up your wireless network. Connect a USB hard disk, printer, or hub to the USB port on your AirPort Extreme Base Station or Time Capsule. Note: If you’re using an AirPort Express in your network, you can connect a USB printer to the USB port, and everyone on the network can print to it. AirPort Express doesn’t support connecting a USB hard disk. DSL or cable modem USB Printer Time Capsule to Internet Ethernet WAN port AirPort Extreme < 2.4 or 5 GHz 2.4 or 5 GHz 2.4 or 5 GHzChapter 3 AirPort Network Designs 41 Using Apple TV on Your AirPort Extreme Network to Play Content from iTunes When you connect Apple TV to your AirPort Extreme network wirelessly, or using Ethernet, and then connect Apple TV to your widescreen TV, you can enjoy your favorite iTunes content including movies, TV shows, music, and more. (See the documentation that came with your Apple TV for instructions setting it up.) Setting Advanced Options Connecting Additional Wireless Devices to Your AirPort Network You can connect additional Apple wireless devices to extend the range of your wireless network. For example, you can connect an AirPort Extreme Base Station or a Time Capsule using Ethernet. A network with devices connected using Ethernet is known as a roaming network. You can also connect Apple wireless devices wirelessly to extend the network. DSL or cable modem to Internet to Ethernet port < Ethernet WAN port Time Capsule Apple TV 2.4 GHz 2.4 or 5 GHz42 Chapter 3 AirPort Network Designs Setting Up Roaming Several AirPort Extreme Base Stations or Time Capsules can be set up to create a single wireless network. Client computers using AirPort can move from device to device with no interruption in service (a process known as roaming). To set up roaming: 1 Connect all of the AirPort Extreme Base Stations and Time Capsules to the same subnet on your Ethernet network. 2 Give each device a unique name. 3 Give each device the same network name and password. 4 Set up the devices as bridges, following the instructions in the previous section. If you want one device to assign IP addresses using DHCP, also do the following: 1 Set up one device to act as the DHCP server. 2 Set up the other devices as bridges, following the instructions in the previous section. The device acting as a DHCP server can also receive its IP address via DHCP from a server on an Ethernet network or from a cable or DSL modem connected to an Internet service provider (ISP). to Ethernet port Ethernet LAN ports to Internet AirPort Extreme DSL or cable modem G Time Capsule < Ethernet WAN port 2.4 or 5 GHz 2.4 GHzChapter 3 AirPort Network Designs 43 Extending the Range of an 802.11n Network Extending the range of an 802.11n network is simpler if you’re connecting another 802.11n device. Connecting two Apple 802.11n wireless devices makes the WDS setup process more straightforward. To extend the range of an 802.11n network: 1 Open AirPort Utility and select the device that will connect to the Internet. See the previous sections of this document for instructions about setting up your wireless device, depending on your Internet connection. 2 Choose Base Station > Manual Setup, or double-click the device’s icon to open the configuration in a separate window. Enter the password if necessary. 3 Click the AirPort button, and then click Wireless. 4 Choose “Create a wireless network” from the Wireless Mode pop-up menu, and then select the “Allow this network to be extended” checkbox. 5 Next, select the device that will extend this network and choose Base Station > Manual Setup, or double-click the device’s icon to open its configuration in a separate window. Enter the password if necessary. 6 Choose “Extend a wireless network” from the Wireless Mode pop-up menu, and then choose the network you want to extend from the Network Name pop-up menu. 7 Enter the network name and password if necessary.44 Chapter 3 AirPort Network Designs 8 Click Update to update the device with new network settings. Controlling the Range of Your AirPort Network You can also shorten the range of your AirPort network. This might be useful if you want to control who has access to the network by restricting the range to a single room, for example. To shorten the range of your AirPort network: 1 Open AirPort Utility (in the Utilities folder in the Applications folder on a Macintosh computer, or in Start > All Programs > AirPort on a computer using Windows). 2 Select your wireless device and choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary. 3 Click the AirPort button, and then click Wireless. 4 Click Wireless Options, and then choose a percentage setting from the Transmit Power pop-up menu. The lower the percentage is, the shorter the range is.Chapter 3 AirPort Network Designs 45 Keeping Your Network Secure Your network is protected by the password you assign to it. However, you can take additional steps to help keep your network secure. Networks managed by Simple Network Management Protocol (SNMP) may be vulnerable to denial-of-service attacks. Similarly, if you configure your wireless device over the WAN port, it may be possible for unauthorized users to change network settings. When remote configuration is enabled, the device’s Bonjour information (the device name and IP address) is published over the WAN port. Turning off remote configuration may provide additional security. To help protect your network and wireless device: 1 Open AirPort Utility, select your device, and choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary. 2 Click the Advanced button, and then click Logging & SNMP. 3 Make sure the Allow SNMP Access and “Allow SNMP over WAN” checkboxes are not selected. Using Wi-Fi Protected Access AirPort Extreme supports WPA and WPA2 security standard for wireless networks. Using Mac OS X v10.3 or later or Windows XP with Service Pack 2, and 802.1X authentication capabilities, WPA security delivers more sophisticated data encryption than WEP, and also provides user authentication, which was virtually unavailable with WEP. If your computer has an AirPort Extreme wireless card installed, you can take advantage of the security updates in WPA2, including AES-CCMP encryption. AirPort Extreme supports two modes of WPA and WPA2: Enterprise mode, which uses an authentication server for user authentication, and Personal mode, which relies on the capabilities of TKIP for WPA and AES-CCMP for WPA2, without requiring an authentication server. Enterprise mode is designed for a larger network in which an IT professional is most likely setting up and managing the network. In order to set up a WPA or WPA2 Enterprise network, an 802.1X connection must be set up first in Network preferences on a Mac. To set up an 802.1x connection on a Windows computer, see the documentation that came with your computer. The 802.1X connection requires an authentication protocol, like TTLS, LEAP, or PEAP. Setting up a WPA or WPA2 Enterprise network requires setting up an authentication server, such as a RADIUS server, to manage and validate network users’ credentials, such as user names, passwords, and user certificates. See the documentation that came with the server to set it up. 46 Chapter 3 AirPort Network Designs Personal mode is for the home or small office network and can be set up and managed by most users. Personal mode does not require a separate authentication server. Network users usually only need to enter a user name and password to join the network. Note: If you change an existing WDS network from WEP to WPA, you’ll need to reset the wireless devices and set up your network again. For information about resetting your Apple wireless device, see the documentation that came with it. To set up a WPA or WPA2 Enterprise network: On a computer using Mac OS X, you first need to set up an 802.1x connection. 1 Open System Preferences, click Network, and then click AirPort. 2 Click Advanced, and then click 802.1X 3 Enter the settings for the connection. Note: Some of the authentication protocols require digital certificate authorization on the server. See the documentation that came with your server to create and distribute digital certificates. 4 Click OK to save the connection settings. To use AirPort Utility to set up a WPA or WPA2 Enterprise network on computers using Mac OS X and Windows XP: 1 Open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary. 2 Choose WPA/WPA2 Enterprise, or WPA2 Enterprise from the Wireless Security pop-up menu, depending on the capabilities of the client computers that will join your network. 3 Click Configure RADIUS, and enter the IP address, port, and shared secret (or password) of the primary and secondary RADIUS authentication servers. Check with the administrator of the RADIUS server for information to type in these fields. To set up a WPA or WPA2 Personal network: 1 Open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary. 2 Choose WPA/WPA2 Personal or WPA2 Personal from the Wireless Security pop-up menu depending on the capabilities of the client computers that will join your network. 3 Type a password of 8 to 63 ASCII characters.Chapter 3 AirPort Network Designs 47 Setting Up Access Control Access control lets you specify which computers can send or receive information through the wireless device to the wired network. Each wireless-enabled computer has a unique MAC address. You can restrict access by creating an access control list that includes only the MAC addresses for computers you want to access your wired network. To find the MAC address (AirPort ID) of your computer’s AirPort Card, click the AirPort button in the Network pane of System Preferences. To set up the access control list: 1 Open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup. Enter the password if necessary. 2 Click the AirPort button, and then click Access. 3 Choose Timed Access or RADIUS from the MAC Address Access Control pop-up menu, depending on the device you’re setting up.  If you choose Timed Access, click the Add (+) button and enter the MAC address and description or name of the computers you’re allowing to access the network. You can also click This Computer to add the MAC address and name of the computer you’re using to set up this wireless device. Double-click the computer in the list and choose a value from each pop-up menu. Choose a day of the week or Everyday from the day pop-up menu, and then choose either “all day” or “between” from the other pop-up menu. If you choose “between,” you can edit the times of the day by double-clicking in the time fields.48 Chapter 3 AirPort Network Designs  If you choose RADIUS, enter the type of RADIUS service, the RADIUS IP addresses, shared secret, and primary port for the primary RADIUS server. Enter the information for the secondary RADIUS server if there is one. Check with the server administrator if you don’t have that information. Important: AirPort access control prevents computers that aren’t on the access control list from accessing the AirPort network. For information on how to prevent unauthorized computers from joining the AirPort network, see “Setting Up the AirPort Extreme Network” on page 17. You can also add the MAC address of a third-party 802.11 wireless networking card to the access control list. Most third-party cards have the MAC address on a label attached to the metal case of the card. Access control is not compatible with WPA or WPA2 Enterprise mode. You can use either access control or WPA Enterprise in a network, but you can’t use both. Using a RADIUS Server Using a RADIUS server on your network lets you authenticate MAC addresses (AirPort IDs) on a separate computer, so that each device on the network doesn’t need to store the MAC addresses of computers that have access to the network. Instead, all the addresses are stored on a server that is accessed through a specific IP address. To set up authentication using a RADIUS server: 1 On the server, enter the MAC addresses of the computers that will access the network. 2 When the RADIUS server is set up, open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary. 3 Click AirPort, click Access, and then choose RADIUS from the MAC Address Access Control pop-up menu. 4 Choose a format from the RADIUS pop-up menu. If you choose Default, your wireless device formats the MAC addresses as 010203- 0a0b0c, and they are used as the user names on the RADIUS server. The shared secret is the password for users joining the network. This format is often used for Lucent and Agere servers. If you choose Alternate, MAC addresses are formatted as 0102030a0b0c and are used for both the user name and password by users joining the network. This format is often used for Cisco servers.Chapter 3 AirPort Network Designs 49 5 Enter the IP address, port, and shared secret (or password) for the primary and secondary servers. See the RADIUS documentation that came with your server, or check with the network administrator for more information on setting up the RADIUS server. The access control list and RADIUS work together. When a user tries to join a network that authenticates using access control or a RADIUS server, the wireless device searches first in the access control list, and if the MAC address is there, the user can join the network. If the MAC address is not in the access control list, the device checks the RADIUS server for the MAC address. If it is there, the user can join the network. Note: RADIUS access control is not compatible with WPA or WPA2 Personal mode. You can use either RADIUS access control or WPA Enterprise in a network, but you can’t use both. Directing Network Traffic to a Specific Computer on Your Network (Port Mapping) AirPort Extreme uses Network Address Translation (NAT) to share a single IP address with the computers that join the AirPort Extreme network. To provide Internet access to several computers with one IP address, NAT assigns private IP addresses to each computer on the AirPort Extreme network, and then matches these addresses with port numbers. The wireless device creates a port-to-private IP address table entry when a computer on your AirPort (private) network sends a request for information to the Internet. 50 Chapter 3 AirPort Network Designs If you’re using a web, AppleShare, or FTP server on your AirPort Extreme network, other computers initiate communication with your server. Because the Apple wireless device has no table entries for these requests, it has no way of directing the information to the appropriate computer on your AirPort network. To ensure that requests are properly routed to your web, AppleShare, or FTP server, you need to establish a permanent IP address for your server and provide inbound port mapping information to your Apple wireless device. To set up inbound port mapping: 1 Open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary. 2 Click the Advanced button, and then click Port Mapping. 3 Click the Add (+) button and choose a service, such as Personal File Sharing, from the Service pop-up menu.Chapter 3 AirPort Network Designs 51 Type any additional information you need in the text fields. To use port mapping, you must configure TCP/IP manually on the computer that is running the web, AppleShare, or FTP server. You can also set up a computer as a default host to establish a permanent IP address for the computer and provide inbound port mapping information to the AirPort Extreme Base Station or AirPort Express. This is sometimes known as a DMZ and is useful when playing some network games or video conferencing. To set up a default host: 1 Open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary. 2 Click the Internet button, and then click NAT. 3 Select the “Enable Default Host at” checkbox. The default IP address is 10.0.1.253. 4 Enter the same IP address on the host computer. Logging You can set up your wireless device to log status information to the Mac OS X system log or the Syslog application on a Windows computer. This is helpful for understanding problems and monitoring a device’s performance. To set up logging: 1 Open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary. 2 Click the Advanced button, and then click Statistics.52 Chapter 3 AirPort Network Designs 3 Enter the IP address of the computer that will receive the logs in the Syslog Destination Address field. 4 Choose a level from the Syslog Level pop-up menu. You need to assign a Network Time Protocol (NTP) server for each wireless device, so the log information will contain the accurate time of the status logs. To set the time automatically: 1 Open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary. 2 Click the AirPort button, and then click Base Station. 3 Select the “Set time automatically” checkbox, and then choose an NTP server from the pop-up menu if you have access to one on your network or on the Internet. If you click “Logs and Statistics” you can view and export logs, and view wireless client and DHCP client information. If you export the logs, use the Mac OS X Console application, located in the Utilities folder in the Applications folder on a Mac, or in Start > All Programs > AirPort on a Windows computer, to view the logs on the computer receiving them. Using Back to My Mac on your Wireless Network If you have a paid MobileMe subscription (not a free trial), you can use Back to My Mac to access your AirPort Base Station or Time Capsule. You can access the base station or Time Capsule to monitor the network or make changes to the base station or Time Capsule settings. You can also access the hard disk built into the Time Capsule or an external USB hard disk connected to the base station or Time Capsule. To set up Back to My Mac on your wireless device: 1 Click MobileMe in the Advanced pane. 2 Enter your MobileMe account and password.Chapter 3 AirPort Network Designs 53 Setting up IPv6 IPv6 is a new version of Internet Protocol (IP). IPv6 is currently used primarily by some research institutions. Most computers do not need to set up or use IPv6. The primary advantage of IPv6 is that it increases the address size from 32 bits (the current IPv4 standard) to 128 bits. An address size of 128 bits is large enough to support billions and billions of addresses. This allows for more addresses or nodes than are currently available. IPv6 also provides more ways to set up the address and simpler autoconfiguration. By default, IPv6 is configured automatically, and the default settings are sufficient. However, if your network administrator or Internet service provider (ISP) has specifically told you to configure IPv6 manually, follow the instructions below. Open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup. Enter the password if necessary. Click the Advanced button, and then click IPv6. To manually set IPv6 options: 1 Choose Node or Tunnel from the IPv6 mode pop-up menu, depending on the method you were instructed to use. 2 Choose Manually from the Configure IPv6 pop-up menu, and enter the information you were given from your ISP or network administrator. Customizing the IPv6 firewall If your wireless device supports it, you can use AirPort Utility to adjust IPv6 firewall settings. To adjust IPv6 firewall settings: 1 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Mac, or in Start > All Programs > AirPort on a Windows computer. 2 Select your device from the list, and then enter the password. 3 Click the Advanced button, and then click IPv6 Firewall By default, “Allow Teredo tunnels” and “Allow incoming IPSec authentication” are selected. To provide access to specific devices on your network from outside the IPv6 firewall, click the Add (+) button and enter the IPv6 address and/or the port for the device. To use an IPv6 firewall, you need an Apple 802.11n wireless device.54 Chapter 3 AirPort Network Designs Sharing and Securing USB Hard Disks on Your Network If you connect a USB hard disk to your AirPort Extreme Base Station or Time Capsule, computers connected to the network—both wireless and wired, Mac and Windows— can use it to back up, store, and share files. If you’re using a Time Capsule, you don’t need to connect a hard disk to it. Every Time Capsule includes an internal AirPort disk. To share a hard disk on your network: 1 Plug the hard disk into the USB port on the back of the AirPort Extreme Base Station or Time Capsule. 2 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Mac, or in Start > All Programs > AirPort on a Windows computer. 3 Select your AirPort Extreme Base Station or your Time Capsule, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary. 4 Click the Disks button, and then click File Sharing. 5 Choose “With a disk password,” or “With base station password” if you want to secure the shared disk with a password, or choose “With accounts” if you want to secure the disk using accounts.  If you choose to use accounts, click Configure Accounts, click the Add (+) button, and then enter a name and password for each user that will access the disk. 6 Choose “Not allowed,” “Read only,” or “Read and write” to assign guest access to the disk. 7 Select the “Share disks over Ethernet WAN port” checkbox if you want to provide remote access to the disk over the WAN port. Data transfer speed may vary, depending on the network. to Internet DSL or cable modem AirPort Extreme USB hard disk < Ethernet WAN port 2.4 or 5 GHz 2.4 or 5 GHzChapter 3 AirPort Network Designs 55 Using a Time Capsule in Your Network If you’re using a Time Capsule and a computer with Mac OS X Leopard (v10.5.2 or later), you can use Time Machine to automatically back up all of the computers on the network that are using Leopard. Other Mac computers and Windows computers can access the Time Capsule’s internal AirPort disk to back up, store, and share files. And because every Time Capsule is also a full-featured 802.11n base station, you can set up your Time Capsule to share an Internet connection with computers on the AirPort network it creates. For information about using your Time Capsule with Time Machine in Mac OS X Leopard, search for “Time Capsule” in Mac Help. Connecting a USB Printer to an Apple Wireless Device You can connect a compatible USB printer to your Apple wireless device (an AirPort Extreme Base Station, AirPort Express, or Time Capsule), so that anyone on the network using Mac OS X v10.2.3 or later, Windows XP with Service Pack 2, or Windows Vista can print to that printer. To use a printer on your network: 1 Connect the printer to the USB port on the Apple wireless device. 2 Set up the client computers:  On a computer using Mac OS X v10.5 or later, open System Preferences and click Print & Fax. Select the printer from the Printers list. If the printer isn’t in the list, click Add (+) at the bottom of the list, locate the printer, and then click Add.  On a computer using Mac OS X v10.2.3 or later, open Printer Setup Utility located in the Utilities folder in the Applications folder, and then select the printer from the list. If the printer is not in the list, click Add, choose Bonjour from the pop-up menu, and then select the printer from the list. to Internet DSL or cable modem Time Capsule < Ethernet WAN port 2.4 or 5 GHz 2.4 or 5 GHz 2.4 GHz56 Chapter 3 AirPort Network Designs  On a computer using Windows, install Bonjour for Windows from AirPort Utility CD, and follow the onscreen instructions to connect to the printer. You can change the name of the printer from the default name to one you choose. To change the name of your USB printer: 1 Open AirPort Utility, select your device, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. 2 Click the Printer button and type a name for the printer in the USB Printers field. Adding a Wireless Client to Your 802.11n Network If your Apple wireless device supports it, and your network is password-protected using WPA Personal or WPA/WPA2 Personal, you can provide wireless clients access to your network without requiring them to enter the network password. When you allow a client access to your network, the client’s name and wireless MAC address (or AirPort ID) are stored in the access control list of AirPort Utility until you remove them from the list. You can provide 24 hours of access, after which time the client will no longer be able to access your network. When you provide a client access to your wireless network, the client does not need to enter the network password. To allow client access to your network: 1 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Mac, or in Start > All Programs > AirPort on a Windows computer. 2 Select your Apple wireless device and choose Base Station > Manual Setup. Enter the password if necessary. 3 Choose Add Wireless Clients from the Base Station menu. 4 Select how you want the client to access the network:  Select PIN to enter the eight-digit number provided by the client requesting network access.  Select “First attempt” to allow network access to the first client attempting to join the network.  Select “Limit client’s access to 24 hours” if you want to provide only one day of access to your network. If you don’t select this option, the client will have access to your network until you remove the name from the list.Chapter 3 AirPort Network Designs 57 Solving Problems If you have trouble connecting to the Internet with any AirPort Extreme network design, try the following: On a computer using Mac OS X:  Make sure the wireless device is connected to the Internet. The computers on your AirPort network cannot connect to the Internet if your device is not connected to the Internet.  Check your Internet connection using your computer. If you can’t connect with your computer, the problem may be with your Internet connection.  On a Mac using Mac OS X v10.5, check the active network services in the Network pane of System Preferences. Make sure the ports you want to use are active.  Open Network preferences and then click AirPort. Make sure that the computer has joined the AirPort network created by your wireless device.  Restart your computer. This renews the IP address you receive from the wireless device. The IP addresses should be in the range of 10.0.1.2 to 10.0.1.200, 172.16.1.2 to 172.16.1.200, or 192.168.1.2 to 192.168.1.200, depending on the address scheme the wireless device uses.  If the wireless device is set up as a DHCP server, make sure you choose “Share a public IP address” from the Connection Sharing pop-up menu on the Internet Connection pane of Internet settings in AirPort Utility.  If you’re using a cable modem and your wireless device cannot connect to the Internet, turn off the cable modem, wait a few minutes, and then turn it on again. On a computer using Windows:  Make sure the wireless device is connected to the Internet. The computers on your AirPort network cannot connect to the Internet if your device is not connected to the Internet.  Check your Internet connection using your computer. If you can’t connect with your computer, the problem may be with your Internet connection.  Right-click the wireless connection icon, and then choose Status.58 Chapter 3 AirPort Network Designs  Make sure that the computer has joined the AirPort network created by your wireless device.  Restart your computer. This renews the IP address you receive from the wireless device. The IP addresses should be in the range of 10.0.1.2 to 10.0.1.200, 172.16.1.2 to 172.16.1.200, or 192.168.1.2 to 192.168.1.200 depending on the address scheme the device uses.  If the device is set up as a DHCP server, make sure the “Obtain an IP address automatically” checkbox is selected in the General pane of Internet Protocol (TCP/IP) Properties. Right-click the wireless connection icon and click Properties. Click Internet Protocol (TCP/IP), and then click Properties. More Information About AirPort You can find more information about AirPort in the following locations:  AirPort Utility Help Look in AirPort Utility Help for information on setting up an AirPort Extreme network; using an AirPort Extreme Base Station, an AirPort Express, or a Time Capsule; editing settings; avoiding sources of interference; locating additional information on the Internet; and more. On a computer using Mac OS X, open AirPort Utility and choose Help > AirPort Utility Help. On a computer using Windows, open AirPort Utility and click Help.  World Wide Web Apple AirPort website at www.apple.com/airportextreme Apple Support website at www.apple.com/support/airport4 59 4 Behind the Scenes This chapter defines terms and concepts used to discuss computer networks. Use it as a reference to help you understand what is taking place behind the scenes of your AirPort wireless network. Basic Networking Packets and Traffic Information travels across a network in chunks called packets. Each packet has a header that tells where the packet is from and where it’s going, like the address on the envelope when you send a letter. The flow of all these packets on the network is called traffic. How Information Reaches Its Destination Hardware Addresses Your computer “listens” to all of the traffic on its local network and selects the packets that belong to it by checking for its hardware address (also called the media access control, or MAC address) in the packet header. This address is a number unique to your computer. Every hardware product used for networking is required to have a unique hardware address permanently embedded in it. Your AirPort Card’s number is called the AirPort ID. IP Addresses Since the Internet is a network of networks (connecting millions of computers), hardware addresses alone are not enough to deliver information on the Internet. It would be impossible for your computer to find its packets in all the world’s network traffic, and impossible for the Internet to move all traffic to every network.60 Chapter 4 Behind the Scenes So, your computer also has an Internet Protocol (IP) address that defines exactly where and in what network it’s located. IP addresses ensure that your local Ethernet network receives only the traffic intended for it. Like the hierarchical system used to define zip codes, street names, and street numbers, IP addresses are created according to a set of rules, and their assignment is carefully administered. The hardware address is like your name; it uniquely and permanently identifies you. But it doesn’t offer any clues about your location, so it’s only helpful in a local setting. An IP address is like your street address, which contains the information that helps letters and packages find your house. Rules for Sending Information (Protocols) A protocol is a set of rules that define how communication takes place. For instance, a networking protocol may define how information is formatted and addressed, just as there’s a standard way to address an envelope when you send a letter. Using the AirPort Extreme Base Station This section describes the different network interfaces of the AirPort Extreme Base Station and describes the functions the base station can provide. Base Station Interfaces To use the AirPort Extreme Base Station, you configure how its networking interfaces will be used. The AirPort Extreme Base Station has five hardware networking interfaces:  AirPort interface: The AirPort interface creates an AirPort network for AirPortenabled computers to join. The base station can provide IP services such as DHCP and NAT using this interface. The base station cannot use the AirPort interface to establish a connection with the Internet.  Ethernet WAN (<) interface: Use the Ethernet WAN interface to connect DSL or cable modems and connect to the Internet.  Ethernet LAN (G) interface: If your base station has one or more Ethernet LAN interface ports, you can use them to provide IP services to local Ethernet clients.  USB (d) interface: Use the USB interface to connect a USB printer or hard disk to the AirPort Extreme Base Station. Status light Ethernet WAN port Power port USB port Ethernet ports Reset button Security slot < G ¯ ∏ dChapter 4 Behind the Scenes 61 Using the Time Capsule This section describes the different network interfaces of the Time Capsule and describes the functions it can provide. Time Capsule Interfaces To use your Time Capsule, you configure how its networking interfaces will be used. The Time Capsule has five hardware networking interfaces:  AirPort interface: The AirPort interface creates an AirPort network for AirPortenabled computers to join. The Time Capsule can provide IP services such as DHCP and NAT using this interface. The Time Capsule cannot use the AirPort interface to establish a connection with the Internet.  Ethernet WAN (<) interface: Use the Ethernet WAN interface to connect DSL or cable modems and connect to the Internet.  Ethernet LAN (G) interface: The Time Capsule has three Ethernet LAN interface ports. You can use them to provide IP services to local Ethernet clients.  USB (d) interface: Use the USB interface to connect a USB printer to the Time Capsule. Using the AirPort Express This section describes the different network interfaces of the AirPort Express Base Station and describes the functions the base station can provide. AirPort Express Interfaces To set up the AirPort Express Base Station, you configure how its networking interfaces will be used. The AirPort Express Base Station has four hardware networking interfaces:  AirPort interface: The AirPort interface creates an AirPort network for AirPortenabled computers to join. The base station can provide IP services such as DHCP and NAT using this interface. The base station cannot use the AirPort interface to establish a connection with the Internet.  Ethernet WAN (<) interface: Use the Ethernet WAN interface to connect DSL or cable modems and connect to the Internet.  USB (d) interface: Use the USB interface to connect a USB printer to the AirPort Extreme Base Station. < G ≤ d ∏ Status light Ethernet WAN port Power port Reset button USB port Ethernet ports Security slot62 Chapter 4 Behind the Scenes  Audio (-) interface: Use the analog and optical digital audio stereo mini-jack to connect an AirPort Express to a home stereo or powered speakers. Apple Wireless Device Functions  Bridge: Each Apple wireless device is configured by default as a bridge between the wireless AirPort network and the wired Ethernet network. Connecting an AirPort network to an Ethernet network through the device’s Ethernet LAN port (G) bridges the wireless AirPort network to the wired Ethernet network. Important: If you’re connecting an Ethernet network to the device’s Ethernet LAN port (G), make sure the Ethernet network does not have an Internet connection.  NAT router: One of the most powerful features of Apple wireless devices is their ability to share one Internet connection with several computers. To provide this service, the device acts as a router. The device can be configured to provide both bridging services and routing services at the same time.  DHCP server: When you configure the wireless device to act as a DHCP server, it provides IP addresses to both wired and wireless client computers that are configured to obtain IP addresses using DHCP. Using DHCP makes IP configuration simple for client computers, since they don’t need to enter their own IP information. Status light AC plug adapter USB port Ethernet port Line Out port (Analog and optical digital audio mini-jack) Reset button G - d ∏Chapter 4 Behind the Scenes 63 Items That Can Cause Interference with AirPort The farther away the interference source, the less likely it is to cause a problem. The following items can cause interference with AirPort communication:  Microwave ovens  DSS (Direct Satellite Service) radio frequency leakage  The original coaxial cable that came with certain types of satellite dishes. Contact the device manufacturer and obtain newer cables.  Certain electrical devices, such as power lines, electrical railroad tracks, and power stations  Cordless telephones that operate in the 2.4 gigahertz (GHz) range. If you have problems with your phone or AirPort communication, change the channel of your base station.  Other AirPort and wireless networks  Adjacent base stations using nearby channels. If base station A is set to channel 1, base station B should be set to channel 6 or 11. For best results, use channels 1, 6, or 11 when operating your base station in the 2.4 GHz range.  Moving objects that temporarily place metal between your computer and the base stationGlossary 64 Glossary 10Base-T The most common cabling method for Ethernet. 10Base-T conforms to IEEE standard 802.3. It was developed to enable data communications over unshielded twisted pair (telephone) wiring at speeds of up to 10 megabits per second (Mbps) up to distances of approximately 330 feet on a network segment. 10/100Base-T A networking standard that supports data transfer rates up to 100 Mbps. Because it is 10 times faster than Ethernet, it is often referred to as Fast Ethernet. 10/100/1000Base-T A term describing various technologies for transmitting Ethernet packets at a rate of a gigabit per second. Sometimes referred to as Gigabit Ethernet. In 2000, Apple’s Power Mac G4 and PowerBook G4 were the first mass-produced personal computers featuring the 10/100/1000Base-T connection. It quickly became a built-in feature in many other computers. 802.11a An IEEE standard for a wireless network that operates at 5 GHz with rates up to 54 Mbps. 802.11b An IEEE standard for a wireless network that operates at 2.4 GHz with rates up to 11 Mbps. 802.11g An IEEE standard for a wireless network that operates at 2.4 GHz Wi-Fi with rates up to 54 Mbps. 802.11n A task group of the IEEE 802.11 committee whose goal is to define a standard for high throughput speeds of at least 100 Mbps on wireless networks. Some proposals being fielded by the task group include designs for up to 540 Mbps, Multiple-input multiple-output (MIMO) technology, using multiple receivers and multiple transmitters in both the client and access point to achieve improved performance, is expected to form the basis of the final specification. See Mbps, MIMO. access point Also known as a wireless access point (WAP), a device that connects wireless devices together to form a network. authentication The process that occurs after association to verify the identity of the wireless device or end user and allow access to the network. See WPA, WPA2.Glossary 65 backbone The central part of a large network that links two or more subnetworks. The backbone is the primary data transmission path on large networks such as those of enterprises and service providers. A backbone can be wireless or wired. bandwidth The maximum transmission capacity of a communications channel at any point in time. Bandwidth, usually measured in bits per second (bps), determines the speed at which information can be sent across a network. If you compare the communications channel to a pipe, bandwidth represents the pipe width and determines how much data can flow through the pipe at any one time. The greater the bandwidth, the faster data can flow. See bps. base station In the area of wireless computer networking, a base station is a radio receiver/transmitter that serves as the hub of the local wireless network, and may also be the gateway between a wired network and the wireless network. A base station can also be referred to as an access point or router. Bluetooth A technology designed for short-range, wireless communications among computing devices and mobile products, including PCs and laptop computers, personal digital assistants, printers, and mobile phones. Designed as a cable replacement, Bluetooth enables short-range transmission of voice and data in the 2.4 GHz frequency spectrum within a range of about 30 feet. bps Bits per second. A measure of data transmission speed across a network or communications channel; bps is the number of bits that can be sent or received per second. It measures the speed at which data is communicated and should not be—but often is—confused with bytes per second. Whereas “bits” is a measure of transmission speed, “bytes” is a measure of storage capacity. See bandwidth, Mbps. bridge A wireless device that connects multiple networks together. Using an access point as a bridge turns off Network Address Translation (NAT) and DHCP routing and simply extends the range of service. broadband A comparatively fast Internet connection possessing sufficient bandwidth to accommodate multiple voice, data, and video channels simultaneously. Cable, DSL, and satellite are all considered to be broadband channels; they provide much greater speed than dial-up Internet access over telephone wires. See cable modem, DSL. broadband modem A device that connects a local computer or network to a highspeed Internet service, such as DSL or Cable Internet. See cable modem, DSL. cable modem A device used with broadband Internet service provided by a traditional cable TV service. Cable modems convert analog data from the cable TV system into a digital format that can be used by a computer. See broadband modem.66 Glossary channel One portion of the available radio spectrum that all devices on a wireless network use to communicate. Changing the channel on the access point/router can help reduce interference. client Any computer or device connected to a network that requests files and services (files, print capability) from the server or other devices on the network. The term also refers to end users. DHCP Dynamic Host Configuration Protocol. A protocol for dynamically assigning IP addresses from a predefined list to nodes on a network. When they log on, network nodes automatically receive an IP address from a pool of addresses served by a DHCP. The DHCP server provides (or leases) an IP address to a client for a specific period of time. The client will automatically request a renewal of the lease when the lease is about to run out. If a lease renewal is not requested and it expires, the address is returned to the pool of available IP addresses. Using DHCP to manage IP addresses simplifies client configuration and efficiently utilizes IP addresses. See IP address. DNS Domain Name System. An Internet service that translates alphanumeric domain names to assigned IP addresses and vice versa. The term is typically used to describe the server that makes the translation. Every website has its own specific IP address on the Internet. DNS typically refers to a database of Internet names and addresses that translates the alphanumeric names to the official Internet Protocol numbers and vice versa. For instance, a DNS server converts a name like mywebsite.com to a series of numbers like 107.22.55.26. See IP, IP address. DSL Digital Subscriber Line. A dedicated digital circuit between a residence or business and a telephone company’s central office. It allows high-speed data, voice, and video transmissions over existing twisted-pair copper plain old telephone service (POTS) telephone wires. See broadband. dual-band A device that is capable of operating in either of two frequencies. On a wireless network, dual-band devices are capable of operating in the 2.4 GHz (802.11b/g) or 5 GHz (802.11a) bands. encryption A mechanism for providing data confidentiality. See WPA, WPA2. Ethernet The most popular international standard technology for wired local area networks (LANs). It provides from 10 Mbps transmission speeds on basic 10Base-T Ethernet networks to 100 Mbps transmission speeds on Fast Ethernet networks, 1000 Mbps on Gigabit Ethernet, and 10,000 Mbps on 10 Gigabit Ethernet.Glossary 67 firewall A system of software and/or hardware that resides between two networks to prevent access by unauthorized users. The most common use of a firewall is to provide security between a local network and the Internet. Firewalls can make a network appear invisible to the Internet and can block unauthorized and unwanted users from accessing files and systems on the network. Hardware and software firewalls monitor and control the flow of data in and out of computers in both wired and wireless enterprise, business and home networks. They can be set to intercept, analyze, and stop a wide range of Internet intruders and hackers. gateway In the wireless world, a gateway is an access point with additional software capabilities such as providing NAT and DHCP. Gateways may also provide VPN support, roaming, firewalls, various levels of security, and so on. hotspot A location where users can access the Internet using Wi-Fi laptops and other Wi-Fi enabled devices. Access may be provided free or for a fee. Hotspots are often found at coffee shops, hotels, airport lounges, train stations, convention centers, gas stations, truck stops, and other public meeting areas. Corporations and campuses often offer hotspot service to visitors and guests. Hotspot service is sometimes available aboard planes, trains, and boats. hub A multiport device used to connect client devices to a wired Ethernet network. Hubs can have numerous ports and can transmit data at speeds ranging from 10 to 1000 Mbps to all the connected ports. A small wired hub may only connect 4 computers; a large hub can connect 48 or more. See router. IEEE 802.11 The family of specifications developed by the Institute of Electrical and Electronics Engineers (IEEE) 802.11 committee, which establishes standards for wireless Ethernet networks. 802.11 standards define the over-the-air interface between wireless clients and a base station, or an access point that is physically connected to the wired network. IP Internet Protocol. The basic communications protocol of the Internet. See IP address, TCP/IP. IP address Internet Protocol address. IP Version 4, the most widely used Internet protocol, provides a 32-bit number that identifies the sender or receiver of information sent across the Internet. An IP address has two parts: The identifier of the particular network on the Internet and the identifier of the particular device (which can be a server or a workstation) within that network. The newer IP, Version 6, provides a 128-bit addressing scheme to support a much greater number of IP addresses. See DHCP, DNS, IP. IP subnet An IP subnet is a local network as defined by IP network numbers. Connecting to a subnet involves connecting to the appropriate hardware network and configuring IP for that network.68 Glossary LAN Local area network. A system of connecting PCs and other devices within the same physical proximity for sharing resources such as an Internet connections, printers, files, and drives. When Wi-Fi is used to connect the devices, the system is known as a wireless LAN or WLAN. See WAN. MAC address Media Access Control address. A unique hardware number that identifies each device on a network. A device can be a computer, printer, and so on. A MAC address is also known as an AirPort ID. Mbps Megabits per second. A measurement of data speed equivalent to a million bits per second. MIMO Multiple-input multiple-output. An advanced signal processing technology that uses multiple receivers and multiple transmitters in both the client and access point to achieve data throughput speeds of 100 Mbps. See 802.11n. NAT Network Address Translation. A network capability that enables multiple computers to dynamically share a single incoming IP address from a dial-up, cable, or DSL connection. NAT takes a single incoming public IP address and translates it to a new private IP address for each client on the network. See DHCP, IP address. network name A name used to identify a wireless network. See SSID. NIC Network interface card. A wireless or wired PC adapter card that allows the client computer to utilize network resources. Most office-wired NICs operate at 100 Mbps. Wireless NICs operate at data rates defined by 802.11 standards. packet A unit of information transmitted from one device to another on a network. A packet typically contains a header with addressing information, data, and a checksum mechanism to ensure data integrity. pass phrase A series of characters used to create a key that is used by Wi-Fi Protected Access (WPA). See PSK, WPA. print server A network device, often a computer, that connects to at least one printer, allowing it to be shared among computers on a network. PSK Pre-shared key. A mechanism in Wi-Fi Protected Access (WPA)-Personal that allows the use of manually entered keys or passwords to initiate WPA security. The PSK is entered on the access point or home wireless gateway and each PC that is on the Wi-Fi network. After entering the password, Wi-Fi Protected Access automatically takes over. It keeps out eavesdroppers and other unauthorized users by requiring all devices to have the matching password. The password also initiates the encryption process which, in WPA is Temporal Key Integrity Protocol (TKIP) and in WPA2 is Advanced Encryption Standard (AES). See TKIP, WPA-Personal, WPA2-Personal.Glossary 69 roaming (Wi-Fi) The ability to move from one area of Wi-Fi coverage to another with no loss in connectivity (hand-off). router A wireless router is a device that accepts connections from wireless devices to a network, includes a network firewall for security, and provides local network addresses. See hub. server A computer that provides resources or services to other computers and devices on a network. Types of servers include print servers, Internet servers, mail servers, and DHCP servers. A server can also be combined with a hub or router. See DHCP, hub, router. SSID Service set identifier. A unique 32-character network name, or identifier, that differentiates one wireless LAN from another. All access points and clients attempting to connect to a specific WLAN must use the same SSID. The SSID can be any alphanumeric entry up to a maximum of 32 characters. See network name. subnet An IP address range that is part of a larger address range. Subnets are used to subdivide a network address of a larger network into smaller networks. Subnets connect to other networks through a router. Each individual wireless LAN will typically use the same subnet for all of its clients. See IP address, router. TCP Transmission Control Protocol. The transport-level protocol used with the Internet Protocol (IP) to route data across the Internet. See IP, TCP/IP. TCP/IP The underlying technology of Internet communications. While IP handles the actual delivery of data, TCP tracks the data packets to efficiently route a message through the Internet. Every computer in a TCP/IP network has its own IP address that is either dynamically assigned at startup (see DHCP) or permanently assigned as a static address. All TCP/IP messages contain the address of the destination network, as well as the address of the destination station. This enables TCP/IP messages to be transmitted to multiple networks (subnets) within an organization or worldwide. For example, when a user downloads a webpage, TCP divides the page file on the web server into packets, numbers the packets, and forwards them individually to the user’s IP address. The packets may be routed along different paths before reaching the user’s address. At the destination, TCP reassembles the individual packets, waiting until they have all arrived to present them as a single file. See IP, IP address, packet, TCP. throughput Usually measured in bps, Kbps, Mbps or Gbps, throughput is the amount of data that can be sent from one location to another in a specific amount of time. See bps, Mbps. USB Universal Serial Bus. A high-speed bidirectional serial connection used to transfer data between a computer and peripherals such as digital cameras and memory cards. 70 Glossary WEP Wired equivalent privacy. The original security standard used in wireless networks to encrypt the wireless network traffic. See WPA, Wireless local area network. Wi-Fi A term developed by the Wi-Fi Alliance to describe wireless local area network (WLAN) products that are based on the Institute of Electrical and Electronics Engineers. Wi-Fi Certified The certification standard designating IEEE 802.11-based wireless local area network (WLAN) products that have passed interoperability testing requirements developed and governed by the Wi-Fi Alliance. wireless network Devices connected to a network using a centralized wireless access point. See WLAN. WLAN A data communications network that spans large local, regional, national, or international areas and is usually provided by a public carrier (such as a telephone company or service provider).The term is used to distinguish between phone-based data networks and Wi-Fi networks. Phone networks are considered wide area networks (WANs) and Wi-Fi networks are considered wireless local area networks (WLANs). See LAN. WPA - Enterprise Wi-Fi Protected Access-Enterprise. A wireless security method that provides strong data protection for multiple users and large managed networks. It uses the 802.1X authentication framework with TKIP encryption and prevents unauthorized network access by verifying network users through an authentication server. See 802.1X. WPA - Personal Wi-Fi Protected Access-Personal. A wireless security method that provides strong data protection and prevents unauthorized network access for small networks. It uses TKIP encryption and protects against unauthorized network access. WPA2 Wi-Fi Protected Access 2. The follow-on security method to WPA for wireless networks that provides stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks. Based on the ratified IEEE 802.11i standard, WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm and 802.1X-based authentication. There are two versions of WPA2: WPA2- Personal and WPA2-Enterprise. WPA2-Personal protects unauthorized network access by utilizing a set-up password. WPA2-Enterprise verifies network users through a server. WPA2 is backward compatible with WPA. Like WPA, WPA2 uses the 802.1X/EAP framework as part of the infrastructure that ensures centralized mutual authentication and dynamic key management and offers a pre-shared key for use in home and small office environments. Like WPA, WPA2 is designed to secure all versions of 802.11 devices, including 802.11b, 802.11a, and 802.11g, multiband and multimode. See WPA2- Enterprise, WPA2-Personal.Glossary 71 WPA2 - Enterprise Wi-Fi Protected Access 2 - Enterprise. The follow-on wireless security method to WPA that provides stronger data protection for multiple users and large managed networks. It prevents unauthorized network access by verifying network users through an authentication server. See WPA2. WPA2 - Personal Wi-Fi Protected Access 2 - Personal. The follow-on wireless security method to WPA that provides stronger data protection and prevents unauthorized network access for small networks. See WPA2, PSK.www.apple.com/airportextreme www.apple.com/airport © 2009 Apple Inc. All rights reserved. Apple, the Apple logo, AirPort, AirPort Extreme, AppleShare, AppleTalk, Back to My Mac, Bonjour, Mac, and Mac OS are trademarks of Apple Inc., registered in the U.S. and other countries. AirPort Express, AirTunes, Time Capsule, and Time Machine are trademarks of Apple Inc. Other product and company names mentioned herein may be trademarks of their respective companies. 019-1257 Time Capsule3  5 1 7 Time Capsule 8  AirPort  9  11 Time Capsule 13 2 Time Capsule 14 Time Capsule  17  AirPort  19  19  ! Internet " 21 #$%& 22 '()*+,-./0"12 23 3Time Capsule 4 Time Machine 25 3 25 5627"1 Internet 25 56289-.:Time Capsule -. 26 56Time Capsule ;<=> 27 56Time Capsule  ?@ABC4 28 56DEF;<=> 29 G AirPort  29 HITime Capsule JKLM 30 NO AirPort PQR& 31 4 33 Time Capsule 36 Regulatory Compliance Information1 5 1  Time Capsule Time Capsule Time Capsule 0S2TUL#V Wi-Fi WXYZ[\❡ Mac OS X v10.5.2 Leopard :^4_`a Time Machine >❝0^TcLd4 eZ[ 4e 23 ? ➋A Time Capsule 5 Time Machine➌❡  Ÿ-. ¡¢£"1 Internet❝Sžfg Wi-Fi Z ⑧5 iPhone❞iPod touch  Apple TV⑨kl ! Internet "❡2¤0^3"1h fg¥¦ !§¨❡  <-. ¡:;<-. ¡©ª❝«¬d­< Internet "®¯ z{°±K ⑧ˆ5fg❞iPhone❞iPod touch  Apple TV⑨❡  d Time Capsule "1h2›œ❡pZtu Macintosh❞ Windows XP : Windows Vista fg™š1❝/u"1s‚❡  d²³ USB DEF"1h2 Time Capsule❡AirPort 4e<“”fg ⑧<:⑨´u"1hµDEF#V¶D❡  d·1 USB ¸¹"1h2 Time Capsule 4❡AirPort 4e<“”fg ⑧<:⑨´uº»¸¹¼½¾❡ 1  7  d USB ¿À"1h Time Capsule 4❝ÁÂÃ"1Ă USB Z ⑧5DEF: ¸¹⑨❡4e / ➝§¨I¼❤56n Windows XP : Windows Vista fg❝FnB [ J ] > [ e< ] > AirPort ¼❡ -./01( Time Capsule ÷ðZKL❝'()*"1❡ý: ;< 22 ì➋'()*+,-./0"12 ➌❡ /2 13 2  Time Capsule Time Capsule Internet AirPort `Mdz{ê¶N\OP✐dTime Capsule "1 Internet❝^ ➜AirPort ➝¼QR2 Time Capsule žtu❡5G Ä“½Q❝^ ➜AirPort ➝#$tu“½Q❝ý:; www.apple.com/tw/support/airport S4 ➜ AirPort T AirPort  ⑧Mac OS X v10.5 + Windows⑨➝❡ 32ç±q Time Capsule ãä¥å¹4 ➜AirPort ➝¥Â❝2K0^  ➜AirPort ➝¼QRUVVoWpK\ X❡íî#$%&❝ý3 ➜AirPort ➝ ➜wLx➝%ia%D ➜þY➝❡ý:;< 21 ì ➋#$%&➌❡14  2  Time Capsule Time Capsule ~2 Time Capsule z{ Internet "l❝ê¶fgZdu"1  AirPort  !§¨❞YZ[❝^ Internet > ⑧ˆ5\ ]Àf^_`>⑨✐  pZ ➜AirPort ø➝ ➜AirPort Extreme ø➝ Macintosh fg  pZ 802.11a❞802.11b❞802.11g  IEEE 802.11n draft ñòtufg  ž Wi-Fi Z ›œ"1 Time Capsule fgm0º» !§¨^"1 Internet❡ í2ç±q Mac OS X v10.5.2 :^4_`❝2K0^Time Machine d4 e / ➝§¨ I¼❤^Windows fg [ J ] > [ e< ] > AirPort ¼⑨❝%D2 Time Capsule❝ÁÂ×jê ➜e*➝❡ 4 èéfg4 +h❡ 5 Mac OS X v10.5 6789:;<✐ 1 ý%D ➜i6➝ > ➜j♠➝❝ÁÂ×jê ➜¶DÊl➝❡ 2 ×jê ➜Ž,➝⑧+⑨❝ÁÂ3¶E¼%D2DEF❡ 3 ×jê ➜Ž,➝×Ø❡ 56¶Ea;<á DEF❝ý¶4×ØmnDEF❡ 5 Mac OS X v10.3 ,10.4 6789:;<✐ 1 c ➜DEF➝⑧B ➜> / ➝§¨Io⑨❡ 2 %D¶EaDEF❡ 56¶Ea;<á DEF❝ý×jê ➜Ž,➝£A%ia%D Bonjour❝ Á¶Ea%DDEF❡ =>Windows XP , Vista 679:;<✐ 1 ý Time Capsule ãäå¹4ç± Windows _` Bonjour❡ 2 ýèéfg4 +h"1h2DEF❡  AirPort fg:ž“”ø:p1øfg❝d0™š Time Capsule "1 Internet❡"1h Time Capsule ›œËfgm0º»" 1 Internet❡ 2  Time Capsule 17 ™š Time Capsule❝fg"1h›œËfgmu“q#VPQ❡ AirPort íî£pK2 Time Capsule❝ý ➜AirPort ➝¼QR ❡➜AirPort ➝€32ç± Time Capsule å¹4lj"ç±❡ 5 Mac OS X v10.4 ,8?@ Macintosh 678✐ 1 c ➜AirPort ➝⑧B ➜> / ➝§¨Io⑨❡ 2 %D2 Time Capsule ÁÂ×jê [ e*]❡ 56; [ e< ] > AirPort⑨❡ 2 %D2 Time Capsule ÁÂ×jê [ e*]❡18  2  Time Capsule 3 ýèéfg4 +h Time Capsule 2❡ ➜AirPort ➝¼QR€vÝ2jƓÝÞ❝wxî y‹2îz{❝£€|R2+,ö❡ 562î Time Capsule "1 Internet❝2óô} Internet z{{>~ ⑧ISP⑨ý—} ⑧DSL :ÎÏÐF⑨€ ❝:n™šÑ<›œ"1 Internet❡í2 ISP 1h‚½Q ⑧5ƒ IP B„: DHCP )* ID⑨❝0 uî3 ➜AirPort ➝a+,ÅƽQ❡32 Time Capsule l❝ý9 êÅƽQ^Zd❡ 2  Time Capsule 19 20^ ➜AirPort ➝¼QR❡Q Rd…†2UVóô‡ˆ'‰Š❞-. ¡❝ž&â ❡ í2î34 ! USB DEF: USB ¸¹✐ 1 dDEF:¸¹"1h Time Capsule  USB Ë ⑧d⑨❡ 2 c ➜AirPort ➝⑧B Macintosh fg4 ➜> / ➝§ ¨I¼❤:Windows XP fg [ J ] > [ e< ] > AirPort ¼⑨❡ 3 %D2 Time Capsule ÁÂ×jê [ e*]❡ 56; / ➝§¨ I¼❤56nWindows XP fg❝FnB [ J ] > [ e< ] > AirPort ¼⑨❡ 2 %D2 Time Capsule ÁÂ×jê [ e*]❡ í2%3G÷ Time Capsule❝20uî"1÷❝Á ÂÃG Time Capsule ❡ íî3 Macintosh fg4%D2îG❝ý%i¶a AirPort %i❡3Windows XP fg4❝dŽ ï3"‘ 4❝ $h2r’Š“ (SSID) '(❝í”iaÑĂ❝ý%D2❡ 3 ýèéfg4 +h ! Time Capsule  Internet "❡ ➜AirPort ➝z{Tc Time Capsule à7❡562î ž%&❝5¯•"❝:n#$ DHCP %&❝ý ➜AirPort ➝ ➜wLx➝%ia%D ➜þY➝❡ 2  Time Capsule 21 í2î#$ Time Capsule %& ⑧5#$çW%&❞–—❞DHCP ˜ ™l¦❞"®¯•❞fûü❞3€ ^ž⑨❝ý ➜AirPort ➝þY Time Capsule❡ 9F"G✐ 1 c ➜AirPort ➝⑧B Macintosh fg4 ➜> / ➝§ ¨I¼❤^Windows XP fg [ J ] > [ e< ] > AirPort ¼⑨❡ 2 í¶EaÑĂZ❝ý%D2îZ❡56;❝20^Z[fg4e<& â❝w¬2é­❞®¯❞°­±`❡32dTime Machine r#Â❝€ ªXYZ[2fg❡ 562n Mac OS X v10.5.2 :^4_`❝~2²H"1 Time Capsule l❝Time Machine €vÝ2n³îZ[2§¨❡ý×jê ➜\'Z[´¹➝❝ ÁÂTime Machine €XYr#µêY\❡  Mac OS X Leopard ➜j➝ Time Machine ÈCXYZ[❞ ¶j‚Z[´¹❝:nsž❡ 5 Mac OS X Leopard 678,VWTime Machine✐ 1 ý%D ➜i6➝ > ➜j♠➝❝ÁÂ×jêTime Machine❡ 2 dh ➜➝❡ 3 ×jê ➜G´¹➝❡ 4 %D2 Time Capsule £×jê ➜Z[➝❡24  2  Time Capsule ·Z[½¾I¸❝2 ➜Mac QR+h➝❝ÁÂ3mnÆBa+, Time Machine❡3 25 3 XYZ[\]^ Time Capsule Internet  ý£G$12fg"1 Internet❡5627"1❝ý&2n%& ❡56%&❝Ǥn7"1❝ýÈÉ2 Internet  z{{>~ ⑧ISP⑨❡  ý&2"1n%&❡ Time Capsule 20^ÖK Time Capsule ”Ÿ AirPort -.: Time Capsule -.❡ _` Time Capsule PQ✐ 1 ÊËÌ ⑧ˆ58^Í⑨×ÎÖK×Øj ❡ 7k lmnolpqrst❝u+,Y vwx❡26  3  2 %D2 AirPort ❡  5 Macintosh 678❝%i¶a AirPort %i%D Time Capsule  ⑧Š“€Ï⑨❡  5Windows XP ab678❝dŽ ï3"‘ 4❝$h2 r’ [AirPort Š“ ] (SSID) '(❝í”iaÑĂ❝ý%D2 AirPort ❡ 3 c ➜AirPort ➝⑧B Macintosh fg4 ➜> / ➝§ ¨I¼❤^Windows XP fg [ J ] > [ e< ] > AirPort ¼⑨❡ 4 %D2 Time Capsule❝£ ➜wLx➝%ia%D ➜þY➝❡ 5 ׶a AirPort jê❝ÁÂ×jê ➜wLx➝❡ 6 +, Time Capsule -.❡ 7 ×jê ➜➝£ ➜çWЛ➝A%ia%DŽ-àŽ- tu❝£–'2 AirPort Y-. ¡❡íqŽ-tu❝ý+, AirPort -.❡ 8 × ➜G➝jêÖY Time Capsule❝£–Ñ,❡ Time Capsule GÒd AirPort Extreme fÓÂ❝ÃÖd=❡ í Time Capsule rW(=>❝20uîdwLxÖK'ÔÕÖ❡ / Time Capsule noyz{|Y}~v€‚Vƒ„Y ❝… v/ Time Capsule noyz{|Y}❡ 3  27 c Time Capsule defghi✐ m ÊËÌ⑧ˆ58^Í⑨×ÎÖK×Ø❝$h „?@'(⑧™ 5 ⑨❡ Time Capsule d€^ê¶ÖK✐  Time Capsule € DHCP 1 IP B„❡  Š“d€ÖK# ➜Apple Network XXXXXX➝⑧a XXXXXX €^ AirPort ID a Â×.».⑨❡  Time Capsule -.€ÖK# public❡ k Time Capsule lmnopq❝rst;uv✐ 1 ÓØ Time Capsule f❡ 2 ~2, Time Capsule l❝ýÊËÌ×ÎÖK×Ø❡ Time Capsule 0un›œ;<1❝Time Capsule ¡ AirPort PQÙÚ❝:n Internet z{{>~ ⑧ISP⑨ÛÕ45qÝÞ❡562n DSL :ÎÏÐ F"1 Internet❝m0unÏÐF: Internet ¥¦"÷6aÜ❡œ ÏÐFr"?\%@❝mý£GaÜÏÐFf❝¤ÝÞ ¥ÂÃÖ" 1❡3Ö14ÏÐFf¥ß❝ý& Time Capsule n™š›œ$1 "1hÏÐF4❡28  3  5GÄ ?@89“½Q❝ýc ➜AirPort ➝❝%D2 Time Capsule❝Á ➜wLx➝%ia%D ➜þY➝❡×jê ➜wLx ➝á ?@“½Q❡ 2m0^3 AirPort j¼%D ➜·wLxn³<ÝÞ➝❡56wLx4 5ÝÞ❝➜AirPort ➝€❝£|R2ÙÚÝÞ❡ í2÷dDEF"1h Time Capsule 4 USB Ë❝Çn AirPort 4fg7 #V¶D❝ýUV궇ˆ✐ 1 &÷14£÷DEF❡ 2 &1÷ßß14DEF Time Capsule 4 USB Ë❡ 3 &÷3)*fg4 ➜DEF¶E➝·à¼%DDEF❡ 5 Mac OS X v10.5 ,8?@ Macintosh 678✐  ý%D ➜i6➝ > ➜j♠➝❝ÁÂ×jê ➜¶DÊl➝❡  ×jê ➜Ž,➝⑧+⑨£%D¶EaDEF❝ÁÂ×jê ➜Ž,➝⑧+⑨❡ 5 Mac OS X v10.2.7 ,8?@ Macintosh 678✐  c ➜DEF➝⑧B ➜> / ➝§¨Io⑨❡  íDEF3¶E¥o❝ý× ➜Ž,➝jê❡  A%ia%D Bonjour❝%DDEF❝ÁÂ×jê ➜Ž,➝⑧+⑨❡ 3  29 5Windows XP 678✐   [ J ] tuEac [ ¶DÊl ]❡  %DDEF❡í”ia2ÑDEF❝× [ áDEF ] jê❝ÁÂèéfg4 +h #V❡ 4 —DEF❝¤ÝÞ ¥ÂÃÖYDEF❡ AirPort Apple €ªz{G AirPort ❡â2G Time Capsule  ❡ 20^3 AirPort j¼%D ➜~c AirPort lãäG&â➝: ➜ãäG&â➝❡562å% ➜ãäG&â➝❝ý3A%i¼%Dj‚ æªl¦ ⑧ˆ5¼æ⑨❝«¬XYãäG&â❡ Time Capsule ê¶âR&0|R2 Time Capsule çhPQÙڐ‘è éêÙÚ❡  d2 Time Capsule KëìÌ ⑧5í:îï⑨‰ðJñe❡òIî SóôõöEÈ❡  í2d Time Capsule KíÂà❝ýS Time Capsule íÕ÷¥¦ )ú ð 2.5 øW ⑧1 ùú⑨ûü❡  ýþd2 Time Capsule JK3<ÒÈ^4õöÈñe❡30  3   í2d Time Capsule K¬®Z¯a❝>ýþ Time Capsule  Ò®❞·Q:f❡d21¿aJK Time Capsule j ❡ 0uS Time Capsule 1¥¦ÕV ¦❡  ± Time Capsule BK❝>ûü ❞2.4 : 5 gigahertz ⑧GHz⑨f ^žNOð 7.6 ø ⑧25 ù⑨❡  ýdžÌ` ⑧❞❞ ̤⑨J3Time Capsule 4È❡Ž€N OTime Capsule ❡ AirPort ûüNO❝uð#ÝÞ0u•❡ ê¶&â0u€NO AirPort PQ✐   $z{ ⑧DSS⑨f}  !Æy‹¹‹¨eãäk"fÎ❡ýZ#~ÈÉ^»b‹ fÎ❡  !Æf$%❝ˆ5f❞f&è'()^4fÔ¤   2.4 : 5 GHz }*f❡562f: AirPort PQ45ÝÞ❝ý GwLx: Time Capsule e})❝:Gfe})❡  “ôwLx“+})❡ˆ5❝56wLx A '}) 1❝wLx B K>'}) 6 :}) 11❡4 31 4 wxyz❞|}~€ Time Capsule 5 Time Capsule “½Q❝ýß, www.apple.com/tw/airport S❡ íî-. Time Capsule⑧56~²23ç± Time Capsule å¹4l£2- .⑨❝ýß, www.apple.com/tw/register S❡ 5 AirPort ²³½Q❞‚/0½Q3/’12Ó❝^ Apple  êÑ❝ýß, www.apple.com/tw/support/airport S❡ 534^·²³z{❝ýß, www.apple.com/tw/support S❝£%D2 4¢:LÓ❡32  4  íî7ÙGÄ3 Time Capsule 4 ➜AirPort ➝“½Q❝ýc ➜AirPort ➝£%D ➜QR+h➝ > ➜AirPort QR+h➝❡ í2 Time Capsule Û567:n7%@?\❝ýèé`þ.a+h ❞ fgQR+h4½ü❡ í Time Capsule 8Á7,9?\❝ýß, www.apple.com/tw/support S^7 Ù5»b ƒz{½Q❡ Time Capsule 2 Time Capsule :oD<- ❡33 Time Capsule ‚ƒ„~C… †‡ Time Capsule  ˆ‰Š‹✐2.4  5 GHz  LŒMf3‹✐ƒ 23 dBm ⑧;⑨  Ž✐802.11 DSSS 1  2 Mbps ïð❝802.11a❞802.11b❞802.11g ñò draft 802.11n ñò  1 RJ-45 10/100/1000Base-T Gigabit ›œ WAN ⑧<⑨  3 RJ-45 10/100/1000Base-T Gigabit ›œ LAN ⑧G⑨  P-¶<=> ⑧USB d⑨ 2.0  802.11 a/b/g/n AirPort Extreme   v‘✐0° C ú 35° C ⑧32° F ú 95° F⑨  ’“‘✐–25° C ú 60° C ⑧–13° F ú 140° F⑨  ”•–‘ ⑧v—⑨✐20% ú 80%  ”•–‘ ⑧’“—⑨✐10% ú 90%❝?@A 34 ˜ Time Capsule  ™‘✐197.0 øB ⑧7.75 ùú⑨  š‘✐197.0 øB ⑧7.75 ùú⑨  ›‘✐36.33 øB ⑧1.43 ùú⑨  _œ✐1.6 øC ⑧3.5 ùD⑨ MAC Time Capsule :oD<҂¸B„✐  AirPort ID✐Ł‚B„nEF4 Time Capsule❡  žNO ID✐íîd Time Capsule "1 Internet❝20uîz{µB„½Q° 2 ISP❡ Time Capsule  d Time Capsule frW—Gjà7naÜf❡  ~"1:ÓØ Time Capsule l❝ý{óHÎI❡îSþ óôI õöo[❡  2n89❝œn Time Capsule ;<14f❝´0^dJÙ❡í 2 Time Capsule îz{❝ý:;< 31 ì ➋GÄ+h❞z{²³➌❡  ý Vd1I,Ê+Ëa❡í27^öü%$d1I,Ê+Ëa❝ ÛK«ñò0u£“õ❡ý&21IÊ+ËL¬“õ❝–2nd 1I, >Ê+Ëa❡˜ Time Capsule 35  ~2 Time Capsule l❝·MN Oƒn%@ÑP❡Time Capsule ·M <t❝uʆooQ`N❝4ú·o‰R &a❡  S Time Capsule üS❝5T¾❞UV❞WX❞YW¦¤ñe❡  ý ¡ Time Capsule❝ýþŸhZå$[❝£–ýþ9\]:ž9^¸Ÿ _❡  ý îS`Ì:Sab32 Time Capsule 4❡í454PcË❝ ýӟfÔüabS❡  ýî3d· Time Capsule❡Time Capsule nTdo/0❡ 3KJ:¿elíü~❝0u€ Time Capsule #6f❡~23?Œš a❝ý îgh Time Capsule❡ !†‡ˆ0‰Š‹ŒŽ❝(A‘’“”•–ƒ  Time Capsule❡ (—˜™š  Time Capsule ›œ/žŸ❡7a/Œˆ0 ¡… ¢„£¤¥¦§x¨❡AirPort Express ©ª…^«h¬­®¯°❡36 Regulatory Compliance Information Wireless Radio Use This device is restricted to indoor use due to its operation in the 5.15 to 5.25 GHz frequency range to reduce the potential for harmful interference to cochannel Mobile Satellite systems. Cet appareil doit être utilisé à l’intérieur. Exposure to Radio Frequency Energy The radiated output power of this device is well below the FCC and EU radio frequency exposure limits. However, this device should be operated with a minimum distance of at least 20 cm between its antennas and a person’s body and the antennas used with this transmitter must not be colocated or operated in conjunction with any other antenna or transmitter subject to the conditions of the FCC Grant. FCC Declaration of Conformity This device complies with part 15 of the FCC rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. See instructions if interference to radio or television reception is suspected. Radio and Television Interference This computer equipment generates, uses, and can radiate radio-frequency energy. If it is not installed and used properly—that is, in strict accordance with Apple’s instructions—it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in Part 15 of FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. You can determine whether your computer system is causing interference by turning it off. If the interference stops, it was probably caused by the computer or one of the peripheral devices. If your computer system does cause interference to radio or television reception, try to correct the interference by using one or more of the following measures:  Turn the television or radio antenna until the interference stops.  Move the computer to one side or the other of the television or radio.  Move the computer farther away from the television or radio.  Plug the computer into an outlet that is on a different circuit from the television or radio. (That is, make certain the computer and the television or radio are on circuits controlled by different circuit breakers or fuses.) If necessary, consult an Apple Authorized Service Provider or Apple. See the service and support information that came with your Apple product. Or, consult an experienced radio/television technician for additional suggestions. Important: Changes or modifications to this product not authorized by Apple Inc. could void the EMC compliance and negate your authority to operate the product.37 This product was tested for FCC compliance under conditions that included the use of Apple peripheral devices and Apple shielded cables and connectors between system components. It is important that you use Apple peripheral devices and shielded cables and connectors between system components to reduce the possibility of causing interference to radios, television sets, and other electronic devices. You can obtain Apple peripheral devices and the proper shielded cables and connectors through an Apple-authorized dealer. For non-Apple peripheral devices, contact the manufacturer or dealer for assistance. Responsible party (contact for FCC matters only) Apple Inc., Corporate Compliance, 1 Infinite Loop M/S 26-A, Cupertino, CA 95014-2084 Industry Canada Statement This Class B device meets all requirements of the Canadian interference-causing equipment regulations. Cet appareil numérique de la Class B respecte toutes les exigences du Règlement sur le matériel brouilleur du Canada. VCCI Class B Statement Europe—EU Declaration of Conformity For more information, see www.apple.com/euro/ compliance. European Union — Disposal Information This symbol means that according to local laws and regulations your product should be disposed of separately from household waste. When this product reaches its end of life, take it to a collection point designated by local authorities. Some collection points accept products for free. The separate collection and recycling of your product at the time of disposal will help conserve natural resources and ensure that it is recycled in a manner that protects human health and the environment. Disposal and Recycling Information This product has an internal battery. Please dispose of it according to your local environmental laws and guidelines. For information about Apple’s recycling program, go to www.apple.com/environment. California: The coin cell battery in your product contains perchlorates. Special handling and disposal may apply. Refer to www.dtsc.ca.gov/hazardouswaste/ perchlorate. Deutschland: Dieses Gerät enthält Batterien. Bitte nicht in den Hausmüll werfen. Entsorgen Sie dieses Gerätes am Ende seines Lebenszyklus entsprechend der maßgeblichen gesetzlichen Regelungen. Nederlands: Gebruikte batterijen kunnen worden ingeleverd bij de chemokar of in een speciale batterijcontainer voor klein chemisch afval (kca) worden gedeponeerd.38 Ÿ ✐ Singapore Wireless Certification Taiwan Warning Statements Korea Warning Statements © 2009 Apple Inc.  j®9❡ Apple❞i6❞Apple ïi❞AirPort❞AirPort Express❞ AirPort Extreme❞Apple TV❞Bonjour❞iPod❞ Leopard❞Macintosh❞Mac OS Time Capsule n Apple Inc. 334ž4¢LÓ-.~ï❡ Finder❞iPhone  Time Machine n Apple Inc. ~ï❡ ¬zžøj/0Š“0u'eöøj ~ï❡www.apple.com/airport www.apple.com/support/airport TA019-1384-A Time Capsule3  5 1 7  Time Capsule 8  AirPort  9  11 Time Capsule  13 2 Time Capsule 14  Time Capsule  17  AirPort  19  19  !"# Internet $% 21 &'()*+ 22 ,-./0123456$%7 23 8 Time Capsule  Time Machine 25 3 25 9:;<= Internet 25 >?34@ Time Capsule 34 26 Time Capsule ABCD 27 Time Capsule  EFGHIJK4 28 LMNABCD 29 O AirPort  29 P Time Capsule QRS+ 30 TU AirPort VWXY&Z 31 4 33 Time Capsule 36 Regulatory Compliance Information1 5 1  Time Capsule  Time Capsule  Wi-Fi [\]Z^_`ab❞d Mac OS X v10.5.2 Leopard @O(efg Time Machine DhijklmnopBqrs\]Z^ t Time Capsule o❞ Time Capsule uvw[x: AirPort Extreme yzj{|}~€‚❞ & ƒ Time Capsule „j…T†(‡ Wi-Fi ˆ   2.4 ‰Š‹ (GHz) j 802.11b❝ 802.11g ! 802.11n &Zj iPhone❝ iPod touch !Žqr   5 GHz j 802.11n ! 802.11a &Zjqr! Apple TV &ZT:‘’{|“”•:–—˜•j™š Time Capsule T› oqr!&Z"#œ Internet ;<❞6  1 Bž Time Capsulej76Ÿˆ  d Mac OS X v10.5.2 @O(ef¡g Time Machine DhiZ^ opBqrŸ–Ÿ¢;? Time Capsule  Time Machine@❞  £34¤¥¦j§„;? Mac OS X Leopard D Time Machine  Time Capsule  Mac OS X v10.5.2 aST❞  Macintosh  Time Capsule  wäåB AirPort @ AirPort Extreme ù Macintosh qrjŸ°& …µ¶ ;<ú@wŸ¢q´;❞7â ã? @Ab dâAirPort ãâAirPort & ãây zãÈBg¡g*4âC]üJKãjD TF I JKj+C]'=❞ &()*10*-. 6:Edí]%2❞ Time Capsule EFí]¨GHIJ❞12  1 E Time Capsule q„j âAirPort ã& …jŸ› Internet ;<❝USB LMN❝ USB ¼½@ÒB8❞d¶ Mac OS X q rojâAirPort ãËâDhiã¬Kâã¬Kgú™ d¶ Windows XP @ Windows Vista qrojDË âLã> âpBhiã> âAirPortãg❞ &'2* Time Capsule ìïZƒ,-./0$%❞9: ; 22 é â,-./0123456$%7 ã❞ /2 13 2  Time Capsule Time Capsule Internet AirPort fM{|žBE Time Capsule ;âp Bhiã > âAirPortãg¡j*]7 Time Capsulej§„^Ù â_`ã❞ 4 Ùæab ❞ 4 Mac OS X v10.5 56789:; 1 *4cb > âdefƒ& ãj§„^Ù âLM›ghã❞ 2 ^ÙiÙÚ (+) ¨÷+g*]7LMN❞ 3 ^ÙiÙÚ❞ 7LMN9d÷+gjgÙÚjk…❞ 4 Mac OS X v10.3 < 10.4 56789:; 1 LâLMN& ã ËâDhiã¬Kâã¬Kg¡❞ 2 ÷+g*]LMN❞ LMN9d÷+gj^ÙiÙÚ¨?@Abg*4âBonjourãj§„ ÷+g*]LMN❞ =>?9 Windows XP < Windows Vista 567:;@ 1  Time Capsule » CD äå Bonjour  Windows e¡❞ 2 Ùæab ; âpBhiã > âAirPortã❞ 2 *]7 Time Capsulej§„^Ù â_`ã❞18  2 Time Capsule 3 Ùæab & Time Capsule !❞ âAirPort ã& NþEs%7Bátu!á0vU% 2j¨wN728& ❞ 7á Time Capsule ;<= InternetjD1á Internet vUx (ISP) {|œ  DSL ÎÏÐο@´ÎÏÐο¡y/j@ÑÒBŸ¢ < Internet ;<❞7 ISP 3`žz'Á { IP m|@ DHCP . / ID¡j76:1ád âAirPort ãg2}ÁÂ❞à& 7 Time Capsule ü34ºÁÂ❞ 2 Time Capsule 19 76Ÿ âAirPort ã& Nþ❞º& NþT~ 57%W€❝34¤¥–&'’©*+pô1~❞ 7Ld7o"# USB LMN@ USB ¼½ˆ 1 ELMN@¼½;<= Time Capsule  USB 0Ê (d) o❞ 2 LâAirPort ã Macintosh qrˆËâDhiã¬Kâ ã¬Kgú¶ Windows XP qrˆËâLã>âpBhiã>âAirPortã g¡❞ 3 *]7 Time Capsulej§„^Ù â_`ã❞ o9tpá  Time Capsulej^ÙâFqrãŸqr6&Zj §„÷+g*]7 Time Capsule❞ 4 Ùæab ❞ Internet 7L›oB‚x:@;<=Ÿ¢0Êqr"# Internet ; âpBhiã > âAirPortãg¡❞ 2 *]7 Time Capsulej§„^Ù â_`ã❞ áUìƒ& ƒ Time Capsule µ¶O„j76:ô;âpBhiã>âAirPortã g¡❞ 2 ÷+gBÄ&Zj*]7pá &Z❞o9tpá  Time Capsulej^Ù âFqrãŸqr6&Zj§„÷+g*]7  Time Capsule❞ 7áUìƒ& ƒ Time Capsule µ¶O„j76:ô;<=… j…:U Time Capsule µ¶O„❞ á*47páO„jd Macintosh qrobg AirPort b❞däåž Windows XP qrojE †Pd;<‡îoj&t7 ot€ˆ (SSID)j§„÷+g*4  BÄ6¡❞ 3  âyzãbg*4 â]& ã❞{7234jD234❞ B âAirPort ãg]& x:OÄÁÂj9:www.apple.com.cn/ support/airport oâDesigning AirPort Networks Using AirPort Utility (Mac OS X v10.5 + Windows)ã  Airport &Q AirPort  (MacOS X v10.5 + Windows)¡❞22  2 Time Capsule 7 WPA Personal @ WPA/WPA2 Personal µ¶34¤¥jD76Ÿ‘ ./0{|U7$%x:j™91©*234❞ à7,-./0$%7üjº./0€ˆ! MAC m|  @ AirPort ID¡T/E”d âAirPort ã$%Ï÷+gj&t7÷+g •–º./0❞7û6Ÿ{| 24 —ü$%j®ü«³„j./0E9:G$% 7❞ à7,-./0$%7üjº./01234❞ NOPQRSTUVWXYZ[\!5UV 1 LâAirPort ãj*]7 Time Capsulej§„âyzãb*4â ]& ã❞ôáü234❞ 2  âyzãbg*4 âi./0ã❞ 3 *]º./0$%‰Aˆ  *] PIN Ÿ2./0ø$%ü{|˜ËT™❞  *] âšHIJãŸ,-;IJ./0$%❞ à Time Capsule d“›./0üj LED TFœI#$❞ 2 Time Capsule 23 p‘7{|žü«$%j*] âE./0$%‹Ï‘ 24 — üã❞9*]}*+j./0E6Ÿ&$%j&t7÷+g•–º./0❞ Time Capsule Time Machine d Mac OS X Leopard g Time Machine Dhij76ŸZ^qroŸ ˜j ¡7æ¢❝£¤❝¥¢!¬¦❞ & ƒ Time Machine ª„j…T'§\]Z^7qr❞ 7v Mac OS X v10.5.2 @O(efjD;H;Z^©½ãj§ „ Time Machine Tª¶«ç¬>❞  Mac OS X Leopard g âdefƒ& ã âTime MachineãÈB& \ ]Z^❝O„=9}Z^©½@α’©& ❞ A?9 Mac OS X Leopard 567I<]^ Time Machine 1 *4cb > âdefƒ& ãj§„^Ù âTime Machineã❞ 2 E­]= âã❞ 3 ^Ù âO„©½ã❞ 4 *47 Time Capsule ¨^Ù âZ^ã❞24  2 Time Capsule šH Time Capsule ! Time Machine Z^6:1á±®@O¯ü«j4° 7Z^T±IJ❞ᐳLZ^‡jŸ¢E Time Capsule ; âMac wNãj§„djkÄ âTime Machineã❞3 25 3 _`abcde Time Capsule Internet  IJ&<7qr;<= Internet❞79:;âpBhiã>âAirPortã g¡❞ 4 *]7 Time Capsulej§„ âyzãbg*4 â]& ã❞ 5 dg^Ù âAirPortãj§„^Ù âyzã❞ 6 ‘7 Time Capsule 234❞ 7 ^Ùâã¨âä[•ã?@Abg*4ý3‰ŠjŸ°‘ AirPort í3¨ÓC34¤¥❞7Lž3x:j‘7 AirPort 2 34❞ 8 ^Ù âOãŸFí] Time Capsule ¨Ô& ❞ Time Capsule IJÕç„GE…q❞  Time Capsule %[ÂÃCDjD76:1áE’ØËt@Ö& ❞ , Time Capsule ij0vwxyUVsz{|4}RUV~,Qi j0 Time Capsule €CUV❞ 3 27 h Time Capsule ifjkl m ËÌÍÎ  ÏÐÑ¡ÙÒØËÙÚj&t ‡JK  S× 5 ! "¡❞ Time Capsule EØ˨BŸç& ˆ  Time Capsule  DHCP <ؒ IP m|❞  €ˆEØˑ Apple Network XXXXXX ®Ù XXXXXX  AirPort ID “„Ú ËT™ÛÜ¡❞  Time Capsule 34Øˑ public❞ mn!5 Time Capsule opqrstuvwxy 1 E Time Capsule Þq❞ 2 E Time Capsule q}üjËÌÍÎÙÒØËÙÚ❞ Time Capsule Ÿ¢q´6:Ý'(;<❝ Time Capsule 6:9d AirPort ÞßàáŸ@Ñ 7 Internet vUx6:Ed%2❞7 DSL ÎÏÐο@´ÎÏÐο ;<= InternetjDºÎÏÐο6:ìâãž;<@ Internet ;<❞5°Î ÏÐοäå>'=jûIJÞ…qj“›è!"j§„‘ÎÏÐο Fˆ 1 ('LMNìƒq¨ìq❞ 2 ('q´ìƒëìm;<=LMN! Time Capsule  USB 0Êo❞ 3 (¤ìƒd./0qr âLMN÷+ãíÊg*]žºLMN❞ ABCD Mac OS X v10.5 âdefƒ& ãj§„^Ù âLM›ghã❞  ^ÙiÙÚ (+) ¨d÷+g*]7LMNj§„^ÙiÙÚ (+)❞ ABCD Mac OS X v10.2.7 ❞ 4 LMNj“›è!ýj§„Gí…❞ AirPort Apple '§O AirPort ❞î7O Time Capsule Ÿ“❞ 7û6Ÿd AirPort fƒ& g*] âL AirPort üÅÆOãj@*] âÅÆOã❞7*] âÅÆOãjD?@Abg*4ü«ï   â´ð㡟\]ÅÆO❞ Time Capsule ŸçîBN Time Capsule 3`“”²Áàá!Þßàá❞  E Time Capsule P dèåABÜñÍ Sò@óô¡õö÷Íg❞I JE’P døùúû+ÈË ❞  7E Time Capsule P dò„ÈjD Time Capsule !ò×ü«ýD= ²B 25.4 þ  1 ¡❞  E Time Capsule P dÓÈ@Óȟosvúû+È÷Íg❞30  3  ád ¤g gE Time Capsule !0 &ZPd$j£€q ´❝ €q´@q Time Capsule❞P Time Capsule üjq´áPd ❞ Time Capsule !q´ª«á¤¸6:Sõ«❞  IJE Time Capsule P dù❝ 2.4 @ 5 ‰Š‹ (GHz) q!’©X Y=² 7.6   25 ¡Ë ❞  E’©ÍΠf❝@—͓“¡P d Time Capsule ❞®6: T¥C Time Capsule ❞ AirPort ùXY øjVW%26:•ûR —❞ŸçS+TU AirPort ²Á!"XYˆ    &<#$vU (DSS) €’%&  'Ætu()#$žp»*§}+q´❞‚d&Z"!xŸ3`u q´❞  'Æq,&Zj(-q❝q,./0❝qz““  2.4 GHz @ 5 GHz q€’àáŸq❞7q@ AirPort ²ÁE d%2jO„7yz@ Time Capsule €0j@ÑO„7q €0❞  »1B21€0yz❞Սjyz A & ‘€0 1jDyz B Dº& ‘€0 6 @ 11❞4 31 4 DdEz{|❝~1€ Web Time Capsule B Time Capsule “ÁÂj$% www.apple.com.cn/airport❞ áQ3 Time Capsule 7däå Time Capsule CD oüAB®¯4¡j $% www.apple.com/register/cn/❞ B AirPort ·¸ÁÂ❝›z'!ÎmÁÂ!56À7Ÿ–“ Apple  çÔj$% www.apple.com.cn/support/airport❞ B89Ÿ¾·¸ÁÂj$% www.apple.com/supportj§„*47pd9 ò@m÷❞32  4 ážÐB Time Capsule » âAirPort ãOÄÁÂjL âAirPort ã¨*4 âwNã > âAirPort wNã❞  Time Capsule o$ì:;@9:'=>jÙæf3❝abwN!d <g¬>❞  Time Capsule È9:>j$% www.apple.com.cn/support ŸžÐB 3`¤=vUÁÂ❞ Time Capsule i÷ M Time Capsule >❞33 Time Capsule ‚ƒ1B„…† Time Capsule  ‡ˆ2.4 = 5 GHz  S‰TkŠ‹“(6? 23 dBm  îˆ@¡  Œ802.11 DSSS 1 ! 2 Mbps îï❝ 802.11a❝802.11b❝ 802.11g ðñjŸ–òó 802.11n ðñ  1 RJ-45 10/100/1000Base-T ‰ŠËŸ¢ÌÍ (<)  3 RJ-45 10/100/1000Base-T ‰ŠËŸ¢ÔÍ (G)  ²A¶B (USB d) 2.0  802.11 a/b/g/n AirPort Extreme   xyŽ0° C = 35° C  32° F = 95° F¡  ‘Ž–25° C = 60° C  –13° F = 140° F¡  ’“” •xy–—20% = 80% mUC  ’“” •‘–—10% = 90% mUC  DEF¡34 ˜ Time Capsule  ™197.0 þ  7.75 ¡  š197.0 þ  7.75 ¡  F36.33 þ  1.43 ¡  ›œ1.6 ‰G  3.5 H¡ (MAC) Time Capsule d¾I>JMBÓ¼m|ˆ  AirPort ID’g†m|KLo Time Capsule❞  U ID76:1áE}m|{|æ ISP Ÿ°E Time Capsule ; Time Capsule qN‰ŠvE’qoÕç❞  à;<@Þ Time Capsule üjUôOÒP†❞ áøùPúû Q❞  9¹8‘çè78js9DR Time Capsulej5à…ìÞqüû9:R ❞7 Time Capsule 1áS=j9:; 31 é âžÐOÄÁÂ❝vU! ·¸ã❞  9áEj E&ZŸt¾ÈZXõ,g❞   Time Capsule øù[ j\]❝^_¼❝`a❝b`c“❞  ¤¥ Time Capsule 9£dn&‘!ef@’©C,g❞  — 9áEhÍ@[ ijd Time Capsule o❞ìkÍÎjæ… Þqj§„GÉ^ijÍ❞  dc¾ Time Capsule❞ Time Capsule vcŸ!Î❞ E”@¬>9àj6:T:; Time Capsule❞d2 Time Capsule ³hgj— 9áE…–dmo❞ ‚*ƒ„…†‡&ˆ‰Šc‹ŒjV Time Capsule❞ \ Ž‘’ Time Capsule❞ s“”*ƒ~4•–— ˜™š›❞œž4Ÿ '€ ¡—¢L❞36 Regulatory Compliance Information Wireless Radio Use This device is restricted to indoor use due to its operation in the 5.15 to 5.25 GHz frequency range to reduce the potential for harmful interference to cochannel Mobile Satellite systems. Cet appareil doit être utilisé à l’intérieur. Exposure to Radio Frequency Energy The radiated output power of this device is well below the FCC and EU radio frequency exposure limits. However, this device should be operated with a minimum distance of at least 20 cm between its antennas and a person’s body and the antennas used with this transmitter must not be colocated or operated in conjunction with any other antenna or transmitter subject to the conditions of the FCC Grant. FCC Declaration of Conformity This device complies with part 15 of the FCC rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. See instructions if interference to radio or television reception is suspected. Radio and Television Interference This computer equipment generates, uses, and can radiate radio-frequency energy. If it is not installed and used properly—that is, in strict accordance with Apple’s instructions—it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in Part 15 of FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. You can determine whether your computer system is causing interference by turning it off. If the interference stops, it was probably caused by the computer or one of the peripheral devices. If your computer system does cause interference to radio or television reception, try to correct the interference by using one or more of the following measures:  Turn the television or radio antenna until the interference stops.  Move the computer to one side or the other of the television or radio.  Move the computer farther away from the television or radio.  Plug the computer into an outlet that is on a different circuit from the television or radio. (That is, make certain the computer and the television or radio are on circuits controlled by different circuit breakers or fuses.) If necessary, consult an Apple Authorized Service Provider or Apple. See the service and support information that came with your Apple product. Or, consult an experienced radio/television technician for additional suggestions. Important: Changes or modifications to this product not authorized by Apple Inc. could void the EMC compliance and negate your authority to operate the product.37 This product was tested for FCC compliance under conditions that included the use of Apple peripheral devices and Apple shielded cables and connectors between system components. It is important that you use Apple peripheral devices and shielded cables and connectors between system components to reduce the possibility of causing interference to radios, television sets, and other electronic devices. You can obtain Apple peripheral devices and the proper shielded cables and connectors through an Apple-authorized dealer. For non-Apple peripheral devices, contact the manufacturer or dealer for assistance. Responsible party (contact for FCC matters only) Apple Inc., Corporate Compliance, 1 Infinite Loop M/S 26-A, Cupertino, CA 95014-2084 Industry Canada Statement This Class B device meets all requirements of the Canadian interference-causing equipment regulations. Cet appareil numérique de la Class B respecte toutes les exigences du Règlement sur le matériel brouilleur du Canada. VCCI Class B Statement Europe—EU Declaration of Conformity For more information, see www.apple.com/euro/ compliance. European Union — Disposal Information This symbol means that according to local laws and regulations your product should be disposed of separately from household waste. When this product reaches its end of life, take it to a collection point designated by local authorities. Some collection points accept products for free. The separate collection and recycling of your product at the time of disposal will help conserve natural resources and ensure that it is recycled in a manner that protects human health and the environment. žŸ1 ¡{| f!Π-Ÿ q¼❞l±àm¤Šðþ …❞B Apple mØQnÁÂj$% www.apple.com.cn/environment❞ California: The coin cell battery in your product contains perchlorates. Special handling and disposal may apply. Refer to www.dtsc.ca.gov/hazardouswaste/ perchlorate. Deutschland: Dieses Gerät enthält Batterien. Bitte nicht in den Hausmüll werfen. Entsorgen Sie dieses Gerätes am Ende seines Lebenszyklus entsprechend der maßgeblichen gesetzlichen Regelungen. Nederlands: Gebruikte batterijen kunnen worden ingeleverd bij de chemokar of in een speciale batterijcontainer voor klein chemisch afval (kca) worden gedeponeerd.38 Taiwan: Singapore Wireless Certification Taiwan Warning Statements Korea Warning Statements © 2009 Apple Inc. ¤opq❞ Apple❝c❝Apple îr❝AirPort❝ AirPort Express❝ AirPort Extreme❝Apple TV❝Bonjour❝iPod❝Leopard❝ Macintosh❝Mac OS ! Time Capsule v Apple Inc. d8 9–’©9ò!m÷Q3xî❞Finder❝iPhone ! Time Machine v Apple Inc. xî❞ ®Ù{–’©!Î!st€ˆ6:v’mDst xî❞www.apple.com/airport www.apple.com/support/airport CH019-1384-A Time Capsule Setup Guide3 Contents 5 Getting Started 8 About Your Time Capsule 9 About the AirPort Software 10 What You Need to Get Started 12 The Time Capsule Status Light 14 Setting Up Your Time Capsule 15 Using Your Time Capsule to Create Your Wireless Network 18 Using AirPort Utility 20 Creating a New Wireless Network 20 Configuring and Sharing Internet Access 22 Setting Advanced Options 23 Allowing Wireless Clients to Access Your Network Without Entering a Password 24 Using Time Machine with Your Time Capsule 26 Tips and Troubleshooting 26 If You Can’t Connect to the Internet 26 If You Forgot Your Network Password or Time Capsule Password 28 If Your Time Capsule Isn’t Responding 29 If Your Time Capsule Status Light Flashes Amber4 30 If Your Printer Isn’t Responding 31 Updating AirPort Software 31 Time Capsule Placement Considerations 32 Items That Can Cause Interference with AirPort 33 Learning More, Service, and Support 35 Time Capsule Specifications and Safety Guidelines 38 Regulatory Compliance Information1 5 Getting Started Congratulations on purchasing your Time Capsule. Read this guide to get started. Time Capsule offers you the simplicity of fully automated backup for your Wi-Fi network. Using the Time Machine application in Mac OS X v10.5.7 Leopard or later, it’s easy and automatic to back up all the computers on your network to a single Time Capsule. The Time Capsule is also a fully featured AirPort Extreme Base Station that provides simultaneous dual-band wireless networking.When you set up your Time Capsule, it creates two high-speed Wi-Fi networks:  A 2.4 gigahertz (GHz) network for 802.11b, 802.11g, and 802.11n devices, such as iPhone, iPod touch, and older computers  A 5 GHz network for 802.11n and 802.11a devices, such as newer computers, iPad, and Apple TV Wireless devices join the network that provides them the best performance and compatibility, and the Time Capsule shares your broadband Internet connection with computers and devices on your network.6 Chapter 1 Getting Started With your Time Capsule, you can:  Use the Time Machine application in Mac OS X v10.5.7 (or later) to back up all the computers on your wireless network, as well as computers connected to your Time Capsule using Ethernet. Note:  Your first backup with Time Capsule and Time Machine could take overnight or longer, depending on how much data you’re backing up. To speed up the initial backup, use an Ethernet cable to connect your computer to the LAN port on your Time Capsule. For more information about using Time Machine, see “Using Time Machine with Your Time Capsule” on page 24.  Create a password-protected wireless home network, and then connect to the Internet and share the connection with other computers and Wi-Fi devices, such as iPad, iPhone, iPod touch, and Apple TV. You can also share files among computers connected to the network.  Create a guest network, with or without password protection to provide Internet-only access to wireless devices, such as computers, iPad, iPhone, iPod touch, and Apple TV.  Connect your Time Capsule to your Ethernet network.Wireless-equipped Mac, Windows XP, Windows Vista, or Windows 7 computers can then have access to an entire network without being connected by a cable.  Connect a supported USB printer to your Time Capsule. Compatible computers on the AirPort network, both wireless and wired, can print to it.  Connect an additional USB hard drive to your Time Capsule. Compatible computers on the AirPort network, both wireless and wired, can access information on the hard disk.Chapter 1 Getting Started 7  Connect a USB hub to your Time Capsule, and then connect multiple USB devices, such as printers or hard disks. All computers on the network have access to those devices. Important:  Use AirPort Utility to set up your Time Capsule. Previous versions of AirPort Setup Assistant and AirPort Admin Utility are not compatible with this Time Capsule. AirPort Utility is installed in the Utilities folder in the Applications folder on a computer using Mac OS X, and in Start > All Programs > AirPort on a computer using Windows. If AirPort Utility isn’t installed on your computer, you can download it from www.apple.com/support/airport. Apple periodically updates AirPort software. It’s recommended that you update your software to keep your Time Capsule up to date. Note:  To download a copy of this setup guide in your language, open AirPort Utility and choose Help > AirPort Service and Support, and click Manuals.8 Chapter 1 Getting Started About Your Time Capsule Your Time Capsule has five ports on the back:  One 10/100/1000Base-T Gigabit Ethernet Wide Area Network (WAN) port for connecting a DSL or cable modem, or for connecting to an existing Ethernet network  Three 10/100/1000Base-T Gigabit Ethernet Local Area Network (LAN) ports for connecting Ethernet devices, such as printers or computers, or for connecting to an existing Ethernet network  One USB port for connecting a compatible USB printer, hard drive, or hub for connecting several devices Status light Internet WAN port Power port Power cord USB port Reset button Ethernet ports Security slot Ethernet activity light The reset button next to the ports is used for troubleshooting your Time Capsule. The status light on the front shows the current status.Chapter 1 Getting Started 9 About the AirPort Software Your Time Capsule works with AirPort Utility, installed in the Utilities folder in the Applications folder on a computer using Mac OS X, and in Start > All Programs > AirPort on a computer using Windows. If AirPort Utility isn’t installed on your computer, you can download it from www.apple.com/support/airport. Use AirPort Utility and follow the instructions on the following pages to set up your Time Capsule and your AirPort wireless network. Note:  You must use AirPort Utility v5.5.3 (or later) to set up your Time Capsule. This Time Capsule is not compatible with previous versions of AirPort software. AirPort Utility Use AirPort Utility to set up your Time Capsule to create a wireless network, connect to the Internet, and share compatible USB printers and hard disks. You can also connect your Time Capsule to an existing AirPort Extreme wireless network. AirPort Utility is also an advanced tool for setting up and managing the Time Capsule, AirPort Extreme, and AirPort Express Base Stations. Use it to manually adjust network, routing, and security settings and other advanced options. Z AirPort status menu Use the AirPort status menu in the menu bar to switch quickly between AirPort networks, monitor the signal quality of the current network, create a computer-to-computer network, and turn AirPort on or off. The status menu is available on computers using Mac OS X.10 Chapter 1 Getting Started What You Need to Get Started To use your Time Capsule, you need a wireless-enabled computer that’s compliant with IEEE 802.11a, 802.11b, 802.11g, or IEEE 802.11n standards. To set up your Time Capsule, your computer must meet the requirements listed below. Note:  To use your Time Capsule with Time Machine in Mac OS X, you need to use Mac OS X v10.5.7 or later. To set up your Time Capsule using a Mac, you need the following:  A Mac computer with an AirPort or AirPort Extreme Card installed to set it up wirelessly, or a Mac computer connected to your Time Capsule with an Ethernet cable to set it up using Ethernet  Mac OS X v10.5.7 or later  AirPort Utility v5.5.3 or later To set up your Time Capsule using a Windows computer, you need the following:  A Windows computer with 300 MHz or higher processor speed and a compatible 802.11a, 802.11b, or 802.11g, IEEE 802.11n wireless card, or a Windows computer connected to a Time Capsule with an Ethernet cable to set it up using Ethernet  Windows XP Home or Professional (SP3), Windows Vista (SP2), or Windows 7 (SP1)  AirPort Utility v5.5.3 or laterChapter 1 Getting Started 11 Plugging In Your Time Capsule Before you plug in your Time Capsule, first connect the appropriate cables to the ports you want to use:  Connect the Ethernet cable that’s connected to your DSL or cable modem (if you will connect to the Internet) to the Ethernet WAN (<) port.  Connect a USB cable connected from the USB (d) port on your Time Capsule to a compatible USB printer (if you will print to a USB printer), a hard disk, or a hub.  Connect an Ethernet cable from any Ethernet device to the Ethernet LAN (G) ports. After you’ve connected the cables for all the devices you plan to use, connect the power cord to the power port and plug your Time Capsule into a power outlet. There is no power switch. Important:  Use only the power cord that came with your Time Capsule. When you plug your Time Capsule into a power outlet, the status light flashes green for one second and then glows amber while your Time Capsule starts up. After your Time Capsule has started up completely, the status light flashes amber until your Time Capsule has been updated with the correct settings. The status light glows solid green after your Time Capsule is properly set up and connected to the Internet or a network. When you connect Ethernet cables to the Ethernet ports, the lights above them glow solid green.12 Chapter 1 Getting Started The Time Capsule Status Light The following table explains the Time Capsule light sequences and what they indicate. Light Status/description Off Your Time Capsule is unplugged. Solid amber Your Time Capsule is completing its startup sequence. Flashing amber Your Time Capsule can’t establish a connection to the network or the Internet, or is encountering a problem. Make sure you have installed AirPort Utility and use it to get information about what might cause the status light to flash amber. See “If Your Time Capsule Status Light Flashes Amber” on page 29. Solid green Your Time Capsule is on and working properly. If you choose Flash On Activity from the Status Light pop-up menu (in the Base Station pane of AirPort settings in AirPort Utility), the status light may flash green to indicate normal activity. Flashing amber and green There may be a problem starting up. Your Time Capsule will restart and try again. Solid blue Your Time Capsule is ready to allow a wireless client access to the network. See “Allowing Wireless Clients to Access Your Network Without Entering a Password” on page 23.Chapter 1 Getting Started 13 What’s Next After you plug in your Time Capsule, use AirPort Utility to set it up to work with your Internet connection, USB printer or hard disk, or an existing network. AirPort Utility is located in the Utilities folder in the Applications folder on a computer using Mac OS X, and in Start > All Programs > AirPort on a computer using Windows XP or Windows Vista.14 2 Setting Up Your Time Capsule This chapter provides information and instructions for connecting your Time Capsule to the Internet, and using AirPort Utility to set it up to create or join a wireless network. This chapter provides an overview of connecting your Time Capsule to the Internet, and using the setup assistant in AirPort Utility to set up your network and other features of your Time Capsule. For more information about wireless networking, and for information about the advanced features of AirPort Utility, refer to “Apple AirPort Networks” at www.apple.com/support/airport. You can do most of your network setup and configuration tasks using the setup assistant in AirPort Utility. To set advanced options, choose Manual Setup from the Base Station menu of AirPort Utility. See “Setting Advanced Options” on page 22.Chapter 2 Setting Up Your Time Capsule 15 Using Your Time Capsule to Create Your Wireless Network When you set up your Time Capsule to provide network and Internet access, the following computers and devices can access the wireless AirPort network to share files, play games, and use Internet applications such as web browsers and email applications:  Mac computers with AirPort or AirPort Extreme Cards  802.11a, 802.11b, 802.11g, and IEEE 802.11n wireless-equipped computers  Other Wi-Fi devices, such as iPad, iPhone, iPod Touch, and Apple TV Computers connected to your Time Capsule using Ethernet can also access the network to share files and connect to the Internet. With Mac OS X v10.5.7 or later you can set up Time Machine to back up all the computers on the network to your Time Capsule. See “Using Time Machine with Your Time Capsule” on page 24 for more information. When you connect a compatible USB printer to your Time Capsule, supported computers on the network (wired and wireless) can print to it.16 Chapter 2 Setting Up Your Time Capsule Using Time Capsule to create a wireless network to Internet DSL or cable modem < Internet WAN port Shared printer Time Capsule to USB port 2.4 or 5 GHz 2.4 GHz 2.4 or 5 GHz To set it up: 1 Connect your DSL or cable modem to your Time Capsule using the Ethernet WAN (<) port. 2 If you plan to share a USB printer on the network, connect it to the Time Capsule USB (d) port or to a USB hub using a USB cable.Chapter 2 Setting Up Your Time Capsule 17 3 Open AirPort Utility (located in the Utilities folder in the Applications folder on a computer using Mac OS X, and in Start > All Programs > AirPort on a computer using Windows), select your Time Capsule, and then click Continue. 4 Follow the onscreen instructions to create a new network. To print from a computer using Mac OS X v10.5 or later: 1 Choose Apple > System Preferences, and then click Print & Fax. 2 Click Add (+) and select your printer from the list. 3 Click the Add button. If your printer isn’t in the list, use the buttons in the toolbar to search for it. To print from a computer using Mac OS X v10.2.7 or later: 1 Open Printer Setup Utility (located in the Utilities folder in the Applications folder). 2 Select your printer from the list. If your printer isn’t in the list, click Add and choose Bonjour from the pop-up menu, and then select your printer from the list. To print from a computer using Windows XP, Windows Vista, or Windows 7: Use Bonjour for Windows and follow the onscreen instructions to connect to your printer. Computers using AirPort or other compatible wireless cards or adapters can connect to the Internet through your Time Capsule. Computers connected to the Time Capsule Ethernet ports can also access the network and connect to the Internet. Wireless computers and computers connected to the Ethernet ports can also communicate with each other through your Time Capsule.18 Chapter 2 Setting Up Your Time Capsule Using AirPort Utility To set up and configure your Time Capsule, use the setup assistant in AirPort Utility. On a Mac computer using Mac OS X v10.5.7 or later: 1 Open AirPort Utility, located in the Utilities folder in the Applications folder. 2 Select your Time Capsule and click Continue. If you don’t see the Time Capsule you want to configure, click Rescan to scan for available wireless devices, and then select your Time Capsule from the list. 3 Follow the onscreen instructions to set up your Time Capsule and your wireless network. On a computer using Windows XP (SP3), Windows Vista (SP2), or Windows 7 (SP1): 1 Open AirPort Utility, located in Start > All Programs > AirPort. 2 Select your Time Capsule and click Continue. If AirPort Utility isn’t installed on your computer, you can download it from www.apple.com/support/airport.Chapter 2 Setting Up Your Time Capsule 19 3 Follow the onscreen instructions to set up your Time Capsule and your wireless network. The AirPort Utility setup assistant asks you questions about the type of network you want to use and the services you want to set up, and helps you enter the appropriate settings. If you’re using your Time Capsule to connect to the Internet, you need a broadband (DSL or cable modem) account with an Internet service provider (ISP), or a connection to the Internet using an existing Ethernet network. If you received specific information from your ISP (such as a static IP address or a DHCP client ID), you may need to enter it in AirPort Utility. Have this information available when you set up your Time Capsule.20 Chapter 2 Setting Up Your Time Capsule Creating a New Wireless Network You can use the AirPort Utility setup assistant to create a new wireless network. The setup assistant guides you through the steps necessary to name your network, protect your network with a password, and set other options. If you plan to share a USB printer or USB hard disk on your network: 1 Connect the printer or hard disk to the Time Capsule USB (d) port. 2 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Mac, or in Start > All Programs > AirPort on a computer using Windows. 3 Select your Time Capsule and click Continue. If you don’t see the Time Capsule you want to configure, click Rescan to scan for available wireless devices, and then select your Time Capsule from the list. 4 Follow the onscreen instructions to create a new network. Configuring and Sharing Internet Access If you plan to share your Internet connection with wireless-enabled computers on your network or with computers connected to the Ethernet ports, you need to set up your Time Capsule as an AirPort base station. After your Time Capsule is set up, computers access the Internet through the AirPort network. Your Time Capsule connects to the Internet and transmits information to the computers over the wireless network. Before you use AirPort Utility to set up your Time Capsule, connect your DSL or cable modem to the Time Capsule Ethernet WAN (<) port. If you’re connecting your Time Capsule to an Ethernet network that already has Internet access, connect it to the Ethernet network.Chapter 2 Setting Up Your Time Capsule 21 Use the AirPort Utility setup assistant to enter your ISP settings and configure how your Time Capsule shares the settings with other computers. 1 Open AirPort Utility, located in the Utilities folder in the Applications folder on a computer using Mac OS X, or in Start > All Programs > AirPort on a computer using Windows. If AirPort Utility isn’t installed on your computer, you can download it from www.apple.com/support/airport. 2 Select your Time Capsule and click Continue. If you’re making changes to a Time Capsule that has already been set up, you might have to connect to the network it’s created before making changes to the Time Capsule. To choose the wireless network you want to change on a Mac, use the AirPort status menu in the menu bar. On a computer using Windows, hold the pointer over the wireless connection icon until you see the network name (SSID), and then choose it from the list if there are multiple networks available. 3 Follow the onscreen instructions to configure and share Internet access on your Time Capsule. AirPort Utility provides a quick and easy way to set up your Time Capsule and network. If you want to set additional options for your network, such as restricting access to your network or setting advanced DHCP options, choose Manual Setup from the Base Station menu of AirPort Utility.22 Chapter 2 Setting Up Your Time Capsule Setting Advanced Options Use AirPort Utility to set up your Time Capsule manually if you want to set advanced Time Capsule options such as advanced security options, closed networks, DHCP lease time, access control, power controls, user accounts, and more. To set advanced options: 1 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Mac, and in Start > All Programs > AirPort on a computer using Windows. If AirPort Utility isn’t installed on your computer, you can download it from www.apple.com/support/airport. 2 If there’s more than one wireless device in the list, select the one you want to configure. If you don’t see the Time Capsule you want to configure, click Rescan to scan for available wireless devices, and then select your Time Capsule from the list. If you’re making changes to a Time Capsule that has already been set up, you might have to connect to the network it’s created before making changes to your Time Capsule. To choose the wireless network you want to change on a Mac, use the AirPort status menu in the menu bar. On a computer using Windows, hold the pointer over the wireless connection icon until you see the network name (SSID), and then choose it from the list if there are multiple networks available. 3 Choose Manual Setup from the Base Station menu. If you’re prompted for a password, enter it. For more about the manual setup features in AirPort Utility, see “Apple AirPort Networks” at www.apple.com/support/airport.Chapter 2 Setting Up Your Time Capsule 23 Allowing Wireless Clients to Access Your Network Without Entering a Password If your network is password-protected using WPA Personal or WPA/WPA2 Personal, you can provide wireless clients access to your network without requiring them to enter the network password. When you allow a client access to your network, the client’s name and wireless MAC address (or AirPort ID) are stored in the access control list of AirPort Utility until you remove the client from the list. You can also provide 24 hours of access, after which time the client can no longer access your network. When you give a client access to your wireless network, the client doesn’t need to enter the network password. To allow a client to access your network without entering the network password: 1 Open AirPort Utility, select your Time Capsule, and then choose Manual Setup from the Base Station menu. Enter the password if necessary. 2 Choose Add Wireless Clients from the Base Station menu. 3 Select how you want the client to access the network:  Select PIN to enter the eight-digit number provided by the client requesting network access.  Select“First attempt”to allow network access to the first client attempting to join the network. While the Time Capsule waits for a client to join the network, the LED glows blue.24 Chapter 2 Setting Up Your Time Capsule Select“Limit client’s access to 24 hours”if you want to provide just one day of access to your network. If you don’t select this option, the client has access until you remove the client from the list. Using Time Machine with Your Time Capsule With the Time Machine application in Mac OS X (Leopard or later) you can back up everything on your computer, including your photos, music, movies, and documents. After you set up Time Machine, it automatically backs up your computer on a regular basis. If you’re using Mac OS X v10.5.7 or later, the first time you connect to your Time Capsule, Time Machine asks if you’d like to use it to back up your files. Click “Use as Backup Disk,” and Time Machine takes care of the rest. Use the Time Machine pane of System Preferences to set up automatic backups, change to a different backup disk, or adjust other settings. To set up or adjust Time Machine on a computer using Mac OS X Leopard or later: 1 Choose Apple > System Preferences, and then click Time Machine. 2 Slide the switch to ON. 3 Click Change Disk. 4 Choose your Time Capsule and click “Use for Backup.”Chapter 2 Setting Up Your Time Capsule 25 Your first backup with Time Capsule and Time Machine could take overnight or longer, depending on how much data you’re backing up. To speed up the initial backup, connect your Time Capsule to your computer using Ethernet. In each subsequent backup, Time Machine backs up only files that have changed since the previous backup, so the backups don’t take as long. Time Capsule is a great wireless backup solution for portable computers. Since the first backup can take some time, plug your portable into a power adapter—this conserves battery power and guarantees that backups won’t be interrupted. Also, for the best wireless performance, place your portable computer in the same room as your Time Capsule. If you shut down your Mac or put it to sleep during a backup, Time Machine stops the backup and then continues from where it left off after your Mac starts up again. For more information about Time Machine, choose Help > Mac Help from the Finder menu on a computer using Mac OS X Leopard or later, and then type Time Machine in the search field.26 3 Tips and Troubleshooting You can quickly solve most problems with your Time Capsule by following the advice in this chapter. If You Can’t Connect to the Internet  Try connecting to the Internet directly from your computer. If you can’t connect, check to make sure your network settings are correct. If they appear to be correct and you still can’t connect, contact your Internet service provider (ISP).  Make sure you’re connecting to the correct wireless network. If You Forgot Your Network Password or Time Capsule Password You can clear the AirPort network password or Time Capsule password by resetting your Time Capsule. To reset the Time Capsule password: 1 Use something pointed (such as a ballpoint pen) to press and hold down the reset button for one second. Important:  If you hold the reset button for more than one second, you may lose your network settings.Chapter 3 Tips and Troubleshooting 27 2 Select your AirPort network.  On a Mac, use the AirPort status menu in the menu bar to select the network created by your Time Capsule (the network name doesn’t change).  On a computer using Windows, hold the pointer over the wireless connection icon until you see your AirPort network name (SSID), and choose it from the list if there are multiple networks available. 3 Open AirPort Utility (in the Utilities folder in the Applications folder on a Mac, and in Start > All Programs > AirPort on a computer using Windows). If AirPort Utility isn’t installed on your computer, you can download it from www.apple.com/support/airport. 4 Select your Time Capsule, and then choose Manual Setup from the Base Station menu. 5 Click AirPort in the toolbar, and then click Base Station. 6 Enter a new password for your Time Capsule. 7 Click Wireless and choose an encryption method from the Wireless Security pop-up menu to turn on encryption and activate password protection for your AirPort network. If you turn on encryption, enter a new password for your AirPort network. 8 Click Update to restart your Time Capsule and load the new settings.28 Chapter 3 Tips and Troubleshooting If Your Time Capsule Isn’t Responding Try unplugging it and plugging it back in. If your Time Capsule stops responding completely, you may need to reset it to the factory default settings. Important:  Resetting your Time Capsule to factory default settings erases all of the current settings and resets them to the settings that came with your Time Capsule. To return your Time Capsule to the factory settings: m Use something pointed (such as a ballpoint pen) to press down and hold the reset button until the status light flashes quickly (about 5 seconds). Your Time Capsule resets with the following settings:  Your Time Capsule receives its IP address using DHCP.  The network name is reset to Apple Network XXXXXX (where XXXXXX is replaced with the last six digits of the AirPort ID).  The Time Capsule password is reset to public. If your Time Capsule still isn’t responding, try the following: 1 Unplug your Time Capsule. 2 Use something pointed to press and hold down the reset button while you plug in your Time Capsule.Chapter 3 Tips and Troubleshooting 29 If Your Time Capsule Status Light Flashes Amber The Ethernet cable may not be connected properly, your Time Capsule may be out of range of an AirPort network, or there may be a problem with your Internet service provider. If you’re connected to the Internet with a DSL or cable modem, the modem may have lost its connection to the network or the Internet. Even if the modem seems to be working properly, try disconnecting it from its power supply, waiting a few seconds, and then reconnecting it. Make sure your Time Capsule is connected directly to the modem via Ethernet before reconnecting power to the modem. For more information about why the light is flashing, open AirPort Utility, select your Time Capsule, and then choose Manual Setup from the Base Station menu. Click Base Station Status to display information about the flashing light. You can also select“Monitor base station for problems”in AirPort preferences. If the base station has a problem, AirPort Utility opens and walks you through solving the problem.30 Chapter 3 Tips and Troubleshooting If Your Printer Isn’t Responding If you connected a printer to the USB port on your Time Capsule and the computers on the AirPort network can’t print, try the following: 1 Make sure the printer is plugged in and turned on. 2 Make sure the cables are securely connected to the printer and to the Time Capsule USB port. 3 Make sure the printer is selected in the Printer List window on client computers. On a Mac using Mac OS X v10.5 or later:  Choose Apple > System Preferences, and then click Print & Fax.  Click Add (+) and select your printer in the list, and then click Add (+). On a Mac using Mac OS X v10.2.7 or later:  Open Printer Setup Utility, located in the Utilities folder in the Applications folder.  If the printer isn’t in the list, click Add.  Choose Bonjour from the pop-up menu, select the printer and click Add (+). On a computer using Windows:  Open “Printers and Faxes”from the Start menu.  Select the printer. If the printer isn’t in the list, click Add Printer and then follow the onscreen instructions.  If Bonjour for Windows is installed, click the Bonjour Printer, click the Bonjour Printer Wizard on the desktop, and then follow the onscreen instructions for setting up a printer. 4 Turn off the printer, wait a few seconds, and then turn it back on.Chapter 3 Tips and Troubleshooting 31 Updating AirPort Software Apple periodically updates AirPort software. It is recommended that you update your Time Capsule to use the latest software. You can select“Check for updates when opening AirPort Utility,” or“Check for updates” in AirPort preferences. If you select“Check for updates,” choose an increment of time, such as weekly, from the pop-up menu to automatically check for updates. Time Capsule Placement Considerations The following recommendations can help your Time Capsule achieve the best wireless range and network coverage.  Place your Time Capsule in an open area where there are few obstructions, such as large pieces of furniture or walls. Try to place it away from metallic surfaces.  If you place your Time Capsule behind furniture, keep at least an inch of space between the Time Capsule and the edge of the furniture.  Avoid placing your Time Capsule in areas surrounded by metal surfaces on three or more sides.  If you place your Time Capsule in an entertainment center with your stereo equipment, avoid surrounding your Time Capsule with audio, video, or power cables. Place your Time Capsule so that the cables are to one side. Maintain as much space as possible between your Time Capsule and the cables.  Try to place your Time Capsule at least 25 feet (7.6 meters) from any microwave oven, 2.4 or 5 gigahertz (GHz) cordless phone, and other sources of interference.  Do not place other objects (books, papers, small pets, etc.) on top of the Time Capsule. It may interfere with Time Capsule cooling.32 Chapter 3 Tips and Troubleshooting Items That Can Cause Interference with AirPort The farther away the interference source, the less likely it is to cause a problem. The following can interfere with AirPort communication:  Microwave ovens  Direct Satellite Service (DSS) radio frequency leakage  The original coaxial cable that came with certain types of satellite dishes. Contact the device manufacturer and obtain newer cables.  Certain electrical devices such as power lines, electrical railroad tracks, and power stations.  Cordless telephones that operate in the 2.4 or 5 GHz range. If you have problems with your phone or AirPort communication, change the channel your base station or Time Capsule uses, or change the channel your phone uses.  Nearby base stations using adjacent channels. For example, if base station A is set to channel 1, base station B should be set to channel 6 or 11.4 33 Learning More, Service, and Support You can find more information about using your Time Capsule on the web and in onscreen help. Online Resources For the latest information about the Time Capsule, go to www.apple.com/airport. To register your Time Capsule, go to www.apple.com/register. For AirPort support information, forums with product-specific information and feedback, and the latest Apple software downloads, go to www.apple.com/support/airport. For support outside of the United States, go to www.apple.com/support, and then choose your country.34 Chapter 4 Learning More, Service, and Support Onscreen Help To learn more about using AirPort Utility with your Time Capsule, open AirPort Utility and choose Help > AirPort Utility Help. Obtaining Warranty Service If your Time Capsule appears to be damaged or doesn’t function properly, follow the advice in this booklet, the onscreen help, and the online resources. If your Time Capsule still doesn’t function, go to www.apple.com/support for information about getting warranty service. Finding the Serial Number of Your Time Capsule The serial number is printed on the bottom of your Time Capsule.35 Appendix Time Capsule Specifications and Safety Guidelines Time Capsule Specifications  Frequency Band: 2.4 and 5 GHz  Radio Output Power: Up to 23 dBm (nominal)  Standards: 802.11 DSSS 1 and 2 Mbps standard, 802.11a, 802.11b, 802.11g, and 802.11n specifications Interfaces  1 RJ-45 10/100/1000Base-T Gigabit Ethernet WAN (<)  3 RJ-45 10/100/1000Base-T Gigabit Ethernet LAN (G)  Universal Serial Bus (USB d) 2.0  802.11 a/b/g/n AirPort Extreme wireless Environmental Specifications  Operating Temperature: 32° F to 95° F (0° C to 35° C)  Storage Temperature: –13° F to 140° F (–25° C to 60° C)  Relative Humidity (Operational): 20% to 80% relative humidity  Relative Humidity (Storage): 10% to 90% relative humidity, noncondensing36 Appendix Time Capsule Specifications and Safety Guidelines Size and Weight  Length: 7.75 inches (197.0 mm)  Width: 7.75 inches (197.0 mm)  Height: 1.43 inches (36.33 mm)  Weight: 3.5 pounds (1.6 kilograms) Hardware Media Access Control (MAC) Addresses The Time Capsule has three hardware addresses printed on the bottom of the case:  AirPort ID: The two addresses used to identify the Time Capsule on a wireless network.  Ethernet ID: You may need to provide this address to your ISP to connect your Time Capsule to the Internet. Using Your Time Capsule Safely  The only way to shut off power completely to your Time Capsule is to disconnect it from the power source.  When connecting or disconnecting your Time Capsule, always hold the plug by its sides. Keep fingers away from the metal part of the plug.  Your Time Capsule should not be opened for any reason, even when it’s unplugged. If your Time Capsule needs service,see“Learning More, Service, and Support”on page 33.  Never force a connector into a port. If the connector and port don’t join with reasonable ease, they probably don’t match. Make sure that the connector matches the port and that you’ve positioned the connector correctly in relation to the port.Appendix Time Capsule Specifications and Safety Guidelines 37 About Operating and Storage Temperatures When you’re using your Time Capsule, it is normal for the case to get warm. The Time Capsule case functions as a cooling surface that transfers heat from inside the unit to the cooler air outside. Avoid Wet Locations WARNING:  To reduce the chance of shock or injury, do not use your Time Capsule in or near water or wet locations.  Keep your Time Capsule away from sources of liquid, such as drinks, washbasins, bathtubs, shower stalls, and so on.  Protect your Time Capsule from direct sunlight and rain or other moisture.  Take care not to spill any food or liquid on your Time Capsule. If you do, unplug it before cleaning up the spill.  Do not use your Time Capsule outdoors. The Time Capsule is an indoor product. Do Not Make Repairs Yourself WARNING:  Do not attempt to open your Time Capsule or disassemble it. You run the risk of electric shock and voiding the limited warranty. No user-serviceable parts are inside. About Handling Your Time Capsule may be damaged by improper storage or handling. Be careful not to drop your Time Capsule when transporting it.38 FCC Declaration of Conformity This device complies with part 15 of the FCC rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. See instructions if interference to radio or television reception is suspected. Radio and Television Interference This computer equipment generates, uses, and can radiate radiofrequency energy. If it is not installed and used properly—that is, in strict accordance with Apple’s instructions—it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in Part 15 of FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. You can determine whether your computer system is causing interference by turning it off. If the interference stops, it was probably caused by the computer or one of the peripheral devices. If your computer system does cause interference to radio or television reception, try to correct the interference by using one or more of the following measures: • Turn the television or radio antenna until the interference stops. • Move the computer to one side or the other of the television or radio. • Move the computer farther away from the television or radio. • Plug the computer into an outlet that is on a different circuit from the television or radio. (That is, make certain the computer and the television or radio are on circuits controlled by different circuit breakers or fuses.) If necessary, consult an Apple Authorized Service Provider or Apple. See the service and support information that came with your Apple product. Or, consult an experienced radio/television technician for additional suggestions. Important:  Changes or modifications to this product not authorized by Apple Inc. could void the EMC compliance and negate your authority to operate the product. This product was tested for FCC compliance under conditions that included the use of Apple peripheral devices and Apple shielded cables and connectors between system components. It is important that you use Apple peripheral devices and shielded cables and connectors between system components to reduce the possibility of causing interference to radios, television sets, and other electronic devices. You can obtain Apple peripheral devices and the proper shielded cables and connectors through an Appleauthorized dealer. For non-Apple peripheral devices, contact the manufacturer or dealer for assistance. Responsible party (contact for FCC matters only) Apple Inc. Corporate Compliance 1 Infinite Loop M/S 26-A Cupertino, CA 95014 Wireless Radio Use This device is restricted to indoor use when operating in the 5.15 to 5.25 GHz frequency band. Cet appareil doit être utilisé à l’intérieur. Exposure to Radio Frequency Energy The radiated output power of the AirPort Card in this device is below the FCC and EU radio frequency exposure limits for uncontrolled equipment. This device should be operated with a minimum distance of at least 20 cm between the AirPort Card antennas and a person’s body and must not be co-located or operated with any other antenna or transmitter subject to the conditions of the FCC Grant.39 Canadian Compliance Statement This device complies with Industry Canada license-exempt RSS standard(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device. Cet appareil est conforme aux normes CNR exemptes de licence d’Industrie Canada. Le fonctionnement est soumis aux deux conditions suivantes : (1) cet appareil ne doit pas provoquer d’interférences et (2) cet appareil doit accepter toute interférence, y compris celles susceptibles de provoquer un fonctionnement non souhaité de l’appareil. Industry Canada Statement Complies with the Canadian ICES-003 Class B specifications. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. This device complies with RSS 210 of Industry Canada. Europe–EU Declaration of Conformity Български Apple Inc. декларира, че това WLAN Access Point е в съответствие със съществените изисквания и другите приложими правила на Директива 1999/5/ЕС. Česky Společnost Apple Inc. tímto prohlašuje, že tento WLAN Access Point je ve shodě se základními požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES. Dansk Undertegnede Apple Inc. erklærer herved, at følgende udstyr WLAN Access Point overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF. Deutsch Hiermit erklärt Apple Inc., dass sich das Gerät WLAN Access Point in Übereinstimmung mit den grundlegenden Anforderungen und den übrigen einschlägigen Bestimmungen der Richtlinie 1999/5/EG befinden. Eesti Käesolevaga kinnitab Apple Inc., et see WLAN Access Point vastab direktiivi 1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele. English Hereby, Apple Inc. declares that this WLAN Access Point is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC. Español Por medio de la presente Apple Inc. declara que este WLAN Access Point cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/5/CE. Ελληνικά Mε την παρούσα, η Apple Inc. δηλώνει ότι αυτή η συσκευή WLAN Access Point συμμορφώνεται προς τις βασικές απαιτήσεις και τις λοιπές σχετικές διατάξεις της Οδηγίας 1999/5/ΕΚ. Français Par la présente Apple Inc. déclare que l’appareil WLAN Access Point est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE. Islenska Apple Inc. lýsir því hér með yfir að þetta tæki WLAN Access Point fullnægir lágmarkskröfum og öðrum viðeigandi ákvæðum Evróputilskipunar 1999/5/EC. Italiano Con la presente Apple Inc. dichiara che questo dispositivo WLAN Access Point è conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE. Latviski Ar šo Apple Inc. deklarē, ka WLAN Access Point ierīce atbilst Direktīvas 1999/5/EK būtiskajām prasībām un citiem ar to saistītajiem noteikumiem. Lietuvių Šiuo „Apple Inc.“ deklaruoja, kad šis WLAN Access Point atitinka esminius reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas. Magyar Alulírott, Apple Inc. nyilatkozom, hogy a WLAN Access Point megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak. 40 Malti Hawnhekk, Apple Inc., jiddikjara li dan WLAN Access Point jikkonforma mal-ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC. Nederlands Hierbij verklaart Apple Inc. dat het toestel WLAN Access Point in overeenstemming is met de essentiële eisen en de andere bepalingen van richtlijn 1999/5/EG. Norsk Apple Inc. erklærer herved at dette WLAN Access Point -apparatet er i samsvar med de grunnleggende kravene og øvrige relevante krav i EU-direktivet 1999/5/EF. Polski Niniejszym Apple Inc. oświadcza, że ten WLAN Access Point są zgodne z zasadniczymi wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC. Português Apple Inc. declara que este dispositivo WLAN Access Point está em conformidade com os requisitos essenciais e outras disposições da Directiva 1999/5/CE. Română Prin prezenta, Apple Inc. declară că acest aparat WLAN Access Point este în conformitate cu cerinţele esenţiale şi cu celelalte prevederi relevante ale Directivei 1999/5/CE. Slovensko Apple Inc. izjavlja, da je ta WLAN Access Point skladne z bistvenimi zahtevami in ostalimi ustreznimi določili direktive 1999/5/ES. Slovensky Apple Inc. týmto vyhlasuje, že toto WLAN Access Point spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999/5/ES. Suomi Apple Inc. vakuuttaa täten, että tämä WLAN Access Point tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen. Svenska Härmed intygar Apple Inc. att denna WLAN Access Point står i överensstämmelse med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 1999/5/EG. A copy of the EU Declaration of Conformity is available at: www.apple.com/euro/compliance This Apple WLAN Access Point can be used in the following countries: AT EE BG FI BE FR CY DE CZ GR DK HU IE IT LV LT LU MT NL PL PT RO SK SL ES SE GB IS LI NO CH Korea Warning Statements B૶ૺૺ(ਜ਼ႜဧ෮໽ቛཅૺၴႁ) ၦૺૺ௴ਜ਼ႜဧ(B૶) ႖ၴኒ႕ጁૺૺച໏჎ച ਜ਼ႜ࿝໏ຫဧዻ௴ઇၕඛ႕ၒചዻඑ, ක౷ხ ࿦࿝໏ຫဧዾ༘ၰཀఁఋ. ෮ቛ၁ધགྷ࿝ಋ൏ધხຫጃ ጄఙඳ໓໕๗௴ဪဧთ႖ኒጯཅਜ਼௻ໜၦၰၗ ၦૺૺ௴ၨ඗ྦ႖઴શഏౘ໏๗༺࿝ຫဧዾ༘࿖ཀఁఋ ఝዽූ૑ ૬ႜ ෟ ა༘ Singapore Wireless Certification41 Taiwan Wireless Statements Taiwan Class B Statement 警告 本電池如果更換不正確會有爆炸的危險 請依製造商說明書處理用過之電池 Japan VCCI Class B Statement Russia Disposal and Recycling Information This symbol indicates that your product must be disposed of properly according to local laws and regulations.When your product reaches its end of life, contact Apple or your local authorities to learn about recycling options. For information about Apple’s recycling program, go to www.apple.com/recycling. European Union — Disposal Information This symbol means that according to local laws and regulations your product should be disposed of separately from household waste.When this product reaches its end of life, take it to a collection point designated by local authorities. Some collection points accept products for free. The separate collection and recycling of your product at the time of disposal will help conserve natural resources and ensure that it is recycled in a manner that protects human health and the environment. Türkiye EEE yönetmeliğine (Elektrikli ve Elektronik Eşyalarda Bazı Zararlı Maddelerin Kullanımının Sınırlandırılmasına Dair Yönetmelik) uygundur.42 Brasil—Informações sobre descarte e reciclagem O símbolo acima indica que este produto e/ou sua bateria não devem ser descartadas no lixo doméstico. Quando decidir descartar este produto e/ou sua bateria, faça-o de acordo com as leis e diretrizes ambientais locais. Para informações sobre o programa de reciclagem da Apple, pontos de coleta e telefone de informações, visite www.apple.com/br/environment Battery Disposal Information Dispose of batteries according to your local environmental laws and guidelines. Deutschland: Dieses Gerät enthält Batterien. Bitte nicht in den Hausmüll werfen. Entsorgen Sie dieses Gerät am Ende seines Lebenszyklus entsprechend der maßgeblichen gesetzlichen Regelungen. Nederlands:  Gebruikte batterijen kunnen worden ingeleverd bij de chemokar of in een speciale batterijcontainer voor klein chemisch afval (kca) worden gedeponeerd. China Battery Statement Taiwan Battery Statementwww.apple.com/airport www.apple.com/support/airport © 2011 Apple Inc. All rights reserved. Apple, the Apple logo, AirPort, AirPort Express, AirPort Extreme, Apple TV, Bonjour, Finder, iPhone, iPod touch, Leopard, Mac, Mac OS, Time Capsule, and Time Machine are trademarks of Apple Inc., registered in the U.S. and other countries. iPad is a trademark of Apple Inc. Other product and company names mentioned herein may be trademarks of their respective companies. 034-5910-A Printed in XXXX Time Capsule Setup Guide3 Contents 5 Chapter 1: Getting Started 7 About Your Time Capsule 8 About the AirPort Software 9 What You Need to Get Started 11 The Time Capsule Status Light 13 Chapter 2: Setting Up Your Time Capsule 14 Using Your Time Capsule to Create Your Wireless Network 17 Using AirPort Utility 19 Creating a New Wireless Network 19 Configuring and Sharing Internet Access 21 Setting Advanced Options 22 Allowing Wireless Clients to Access Your Network Without Entering a Password 23 Using Time Machine with Your Time Capsule 25 Chapter 3: Tips and Troubleshooting 25 If You Can’t Connect to the Internet 25 If You Forgot Your Network Password or Time Capsule Password 26 If Your Time Capsule Isn’t Responding 27 If Your Time Capsule Status Light Flashes Amber4 Contents 28 If Your Printer Isn’t Responding 29 Updating AirPort Software 29 Time Capsule Placement Considerations 30 Items That Can Cause Interference with AirPort 31 Chapter 4: Learning More, Service, and Support 33 Appendix: Time Capsule Specifications and Safety Guidelines 36 Regulatory Compliance Information1 5 1 Getting Started Congratulations on purchasing your Time Capsule. Read this guide to get started. The new Time Capsule offers you the simplicity of fully automated backup for your Wi-Fi network. Using the Time Machine application in Mac OS X v10.5.2 Leopard or later, it’s easy and automatic to back up all the computers on your network to a single Time Capsule. The Time Capsule is also a fully featured AirPort Extreme Base Station that provides simultaneous dual-band wireless networking. When you set up your Time Capsule, it creates two high-speed Wi-Fi networks:  A 2.4 gigahertz (GHz) network for 802.11b, 802.11g, and 802.11n devices, such as iPhone, iPod touch, and older computers  A 5 GHz network for 802.11n and 802.11a devices, such as newer computers and Apple TV Wireless devices join the network that provides them the best performance and compatibility, and the Time Capsule shares your broadband Internet connection with computers and devices on your network.6 Chapter 1 Getting Started With your Time Capsule, you can:  Use the Time Machine application in Mac OS X v10.5.2 (or later) to back up all the computers on your wireless network, as well as computers connected to your Time Capsule using Ethernet. Note: Your first backup with Time Capsule and Time Machine could take overnight or longer, depending on how much data you’re backing up. To speed up the initial backup, use an Ethernet cable to connect your computer to the LAN port on your Time Capsule. For more information about using Time Machine, see “Using Time Machine with Your Time Capsule” on page 23.  Create a password-protected wireless home network, and then connect to the Internet and share the connection with other computers and Wi-Fi devices, such as iPhone, iPod touch, and Apple TV. You can also share files among computers connected to the network.  Create a guest network with or without password protection, to provide Internetonly access to wireless devices, such as computers, iPhone, iPod touch, and Apple TV.  Connect your Time Capsule to your Ethernet network. Wireless-equipped Macintosh, Windows XP, or Windows Vista computers can then have access to an entire network without being connected by a cable.  Connect a supported USB printer to your Time Capsule. Compatible computers on the AirPort network, both wireless and wired, can print to it.  Connect an additional USB hard drive to your Time Capsule. Compatible computers on the AirPort network, both wireless and wired, can access information on the hard disk.Chapter 1 Getting Started 7  Connect a USB hub to your Time Capsule, and then connect multiple USB devices, such as printers or hard disks. All computers on the network have access to those devices. Important: Install AirPort Utility 5.4 from the CD that came with your Time Capsule, or download it using Software Update. Previous versions of AirPort Setup Assistant and AirPort Admin Utility are not compatible with this Time Capsule. About Your Time Capsule Your Time Capsule has five ports on the back:  One 10/100/1000Base-T Gigabit Ethernet Wide Area Network (WAN) port for connecting a DSL or cable modem, or for connecting to an existing Ethernet network  Three 10/100/1000Base-T Gigabit Ethernet Local Area Network (LAN) ports for connecting Ethernet devices, such as printers or computers, or for connecting to an existing Ethernet network 8 Chapter 1 Getting Started  One USB port for connecting a compatible USB printer, hard drive, or hub for connecting several devices The reset button next to the ports is used for troubleshooting your Time Capsule. The status light on the front shows the current status. About the AirPort Software Your Time Capsule works with AirPort Utility, included on the Time Capsule CD. Install AirPort Utility and follow the instructions on the following pages to set up your Time Capsule and your AirPort wireless network. Status light Internet WAN port Power port Power cord USB port Reset button Ethernet ports Security slot Ethernet activity lightChapter 1 Getting Started 9 Note: You must use AirPort Utility v5.4 to set up your Time Capsule. This Time Capsule is not compatible with previous versions of AirPort software. What You Need to Get Started To use your Time Capsule, you need a wireless-enabled computer that’s compliant with IEEE 802.11a, 802.11b, or 802.11g standards, or with an IEEE 802.11n draft specification. To set up your Time Capsule, your computer must meet the requirements listed below. Note: To use your Time Capsule with Time Machine in Mac OS X Leopard, you need to use Mac OS X v10.5.2 or later. To set up your Time Capsule using a Macintosh, you need the following:  A Macintosh computer with an AirPort or AirPort Extreme Card installed to set it up wirelessly, or a Macintosh computer connected to your Time Capsule with an Ethernet cable to set it up using Ethernet AirPort Utility Use AirPort Utility to set up your Time Capsule to create a wireless network, connect to the Internet, and share compatible USB printers and hard disks. You can also connect your Time Capsule to an existing AirPort Extreme wireless network. AirPort Utility is also an advanced tool for setting up and managing the Time Capsule, AirPort Extreme, and AirPort Express Base Stations. Use it to manually adjust network, routing, and security settings and other advanced options. Z AirPort status menu Use the AirPort status menu in the menu bar to switch quickly between AirPort networks, monitor the signal quality of the current network, create a computer-tocomputer network, and turn AirPort on or off. The status menu is available on computers using Mac OS X. 10 Chapter 1 Getting Started  Mac OS X v10.4 or later  AirPort Utility v5.4 or later To set up your Time Capsule using a Windows PC, you need the following:  A Windows PC with 300 MHz or higher processor speed and a compatible 802.11a, 802.11b, or 802.11g wireless card, or a wireless card that complies with an IEEE 802.11n draft specification  Windows XP Home or Professional (with Service Pack 2 installed) or Windows Vista  AirPort Utility v5.4 or later Plugging In Your Time Capsule Before you plug in your Time Capsule, first connect the appropriate cables to the ports you want to use:  Connect the Ethernet cable that’s connected to your DSL or cable modem (if you will connect to the Internet) to the Ethernet WAN (<) port.  Connect a USB cable connected from the USB (d) port on your Time Capsule to a compatible USB printer (if you will print to a USB printer), a hard disk, or a hub.  Connect an Ethernet cable from any Ethernet device to the Ethernet LAN (G) ports. After you’ve connected the cables for all the devices you plan to use, connect the power cord to the power port and plug your Time Capsule into a power outlet. There is no power switch. Important: Use only the power cord that came with your Time Capsule.Chapter 1 Getting Started 11 When you plug your Time Capsule into a power outlet, the status light flashes green for one second and then glows amber while your Time Capsule starts up. After your Time Capsule has started up completely, the status light flashes amber until your Time Capsule has been updated with the correct settings. The status light glows solid green after your Time Capsule is properly set up and connected to the Internet or a network. When you connect Ethernet cables to the Ethernet ports, the lights above them glow solid green. The Time Capsule Status Light The following table explains the Time Capsule light sequences and what they indicate. Light Status/description Off Your Time Capsule is unplugged. Solid amber Your Time Capsule is completing its startup sequence. Flashing amber Your Time Capsule can’t establish a connection to the network or the Internet, or is encountering a problem. Make sure you have installed AirPort Utility and use it to get information about what might cause the status light to flash amber. See “If Your Time Capsule Status Light Flashes Amber” on page 27. Solid green Your Time Capsule is on and working properly. If you choose Flash On Activity from the Status Light pop-up menu (in the Base Station pane of AirPort settings in AirPort Utility), the status light may flash green to indicate normal activity. Flashing amber and green There may be a problem starting up. Your Time Capsule will restart and try again.12 Chapter 1 Getting Started What’s Next After you plug in your Time Capsule, use AirPort Utility to set it up to work with your Internet connection, USB printer or hard disk, or an existing network. AirPort Utility is located in the Utilities folder in the Applications folder on a computer using Mac OS X, and in Start > All Programs > AirPort on a computer using Windows XP or Windows Vista. Solid blue Your Time Capsule is ready to allow a wireless client access to the network. See “Allowing Wireless Clients to Access Your Network Without Entering a Password” on page 22. Light Status/description2 13 2 Setting Up Your Time Capsule This chapter provides information and instructions for connecting your Time Capsule to the Internet, and using AirPort Utility to set it up to create or join a wireless network. This chapter provides an overview of connecting your Time Capsule to the Internet, and using the setup assistant in AirPort Utility to set up your network and other features of your Time Capsule. For more information about wireless networking, and for information about the advanced features of AirPort Utility, refer to “Designing AirPort Networks Using AirPort Utility (Mac OS X v10.5 + Windows)” at www.apple.com/support/airport. After you install AirPort Utility from the CD that came with your Time Capsule, you can do most of your network setup and configuration tasks using the setup assistant in AirPort Utility. To set advanced options, choose Manual Setup from the Base Station menu of AirPort Utility. See “Setting Advanced Options” on page 21.14 Chapter 2 Setting Up Your Time Capsule Using Your Time Capsule to Create Your Wireless Network When you set up your Time Capsule to provide network and Internet access, the following computers and devices can access the wireless AirPort network to share files, play games, and use Internet applications such as web browsers and email applications:  Macintosh computers with AirPort or AirPort Extreme Cards  802.11a, 802.11b, 802.11g, and IEEE 802.11n draft specification wireless-equipped computers  Other Wi-Fi devices Computers connected to your Time Capsule using Ethernet can also access the network to share files and connect to the Internet. With Mac OS X v10.5.2 or later you can set up Time Machine to back up all the computers on the network to your Time Capsule. See “Using Time Machine with Your Time Capsule” on page 23 for more information. When you connect a compatible USB printer to your Time Capsule, supported computers on the network (wired and wireless) can print to it.Chapter 2 Setting Up Your Time Capsule 15 Using Time Capsule to create a wireless network To set it up: 1 Connect your DSL or cable modem to your Time Capsule using the Ethernet WAN (<) port. to Internet DSL or cable modem < Internet WAN port Shared printer Time Capsule to USB ports 2.4 or 5 GHz 2.4 GHz 2.4 or 5 GHz16 Chapter 2 Setting Up Your Time Capsule 2 If you plan to share a USB printer on the network, connect it to the Time Capsule USB (d) port or to a USB hub, using a USB cable. 3 Open AirPort Utility (located in the Utilities folder in the Applications folder on a computer using Mac OS X, and in Start > All Programs > AirPort on a computer using Windows), select your Time Capsule, and then click Continue. 4 Follow the onscreen instructions to create a new network. To print from a computer using Mac OS X v10.5: 1 Choose Apple > System Preferences, and then click Print & Fax. 2 Click Add (+) and select your printer from the list. 3 Click the Add button. If your printer isn’t in the list, use the buttons in the toolbar to search for it. To print from a computer using Mac OS X v10.3 or 10.4: 1 Open Printer Setup Utility (located in the Utilities folder in the Applications folder). 2 Select the printer from the list. If the printer isn’t in the list, click Add and choose Bonjour from the pop-up menu, and then select the printer from the list. To print from a computer using Windows XP or Windows Vista: 1 Install Bonjour for Windows from the CD that came with your Time Capsule. 2 Follow the onscreen instructions to connect to your printer. Computers using AirPort or other compatible wireless cards or adapters can connect to the Internet through your Time Capsule. Computers connected to the Time Capsule Ethernet ports can also access the network and connect to the Internet.Chapter 2 Setting Up Your Time Capsule 17 Wireless computers and computers connected to the Ethernet ports can also communicate with each other through your Time Capsule. Using AirPort Utility To set up and configure your Time Capsule, use the setup assistant in AirPort Utility. AirPort Utility is installed on your computer when you install the software from the Time Capsule CD. On a Macintosh computer using Mac OS X v10.4 or later: 1 Open AirPort Utility, located in the Utilities folder in the Applications folder. 2 Select your Time Capsule and click Continue. If you don’t see the Time Capsule you want to configure, click Rescan to scan for available wireless devices, and then select your Time Capsule from the list. 3 Follow the onscreen instructions to set up your Time Capsule and your wireless network. On a computer using Windows XP (with Service Pack 2) or Windows Vista: 1 Open AirPort Utility, located in Start > All Programs > AirPort. 2 Select your Time Capsule and click Continue.18 Chapter 2 Setting Up Your Time Capsule 3 Follow the onscreen instructions to set up your Time Capsule and your wireless network. The AirPort Utility setup assistant asks you questions about the type of network you want to use and the services you want to set up, and helps you enter the appropriate settings. If you’re using your Time Capsule to connect to the Internet, you need a broadband (DSL or cable modem) account with an Internet service provider (ISP), or a connection to the Internet using an existing Ethernet network. If you received specific information from your ISP (such as a static IP address or a DHCP client ID), you may need to enter it in AirPort Utility. Have this information available when you set up your Time Capsule.Chapter 2 Setting Up Your Time Capsule 19 Creating a New Wireless Network You can use the AirPort Utility setup assistant to create a new wireless network. The setup assistant guides you through the steps necessary to name your network, protect your network with a password, and set other options. If you plan to share a USB printer or USB hard disk on your network: 1 Connect the printer or hard disk to the Time Capsule USB (d) port. 2 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Macintosh, or in Start > All Programs > AirPort on a computer using Windows XP. 3 Select your Time Capsule and click Continue. If you don’t see the Time Capsule you want to configure, click Rescan to scan for available wireless devices, and then select your Time Capsule from the list. 4 Follow the onscreen instructions to create a new network. Configuring and Sharing Internet Access If you plan to share your Internet connection with wireless-enabled computers on your network or with computers connected to the Ethernet ports, you need to set up your Time Capsule as an AirPort Base Station. After your Time Capsule is set up, computers access the Internet through the AirPort network. Your Time Capsule connects to the Internet and transmits information to the computers over the wireless network. Before you use AirPort Utility to set up your Time Capsule, connect your DSL or cable modem to the Time Capsule Ethernet WAN (<) port. If you’re connecting your Time Capsule to an Ethernet network that already has Internet access, connect it to the Ethernet network.20 Chapter 2 Setting Up Your Time Capsule Use the AirPort Utility setup assistant to enter your ISP settings and configure how your Time Capsule shares the settings with other computers. 1 Open AirPort Utility, located in the Utilities folder in the Applications folder on a computer using Mac OS X, or in Start > All Programs > AirPort on a computer using Windows XP. 2 Select your Time Capsule and click Continue. If you’re making changes to a Time Capsule that has already been set up, you might have to connect to the network it’s created before making changes to the Time Capsule. To choose the wireless network you want to change on a Macintosh, use the AirPort status menu in the menu bar. On a computer using Windows XP, hold the pointer over the wireless connection icon until you see the network name (SSID), and then choose it from the list if there are multiple networks available. 3 Follow the onscreen instructions to configure and share Internet access on your Time Capsule. AirPort Utility provides a quick and easy way to set up your Time Capsule and network. If you want to set additional options for your network, such as restricting access to your network or setting advanced DHCP options, choose Manual Setup from the Base Station menu of AirPort Utility. Chapter 2 Setting Up Your Time Capsule 21 Setting Advanced Options Use AirPort Utility to set up your Time Capsule manually if you want to set advanced Time Capsule options such as advanced security options, closed networks, DHCP lease time, access control, power controls, user accounts, and more. To set advanced options: 1 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Macintosh, and in Start > All Programs > AirPort on a computer using Windows XP. 2 If there’s more than one wireless device in the list, select the one you want to configure. If you don’t see the Time Capsule you want to configure, click Rescan to scan for available wireless devices, and then select your Time Capsule from the list. If you’re making changes to a Time Capsule that has already been set up, you might have to connect to the network it’s created before making changes to your Time Capsule. To choose the wireless network you want to change, on a Macintosh use the AirPort status menu in the menu bar. On a computer using Windows XP, hold the pointer over the wireless connection icon until you see the network name (SSID), and then choose it from the list if there are multiple networks available. 3 Choose Manual Setup from the Base Station menu. If you’re prompted for a password, enter it. For more about the manual setup features in AirPort Utility, see “Designing AirPort Networks Using AirPort Utility (Mac OS X v10.5 + Windows)” at www.apple.com/ support/airport.22 Chapter 2 Setting Up Your Time Capsule Allowing Wireless Clients to Access Your Network Without Entering a Password If your network is password-protected using WPA Personal or WPA/WPA2 Personal, you can provide wireless clients access to your network without requiring them to enter the network password. When you allow a client access to your network, the client’s name and wireless MAC address (or AirPort ID) are stored in the access control list of AirPort Utility until you remove the client from the list. You can also provide 24 hours of access, after which time the client will no longer be able to access your network. When you give a client access to your wireless network, the client doesn’t need to enter the network password. To allow a client to access your network without entering the network password: 1 Open AirPort Utility, select your Time Capsule, and then choose Manual Setup from the Base Station menu. Enter the password if necessary. 2 Choose Add Wireless Clients from the Base Station menu. 3 Select how you want the client to access the network:  Select PIN to enter the eight-digit number provided by the client requesting network access.  Select “First attempt” to allow network access to the first client attempting to join the network. While the Time Capsule waits for a client to join the network, the LED glows blue.Chapter 2 Setting Up Your Time Capsule 23 Select “Limit client’s access to 24 hours” if you want to provide just one day of access to your network. If you don’t select this option, the client will have access until you remove the client from the list. Using Time Machine with Your Time Capsule With the Time Machine application in Mac OS X Leopard you can back up everything on your computer, including your photos, music, movies, and documents. After you set up Time Machine, it automatically backs up your computer on a regular basis. If you’re using Mac OS X v10.5.2 or later, the first time you connect to your Time Capsule, Time Machine asks if you’d like to use it to back up your files. Click “Use as Backup Disk,” and Time Machine takes care of the rest. Use the Time Machine pane of System Preferences in Mac OS X Leopard to set up automatic backups, change to a different backup disk, or adjust other settings. To set up or adjust Time Machine on a computer using Mac OS X Leopard: 1 Choose Apple > System Preferences, and then click Time Machine. 2 Slide the switch to ON. 3 Click Change Disk. 4 Choose your Time Capsule and click “Use for Backup.”24 Chapter 2 Setting Up Your Time Capsule Your first backup with Time Capsule and Time Machine could take overnight or longer, depending on how much data you’re backing up. To speed up the initial backup, connect your Time Capsule to your computer using Ethernet. In each subsequent backup, Time Machine backs up only files that have changed since the previous backup, so the backups don’t take as long. Time Capsule is a great wireless backup solution for portable computers. Since the first backup can take some time, plug your portable into a power adapter—this conserves battery power and guarantees that backups won’t be interrupted. Also, for the best wireless performance, place your portable computer in the same room as your Time Capsule. If you shut down your Mac or put it to sleep during a backup, Time Machine stops the backup and then continues from where it left off after your Mac starts up again. For more information about Time Machine, choose Help > Mac Help from the Finder menu on a computer using Mac OS X Leopard, and then type Time Machine in the search field.3 25 3 Tips and Troubleshooting You can quickly solve most problems with your Time Capsule by following the advice in this chapter. If You Can’t Connect to the Internet  Try connecting to the Internet directly from your computer. If you can’t connect, check to make sure your network settings are correct. If they appear to be correct and you still can’t connect, contact your Internet service provider (ISP).  Make sure you’re connecting to the correct wireless network. If You Forgot Your Network Password or Time Capsule Password You can clear the AirPort network password or Time Capsule password by resetting your Time Capsule. To reset the Time Capsule password: 1 Use something pointed (such as a ballpoint pen) to press and hold down the reset button for one second. Important: If you hold the reset button for more than one second, you may lose your network settings.26 Chapter 3 Tips and Troubleshooting 2 Select your AirPort network.  On a Macintosh, use the AirPort status menu in the menu bar to select the network created by your Time Capsule (the network name doesn’t change).  On a computer using Windows XP, hold the pointer over the wireless connection icon until you see your AirPort network name (SSID), and choose it from the list if there are multiple networks available. 3 Open AirPort Utility (in the Utilities folder in the Applications folder on a Macintosh, and in Start > All Programs > AirPort on a computer using Windows XP). 4 Select your Time Capsule, and then choose Manual Setup from the Base Station menu. 5 Click AirPort in the toolbar, and then click Base Station. 6 Enter a new password for your Time Capsule. 7 Click Wireless and choose an encryption method from the Wireless Security pop-up menu to turn on encryption and activate password protection for your AirPort network. If you turn on encryption, enter a new password for your AirPort network. 8 Click Update to restart your Time Capsule and load the new settings. If Your Time Capsule Isn’t Responding Try unplugging it and plugging it back in. If your Time Capsule stops responding completely, you may need to reset it to the factory default settings. Important: Resetting your Time Capsule to factory default settings erases all of the current settings and resets them to the settings that came with your Time Capsule.Chapter 3 Tips and Troubleshooting 27 To return your Time Capsule to the factory settings: m Use something pointed (such as a ballpoint pen) to press down and hold the reset button until the status light flashes quickly (about 5 seconds). Your Time Capsule resets with the following settings:  Your Time Capsule receives its IP address using DHCP.  The network name is reset to Apple Network XXXXXX (where XXXXXX is replaced with the last six digits of the AirPort ID).  The Time Capsule password is reset to public. If your Time Capsule still isn’t responding, try the following: 1 Unplug your Time Capsule. 2 Use something pointed to press and hold down the reset button while you plug in your Time Capsule. If Your Time Capsule Status Light Flashes Amber The Ethernet cable may not be connected properly, your Time Capsule may be out of range of an AirPort network, or there may be a problem with your Internet service provider. If you’re connected to the Internet with a DSL or cable modem, the modem may have lost its connection to the network or the Internet. Even if the modem seems to be working properly, try disconnecting it from its power supply, waiting a few seconds, and then reconnecting it. Make sure your Time Capsule is connected directly to the modem via Ethernet before reconnecting power to the modem.28 Chapter 3 Tips and Troubleshooting For more information about why the light is flashing, open AirPort Utility, select your Time Capsule, and then choose Manual Setup from the Base Station menu. Click Base Station Status to display information about the flashing light. You can also select “Monitor base station for problems” in AirPort preferences. If the base station has a problem, AirPort Utility opens and walks you through solving the problem. If Your Printer Isn’t Responding If you connected a printer to the USB port on your Time Capsule and the computers on the AirPort network can’t print, try the following: 1 Make sure the printer is plugged in and turned on. 2 Make sure the cables are securely connected to the printer and to the Time Capsule USB port. 3 Make sure the printer is selected in the Printer List window on client computers. On a Macintosh using Mac OS X v10.5 or later:  Choose Apple > System Preferences, and then click Print & Fax.  Click Add (+) and select your printer in the list, and then click Add (+). On a Macintosh using Mac OS X v10.2.7 or later:  Open Printer Setup Utility, located in the Utilities folder in the Applications folder.  If the printer isn’t in the list, click Add.  Choose Bonjour from the pop-up menu, select the printer and click Add (+).Chapter 3 Tips and Troubleshooting 29 On a computer using Windows XP:  Open “Printers and Faxes” from the Start menu.  Select the printer. If the printer isn’t in the list, click Add Printer and then follow the onscreen instructions. 4 Turn off the printer, wait a few seconds, and then turn it back on. Updating AirPort Software Apple periodically updates AirPort software. It is recommended that you update your Time Capsule to use the latest software. You can select “Check for updates when opening AirPort Utility,” or “Check for updates” in AirPort preferences. If you select “Check for updates,” choose an increment of time, such as weekly, from the pop-up menu to automatically check for updates. Time Capsule Placement Considerations The following recommendations can help your Time Capsule achieve the best wireless range and network coverage.  Place your Time Capsule in an open area where there are few obstructions, such as large pieces of furniture or walls. Try to place it away from metallic surfaces.  If you place your Time Capsule behind furniture, keep at least an inch of space between the Time Capsule and the edge of the furniture.  Avoid placing your Time Capsule in areas surrounded by metal surfaces on three or more sides. 30 Chapter 3 Tips and Troubleshooting  If you place your Time Capsule in an entertainment center with your stereo equipment, avoid surrounding your Time Capsule with audio, video, or power cables. Place your Time Capsule so that the cables are to one side. Maintain as much space as possible between your Time Capsule and the cables.  Try to place your Time Capsule at least 25 feet (7.6 meters) from any microwave oven, 2.4 or 5 gigahertz (GHz) cordless phone, and other sources of interference.  Do not place other objects (books, papers, small pets, etc.) on top of the Time Capsule. It may interfere with Time Capsule cooling. Items That Can Cause Interference with AirPort The farther away the interference source, the less likely it is to cause a problem. The following can interfere with AirPort communication:  Microwave ovens  Direct Satellite Service (DSS) radio frequency leakage  The original coaxial cable that came with certain types of satellite dishes. Contact the device manufacturer and obtain newer cables.  Certain electrical devices such as power lines, electrical railroad tracks, and power stations  Cordless telephones that operate in the 2.4 or 5 GHz range. If you have problems with your phone or AirPort communication, change the channel your base station or Time Capsule uses, or change the channel your phone uses.  Nearby base stations using adjacent channels. For example, if base station A is set to channel 1, base station B should be set to channel 6 or 11.4 31 4 Learning More, Service, and Support You can find more information about using your Time Capsule on the web and in onscreen help. Online Resources For the latest information about the Time Capsule, go to www.apple.com/airport. To register your Time Capsule (if you didn’t do it when you installed the software on the Time Capsule CD), go to www.apple.com/register. For AirPort support information, forums with product-specific information and feedback, and the latest Apple software downloads, go to www.apple.com/support/ airport. For support outside of the United States, go to www.apple.com/support, and then choose your country.32 Chapter 4 Learning More, Service, and Support Onscreen Help To learn more about using AirPort Utility with your Time Capsule, open AirPort Utility and choose Help > AirPort Utility Help. Obtaining Warranty Service If your Time Capsule appears to be damaged or doesn’t function properly, please follow the advice in this booklet, the onscreen help, and the online resources. If your Time Capsule still doesn’t function, go to www.apple.com/support for information about getting warranty service. Finding the Serial Number of Your Time Capsule The serial number is printed on the bottom of your Time Capsule.33 Appendix Time Capsule Specifications and Safety Guidelines Time Capsule Specifications  Frequency Band: 2.4 and 5 GHz  Radio Output Power: Up to 23 dBm (nominal)  Standards: 802.11 DSSS 1 and 2 Mbps standard, 802.11a, 802.11b, 802.11g specifications, and a draft 802.11n specification Interfaces  1 RJ-45 10/100/1000Base-T Gigabit Ethernet WAN (<)  3 RJ-45 10/100/1000Base-T Gigabit Ethernet LAN (G)  Universal Serial Bus (USB d) 2.0  802.11 a/b/g/n AirPort Extreme wireless Environmental Specifications  Operating Temperature: 32° F to 95° F (0° C to 35° C)  Storage Temperature: –13° F to 140° F (–25° C to 60° C)  Relative Humidity (Operational): 20% to 80% relative humidity  Relative Humidity (Storage): 10% to 90% relative humidity, noncondensing34 Appendix Time Capsule Specifications and Safety Guidelines Size and Weight  Length: 7.75 inches (197.0 mm)  Width: 7.75 inches (197.0 mm)  Height: 1.43 inches (36.33 mm)  Weight: 3.5 pounds (1.6 kilograms) Hardware Media Access Control (MAC) Addresses The Time Capsule has three hardware addresses printed on the bottom of the case:  AirPort ID: The two addresses used to identify the Time Capsule on a wireless network.  Ethernet ID: You may need to provide this address to your ISP to connect your Time Capsule to the Internet. Using Your Time Capsule Safely  The only way to shut off power completely to your Time Capsule is to disconnect it from the power source.  When connecting or disconnecting your Time Capsule, always hold the plug by its sides. Keep fingers away from the metal part of the plug.  Your Time Capsule should not be opened for any reason, even when it’s unplugged. If your Time Capsule needs service, see “Learning More, Service, and Support” on page 31.  Never force a connector into a port. If the connector and port don’t join with reasonable ease, they probably don’t match. Make sure that the connector matches the port and that you’ve positioned the connector correctly in relation to the port.Appendix Time Capsule Specifications and Safety Guidelines 35 About Operating and Storage Temperatures  When you’re using your Time Capsule, it is normal for the case to get warm. The Time Capsule case functions as a cooling surface that transfers heat from inside the unit to the cooler air outside. Avoid Wet Locations  Keep your Time Capsule away from sources of liquid, such as drinks, washbasins, bathtubs, shower stalls, and so on.  Protect your Time Capsule from direct sunlight and rain or other moisture.  Take care not to spill any food or liquid on your Time Capsule. If you do, unplug it before cleaning up the spill.  Do not use your Time Capsule outdoors. The Time Capsule is an indoor product. Do Not Make Repairs Yourself About Handling Your Time Capsule may be damaged by improper storage or handling. Be careful not to drop your Time Capsule when transporting it. WARNING: To reduce the chance of shock or injury, do not use your Time Capsule in or near water or wet locations. WARNING: Do not attempt to open your Time Capsule or disassemble it. You run the risk of electric shock and voiding the limited warranty. No user-serviceable parts are inside.36 Regulatory Compliance Information Wireless Radio Use This device is restricted to indoor use due to its operation in the 5.15 to 5.25 GHz frequency range to reduce the potential for harmful interference to cochannel Mobile Satellite systems. Cet appareil doit être utilisé à l’intérieur. Exposure to Radio Frequency Energy The radiated output power of this device is well below the FCC and EU radio frequency exposure limits. However, this device should be operated with a minimum distance of at least 20 cm between its antennas and a person’s body and the antennas used with this transmitter must not be colocated or operated in conjunction with any other antenna or transmitter subject to the conditions of the FCC Grant. FCC Declaration of Conformity This device complies with part 15 of the FCC rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. See instructions if interference to radio or television reception is suspected. Radio and Television Interference This computer equipment generates, uses, and can radiate radio-frequency energy. If it is not installed and used properly—that is, in strict accordance with Apple’s instructions—it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in Part 15 of FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. You can determine whether your computer system is causing interference by turning it off. If the interference stops, it was probably caused by the computer or one of the peripheral devices. If your computer system does cause interference to radio or television reception, try to correct the interference by using one or more of the following measures:  Turn the television or radio antenna until the interference stops.  Move the computer to one side or the other of the television or radio.  Move the computer farther away from the television or radio.  Plug the computer into an outlet that is on a different circuit from the television or radio. (That is, make certain the computer and the television or radio are on circuits controlled by different circuit breakers or fuses.) If necessary, consult an Apple Authorized Service Provider or Apple. See the service and support information that came with your Apple product. Or, consult an experienced radio/television technician for additional suggestions. Important: Changes or modifications to this product not authorized by Apple Inc. could void the EMC compliance and negate your authority to operate the product.37 This product was tested for FCC compliance under conditions that included the use of Apple peripheral devices and Apple shielded cables and connectors between system components. It is important that you use Apple peripheral devices and shielded cables and connectors between system components to reduce the possibility of causing interference to radios, television sets, and other electronic devices. You can obtain Apple peripheral devices and the proper shielded cables and connectors through an Apple-authorized dealer. For non-Apple peripheral devices, contact the manufacturer or dealer for assistance. Responsible party (contact for FCC matters only) Apple Inc., Corporate Compliance, 1 Infinite Loop M/S 26-A, Cupertino, CA 95014-2084 Industry Canada Statement This Class B device meets all requirements of the Canadian interference-causing equipment regulations. Cet appareil numérique de la Class B respecte toutes les exigences du Règlement sur le matériel brouilleur du Canada. VCCI Class B Statement Europe—EU Declaration of Conformity For more information, see www.apple.com/euro/ compliance. European Union — Disposal Information This symbol means that according to local laws and regulations your product should be disposed of separately from household waste. When this product reaches its end of life, take it to a collection point designated by local authorities. Some collection points accept products for free. The separate collection and recycling of your product at the time of disposal will help conserve natural resources and ensure that it is recycled in a manner that protects human health and the environment. Disposal and Recycling Information This product has an internal battery. Please dispose of it according to your local environmental laws and guidelines. For information about Apple’s recycling program, go to www.apple.com/environment. California: The coin cell battery in your product contains perchlorates. Special handling and disposal may apply. Refer to www.dtsc.ca.gov/hazardouswaste/ perchlorate. Deutschland: Dieses Gerät enthält Batterien. Bitte nicht in den Hausmüll werfen. Entsorgen Sie dieses Gerätes am Ende seines Lebenszyklus entsprechend der maßgeblichen gesetzlichen Regelungen. Nederlands: Gebruikte batterijen kunnen worden ingeleverd bij de chemokar of in een speciale batterijcontainer voor klein chemisch afval (kca) worden gedeponeerd.38 Taiwan: Singapore Wireless Certification Taiwan Warning Statements Korea Warning Statements © 2009 Apple Inc. All rights reserved. Apple, the Apple logo, AirPort, AirPort Express, AirPort Extreme, Apple TV, Bonjour, iPod, Leopard, Macintosh, Mac OS, and Time Capsule are trademarks of Apple Inc., registered in the U.S. and other countries. Finder, iPhone, and Time Machine are trademarks of Apple Inc. Other product and company names mentioned herein may be trademarks of their respective companies.www.apple.com/airport www.apple.com/support/airport 034-4704-A Printed in XXXX Code Signing GuideContents About Code Signing 4 At a Glance 5 Prerequisites 5 See Also 5 Code Signing Overview 6 The Benefits Of Signing Code 6 Digital Signatures and Signed Code 8 Code Requirements 8 The Role of Trust in Code Signing 9 Code Signing Tasks 11 Obtaining a Signing Identity 11 Adding an Info.plist to Single-File Tools 15 Signing Your Code 17 What to Sign 17 When to Sign 18 Using the codesign Command 18 Using the spctl Tool to Test Code Signing 21 Shipping and Updating Your Product 23 Code Signing Requirement Language 25 Language Syntax 25 Evaluation of Requirements 26 Constants 26 String Constants 26 Integer Constants 27 Hash Constants 27 Variables 27 Logical Operators 27 Comparison Operations 28 Equality 28 Inequality 29 Existence 29 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 2Constraints 29 Identifier 29 Info 30 Certificate 30 Trusted 32 Entitlement 33 Code Directory Hash 33 Requirement Sets 34 Document Revision History 36 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 3 ContentsCode signing is a security technology, used in OS X, that allows you to certify that an app was created by you. Once an app is signed, the system can detect any change to the app—whether the change is introduced accidentally or by malicious code. Hash Message digest Digital signature Encrypt Signer’s certificate Code-signed data Signer’s private key 10101100100 10111100001 Data Duis autem vel eum vulputate velit esse molestie consequat, vel illum dolore. 00/00/00 Lorem Ipsum Lorem Ipsum Dolor Lorem Ipsum Dolor Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis. Users appreciate code signing. After installing a new version of a code-signed app, a user is not bothered with alerts asking again for permission to access the keychain or similar resources. As long as the new version uses the same digital signature, OS X can treat the new app exactly as it treated the previous one. Other OS X security features, such as App Sandbox and parental controls, also depend on code signing. In most cases, you can rely on Xcode’s automatic code signing (described in Tools Workflow Guide for Mac ), which requires only that you specify a code signing identity in the build settingsfor your project. This document is for readers who must go beyond automatic code signing—perhaps to troubleshoot an unusual problem, or to incorporate the codesign(1) tool into a build system. 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 4 About Code SigningAt a Glance The elements of code signing include code signatures, code signing identities, code signing certificates, and security trust policies. Be sure to understand these concepts if you need to perform code signing outside of Xcode. Relevant chapter: “Code Signing Overview” (page 6) Before you can sign code, you must obtain or create a code signing identity. You then sign your code and prepare it for distribution. Relevant chapter: “Code Signing Tasks” (page 11) To specify recommended criteria for verifiers to use when evaluating your app’s code signature, you use a requirements language specific to the codesign(1) and csreq(1) commands. You then save your criteria to a binary file as part of your Xcode project. Relevant chapter: “Code Signing Requirement Language” (page 25) Prerequisites Read Security Overview to understand the place of code signing in the OS X security picture. See Also For descriptions of the command-line toolsfor performing code signing,see the codesign(1) and csreq(1) man pages. About Code Signing At a Glance 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 5Code signing is a security technique that can be used to ensure code integrity, to determine who developed a piece of code, and to determine the purposes for which a developer intended a piece of code to be used. Although the code signing system performs policy checks based on a code signature, it is up to the caller to make policy decisions based on the results of those checks. When it is the operating system that makes the policy checks, whether your code will be allowed to run in a given situation depends on whether you signed the code and on the requirements you included in the signature. This chapter describes the benefits of signing code and introduces some of the basic concepts you need to understand in order to carry out the code signing process. Before you read this chapter, you should be familiar with the concepts described in Security Overview. The Benefits Of Signing Code When a piece of code has been signed, it is possible to determine reliably whether the code has been modified by someone other than the signer. The system can detect such alternation whether it was intentional (by a malicious attacker, for example) or accidental (as when a file gets corrupted). In addition, through signing, a developer can state that an app update is valid and should be considered by the system as the same app as the previous version. For example,suppose a user grantsthe SurfWriter app permission to access a keychain item. Each time SurfWriter attempts to access that item, the system must determine whether it is indeed the same app requesting access. If the app is signed, the system can identify the app with certainty. If the developer updates the app and signs the new version with the same unique identifier, the system recognizes the update as the same app and gives it access without requesting verification from the user. On the other hand, if SurfWriter is corrupted or hacked, the signature no longer matches the previous signature; the system detects the change and refuses access to the keychain item. Similarly, if you use Parental Controls to prevent your child from running a specific game, and that game has been signed by its manufacturer, your child cannot circumvent the control by renaming or moving files. Parental Controls uses the signature to unambiguously identify the game regardless of its name, location, or version number. All sorts of code can be signed, including tools, applications, scripts, libraries, plug-ins, and other “code-like” data. 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 6 Code Signing OverviewCode signing has three distinct purposes. It can be used to: ● ensure that a piece of code has not been altered ● identify code as coming from a specific source (a developer or signer) ● determine whether code is trustworthy for a specific purpose (for example, to access a keychain item). To enable signed code to fulfill these purposes, a code signature consists of three parts: ● A seal, which is a collection of checksums or hashes of the various parts of the code, such as the identifier, the Info.plist, the main executable, the resource files, and so on. The seal can be used to detect alterations to the code and to the app identifier. ● A digital signature, which signs the seal to guarantee its integrity. The signature includes information that can be used to determine who signed the code and whether the signature is valid. ● A unique identifier, which can be used to identify the code or to determine to which groups or categories the code belongs. This identifier can be derived from the contents of the Info.plist for the app, or can be provided explicitly by the signer. For more discussion of digital signatures, see the following section, “Digital Signatures and Signed Code.” To learn more about how a code signature is used to determine the signed code’s trustworthiness for a specific purpose, see “Code Requirements” (page 8). Note that code signing deals primarily with running code. Although it can be used to ensure the integrity of stored code (on disk, for example), that's a secondary use. To fully appreciate the uses of code signing, you should be aware of some things that signing cannot do: ● It can’t guarantee that a piece of code is free of security vulnerabilities. ● It can’t guarantee that an app will not load unsafe or altered code—such as untrusted plug-ins—during execution. ● It is not a digital rights management (DRM) or copy protection technology. Although the system could determine that a copy of your app had not been properly signed by you, or that its copy protection had been hacked, thus making the signature invalid, there is nothing to prevent a user from running the app anyway. Code Signing Overview The Benefits Of Signing Code 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 7Digital Signatures and Signed Code As explained in Security Overview, a digital signature uses public key cryptography to ensure data integrity. Like a signature written with ink on paper, a digital signature can be used to identify and authenticate the signer. However, a digital signature is more difficult to forge, and goes one step further: it can ensure that the signed data has not been altered. This is somewhat like designing a paper check or money order in such a way that if someone alters the written amount of money, a watermark with the text “Invalid” becomes visible on the paper. To create a digitalsignature, the signing software computes a special type of checksum called a hash (or digest) based on a piece of data or code and encrypts that hash with the signer’s private key. This encrypted hash is called a signature. To verify that signature, the verifying software computes a hash of the data or code. It then uses the signer’s public key to decrypt the signature, thus obtaining the original hash as computed by the signer. If the two hashes match, the data has not been modified since it was signed by someone in possession of the signer’s private key. Signed code contains several digital signatures: ● If the code is universal, the object code for each slice (architecture) is signed separately. This signature is stored within the binary file itself. ● Various components of the application bundle (such as the Info.plist file, if there is one) are also signed. These signatures are stored in a file called _CodeSignature/CodeResources within the bundle. Code Requirements It is up to the system or program that is launching or loading signed code to decide whether to verify the signature and, if it does, to determine how to evaluate the results of that verification. The criteria used to evaluate a code signature are called code requirements. The signer can specify requirements when signing the code; such requirements are referred to as internal requirements. A verifier can read any internal requirements before deciding how to treat signed code. However, it is up to the verifier to decide what requirements to use. For example, Safari could require a plug-in to be signed by Apple in order to be loaded, regardless of whether that plug-in’s signature included internal requirements. One major purpose of code signatures is to allow the verifier to identify the code (such as a program, plug-in, or script) to determine whether it is the same code the verifier has seen before. The criteria used to make this determination are referred to asthe code’s designated requirement. For example, the designated requirement for Apple Mail might be "was signed by Apple and the identifier is com.apple.Mail". Code Signing Overview Digital Signatures and Signed Code 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 8To see how this works in practice, assume the user has granted permission to the Apple Mail application to access a keychain item. The keychain uses Mail’s designated requirement to identify it: the keychain records the identifier (com.apple.Mail) and the signer of the application (Apple) to identify the program allowed to access the keychain item. Whenever Mail attempts to access this keychain item, the keychain looks at Mail’s signature to make sure that the program has not been corrupted, that the identifier is com.apple.Mail, and that the program wassigned by Apple. If everything checks out, the keychain gives Mail accessto the keychain item. When Apple issues a new version of Mail, the new version includes a signature, signed by Apple, that identifies the application as com.apple.Mail. Therefore, when the user installs the new version of Mail and it attempts to access the keychain item, the keychain recognizes the updated version as the same program and does not prompt the user for verification. Architecturally, a code requirement is a script, written in a dedicated language, that describes conditions (restrictions) the code mustsatisfy to be acceptable forsome purpose. It is up to you whether to specify internal requirements when you sign code. The program identifier or the entire designated requirement can be specified by the signer, or can be inferred by the codesign tool at the time of signing. In the absence of an explicitly specified designated requirement, the codesign utility typically builds a designated requirement from the name of the program found in its Info.plist file and the chain of signatures securing the code signature. Note that validation of signed code against a set of requirements is performed only when the system or some other program needs to determine whether it is safe to trust that code. For example, unsigned code injected into an application through a buffer overflow can still execute because it was not part of the application at launch time. Similarly, an app with an invalid code identifier may still run (depending on policy), but does not get automatic access to keychain items created by previous versions of the app. The Role of Trust in Code Signing Trust is determined by policy. A security trust policy determines whether a particular identity should be accepted for allowing something, such as access to a resource or service. Various parts of OS X have different policies, and make this determination differently. For example, a specialized client application might include a set of root certificatesthat it trusts when communicating with a specific set ofservers. However, these root certificates would not be trusted if those same servers were accessed using a web browser. In much the same way, many parts of OS X (the OS X keychain and parental controls, for example) do not care what entity signed an application; they care only whether the signer has changed since the last time the signature was checked. They use the code signature’s designated requirement for this purpose. Code Signing Overview The Role of Trust in Code Signing 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 9Other parts of OS X constrain acceptable signatures to only those drawn from certificate authorities (root certificates) that are trusted anchors on the system performing the validation. For those checks, the nature of the identity used matters. The Application Firewall is one example of this type of policy. Self-signed identities and self-created certificate authorities do not work for these purposes unless the user has explicitly told the operating system to trust the certificates. You can modify the code signing polices of OS X with the spctl(8) command. Code Signing Overview The Role of Trust in Code Signing 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 10This chapter gives procedures and examplesfor the code signing process. It covers what you need to do before you begin to sign code, how to sign code, and how to ship the code you signed. Obtaining a Signing Identity To sign code, you need a code signing identity, which is a private key plus a digital certificate. The digital certificate must have a usage extension that enables it to be used for signing and it must contain the public key that corresponds to the private key. You can use more than one signing identity, each for its own purpose, such as one to be used for beta seeds and one for final, released products. However, most organizations use only one identity. You can obtain two types of certificates from Apple using the developer portal: Developer ID certificates (for public distribution) and distribution certificates (for submitting to the Mac App Store). To learn more about this, read Tools Workflow Guide for Mac . Note: Apple uses the industry-standard form and format of code signing certificates. Therefore, if your company already has a third-party signing identity that you use to sign code on other systems, you can use it with the OS X codesign command. Similarly, if your company is a certificate issuing authority, contact your IT department to find out how to get a signing certificate issued by your company. If you do not have an existing identity, you should first create one using the Certificate Assistant, which is provided as part of the Keychain Access application. This tool creates a public key, puts it into your keychain, and optionally can produce a certificate signing request that you can then send to Apple (or another certificate authority). The certificate authority then sends you a certificate that, in combination with your private key, completes your digital identity. To import a signing certificate with Keychain Access 1. In Keychain Access (available in /Applications/Utilities), choose File > Import Items. 2. Choose a destination keychain for the identity. 3. Choose the certificate file. 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 11 Code Signing Tasks4. Click Open. Note: If the original private key is not already in your keychain (for example, if you are moving from one development machine to another), you must also import the private key in the same way. Before you obtain a code signing identity and sign your code, consider the following points: ● Do not ship applications signed by self-signed certificates. A self-signed certificate created with the Certificate Assistant is not recognized by users’ operating systems as a valid certificate for any purpose other than validating the designated requirement of your signed code. Because a self-signed certificate has not been signed by a recognized root certificate authority, the user can only verify that two versions of your application came from the same source; they cannot verify that your company is the true source of the code. For more information about root authorities, see “Security Concepts”. ● Depending on your company’s internal policies, you might have to involve your company’s Build and Integration, Legal, and Marketing departments in decisions about what sort of signing identity to use and how to obtain it. You should start this process well in advance of the time you need to actually sign the code for distribution to customers. ● Any signed version of your code that gets into the hands of users will appear to have been endorsed by your company for use. Therefore, you might not want to use your “final” signing identity to sign code that is still in development. ● A signing identity, no matter how obtained, is completely compromised if it is ever out of the physical control of whoever is authorized to sign the code. That means that the signing identity’s private key must never, under any circumstances, be given to end users, and should be restricted to one or a small number of trusted persons within your company. Before obtaining a signing identity and proceeding to sign code, you must determine who within your company will possess the identity, who can use it, and how it will be kept safe. For example, if the identity must be used by more than one person, you can keep it in the keychain of a secure computer and give the password of the keychain only to authorized users, or you can put the identity on a smart card to which only authorized users have the PIN. ● A self-signed certificate created by the Certificate Assistant is adequate for internal testing and development, regardless of what procedures you put in place to sign released products. To use the Certificate Assistant to create a self-signed signing identity 1. Open Applications > Utilities > Keychain Access. Code Signing Tasks Obtaining a Signing Identity 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 122. From the Keychain Access menu, choose Certificate Assistant > Create a Certificate. 3. Fill in a name for the certificate. This name appears in the Keychain Access utility as the name of the certificate. 4. Choose Self Signed Root from the Type popup menu. Code Signing Tasks Obtaining a Signing Identity 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 135. Check the Let me override defaults checkbox. Click Continue. 6. Specify a serial number for the certificate. Any number will do as long as you have no other certificate with the same name and serial number. Code Signing Tasks Obtaining a Signing Identity 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 147. Choose Code Signing from the Certificate Type popup menu. Click Continue. 8. Fill in the information for the certificate. Click Continue. 9. Accept the defaults for the rest of the dialogs. Adding an Info.plist to Single-File Tools As discussed in “Code Requirements” (page 8), the system often uses the Info.plist file of an application bundle to determine the code’s designated requirement. Although single-file tools don’t normally have an Info.plist, you can add one. To do so, use the following procedure: 1. Add an Info.plist file to your project (including adding it to your source control). 2. Make sure the Info.plist file has the following keys: ● CFBundleIdentifier ● CFBundleName Code Signing Tasks Adding an Info.plist to Single-File Tools 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 153. The value for CFBundleIdentifier is used asthe default unique name of your program for Code Signing purposes. Because the CFBundleIdentifier value is also used when your application accessesresources in the application bundle, it may sometimes be necessary to use a non-unique CFBundleIdentifier value for a helper. If you do this, you must provide a different, unique identifier for code signing purposes by passing the -i or --identifier flag to the codesign command. The identifier used for signing must be globally unique. To ensure uniqueness, you should include your company’s name in the value. The usual form for this identifier is a hierarchical name in reverse DNS notation,starting with the top level domain, followed by the company name, followed by the organization within the company, and ending with the product name. For example, the CFBundleIdentifier value for the codesign command is com.apple.security.codesign. 4. The value for CFBundleName shows up in system dialogs asthe name of your program,so itshould match your marketing name for the product. 5. Add the following arguments to your linker flags: -sectcreate __TEXT __info_plist Info.plist_path where Info.plist_path is the complete path of the Info.plist file in your project. In Xcode, for example, you would add these linker flags to the OTHER_LDFLAGS build variable (Other Linker Flags in the target’s build rules). For example, here are the contents of the Info.plist file for the codesign command: CFBundleDevelopmentRegion English CFBundleIdentifier com.apple.security.codesign CFBundleInfoDictionaryVersion 6.0 CFBundleName codesign CFBundleVersion 0.3 Code Signing Tasks Adding an Info.plist to Single-File Tools 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 16Signing Your Code You use the codesign command to sign your code. This section discusses what to sign and gives some examples of the use of codesign. See the codesign(1) manual page for a complete description of its use. What to Sign You should sign every executable in your product, including applications, tools, hidden helper tools, utilities and so forth. Signing an application bundle covers its resources, but not its subcomponents such as tools and sub-bundles. Each of these must be signed independently. If your application consists of a big UI part with one or more little helper tools that try to present a single face to the user, you can make them indistinguishable to code signing by giving them all the exact same code signing identifier. (You can do that by making sure that they all have the same CFBundleIdentifier value in their Info.plist, or by using the -i option in the codesign command, to assign the same identifier.) In that case, all your program components have access to the same keychain items and validate as the same program. Do this only if the programs involved are truly meant to form a single entity, with no distinctions made. A universal binary (bundle or tool) automatically has individual signatures applied to each architecture component. These are independent, and usually only the native architecture on the end user'ssystem is verified. In the case of installer packages (.pkg and .mpkg bundles), everything is implicitly signed: The CPIO archive containing the payload, the CPIO archive containing install scripts, and the bill of materials (BOM) each have a hash recorded in the XAR header, and that header in turn is signed. Therefore, if you modify an install script (for example) after the package has been signed, the signature will be invalid. You may also want to sign your plug-ins and libraries. Although this is not currently required, it will be in the future, and there is no disadvantage to having signatures on these components. Important: When code signing a framework, you must sign a particular version of the framework, not the framework as a whole. For example: codesign -s my-signing-identity ../MyCustomFramework/Versions/A Depending on the situation, codesign may add to your Mach-O executable file, add extended attributes to it, or create new files in your bundle's Contents directory. None of your other files is modified. Code Signing Tasks Signing Your Code 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 17When to Sign You can run codesign at any time on any system running OS X v10.5 or later, provided you have access to the signing identity. You can run it from a shell script phase in Xcode if you like, or as a step in your Makefile scripts, or anywhere else you find suitable. Signing is typically done as part of the product mastering process, after quality assurance work has been done. Avoid signing pre-final copies of your product so that no one can mistake a leaked or accidentally released incomplete version of your product for the real thing. Your final signing must be done after you are done building your product, including any post-processing and assembly of bundle resources. Code signing detects any change to your program after signing, so if you make any changes at all after signing, your code will be rejected when an attempt is made to verify it. Sign your code before you package the product for delivery. Because each architecture component is signed independently, it is all right to perform universal-binary operations (such as running the lipo command) on signed programs. The result will still be validly signed as long as you make no other changes. Using the codesign Command The codesign command is fully described in the codesign(1) manual page. This section provides some examples of common uses of the command. Note that your signing identity must be in a keychain for these commands to work. Signing Code To sign the code located at , using the signing identity , use the following command: codesign -s … The value may be a bundle folder or a specific code binary. See “What to Sign” (page 17) for more details. The identity can be named with any (case sensitive) substring of the certificate's common name attribute, as long as the substring is unique throughout your keychains. (Signing identities are discussed in “Obtaining a Signing Identity” (page 11).) As is typical of Unix-style commands, this command gives no confirmation of success. To get some feedback, include the -v option: codesign -s -v … Code Signing Tasks Signing Your Code 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 18Use the -r option to specify an internal requirement. With this option you can specify a text file containing the requirements, a precompiled requirements binary, or the actual requirement text prefixed with an equal sign (=). For example, to add an internal requirement that all libraries be signed by Apple, you could use the following option: -r="library => anchor apple" The code requirement language is described in “Code Signing Requirement Language” (page 25). If you have built your own certificate hierarchy (perhaps using Certificate Assistant—see “Obtaining a Signing Identity” (page 11)), and want to use your certificate’s anchor to form a designated requirement for your program, you could use the following command: codesign -s signing-identity -r="designated => anchor /my/anchor/cert and identifier com.mycorp.myprog" Note that the requirement source language accepts either an SHA1 hash of a certificate (for example H"abcd....") or a path to the DER encoded certificate in a file. It does not currently accept a reference to the certificate in a keychain, so you have to export the certificate before executing this command. You can also use the csreq command to write the requirements out to a file, and then use the path to that file as the input value for the -r option in the codesign command. See the manual page for csreq(1) for more information on that command. Here are some other samples of requirements: ● anchor apple –the code is signed by Apple ● anchor trusted –the anchor is trusted (for code signing) by the system ● certificate leaf = /path/to/certificate –the leaf (signing) certificate is the one specified ● certificate leaf = /path/to/certificate and identifier "com.mycorp.myprog" –the leaf certificate and program identifier are as specified ● info[mykey] = myvalue – the Info.plist key mykey exists and has the value myvalue Except for the explicit anchor trusted requirement, the system does not consult its trust settings database when verifying a code requirement. Therefore, as long as you don’t add this designated requirement to your code signature, the anchor certificate you use for signing your code does not have to be introduced to the user’s system for validation to succeed. Code Signing Tasks Signing Your Code 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 19Adding Entitlements for Sandboxing If you want to enable App Sandbox for an application, you must add an entitlement property list during the signing process. To do this, add the --entitlements flag and an appropriate property list. For example: codesign --entitlements /path/to/entitlements.plist -s … For a list of entitlement keys that can appear in the entitlement property list, see Entitlement Key Reference . Verifying Code To verify the signature on a signed binary, use the -v option with no other options: codesign -v … This checks that the code binaries at are actually signed, that the signature is valid, that all the sealed components are unaltered, and that the whole thing passes some basic consistency checks. It does not by default check that the code satisfies any requirements except its own designated requirement. To check a particular requirement, use the -R option. For example, to check that the Apple Mail application is identified as Mail,signed by Apple, and secured with Apple’srootsigning certificate, you could use the following command: codesign -v -R="identifier com.apple.mail and anchor apple" /Applications/Mail.app Note that, unlike the -r option, the -R option takes only a single requirement rather than a requirements collection (no => tags). Add one or more additional -v options to get details on the validation process. If you pass a number rather than a path to the verify option, codesign takes the number to be the process ID (pid) of a running process, and performs dynamic validation instead. Getting Information About Code Signatures To get information about a code signature, use the -d option. For example, to output the code signature’s internal requirements to standard out, use the following command: codesign -d -r code-path Note that this option does not verify the signature. Code Signing Tasks Signing Your Code 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 20Using the spctl Tool to Test Code Signing The spctl(8) tool can be used to test your code signatures against various system policies that the user may set. The basic syntax for code signing assessment is shown below: # Assess an application or tool spctl --assess --type execute myTool # Assess an installer package spctl --assess --type install myInstallerPackage.pkg If your application or package signature is valid, these tools exit silently with an exit status of 0. (Type echo $? to display the exit status of the last command.) If the signature is invalid, these tools print an error message and exit with a nonzero exit status. For more detailed information about why the assessment failed, you can add the --verbose flag. For example: spctl --assess --verbose=4 /bin/ls This prints the following output: /bin/ls: accepted source=Apple System To see everything the system has to say about an assessment, pass the --raw option. With this flag, the spctl tool prints a detailed assessment as a property list. To whitelist a program (exactly as if the UI did it), type: spctl --add --label mytest /some/program The --label is an optional tag that you can add to your own rules. This tag allows you to remove the rule easily by typing: spctl --remove --label mytest Note that this removes all rules that match the label, which means that it is a handy way to clean up after testing. You can also temporarily suspend your rules by typing: Code Signing Tasks Using the spctl Tool to Test Code Signing 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 21spctl --disable --label mytest and reenable them later by typing: spctl --enable --label mytest To see a list of the current assessment rules, use the --list flag. For example: spctl --list --type execute The resulting list of rules might look like this: 3[Apple System] P0 allow execute anchor apple 4[Mac App Store] P0 allow execute anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9] exists 5[Developer ID] P0 allow execute anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists 7[UNLABELED] P0 allow execute [/var/tmp/firefly/RUN-FIREFLY-JOBS/test1.app] cdhash H"f34c03450da53c07ac69282089b68723327f278a" 8[UNLABELED] P0 allow execute [/var/tmp/firefly/RUN-FIREFLY-JOBS/test1.app] identifier "org.tpatko.Run-Firefly-Job-X-Cores" and certificate root = H"5056a3983e3b7f44e17e3db8e483b35b6745b236" Notice that the list above includes a number of predefined rules that describe the handling of certain classes of code. For example, rule 5 captures all applicationssigned by a Developer ID. You can disable those applications by typing: spctl --disable --label "Developer ID" This command tells the system to no longer allow execution of any Developer ID-signed applications that the user has not previously run. This is exactly what happens when you use the preference UI to switch to "Mac App Store only". Each rule in the list has a unique number that can be used to address it. For example, if you type: Code Signing Tasks Using the spctl Tool to Test Code Signing 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 22spctl --list --label "Developer ID" you might get a list of rules that looks like this: 5[Developer ID] P0 allow execute anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists 6[Developer ID] P0 allow install anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.14] exists Notice that there are separate rules for execution (5) and installation (6), and you can enable and disable them separately. For example, to enable installation of new applications signed with a Developer ID, you can type: spctl --enable --rule 6 Finally, spctl allows you to enable or disable the security assessment policy subsystem. By default, assessment isturned off, which meansthat missing or invalid code signatures do not prevent an application from launching. However, it is strongly recommended that you test your application with assessment enabled to ensure that your application works correctly. To enable or disable assessment, issue one of the following commands. sudo spctl --master-enable # enables assessment sudo spctl --master-disable # disables assessment spctl --status # shows whether assessment is enabled For more information, see the manual page for spctl(8). Shipping and Updating Your Product The only thing that matters to the code signing system is that the signed code installed on the user’s system identical to the code that you signed. It does not matter how you package, deliver, or install your product as long as you don’t introduce any changesinto the product. Compression, encoding, encrypting, and even binary patching the code are all right as long as you end up with exactly what you started with. You can use any installer you like, as long as it doesn't write anything into the product as it installs it. Drag-installs are fine as well. Code Signing Tasks Shipping and Updating Your Product 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 23When you have qualified a new version of your product, sign it just as you signed the previous version, with the same identifier and the same designated requirement. The user’s system will consider the new version of your product to be the same program as the previous version. In particular, the keychain will not distinguish older and newer versions of your program aslong as both were signed and the unique Identifier hasn't changed. You can take a partial-update approach to revising your code on the user’s system. To do so, sign the new version as usual, then calculate the differences between the new and the old signed versions, and transmit the differences. Because the differences include the new signature data, the result of installing the changes on the end-user's system will be the newly signed version. You cannot patch a signed application in the field. If you do so, the system will notice that the application has changed and will invalidate the signature, and there is no way to re-validate or resign the application in the field. Code Signing Tasks Shipping and Updating Your Product 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 24When you use the codesign command to sign a block of code, you can specify internal requirements; that is, the criteria that you recommend should be used to evaluate the code signature. It is up to the verifier to decide whether to apply the internal requirements or some other set of requirements when deciding how to treat the signed code. You use the code requirement language described in this chapter when specifying requirementsto the codesign or csreq command (see the manual pagesfor codesign(1) and csreq(1)). This chapter describes the requirement language source code. You can compile a set of requirements and save them in binary form using the csreq command. You can provide requirements to the codesign command either as source code or as a binary file. Both the codesign and csreq commands can convert a binary requirement set to text. Although there is some flexibility in the source code syntax (for example, quotes can always be used around string constants but are not always required), conversion from binary to text always uses the same form: ● Parentheses are placed (usually only) where required to clarify operator precedence. ● String constants are quoted (usually only) where needed. ● Whether originally specified as constants or through file paths, certificate hashes are always returned as hash constants. ● Comments in the original source are not preserved in the reconstructed text. Language Syntax Some basic features of the language syntax are: ● Expressions use conventional infix notation (that is, the operator is placed between the two entities being acted on; for example quantity < constant). ● Keywords are reserved, but can be quoted to be included as part of ordinary strings. ● Comments are allowed in C, Objective C, and C++. ● Unquoted whitespace is allowed between tokens, but strings containing whitespace must be quoted. ● Line endings have no special meaning and are treated as whitespace. 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 25 Code Signing Requirement LanguageEvaluation of Requirements A requirement constitutes an expression without side effects. Each requirement can have any number of subexpressions, each of which is evaluated with a Boolean (succeed-fail) result. There is no defined order of evaluation. The subexpressions are combined using logical operators in the expression to yield an overall Boolean result for the expression. Depending on the operators used, an expression can succeed even if some subexpressions fail. For example, the expression anchor apple or anchor = "/var/db/yourcorporateanchor.cert" succeeds if either subexpression succeeds—that is, if the code was signed either by Apple or by your company—even though one of the subexpressions is sure to fail. If an error occurs during evaluation, on the other hand, evaluation stops immediately and the codesign or csreq command returns with a result code indicating the reason for failure. Constants Thissection describesthe use ofstring, integer, hash-value, and binary constantsin the code signing requirement language. String Constants String constants must be enclosed by double quotes (" ") unless the string contains only letters, digits, and periods (.), in which case the quotes are optional. Absolute file paths, which start with a slash, do not require quotes unless they contain spaces. For example: com.apple.mail //no quotes are required "com.apple.mail" //quotes are optional "My Company's signing identity" //requires quotes for spaces and apostrophe /Volumes/myCA/root.crt //no quotes are required "/Volumes/my CA/root.crt" //space requires quotes "/Volumes/my_CA/root.crt" //underscore requires quotes It’s never incorrect to enclose the string in quotes—if in doubt, use quotes. Use a backslash to “escape” any character. For example: Code Signing Requirement Language Evaluation of Requirements 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 26"one \" embedded quote" //one " embedded quote "one \\ embedded backslash" //one \ embedded backslash There is nothing special about the single quote character ('). Integer Constants Integer constants are written as decimal constants are in C. The language does not allow radix prefixes (such as 0x) or leading plus or minus (+ or -) signs. Hash Constants Hash values are written either as a hexadecimal number in quotes preceded by an H, or as a path to a file containing a binary certificate. If you use the first form, the number must include the exact number of digits in the hash value. A SHA-1 hash (the only kind currently supported) requires exactly 40 digits; for example: H"0123456789ABCDEFFEDCBA98765432100A2BC5DA" You can use either uppercase or lowercase letters (A..F or a..f) in the hexadecimal numbers. If you specify a file path, the compiler readsthe binary certificate and calculatesthe hash for you. The compiled version of the requirement code includes only the hash; the certificate file and the path are not retained. If you convert the requirement back to text, you get the hexadecimal hash constant. The file path must point to a file containing an X.509 DER encoded certificate. No container forms (PKCS7, PKCS12) are allowed, nor is the OpenSSL "PEM" form supported. Variables There are currently no variables in the requirement language. Logical Operators The requirement language includes the following logical operators, in order of decreasing precedence: ● ! (negation) ● and (logical AND) ● or (logical OR) Code Signing Requirement Language Variables 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 27These operators can be used to combine subexpressionsinto more complex expressions. The negation operator (!) is a unary prefix operator. The others are infix operators. Parentheses can be used to override the precedence of the operators. Because the language is free of side effects, evaluation order of subexpressions is unspecified. Comparison Operations The requirement language includes the following comparison operators: ● = (equals) ● < (less than) ● > (greater than) ● <= (less than or equal to) ● >= (greater than or equal to) ● exists (value is present) The value-present (exists) operator is a unary suffix operator. The others are infix operators. There are no operators for non-matches (not equal to, not greater than, and so on). Use the negation operator (!) together with the comparison operators to make non-match comparisons. Equality All equality operations compare some value to a constant. The value and constant must be of the same type: a string matches a string constant, a data value matches a hexadecimal constant. The equality operation evaluates to true if the value exists and is equal to the constant. String matching uses the same matching rules as CFString (see CFString Reference ). In match expressions (see “Info” (page 30), “Part of a Certificate” (page 31), and “Entitlement” (page 33)), substrings of string constants can be matched by using the * wildcard character: ● value = *constant* is true if the value exists and any substring of the value matches the constant; for example: ● thunderbolt = *under* ● thunderbolt = *thunder* ● thunderbolt = *bolt* ● value = constant* is true if the value exists and begins with the constant; for example: Code Signing Requirement Language Comparison Operations 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 28● thunderbolt = thunder* ● thunderbolt = thun* ● value = *constant is true if the value exists and ends with the constant; for example: ● thunderbolt = *bolt ● thunderbolt = *underbolt If the constant is written with quotation marks, the asterisks must be outside the quotes. An asterisk inside the quotation marks is taken literally. For example: ● "ten thunderbolts" = "ten thunder"* is true ● "ten thunder*bolts" = "ten thunder*"* is true ● "ten thunderbolts" = "ten thunder*" is false Inequality Inequality operations compare some value to a constant. The value and constant must be of the same type: a string matches a string constant, a data value matches a hexadecimal constant. String comparisons use the same matching rules as CFString with the kCFCompareNumerically option flag; for example, "17.4" is greater than "7.4". Existence The existence operator tests whether the value exists. It evaluates to false only if the value does not exist at all or is exactly the Boolean value false. An empty string and the number 0 are considered to exist. Constraints Several keywords in the requirement language are used to require that specific certificates be present or other conditions be met. Identifier The expression identifier = constant succeedsif the unique identifierstring embedded in the code signature is exactly equal to constant. The equal sign is optional in identifier expressions. Signing identifiers can be tested only for exact equality; the wildcard character (*) can not be used with the identifier constraint, nor can identifiers be tested for inequality. Code Signing Requirement Language Constraints 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 29Info The expression info [key]match expression succeedsif the value associated with the top-level key in the code’s info.plist file matches match expression , where match expression can include any of the operators listed in “Logical Operators” (page 27) and “Comparison Operations” (page 28). For example: info [CFBundleShortVersionString] < "17.4" or info [MySpecialMarker] exists You must specify key as a string constant. If the value of the specified key is a string, the match is applied to it directly. If the value is an array, it must be an array of strings and the match is made to each in turn, succeeding if any of them matches. Substrings of string constants can be matched by using any match expression (see “Comparison Operations” (page 28)). If the code has no info.plist file, or the info.plist does not contain the specified key, this expression evaluates to false without returning an error. Certificate Certificate constraints refer to certificates in the certificate chain used to validate the signature. Most uses of the certificate keyword accept an integer that indicatesthe position of the certificate in the chain: positive integers count from the leaf (0) toward the anchor. Negative integers count backward from the anchor (-1). For example, certificate 1 is the intermediate certificate that was used to sign the leaf (that is, the signing certificate), and certificate -2 indicates the certificate that was directly signed by the anchor. Note that this convention is the same as that used for array indexing in the Perl and Ruby programming languages: Anchor First intermediate Second intermediate Leaf certificate 3 certificate 2 certificate 1 certificate 0 certificate -1 certificate -2 certificate -3 certificate -4 Other keywords include: Code Signing Requirement Language Constraints 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 30● certificate root—the anchor certificate; same as certificate 0 ● anchor—same as certificate root ● certificate leaf—the signing certificate; same as certificate -1 Note: The short form cert is allowed for the keyword certificate. If there is no certificate at the specified position, the constraint evaluates to false without returning an error. If the code was signed using an ad-hoc signature, there are no certificates at all and all certificate constraints evaluate to false. (An ad-hoc signature is created by signing with the pseudo-identity - (a dash). An ad-hoc signature does not use or record a cryptographic identity, and thusidentifies exactly and only the one program being signed.) If the code was signed by a self-signed certificate, then the leaf and root refer to the same single certificate. Whole Certificate To require a particular certificate to be present in the certificate chain, use the form certificate position = hash or one of the equivalent forms discussed above, such as anchor = hash . Hash constants are described in “Hash Constants” (page 27). For Apple’s own code, signed by Apple, you can use the short form anchor apple For code signed by Apple, including code signed using a signing certificate issued by Apple to other developers, use the form anchor apple generic Part of a Certificate To match a well-defined element of a certificate, use the form certificate position[element]match expression where match expression can include the * wildcard character and any of the operators listed in “Logical Operators” (page 27) and “Comparison Operations” (page 28). The currently supported elements are asfollows: Code Signing Requirement Language Constraints 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 31Note: Case is significant in element names. Element name Meaning Comments subject.CN Subject common name Shown in Keychain Access utility subject.C Subject country name subject.D Subject description subject.L Subject locality subject.O Subject organization Usually company or organization subject.OU Subject organizational unit subject.STREET Subject street address Certificate field by OID To check for the existence of any certificate field identified by its X.509 object identifier (OID), use the form certificate position [field.OID] exists The object identifier must be written in numeric form (x.y.z ...) and can be the OID of a certificate extension or of a conventional element of a certificate as defined by the CSSM standard (see Chapter 31 in Common Security: CDSA and CSSM, version 2 (with corrigenda) by the Open Group (http://www.opengroup.org/security/cdsa.htm)). Trusted The expression certificate position trusted succeeds if the certificate specified by position is marked trusted for the code signing certificate policy in the system’s Trust Settings database. The position argument is an integer or keyword that indicates the position of the certificate in the chain; see the discussion under “Certificate” (page 30). The expression anchor trusted Code Signing Requirement Language Constraints 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 32succeeds if any certificate in the signature’s certificate chain is marked trusted for the code signing certificate policy in the system’s Trust Settings database, provided that no certificate closer to the leaf certificate is explicitly untrusted. Thus, using the trusted keyword with a certificate position checks only the specified certificate, while using it with the anchor keyword checks all the certificates, giving precedence to the trust setting found closest to the leaf. Important: The syntax anchor trusted is not a synonym for certificate anchor trusted. Whereas the former checks all certificates in the signature, the latter checks only the anchor certificate. Certificates can have per-user trust settings and system-wide trust settings, and trust settings apply to specific policies. The trusted keyword in the code signing requirement language causes trust to be checked for the specified certificate or certificates for the user performing the validation. If there are no settings for that user, then the system settings are used. In all cases, only the trust settings for the code-signing policy are checked. Policies and trust are discussed in Certificate, Key, and Trust Services Programming Guide . Important: If you do not include an expression using the trusted keyword in your code signing requirement, then the verifier does not check the trust status of the certificates in the code signature at all. Entitlement The expression entitlement [key] match expression succeeds if the value associated with the specified key in the signature’s embedded entitlement dictionary matches match expression , where match expression can include the * wildcard character and any of the operators listed in “Logical Operators” (page 27) and “Comparison Operations” (page 28). You must specify key as a string constant. The entitlement dictionary is included in signatures for certain platforms. Code Directory Hash The expression cdhash hash-constant computes a SHA-1 hash of the program’s CodeDirectory resource and succeeds if the value of this hash exactly equals the specified hash constant. Code Signing Requirement Language Constraints 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 33The CodeDirectory resource is the master directory of the contents of the program. It consists of a versioned header followed by an array of hashes. This array consists of a set of optionalspecial hashesfor other resources, plus a vector of hashes for pages of the main executable. The CodeSignature and CodeDirectory resources together make up the signature of the code. You can use the codesign utility with (at least) three levels of verbosity to obtain the hash constant of a program’s CodeDirectory resource: $ codesign -dvvv /bin/ls ... CodeDirectory v=20001 size=257 flags=0x0(none) hashes=8+2 location=embedded CDHash=4bccbc576205de37914a3023cae7e737a0b6a802 ... Because the code directory changes whenever the program changes in a nontrivial way, this test can be used to unambiguously identify one specific version of a program. When the operating system signs an otherwise unsigned program (so that the keychain or Parental Controls can recognize the program, for example), it uses this requirement. Requirement Sets A requirementset is a collection of distinct requirements, each indexed (tagged) with a type code. The expression tag => requirement applies requirement to the type of code indicated by tag , where possible tags are ● host—thisrequirement is applied to the direct host of this code module; each code module in the hosting path can have its own host requirement, where the hosting path isthe chain of code signing hostsstarting with the most specific code known to be running, and ending with the root of trust (the kernel) ● guest—this requirement is applied to each code module that is hosted by this code module ● library—this requirement is applied to all libraries mounted by the signed code ● designated—this is an explicitly specified designated requirement for the signed code; if there is no explicitly specified designated requirement for the code, then there is no designated internal requirement The primary use of requirement sets is to represent the internal requirements of the signed code. For example: Code Signing Requirement Language Requirement Sets 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 34codesign -r='host => anchor apple and identifier com.apple.perl designated => anchor /my/root and identifier com.bar.foo' setsthe internal requirements ofsome code, having a host requirement of anchor apple and identifier com.apple.perl (“I'm a Perlscript and I want to be run by Apple's Perl interpreter”) and an explicit designated requirement of anchor /my/root and identifier com.bar.foo. Note that this command sets no guest or library requirements. You can also put the requirement set in a file and point to the file: codesign -r myrequirements.rqset where the file myrequirements.rqset might contain: //internal requirements host => anchor apple and identifier com.apple.perl //require Apple's Perl interpreter designated => anchor /my/root and identifier com.bar.foo Code Signing Requirement Language Requirement Sets 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 35This table describes the changes to Code Signing Guide . Date Notes 2012-07-23 Added information about new spctl features in OS X v10.8. Added information about Developer IDs and explanation of how to code sign a framework. 2012-05-15 2011-09-28 Revised document to focus exclusively on code signing. Some of the content in this document was previously in Code Signing and Application Sandboxing Guide . 2011-07-11 Added information about application sandboxing. 2009-10-19 Fixed typographical errors. 2009-10-13 Clarified explanation of CFBundleIdentifier and uniqueness. 2008-11-19 Added a chapter describing the code signing requirement language. New document that explains why you should sign your code and provides code signing procedures. 2007-05-15 2012-07-23 | © 2012 Apple Inc. All Rights Reserved. 36 Document Revision HistoryApple Inc. © 2012 Apple Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrievalsystem, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Apple Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Apple’s copyright notice. No licenses, express or implied, are granted with respect to any of the technology described in this document. Apple retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Apple-labeled computers. Apple Inc. 1 Infinite Loop Cupertino, CA 95014 408-996-1010 Apple, the Apple logo, Keychain, Logic, Mac, OS X, Safari, Sand, and Xcode are trademarks of Apple Inc., registered in the U.S. and other countries. App Store and Mac App Store are service marks of Apple Inc. Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.ASARESULT, THISDOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL,OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state. View Controller Programming Guide for iOSContents About View Controllers 9 At a Glance 10 A View Controller Manages a Set of Views 10 You Manage Your Content Using Content View Controllers 10 Container View Controllers Manage Other View Controllers 10 Presenting a View Controller Temporarily Brings Its View Onscreen 11 Storyboards Link User Interface Elements into an App Interface 11 How to Use This Document 12 Prerequisites 12 See Also 12 View Controller Basics 14 Screens, Windows, and Views Create Visual Interfaces 15 View Controllers Manage Views 17 A Taxonomy of View Controllers 19 Content View Controllers Display Content 19 Container View Controllers Arrange Content of Other View Controllers 21 A View Controller’s Content Can Be Displayed in Many Ways 26 View Controllers Work Together to Create an App’s Interface 28 Parent-Child Relationships Represent Containment 29 Sibling Relationships Represent Peers Inside a Container 29 Presentation Represents a Transient Display of Another Interface 30 Control Flow Represents Overall Coordination Between Content Controllers 31 Storyboards Help You Design Your User Interface 33 Using View Controllers in Your App 35 Working with View Controllers in Storyboards 36 The Main Storyboard Initializes Your App’s User Interface 37 Segues Automatically Instantiate the Destination View Controller 37 Instantiating a Storyboard’s View Controller Programmatically 39 Containers Automatically Instantiate Their Children 41 Instantiating a Non-Storyboard View Controller 41 Displaying a View Controller’s Contents Programmatically 41 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 2Creating Custom Content View Controllers 43 Anatomy of a Content View Controller 43 View Controllers Manage Resources 44 View Controllers Manage Views 45 View Controllers Respond to Events 45 View Controllers Coordinate with Other Controllers 45 View Controllers Often Work with Containers 46 View Controllers May Be Presented by Other View Controllers 46 Designing Your Content View Controller 47 Use a Storyboard to Implement Your View Controller 48 Know When Your Controller Is Instantiated 48 Know What Data Your View Controller Shows and Returns 48 Know What Tasks Your Controller Allows the User to Perform 49 Know How Your View Controller Is Displayed Onscreen 50 Know How Your Controller Collaborates with Other Controllers 50 Examples of Common View Controller Designs 50 Example: Game Title Screen 50 Example: Master View Controller 52 Example: Detail View Controller 53 Example: Mail Compose View Controller 54 Implementation Checklist for Custom Content View Controllers 54 Resource Management in View Controllers 56 Initializing a View Controller 56 Initializing a View Controller Loaded from a Storyboard 56 Initializing View Controllers Programmatically 57 A View Controller Instantiates Its View Hierarchy When Its View is Accessed 57 Loading a View Controller’s View from a Storyboard 59 Creating a View Programmatically 60 Managing Memory Efficiently 61 On iOS 6 and Later, a View Controller Unloads Its Own Views When Desired 63 On iOS 5 and Earlier, the System May Unload Views When Memory Is Low 64 Responding to Display-Related Notifications 66 Responding When a View Appears 66 Responding When a View Disappears 67 Determining Why a View’s Appearance Changed 67 Resizing the View Controller’s Views 69 A Window Sets the Frame of Its Root View Controller’s View 69 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 3 ContentsA Container Sets the Frames of Its Children’s Views 70 A Presented View Controller Uses a Presentation Context 70 A Popover Controller Sets the Size of the Displayed View 70 How View Controllers Participate in the View Layout Process 70 Using View Controllers in the Responder Chain 72 The Responder Chain Defines How Events Are Propagated to the App 72 Supporting Multiple Interface Orientations 74 Controlling What Interface Orientations Are Supported (iOS 6) 75 Declaring a View Controller’s Supported Interface Orientations 75 Dynamically Controlling Whether Rotation Occurs 76 Declaring a Preferred Presentation Orientation 76 Declaring the App’s Supported Interface Orientations 76 Understanding the Rotation Process (iOS 5 and earlier) 77 Declaring the Supported Interface Orientations 77 Responding to Orientation Changes in a Visible View Controller 78 Rotations May Occur When Your View Controller Is Hidden 80 Creating an Alternate Landscape Interface 80 Tips for Implementing Your Rotation Code 82 Accessibility from the View Controller’s Perspective 83 Moving the VoiceOver Cursor to a Specific Element 83 Responding to Special VoiceOver Gestures 84 Escape 85 Magic Tap 85 Three-Finger Scroll 85 Increment and Decrement 86 Observing Accessibility Notifications 86 Presenting View Controllers from Other View Controllers 88 How View Controllers Present Other View Controllers 88 Presentation Styles for Modal Views 91 Presenting a View Controller and Choosing a Transition Style 93 Presentation Contexts Provide the Area Covered by the Presented View Controller 95 Dismissing a Presented View Controller 95 Presenting Standard System View Controllers 96 Coordinating Efforts Between View Controllers 98 When Coordination Between View Controllers Occurs 98 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 4 ContentsWith Storyboards, a View Controller is Configured When It Is Instantiated 99 Configuring the Initial View Controller at Launch 100 Configuring the Destination Controller When a Segue is Triggered 101 Using Delegation to Communicate with Other Controllers 103 Guidelines for Managing View Controller Data 105 Enabling Edit Mode in a View Controller 106 Toggling Between Display and Edit Mode 106 Presenting Editing Options to the User 108 Creating Custom Segues 109 The Life Cycle of a Segue 109 Implementing a Custom Segue 109 Creating Custom Container View Controllers 111 Designing Your Container View Controller 111 Examples of Common Container Designs 113 A Navigation Controller Manages a Stack of Child View Controllers 113 A Tab Bar Controller Uses a Collection of Child Controllers 115 A Page Controller Uses a Data Source to Provide New Children 116 Implementing a Custom Container View Controller 116 Adding and Removing a Child 116 Customizing Appearance and Rotation Callback Behavior 119 Practical Suggestions for Building a Container View Controller 120 Document Revision History 122 Glossary 124 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 5 ContentsFigures, Tables, and Listings View Controller Basics 14 Figure 1-1 A window with its target screen and content views 15 Figure 1-2 Classes in the view system 16 Figure 1-3 A view controller attached to a window automatically adds its view as a subview of the window 17 Figure 1-4 Distinct views managed by separate view controllers 18 Figure 1-5 View controller classes in UIKit 19 Figure 1-6 Managing tabular data 21 Figure 1-7 Navigating hierarchical data 23 Figure 1-8 Different modes of the Clock app 24 Figure 1-9 A master-detail interface in portrait and landscape modes 25 Figure 1-10 Presenting a view controller 27 Figure 1-11 Parent-child relationships 29 Figure 1-12 Sibling relationships in a navigation controller 30 Figure 1-13 Modal presentation by a content view 30 Figure 1-14 The actual presentation is performed by the root view controller. 31 Figure 1-15 Communication between source and destination view controllers 32 Figure 1-16 A storyboard diagram in Interface Builder 33 Using View Controllers in Your App 35 Figure 2-1 A storyboard holds a set of view controllers and associated objects 36 Listing 2-1 Triggering a segue programmatically 38 Listing 2-2 Instantiating another view controller inside the same storyboard 39 Listing 2-3 Instantiating a view controller from a new storyboard 40 Listing 2-4 Installing the view controller as a window’s root view controller 42 Creating Custom Content View Controllers 43 Figure 3-1 Anatomy of a content view controller 44 Figure 3-2 A container view controller imposes additional demands on its children 46 Resource Management in View Controllers 56 Figure 4-1 Loading a view into memory 58 Figure 4-2 Connections in the storyboard 60 Figure 4-3 Unloading a view from memory 65 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 6Table 4-1 Places to allocate and deallocate memory 62 Listing 4-1 Custom view controller class declaration 59 Listing 4-2 Creating views programmatically 61 Listing 4-3 Releasing the views of a view controller not visible on screen 63 Responding to Display-Related Notifications 66 Figure 5-1 Responding to the appearance of a view 66 Figure 5-2 Responding to the disappearance of a view 67 Table 5-1 Methods to call to determine why a view’s appearance changed 68 Using View Controllers in the Responder Chain 72 Figure 7-1 Responder chain for view controllers 73 Supporting Multiple Interface Orientations 74 Figure 8-1 Processing an interface rotation 79 Listing 8-1 Implementing the supportedInterfaceOrientations method 75 Listing 8-2 Implementing the preferredInterfaceOrientationForPresentation method 76 Listing 8-3 Implementing the shouldAutorotateToInterfaceOrientation: method 78 Listing 8-4 Presenting the landscape view controller 81 Accessibility from the View Controller’s Perspective 83 Listing 9-1 Posting an accessibility notification can change the first element read aloud 84 Listing 9-2 Registering as an observer for accessibility notifications 86 Presenting View Controllers from Other View Controllers 88 Figure 10-1 Presented views in the Calendar app. 89 Figure 10-2 Creating a chain of modal view controllers 90 Figure 10-3 Presenting navigation controllers modally 91 Figure 10-4 iPad presentation styles 92 Table 10-1 Transition styles for modal view controllers 93 Table 10-2 Standard system view controllers 96 Listing 10-1 Presenting a view controller programmatically 94 Coordinating Efforts Between View Controllers 98 Listing 11-1 The app delegate configures the controller 100 Listing 11-2 Creating the window when a main storyboard is not being used 101 Listing 11-3 Configuring the destination controller in a segue 102 Listing 11-4 Delegate protocol for dismissing a presented view controller 104 Listing 11-5 Dismissing a presented view controller using a delegate 104 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 7 Figures, Tables, and ListingsEnabling Edit Mode in a View Controller 106 Figure 12-1 Display and edit modes of a view 107 Creating Custom Segues 109 Listing 13-1 A custom segue 110 Creating Custom Container View Controllers 111 Figure 14-1 A container view controller’s view hierarchy contains another controller’s views 112 Figure 14-2 A navigation controller’s view and view controller hierarchy 114 Figure 14-3 A tab bar controller’s view and view controller hierarchy 115 Listing 14-1 Adding another view controller’s view to the container’s view hierarchy 117 Listing 14-2 Removing another view controller’s view to the container’s view hierarchy 117 Listing 14-3 Transitioning between two view controllers 118 Listing 14-4 Disabling automatic appearance forwarding 119 Listing 14-5 Forwarding appearance messages when the container appears or disappears 119 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 8 Figures, Tables, and ListingsView controllers are a vital link between an app’s data and its visual appearance. Whenever an iOS app displays a user interface, the displayed content is managed by a view controller or a group of view controllers coordinating with each other. Therefore, view controllers provide the skeletal framework on which you build your apps. iOS provides many built-in view controller classesto supportstandard user interface pieces,such as navigation and tab bars. As part of developing an app, you also implement one or more custom controllers to display the content specific to your app. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 9 About View ControllersAt a Glance View controllers are traditional controller objects in the Model-View-Controller (MVC) design pattern, but they also do much more. View controllers provide many behaviors common to all iOS apps. Often, these behaviors are built into the base class. For some behaviors, the base class provides part of the solution and your view controllersubclassimplements custom code to provide the rest. For example, when the user rotatesthe device, the standard implementation attempts to rotate the user interface; however, your subclass decides whether the user interface should be rotated, and, if so, how the configuration of its views should change in the new orientation. Thus, the combination of a structured base class and specific subclassing hooks make it easy for you to customize your app’s behavior while conforming to the platform design guidelines. A View Controller Manages a Set of Views A view controller manages a discrete portion of your app’s user interface. Upon request, it provides a view that can be displayed or interacted with. Often, this view is the root view for a more complex hierarchy of views—buttons, switches, and other user interface elements with existing implementations in iOS. The view controller acts asthe central coordinating agent for this view hierarchy, handling exchanges between the views and any relevant controller or data objects. Relevant chapter: “View Controller Basics” (page 14) You Manage Your Content Using Content View Controllers To present content that is specific to your app, you implement your own content view controllers. You create new view controller classes by subclassing either the UIViewController class or the UITableViewController class, implementing the methods necessary to present and control your content. Relevant chapter: “Creating Custom Content View Controllers” (page 43) Container View Controllers Manage Other View Controllers Container view controllers display content owned by other view controllers. These other view controllers are explicitly associated with the container, forming a parent-child relationship. The combination of container and content view controllers creates a hierarchy of view controller objects with a single root view controller. Each type of container defines its own interface to manage its children. The container’s methods sometimes define specific navigational relationships between the children. A container can also set specific restrictions on the types of view controllers that can be its children. It may also expect the view controllers that are its children to provide additional content used to configure the container. About View Controllers At a Glance 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 10iOS provides many built-in container view controller types you can use to organize your user interface. Relevant chapter: “View Controller Basics” (page 14) Presenting a View Controller Temporarily Brings Its View Onscreen Sometimes a view controller wants to display additional information to the user. Or perhaps it wants the user to provide additional information or perform a task. Screen space is limited on iOS devices; the device might not have enough room to display all the user interface elements at the same time. Instead, an iOS app temporarily displays another view for the user to interact with. The view is displayed only long enough for the user to finish the requested action. To simplify the effort required to implement such interfaces, iOS allows a view controller to present another view controller’s contents. When presented, the new view controller’s views are displayed on a portion of the screen—often the entire screen. Later, when the user completes the task, the presented view controller tells the view controller that presented it that the task is complete. The presenting view controller then dismisses the view controller it presented, restoring the screen to its original state. Presentation behavior must be included in a view controller’s design in order for it to be presented by another view controller. Relevant chapter: “Presenting View Controllers from Other View Controllers” (page 88) Storyboards Link User Interface Elements into an App Interface A user interface design can be very complex. Each view controller references multiple views, gesture recognizers, and other user interface objects. In return, these objects maintain references to the view controller or execute specific pieces of code in response to actions the user takes. And view controllers rarely act in isolation. The collaboration between multiple view controllers also defines other relationships in your app. In short, creating a user interface means instantiating and configuring many objects and establishing the relationships between them, which can be time consuming and error prone. Instead, use Interface Builder to create storyboards. A storyboard holds preconfigured instances of view controllers and their associated objects. Each object’s attributes can be configured in Interface Builder, as can relationships between them. At runtime, your app loads storyboards and uses them to drive your app’s interface. When objects are loaded from the storyboard, they are restored to the state you configured in the storyboard. UIKit also provides methods you can override to customize behaviors that cannot be configured directly in Interface Builder. About View Controllers At a Glance 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 11By using storyboards, you can easily see how the objects in your app’s user interface fit together. You also write less code to create and configure your app’s user-interface objects. Relevant chapter: “View Controller Basics” (page 14), “Using View Controllers in Your App” (page 35) How to Use This Document Start by reading “View Controller Basics” (page 14), which explains how view controllers work to create your app’s interface. Next, read “Using View Controllers in Your App” (page 35) to understand how to use view controllers, both those built into iOS and those you create yourself. When you are ready to implement your app’s custom controllers, read “Creating Custom Content View Controllers” (page 43) for an overview of the tasks your view controller performs, and then read the remaining chapters in this document to learn how to implement those behaviors. Prerequisites Before reading this document, you should be familiar with the content in Start Developing iOS Apps Today and Your Second iOS App: Storyboards. The storyboard tutorial demonstrates many of the techniques described in this book, including the following Cocoa concepts: ● Defining new Objective-C classes ● The role of delegate objects in managing app behaviors ● The Model-View-Controller paradigm See Also For more information about the standard container view controllers provided by UIKit, see View Controller Catalog for iOS . For guidance on how to manipulate views in your view controller, see View Programming Guide for iOS . For guidance on how to handle events in your view controller, see Event Handling Guide for iOS . For more information about the overall structure of an iOS app, see iOS App Programming Guide . About View Controllers How to Use This Document 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 12For guidance on how to configure storyboards in your project, see Xcode 4 User Guide About View Controllers See Also 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 13Appsrunning on iOS–based devices have a limited amount ofscreen space for displaying content and therefore must be creative in how they present information to the user. Apps that have lots of information to display must therefore only show a portion to start, and then show and hide additional content as the user interacts with the app. View controller objects provide the infrastructure for managing content and for coordinating the showing and hiding of it. By having different view controller classes control separate portions of your user interface, you break up the implementation of your user interface into smaller and more manageable units. Before you can use view controllers in your app, you need a basic understanding of the major classes used to display content in an iOS app, including windows and views. A key part of any view controller’simplementation isto manage the views used to display its content. However, managing viewsis not the only job view controllers perform. Most view controllers also communicate and coordinate with other view controllers when transitions occur. Because of the many connections view controllers manage, both looking inward to views and associated objects and looking outward to other controllers, understanding the connections between objects can sometimes be difficult. Instead, use Interface Builder to create storyboards. Storyboards make it easier to visualize the relationships in your app and greatly simplify the effort needed to initialize objects at runtime. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 14 View Controller BasicsScreens, Windows, and Views Create Visual Interfaces Figure 1-1 shows a simple interface. On the left, you can see the objects that make up this interface and understand how they are connected to each other. Figure 1-1 A window with its target screen and content views There are three major objects at work here: ● A UIScreen object that identifies a physical screen connected to the device. ● A UIWindow object that provides drawing support for the screen. ● A set of UIView objectsto perform the drawing. These objects are attached to the window and draw their contents when the window asks them to. View Controller Basics Screens, Windows, and Views Create Visual Interfaces 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 15Figure 1-2 shows how these classes (and related important classes) are defined in UIKit. Figure 1-2 Classes in the view system Although you don’t need to understand everything about views to understand view controllers, it can be helpful to consider the most salient features of views: ● A view represents a user interface element. Each view covers a specific area. Within that area, it displays contents or responds to user events. ● Views can be nested in a view hierarchy. Subviews are positioned and drawn relative to their superview. Thus, when the superview moves, its subviews move with it. This hierarchy makes it easy to assemble a group of related views by placing them in a common superview. ● Views can animate their property values. When a change to a property value is animated, the value gradually changes over a defined period of time until it reachesthe new value. Changesto multiple properties across multiple views can be coordinated in a single animation. Animation is critically important to iOS app development. Because most apps display only a portion of their contents at one time, an animation allows the user to see when a transition occurred and where the new content came from. An instantaneous transition might confuse the user. ● Views rarely understand the role they play in your app. For example, Figure 1-1 shows a button (titled Hello), which is a special kind of view, known as a control . Controls know how to respond to user interaction in their area, but they don’t know what they control. Instead, when a user interacts with a control, it sends messages to other objects in your app. This flexibility allows a single class (UIButton) to provide the implementation for multiple buttons, each configured to trigger a different action. A complex app needs many views, often assembling them into view hierarchies. It needs to animate subsets of these views onto or off the screen to provide the illusion of a single larger interface. And finally, to keep view classes reusable, the view classes need to be ignorant of the specific role they perform in the app. So the app logic—the brains—needs to be placed somewhere else. Your view controllers are the brains that tie your app’s views together. View Controller Basics Screens, Windows, and Views Create Visual Interfaces 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 16View Controllers Manage Views Each view controller organizes and controls a view; this view is often the root view of a view hierarchy. View controllers are controller objects in the MVC pattern, but a view controller also has specific tasks iOS expects it to perform. These tasks are defined by the UIViewController class that all view controllers inherit from. All view controllers perform view and resource management tasks; other responsibilities depend on how the view controller is used. Figure 1-3 shows the interface from Figure 1-1, but updated here to use a view controller. You never directly assign the views to the window. Instead, you assign a view controller to the window, and the view controller automatically adds its view to the window. Figure 1-3 A view controller attached to a window automatically adds its view as a subview of the window A view controller is careful to load its view only when the view is needed. It can also release the view under certain conditions. For these reasons, view controllers play a key part in managing resources in your app. A view controller is the natural place to coordinate actions of its connected views. For example, when a button is pressed, it sends a message to the view controller. Although the view itself may be ignorant of the task it performs, the view controller is expected to understand what the button press means and how it should respond. The controller might update data objects, animate or change property values stored in its views, or even bring another view controller’s contents to the screen. Usually, each view controller instantiated by your app sees only a subset of your app’s data. It knows how to display that particular set of data, without needing to know about other kinds of data. Thus, an app’s data model, user interface design, and the view controllers you create are all influenced by each other. View Controller Basics View Controllers Manage Views 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 17Figure 1-4 shows an example of an app that managesrecipes. This app displaysthree related but distinct views. The first view lists the recipes that the app manages. Tapping a recipe shows the second view, which describes the recipe. Tapping the recipe’s picture in the detail view shows the third view, a larger version of the photo. Each view is managed by a distinct view controller object whose job isto present the appropriate view, populate the subviews with data, and respond to user interactions within the view hierarchy. Figure 1-4 Distinct views managed by separate view controllers This example demonstrates a few factors common to view controllers: ● Every view is controlled by only one view controller. When a view is assigned to the view controller’s view property, the view controller owns it. If the view is a subview, it might be controlled by the same view controller or a different view controller. You’ll learn more about how to use multiple view controllers to organize a single view hierarchy when you learn about container view controllers. ● Each view controller interacts with a subset of your app’s data. For example, the Photo controller needs to know only the photo to be displayed. ● Because each view controller provides only a subset of the user experience, the view controllers must communicate with each other to make this experience seamless. They may also communicate with other controllers, such as data controllers or document objects. View Controller Basics View Controllers Manage Views 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 18A Taxonomy of View Controllers Figure 1-5 showsthe view controller classes available in the UIKit framework along with other classesimportant to view controllers. For example, the UITabBarController object manages a UITabBar object, which actually displays the tabs associated with the tab bar interface. Other frameworks define additional view controller classes not shown in this figure. Figure 1-5 View controller classes in UIKit View controllers, both those provided by iOS and those you define, can be divided into two general categories—content view controllers and container view controllers—which reflect the role the view controller plays in an app. Content View Controllers Display Content A content view controller presents content on the screen using a view or a group of views organized into a view hierarchy. The controllers described up to this point have been content view controllers. A content view controller usually knows about the subset of the app’s data that is relevant to the role the controller plays in the app. View Controller Basics A Taxonomy of View Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 19Here are common examples where your app uses content view controllers: ● To show data to the user ● To collect data from the user ● To perform a specific task ● To navigate between a set of available commands or options, such as on the launch screen for a game Content view controllers are the primary coordinating objects for your app because they know the specific details of the data and tasks your app offers the user. Each content view controller object you create is responsible for managing all the views in a single view hierarchy. The one-to-one correspondence between a view controller and the views in its view hierarchy is the key design consideration. You should not use multiple content view controllers to manage the same view hierarchy. Similarly, you should not use a single content view controller object to manage multiple screens’ worth of content. For information about defining your content view controller and implementing the required behaviors, see “Creating Custom Content View Controllers” (page 43). About Table View Controllers Many apps display tabular data. For this reason, iOS provides a built-in subclass of the UIViewController class designed specifically for managing tabular data. This class, UITableViewController, manages a table view and adds support for many standard table-related behaviors such as selection management, row editing, and table configuration. This additional support is there to minimize the amount of code you must write to create and initialize a table-based interface. You can also subclass UITableViewController to add other custom behaviors. View Controller Basics A Taxonomy of View Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 20Figure 1-6 shows an example using a table view controller. Because it is a subclass of the UIViewController class, the table view controller still has a pointer to the root view of the interface (through its view property) but it also has a separate pointer to the table view displayed in that interface. Figure 1-6 Managing tabular data For more information about table views, see Table View Programming Guide for iOS . Container View Controllers Arrange Content of Other View Controllers A container view controller contains content owned by other view controllers. These other view controllers are explicitly assigned to the container view controller as its children. A container controller can be both a parent to other controllers and a child of another container. Ultimately, this combination of controllers establishes a view controller hierarchy. Each type of container view controller establishes a user interface that its children operate in. The visual presentation of this user interface and the design it imposes on its children can vary widely between different types of containers. For example, here are some ways that different container view controllers may distinguish themselves: ● A container provides its own API to manage its children. ● A container decides whether the children have a relationship between them and what that relationship is. View Controller Basics A Taxonomy of View Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 21● A container manages a view hierarchy just as other view controllers do. A container can also add the views of any of its children into its view hierarchy. The container decides when such a view is added and how it should be sized to fit the container’s view hierarchy, but otherwise the child view controller remains responsible for the view and its subviews. ● A container might impose specific design considerations on its children. For example, a container might limit its children to certain view controller classes, or it might expect those controllersto provide additional content needed to configure the container’s views. The built-in container classes are each organized around an important user interface principle. You use the user interfaces managed by these containers to organize complex apps. About Navigation Controllers A navigation controller presents data that is organized hierarchically and is an instance of the UINavigationController class. The methods of this class provide support for managing a stack-based collection of content view controllers. Thisstack representsthe path taken by the user through the hierarchical data, with the bottom of the stack reflecting the starting point and the top of the stack reflecting the user’s current position in the data. Figure 1-7 shows screens from the Contacts app, which uses a navigation controller to present contact information to the user. The navigation bar at the top of each page is owned by the navigation controller. The rest of each screen displayed to the user is managed by a content view controller that presentsthe information View Controller Basics A Taxonomy of View Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 22at that specific level of the data hierarchy. As the user interacts with controls in the interface, those controls tell the navigation controller to display the next view controller in the sequence or dismiss the current view controller. Figure 1-7 Navigating hierarchical data Although a navigation controller’s primary job is to manage its child view controllers, it also manages a few views. Specifically, it manages a navigation bar (that displays information about the user’s current location in the data hierarchy), a button (for navigating back to previous screens), and any custom controls the current view controller needs. You do not directly modify the views owned by the view controller. Instead, you configure the controls that the navigation controller displays by setting properties on each child view controller. For information about how to configure and use navigation controller objects, see “Navigation Controllers”. About Tab Bar Controllers A tab bar controller is a container view controller that you use to divide your app into two or more distinct modes of operation. A tab bar controller is an instance of the UITabBarController class. The tab bar has multiple tabs, each represented by a child view controller. Selecting a tab causes the tab bar controller to display the associated view controller’s view on the screen. View Controller Basics A Taxonomy of View Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 23Figure 1-8 shows several modes of the Clock app along with the relationships between the corresponding view controllers. Each mode has a content view controller to manage the main content area. In the case of the Clock app, the Clock and Alarm view controllers both display a navigation-style interface to accommodate some additional controls along the top of the screen. The other modes use content view controllers to present a single screen. Figure 1-8 Different modes of the Clock app You use tab bar controllers when your app either presents different types of data or presents the same data in different ways. For information about how to configure and use a tab bar controller, see “Tab Bar Controllers”. About Split View Controllers A split view controller divides the screen into multiple parts, each of which can be updated separately. The appearance of a split view controller may vary depending on its orientation. A split view controller is an instance of the UISplitViewController class. The contents of a split view interface are derived from two child view controllers. View Controller Basics A Taxonomy of View Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 24Figure 1-9 shows a split view interface from the MultipleDetailViews sample app. In portait mode, only the detail view is displayed. The list view is made available using a popover. However, when displayed in landscape mode, the split view controller displays the contents of both children side by side. Figure 1-9 A master-detail interface in portrait and landscape modes Split view controllers are supported on iPad only and are designed to help you take advantage of the larger screen of that device. They are the preferred way to implement master-detail interfaces in iPad apps. For information about how to configure and use a split view controller, see “Popovers”. About Popover Controllers Look again at Figure 1-9. When the split view controller is displayed in portrait mode, the master views is displayed in a special control, known as a popover. In an iPad app, you can use popover controllers (UIPopoverController) to implement popovers in your own app. A popover controller is not actually a container; it does not inherent from UIViewController at all. But, in practice, a popover controller is similar to a container, so you apply the same programming principles when you use them. For information about how to configure and use a popover controller, see “Popovers”. View Controller Basics A Taxonomy of View Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 25About Page View Controllers A page view controller is a container view controller used to implement a page layout. That layout allows users to flip between discrete pages of content as if it were a book. A page view controller is an instance of the UIPageViewController class. Each content page is provided by a content view controller. The page view controller managesthe transitions between pages. When new pages are required, the page view controller calls an associated data source to retrieve a view controller for the next page. For information about how to configure and use a page view controller, see “Page View Controllers”. A View Controller’s Content Can Be Displayed in Many Ways For a view controller’s contents to be visible to the user, it must be associated with a window. There are many ways you can do this in your app: ● Make the view controller a window’s root view controller. ● Make the view controller a child of a container. ● Show the view controller in a popover control. ● Present it from another view controller. View Controller Basics A View Controller’s Content Can Be Displayed in Many Ways 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 26Figure 1-10 shows an example from the Contacts app. When the user clicks the plus button to add a new contact, the Contacts view controller presentsthe New Contact view controller. The New Contactscreen remains visible until the user cancels the operation or provides enough information about the contact that it can be saved to the contacts database. At that point the information is transmitted to the Contacts view controller, which then dismisses the controller it presented. Figure 1-10 Presenting a view controller A presented view controller isn’t a specific type of view controller—the presented view controller can be either a content or a container view controller with an attached content view controller. In practice, the content view controller is designed specifically to be presented by another controller, so it can be useful to think of it as a variant of a content view controller. Although container view controllers define specific relationships between the managed view controllers, using presentation allows you to define the relationship between the view controller being presented and the view controller presenting it. View Controller Basics A View Controller’s Content Can Be Displayed in Many Ways 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 27Most of the time, you present view controllersto gather information from the user or capture the user’s attention for some specific purpose. Once that purpose is completed, the presenting view controller dismisses the presented view controller and returns to the standard app interface. It is worth noting that a presented view controller can itself present another view controller. This ability to chain view controllers together can be useful when you need to perform several modal actions sequentially. For example, if the user taps the Add Photo button in the New Contact screen in Figure 1-10 and wants to choose an existing image, the New Contact view controller presents an image picker interface. The user must dismiss the image picker screen and then dismiss the New Contact screen separately to return to the list of contacts. When presenting a view controller, one view controller determines how much of the screen is used to present the view controller. The portion of the screen is called the presentation context By default, the presentation context is defined to cover the window. For more information about how to present view controllers in your app, see “Presenting View Controllers from Other View Controllers” (page 88). View Controllers Work Together to Create an App’s Interface View controllers manage their views and other associated objects, but they also work with other view controllers to provide a seamless user interface. The distribution of work and communication between your app’s view controllers is an essential part of working with them. Because these relationships are so important to building complex apps, this next section reviews the relationships already discussed and describes them in more detail. View Controller Basics View Controllers Work Together to Create an App’s Interface 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 28Parent-Child Relationships Represent Containment A view controller hierarchy starts with a single parent, the root view controller of a window. If that view controller is a container, it may have children that provide content. Those controllers, in turn, may also be containers with children of their own. Figure 1-11 shows an example of a view controller hierarchy. The root view controller is a tab view controller with four tabs. The first tab uses a navigation controller with children of its own and the other three tabs are managed by content view controllers with no children. Figure 1-11 Parent-child relationships The area each view controller fills is determined by its parent. The root view controller’s area is determined by the window. In Figure 1-11, the tab view controller gets its size from the window. It reserves space for its tab bar and gives the remainder of the space to its children. If the navigation controller were the control displayed right now, it reserves space for its navigation bar and hands the rest to its content controller. At each step, the child view controller’s view is resized by the parent and placed into the parent’s view hierarchy. This combination of views and view controllers also establishes the responder chain for events handled by your app. Sibling Relationships Represent Peers Inside a Container The kind of container defines the relationships (if any exists) shared by its children. For example, compare the tab view controller and navigation controller. ● In a tab view controller, the tabs represent distinct screens of content; tab bar controllers do not define a relationship between its children, although your app can choose to do so. ● In a navigation controller, siblings display related views arranged in a stack. Siblings usually share a connection with adjacent siblings. View Controller Basics View Controllers Work Together to Create an App’s Interface 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 29Figure 1-12 shows a common configuration of view controllers associated with a navigation controller. The first child, the master, shows the available content without showing all of the details. When an item is selected, it pushes a new sibling onto the navigation controller so that the user can see the additional details. Similarly, if the user needsto see more details, thissibling can push another view controller thatshowsthe most detailed content available. When siblings have a well defined relationship as in this example, they often coordinate with each other, either directly or through the container controller. See Figure 1-15 (page 32). Figure 1-12 Sibling relationships in a navigation controller Presentation Represents a Transient Display of Another Interface A view controller presents another view controller when it wants that view controller to perform a task. The presenting view controller is in charge of this behavior. It configures the presented view controller, receives information from it, and eventually dismisses it. However, while it is being presented, the presented view controller’s view is temporarily added to the window’s view hierarchy. In Figure 1-13, a content view controller attached to the tab view presents a view controller to perform a task. The content controller is the presenting view controller, and the modal view controller is the presented view controller. Figure 1-13 Modal presentation by a content view View Controller Basics View Controllers Work Together to Create an App’s Interface 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 30When a view controller is presented, the portion of the screen that it coversis defined by a presentation context provided to it by another view controller. The view controller that provides the presentation context does not need be the same view controller that presented it. Figure 1-14 shows the same view controller hierarchy that is presented in Figure 1-13. You can see that the content view presented the view controller, but it did not provide the presentation context. Instead, the view controller was presented by the tab controller. Because of this, even though the presenting view controller only covers the portion of the screen provided to it by the tab view controller, the presented view controller uses the entire area owned by the tab view controller. Figure 1-14 The actual presentation is performed by the root view controller. Control Flow Represents Overall Coordination Between Content Controllers In an app with multiple view controllers, view controllers are usually created and destroyed throughout the lifetime of the app. During their lifetimes, the view controllers communicate with each other to present a seamless user experience. These relationships represent the control flow of your app. Most commonly, this control flow happens when a new view controller isinstantiated. Usually, a view controller is instantiated because of actions in another view controller. The first view controller, known as the source view controller directs the second view controller, the destination view controller. If the destination view controller presents data to the user, the source view controller usually provides that data. Similarly, if the source view controller needsinformation from the destination view controller, it isresponsible for establishing the connection between the two view controllers. Figure 1-15 shows the most common examples of these relationships. In the figure: ● A child of a navigation controller pushes another child onto the navigation stack. ● A view controller presents another view controller. View Controller Basics View Controllers Work Together to Create an App’s Interface 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 31● A view controller displays another view controller in a popover. Figure 1-15 Communication between source and destination view controllers Each controller is configured by the one preceding it. When multiple controllers work together, they establish a communication chain throughout the app. The control flow at each link in this chain is defined by the destination view controller. The source view controller uses the conventions provided by the destination view controller. ● The destination view controller provides properties used to configure its data and presentation. ● If the destination view controller needs to communicate with view controllers preceding it in the chain, it uses delegation. When the source view controller configures the destination view controller’s other properties, it is also expected to provide an object that implements the delegate’s protocol. The benefit of using this control flow convention is that there is a clean division of responsibilities between each pair ofsource and destination view controllers. Data flows down the path when the source view controller asksthe destination view controller to perform a task; the source view controller drivesthe process. For example, it might provide the specific data object that the destination controller should display. In the other direction, data flows up the path when a view controller needsto communicatesinformation back to the source controller that spawned it. For example, it might communicate when the task completes. Also, by consistently implementing this control flow model, you ensure that destination view controllers never know too much about the source view controller that configured them. When it does know about a view controller earlier in the chain, it knows only that the class implements the delegate protocol, not the class of the class. By keeping view controllersfrom knowing too much about each other, individual controllers become more reusable. For someone reading your code, a consistently implemented control flow model makes it easy to see the communication path between any pair of controllers. View Controller Basics View Controllers Work Together to Create an App’s Interface 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 32Storyboards Help You Design Your User Interface When you implement your app using storyboards, you use Interface Builder to organize your app’s view controllers and any associated views. Figure 1-16 shows an example interface layout from Interface Builder. The visual layout of Interface Builder allows you to understand the flow through your app at a glance. You can see what view controllers are instantiated by your app and their order of instantiation. But more than that, you can configure complex collections of views and other objects in the storyboard. The resulting storyboard is stored as a file in your project. When you build your project, the storyboards in your project are processed and copied into the app bundle, where they are loaded by your app at runtime. Figure 1-16 A storyboard diagram in Interface Builder Often, iOS can automatically instantiate the view controllersin yourstoryboard at the moment they are needed. Similarly, the view hierarchy associated with each controller is automatically loaded when it needs to be displayed. Both view controllers and views are instantiated with the same attributes you configured in Interface Builder. Because most of this behavior is automated for you, it greatly simplifies the work required to use view controllers in your app. The full details of creating storyboards are described in Xcode 4 User Guide . For now, you need to know some of the essential terminology used when implementing storyboards in your app. A scene represents an onscreen content area that is managed by a view controller. You can think of a scene as a view controller and its associated view hierarchy. View Controller Basics Storyboards Help You Design Your User Interface 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 33You create relationships between scenes in the same storyboard. Relationships are expressed visually in a storyboard as a connection arrow from one scene to another. Interface Builder usually infers the details of a new relationship automatically when you make a connection between two objects. Two important kinds of relationships exist: ● Containment represents a parent-child relationship between two scenes. View controllers contained in other view controllers are instantiated when their parent controller is instantiated. For example, the first connection from a navigation controller to another scene defines the first view controller pushed onto the navigation stack. This controller is automatically instantiated when the navigation controller is instantiated. An advantage to using containment relationships in a storyboard is that Interface Builder can adjust the appearance of the child view controller to reflect the presence of its ancestors. This allowsInterface Builder to display the content view controller as it appears in your final app. ● A segue represents a visual transition from one scene to another. At runtime, segues can be triggered by various actions. When a segue istriggered, it causes a new view controller to be instantiated and transitioned onscreen. Although a segue is always from one view controller to another, sometimes a third object can be involved in the process. This object actually triggersthe segue. For example, if you make a connection from a button in the source view controller’s view hierarchy to the destination view controller, when the user taps the button, the segue is triggered. When a segue is made directly from the source view controller to the destination view controller, it usually represents a segue you intend to trigger programatically. Different kinds of segues provide the common transitions needed between two different view controllers: ● A push segue pushes the destination view controller onto a navigation controller’s stack. ● A modal segue presents the destination view controller. ● A popover segue displays the destination view controller in a popover. ● A custom segue allows you to design your own transition to display the destination view controller. Segues share a common programming model. In this model, the destination controller is instantiated automatically by iOS and then the source view controller is called to configure it. This behavior matches the control flow model described in “Control Flow Represents Overall Coordination Between Content Controllers” (page 31). You can also create connections between a view controller and objects stored in the same scene. These outlets and actions enable you to carefully define the relationships between the view controller and its associated objects. Connections are not normally visible in the storyboard itself but can be viewed in the Connections Inspector of Interface Builder. View Controller Basics Storyboards Help You Design Your User Interface 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 34Whether you are working with view controllers provided by iOS, or with custom controllers you’ve created to show your app’s content, you use a similar set of techniques to actually work with the view controllers. The most common technique for working with view controllers is to place them inside a storyboard. Placing view controllers in a storyboard allows you to directly establish relationships between the view controllers in your app without writing code. You can see the flow of control—from controllers created when your app first launches, to controllers that are instantiated in response to a user’s actions. iOS manages most of this process by instantiating these view controllers only when the app needs them. Sometimes you may need to create a view controller by allocating and initializing it programmatically. When working with view controllers directly, you must write code that instantiates the view controller, configures it, and displays it. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 35 Using View Controllers in Your AppWorking with View Controllers in Storyboards Figure 2-1 shows an example of a storyboard. This storyboard includes view controllers, associated views, and connection arrows that establish relationships between the view controllers. In effect, this storyboard tells a story, starting with one scene and later showing others in response to a user’s actions. Figure 2-1 A storyboard holds a set of view controllers and associated objects A storyboard may designate one view controller to be the initial view controller. If a storyboard represents a specific workflow through part of your UI, the initial view controller represents the first scene in that workflow. You establish relationships from the initial view controller to other view controllers in the storyboard. In turn, you establish relationships from those view controllers to others, eventually connecting most or all of the storyboard’s scenes into a single connected graph. The type of relationship you establish determines when a connected view controller is instantiated by iOS, as follows: ● If the relationship is a segue, the destination view controller is instantiated when the segue is triggered. ● If the relationship represents containment, the child view controller is instantiated when its parent is instantiated. ● If the controller is not the destination or child of another controller, it is never instantiated automatically. You must instantiate it from the storyboard programmatically. Using View Controllers in Your App Working with View Controllers in Storyboards 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 36To identify a specific view controller or segue inside a storyboard, use Interface Builder to assign it an identifier string that uniquely identifies it. To programmatically load a view controller from the storyboard, you must assign it an identifier. Similarly, to trigger a segue programmatically, it must also be assigned an identifier. When a segue is triggered, that segue's identifier is passed to the source view controller, which uses it to determine which segue was triggered. For this reason, consider labeling every segue with an identifier. When you build an app using storyboards, you can use a single storyboard to hold all of its view controllers, or you can create multiple storyboards and implement a portion of the user interface in each. One storyboard in your app is almost always designated as the main storyboard. If there is a main storyboard, iOS loads it automatically; other storyboards must be explicitly loaded by your app. The Main Storyboard Initializes Your App’s User Interface The main storyboard is defined in the app’s Information property list file. If a main storyboard is declared in this file, then when your app launches, iOS performs the following steps: 1. It instantiates a window for you. 2. It loads the main storyboard and instantiates its initial view controller. 3. It assigns the new view controller to the window’s rootViewController property and then makes the window visible on the screen. Your app delegate is called to configure the initial view controller before it is displayed. The precise set of steps iOS uses to load the main storyboard is described in “Coordinating Efforts Between View Controllers” (page 98). Segues Automatically Instantiate the Destination View Controller A segue represents a triggered transition that brings a new view controller into your app’s user interface. Segues contain a lot of information about the transition, including the following: ● The object that caused the segue to be triggered, known as the sender ● The source view controller that starts the segue ● The destination view controller to be instantiated ● The kind of transition that should be used to bring the destination view controller onscreen ● An optional identifier string that identifies that specific segue in the storyboard When a segue is triggered, iOS takes the following actions: 1. It instantiates the destination view controller using the attribute values you provided in the storyboard. Using View Controllers in Your App Working with View Controllers in Storyboards 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 372. It gives the source view controller an opportunity to configure the new controller. 3. It performs the transition configured in the segue. Note: When you implement custom view controllers, each destination view controller declares public properties and methods used by the source view controller to configure its behavior. In return, your custom source view controllers override storyboard methods provided by the base class to configure the destination view controller. The precise details are in “Coordinating Efforts Between View Controllers” (page 98). Triggering a Segue Programmatically A segue is usually triggered because an object associated with the source view controller, such as a control or gesture recognizer, triggered the segue. However, a segue can also be triggered programmatically by your app, as long as the segue has an assigned identifier. For example, if you are implementing a game, you might trigger a segue when a match ends. The destination view controller then displays the match’s final scores. You programmatically trigger the segue by calling the source view controller’s performSegueWithIdentifier:sender: method, passing in the identifier for the segue to be triggered. You also pass in another object that acts as the sender. When the source controller is called to configure the destination view controller, both the sender object and the identifier for the segue are provided to it. Listing 2-1 shows a simple method that triggers a segue. This example is a portion of a larger example described in “Creating an Alternate Landscape Interface” (page 80). In this abbreviated form, you can see that the view controller is receiving an orientation notification. When the view controller is in portrait mode and the device is rotated into landscape orientation, the method uses a segue to present a different view controller onscreen. Because the notification object in this case provides no useful information for performing the segue command, the view controller makes itself the sender. Listing 2-1 Triggering a segue programmatically - (void)orientationChanged:(NSNotification *)notification { UIDeviceOrientation deviceOrientation = [UIDevice currentDevice].orientation; if (UIDeviceOrientationIsLandscape(deviceOrientation) && !isShowingLandscapeView) { [self performSegueWithIdentifier:@"DisplayAlternateView" sender:self]; isShowingLandscapeView = YES; } Using View Controllers in Your App Working with View Controllers in Storyboards 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 38// Remainder of example omitted. } If a segue can be triggered only programmatically, you usually draw the connection arrow directly from the source view controller to the destination view controller. Instantiating a Storyboard’s View Controller Programmatically You may want to programmatically instantiate a view controller without using a segue. A storyboard is still valuable, because you can use it to configure the attributes of the view controller as well as its view hierarchy. However, if you do instantiate a view controller programmatically, you do not get any of the behavior of a segue. To display the view controller, you must implement additional code. For this reason, you should rely on segues where possible and use this technique only when needed. Here are the steps your code needs to implement: 1. Obtain a storyboard object (an object of the UIStoryboard class). If you have an existing view controller instantiated from the same storyboard, read its storyboard property to retrieve the storyboard. To load a different storyboard, call the UIStoryboard class’s storyboardWithName:bundle: class method, passing in the name of the storyboard file and an optional bundle parameter. 2. Call the storyboard object’s instantiateViewControllerWithIdentifier: method, passing in the identifier you defined for the view controller when you created it in Interface Builder. Alternatively, you can use the instantiateInitialViewController method to instantiate the initial view controller in a storyboard, without needing to know its identifier. 3. Configure the new view controller by setting its properties. 4. Display the new view controller. See “Displaying a View Controller’s Contents Programmatically” (page 41). Listing 2-2 shows an example of this technique. It retrieves the storyboard from an existing view controller and instantiates a new view controller using it. Listing 2-2 Instantiating another view controller inside the same storyboard - (IBAction)presentSpecialViewController:(id)sender { UIStoryboard *storyboard = self.storyboard; SpecialViewController *svc = [storyboard instantiateViewControllerWithIdentifier:@"SpecialViewController"]; Using View Controllers in Your App Working with View Controllers in Storyboards 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 39// Configure the new view controller here. [self presentViewController:svc animated:YES completion:nil]; } Listing 2-3 shows another frequently used technique. This example loads a new storyboard and instantiates its initial view controller. It uses this view controller as the root view controller for a new window being placed on an external screen. To display the returned window, your app calls the window’s makeKeyAndVisible method. Listing 2-3 Instantiating a view controller from a new storyboard - (UIWindow*) windowFromStoryboard: (NSString*) storyboardName onScreen: (UIScreen*) screen { UIWindow *window = [[UIWindow alloc] initWithFrame:[screen bounds]]; window.screen = screen; UIStoryboard *storyboard = [UIStoryboard storyboardWithName:storyboardName bundle:nil]; MainViewController *mainViewController = [storyboard instantiateInitialViewController]; window.rootViewController = mainViewController; // Configure the new view controller here. return window; } Transitioning to a New Storyboard Requires a Programmatic Approach Segues connect only scenes that are stored in the same storyboard. To display a view controller from another storyboard, you must explicitly load the storyboard file and instantiate a view controller inside it. There is no requirement that you create multiple storyboards in your app. Here, though, are a few cases where multiple storyboards might be useful to you: Using View Controllers in Your App Working with View Controllers in Storyboards 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 40● You have a large programming team, with different portions of the user interface assigned to different parts of the team. In this case, each subteam owns a storyboard limiting the number of team members working on any specific storyboard’s contents. ● You purchased or created a library that predefines a collection of view controller types; the contents of those view controllers are defined in a storyboard provided by the library. ● You have content that needs to be displayed on an external screen. In this case, you might keep all of the view controllers associated with the alternate screen inside a separate storyboard. An alternative pattern for the same scenario is to write a custom segue. Containers Automatically Instantiate Their Children When a container in a storyboard is instantiated, its children are automatically instantiated at the same time. The children must be instantiated at the same time to give the container controller some content to display. Similarly, if the child that was instantiated is also a container, its children are also instantiated, and so on, until no more containment relationships can be traced to new controllers. If you place a content controller inside a navigation controller inside a tab bar controller, when the tab bar is instantiated, the three controllers are simultaneously instantiated. The container and its descendants are instantiated before your view controller is called to configure them. Your source view controller (or app delegate) can rely on all the children being instantiated. This instantiation behavior is important, because your custom configuration code rarely configures the container(s). Instead, it configures the content controllers attached to the container. Instantiating a Non-Storyboard View Controller To create a view controller programmatically without the use of the storyboard, you use Objective-C code to allocate and initialize the view controller. You gain none of the benefits of storyboards, meaning you have to implement additional code to configure and display the new view controller. Displaying a View Controller’s Contents Programmatically For a view controller’s content to be useful, it needs to be displayed on screen. There are several options for displaying a view controller’s contents: ● Make the view controller the root view controller of a window. ● Make it a child of a visible container view controller. ● Present it from another visible view controller. Using View Controllers in Your App Instantiating a Non-Storyboard View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 41● Present it using a popover (iPad only). In all cases, you assign the view controller to another object—in this case, a window, a view controller, or a popover controller. This object resizes the view controller’s view and adds it to its own view hierarchy so that it can be displayed. Listing 2-4 showsthe most common case, which isto assign the view controller to a window. This code assumes that a storyboard is not being used, so it performs the same steps that are normally done on your behalf by the operating system: It creates a window and setsthe new controller asthe root view controller. Then it makes the window visible. Listing 2-4 Installing the view controller as a window’s root view controller - (void)applicationDidFinishLaunching:(UIApplication *)application { UIWindow *window = [[UIWindow alloc] initWithFrame:[[UIScreen mainScreen] bounds]]; levelViewController = [[LevelViewController alloc] init]; window.rootViewController = levelViewController; [window makeKeyAndVisible]; } Important: Never install the view controller’s view into a view hierarchy directly. To present and manage views properly, the system makes a note of each view (and its associated view controller) that you display. It uses this information later to report view controller–related events to your app. For example, when the device orientation changes, a window uses this information to identify the frontmost view controller and notify it of the change. If you incorporate a view controller’s view into your hierarchy by other means, the system may handle these events incorrectly. If you are implementing your own custom container controller, you add another view controller’s view to your own view hierarchy, but you also create a parent-child relationship first. This ensures that events are delivered correctly. See “Creating Custom Container View Controllers” (page 111). Using View Controllers in Your App Displaying a View Controller’s Contents Programmatically 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 42Custom content view controllers are the heart of your app. You use them to present your app’s unique content. All apps need at least one custom content view controller. Complex apps divide the workload between multiple content controllers. A view controller has many responsibilities. Some of these responsibilities are things that iOS requires the view controller to do. Other responsibilities are things you assign to the view controller when you define its role in your app. Anatomy of a Content View Controller The UIViewController class provides the fundamental infrastructure for implementing all custom view controllers. You define a custom subclass of UIViewController. That subclass provides the necessary code to populate views with data and respond to user actions. When you want to make adjustments to the default behavior of the view controller, you override methods of the UIViewController class. Your view controller may also interact with other UIKit classes to implement the behavior you want. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 43 Creating Custom Content View ControllersFigure 3-1 shows some of the key objects associated directly with a content view controller. These are the objectsthat are essentially owned and managed by the view controller itself. The view (accessible via the view property) is the only object that must be provided, although most view controllers have additional subviews attached to this view as well as custom objects containing the data they need to display. Figure 3-1 Anatomy of a content view controller View View View View Content view controller Custom data objects When you design a new view controller, it potentially has many responsibilities. Some of those responsibilities look inward, to the views and other objects it controls. Other responsibilities look outward to other controllers. The following sections enumerate many of the common responsibilities for a view controller. View Controllers Manage Resources Some objects are instantiated when the view controller is initialized and are disposed of when your view controller is released. Other objects, like views, are needed only when the view controller’s contents are visible onscreen. As a result, view controllers use resources efficiently and should be prepared to release resources when memory is scarce. Properly implementing this behavior in your app's view controllers makes it so your app uses memory and other resources—such as CPU, GPU, and battery—more efficiently. See “Resource Management in View Controllers” (page 56). Creating Custom Content View Controllers Anatomy of a Content View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 44View Controllers Manage Views View controllers manage their view and its subviews, but the view’s frame—its position and size in its parent’s view—is often determined by other factors, including the orientation of the device, whether or not the status bar is visible and even how the view controller’s view is displayed in the window. Your view controller should be designed to layout its view to fit the frame provided to it. View management has other aspects as well. Your view controller is notified when its view is about to appear and disappear from the screen. Your view controller can use this notification to perform other actions necessary to its operation. See “Resizing the View Controller’s Views” (page 69), “Supporting Multiple Interface Orientations” (page 74), “Responding to Display-Related Notifications” (page 66). View Controllers Respond to Events Your view controller is often the central coordinating object for its views and controls. Typically, you design your user interface so that controls send messages to the controller when a user manipulates them. Your view controller is expected to handle the message, making any necessary changes to the views or data stored in the view controller. Your view controller also participates in the responder chain used to deliver events to your app. You can override methodsin your view controller classto have it participate directly in event handling. View controllers also are good objects to implement other behaviors—such as responding to system notifications, timers or events specific to your app. See “Using View Controllers in the Responder Chain” (page 72). View Controllers Coordinate with Other Controllers Although a view controller may create and manage many other objects, it does not usually need to expose these objects publicly to inspection or modification. It may collaborate with other objects (especially other view controllers), but it should expose the fewest number of properties and methods necessary to allow its collaborators to communicate with it. Exposing too many implementation details in your view controller class makes it difficult to modify your view controller’s implementation. Collaborators that rely on these implementation details would need to be modified to continue to work with your view controller class. See “Coordinating Efforts Between View Controllers” (page 98). Creating Custom Content View Controllers Anatomy of a Content View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 45View Controllers Often Work with Containers If your view controller is placed inside a container view controller, the container imposes additional constraints, as shown in Figure 3-2. The container may ask your view controller to provide other objects used to configure the container’s user interface. For example, a content view controller placed inside a tab view controller provides a tab bar item to display for that tab. Figure 3-2 A container view controller imposes additional demands on its children The properties used to configure the containers provided by UIKit are defined by the UIViewController class. For more information on specific types of containers and the properties you configure to support them, see View Controller Catalog for iOS . View Controllers May Be Presented by Other View Controllers Some view controllers you design are intended to be presented by other view controllers. You might present your view controller directly, or you might make it a child of a container view controller and present the container instead. When presented, it moves onscreen, remaining there until it is dismissed. There are several reasons you might present a view controller: Creating Custom Content View Controllers Anatomy of a Content View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 46● To gather information from the user immediately. ● To present some content temporarily. ● To change work modes temporarily. ● To implement alternate interfaces for different device orientations. ● To present a new view hierarchy with a specific type of animated transition (or no transition). Most of these reasons involve interrupting your app’s workflow temporarily in order to gather or display some information. In almost all cases, the presented view controller implements a delegate. The presented view controller uses the delegate to communicate with the presenting view controller. After your app has the information it needs (or the user finishes viewing the presented information), the presented view controller communicates this back to the presenting view controller. The presenting view controller dismisses the presented view controller to return the app to its previous state. See “Presenting View Controllers from Other View Controllers” (page 88). Designing Your Content View Controller Before writing any code in your view controller, you should be able to answer some basic questions about how you intend to use it. The questions provided below are designed to help you narrow the focus of your view controller and to help you understand the role it plays in your app. In particular, it helps you identify connections—usually to other controllers—your view controller needs to perform its tasks. ● Are you using a storyboard to implement the view controller? ● When is it instantiated? ● What data does it show? ● What tasks does it perform? ● How is its view displayed onscreen? ● How does it collaborate with other view controllers? Your answers to these questions need not be precise if you are still working out the role it plays. Still, it helps to have a general sense of what your view controller does and how other objects interact with it. The questions above don’t ask you to define the appearance of your view controller or to be precise about the implementation details of how it performs the tasks you’ve assigned to it. Those are important questions you need to answer, but neither of these things should affect your view controller’s public interface. You want the flexibility to be able to change the visual design of your view controller without changing the class declaration that defines how other controllers collaborate with it. Creating Custom Content View Controllers Designing Your Content View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 47Use a Storyboard to Implement Your View Controller You might consider whether or not to use a storyboard as an implementation detail, but the approach you take affects how you implement the view controller and how other objects collaborate with it. You always use a storyboard unless you have a strong reason not to. When you use storyboards: ● iOS usually instantiates your view controller for you automatically. ● To finish instantiating it, you override its awakeFromNib method. ● Other objects configure it through its properties. ● You create its view hierarchy and other related objects in Interface Builder. These objects are loaded automatically when the view is needed. ● Relationships with other view controllers are created in the storyboard. If you design your view controller to be used programmatically: ● The view controller is instantiated by allocating and initializing it. ● You create an custom initialization method to initialize the view controller. ● Other objects configure the view controller using itsinitialization method and by configuring its properties. ● You override the loadView method to programmatically create and configure its view hierarchy. ● Relationships with other view controllers are created by writing code. Know When Your Controller Is Instantiated Knowing when your view controller is instantiated usually implies other details for how your app operates. For example, you might know that your view controller is alwaysinstantiated by the same object. Often the objects that instantiate view controllers are themselves view controllers; this is almost always the case in an app that uses storyboards. In any case, knowing when, why, and by what object your view controller is instantiated gives you insight into the information exchanged between your view controller and the object that created it. Know What Data Your View Controller Shows and Returns When you answer these two questions, you are working to understand the data model for your app and also whether that data needs to be exchanged between your view controllers. Here are some common patterns you should expect to see in your view controllers: Creating Custom Content View Controllers Designing Your Content View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 48● The view controller receives data from another controller and displays it, without offering a way to edit it. No data is returned. ● The view controller allows the user to enter new data. After the user finishes editing the data, it sends the new data to another controller. ● The view controller receives data from another controller and allows the user to edit it. After the user finishes editing the data, it sends the new data to another controller. ● The view controller doesn’t send or receive data. Instead, it shows static views. ● The view controller doesn’tsend or receive data. Instead, itsimplementation loadsits data without exposing this mechanism to other view controllers. For example, the GKAchievementViewController class has built-in functionality to determine which player is authenticated on the device. It also knows how to load that player’s data from Game Center. The presenting view controller does not need to know what data is loaded or how it was loaded. You are not constrained to use only these designs. When data travels into or out of your view controller, consider defining a data model class to hold the data to be transferred to the new controller. For example, in Your Second iOS App: Storyboards, the master controller uses a BirdSighting object to send data associated with a sighting to the detail controller. Using an object for this makes it easier to update the data to include additional properties without changing the method signatures in your controller classes. Know What Tasks Your Controller Allows the User to Perform Some view controllers allow users to view, create, or edit data. Other view controllers allow users to navigate to otherscreens of content. And some allow usersto perform tasks provided by the view controller. For example, the MFMailComposeViewController class allows a user to compose and send emails to other users. It handles the low-level details of sending mail messages. As you determine which tasks your view controller performs, decide how much control over those tasks your view controller exposes to other controllers. Many view controllers can perform tasks without exposing configuration data to other controllers. For example, the GKAchievementViewController class displays achievements to the user without exposing any properties to configure how it loads or presents its data. The MFMailComposeViewController class presents a slightly different scenario by exposing some properties that another controller can use to configure the initial content it displays. After that, a user can edit the content and send the email message without giving other controller objects a chance to affect that process. Creating Custom Content View Controllers Designing Your Content View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 49Know How Your View Controller Is Displayed Onscreen Some view controllers are designed to be root view controllers. Others expect to be presented by another view controller or placed in a container controller. Occasionally, you design controllers that can be displayed in multiple ways. For example, a split view controller’s master view is displayed in the split view in landscape mode and in a popover control in portrait mode. Knowing how your view controller is displayed gives you insight into how its view issized and placed onscreen. It also affects other areas, such as determining what other controllers your view controller collaborates with. Know How Your Controller Collaborates with Other Controllers By this point, you already know some things about collaboration. For example, if your view controller is instantiated from a segue, then it probably collaborates with the source view controller that configures it. And if your controller is a child of a container, then it collaborates with the container. But there are relationships in the other direction as well. For example, your view controller might defer some of its work and hand it off to another view controller. It might even exchange data with an existing view controller. With all of these connections, your view controller provides an interface that other controllers use, or it is aware of other controllers and it uses their interfaces. These connections are essential to providing a seamless experience, but they also represent design challenges because they introduce dependencies between classes in your app. Dependencies are a problem because they make it more difficult to change any one class in isolation from the other classes that make up your app. For this reason, you need to balance the needs of your app now against the potential need to keep your app design flexible enough to change later. Examples of Common View Controller Designs Designing a new view controller can be challenging. It helps to look at existing designs and understand what they do and why. This next section talks about some common view controller styles used in iOS apps. Each example includes a description of the role the view controller plays, a brief description of how it works at a high level, and one possible list of answers to the design questions listed above. Example: Game Title Screen Mission Statement A view controller that allows the user to select between different styles of game play. Creating Custom Content View Controllers Examples of Common View Controller Designs 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 50Description When a game is launched, it rarely jumps right into the actual game. Instead, it displays a title screen that identifies the game and presents a set of game variants to the player. For example, a game might offer buttons that allow a player to start a single player or multiplayer game. When the user selects one of the options, the app configures itself appropriately and launches into its gameplay. A title screen is interesting specifically because its contents are static; they don’t need data from another controller. As such, this view controller is almost entirely self-sufficient. It does, however, know about other view controllers, because it instantiates other view controllers to launch its gameplay. Design ● Are you using a storyboard to implement the view controller? Yes. ● When is it instantiated? This view controller is the initial scene in the main storyboard. ● What data does it show? This class displays preconfigured controls and images; it does not present user data. It does not include configurable properties. ● What tasks does it perform? When a user taps on a button, it triggers a segue to instantiate another view controller. Each segue is identified so that the appropriate game play can be configured. ● How is its view displayed onscreen? It isinstalled automatically asthe root view controller of the window. ● How does it collaborate with other view controllers? It instantiates another view controller to present a gameplay screen. When gameplay ends, the other view controller sends a message to the title screen controller to inform it that play has ended. The title screen controller then dismisses the other view controller. Alternative Design Considerations The default answers assume that no user data is displayed. Some games include player data to configure the views or controls. For example: ● You might want the view controller to display the user’s Game Center alias. ● You might want it to enable or disable buttons based on whether the device is connected to Game Center. ● You might want it to enable or disable buttons based on In-App Purchase items the user has purchased. When these additional items are added to the design, the view controller takes on a more traditional role. It might receive data objects or data controllers from the app delegate so that it can query and update this state as necessary. Or, as it is the root view controller for the window, you might simply implement those behaviors directly in the title screen controller. The actual design likely depends on how flexible you need your code to be. Creating Custom Content View Controllers Examples of Common View Controller Designs 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 51Example: Master View Controller Mission Statement The initial view controller of a navigation controller, used to display a list of the app’s available data objects. Description A master view controller is a very common part of a navigation-based app. For example, Your Second iOS App: Storyboards uses a master view to display the list of bird sightings. When a user selects a sighting from the list, the master view controller pushes a new detail controller onto the screen. Because this view controller displays a list of items, it subclasses UITableViewController instead of UIViewController. Design ● Are you using a storyboard to implement the view controller? Yes. ● When is it instantiated? Asthe root view controller of a navigation controller, it isinstantiated at the same time as its parent. ● What data does it show? A high-level view of the app’s data. It implements properties that the app delegate uses to provide data to it. For example, the bird watching app provides a custom data controller object to the master view controller. ● What tasks does it perform? It implements an Add button to allow users to create new records. ● How is its view displayed onscreen? It is a child of a navigation controller. ● How does it collaborate with other view controllers? When the user taps on an item in the list, it uses a push segue to show a detail controller. When the user taps on the Add button, it uses a modal segue to present a new view controller that edits a new record. It receives data back from this modal view controller and sends this data to the data controller to create a new bird sighting. Alternative Design Considerations A navigation controller and an initial view controller is used when building an iPhone app. When designing the same app for the iPad, the master view controller is a child of a split view controller instead. Most other design decisions stay the same. Creating Custom Content View Controllers Examples of Common View Controller Designs 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 52Example: Detail View Controller Mission Statement A controller pushed onto a navigation stack to display the details for a list item selected from the master view controller. Description The detail view controller represents a more detailed view of a list item displayed by the master view controller. As with the master view controller, the list appears inside a nav bar interface. When the user finishes viewing the item they click a button in the nav bar to return to the master view. Your Second iOS App: Storyboards uses the UITableViewController class to implement its detail view. It uses a static table cells, each of which accesses one piece of the bird sighting data. A static table view is a good way to implement this design. Design ● Are you using a storyboard to implement the view controller? Yes. ● When is it instantiated? It is instantiated by a push segue from the master view controller. ● What data does it show? Itshowsthe data stored in a custom data object. It declares properties configured by the source view controller to provide this data. ● What tasks does it perform? It allows the user to dismiss the view. ● How is its view displayed onscreen? It is a child of a navigation controller. ● How does it collaborate with other view controllers? It receives data from the master view controller. Alternative Design Considerations A navigation controller is most often used when building an iPhone app. When designing the same app for the iPad, the detail view controller is a child of a split view controller instead. Many of the other implementation details stay the same. If your app needs more custom view behavior, it mightsubclassthe UIViewController class and implement its own custom view hierarchy. Creating Custom Content View Controllers Examples of Common View Controller Designs 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 53Example: Mail Compose View Controller Mission Statement A view controller that allows the user to compose and send an email. Description The Message UI framework provides the MFMailComposeViewController class. This class allows a user to compose and send an email. This view controller is interesting because it does more than simply show or edit data—it actually sends the email. Another interesting design choice in this class is that it allows an app to provide an initial configuration for the email message. After the initial configuration has been presented, the user can override these choices before sending the mail. Design ● Are you using a storyboard to implement the view controller? No. ● When is it instantiated? It is instantiated programmatically. ● What data does it show? It shows the various parts of an email message, including a recipients list, title, attachments and the email message itself. The class provides propertiesthat allow another view controller to preconfigure the email message. ● What tasks does it perform? It sends email. ● How is its view displayed onscreen? The view controller is presented by another view controller. ● How does it collaborate with other view controllers? It returns status information to its delegate. This status allows the presenting view controller to know whether an email was sent. Implementation Checklist for Custom Content View Controllers For any custom content view controllers you create, there are a few tasks that you must have your view controller handle: ● You must configure the view to be loaded by your view controller. Your custom class may need to override specific methods to manage how its view hierarchy is loaded and unloaded. These same methods might manage other resources that are created at the same time. See “Resource Management in View Controllers” (page 56). Creating Custom Content View Controllers Implementation Checklist for Custom Content View Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 54● You must decide which device orientations your view controller supports and how it reacts to a change in device orientation; see “Supporting Multiple Interface Orientations” (page 74). As you implement your view controller, you will likely discover that you need to define action methods or outlets to use with its views. For example, if the view hierarchy contains a table, you probably want to store a pointer to that table in an outletso that you can accessit later. Similarly, if your view hierarchy contains buttons or other controls, you probably want those controls to call an associated action method on the view controller. As you iterate through the definition of your view controller class, you may therefore find that you need to add the following items to your view controller class: ● Declared properties pointing to the objects containing the data to be displayed by the corresponding views ● Public methods and propertiesthat expose your view controller’s custom behavior to other view controllers ● Outlets pointing to views in the view hierarchy with which your view controller must interact ● Action methods that perform tasks associated with buttons and other controls in the view hierarchy Important: Clients of your view controller class do not need to know what views your view controller displays or what actions those views might trigger. Whenever possible, outlets and actions should be declared in a category inside your class’s implementation file. For example, if your class is named MyViewController, you implement the category by adding the following declaration to MyViewController.m: @interface MyViewController() // Outlets and actions here. @end @implementation MyViewController // Implementation of the privately declared category must go here. @end When you declare a category without a name, the properties and actions must be implemented in the same implementation block as any methods or properties declared in your public interface. The outlets and actions defined in the private category are visible to Interface Builder, but not to other classes in your app. This strategy allows you to gain the benefits of Interface Builder without exposing your class’s secrets. If another class needs access to your view controller’s functionality, add public methods and properties to access this functionality instead. Creating Custom Content View Controllers Implementation Checklist for Custom Content View Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 55View controllers are an essential part of managing your app’s resources. View controllers allow you to break your app up into multiple parts and instantiate only the parts that are needed. But more than that, a view controller itself manages different resources and instantiates them at different times. For example, a view controller’s view hierarchy is instantiated only when the view is accessed; typically, this occurs only when the view is displayed on screen. If multiple view controllers are pushed onto a navigation stack at the same time, only the topmost view controller’s contents are visible, which means only its views are accessed. Similarly, if a view controller is not presented by a navigation controller, it does not need to instantiate its navigation item. By deferring most resource allocation until it is needed, view controllers use less resources. When memory available to the app runs low, all view controllers are automatically notified by the system. This allows the view controller to purge caches and other objects that can be easily recreated later when memory is more plentiful. The exact behavior varies depending on which version of iOS your app is running on, and this has implications for your view controller design. Carefully managing the resources associated with your view controllers is critical to making your app run efficiently. You should also prefer lazy allocation; objects that are expensive to create or maintain should be allocated later and only when needed. For this reason, your view controllers should separate objects needed throughout the lifetime of the view controller from objects that are only necessary some of the time. When your view controller receives a low-memory warning, it should be prepared to reduce its memory usage if it is not visible onscreen. Initializing a View Controller When a view controller is first instantiated, it creates or loads objects it needs through its lifetime. It should not create its view hierarchy or objects associated with displaying content. It should focus on data objects and objects needed to implement its critical behaviors. Initializing a View Controller Loaded from a Storyboard When you create a view controller in a storyboard, the attributes you configure in Interface Builder are serialized into an archive. Later, when the view controller isinstantiated, this archive isloaded into memory and processed. The result is a set of objects whose attributes match those you set in Interface Builder. The archive is loaded 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 56 Resource Management in View Controllersby calling the view controller’s initWithCoder: method. Then, the awakeFromNib method is called on any object that implements that method. You use this method to perform any configuration steps that require other objects to already be instantiated. For more on archiving and archiving, see Archives and Serializations Programming Guide . Initializing View Controllers Programmatically If a view controller allocatesitsresources programmatically, create a custom initialization method that isspecific to your view controller. This method should call the super class’s init method and then perform any class specific initialization. In general, do not write complex initialization methods. Instead, implement a simple initialization method and then provide properties for clients of your view controller to configure its behaviors. A View Controller Instantiates Its View Hierarchy When Its View is Accessed Whenever some part of your app asks the view controller for its view object and that object is not currently in memory, the view controller loads the view hierarchy into memory and stores it in its view property for future reference. The steps that occur during the load cycle are: 1. The view controller calls its loadView method. The default implementation of the loadView method does one of two things: ● If the view controller is associated with a storyboard, it loads the views from the storyboard. ● If the view controller is not associated with a storyboard, an empty UIView object is created and assigned to the view property. 2. The view controller callsits viewDidLoad method, which enables yoursubclassto perform any additional load-time tasks. Resource Management in View Controllers A View Controller Instantiates Its View Hierarchy When Its View is Accessed 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 57Figure 4-1 shows a visual representation of the load cycle, including several of the methods that are called. Your app can override both the loadView and the viewDidLoad methods as needed to facilitate the behavior you want for your view controller. For example, if your app does not use storyboards but you want additional views to be added to the view hierarchy, you override the loadView method to instantiate these views programatically. Figure 4-1 Loading a view into memory Resource Management in View Controllers A View Controller Instantiates Its View Hierarchy When Its View is Accessed 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 58Loading a View Controller’s View from a Storyboard Most view controllersload their view from an associated storyboard. The advantage of using storyboardsisthat they allow you to lay out and configure your views graphically, making it easier and faster to adjust your layout. You can iterate quickly through different versions of your user interface to end up with a polished and refined design. Creating the View in Interface Builder Interface Builder is part of Xcode and provides an intuitive way to create and configure the views for your view controllers. Using Interface Builder, you assemble views and controls by manipulating them directly, dragging them into the workspace, positioning them, sizing them, and modifying their attributes using an inspector window. The results are then saved in a storyboard file, which stores the collection of objects you assembled along with information about all the customizations you made. Configuring the View Display Attributes in Interface Builder To help you layout the contents of your view properly, Interface Builder provides controls that let you specify whether the view has a navigation bar, a toolbar, or other objectsthat might affect the position of your custom content. If the controller is connected to container controllersin the storyboard, it can infer these settingsfrom the container, making it easier to see exactly how it should appear at runtime. Configuring Actions and Outlets for Your View Controller Using Interface Builder, you create connections between the views in your interface and your view controller. Listing 4-1 shows the declaration of a custom MyViewController class’s two custom outlets (designated by the IBOutlet keyword) and a single action method (designated by the IBAction return type). The declarations are made in a category inside the implementation file. The outlets store references to a button and a text field in the storyboard, while the action method responds to taps in the button. Listing 4-1 Custom view controller class declaration @interface MyViewController() @property (nonatomic) IBOutlet id myButton; @property (nonatomic) IBOutlet id myTextField; - (IBAction)myAction:(id)sender; @end Resource Management in View Controllers A View Controller Instantiates Its View Hierarchy When Its View is Accessed 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 59Figure 4-2 shows the connections you would create among the objects in such a MyViewController class. Figure 4-2 Connections in the storyboard When the previously configured MyViewController class is created and presented, the view controller infrastructure automatically loads the views from the storyboard and reconfigures any outlets or actions. Thus, by the time the view is presented to the user, the outlets and actions of your view controller are set and ready to be used. This ability to bridge between your runtime code and your design-time resource files is one of the things that makes storyboards so powerful. Creating a View Programmatically If you prefer to create views programmatically, instead of using a storyboard, you do so by overriding your view controller’s loadView method. Your implementation of this method should do the following: 1. Create a root view object. The root view contains all other views associated with your view controller. You typically define the frame for this view to match the size of the app window, which itself should fill the screen. However, the frame is adjusted based on how your view controller is displayed. See “Resizing the View Controller’s Views” (page 69). You can use a generic UIView object, a custom view you define, or any other view that can scale to fill the screen. 2. Create additional subviews and add them to the root view. Resource Management in View Controllers A View Controller Instantiates Its View Hierarchy When Its View is Accessed 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 60For each view, you should: a. Create and initialize the view. b. Add the view to a parent view using the addSubview: method. 3. If you are using auto layout, assign sufficient constraints to each of the views you just created to control the position and size of your views. Otherwise, implement the viewWillLayoutSubviews and viewDidLayoutSubviews methods to adjust the frames of the subviews in the view hierarchy. See “Resizing the View Controller’s Views” (page 69). 4. Assign the root view to the view property of your view controller. Listing 4-2 shows an example implementation of the loadView method. This method creates a pair of custom views in a view hierarchy and assigns them to the view controller. Listing 4-2 Creating views programmatically - (void)loadView { CGRect applicationFrame = [[UIScreen mainScreen] applicationFrame]; UIView *contentView = [[UIView alloc] initWithFrame:applicationFrame]; contentView.backgroundColor = [UIColor blackColor]; self.view = contentView; levelView = [[LevelView alloc] initWithFrame:applicationFrame viewController:self]; [self.view addSubview:levelView]; } Note: When overriding the loadView method to create your views programmatically, you should not call super. Doing so initiates the default view-loading behavior and usually just wastes CPU cycles. Your own implementation of the loadView method should do all the work that is needed to create a root view and subviewsfor your view controller. For more information on the view loading process, see “A View Controller Instantiates Its View Hierarchy When Its View is Accessed” (page 57). Managing Memory Efficiently When it comes to view controllers and memory management, there are two issues to consider: ● How to allocate memory efficiently Resource Management in View Controllers Managing Memory Efficiently 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 61● When and how to release memory Although some aspects of memory allocation are strictly yours to decide, the UIViewController class provides some methods that usually have some connection to memory management tasks. Table 4-1 lists the places in your view controller object where you are likely to allocate or deallocate memory, along with information about what you should be doing in each place. Table 4-1 Places to allocate and deallocate memory Task Methods Discussion Your custom initialization method (whether it is named init or something else) is always responsible for putting your view controller object in a known good state. This includes allocating whatever data structures are needed to ensure proper operation. Allocating critical Initialization methods data structures required by your view controller Overriding the loadView method is required only if you intend to create your views programmatically. If you are using storyboards, the views are loaded automatically from the storyboard file. Creating your view loadView objects Although you are free to use other designs, consider using a pattern similar the loadView method. Create a property that holds the method and a matched method to initialize the object. When the property is read and its value is nil, call the associated load method. Custom properties and methods Creating custom objects Data objects are typically provided by configuring your view controller’s properties. Any additional data objects your view controller wants to create should be done by overriding the viewDidLoad method. By the time this method is called, your view objects are guaranteed to exist and to be in a known good state. Allocating or viewDidLoad loading data to be displayed in your view Use this method to deallocate all noncritical objects associated with your view controller. On iOS 6, you can also use this method to release references to view objects. didReceiveMemoryWarning Responding to low-memory notifications Resource Management in View Controllers Managing Memory Efficiently 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 62Task Methods Discussion Override this method only to perform any last-minute cleanup of your view controller class. Objects stored in instance variables and properties are automatically released; you do not need to release them explicitly. Releasing critical dealloc data structures required by your view controller On iOS 6 and Later, a View Controller Unloads Its Own Views When Desired The default behavior for a view controller is to load its view hierarchy when the view property is first accessed and thereafter keep it in memory until the view controller is disposed of. The memory used by a view to draw itself onscreen is potentially quite large. However, the system automatically releasesthese expensive resources when the view is not attached to a window. The remaining memory used by most views is small enough that it is not worth it for the system to automatically purge and recreate the view hierarchy. You can explicitly release the view hierarchy if that additional memory is necessary for your app. Listing 4-3 overrides the didReceiveMemoryWarning method to accomplish this. First, is calls the superclass’s implementation to get any required default behavior. Then, it cleans up the view controller’s resources. Finally, it teststo see if the view controller’s view is not onscreen. If the view is associated with a window, then it cleans up any of the view controller’s strong references to the view and its subviews. If the views stored data that needs to be recreated, the implementation of this method should save that data before releasing any of the references to those views. Listing 4-3 Releasing the views of a view controller not visible on screen - (void)didReceiveMemoryWarning { [super didReceiveMemoryWarning]; // Add code to clean up any of your own resources that are no longer necessary. if ([self.view window] == nil) { // Add code to preserve data stored in the views that might be // needed later. // Add code to clean up other strong references to the view in // the view hierarchy. self.view = nil; } Resource Management in View Controllers Managing Memory Efficiently 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 63The next time the view property is accessed, the view is reloaded exactly as it was the first time. On iOS 5 and Earlier, the System May Unload Views When Memory Is Low In earlier versions of iOS, the system automatically attempts to unload a view controller’s views when memory is low. The steps that occur during the unload cycle are as follows: 1. The app receives a low-memory warning from the system. 2. Each view controller calls its didReceiveMemoryWarning method. If you override this method, you should use it to release any memory or objects that your view controller object no longer needs. You must call super at some point in your implementation to ensure that the default implementation runs. On iOS 5 and earlier, the default implementation attempts to release the view. On iOS 6 and later, the default implementation exits. 3. If the view cannot be safely released (for example, it is visible onscreen), the default implementation exits. 4. The view controller calls its viewWillUnload method. A subclass typically overrides this method when it needs to save any view properties before the views are destroyed. 5. It sets its view property to nil. 6. The view controller callsits viewDidUnload method. A subclasstypically overridesthis method to release any strong references it has to those views. Resource Management in View Controllers Managing Memory Efficiently 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 64Figure 4-3 shows a visual representation of the unload cycle for a view controller. Figure 4-3 Unloading a view from memory Resource Management in View Controllers Managing Memory Efficiently 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 65When the visibility of a view controller’s view changes, the view controller callssome built-in methodsto notify subclasses of the changes. You can override these methodsto override how yoursubclassreactsto the change. For example, you can use these notifications to change the color and orientation of the status bar so that it matches the presentation style of the view that is about to be displayed. Responding When a View Appears Figure 5-1 shows the sequence of events that occurs when a view controller’s view is added to a window’s view hierarchy. The viewWillAppear: and viewDidAppear: methods give subclasses a chance to perform any additional actions related to the appearance of the view. Figure 5-1 Responding to the appearance of a view 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 66 Responding to Display-Related NotificationsResponding When a View Disappears Figure 5-2 shows the sequence of events that occurs when a view is removed from its window. When the view controller detects that its view is about to be removed or hidden, it calls the viewWillDisappear: and viewDidDisappear: methods to give subclasses a chance to perform any relevant tasks. Figure 5-2 Responding to the disappearance of a view Determining Why a View’s Appearance Changed Occasionally, it can be useful to know why a view is appearing or disappearing. For example, you might want to know whether a view appeared because it was just added to a container or whether it appeared because some other content that obscured it wasremoved. This particular example often appears when using navigation controllers; your content controller’s view may appear because the view controller was just pushed onto the navigation stack or it might appear because controllers previously above it were popped from the stack. The UIViewController class provides methods your view controller can call to determine why the appearance change occurred. Table 5-1 describes the methods and their usage. These methods can be called from inside your implementation of the viewWillAppear:, viewDidAppear:, viewWillDisappear: and viewDidDisappear: methods. Responding to Display-Related Notifications Responding When a View Disappears 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 67Table 5-1 Methods to call to determine why a view’s appearance changed Method Name Usage You call this method inside your viewWillDisappear: and viewDidDisappear: methodsto determine if the view controller’s view is being hidden because the view controller was removed from its container view controller. isMovingFromParentViewController You call this method inside your viewWillAppear: and viewDidAppear: methods to determine if the view controller’s view is being shown because the view controller was just added to a container view controller. isMovingToParentViewController You call this method inside your viewWillAppear: and viewDidAppear: methods to determine if the view controller’s view is being shown because the view controller was just presented by another view controller. isBeingPresented You call this method inside your viewWillDisappear: and viewDidDisappear: methodsto determine if the view controller’s view is being hidden because the view controller was just dismissed. isBeingDismissed Responding to Display-Related Notifications Determining Why a View’s Appearance Changed 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 68A view controller owns its own view and manages the view’s contents. In the process, the view controller also manages the view’s subviews. But in most cases, the view’s frame is not set directly by the view controller. Instead, the view’s frame is determined by how the view controller’s view is displayed. More directly, it is configured by the object used to display it. Other conditions in the app, such as the presence of the status bar, can also cause the frame to change. Because of this, your view controller should be prepared to adjust the contents of its view when the view’s frame changes. A Window Sets the Frame of Its Root View Controller’s View The view associated with the window’s root view controller gets a frame based on the characteristics of the window. The frame set by the window can change based on a number of factors: ● The frame of the window ● Whether or not the status bar is visible ● Whether or not the status bar is showing additional transient information (such as when a phone call is in progress) ● The orientation of the user interface (landscape or portrait) ● The value stored in the root view controller’s wantsFullScreenLayout property If your app displays the status bar, the view shrinks so that it does not underlap the status bar. After all, if the status bar is opaque, there is no way to see or interact with the content lying underneath it. However, if your app displays a translucentstatus bar, you can set the value of your view controller’s wantsFullScreenLayout property to YES to allow your view to be displayed full screen. The status bar is drawn over the top of the view. Full screen is useful when you want to maximize the amount of space available for displaying your content. When displaying content under the status bar, place that content inside a scroll view so that the user can scroll it out from under the status bar. Being able to scroll your content isimportant because the user cannot interact with content that is positioned behind the status bar or any other translucent views (such as translucent navigation bars and toolbars). Navigation bars automatically add a scroll content inset to your scroll view (assuming it is the root view of your view controller) to account for the height of the navigation bar; otherwise, you must manually modify the contentInset property of your scroll view. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 69 Resizing the View Controller’s ViewsA Container Sets the Frames of Its Children’s Views When a view controller is a child of a container view controller, its parent decides which children are visible. When it wants to show the view, it adds it as a subview in its own view hierarchy and sets its frame to fit it into its user interface. For example: ● A tab view controller reserves space at the bottom of its view for the tab bar. It sets the currently visible child’s view to use the remainder of the space. ● A navigation view controller reserves space at the top for the navigation bar. If the currently visible child wants a navigation bar to be displayed, it also places a view at the bottom of the screen. The remainder of its view is given to the child to fill. A child gets its frame from the parent all the way up to the root view controller, which gets its frame from the window. A Presented View Controller Uses a Presentation Context When a view controller is presented by another view controller, the frame it receivesis based on the presentation context used to display the view controller. See “Presentation Contexts Provide the Area Covered by the Presented View Controller” (page 95). A Popover Controller Sets the Size of the Displayed View A view controller displayed by a popover controller can determine the size of its view’s area by setting its own contentSizeForViewInPopover property value to the size it wants. If the popover controller sets its own popoverContentSize property to a different view size, its size value overrides the view controller’s setting. To match the model used by other view controllers, use the popover controller’s properties to control its size and position. How View Controllers Participate in the View Layout Process When the size of a view controller’s view changes, its subviews are repositioned to fit the new space available to them. The views in the controller’s view hierarchy perform most of this work themselves through the use of layout constraints and autoresizing masks. However, the view controller is also called at various points so that it can participate in the process. Here’s what happens: 1. The view controller’s view is resized to the new size. Resizing the View Controller’s Views A Container Sets the Frames of Its Children’s Views 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 702. If autolayout is not in use, the views are resized according to their autoresizing masks. 3. The view controller’s viewWillLayoutSubviews method is called. 4. The view’s layoutSubviews method is called. If autolayout is used to configure the view hierarchy, it updates the layout constraints by executing the following steps: a. The view controller’s updateViewConstraints method is called. b. The UIViewController class’simplementation of the updateViewConstraints method callsthe view’s updateConstraints method. c. After the layout constraints are updated, a new layout is calculated and the views are repositioned. 5. The view controller’s viewDidLayoutSubviews method is called. Ideally, the views themselves perform all of the necessary work to reposition themselves, without requiring the view controller to participate in the process at all. Often, you can configure the layout entirely within Interface Builder. However, if the view controller adds and removes views dynamically, a static layout in Interface Builder may not be possible. In this case, the view controller is a good place to control the process, because often the views themselves only have a limited picture of the other views in the scene. Here are the best approaches to this in your view controller: ● Use layout constraints to automatically position the views (iOS 6 and later). You override updateViewConstraints to add any necessary layout constraints not already configured by the views. Your implementation of this method must call [super updateViewConstraints]. For more information on layout constraints, see Cocoa Auto Layout Guide . ● Use a combination of autoresizing masks and code to manually position the views (iOS 5.x). You override layoutSubviews and use it to reposition any views whose positions cannot be set automatically through the use of resizing masks. For more information on the autoresizing properties of views and how they affect the view, see View Programming Guide for iOS . Resizing the View Controller’s Views How View Controllers Participate in the View Layout Process 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 71View controllers are descendants of the UIResponder class and are therefore capable of handling all sorts of events. When a view does not respond to a given event, it passes that event to its superview, traveling up the view hierarchy all the way to the root view. However, if any view in the chain is managed by a view controller, it passes the event to the view controller object before passing it up to the superview. In this way, the view controller can respond to events that are not handled by its views. If the view controller does not handle the event, that event moves on to the view’s superview as usual. The Responder Chain Defines How Events Are Propagated to the App Figure 7-1 demonstrates the flow of events within a view hierarchy. Suppose you have a custom view that is embedded inside a screen-sized generic view object, which in turn is managed by your view controller. Touch events arriving in your custom view’s frame are delivered to that view for processing. If your view does not 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 72 Using View Controllers in the Responder Chainhandle an event, it is passed along to the parent view. Because the generic view does not handle events, it passes those events along to its view controller first. If the view controller does not handle the event, the event isfurther passed along to the superview of the generic UIView object, which in this case isthe window object. Figure 7-1 Responder chain for view controllers Note: The message-passing relationship between a view controller and its view is managed privately by the view controller and cannot be programmatically modified by your app. Although you might not want to handle touch events specifically in your view controller, you could use it to handle motion-based events. You might also use it to coordinate the setting and changing of the first responder. For more information about how events are distributed and handled in iOS apps, see Event Handling Guide for iOS . Using View Controllers in the Responder Chain The Responder Chain Defines How Events Are Propagated to the App 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 73The accelerometers in iOS–based devices make it possible to determine the current orientation of the device. By default, an app supports both portrait and landscape orientations. When the orientation of an iOS–based device changes, the system sends out a UIDeviceOrientationDidChangeNotification notification to let any interested parties know that the change occurred. By default, the UIKit framework listens for this notification and uses it to update your interface orientation automatically. This means that, with only a few exceptions, you should not need to handle this notification at all. When the user interface rotates, the window is resized to match the new orientation. The window adjusts the frame of its root view controller to match the new size, and this size in turn is propagated down the view hierarchy to other views. Thus, the simplest way to support multiple orientations in your view controller is to configure its view hierarchy so that the positions of subviews are updated whenever its root view’s frame changes. In most cases, you already need this behavior because other conditions may cause the view controller’s visible area to change. For more information on configuring your view layout,see “Resizing the View Controller’s Views” (page 69). If the default behavior is not what you want for your app, you can take control over: ● The orientations supported by your app. ● How a rotation between two orientations is animated onscreen. View controllers that do not fill the screen usually should not care about the orientation of the user interface. Instead, fill the area provided by the parent view controller. A root view controller (or a view controller presented full screen) is more likely to be interested in the orientation of the device. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 74 Supporting Multiple Interface OrientationsControlling What Interface Orientations Are Supported (iOS 6) When UIKit receives an orientation notification, it usesthe UIApplication object and the root view controller to determine whether the new orientation is allowed. If both objects agree that the new orientation issupported, then the user interface is rotated to the new orientation. Otherwise the device orientation is ignored. When a view controller is presented over the root view controller, the system behavior changes in two ways. First, the presented view controller is used instead of the root view controller when determining whether an orientation is supported. Second, the presented view controller can also provide a preferred orientation. If the view controller is presented full screen, the user interface is presented in the preferred orientation. The user is expected to see that the orientation is different from the device orientation and rotate the device. A preferred orientation is most often used when the content must be presented in the new orientation. Declaring a View Controller’s Supported Interface Orientations A view controller that acts as the root view controller of the main window or is presented full screen on the main window can declare what orientations it supports. It does this by overriding the supportedInterfaceOrientations method. By default, view controllers on devices that use the iPad idiom support all four orientations. On devices that use the iPhone idiom, all interface orientations but upside-down portrait are supported. You should always choose the orientations your view supports at design time and implement your code with those orientationsin mind. There is no benefit to choosing which orientations you want to support dynamically based on runtime information. Even if your app did this, you would still have to implement the necessary code to support all possible orientations,so you might as well just choose to support the orientation or not up front. Listing 8-3 shows a fairly typical implementation of the supportedInterfaceOrientations method for a view controller that supports the portrait orientation and the landscape-left orientation. Your own implementation of this method should be just as simple. Listing 8-1 Implementing the supportedInterfaceOrientations method - (NSUInteger)supportedInterfaceOrientations { return UIInterfaceOrientationMaskPortrait | UIInterfaceOrientationMaskLandscapeLeft; } Supporting Multiple Interface Orientations Controlling What Interface Orientations Are Supported (iOS 6) 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 75Dynamically Controlling Whether Rotation Occurs Sometimes you may want to dynamically disable automatic rotation. For example, you might do this when you want to suppress rotation completely for a short period of time. You must temporarily disable orientation changes you want to manually control the position of the status bar (such as when you call the setStatusBarOrientation:animated: method). If you want to temporarily disable automatic rotation, avoid manipulating the orientation masks to do this. Instead, override the shouldAutorotate method on the topmost view controller. This method is called before performing any autorotation. If it returns NO, then the rotation is suppressed. Declaring a Preferred Presentation Orientation When a view controller is presented full-screen to show its content, sometimes the content appears best when viewed in a particular orientation in mind. If the content can only be displayed in that orientation, then you simply return that as the only orientation from your supportedInterfaceOrientations method. If the view controller supports multiple orientations but appears better in a different orientation, you can provide a preferred orientation by overriding the preferredInterfaceOrientationForPresentation method. Listing 8-2 shows an example used by a view controller whose content should be presented in landscape orientation. The preferred interface orientation must be one of the orientationssupported by the view controller. Listing 8-2 Implementing the preferredInterfaceOrientationForPresentation method - (UIInterfaceOrientation)preferredInterfaceOrientationForPresentation { return UIInterfaceOrientationLandscapeLeft; } For more on presentation, see “Presenting View Controllers from Other View Controllers” (page 88). Declaring the App’s Supported Interface Orientations The easiest way to set an app’s app’s supported interface orientations is to edit the project’s Info.plist file. As in the case of the view controller, you define which of the four interface orientations are permitted. For more information, see Information Property List Key Reference . Supporting Multiple Interface Orientations Controlling What Interface Orientations Are Supported (iOS 6) 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 76If you restrict the app’s supported orientations, then those restrictions apply globally to all of the app’s view controllers, even when your app uses system view controllers. At any given time, the mask of the topmost view controller is logically ANDed with the app’s mask to determine what orientations are permitted. The result of this calculation must never be 0. If it is, the system throws a UIApplicationInvalidInterfaceOrientationException exception. Because the app’s mask is applied globally, use it sparingly. Important: The combination of the app and the view controller’s orientation masks must result in at least one useable orientation. An exception is thrown if there is no available orientation. Understanding the Rotation Process (iOS 5 and earlier) On iOS 5 and earlier, a view controller can sometimes participate in the rotation process even when it isn’t the topmost full-screen view controller. This generally occurs when a container view controller asks its children for their supported interface orientations. In practice, the ability for children to override the parents is rarely useful. With that in mind, you should consider emulating the iOS 6 behavior as much as possible in an app that must also support iOS 5: ● In a root view controller or a view controller that is presented full screen, choose a subset of interface orientations that make sense for your user interface. ● In a child controller, support all the default resolutions by designing an adaptable view layout. Declaring the Supported Interface Orientations To declare your supported interface orientations, override the shouldAutorotateToInterfaceOrientation:method and indicate which orientations your view supports. You should always choose the orientations your view supports at design time and implement your code with those orientationsin mind. There is no benefit to choosing which orientations you want to support dynamically based on runtime information. Even if you did so, you would still have to implement the necessary code to support all possible orientations, and so you might as well just choose to support the orientation or not up front. Listing 8-3 shows a fairly typical implementation of the shouldAutorotateToInterfaceOrientation: method for a view controller that supports the default portrait orientation and the landscape-left orientation. Your own implementation of this method should be just as simple. Supporting Multiple Interface Orientations Understanding the Rotation Process (iOS 5 and earlier) 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 77Listing 8-3 Implementing the shouldAutorotateToInterfaceOrientation: method - (BOOL)shouldAutorotateToInterfaceOrientation:(UIInterfaceOrientation)orientation { if ((orientation == UIInterfaceOrientationPortrait) || (orientation == UIInterfaceOrientationLandscapeLeft)) return YES; return NO; } Important: You must always return YES for at least one interface orientation. If your app supports both landscape orientations, you can use the UIInterfaceOrientationIsLandscape macro as a shortcut, instead of explicitly comparing the orientation parameter against both landscape constants. The UIKit framework similarly defines a UIInterfaceOrientationIsPortrait macro to identify both variants of the portrait orientation. Responding to Orientation Changes in a Visible View Controller When a rotation occurs, the view controllers play an integral part of the process. Visible view controllers are notified at various stages of the rotation to give them a chance to perform additional tasks. You might use these methods to hide or show views, reposition or resize views, or notify other parts of your app about the orientation change. Because your custom methods are called during the rotation operation, you should avoid performing any time-consuming operations there. You should also avoid replacing your entire view hierarchy with a new set of views. There are better ways to provide unique views for different orientations, such as presenting a new view controller (as described in “Creating an Alternate Landscape Interface” (page 80)). The rotation methods are sent to the root view controller. The root view controller passes these events on as necessary to its children, and so on down the view controller hierarchy. Here is the sequence of events that occur when a rotation is triggered: 1. The window callsthe root view controller’s willRotateToInterfaceOrientation:duration:method. Container view controllers forward this message on to the currently displayed content view controllers. You can override this method in your custom content view controllersto hide views or make other changes to your view layout before the interface is rotated. Supporting Multiple Interface Orientations Responding to Orientation Changes in a Visible View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 782. The window adjusts the bounds of the view controller’s view. This causes the view to layout its subviews, triggering the view controller’s viewWillLayoutSubviews method. When this method runs, you can query the app object’s statusBarOrientation property to determine the current user interface layout. See “How View Controllers Participate in the View Layout Process” (page 70). 3. The view controller’s willAnimateRotationToInterfaceOrientation:duration: method is called. This method is called from within an animation block so that any property changes you make are animated at the same time as other animations that comprise the rotation. 4. The animation is executed. 5. The window calls the view controller’s didRotateFromInterfaceOrientation: method. Container view controllers forward this message to the currently displayed content view controllers. This action marks the end of the rotation process. You can use this method to show views, change the layout of views, or make other changes to your app. Figure 8-1 shows a visual representation of the preceding steps. It also shows how the interface looks at various stages of the process. Figure 8-1 Processing an interface rotation Supporting Multiple Interface Orientations Responding to Orientation Changes in a Visible View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 79Rotations May Occur When Your View Controller Is Hidden If your view controller’s contents are not onscreen when a rotation occurs, then it does not see the list of rotation messages. For example, consider the following sequence of events: 1. Your view controller presents another view controller’s contents full screen. 2. The user rotates the device so that the user interface orientation changes. 3. Your app dismisses the presented view controller. In this example, the presenting view controller was not visible when the rotation occurred, so it does not receive any rotation events. Instead, when it reappears, its views are simply resized and positioned using the normal view layout process. If your layout code needs to know the current orientation of the device, it can read the app object’s statusBarOrientation property to determine the current orientation. Creating an Alternate Landscape Interface If you want to present the same data differently based on whether a device is in a portrait or landscape orientation, the way to do so is using two separate view controllers. One view controller should manage the display of the data in the primary orientation (typically portrait), while the other manages the display of the data in the alternate orientation. Using two view controllers is simpler and more efficient than making major changes to your view hierarchy each time the orientation changes. It allows each view controller to focus on the presentation of data in one orientation and to manage things accordingly. It also eliminates the need to litter your view controller code with conditional checks for the current orientation. To support an alternate landscape interface, you must do the following: ● Implement two view controller objects. One to present a portrait-only interface, and the other to present a landscape-only interface. ● Register for the UIDeviceOrientationDidChangeNotification notification. In your handler method, present or dismiss the alternate view controller based on the current device orientation. Because view controllers normally manage orientation changesinternally, you have to tell each view controller to display itself in one orientation only. The implementation of the primary view controller then needsto detect device orientation changes and present the alternate view controller when the appropriate orientation change occurs. The primary view controller dismisses the alternate view controller when the orientation returns to the primary orientation. Supporting Multiple Interface Orientations Rotations May Occur When Your View Controller Is Hidden 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 80Listing 8-4 showsthe key methods you need to implement in a primary view controller thatsupports a portrait orientation. When the primary view controller is loaded from the storyboard, it registers to receive orientation-changed notifications from the shared UIDevice object. When such a notification arrives, the orientationChanged: method then presents or dismisses the landscape view controller depending on the current orientation. Listing 8-4 Presenting the landscape view controller @implementation PortraitViewController - (void)awakeFromNib { isShowingLandscapeView = NO; [[UIDevice currentDevice] beginGeneratingDeviceOrientationNotifications]; [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(orientationChanged:) name:UIDeviceOrientationDidChangeNotification object:nil]; } - (void)orientationChanged:(NSNotification *)notification { UIDeviceOrientation deviceOrientation = [UIDevice currentDevice].orientation; if (UIDeviceOrientationIsLandscape(deviceOrientation) && !isShowingLandscapeView) { [self performSegueWithIdentifier:@"DisplayAlternateView" sender:self]; isShowingLandscapeView = YES; } else if (UIDeviceOrientationIsPortrait(deviceOrientation) && isShowingLandscapeView) { [self dismissViewControllerAnimated:YES completion:nil]; isShowingLandscapeView = NO; } } Supporting Multiple Interface Orientations Creating an Alternate Landscape Interface 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 81Tips for Implementing Your Rotation Code Depending on the complexity of your views, you may need to write a lot of code to support rotations—or no code at all. When figuring out what you need to do, you can use the following tips as a guide for writing your code. ● Disable event delivery temporarily during rotations. Disabling event delivery for your views prevents unwanted code from executing while an orientation change is in progress. ● Store the visible map region. If your app contains a map view, save the visible map region value prior to beginning any rotations. When the rotations finish, use the saved value as needed to ensure that the displayed region is approximately the same as before. ● For complex view hierarchies, replace your views with a snapshot image. If animating large numbers of views is causing performance issues, temporarily replace those views with an image view containing an image of the viewsinstead. After the rotations are complete, reinstall your views and remove the image view. ● Reload the contents of any visible tables after a rotation. Forcing a reload operation when the rotations are finished ensures that any new table rows exposed are filled appropriately. ● Use rotation notifications to update your app’s state information. If your app usesthe current orientation to determine how to present content, use the rotation methods of your view controller (or the corresponding device orientation notifications) to note those changes and make any necessary adjustments. Supporting Multiple Interface Orientations Tips for Implementing Your Rotation Code 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 82Aside from managing a view’s behavior, a view controller can also help control an app’s accessibility. An accessible app is one that can be used by everyone, regardless of disability or physical impairment, while retaining its functionality and usability as a helpful tool. To be accessible, an iOS app must supply information about its user interface elements to VoiceOver users. VoiceOver, a screen-reading technology designed to assist the visually impaired, speaks aloud text, images, and UI controls displayed the screen, so that people who cannot see can still interact with these elements. UIKit objects are accessible by default, but there are still things you can do from the view controller’s perspective to address accessibility. At a high level, this means you should make sure that: ● Every user interface element users can interact with is accessible. Thisincludes elementsthat merely supply information, such as static text, as well as controls that perform actions. ● All accessible elements supply accurate and helpful information. In addition to these fundamentals, a view controller can enhance the VoiceOver user’s experience by setting the position of the VoiceOver focus ring programmatically, responding to special VoiceOver gestures, and observing accessibility notifications. Moving the VoiceOver Cursor to a Specific Element When the layout of a screen changes, the VoiceOver focus ring, also known as the VoiceOver cursor, resets its position to the first element displayed on the screen from left to right and top to bottom. You might decide to change the first element the VoiceOver cursor lands on when views are presented onscreen. For example, when a navigation controller pushes a view controller onto the navigation stack, the VoiceOver cursor falls on the Back button of the navigation bar. Depending on your app, it might make more sense to move it to the heading of the navigation bar instead, or to any other element. To do so, call UIAccessibilityPostNotification using both the notification UIAccessibilityScreenChangedNotification (which tells VoiceOver that the contents of the screen has changed) and the element you’d like to give focus to, as shown in Listing 9-1. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 83 Accessibility from the View Controller’s PerspectiveListing 9-1 Posting an accessibility notification can change the first element read aloud @implementation MyViewController - (void)viewDidAppear:(BOOL)animated { [super viewDidAppear:animated]; UIAccessibilityPostNotification(UIAccessibilityScreenChangedNotification, self.myFirstElement); } @end If only the layout changes rather than the contents of the screen, such as when switching from portrait to landscape mode, use the notification UIAccessibilityLayoutChangedNotification instead of UIAccessibilityScreenChangedNotification. Note: Device rotation triggers a layout change, which resets the VoiceOver cursor’s position. Responding to Special VoiceOver Gestures There are special gestures that VoiceOver users can perform to trigger custom actions. These gestures are special because you are allowed to define their behavior, unlike standard VoiceOver gestures. You can detect the gestures by overriding certain methods in your views or view controllers. A gesture first checks the view that has VoiceOver focus for instruction and continues up the responder chain until it finds an implementation of the corresponding VoiceOver gesture method. If no implementation is found, the system default action for that gesture is triggered. For example, the Magic Tap gesture plays and pauses music playback from the Music app if no Magic Tap implementation is found from the current view to the app delegate. Although you can provide any custom logic you want, VoiceOver users expect the actions of these special gestures to follow certain guidelines. Like any gesture, your implementation of a VoiceOver gesture should follow a pattern so that interaction with an accessible app remains intuitive. There are five special VoiceOver gestures: ● Escape. A two-finger Z-shaped gesture that dismisses a modal dialog, or goes back one level in a navigation hierarchy. Accessibility from the View Controller’s Perspective Responding to Special VoiceOver Gestures 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 84● Magic Tap. A two-finger double-tap that performs the most-intended action. ● Three-Finger Scroll. A three-finger swipe that scrolls content vertically or horizontally. ● Increment and Decrement. A one-finger swipe up or down that adds or subtracts a given value from an element with the adjustable trait. Elements with the Adjustable accessibility trait must implement these methods. Note: All special VoiceOver gesture methods return a Boolean value that determine whether to propagate through the responder chain. To halt propagation, return YES; otherwise, return NO. Escape If you present a view that overlays content—such as a modal dialog or an alert—you should override the accessibilityPerformEscape method to dismiss the overlay. The function of the Escape gesture is like the function of the Esc key on a computer keyboard; it cancels a temporary dialog or sheet to reveal the main content. Another use case to override the Escape gesture would be to go back up one level in a navigation hierarchy. UINavigationController implements this functionality by default. If you’re designing your own kind of navigation controller, you should set the Escape gesture to traverse up one level of your navigation stack, because that is the functionality VoiceOver users expect. Magic Tap The purpose of the Magic Tap gesture isto quickly perform an often-used or most-intended action. For example, in the Phone app, it picks up or hangs up a phone call. In the Clock app, it starts and stops the stopwatch. If you want an action to fire from a gesture regardless of the view the VoiceOver cursor is on, you should implement the accessibilityPerformMagicTap method in your view controller. Note: If you’d like the Magic Tap gesture to perform the same action from anywhere within your app, it is more appropriate to implement the accessibilityPerformMagicTap method in your app delegate. Three-Finger Scroll The accessibilityScroll: method fires when a VoiceOver user performs a three-finger scroll. It accepts a UIAccessibilityScrollDirection parameter from which you can determine the direction of the scroll. If you have a custom scrolling view, it may be more appropriate to implement this on the view itself. Accessibility from the View Controller’s Perspective Responding to Special VoiceOver Gestures 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 85Increment and Decrement The accessibilityIncrement and accessibilityDecrement methods are required for elements with the adjustable trait and should be implemented on the views themselves. Observing Accessibility Notifications You can listen for accessibility notifications to trigger callback methods. Under certain circumstances, UIKit fires accessibility notifications which your app can observe to extend its accessible functionality. For example, if you listen for the notification UIAccessibilityAnnouncementDidFinishNotification, you can trigger a method to follow up the completion of VoiceOver’s speech. Apple does this in the iBooks app. iBooks fires a notification when VoiceOver finishes speaking a line in a book that triggers the next line to be spoken. If it is the last line on the page, the logic in the callback tells iBooks to turn the page and continue reading as soon as the last line ends speaking. This allows for a line-by-line degree of granularity for navigating text while providing a seamless, uninterrupted reading experience. To register as an observer for accessibility notifications, use the default notification center. Then create a method with the same name that you provide for the selector argument, as shown in Listing 9-2. Listing 9-2 Registering as an observer for accessibility notifications @implementation MyViewController - (void)viewDidLoad { [super viewDidLoad]; [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(didFinishAnnouncement:) name:UIAccessibilityAnnouncementDidFinishNotification object:nil]; } - (void)didFinishAnnouncement:(NSNotification *)dict { NSString *valueSpoken = [[dict userInfo] objectForKey:UIAccessibilityAnnouncementKeyStringValue]; Accessibility from the View Controller’s Perspective Observing Accessibility Notifications 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 86NSString *wasSuccessful = [[dict userInfo] objectForKey:UIAccessibilityAnnouncementKeyWasSuccessful]; // ... } @end UIAccessibilityAnnouncementDidFinishNotification expects an NSNotification dictionary as a parameter from which you can determine the value spoken and whether or not the speaking has completed uninterrupted. Speaking may become interrupted if the VoiceOver user performs the stop speech gesture or swipes to another element before the announcement finishes. Another helpful notification to subscribe to is UIAccessibilityVoiceOverStatusChanged. It can detect when VoiceOver becomes toggled on or off. If VoiceOver is toggled outside of your app, you receive the notification when your app is brought back into the foreground. Because UIAccessibilityVoiceOverStatusChanged doesn’t expect any parameters, the method in your selector doesn’t need to append a trailing colon (:). For a full list of possible notifications you can observe, consult“Notifications”in UIAccessibility Protocol Reference . Remember that you may only observe the notifications that can be posted by UIKit, which are NSString objects, and not notifications that can be posted by your app, which are of type int. Accessibility from the View Controller’s Perspective Observing Accessibility Notifications 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 87The ability to present view controllers is a tool that you have at your disposal for interrupting the current workflow and displaying a new set of views. Most commonly, an app presents a view controller as a temporary interruption to obtain important information from the user. However, you can also use presented view controllers to implement alternate interfaces for your app at specific times. How View Controllers Present Other View Controllers A presented view controller is not a specific subclass of UIViewController (as UITabBarController or UINavigationController is). Instead, any view controller can be presented by your app. However, like tab bar and navigation controllers, you present view controllers when you want to convey a specific meaning about the relationship between the previous view hierarchy and the newly presented view hierarchy. When you present a modal view controller, the system creates a relationship between the view controller that did the presenting and the view controller that was presented. Specifically, the view controller that did the presenting updates its presentedViewController property to point to its presented view controller. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 88 Presenting View Controllers from Other View ControllersSimilarly, the presented view controller updates its presentingViewController property to point back to the view controller that presented it. Figure 10-1 showsthe relationship between the view controller managing the main screen in the Calendar app and the presented view controller used to create new events. Figure 10-1 Presented views in the Calendar app. Any view controller object can present a single view controller at a time. This is true even for view controllers that were themselves presented by another view controller. In other words, you can chain presented view controllers together, presenting new view controllers on top of other view controllers as needed. Figure 10-2 shows a visual representation of the chaining process and the actions that initiate it. In this case, when the user taps the icon in the camera view, the app presents a view controller with the user’s photos. Tapping the action button in the photo library’s toolbar prompts the user for an appropriate action and then presents Presenting View Controllers from Other View Controllers How View Controllers Present Other View Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 89another view controller (the people picker) in response to that action. Selecting a contact (or canceling the people picker) dismisses that interface and takes the user back to the photo library. Tapping the Done button then dismisses the photo library and takes the user back to the camera interface. Figure 10-2 Creating a chain of modal view controllers Camera view controller Photo library navigation controller Action sheet People picker navigation controller present modally present modally Each view controller in a chain of presented view controllers has pointers to the other objects surrounding it in the chain. In other words, a presented view controller that presents another view controller has valid objects in both its presentingViewController and presentedViewController properties. You can use these relationships to trace through the chain of view controllers as needed. For example, if the user cancels the current operation, you can remove all objects in the chain by dismissing the first presented view controller. Dismissing a view controller dismisses not only that view controller but also any view controllers it presented. In Figure 10-2 (page 90), a point worth noting is that the presented view controllers are both navigation controllers. You can present UINavigationController objects in the same way that you would present a content view controller. When presenting a navigation controller, you always present the UINavigationController object itself, rather than presenting any of the view controllers on its navigation stack. However, individual view controllers on the navigation stack may present other view controllers, including other navigation controllers. Figure 10-3 Presenting View Controllers from Other View Controllers How View Controllers Present Other View Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 90shows more detail of the objects that are involved in the preceding example. As you can see, the people picker is not presented by the photo library navigation controller but by one of the content view controllers on its navigation stack. Figure 10-3 Presenting navigation controllers modally Presentation Styles for Modal Views For iPad apps, you can present content using several different styles. In iPhone apps, presented views always cover the visible portion of the window, but when running on an iPad, view controllers use the value in their modalPresentationStyle property to determine their appearance when presented. Different options for this property allow you to present the view controller so that it fills all or only part of the screen. Presenting View Controllers from Other View Controllers Presentation Styles for Modal Views 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 91Figure 10-4 shows the core presentation styles that are available. (The UIModalPresentationCurrentContext style lets a view controller adopt the presentation style of its parent.) In each presentation style, the dimmed areas show the underlying content but do not allow taps in that content. Therefore, unlike a popover, your presented views must still have controls that allow the user to dismiss the view. Figure 10-4 iPad presentation styles For guidance on when to use the different presentation styles, see “Popover (iPad Only)” in iOS Human Interface Guidelines. Presenting View Controllers from Other View Controllers Presentation Styles for Modal Views 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 92Presenting a View Controller and Choosing a Transition Style When a view controller is presented using a storyboard segue, it is automatically instantiated and presented. The presenting view controller can configure the destination view controller before it is presented. For more information, see “Configuring the Destination Controller When a Segue is Triggered” (page 101). If you need to present a view controller programmatically, you must do the following: 1. Create the view controller you want to present. 2. Set the modalTransitionStyle property of the view controller to the desired value. 3. Assign a delegate object to the view controller. Typically, the delegate is the presenting view controller. The delegate is used by the presented view controllers to notify the presenting view controller when it is ready to be dismissed. It may also communicate other information back to the delegate. 4. Call the presentViewController:animated:completion: method of the current view controller, passing in the view controller you want to present. The presentViewController:animated:completion: method presents the view for the specified view controller object and configures the presenting-presented relationships between the new view controller and the current view controller. Unless you are restoring your app to some previous state, you usually want to animate the appearance of the new view controller. The transition style you should use depends on how you plan to use the presented view controller. Table 10-1 lists the transition styles you can assign to the modalTransitionStyle property of the presented view controller and describes how you might use each one. Table 10-1 Transition styles for modal view controllers Transition style Usage Use this style when you want to interrupt the current workflow to gather information from the user. You can also use it to present content that the user might or might not modify. For thisstyle of transition, content view controllersshould provide buttons to dismissthe view controller explicitly. Typically, these are a Done button and an optional Cancel button. If you do not explicitly set a transition style, this style is used by default. UIModalTransitionStyleCoverVertical Use thisstyle to change the work mode of your app temporarily. The most common usage for this style is to display settings that might change frequently, such as in the Stocks and Weather apps. These settings can be meant for the entire app or they can be specific to the current screen. For this style of transition, you usually provide some sort of button to return the user to the normal running mode of your app. UIModalTransitionStyleFlipHorizontal Presenting View Controllers from Other View Controllers Presenting a View Controller and Choosing a Transition Style 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 93Transition style Usage Use this style to present an alternate interface when the device changes orientations. In such a case, your app is responsible for presenting and dismissing the alternate interface in response to orientation change notifications. Media-based apps can also use this style to fade in screens displaying media content. For an example of how to implement an alternate interface in response to device orientation changes, see “Creating an Alternate Landscape Interface” (page 80). UIModalTransitionStyleCrossDissolve Listing 10-1 shows how to present a view controller programmatically. When the user adds a new recipe, the app promptsthe user for basic information about the recipe by presenting a navigation controller. A navigation controller was chosen so that there would be a standard place to put a Cancel and Done button. Using a navigation controller also makes it easier to expand the new recipe interface in the future. All you would have to do is push new view controllers on the navigation stack. Listing 10-1 Presenting a view controller programmatically - (void)add:(id)sender { // Create the root view controller for the navigation controller // The new view controller configures a Cancel and Done button for the // navigation bar. RecipeAddViewController *addController = [[RecipeAddViewController alloc] init]; // Configure the RecipeAddViewController. In this case, it reports any // changes to a custom delegate object. addController.delegate = self; // Create the navigation controller and present it. UINavigationController *navigationController = [[UINavigationController alloc] initWithRootViewController:addController]; [self presentViewController:navigationController animated:YES completion: nil]; } Presenting View Controllers from Other View Controllers Presenting a View Controller and Choosing a Transition Style 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 94When the user taps either the Done or the Cancel button from the new recipe entry interface, the app dismisses the view controller and returns the user to the main view. See “Dismissing a Presented View Controller” (page 95). Presentation Contexts Provide the Area Covered by the Presented View Controller The area of the screen used to define the presentation area is determined by the presentation context. By default, the presentation context is provided by the root view controller, whose frame is used to define the frame of the presentation context. However, the presenting view controller, or any other ancestor in the view controller hierarchy, can choose to provide the presentation context instead. In that case, when another view controller provides the presentation context, its frame is used instead to determine the frame of the presented view. This flexibility allows you to limit the modal presentation to a smaller portion of the screen, leaving other content visible. When a view controller is presented, iOS searches for a presentation context. It starts at the presenting view controller by reading its definesPresentationContext property. If the value of this property is YES, then the presenting view controller defines the presentation context. Otherwise, it continues up through the view controller hierarchy until a view controller returns YES or until it reaches the window’s root view controller. When a view controller defines a presentation context, it can also choose to define the presentation style. Normally, the presented view controller determines how it presented using its modalTransitionStyle property. A view controller that sets definesPresentationContext to YES can also set providesPresentationContextTransitionStyle to YES. If providesPresentationContextTransitionStyle is set to YES, iOS uses the presentation context’s modalPresentationStyle to determine how the new view controller is presented. Dismissing a Presented View Controller When it comes time to dismiss a presented view controller, the preferred approach is to let the presenting view controller dismiss it. In other words, whenever possible, the same view controller that presented the view controller should also take responsibility for dismissing it. Although there are several techniques for notifying the presenting view controller that its presented view controller should be dismissed, the preferred technique is delegation. For more information, see “Using Delegation to Communicate with Other Controllers” (page 103). Presenting View Controllers from Other View Controllers Presentation Contexts Provide the Area Covered by the Presented View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 95Presenting Standard System View Controllers A number of standard system view controllers are designed to be presented by your app. The basic rules for presenting these view controllers are the same asthe rulesfor presenting your custom content view controllers. However, because your app does not have accessto the view hierarchy managed by the system view controllers, you cannotsimply implement actionsfor the controlsin the views. Interactions with the system view controllers typically take place through a delegate object. Each system view controller defines a corresponding protocol, whose methods you implement in your delegate object. Each delegate usually implements a method to either accept whatever item was selected or cancel the operation. Your delegate object should always be ready to handle both cases. One of the most important things the delegate must do is dismiss the presented view controller by calling the dismissModalViewControllerAnimated: method of the view controller that did the presenting (in other words, the parent of the presented view controller.) Table 10-2 lists several of the standard system view controllers found in iOS. For more information about each of these classes, including the features it provides, see the corresponding class reference documentation. Table 10-2 Standard system view controllers Framework View controllers ABNewPersonViewController ABPeoplePickerNavigationController ABPersonViewController ABUnknownPersonViewController Address Book UI EKEventEditViewController EKEventViewController Event Kit UI GKAchievementViewController GKLeaderboardViewController GKMatchmakerViewController GKPeerPickerController GKTurnBasedMatchmakerViewController Game Kit MFMailComposeViewController MFMessageComposeViewController Message UI MPMediaPickerController MPMoviePlayerViewController Media Player Presenting View Controllers from Other View Controllers Presenting Standard System View Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 96Framework View controllers UIImagePickerController UIVideoEditorController UIKit Note: Although the MPMoviePlayerController class in the Media Player framework might technically be thought of as a modal controller, the semantics for using it are slightly different. Instead of presenting the view controller yourself, you initialize it and tell it to play its media file. The view controller then handles all aspects of presenting and dismissing its view. (However, the MPMoviePlayerViewController class can be used instead of MPMoviePlayerController as a standard view controller for playing movies.) Presenting View Controllers from Other View Controllers Presenting Standard System View Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 97Few iOS apps show only a single screenful of content. Instead, they show some content when first launched and then show and hide other content in response to user actions. These transitions provide a single unified user interface that display a lot of content, just not all at once. By convention,smaller pieces of content are managed by different view controller classes. This coding convention allows you to create smaller and simpler controller classes that are easy to implement. However, dividing the work between multiple classesimposes additional requirements on your class designs. To maintain the illusion of a single interface, your view controllers must exchange messages and data to coordinate transitions from controller to another. Thus, even as your view controller classes look inwards to control views and perform the tasks assigned to them, they also look outwards to communicate with other collaborating view controllers. When Coordination Between View Controllers Occurs Communication between view controllers is tied to the role those view controllers play in your app. It would be impossible to describe all of the possible interactions between view controllers, because the number and nature of these relationships is dependent on the design of your app. However, it is possible to describe when these interactions occur and to give some examples of the kinds of coordination that might take place in your app. The lifetime of a view controller has three stages during which it might coordinate with other objects: View controller instantiation. In this stage, when a view controller is created, an existing view controller or another object was responsible for its creation. Usually, this object knows why the view controller was created and what task itshould perform. Thus, after a view controller isinstantiated, thisintent must be communicated to it. The exact details of this initial configuration vary. Sometimes, the existing view controller passes data objects to the new controller. At other times, it may configure the presentation style for that, or establish lasting links between the two view controllers. These links allow further communication later in the view controller’slifetime. During the view controller’s lifetime. In this stage, some view controllers communicate with other view controllers during their lifetime. The recipient of these messages could be the view controller that created it, peers with similar lifetimes, or even a new view controller that it itself created. Here are a few common designs: 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 98 Coordinating Efforts Between View Controllers● The view controllersends notificationsthat the user performed a specific action. Because thisis a notification, the object receiving this message is just being notified that something happened. ● The view controllersends data to another view controller. For example, a tab bar controller doesn’t establish a built-in relationship between its children, but your app might establish such a relationship when the tabs are displaying the same data object, just in different ways. When a user leaves one tab, the view controller associated with that tab sends the selection information to the view controller about to be displayed. In return, the new view controller uses this data to configure its views so that the transition appears seamless. In this particular case, no new view controller is instantiated by the action. Instead, the two view controllers are peers with the same lifetime and can continue to coordinate as the user switches between them. ● A view controller sends messages to give another view controller authority over its actions. For example, if a view controller allows usersto enter data, it mightsend messagesto allow another controller to decide whether the data the user entered is valid. If the data is invalid, the view controller can disallow the user from accepting the invalid data or adjust its interface to display an error. View controller destruction. In this stage, many view controllers send messages when their task completes. These messages are common because the convention is for the controller that created a view controller to also release it. Sometimes, these messages simply convey that the user finished the task. At other times, such as when the task being performed generated new data objects, the message communicatesthe new data back to another controller. During a view controller’s lifetime, it is common for it to exchange information with other view controllers. These messages are used to notify other controllers when things happen, send them data, or even ask them to exert control over the controller’s activities. With Storyboards, a View Controller is Configured When It Is Instantiated Storyboards provide direct support for configuring newly instantiated controllers before they are displayed. When a storyboard instantiates new view controllers automatically, it calls an object in your app to allow it to configure the new controller or to create links to or from the new controller. When your app first launches, the app delegate configures the initial view controller. When a segue is triggered, the source view controller configures the destination view controller. There are a few conventions used to implement destination view controllers: ● A destination view controller exposes properties and methods used to configure it. Coordinating Efforts Between View Controllers With Storyboards, a View Controller is Configured When It Is Instantiated 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 99● A destination view controller communicates as little as possible with view controllers that it did not create personally. When it does so, these communication paths should use delegation. The destination view controller’s delegate is configured as one of its properties. Carefully following these conventions helps organize your configuration code and carefully limitsthe direction of dependencies between view controller classes in your app. By isolating dependencies in your app, you increase the opportunity for code reuse. You also design view controllers that are easier to test in isolation from the rest of your app. Configuring the Initial View Controller at Launch If you define a main storyboard in your project, iOS automatically does a lot of work for you to set up your app. When your app calls the UIApplicationMain function, iOS performs the following actions: 1. It instantiates the app delegate based on the class name you passed into the UIApplicationMain function. 2. It creates a new window attached to the main screen. 3. If your app delegate implements a window property, iOS sets this property to the new window. 4. It loads the main storyboard referenced in the app’s information property list file. 5. It instantiates the main storyboard’s initial view controller. 6. It sets the window’s rootViewController property to the new view controller. 7. It calls the app delegate’s application:didFinishLaunchingWithOptions: method. Your app delegate is expected to configure the initial view controller (and its children, if it is a container view controller). 8. It calls the window’s makeKeyAndVisible method to display the window. Listing 11-1 shows an implementation of the application:didFinishLaunchingWithOptions: method from the Your Second iOS App: Storyboards tutorial. In this example, the storyboard’s initial view controller is a navigation controller with a custom content controller that displays the master view. The code first retrieves references to the view controller it is interested in. Then, it performs any configuration that could not be performed in Interface Builder. In this example, a custom data controller object is provided to the master view controller by a custom data controller object. Listing 11-1 The app delegate configures the controller - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { Coordinating Efforts Between View Controllers With Storyboards, a View Controller is Configured When It Is Instantiated 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 100UINavigationController *navigationController = (UINavigationController*) self.window.rootViewController; BirdsMasterViewController * firstViewController = [[navigationController viewControllers] objectAtIndex:0]; BirdSightingDataController *dataController = [[BirdSightingDataController alloc] init]; firstViewController.dataController = dataController; return YES; } If your project does not identify the main storyboard, the UIApplicationMain function creates the app delegate and calls it but does not perform any of the other steps described earlier. You would need to write code to perform those steps yourself. Listing 11-2 shows the code you might implement if you needed to perform these steps programmatically. Listing 11-2 Creating the window when a main storyboard is not being used - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { self.window = [[UIWindow alloc] initWithFrame:[[UIScreen mainScreen] bounds]]; UIStoryboard *storyboard = [UIStoryboard storyboardWithName:@"MyStoryboard" bundle:nil]; MainViewController *mainViewController = [storyboard instantiateInitialViewController]; self.window.rootViewController = mainViewController; // Code to configure the view controller goes here. [self.window makeKeyAndVisible]; return YES; } Configuring the Destination Controller When a Segue is Triggered iOS performs the following tasks when a segue is triggered: Coordinating Efforts Between View Controllers With Storyboards, a View Controller is Configured When It Is Instantiated 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 1011. It instantiates the destination view controller. 2. It instantiates a new segue object that holds all the information for the segue being triggered. Note: A popover segue also provides a property that identifies the popover controller used to control the destination view controller. 3. It callsthe source view controller’s prepareForSegue:sender: method, passing in the new segue object and the object that triggered the segue. 4. It callsthe segue’s perform method to bring the destination controller onto the screen. The actual behavior depends on the kind ofsegue being performed. For example, a modalsegue tellsthe source view controller to present the destination view controller. 5. It releases the segue object and the segue is complete. The source view controller’s prepareForSegue:sender: method performs any necessary configuration of the destination view controller’s properties, including a delegate if the destination view controller implements one. Listing 11-3 shows an implementation of the prepareForSegue:sender: method from the Your Second iOS App: Storyboards tutorial. Listing 11-3 Configuring the destination controller in a segue - (void) prepareForSegue:(UIStoryboardSegue *)segue sender:(id)sender { if ([[segue identifier] isEqualToString:@"ShowSightingsDetails"]) { DetailViewController *detailViewController = [segue destinationViewController]; detailViewController.sighting = [self.dataController objectInListAtIndex:[self.tableView indexPathForSelectedRow].row]; } if ([[segue identifier] isEqualToString:@"ShowAddSightingView"]) { AddSightingViewController *addSightingViewController = [[[segue destinationViewController] viewControllers] objectAtIndex:0]; addSightingViewController.delegate = self; Coordinating Efforts Between View Controllers With Storyboards, a View Controller is Configured When It Is Instantiated 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 102} } This implementation, from the master view controller for the app, actually handles two different segues configured in the storyboard. It distinguishes between the two segues using the segue’s identifier property. In both cases, it follows the coding convention established earlier, by first retrieving the view controller and then configuring it. When the segue is to the detail view controller, the segue occurred because the user selected a row in the table view. In this case, the code transfers enough data to the destination view controllerso that the destination view controller can display the sighting. The code uses the user’s selection to retrieve a sighting object from the master view controller’s data controller. It then assigns this sighting to the destination controller. In the other case, the new view controller allows the user to add a new bird sighting. No data needs to be sent to this view controller. However, the master view controller needs to receive data when the user finishes entering the data. To receive that information, the source view controller implements the delegate protocol defined by the Add view controller (notshown here) and makesitself the destination view controller’s delegate. Using Delegation to Communicate with Other Controllers In a delegate-based model, the view controller defines a protocol for its delegate to implement. The protocol defines methods that are called by the view controller in response to specific actions, such as taps in a Done button. The delegate is then responsible for implementing these methods. For example, when a presented view controller finishesitstask, itsends a message to the presenting view controller and that controller dismisses it. Using delegation to manage interactions with other app objects has key advantages over other techniques: ● The delegate object has the opportunity to validate or incorporate changes from the view controller. ● The use of a delegate promotes better encapsulation because the view controller does not have to know anything about the class of the delegate. This enables you to reuse that view controller in other parts of your app. To illustrate the implementation of a delegate protocol, consider the recipe view controller example that was used in “Presenting a View Controller and Choosing a Transition Style” (page 93). In that example, a recipes app presented a view controller in response to the user wanting to add a new recipe. Prior to presenting the view controller, the current view controller made itself the delegate of the RecipeAddViewController object. Listing 11-4 shows the definition of the delegate protocol for RecipeAddViewController objects. Coordinating Efforts Between View Controllers Using Delegation to Communicate with Other Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 103Listing 11-4 Delegate protocol for dismissing a presented view controller @protocol RecipeAddDelegate // recipe == nil on cancel - (void)recipeAddViewController:(RecipeAddViewController *)recipeAddViewController didAddRecipe:(MyRecipe *)recipe; @end When the user taps the Cancel or Done button in the new recipe interface, the RecipeAddViewController object calls the preceding method on its delegate object. The delegate is then responsible for deciding what course of action to take. Listing 11-5 shows the implementation of the delegate method that handles the addition of new recipes. This method is implemented by the view controller that presented the RecipeAddViewController object. If the user accepted the new recipe—that is, the recipe object is not nil—this method addsthe recipe to itsinternal data structures and tells its table view to refresh itself. (The table view subsequently reloads the recipe data from the same recipesController object shown here.) Then the delegate method dismisses the presented view controller. Listing 11-5 Dismissing a presented view controller using a delegate - (void)recipeAddViewController:(RecipeAddViewController *)recipeAddViewController didAddRecipe:(Recipe *)recipe { if (recipe) { // Add the recipe to the recipes controller. int recipeCount = [recipesController countOfRecipes]; UITableView *tableView = [self tableView]; [recipesController insertObject:recipe inRecipesAtIndex:recipeCount]; [tableView reloadData]; } [self dismissViewControllerAnimated:YES completion: nil]; } Coordinating Efforts Between View Controllers Using Delegation to Communicate with Other Controllers 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 104Guidelines for Managing View Controller Data Carefully managing how data and control flows between your view controllersis critical to understanding how your app operates and avoiding subtle errors. Consider the following guidelines when designing your view controllers: ● A destination view controller’s references to app data should come from the source view controller unless the destination view controller represents a self-contained (and therefore self-configuring) view controller. ● Perform as much configuration as possible using Interface Builder, rather than configuring your controller programmatically in your code. ● Always use a delegate to communicate information back to other controllers. Your content view controller should never need to know the class of the source view controller or any controllers it doesn’t create. ● Avoid unnecessary connections to objects external to your view controller. Each connection represents a dependency that makes it harder to change your app design. For example, the children of a navigation controller should be aware of the parent navigation controller and of the siblings immediately above and below them on the stack. They rarely need to communicate with other siblings. Coordinating Efforts Between View Controllers Guidelines for Managing View Controller Data 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 105You can use the same view controller both to display and to edit content. When the editing mode is toggled, your custom view controller performs the necessary work to transition its view from a display mode to an editing mode (or vice versa). Toggling Between Display and Edit Mode To allow a custom view controller class to be used to both display and edit content, override the setEditing:animated: method. When called, your implementation of this method should add, hide, and adjust the view controller’s views to match the specified mode. For example, you might want to change the content or appearance of views to convey that the view is now editable. If your view controller manages a table, you can also call the table’s own setEditing:animated: method in order to put the table into the appropriate mode. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 106 Enabling Edit Mode in a View ControllerNote: You typically do not swap out your entire view hierarchy when toggling back and forth between display and edit modes. The point of using the setEditing:animated: method is so that you can make small changes to existing views. If you would prefer to display a new set of views for editing, you should either present a new view controller or use a navigation controller to present the new views. Figure 12-1 shows a view from the Contacts app that supports in-place editing. Tapping the Edit button in the upper-right corner tells the view controller to update itself for editing; the Done button returns the user to display mode. In addition to modifying the table, the view also changes the content of the image view and the view displaying the user’s name. It also configures the assorted views and cells so that tapping them edits their contents instead of performing other actions. Figure 12-1 Display and edit modes of a view The implementation of your own setEditing:animated: method is relatively straightforward—you check to see which mode your view controller is entering and adjust the contents of your view accordingly. - (void)setEditing:(BOOL)flag animated:(BOOL)animated { Enabling Edit Mode in a View Controller Toggling Between Display and Edit Mode 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 107[super setEditing:flag animated:animated]; if (flag == YES){ // Change views to edit mode. } else { // Save the changes if needed and change the views to noneditable. } } Presenting Editing Options to the User A common place in which to use an editable view is in a navigation interface. When implementing your navigation interface, you can include a special Edit button in the navigation bar when your editable view controller is visible. (You can get this button by calling the editButtonItem method of your view controller.) When tapped, this button automatically toggles between an Edit and Done button and calls your view controller’s setEditing:animated: method with appropriate values. You can also call this method from your own code (or modify the value of your view controller’s editing property) to toggle between modes. For more information about adding an Edit button to a navigation bar, see View Controller Catalog for iOS . Enabling Edit Mode in a View Controller Presenting Editing Options to the User 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 108Interface Builder provides segues for all of the standard ways to transition from one view controller to another—from presenting a view controller to displaying a controller in a popover. However, if one of those segues doesn’t do what you want, you can create a custom segue. The Life Cycle of a Segue To understand how custom segues work, you need to understand the life cycle of a segue object. Segue objects are instances of UIStoryboardSegue or one of its subclasses. Your app never creates segue objects directly; they are always created on your behalf by iOS when a segue is triggered. Here’s what happens: 1. The destination controller is created and initialized. 2. The segue object is created and its initWithIdentifier:source:destination: method is called. The identifier is the unique string you provided for the segue in Interface Builder, and the two other parameters represent the two controller objects in the transition. 3. The source view controller’s prepareForSegue:sender: method is called. See “Configuring the Destination Controller When a Segue is Triggered” (page 101). 4. The segue object’s perform method is called. This method performs a transition to bring the destination view controller on-screen. 5. The reference to the segue object is released, causing it to be deallocated. Implementing a Custom Segue To implement a custom segue, you subclass UIStoryboardSegue and implement the two methods described earlier: ● If you override the initWithIdentifier:source:destination: method, call the superclass’s implementation, then initialize your subclass. ● Your perform method must make whatever view controller calls are necessary to perform the transition you want. Typically, you use any of the standard ways to display a new view controller, but you can embellish this design with animations and other effects. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 109 Creating Custom SeguesNote: If your implementation adds properties to configure the segue, you cannot configure these attributes in Interface Builder. Instead, configure the custom segue’s additional properties in the prepareForSegue:sender: method of the source view controller that triggered the segue. “Creating Custom Segues” shows a very simple custom segue. This example simply presents the destination view controller without any sort of animation, but you can extend this idea with your own animations as necessary. Listing 13-1 A custom segue - (void)perform { // Add your own animation code here. [[self sourceViewController] presentModalViewController:[self destinationViewController] animated:NO]; } Creating Custom Segues Implementing a Custom Segue 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 110Container view controllers are a critical part of iOS app design. They allow you to decompose your app into smaller and simpler parts, each controlled by a view controller dedicated to that task. Containers allow these view controllers to work together to present a seamless interface. iOS provides many standard containers to help you organize your apps. However, sometimes you need to create a custom workflow that doesn’t match that provided by any of the system containers. Perhaps in your vision, your app needs a specific organization of child view controllers with specialized navigation gestures or animation transitions between them. To do that, you implement a custom container. Designing Your Container View Controller In most ways, a container view controller is just like a content view controller. It manages views and content, coordinates with other objects in your app, and responds to events in the responder chain. Before designing a container controller, you should already be familiar with designing content view controllers. The design questions in “Creating Custom Content View Controllers” (page 43) also apply when creating containers. When you design a container, you create explicit parent-child relationships between your container, the parent, and other view controllers, its children. More specifically, Figure 14-1 shows that there are explicit connections between the views as well. Your container adds the content views of other view controllers in its own view 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 111 Creating Custom Container View Controllershierarchy. Whenever a child’s view is displayed in the container’s view hierarchy, your container also establishes a connection to the child view controller and ensures that all appropriate view controller events are sent to the child. Figure 14-1 A container view controller’s view hierarchy contains another controller’s views Your containershould make the rules and its children should follow them; it is up to the parent to decide when a child’s content is visible in its own view hierarchy. The container decides where in the hierarchy that view is placed and how it is sized and positioned there. This design principle is no different from that of a content view controller. The view controller isresponsible for managing its own view hierarchy and other classesshould never manipulate its contents. Where necessary, your container class can expose public methods and properties to allow its behavior to be controlled. For example, if another object needs to be able to tell your container to display a new view, then your container class should expose a public method to allow this transition to occur. The actual implementation that changes the view hierarchy should be in the container class. This guiding principle cleanly separates responsibilities between the container and its children by always making each view controller responsible for its own view hierarchy. Here are some specific questions you should be able to answer about your container class: ● What is the role of the container and what role do its children play? ● Is there a relationship between siblings? ● How are child view controllers added to or removed from the container? Your container class must provide public properties and methods to allow children to be displayed by it. ● How many children are displayed by the container? Creating Custom Container View Controllers Designing Your Container View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 112● Are the contents of the container static or dynamic? In a static design, the children are more or less fixed, whereasin a dynamic design, transitions between siblings may occur. You define what triggers a transition to a new sibling. It might be programmatic or it might happen when a user interacts with the container. ● Does the container own any of its own views? For example, your container’s user interface may include information about the child view controller or controls to allow navigation. ● Does the container require its children to provide methods or properties other than those found on the UIViewController class? There are many reasons why a container might do this. It might need specific information from the child to used to configure other aspects of container display, or it might allow the child to modify the container’s behavior. It even might call the child view controller when container-specific events occur. ● Does your container allow its behavior to be configured? ● Are all its children treated identically or does it have multiple types of children, each with specialized behaviors? For example, you might create a container that displays two children, coordinating actions between the two children. Each child implements a distinct set of methods to allow its behavior to be configured. In summary, a container controller often has more relationships with other objects (especially other view controllers) than a content controller. So, you need to put additional effort into understanding how the container works. Ideally, as with a content controller, you want to hide many of those behaviors behind an excellent public class API. Examples of Common Container Designs The easiest way to understand how to design a new container class is to examine the behavior and public API of the existing system container classes. Each definesits own navigation metaphor and a programming interface used to configure it. This section takes a look at a few of these classes from the viewpoint of container design. It does not provide a complete description of each class’s programming interface, but just looks at some of the critical concepts. For detailed information about using these system containers,see ViewController Catalog for iOS . A Navigation Controller Manages a Stack of Child View Controllers A navigation controller allows a sequence of distinct user interface screens to be displayed to the user. The metaphor used by a navigation controller is a stack of child view controllers. The topmost view controller’s view is placed in the navigation controller’s view hierarchy. To display a new view controller, you push it onto the stack. When you are done, you remove the view controller from the stack. Creating Custom Container View Controllers Examples of Common Container Designs 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 113Figure 14-2 shows that only a single child’s view is visible and that the child’s view is part of a more complex hierarchy of views provided by the navigation controller. Figure 14-2 A navigation controller’s view and view controller hierarchy When a view controller is pushed onto or popped from the stack, the transition can be animated, which means the views of two children are briefly displayed together. In addition to the child views, a navigation controller also includes its own content views to display a navigation bar. The contents of the navigation bar are updated based on the child being displayed. Here are some of the important methods and properties that the UINavigationController class uses to define its behavior: ● The topViewController property states which controller is at the top of the stack. ● The viewControllers property lists all the children in the stack. ● The pushViewController:animated: method pushes a new view controller on the stack. This method does all the work necessary to update the view hierarchy to display the new child’s view. ● The popViewControllerAnimated: method removes the top view controller from the stack. ● The delegate property allows a client of the container to be notified when state transitions occur. The navigation controller uses properties on the child view controller to adjust the content it displays. These properties are defined by UIViewController base classso thatsome default behavior is available; this allows any view controller to be made a child of a navigation controller. Here are some of the propertiesthe navigation controller looks for: Creating Custom Container View Controllers Examples of Common Container Designs 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 114● The navigationItem property provides the contents of the navigation toolbar. ● The toolbarItems property provides the contents of the bottom bar. ● The editButtonItem property provides access to a view in the navigation item so that the navigation controller can toggle the child view’s edit mode. A Tab Bar Controller Uses a Collection of Child Controllers A tab view controller allows a set of distinct user interface screensto be displayed to the user. However, instead of a stack of view controllers, a tab view controller uses a simple array. Figure 14-3 shows that again, only one child view controller’s view is displayed at a time. However, these views do not need to be accessed sequentially, and the transition to the new child is usually not animated. Figure 14-3 A tab bar controller’s view and view controller hierarchy Here are some of the important methods and properties that UITabBarController class uses to allow apps to control what a tab bar controller displays: ● The viewControllers property holds the list of child view controllers that act as the tabs of content. ● The selectedViewController property allows you to read or change which child is visible. ● The delegate property allows a client of the container to be notified when state transitions occur. A tab bar controller uses the child’s tabBarItem property to determine how it is displayed in the appropriate tab. Creating Custom Container View Controllers Examples of Common Container Designs 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 115A Page Controller Uses a Data Source to Provide New Children A page controller uses pages of content as its metaphor, like the pages of a book. Each page displayed by the container is provided by a child view controller. Books can have many pages—far more than the number of screens of content in a navigation controller—so keeping all the pages in memory at once may not be possible. Instead, the page view controller keeps child controllers for the visible pages and fetches other pages on demand. When the user wants to see a new page, the container calls the object associated with its dataSource property to get the new controller. Thus, a page view controller using a data source uses a pull model rather than having your app directly push new pages onto itself. A page view controller can also be customized for different kinds of book layouts. The number of pages and the size of the pages can differ. Here are two key properties that affect the page view controller’s behavior: ● The spineLocation property determines how the pages are organized. Some layouts only display one page at a time. Other layouts display multiple pages. ● The transitionStyle property determines how transitions between pages are animated. Implementing a Custom Container View Controller Once you’ve designed your class’s behavior and determined many aspects of its public API, you are ready to start implementing the container. The goal of implementing a container is to be able to add another view controller’s view (and associated view hierarchy) as a subtree in your container’s view hierarchy. The child remainsresponsible for its own view hierarchy,save for where the container decidesto place it onscreen. When you add the child’s view, you need to ensure that events continue to be distributed to both view controllers. You do this by explicitly associating the new view controller as a child of the container. The UIViewController class provides methods that a container view controller uses to manage the relationship between itself and its children. The complete list of methods and properties is in the reference; see “Managing Child View Controllers in a Custom Container” in UIViewController Class Reference Important: These UIViewController methods are only intended to be used to implement container view controllers; do not call them in a content view controller. Adding and Removing a Child Listing 14-1 shows a typical implementation that adds a view controller as a child of another view controller. Each numbered step in the listing is described in more detail following the listing. Creating Custom Container View Controllers Implementing a Custom Container View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 116Listing 14-1 Adding another view controller’s view to the container’s view hierarchy - (void) displayContentController: (UIViewController*) content; { [self addChildViewController:content]; // 1 content.view.frame = [self frameForContentController]; // 2 [self.view addSubview:self.currentClientView]; [content didMoveToParentViewController:self]; // 3 } Here’s what the code does: 1. It calls the container’s addChildViewController: method to add the child. Calling the addChildViewController: method also calls the child’s willMoveToParentViewController: method automatically. 2. It accessesthe child’s view property to retrieve the view and addsit to its own view hierarchy. The container sets the child’s size and position before adding the view; containers always choose where the child’s content appears. Although this example doesthis by explicitly setting the frame, you could also use layout constraints to determine the view’s position. 3. It explicitly calls the child’s didMoveToParentViewController: method to signal that the operation is complete. Eventually, you want to be able to remove the child’s view from the view hierarchy. In this case, shown in Listing 14-2, you perform the steps in reverse. Listing 14-2 Removing another view controller’s view to the container’s view hierarchy - (void) hideContentController: (UIViewController*) content { [content willMoveToParentViewController:nil]; // 1 [content.view removeFromSuperview]; // 2 [content removeFromParentViewController]; // 3 } Here’s what this code does: 1. Callsthe child’s willMoveToParentViewController: method with a parameter of nil to tell the child that it is being removed. 2. Cleans up the view hierarchy. Creating Custom Container View Controllers Implementing a Custom Container View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 1173. Calls the child’s removeFromParentViewController method to remove it from the container. Calling the removeFromParentViewController method automatically calls the child’s didMoveToParentViewController: method. For a container with essentially static content, adding and removing view controllers is as simple as that. Whenever you want to add a new view, add the new view controller as a child first. After the view is removed, remove the child from the container. However, sometimes you want to animate a new child onto the screen while simultaneously removing another child. Listing 14-3 shows an example of how to do this. Listing 14-3 Transitioning between two view controllers - (void) cycleFromViewController: (UIViewController*) oldC toViewController: (UIViewController*) newC { [oldC willMoveToParentViewController:nil]; // 1 [self addChildViewController:newC]; newC.view.frame = [self newViewStartFrame]; // 2 CGRect endFrame = [self oldViewEndFrame]; [self transitionFromViewController: oldC toViewController: newC // 3 duration: 0.25 options:0 animations:^{ newC.view.frame = oldC.view.frame; // 4 oldC.view.frame = endFrame; } completion:^(BOOL finished) { [oldC removeFromParentViewController]; // 5 [newC didMoveToParentViewController:self]; }]; } Here’s what this code does: 1. Starts both view controller transitions. 2. Calculates two new frame positions used to perform the transition animation. Creating Custom Container View Controllers Implementing a Custom Container View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 1183. Calls the transitionFromViewController:toViewController:duration:options:animations:completion: method to perform the swap. This method automatically adds the new view, performs the animation, and then removes the old view. 4. The animation step to perform to get the views swapped. 5. When the transition completes, the view hierarchy isin itsfinalstate,so it finishesthe operation by sending the final two notifications. Customizing Appearance and Rotation Callback Behavior Once you add a child to a container, the container automatically forwards rotation and appearance callbacks to the child view controllers as soon as an event occurs that requires the message to be forwarded. This is normally the behavior you want, because it ensures that all events are properly sent. However, sometimes the default behavior may send those events in an order that doesn’t make sense for your container. For example, if multiple children are simultaneously changing their view state, you may want to consolidate the changes so that the appearance callbacks all happen at the same time in a more logical order. To do this, you modify your container class to take over responsibility for appearance or rotation callbacks. To take over control of appearance callbacks, you override the shouldAutomaticallyForwardAppearanceMethodsmethod to return NO. Listing 14-4 showsthe necessary code. Listing 14-4 Disabling automatic appearance forwarding - (BOOL) shouldAutomaticallyForwardAppearanceMethods { return NO; } To actually inform the child view controller that an appearance transition is occurring, you call the child’s beginAppearanceTransition:animated: and endAppearanceTransition methods. If you take over sending these messages, you are also responsible for forwarding them to children when your container view controller appears and disappears. For example, if your container has a single child referenced by a child property, your container would forward these messages to the child, as shown in Listing 14-5. Listing 14-5 Forwarding appearance messages when the container appears or disappears -(void) viewWillAppear:(BOOL)animated { Creating Custom Container View Controllers Implementing a Custom Container View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 119[self.child beginAppearanceTransition: YES animated: animated]; } -(void) viewDidAppear:(BOOL)animated { [self.child endAppearanceTransition]; } -(void) viewWillDisappear:(BOOL)animated { [self.child beginAppearanceTransition: NO animated: animated]; } -(void) viewDidDisappear:(BOOL)animated { [self.child endAppearanceTransition]; } Forwarding rotation events works almost identically and can be done independently of forwarding appearance messages. First, you override the shouldAutomaticallyForwardRotationMethods method to return NO. Then, at times appropriate to your container, you call the following methods: ● willRotateToInterfaceOrientation:duration: ● willAnimateRotationToInterfaceOrientation:duration: ● didRotateFromInterfaceOrientation: Practical Suggestions for Building a Container View Controller Designing, developing, and testing a new container view controller takestime. Although the individual behaviors are straightforward, the controller as a whole can be quite complex. Consider some of the following guidance when implementing your own container classes: ● Design the view controller first as a content view controller, using regular views owned by the container. This allows you to focus on getting layout and animation transitions correct without simultaneously needing to manage parent-child relationships. Creating Custom Container View Controllers Practical Suggestions for Building a Container View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 120● Never access any view other than the top-level view of the child view controller. Similarly, children should have only a minimal knowledge of what the parent is doing with the view; do not expose unnecessary details to the child. ● If the container needs the child to declare methods or properties, it should define a protocol to enforce this: @protocol MyContentContainerProtocol ... @end - (void) displayContentController: (UIViewController*) content; Creating Custom Container View Controllers Practical Suggestions for Building a Container View Controller 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 121This table describes the changes to View Controller Programming Guide for iOS . Date Notes Added design guidelines for custom container view controllers and accessibility in the view controller. Updated the discussions of view rotation, view layout, and resource management for iOS 6. 2012-09-19 Edited for clarity. Added new glossary entries. Added a section about determining why a view controller's view appeared or disappeared. 2012-02-16 This revised treatment has been rewritten around using storyboards and ARC to build new iOS apps. 2012-01-09 2011-01-07 Fixed several typos. 2010-11-12 Added information about iPad-only controller objects. Changed the title from "View Controller Programming Guide for iPhone OS." 2010-07-08 2010-05-03 Fixed some typos. Fixed several typos and updated the figure for the two-step rotation process. 2010-02-24 Rewrote the document and expanded the content to address iOS 3.0 changes. 2009-10-19 2009-05-28 Added a note about the lack of iOS 3.0 support. 2008-10-15 Updated obsolete references to the iOS Programming Guide. 2008-09-09 Corrected typos. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 122 Document Revision HistoryDate Notes New document that explains how to use view controllers to implement radio, navigation, and modal interfaces. 2008-06-23 Document Revision History 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 123container view controller A view controller that coordinatesthe interaction of other view controllers in order to present a specific type of user interface. content view controller A view controller that displays some content on the screen. custom segue A segue whose transition effect is defined by a custom subclass. modal segue A segue whose transition effect presents the new view controller using an existing view controller. navigation controller A container view controller used to present hierarchical content. navigation interface The style of interface that is presented by a navigation controller’s view. A navigation interface includes a navigation bar along the top of the screen to facilitate navigating between different screens. navigation stack The list of view controllers currently being managed by a navigation controller. The view controllers on the stack represent the content currently being displayed by a navigation interface. page view controller A container view controller used to display pages of content with an artistic style similar to that of a physical book. popover controller A controller class used to present another view controller’s view in a popover control. popover segue A segue whose transition effect displays the new view controller’s content in a popover control. push segue A segue whose transition effect pushes the new view controller onto a navigation stack of a navigation controller. root view controller The topmost view controller in a view controller hierarchy. scene A visual representation in Interface Builder of a view controller and its associated objects, including the views it loads when displayed. segue A transition between two scenes, configured in Interface Builder. split view controller A container view controller used in iPad appsto present master-detail interfaces. tab bar controller A container view controller used to present a set of distinct interface screens, each represented by a tab and delivered by a separate content view controller. tab bar interface The style of interface that is presented by a tab bar controller’s view. A tab bar interface includes one or more tabs at the bottom of the screen. Tapping a tab changes the currently displayed screen contents. view controller An object that descends from the UIViewController class. View controllers coordinate the interactions between a set of views and the custom data presented by those views. 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 124 Glossaryview controller hierarchy A set of container and content view controllers arranged in a tree. Non-leaf nodes always represent container view controllers. Glossary 2012-09-19 | © 2012 Apple Inc. All Rights Reserved. 125Apple Inc. © 2012 Apple Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrievalsystem, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Apple Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Apple’s copyright notice. No licenses, express or implied, are granted with respect to any of the technology described in this document. Apple retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Apple-labeled computers. Apple Inc. 1 Infinite Loop Cupertino, CA 95014 408-996-1010 Apple, the Apple logo, Cocoa, iBook, iBooks, iPad, iPhone, Objective-C, and Xcode are trademarks of Apple Inc., registered in the U.S. and other countries. iOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license. Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.ASARESULT, THISDOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL,OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state. Key-Value Observing Programming GuideContents Introduction to Key-Value Observing Programming Guide 4 At a Glance 4 Registering for Key-Value Observing 7 Registering as an Observer 7 Receiving Notification of a Change 8 Removing an Object as an Observer 10 KVO Compliance 11 Automatic Change Notification 11 Manual Change Notification 12 Registering Dependent Keys 15 To-one Relationships 15 To-many Relationships 16 Key-Value Observing Implementation Details 19 Document Revision History 20 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 2Listings Registering for Key-Value Observing 7 Listing 1 Registering the inspector as an observer of the openingBalance property 7 Listing 2 Implementation of observeValueForKeyPath:ofObject:change:context: 9 Listing 3 Removing the inspector as an observer of openingBalance 10 KVO Compliance 11 Listing 1 Examples of method calls that cause KVO change notifications to be emitted 11 Listing 2 Example implementation of automaticallyNotifiesObserversForKey: 12 Listing 3 Example accessor method implementing manual notification 13 Listing 4 Testing the value for change before providing notification 13 Listing 5 Nesting change notifications for multiple keys 13 Listing 6 Implementation of manual observer notification in a to-many relationship 14 Registering Dependent Keys 15 Listing 1 Example implementation of keyPathsForValuesAffectingValueForKey: 15 Listing 2 Example implementation of the keyPathsForValuesAffecting naming convention 16 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 3Key-value observing is a mechanism that allows objects to be notified of changes to specified properties of other objects. Important: In order to understand key-value observing, you must first understand key-value coding. At a Glance Key-value observing provides a mechanism that allows objects to be notified of changes to specific properties of other objects. It is particularly useful for communication between model and controller layers in an application. (In OS X, the controller layer binding technology relies heavily on key-value observing.) A controller object typically observes properties of model objects, and a view object observes properties of model objects through a controller. In addition, however, a model object may observe other model objects (usually to determine when a dependent value changes) or even itself (again to determine when a dependent value changes). You can observe properties including simple attributes, to-one relationships, and to-many relationships. Observers of to-many relationships are informed of the type of change made—as well as which objects are involved in the change. There are three steps to setting up an observer of a property. Understanding these three steps provides a clear illustration of how KVO works. 1. First, see whether you have a scenario where key-value observing could be beneficial, for example, an object that needs to be notified when any changes are made to a specific property in another object. BankObject @property int accountBalance PersonObject For example, a PersonObject will want to be aware of any changes made to their accountBalance in the BankObject. 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 4 Introduction to Key-Value Observing Programming Guide2. The PersonObject must register as an observer of the BankObject’s accountBalance property by sending an addObserver:forKeyPath:options:context: message. BankObject PersonObject Connection established [bankInstance addObserver:personInstance forKeyPath:@"accountBalance" options:NSKeyValueObservingOptionNew context:NULL]; Note: The addObserver:forKeyPath:options:context:method establishes a connection between the instances of the objects that you specify. A connection is not established between the two classes, but rather between the two specified instances of the objects. 3. In order to respond to change notifications, the observer must implement the observeValueForKeyPath:ofObject:change:context: method. This method implementation defines how the observer responds to change notifications. It is in this method that you can customize your response to a change in one of the observed properties. BankObject PersonObject Connection established -(void) observeValueForKeyPath:(NSString *)keyPath ofObject:(id)object change:(NSDictionary *)change context:(void *)context { //custom implementation //be sure to call the superclass’ implementation //if the superclass implements it } “Registering for Key-Value Observing” (page 7) describes how to register and receive observation notifications. Introduction to Key-Value Observing Programming Guide At a Glance 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 54. The observeValueForKeyPath:ofObject:change:context: method is automatically invoked when the value of an observed property is changed in a KVO-compliant manner, or if a key upon which it depends is changed. BankObject PersonObject Automatically notifies person Person can react accordingly in customized method [bankInstance setAccountBalance:50]; “Registering Dependent Keys” (page 15) explains how to specify that the value of a key is dependent on the value of another key. KVO’s primary benefit is that you don’t have to implement your own scheme to send notifications every time a property changes. Its well-defined infrastructure has framework-level support that makes it easy to adopt—typically you do not have to add any code to your project. In addition, the infrastructure is already full-featured, which makes it easy to support multiple observers for a single property, as well as dependent values. “KVO Compliance” (page 11) describes the difference between automatic and manual key-value observing, and how to implement both. Unlike notifications that use NSNotificationCenter, there is no central object that provides change notification for all observers. Instead, notifications are sent directly to the observing objects when changes are made. NSObject provides this base implementation of key-value observing, and you should rarely need to override these methods. “Key-Value Observing Implementation Details ” (page 19) describes how key-value observing is implemented. Introduction to Key-Value Observing Programming Guide At a Glance 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 6In order to receive key-value observing notifications for a property, three things are required: ● The observed class must be key-value observing compliant for the property that you wish to observe. ● You must register the observing object with the observed object, using the method addObserver:forKeyPath:options:context:. ● The observing class must implement observeValueForKeyPath:ofObject:change:context:. Important: Not all classes are KVO-compliant for all properties. You can ensure your own classes are KVO-compliant by following the steps described in “KVO Compliance” (page 11). Typically properties in Apple-supplied frameworks are only KVO-compliant if they are documented as such. Registering as an Observer In order to be notified of changes to a property, an observing object must first register with the object to be observed by sending it an addObserver:forKeyPath:options:context: message, passing the observer object and the key path of the property to be observed. The options parameter specifies the information that is provided to the observer when a change notification is sent. Using the option NSKeyValueObservingOptionOld specifies that the original object value is provided to the observer as an entry in the change dictionary. Specifying the NSKeyValueObservingOptionNew option provides the new value as an entry in the change dictionary. To receive both values, you would bitwise OR the option constants. The example in Listing 1 demonstrates registering an inspector object for the property openingBalance. Listing 1 Registering the inspector as an observer of the openingBalance property - (void)registerAsObserver { /* Register 'inspector' to receive change notifications for the "openingBalance" property of the 'account' object and specify that both the old and new values of "openingBalance" should be provided in the observe… method. 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 7 Registering for Key-Value Observing*/ [account addObserver:inspector forKeyPath:@"openingBalance" options:(NSKeyValueObservingOptionNew | NSKeyValueObservingOptionOld) context:NULL]; } When you register an object as an observer, you can also provide a context pointer. The context pointer is provided to the observer when observeValueForKeyPath:ofObject:change:context: is invoked. The context pointer can be a C pointer or an object reference. The context pointer can be used as a unique identifier to determine the change that is being observed, or to provide some other data to the observer. Note: The key-value observing addObserver:forKeyPath:options:context: method does not maintain strong references to the observing object, the observed objects, or the context. You should ensure that you maintain strong references to the observing, and observed, objects, and the context as necessary. Receiving Notification of a Change When the value of an observed property of an object changes, the observer receives an observeValueForKeyPath:ofObject:change:context: message. All observers must implement this method. The observer is provided the object and key path that triggered the observer notification, a dictionary containing details about the change, and the context pointer that was provided when the observer was registered. The change dictionary entry NSKeyValueChangeKindKey provides information about the type of change that occurred. If the value of the observed object has changed, the NSKeyValueChangeKindKey entry returns NSKeyValueChangeSetting. Depending on the options specified when the observer was registered, the NSKeyValueChangeOldKey and NSKeyValueChangeNewKey entries in the change dictionary contain the values of the property before, and after, the change. If the property is an object, the value is provided directly. If the property is a scalar or a C structure, the value is wrapped in an NSValue object (as with key-value coding). Registering for Key-Value Observing Receiving Notification of a Change 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 8If the observed property is a to-many relationship, the NSKeyValueChangeKindKey entry also indicates whether objects in the relationship were inserted, removed, or replaced by returning NSKeyValueChangeInsertion, NSKeyValueChangeRemoval, or NSKeyValueChangeReplacement, respectively. The change dictionary entry for NSKeyValueChangeIndexesKey is an NSIndexSet object specifying the indexes in the relationship that changed. If NSKeyValueObservingOptionNew or NSKeyValueObservingOptionOld are specified as options when the observer is registered, the NSKeyValueChangeOldKey and NSKeyValueChangeNewKey entries in the change dictionary are arrays containing the values of the related objects before, and after, the change. The example in Listing 2 shows the observeValueForKeyPath:ofObject:change:context: implementation for an inspector that reflects the old and new values of the property openingBalance, as registered in Listing 1 (page 7). Listing 2 Implementation of observeValueForKeyPath:ofObject:change:context: - (void)observeValueForKeyPath:(NSString *)keyPath ofObject:(id)object change:(NSDictionary *)change context:(void *)context { if ([keyPath isEqual:@"openingBalance"]) { [openingBalanceInspectorField setObjectValue: [change objectForKey:NSKeyValueChangeNewKey]]; } /* Be sure to call the superclass's implementation *if it implements it*. NSObject does not implement the method. */ [super observeValueForKeyPath:keyPath ofObject:object change:change context:context]; } Registering for Key-Value Observing Receiving Notification of a Change 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 9Removing an Object as an Observer You remove a key-value observer by sending the observed object a removeObserver:forKeyPath: message, specifying the observing object and the key path. The example in Listing 3 removesthe inspector as an observer of openingBalance. Listing 3 Removing the inspector as an observer of openingBalance - (void)unregisterForChangeNotification { [observedObject removeObserver:inspector forKeyPath:@"openingBalance"]; } If the context is an object, you must keep a strong reference to it until removing the observer. After receiving a removeObserver:forKeyPath: message, the observing object will no longer receive any observeValueForKeyPath:ofObject:change:context: messagesfor the specified key path and object. Registering for Key-Value Observing Removing an Object as an Observer 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 10In order to be considered KVO-compliant for a specific property, a class must ensure the following: ● The class must be key-value coding compliant for the property, as specified in “Ensuring KVC Compliance”. KVO supports the same data types as KVC. ● The class emits KVO change notifications for the property. ● Dependent keys are registered appropriately (see “Registering Dependent Keys” (page 15)). There are two techniques for ensuring the change notifications are emitted. Automatic support is provided by NSObject and is by default available for all properties of a class that are key-value coding compliant. Typically, if you follow standard Cocoa coding and naming conventions, you can use automatic change notifications—you don’t have to write any additional code. Manual change notification provides additional control over when notifications are emitted, and requires additional coding. You can control automatic notifications for properties of your subclass by implementing the class method automaticallyNotifiesObserversForKey:. Automatic Change Notification NSObject provides a basic implementation of automatic key-value change notification. Automatic key-value change notification informs observers of changes made using key-value compliant accessors, as well as the key-value coding methods. Automatic notification is also supported by the collection proxy objects returned by, for example, mutableArrayValueForKey:. The examples shown in Listing 1 result in any observers of the property name to be notified of the change. Listing 1 Examples of method calls that cause KVO change notifications to be emitted // Call the accessor method. [account setName:@"Savings"]; // Use setValue:forKey:. [account setValue:@"Savings" forKey:@"name"]; 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 11 KVO Compliance// Use a key path, where 'account' is a kvc-compliant property of 'document'. [document setValue:@"Savings" forKeyPath:@"account.name"]; // Use mutableArrayValueForKey: to retrieve a relationship proxy object. Transaction *newTransaction = <#Create a new transaction for the account#>; NSMutableArray *transactions = [account mutableArrayValueForKey:@"transactions"]; [transactions addObject:newTransaction]; Manual Change Notification Manual change notification provides more granular control over how and when notifications are sent to observers. This can be useful to help minimize triggering notifications that are unnecessary, or to group a number of changes into a single notification. A class that implements manual notification must override the NSObject implementation of automaticallyNotifiesObserversForKey:. It is possible to use both automatic and manual observer notifications in the same class. For properties that perform manual notification, the subclass implementation of automaticallyNotifiesObserversForKey: should return NO. A subclassimplementation should invoke super for any unrecognized keys. The example in Listing 2 enables manual notification for the openingBalance property allowing the superclass to determine the notification for all other keys. Listing 2 Example implementation of automaticallyNotifiesObserversForKey: + (BOOL)automaticallyNotifiesObserversForKey:(NSString *)theKey { BOOL automatic = NO; if ([theKey isEqualToString:@"openingBalance"]) { automatic = NO; } else { automatic = [super automaticallyNotifiesObserversForKey:theKey]; } return automatic; } KVO Compliance Manual Change Notification 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 12To implement manual observer notification, you invoke willChangeValueForKey: before changing the value, and didChangeValueForKey: after changing the value. The example in Listing 3 implements manual notifications for the openingBalance property. Listing 3 Example accessor method implementing manual notification - (void)setOpeningBalance:(double)theBalance { [self willChangeValueForKey:@"openingBalance"]; _openingBalance = theBalance; [self didChangeValueForKey:@"openingBalance"]; } You can minimize sending unnecessary notifications by first checking if the value has changed. The example in Listing 4 tests the value of openingBalance and only provides the notification if it has changed. Listing 4 Testing the value for change before providing notification - (void)setOpeningBalance:(double)theBalance { if (theBalance != _openingBalance) { [self willChangeValueForKey:@"openingBalance"]; _openingBalance = theBalance; [self didChangeValueForKey:@"openingBalance"]; } } If a single operation causes multiple keysto change you must nest the change notifications asshown in Listing 5. Listing 5 Nesting change notifications for multiple keys - (void)setOpeningBalance:(double)theBalance { [self willChangeValueForKey:@"openingBalance"]; [self willChangeValueForKey:@"itemChanged"]; _openingBalance = theBalance; _itemChanged = _itemChanged+1; [self didChangeValueForKey:@"itemChanged"]; [self didChangeValueForKey:@"openingBalance"]; } KVO Compliance Manual Change Notification 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 13In the case of an ordered to-many relationship, you must specify not only the key that changed, but also the type of change and the indexes of the objects involved. The type of change is an NSKeyValueChange that specifies NSKeyValueChangeInsertion, NSKeyValueChangeRemoval, or NSKeyValueChangeReplacement. The indexes of the affected objects are passed as an NSIndexSet object. The code fragment in Listing 6 demonstrates how to wrap a deletion of objects in the to-many relationship transactions. Listing 6 Implementation of manual observer notification in a to-many relationship - (void)removeTransactionsAtIndexes:(NSIndexSet *)indexes { [self willChange:NSKeyValueChangeRemoval valuesAtIndexes:indexes forKey:@"transactions"]; // Remove the transaction objects at the specified indexes. [self didChange:NSKeyValueChangeRemoval valuesAtIndexes:indexes forKey:@"transactions"]; } KVO Compliance Manual Change Notification 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 14There are many situations in which the value of one property depends on that of one or more other attributes in another object. If the value of one attribute changes, then the value of the derived property should also be flagged for change. How you ensure that key-value observing notifications are posted for these dependent properties depends on the cardinality of the relationship. To-one Relationships To trigger notifications automatically for a to-on relationship you should either override keyPathsForValuesAffectingValueForKey: or implement a suitable method that follows the pattern it defines for registering dependent keys. For example, the full name of a person is dependent on both the first and last names. A method that returns the full name could be written as follows: - (NSString *)fullName { return [NSString stringWithFormat:@"%@ %@",firstName, lastName]; } An application observing the fullName property must be notified when either the firstName or lastName properties change, as they affect the value of the property. One solution is to override keyPathsForValuesAffectingValueForKey: specifying that the fullName property of a person is dependent on the lastName and firstName properties. Listing 1 (page 15) shows an example implementation of such a dependency: Listing 1 Example implementation of keyPathsForValuesAffectingValueForKey: + (NSSet *)keyPathsForValuesAffectingValueForKey:(NSString *)key { NSSet *keyPaths = [super keyPathsForValuesAffectingValueForKey:key]; if ([key isEqualToString:@"fullName"]) { 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 15 Registering Dependent KeysNSArray *affectingKeys = @[@"lastName", @"firstName"]; keyPaths = [keyPaths setByAddingObjectsFromArray:affectingKeys]; } return keyPaths; } Your override should typically invoke super and return a set that includes any members in the set that result from doing that (so as not to interfere with overrides of this method in superclasses). You can also achieve the same result by implementing a class method that follows the naming convention keyPathsForValuesAffecting, where is the name of the attribute (first letter capitalized) that is dependent on the values. Using this pattern the code in Listing 1 (page 15) could be rewritten as a class method named keyPathsForValuesAffectingFullName as shown in Listing 2 (page 16). Listing 2 Example implementation of the keyPathsForValuesAffecting naming convention + (NSSet *)keyPathsForValuesAffectingFullName { return [NSSet setWithObjects:@"lastName", @"firstName", nil]; } You can't override the keyPathsForValuesAffectingValueForKey: method when you add a computed property to an existing class using a category, because you're not supposed to override methods in categories. In that case, implement a matching keyPathsForValuesAffecting class method to take advantage of this mechanism. Note: You cannot set up dependencies on to-many relationships by implementing keyPathsForValuesAffectingValueForKey:. Instead, you must observe the appropriate attribute of each of the objects in the to-many collection and respond to changes in their values by updating the dependent key yourself. The following section shows a strategy for dealing with this situation. To-many Relationships The keyPathsForValuesAffectingValueForKey: method does not support key-paths that include a to-many relationship. For example, suppose you have a Department object with a to-many relationship (employees) to a Employee, and Employee has a salary attribute. You might want the Department object have Registering Dependent Keys To-many Relationships 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 16a totalSalary attribute that is dependent upon the salaries of all the Employees in the relationship. You can not do this with, for example, keyPathsForValuesAffectingTotalSalary and returning employees.salary as a key. There are two possible solutions in both situations: 1. You can use key-value observing to register the parent (in this example, Department) as an observer of the relevant attribute of all the children (Employeesin this example). You must add and remove the parent as an observer as child objects are added to and removed from the relationship (see “Registering for Key-Value Observing” (page 7)). In the observeValueForKeyPath:ofObject:change:context: method you update the dependent value in response to changes, as illustrated in the following code fragment: - (void)observeValueForKeyPath:(NSString *)keyPath ofObject:(id)object change:(NSDictionary *)change context:(void *)context { if (context == totalSalaryContext) { [self updateTotalSalary]; } else // deal with other observations and/or invoke super... } - (void)updateTotalSalary { [self setTotalSalary:[self valueForKeyPath:@"employees.@sum.salary"]]; } - (void)setTotalSalary:(NSNumber *)newTotalSalary { if (totalSalary != newTotalSalary) { [self willChangeValueForKey:@"totalSalary"]; _totalSalary = newTotalSalary; [self didChangeValueForKey:@"totalSalary"]; } } - (NSNumber *)totalSalary { return _totalSalary; Registering Dependent Keys To-many Relationships 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 17} 2. If you're using Core Data, you can register the parent with the application's notification center as an observer of its managed object context. The parentshould respond to relevant change notifications posted by the children in a manner similar to that for key-value observing. Registering Dependent Keys To-many Relationships 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 18Automatic key-value observing is implemented using a technique called isa-swizzling. The isa pointer, as the name suggests, points to the object's class which maintains a dispatch table. This dispatch table essentially contains pointers to the methods the class implements, among other data. When an observer is registered for an attribute of an object the isa pointer of the observed object is modified, pointing to an intermediate class rather than at the true class. As a result the value of the isa pointer does not necessarily reflect the actual class of the instance. You should never rely on the isa pointer to determine class membership. Instead, you should use the class method to determine the class of an object instance. 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 19 Key-Value Observing Implementation DetailsThis table describes the changes to Key-Value Observing Programming Guide . Date Notes 2012-07-17 Updated to use new Objective-C features. ARCification 2011-03-08 Clarified terminology in "Registering Dependent Keys." 2009-08-14 Added links to some key Cocoa definitions. 2009-05-09 Corrected minor typo. 2009-05-06 Clarified Core Data requirement in Registering Dependent Keys. 2009-03-04 Updated Registering Dependent Keys chapter. 2006-06-28 Updated code examples. Clarified that you should not release objects before calling willChangeValueForKey: methods. Noted that Java is not supported. 2005-07-07 2004-08-31 Corrected minor typos. Clarified the need to nest manual key-value change notifications. 2004-03-20 Modified source example in “Registering Dependent Keys” (page 15). Corrected source example in “Registering for Key-Value Observing” (page 7). Added article “Key-Value Observing Implementation Details ” (page 19). 2004-02-22 2003-10-15 Initial publication of Key-Value Observing. 2012-07-17 | © 2003, 2012 Apple Inc. All Rights Reserved. 20 Document Revision HistoryApple Inc. © 2003, 2012 Apple Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrievalsystem, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Apple Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Apple’s copyright notice. No licenses, express or implied, are granted with respect to any of the technology described in this document. Apple retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Apple-labeled computers. Apple Inc. 1 Infinite Loop Cupertino, CA 95014 408-996-1010 Apple, the Apple logo, Cocoa, Mac, and Objective-C are trademarks of Apple Inc., registered in the U.S. and other countries. Java is a registered trademark of Oracle and/or its affiliates. Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.ASARESULT, THISDOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL,OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state. Let’s get started When you start your Mac mini for the first time, Setup Assistant helps you get going. Just follow a few simple steps to quickly connect to your Wi-Fi network, transfer your stuff from another Mac or a PC, and create a user account for your Mac. You’ll also be able to log in with your Apple ID. This allows you to shop the App Store, iTunes Store, and Apple Online Store. It lets you keep in touch using Messages and FaceTime. And it lets you access iCloud, which is automatically set up on your Mac in apps like Mail, Contacts, and Calendar. If you don’t have an Apple ID, you can create one in Setup Assistant. Get to know your desktop The desktop is where you can find everything and do anything on your Mac. The Dock at the bottom is a handy place to keep the apps you use most. It’s also where you can open System Preferences, which lets you customize your desktop and other settings on your Mac. Click the Finder icon to quickly get to all your files and folders. The menu bar at the top has lots of useful information about your Mac. To check the status of your wireless Internet connection, click the Wi-Fi icon. Your Mac automatically connects to the network you chose during setup. Hello. iCloud iCloud stores your music, photos, documents, calendars, and more. And it wirelessly pushes them to your Mac, iPhone, iPad, iPod touch, and even your PC. All without docking or syncing. So when you buy a song on one device, it’s instantly available on all your other devices. When you adjust your calendar, all your devices stay up to date. And with Photo Stream, your latest photos appear everywhere you want to see them, automatically. To customize your iCloud settings, open the Apple menu, choose System Preferences, and click iCloud. Then sign in with your Apple ID and choose the iCloud features you want to use. Quick Start Guide Let’s get moving It’s easy to move files like documents, email, photos, music, and movies to your new Mac from another Mac or a PC. The first time you start your new Mac, it walks you through the process step by step. All you have to do is follow the onscreen instructions. If your Mac mini shipped with OS X Server, the Server application will open and walk you through the configuration process. Help menu Menu Dock bar Bluetooth status Finder System Preferences Launchpad Launchpad is the home for all the apps on your Mac. Just click the Launchpad icon in the Dock, and your open windows are replaced by a full-screen display of all your apps. Arrange apps any way you want, group them together in folders, or delete them from your Mac. When you download an app from the Mac App Store, it automatically appears in Launchpad. Mission Control Mission Control gives you a bird’s-eye view of everything running on your Mac. Click the Mission Control icon in the Dock, and your desktop zooms out to display all the open windows in every application, all your fullscreen apps, and Dashboard, the home of mini-apps called widgets. Click anything to zoom in on it. Think of Mission Control as the hub of your system—view everything and go anywhere with just a click. Welcome to your new Mac mini. We’d like to show you around. Removable panel USB 3 Built-in power supply HDMI Thunderbolt Audio in/out Gigabit Ethernet Power button FireWire 800 SD card slot AC power cord HDMI to DVI adapter Open Mission Control Click the Mission Control icon in the Dock. Add desktop spaces Click the + button to the right of the top row to add a new space. Dashboard Located at the top left for easy access. Wi-Fi status Open Launchpad Click the Launchpad icon in the Dock. Folders Group apps in folders by dragging one app on top of another.An important note Please read this document and the safety information in the Important Product Information Guide carefully before you first use your computer. Learn more You can find more information, watch demos, and learn even more about Mac mini features at www.apple.com/macmini. Help You can often find answers to your questions, as well as instructions and troubleshooting information, in Help Center. Click the Finder icon, click Help in the menu bar, and choose Help Center. OS X Utilities If you have a problem with your Mac, OS X Utilities can help you repair your computer’s hard drive, restore your software and data from a Time Machine backup, or erase your hard drive and reinstall OS X and Apple applications. You can also use Safari to get online help. If your Mac detects a problem, it opens OS X Utilities automatically. Or you can open it manually by restarting your computer while holding down the Command and R keys. Support Your Mac mini comes with 90 days of technical support and one year of hardware repair warranty coverage at an Apple Retail Store or an Apple Authorized Service Provider. Visit www.apple.com/support/macmini for Mac mini technical support. Or call 1-800-275-2273. In Canada, call 1-800-263-3394. Not all features are available in all areas. TM and © 2012 Apple Inc. All rights reserved. Designed by Apple in California. Printed in XXXX. 034-6575-A iTunes With iTunes, you can organize and play your digital music and videos on your Mac. And you can shop the iTunes Store for new music, movies, TV shows, books, and more. iTunes is also where you’ll find the App Store for iPad, iPhone, and iPod touch. Click the Safari icon in the Dock and surf the web quickly and easily with Multi-Touch gestures. Scroll up or down with one finger on Magic Mouse. Swipe right and left with two Safari web browser fingers to go back and forth between pages. Hold down the Control key and scroll with one finger to zoom in and out. Mail Mail lets you manage all your email accounts from a single, ad-free inbox, even when you’re not connected to the Internet. It works with most email standards— including POP3 and IMAP—and popular email services like Gmail, Yahoo! Mail, and AOL Mail. You can also use Mail with the free me.com email account you get with iCloud. The first time you open Mail, Setup Assistant will help you get started. Calendar Keep track of your busy schedule with Calendar. You can create separate calendars—one for home, another for school, a third for work. See all your calendars in a single window or choose to see only the calendars you want. Create and send invitations using contact info from the Contacts app, then see who has responded. Use iCloud to update calendars on all your devices automatically or share calendars with other iCloud users. Messages Just log in with your Apple ID, and you can send unlimited messages including text, photos, videos, and more to your friends on a Mac, iPad, iPhone, or iPod touch. With iCloud, you can start a conversation on one device and pick it up on another. And if you want to talk to someone face to face, you can start a video call* just by clicking the FaceTime icon in the top-right corner of the Messages window. iPhoto iPhoto is the best way to organize, browse, edit, and share your photos on your Mac. You can organize your photo library by Faces, Places, and Events. To send photos by email or publish them to Facebook, just select the photo and click Share in the bottom right of your screen. Or click Create to turn your favorite shots into photo books, calendars, and cards. iMovie iMovie puts all your video clips in one place and gives you the editing tools and special effects you need to quickly turn them into something memorable. You can make great-looking movies or even Hollywood-style movie trailers with just a few clicks. And iMovie lets you import video from most popular digital video cameras or your iPhone, iPad, or iPod touch. Mac App Store The Mac App Store is the best way to find and download thousands of apps for your Mac, from games and social networking to productivity apps and more. New apps install in one step to Launchpad. You can install apps on every Mac authorized for your personal use and even download them again. The Mac App Store lets you know when app and OS X updates are available, so you always have the latest versions. Open the Mac App Store by clicking its icon in the Dock. Top Sites Get a quick overview of the sites you visit most often. Reading List Click the glasses icon to save pages to read later. Full-screen view Click the full-screen button to go full screen. One-stop email View all your accounts in Mail for one-click access. Conversation view See all the email messages from a conversation thread. Search Quickly narrow search results to find exactly what you want. iTunes Store Discover and buy new music, movies, and more. Genius Mixes Let iTunes search your music library and group songs that go great together. Multiple calendars Access all your calendars from one place. Calendar view Select the view you prefer—day, week, month, or year. Add an event Double-click in a calendar to create a new event. Replies in progress Three dots mean your friend is typing a reply. Delivery receipts See when your message has arrived. FaceTime Start a video call right in Messages. *Requires FaceTime-enabled device for both caller and recipient. Not available in all areas. Create Create books, cards, and calendars. Faces iPhoto can even organize your photos based on who’s in them. Events Double-click any Event to browse photos. Event browser Your imported videos appear here so you can access all your clips. Project browser Simply drop your clips in a project to create a great movie. Always up to date Updates to your purchased apps and OS X appear automatically. Discover new apps Browse thousands of apps and download them straight to Launchpad. OS X Mountain Lion Core Technologies Overview June 20122 Core Technologies Overview OS X Mountain Lion Contents Page 3 Introduction Page 4 System Startup BootROM EFI Kernel Drivers Initialization Address Space Layout Randomization (ASLR) Page 7 Disk Layout Partition scheme Core Storage File systems Page 9 Process Control Launchd Loginwindow Grand Central Dispatch Sandboxing GateKeeper XPC Page 16 Network Access Ethernet Wi-Fi Multihoming IPv6 Remote Access Bonjour Page 21 Document Lifecycle Auto Save Automatic Versions Version Management iCloud Storage Page 24 Data Management Spotlight Time Machine Page 26 Developer Tools LLVM Xcode Instruments Accelerate Automation WebKit Page 33 For More Information3 Core Technologies Overview OS X Mountain Lion Introduction With more than 65 million users—consumers, scientists, animators, developers, system administrators, and more—OS X is the most widely used UNIX® desktop operating system. In addition, OS X is the only UNIX environment that natively runs Microsoft Office, Adobe Photoshop, and thousands of other consumer applications—all side by side with traditional command-line UNIX applications. Tight integration with hardware—from the sleek MacBook Air to the powerful Mac Pro—makes OS X the platform of choice for an emerging generation of power users. This document explores the powerful industry standards and breakthrough innovations in the core technologies that power Apple’s industry-leading user experiences. We walk you through the entire software stack, from firmware and kernel to iCloud and developer tools, to help you understand the many things OS X does for you every time you use your Mac. 4 Core Technologies Overview OS X Mountain Lion BootROM When you turn on the power to a Mac, it activates the BootROM firmware. BootROM, which is part of the computer’s hardware, has two primary responsibilities: it initializes system hardware and it selects an operating system to run. Two BootROM components carry out these functions: • Power-On Self Test (POST) initializes some hardware interfaces and verifies that sufficient memory is available and in a good state. • Extensible Firmware Interface (EFI) does basic hardware initialization and selects which operating system to use. If multiple OS installations are available, BootROM chooses the one that was last selected by the Startup Disk System Preference. The user can override this choice by holding down the Option key while the computer starts up, which causes EFI to display a screen for choosing the startup volume. EFI boot picker screen. System Startup5 Core Technologies Overview OS X Mountain Lion EFI EFI—a standard created by Intel—defines the interface between an operating system and platform firmware. It supersedes the legacy Basic Input Output System (BIOS) and OpenFirmware architectures. Once BootROM is finished and an OS X partition has been selected, control passes to the boot.efi boot loader, which runs inside EFI. The principal job of this boot loader is to load the kernel environment. As it does this, the boot loader draws the “booting” image on the screen. If full-disk encryption is enabled, the boot loader draws the login UI and prompts for the user’s password, which the system needs so it can access the encrypted disk and boot from it. Otherwise, loginwindow draws the login UI. Kernel The OS X kernel is based on FreeBSD and Mach 3.0 and features an extensible architecture based on well-defined kernel programming interfaces (KPIs). OS X was the first operating system to ship as a single install that could boot into either a 32-bit or 64-bit kernel, either of which could run 32-bit and 64-bit applications at full native performance. Starting with Mountain Lion, OS X exclusively uses a 64-bit kernel, but it continues to run both 32-bit and 64-bit applications. Drivers Drivers in OS X are provided by I/O Kit, a collection of system frameworks, libraries, tools, and other resources for creating device drivers. I/O Kit is based on an objectoriented programming model implemented in a restricted form of C++ that omits features unsuitable for use within a multithreaded kernel. By modeling the hardware connected to an OS X system and abstracting common functionality for devices in particular categories, the I/O Kit streamlines the process of device-driver development. I/O Kit helps device manufacturers rapidly create drivers that run safely in a multiprocessing, preemptive, hot-pluggable, power-managed environment. To do this, I/O Kit provides the following: • An object-oriented framework implementing common behavior shared among all drivers and types (families) of drivers • Many families of drivers for developers to build upon • Threading, communication, and data-management primitives for dealing with issues related to multiprocessing, task control, and I/O-transfers • A robust, efficient match-and-load mechanism that scales well to all bus types • The I/O Registry, a database that tracks instantiated objects (such as driver instances) and provides information about them • The I/O Catalog, a database of all I/O Kit classes available on a system • A set of device interfaces—plug-in mechanism that allows applications and other software outside the kernel to communicate with drivers • Excellent overall performance • Support for arbitrarily complex layering of client and provider objects6 Core Technologies Overview OS X Mountain Lion Initialization There are two phases to system initialization: • boot refers to loading the bootstrap loader and kernel • root means mounting a partition as the root, or top-level, file system. Once the kernel and all drivers necessary for booting are loaded, the boot loader starts the kernel’s initialization procedure. At this point, enough drivers are loaded for the kernel to find the root device—the disk or network service where the rest of the operating system resides. The kernel initializes the Mach and BSD data structures and then initializes the I/O Kit. The I/O Kit links the loaded drivers into the kernel, using the device tree to determine which drivers to link. Once the kernel finds the root device, it roots BSD off of it. Address Space Layout Randomization (ASLR) Many malware exploits rely on fixed locations for well-known system functions. To mitigate that risk, Mountain Lion randomly relocates the kernel, kexts, and system frameworks at system boot. This protection is available to both 32-bit and 64-bit processes. 7 Core Technologies Overview OS X Mountain Lion Partition scheme Disk drives are divided into logical partitions, which Apple traditionally calls volumes. Modern Mac systems use the GUID partition table (GPT) partitioning scheme introduced by Intel as part of EFI. The partitioning scheme is formally defined by: • Section 11.2.2 of “Extensible Firmware Interface Specification,” version 1.1, available from Intel • Chapter 5, “GUID Partition Table (GPT) Format,” of the “Unified Extensible Firmware Interface Specification,” version 2.0, available from the Unified EFI Forum Any Mac running OS X 10.4 or later can mount GPT-partitioned disks. Intel-based Mac systems can boot from GPT. By default, the internal hard disk is formatted as GPT. You can explore and modify GPT disks using the gpt command-line tool derived from FreeBSD. You can also use Apple’s GPT-aware diskutil utility which provides more human-readable output. Helper partitions Typically a single partition is “blessed” as the active boot volume via the bless command-line tool, though you can also bless specific folders or files. This partition is usually also the root volume. However, sometimes the boot partition is not the root, such as when the root partition is encrypted using full-disk encryption or located on a device that requires additional drivers (such as a RAID array). In that case, a hidden helper partition stores the files needed to boot, such as the kernel cache. The last three known good helper partitions are maintained in case one becomes corrupted. Recovery partitions OS X Lion introduced a new Recovery HD partition that includes the tools you need to do the following: • Reinstall OS X • Repair a hard drive • Restore from a Time Machine backup • Launch Safari to view documentation and search the Internet • Create Recovery HD partitions on external drives. To boot from the Recovery HD partition, restart your Mac while holding down the Command key and the R key (Command-R). Keep holding them until the Apple icon appears, indicating that your Mac is starting up. After the Recovery HD finishes starting up, you should see a desktop with an OS X menu bar and an OS X Utilities application window. Disk Layout8 Core Technologies Overview OS X Mountain Lion If your Recovery HD is corrupt or unavailable and you have a network connection, your Mac will automatically use OS X Internet Recovery to download and boot directly from Apple’s servers, using a pristine Recovery HD image that provides all the same functionality. Core Storage Layered between the whole-disk partition scheme and the file system used for a specific partition is a new logical volume format known as Core Storage, introduced in OS X Lion. Core Storage makes it easy to dynamically allocate partitions while providing full compatibility with existing filesystems. In particular, Core Storage allows in-place transformations such as backgrounding the full-disk encryption used by File Vault 2. File systems Partitions are typically formatted using some variant of the HFS Plus file system, which provides fast Btree-based lookups, robust aliases, and rich metadata—including fine-grained access controls and extended attributes. Since OS X 10.3 Panther, every Mac has used a journaled version of HFS Plus (HFSJ) to improve data reliability. Since OS X 10.6 Snow Leopard, HFS Plus has automatically compressed files. You can also choose to format partitions with HFSX, a case-sensitive variant of HFS Plus intended for compatibility with UNIX software. For interoperability with Windows, systems disks may be formatted with FAT32 or exFAT.9 Core Technologies Overview OS X Mountain Lion Launchd The kernel invokes launchd as the first process to run and then bootstraps the rest of the system. It replaces the complex web of init, cron, xinetd, and /etc/rc used to launch and manage processes on traditional UNIX systems. launchd first appeared in OS X 10.4 Tiger. It is available as open source under the Apache license. File-based configuration Each job managed by launchd has its own configuration file in a standard launchd.plist(5) file format, which specifies the working directory, environment variables, timeout, Bonjour registration, etc. These plists can be installed independently in the standard OS X library domains (for example, /Network/Library, /System/Library, / Library, or ~/Library), avoiding the need to edit system-wide configuration scripts. Jobs and plists can also be manually managed by the launctl(1) command-line tool. Launch on demand launchd prefers for processes to run only when needed instead of blocking or polling continuously in the background. These launch-on-demand semantics avoid wasting CPU and memory resources, and thus prolong battery life. For example, jobs can be started based on the following: • If the network goes up or down • When a file path exists (e.g., for a printer queue) • When a device or file system is mounted Smart scheduling Like traditional UNIX cron jobs, launchd jobs can be scheduled for specific calendar dates with the StartCalendarInterval key, as well as at generic intervals via the StartInterval key. Unlike cron—which skips job invocations when the computer is asleep—launchd starts the job the next time the computer wakes up. If the computer sleeps through multiple intervals, those events will be coalesced into a single trigger. User agents launchd defines a daemon as a system-wide service where one instance serves multiple clients. Conversely, an agent runs once for each user. Daemons should not attempt to display UI or interact directly with a user’s login session; any and all work that involves interacting with a user should be done through agents. Process Control10 Core Technologies Overview OS X Mountain Lion Every launchd agent is associated with a Session Type, which determines where it runs and what it can do, as shown in the following table: Name Session type Notes GUI Aqua Has access to all GUI services; much like a login item Non-GUI StandardIO Runs only in non-GUI login sessions (for example, SSH login sessions) Per-user Background Runs in a context that’s the parent of all contexts for a given user Pre-login LoginWindow Runs in the loginwindow context Install on demand To reduce download sizes and the surface area available to attackers, OS X provides an install-on-demand mechanism for certain subsystems. This provides easy access for those users who need them without burdening those who don’t. When you launch an application that relies on X11 or Java, OS X asks whether you want to download the latest version as shown in the next image. OS X prompts users if they attempt to run applications that require X11. Loginwindow As the final part of system initialization, launchd launches loginwindow. The loginwindow program controls several aspects of user sessions and coordinates the display of the login window and the authentication of users. If a password is set, OS X requires users to authenticate before they can access the system. The loginwindow program manages both the visual portion of the login process (as manifested by the window where users enter name and password information) and the security portion (which handles user authentication). Once a user has been authenticated, loginwindow begins setting up the user environment. As part of this process, it performs the following tasks: • Secures the login session from unauthorized remote access • Records the login in the system’s utmp and utmpx databases • Sets the owner and permissions for the console terminal • Resets the user’s preferences to include global system defaults • Configures the mouse, keyboard, and system sound according to user preferences • Sets the user’s group permissions (gid)11 Core Technologies Overview OS X Mountain Lion • Retrieves the user record from Directory Services and applies that information to the session • Loads the user’s computing environment (including preferences, environment variables, device and file permissions, keychain access, and so on) • Launches the Dock, Finder, and SystemUIServer • Launches the login items for the user Once the user session is up and running, loginwindow monitors the session and user applications in the following ways: • Manages the logout, restart, and shutdown procedures • Manages Force Quit by monitoring the currently active applications and responding to user requests to force quit applications and relaunch the Finder. (Users open this window from the Apple menu or by pressing Command-Option-Escape.) • Arranges for any output written to the standard error console to be logged using the Apple System Loger (ASL) API. (See “Log Messages Using the ASL API” in the OS X Developer Library.) Grand Central Dispatch Grand Central Dispatch (GCD) supports concurrent computing via an easy-to-use programming model built on highly efficient system services. This radically simplifies the code needed for parallel and asynchronous processing across multiple cores. GCD is built around three core pieces of functionality: • Blocks, a concise syntax for describing work to be done • Queues, an efficient mechanism for collecting work to be done • Thread pools, an optimal service for distributing work to be done These help your Mac make better use of all available CPU cores while improving responsiveness by preventing the main thread from blocking. System-wide optimization The central insight of GCD is shifting the responsibility for managing threads and their execution from applications to the operating system. As a result, programmers can write less code to deal with concurrent operations in their applications, and the system can perform more efficiently on both single-processor and multiprocessor machines. Without a pervasive approach such as GCD, even the best-written application cannot deliver optimal performance across diverse environments because it lacks insight into everything else happening on the system. Blocks Block objects are extensions to C, Objective-C, and C++ that make it easy for programmers to encapsulate inline code and data for later use. Here’s what a block object looks like: int scale = 4; int (^Multiply)(int) = ^(int num) { return scale * num; }; int result = Multiply(7); // result is 2812 Core Technologies Overview OS X Mountain Lion These types of “closures”—effectively a function pointer plus its invocation context— are common in dynamically-typed interpreted languages, but they were never before widely available to C programmers. Apple has published both the Blocks Language Specification and its implementation as open source under the MIT license and added blocks support to both GCC and Clang/LLVM. Queues GCD dispatch queues are a powerful tool for performing tasks safely and efficiently on multiple CPUs. Dispatch queues atomically add blocks of code that can execute either asynchronously or synchronously. Serial queues enable mutually exclusive access to shared data or other resources without the overhead or fragility of locks. Concurrent queues can execute tasks across multiple distinct threads, based on the number of currently available CPUs. Thread pools The root level of GCD is a set of global concurrent queues for every UNIX process, each of which is associated with a pool of threads. GCD dequeues blocks and private queues from the global queues on a first-in/first-out (FIFO) basis as long as there are available threads in the thread pool, providing an easy way to achieve concurrency. If there is more work than available threads, GCD asks the kernel for more threads, which are given if there are idle logical processors. Conversely, GCD eventually retires threads from the pool if they are unused or the system is under excessive load. This all happens as a side effect of queuing and completing work so that GCD itself doesn’t require a separate thread. This approach provides optimal thread allocation and CPU utilization across a wide range of loads. Event sources In addition to scheduling blocks directly, GCD makes it easy to run a block in response to various system events, such as a timer, signal, I/O, or process state change. When the source fires, GCD will schedule the handler block on the specific queue if it is not currently running, or—more importantly—coalesce pending events if it is running. This provides excellent responsiveness without the expense of either polling or binding a thread to the event source. Plus, since the handler is never run more than once at a time, the block doesn’t even need to be reentrant; only one thread will attempt to read or write any local variables. OpenCL integration Developers traditionally needed to write custom vector code—in addition to their usual scalar code—in order to take full advantage of modern processors. OpenCL is an open standard, language, runtime, and framework introduced in OS X 10.6 Snow Leopard. The OpenCL standard makes it straightforward take advantage of the immense processing power available in GPUs, vector extensions, and multi-core CPUs. You can use OpenCL to move the most time-consuming routines into computational “kernels” written in a simple, C-like language. The OpenCL runtime dynamically compiles these kernels to take advantage of the type and number of processors available on a computer. As of OS X 10.7 Lion, the system takes care of autovectorizing kernels to run efficiently on GPUs or CPUs. OpenCL kernels can also be written as separate files that run as blocks on the GPU or CPU using a special GCD queue.13 Core Technologies Overview OS X Mountain Lion Sandboxing Sandboxes ensure that processes are only allowed to perform a specific set of expected operations. For example, a web browser regularly needs to read from the network, but shouldn’t write to the user’s home folder without explicit permission. Conversely, a disk usage monitor may be allowed to read directories and delete files, but not talk to the network. These restrictions limit the damage a program could potentially cause if it became exploited by an attacker. By using attack mitigation, sandboxes complement the usual security focus on attack prevention. For this reason, we recommend that sandboxes be used with all applications, and we require their use for apps distributed via the Mac App Store. Mandatory access controls Sandboxes are built on low-level access control mechanisms enforced in the kernel by the kauth subsystem. This was introduced in OS X 10.4 Tiger based on work originating in TrustedBSD. kauth identifies a valid actor (typically a process) by its credentials. It then asks one or more listeners to indicate whether that actor can perform a given action within a specified scope (authorization domain). Only the initial (default) listener can allow a request; subsequent listeners can only deny or defer. If all listeners defer, kauth denies the request. Entitlements Sandboxes collect these low-level actions into specific entitlements that an application must explicitly request by adding the appropriate key to a property list file in its application bundle. Entitlements can control access to: • The entire file system • Specific folders • Networking • iCloud • Hardware (for example, the built-in camera or microphone) • Personal information (for example, contacts) In addition, entitlements control whether processes inherit their parents’ permissions and can grant temporary exceptions for sending and receiving events or reading and writing files. User intent While it may seem that virtually all applications would need to request broad entitlements to read and write files, that isn’t the case. OS X tracks user-initiated actions, such as dragging a file onto an application icon, and automatically opens a temporary hole in the sandbox allowing the application to read just that one file. In particular, open and save panels run in a special-purpose PowerBox process that handles all user interaction. This allows applications to only request entitlements for actions they need to perform autonomously. Code signing Entitlements use code signing to ensure the privileges they specify only cover the code originally intended. Code signing uses public key cryptography to verify that the entity that created the entitlements (that is, the developer) is the same as the author of the executable in question, and that neither has been modified.14 Core Technologies Overview OS X Mountain Lion GateKeeper Gatekeeper is a new feature in OS X Mountain Lion that helps protect you from downloading and installing malicious software. Developers can sign their applications, plug-ins, and installer packages with a Developer ID certificate to let Gatekeeper verify that they come from identified developers. Developer ID certificates As part of the Mac Developer Program, Apple gives each developer a unique Developer ID for signing their apps. A developer’s digital signature lets Gatekeeper verify that they have not distributed malware and that the app hasn’t been tampered with. User control Choose the kinds of apps that are allowed to run on OS X Mountain Lion from the following: • Only apps from the Mac App Store, for maximum security • Apps from the Mac App Store as well as apps that have a Developer ID • Apps from anywhere You can even temporarily override higher-protection settings by clicking on the app while holding down the Control key and then choosing Open from the contextual menu. This lets you install and run any app at any time. Gatekeeper ensures that you stay completely in control of your system. You control which kinds of apps you want your system to trust.15 Core Technologies Overview OS X Mountain Lion XPC XPC leverages launchd, GCD, and sandboxing to provide a lightweight mechanism for factoring an application into a family of coordinating processes. This factoring improves launch times, crash resistance, and security by allowing each process to focus on one specific task. No configuration needed XPC executables and xpcservice.plist(5) configuration files are all part of a single app bundle, so there is no need for an installer. Launch-on-demand XPC uses launchd to register and launch helper processes as they are needed. Asynchronous communication XPC uses GCD to send and receive messages asynchronously using blocks. Privilege separation XPC processes each have their own sandbox, allowing clean separation of responsibilities. For example, an application that organizes and edits photographs does not usually need network access. However, it can create an XPC helper with different entitlements whose sole purpose is to upload photos to a photo sharing website. Out of band data In addition to primitive data types such as booleans, strings, arrays, and dictionaries, XPC can send messages containing out-of-band data such as file descriptors and IOSurface media objects.16 Core Technologies Overview OS X Mountain Lion Ethernet Mac systems were the first mass-market computers to ship with built-in Ethernet. OS X today supports everything from 10BASE-T to 10 gigabit Ethernet. The Ethernet capabilities in OS X include the following Automatic link detection. Automatic link detection brings up the network stack whenever a cable is plugged in, and safely tears it down when the cable is removed. Auto-MDIX This feature reconfigures the connection depending on whether you are connecting to a router or another computer, so you no longer need special crossover cables. Autonegotiation Autonegotiaton discovers and uses the appropriate transmission parameters for a given connection, such as speed and duplex matching. Channel bonding Channel bonding supports the IEEE 802.3ad/802.1ax Link Aggregation Control Protocol for using multiple low-speed physical interfaces as a single high-speed logical interface. Jumbo frames This capability uses Ethernet frames of up to 9000 bytes with Gigabit Ethernet switches that allow them. TCP segmentation offload To reduce the work required of the CPU, TCP segmentation offload lets the Network Interface Card (NIC) handle splitting a large outgoing buffer into individual packets. Wi-Fi Apple brought Wi-Fi to the mass market with the original Airport card and continues to provide cutting edge wireless networking across our product lines. Built in to every Mac Every Mac we ship—from the 11-inch Macbook Air to the top-of-the-line Mac Pro—has 802.11n networking built right in, along with 802.11a/b/g compatibility. Network Access17 Core Technologies Overview OS X Mountain Lion AirDrop AirDrop, introduced in OS X 10.7 Lion, makes it easy to safely share files wirelessly with nearby users, even if you aren’t on the same network. AirDrop leverages the wireless hardware on newer Mac systems to find and connect to other computers on an ad hoc basis, even if they are already associated with different Wi-Fi networks. Share files wirelessly with anyone around you using AirDrop. AirPlay AirPlay lets you stream music throughout your entire house—wirelessly. Starting with OS X 10.8 Mountain Lion, you can share audio or mirror your screen from your Mac to an Apple TV or any other AirPlay-enabled device. OS X treats AirPlay as just another audio output device.18 Core Technologies Overview OS X Mountain Lion Multihoming OS X can have multiple network interfaces active at the same time and dynamically determines the optimal one to use for a given connection. Here are some examples of where this is useful: • Connecting to the Internet via Ethernet when you plug a Mac in to the network, but seamlessly switching over to Wi-Fi when the network cable is unplugged. • Routing all corporate traffic through a VPN server for security, while accessing the public Internet directly to reduce latency. • Internet Sharing, where one interface, such as Ethernet, is connected to the public Internet while the other, such as Wi-Fi, acts as a router for connecting your other devices. IPv6 OS X provides best-of-breed support for IPv6, the next-generation 128-bit Internet protocol. Key features of IPv6 in OS X include: • Full support for both stateful and stateless DHCPv6 • Happy Eyeballs algorithm (RFC 6555) for intelligently selecting between IPv6 and IPv4 addresses when both are available • High-level APIs that resolve names directly so applications don’t need to know whether they are using IPv4 or IPv6 • IPv6-enabled user applications (for example, Safari) Remote Access Captive networks Like iOS, OS X now automatically detects the presence of a captive network and prompts for the authentication necessary to reach the public Internet. VPN client OS X includes a virtual private network (VPN) client that supports the Internet standard Layer 2 Tunneling Protocol (L2TP) over IPSec (the secure version of IPv4), as well as the older Point-to-Point Tunneling Protocol (PPTP). OS X also includes a VPN framework developers can use to build additional VPN clients. Firewalls In addition to the ipfw2-based system-wide firewall, OS X includes an application firewall that can be configured to allow only incoming access to preapproved applications and services. Self-tuning TCP OS X sets the initial maximum TCP window size according to the local resources and connection type, enabling TCP to optimize performance when connecting to high-bandwidth/high-latency networks.19 Core Technologies Overview OS X Mountain Lion Port mapping NAT-PMP enables you to export Internet services from behind a NAT gateway, while Wide Area Bonjour lets you register the resulting port number with Back to My Mac. This enables you to easily and securely access your home printer and disk drives remotely, even from the public Internet. Bonjour Bonjour is Apple’s implementation of the Zero Configuration Networking standard. It helps applications discover shared services such as printers on the local network. It also enables services to coordinate within and across machines without requiring well-known port numbers. Bonjour’s ability to painlessly find other computers over a network is critical to many Apple technologies, such as AirPlay and AirDrop. Link-local addressing Any user or service on a computer that needs an IP address benefits from this feature automatically. When your host computer encounters a local network that lacks DHCP address management, it finds an unused local address and adopts it without you having to take any action. Multicast DNS Multicast DNS (mDNS) uses DNS-format queries over IP multicast to resolve local names not handled by a central DNS server. Bonjour goes further by handling mDNS queries for any network service on the host computer. This relieves your application of the need to interpret and respond to mDNS messages. By registering your service with the Bonjour mDNSResponder daemon, OS X automatically directs any queries for your name to your network address. Service discovery Service discovery allows applications to find all available instances of a particular type of service and to maintain a list of named services. The application can then dynamically resolve a named instance of a service to an IP address and port number. Concentrating on services rather than devices makes the user’s browsing experience more useful and trouble-free. Wide Area Bonjour Starting in OS X 10.4, Bonjour now uses Dynamic DNS Update (RFC 2316) and unicast DNS queries to enable discovery and publishing of services to a central DNS server. These can be viewed in the Bonjour tab of Safari in addition to other locations. This feature can be used by companies to publicize their Intranet or by retailers to advertise promotional web sites. High-level APIs OS X provides multiple APIs for publication, discovery, and resolution of network services, as follows: • NSNetService and NSNetServiceBrowser classes, part of the Cocoa Foundation framework, provide object-oriented abstractions for service discovery and publication. • The CFNetServices API declared in the Core Services framework provide Core Foundation-style types and functions for managing services and service discovery. • The DNS Service Discovery API, declared in , provides low-level BSD socket communication for Bonjour services.20 Core Technologies Overview OS X Mountain Lion Wake On Demand Wake on Demand allows your Mac to sleep yet still advertise available services via a Bonjour Sleep Proxy (typically an AirPort Extreme Base Station) located on your network. The proxy automatically wakes your machine when clients attempt to access it. Your Mac can even periodically do a maintenance wake to renew its DHCP address and other leases. Open source The complete Bonjour source code is available under the Apache License, Version 2.0 on Apple’s open source website, where it’s called the mDNSResponder project. You can easily compile it for a wide range of platforms, including UNIX, Linux, and Windows. We encourage hardware device manufacturers to embed the open source mDNSResponder code directly into their products and, optionally, to pass the Bonjour Conformance Test so they can participate in the Bonjour Logo Licensing Program.21 Core Technologies Overview OS X Mountain Lion Auto Save You no longer need to manually save important documents every few minutes, thanks to the new Auto Save facility introduced in OS X 10.7 Lion. Applications that support Auto Save automatically save your data in the background whenever you pause or every five minutes, whichever comes first. If the current state of your document has been saved, OS X won’t even prompt you before quitting the application, making logouts and reboots virtually painless. Automatic Versions Versions, also introduced in OS X 10.7 Lion, automatically records the history of a document as you create and make changes to it. OS X automatically creates a new version of a document each time you open it and every hour while you’re working on it. You can also manually create snapshots of a document whenever you like. OS X uses a sophisticated chunking algorithm to save only the information that has changed, making efficient use of space on your hard drive (or iCloud). Versions understands many common document formats, so it can chunk documents between logical sections, not just at a fixed number of bytes. This allows a new version to store—for example, just the one chapter you rewrote instead of a copy of the entire novel. OS X automatically manages the version history of a document for you, keeping hourly versions for a day, daily versions for a month, and weekly versions for all previous months. To further safeguard important milestones, OS X automatically locks documents that were edited more than two weeks ago. You can change the interval by clicking the Options… button in the Time Machine System Preferences pane, then choosing the interval you want from the Lock documents pop-up menu. When you share a document—for example through email, iChat, or AirDrop—only the latest, final version is sent. All other versions and changes remain safely on your Mac. Document Lifecycle22 Core Technologies Overview OS X Mountain Lion Version Management You can also manually lock, unlock, rename, move, or duplicate documents using the pop-up menu next to the document title, which also shows you the current state of the document. Manage your versions directly from the pop-up menu next to the document title. You can also use the same pop-up menu to browse previous versions using an interface similar to Time Machine. It shows the current document next to a cascade of previous versions, letting you make side-by-side comparisons. You can restore entire past versions or bring elements from past versions such as pictures or text into your working document. Recovering work from previous versions is just a click away. iCloud Storage iCloud Storage APIs enable apps to store documents and key value data in iCloud. iCloud wirelessly pushes documents to your devices and updates them whenever any of your devices change them—all automatically. Ubiquitous storage The iCloud storage APIs let applications write your documents and data to a central location and access those items from all your computers and iOS devices. Making a document ubiquitous using iCloud means you can view or edit those documents from any device without having to sync or transfer files explicitly. Storing documents in your iCloud account also provides an extra layer of protection. Even if you lose a device, those documents are still available from iCloud storage.23 Core Technologies Overview OS X Mountain Lion File coordination Because the file system is shared by all running processes, conflicts can occur when two processes (or two threads in the same process) try to change the same file at the same time. To avoid this type of contention, OS X 10.7 and later include support for file coordinators, which enable developers to safely coordinate file access between different processes or different threads. File coordinators mediate changes between applications and the daemon that facilitates the transfer of the document to and from iCloud. In this way, the file coordinator acts as a locking mechanism for the document, preventing applications and the daemon from modifying the document simultaneously. Safe versions Versions automatically stores iCloud documents. This means iCloud never asks you to resolve conflicts or decide which version to keep. It automatically chooses the most recent version. You can always use the Browse Saved Versions option if you want to revert to a different one. Versions’ chunking mechanism also minimizes the information that needs to be sent across the network. Ubiquitous metadata, lazy content iCloud immediately updates the metadata (that is, the file name and other attributes) for every document stored or modified in the cloud. However, iCloud may not push the actual content to devices until later, perhaps only when actively requested. Devices always know what’s available but defer loading the data in order to conserve storage and network bandwidth.. Peer-to-peer networking iCloud detects when you have multiple devices on the same local network, and it copies the content directly between them rather than going through the cloud. It eventually copies the content to the cloud, as well, to enable remote access and backup. Web access iCloud provides a range of powerful web applications to let you work directly with your data from a web browser. These include the usual personal information tools (Mail, Calendar and AddressBook) as well as a complete suite of iWork viewers (Pages, Keynote, and Numbers).24 Core Technologies Overview OS X Mountain Lion Spotlight Spotlight is a fast desktop search technology that helps you organize and search for files based on either contents or metadata. It’s available to users via the Spotlight window in the upper-right of the screen. Developers can embed Spotlight in their own applications using an API available from Apple. Standard metadata Spotlight defines standard metadata attributes that provide a wide range of options for consistently storing document metadata, making it easier to form consistent queries. These include POSIX-style file attributes, authoring information, and specialized metadata for audio, video, and image file formats. Extensible importers Using OS X Launch Services, Spotlight determines the uniform type identifier of a new or modified file and attempts to find an appropriate importer plug-in. If an importer exists and is authorized, OS X loads it and passes it the path to the file. Third parties can create custom importers that extract both standard and custom metadata for a given file type and return a dictionary which is used to update the Spotlight datastore. Dynamic datastore Every time you create, modify, or delete a file, the kernel notifies the Spotlight engine that it needs to update the system store. OS X accomplishes this with the high-performance fsevents API. Live update Whenever OS X updates the datastore, it also notifies the system results window and any third-party client applications if the update causes different files to match or not match the query. This ensures that the Mac always presents the latest real-time information to the user. Data Management25 Core Technologies Overview OS X Mountain Lion Time Machine Time Machine, introduced in OS X 10.5 Leopard, makes it easy to back up and restore either your entire system or individual files. Easy setup To set up Time Machine, all you need to do is select a local disk or Time Capsule to store the backups. In OS X Mountain Lion, you can select multiple backup destinations for Time Machine. OS X immediately starts backing up all your files in the background. After the initial backup, it automatically creates new incremental backups every hour. Coalescing changes Time Machine leverages the fsevents technology developed for Spotlight to continuously identify and track any folders (what UNIX calls directories) that contain modified files. During the hourly backup, it creates a new folder that appears to represent the entire contents of your hard drive. In reality, it uses a variant of UNIX hard links that mostly point to trees of unmodified folders already on the disk. Those trees are effectively copy-on-write, so that future changes never affect the backup version. TIme Machine creates new trees inside a backup for any path that contains modified folders. Time Machine creates new versions of those folders that contain links to the current files, thus automatically capturing any changes that occurred in the past hour. This avoids the overhead of either scanning every file on disk or capturing each and every change to a file. This technique allows each backup to provide the appearance and functionality of a full backup while only taking up the space of an incremental backup (plus some slight overhead for the metadata of modified trees). This makes it easy to boot or clone a system from the most recent Time Machine backup. Mobile Time Machine OS X 10.7 Lion introduced Mobile Time Machine, which keeps track of modified files even while you are disconnected from your backup drive. When you reconnect, it will automatically record the hourly snapshots to ensure you don’t lose your version history. Preserving backups Time Machine keeps hourly backups for the past 24 hours, daily backups for the past month, and weekly backups until your backup drive is full. At that point OS X warns you that it is starting to delete older backups. To be notified whenever OS X deletes an older backup, open Time Machine preferences, click the Options... button, and check the box next to Notify after old backups are deleted.26 Core Technologies Overview OS X Mountain Lion LLVM The next-generation LLVM compiler suite is based on the open source LLVM.org project. The LLVM.org project employs a unique approach of building compiler technologies as a set of libraries. Capable of working together or independently, these libraries enable rapid innovation and provide the ability to attack problems never before solved by compilers. Apple’s compiler, runtime, and graphics teams are extensive contributors to the LLVM.org community. They use LLVM technology to make Apple platforms faster and more secure. Clang front-end Clang is a high-performance front-end for parsing C, Objective-C, and C++ code as part of the LLVM compiler suite. It supports the latest C++ standards, including a brand-new implementation of the C++ standard libraries. Clang is also implemented as a series of libraries, allowing its technology to be reused for static code analysis in Xcode and the LLDB debugger. Comprehensive optimization LLVM’s flexible architecture makes it easy to add sophisticated optimizations at any point during the compilation process. For example, LLVM performs whole-program analysis and link-time optimizations to eliminate unused code paths. Automatic Reference Counting Automatic Reference Counting (ARC) for Objective-C lets the compiler take care of memory management. By enabling ARC with the new Apple LLVM compiler, you never need to manually track object lifecycles using retain and release, dramatically simplifying the development process while reducing crashes and memory leaks. The compiler has a complete understanding of your objects and releases each object the instant it is no longer used. Apps run as fast as ever, with predictable, smooth performance. Developer Tools27 Core Technologies Overview OS X Mountain Lion Xcode Xcode 4 is the latest version of Apple’s integrated development environment (IDE), a complete toolset for building OS X and iOS applications. The Xcode IDE includes a powerful source editor, a sophisticated graphical UI editor, and many other features from highly customizable builds to support for source code repository management. Xcode can help you identify mistakes in both syntax and logic and will even suggest fixes. The Xcode 4 integrated development environment Static analysis You can think of static analysis as providing you advanced warnings by identifying bugs in your code before it is run—hence the term static. The Xcode static analyzer gives you a much deeper understanding of your code than do traditional compiler warnings. The static analyzer leverages the Clang libraries to travel down each possible code path, identifying logical errors such as unreleased memory—well beyond the simple syntax errors normally found at compile time. Fix-it Fix-it brings autocorrection from the word processor to your source code. The Xcode Fix-it feature checks your symbol names and code syntax as you type, highlights any errors it detects, and even fixes them for you. Fix-it marks syntax errors with a red underbar or a caret at the position of the error and a symbol in the gutter. Clicking the symbol displays a message describing the possible syntax error and, in many cases, offers to repair it automatically. 28 Core Technologies Overview OS X Mountain Lion Interface Builder Interface Builder is a graphical tool for designing user interfaces for OS X and iOS applications. Like other Xcode editors, Interface Builder is fully integrated into the application, so you can write and edit source code and tie it directly to your user interface without leaving the Xcode workspace window. Interface Builder, the easiest way to design your application’s user interface. Version control Xcode provides several ways to save versions of your project: • A snapshot saves the current state of your project or workspace on disk for possible restoration later. • Source control repositories keep track of individual changes to files and enable you to merge different versions of a file. • An archive packages your products for distribution, either through your own distribution mechanism or for submission to the App Store. Editor area Utility area Interface Builder objects Dock Canvas Inspector selector bar Library selector bar Library pane Inspector pane29 Core Technologies Overview OS X Mountain Lion Xcode also provides direct support for Git and Subversion repositories, including an option to create a local Git repository when you create a new project. Because it’s so easy to set up a repository to use with your Xcode project, Xcode provides a special editor, called the version editor, that also makes it easy to compare different versions of files saved in repositories. The Xcode version editor. Instruments Instruments is an application for dynamically tracing and profiling OS X and iOS code. It is a flexible and powerful tool that lets you track one or more processes, examine the collected data, and track correlations over time. In this way, Instruments helps you understand the behavior of both user programs and the operating system.30 Core Technologies Overview OS X Mountain Lion With the Instruments application, you use special tools (known as instruments) to trace different aspects of a process’s behavior. You can also use the application to record a sequence of user interface actions and replay them, using one or more instruments to gather data. Instruments includes Instruments, Track, and Extended Detail panes. Synchronized tracks The Instruments Track pane displays a graphical summary of the data returned by the current instruments. Each instrument has its own track, which provides a chart of the data collected by that instrument. The information in this pane is read-only. You use this pane to select specific data points you want to examine more closely. Multiple traces Each time you click the Record button in a trace document, Instruments starts gathering data for the target processes. Rather than appending the new data to any existing data, Instruments creates a new trace run to store that data. This makes it easy to compare behavior between different configurations. A trace run consists of all of the data gathered between the time you click the Record button and the Stop button. By default, Instruments displays only the most recent trace run in the Track pane, but you can view data from previous trace runs in one of two ways: • Use the Time/Run control in the toolbar to select which trace run you want to view. • Click the disclosure triangle next to an instrument to display the data for all trace runs for that instrument. Extended Detail pane Toolbar Detail pane Navigation bar Intruments pane Track pane31 Core Technologies Overview OS X Mountain Lion User interface recording A user interface track records a series of events or operations in a running program. After the track records events, you can replay that track multiple times to reproduce the same sequence of events over and over. Each time you replay a user interface track, you can collect data using other instruments in your trace document. The benefit of doing this is that you can then compare the data you gather on each successful run and use it to measure the changes in your application’s performance or behavior. DTrace DTrace is a dynamic tracing facility available for Mac systems since OS X 10.5 Leopard. Because DTrace taps into the operating system kernel, you have access to low-level information about the kernel itself and about the user processes running on your computer. DTrace is used to power many of the built-in instruments. DTrace probes make it easy to use Instruments to create custom instruments. A probe is a sensor you place in your code that corresponds to a location or event (such as a function entry point) to which DTrace can bind. When the function executes or the event is generated, the associated probe fires and DTrace runs whatever actions are associated with the probe. Most DTrace actions simply collect data about the operating system and user program behavior at that moment. It is possible, however, to run custom scripts as part of an action. Scripts let you use the features of DTrace to fine tune the data you gather. That data is then available as an Instruments track to compare with data from other instruments or other trace runs. Accelerate Accelerate is a unique framework of hardware-optimized math libraries that provides the following: • Vector digital signal processing (vDSP). Optimized Fast Fourier Transforms (FFTs), convolutions, vector arithmetic, and other common video and audio processing tasks for both single- and double-precision data. • Vector image processing (vImage). Optimized routines for convolutions, compositing, color correction, and other image-processing tasks, even for gigapixel images. • vForce. Designed to wring optimal efficiency from modern hardware by specifying multiple operands at once, allowing only default IEEE-754 exception handling. • Linear Algebra Package (LAPACK). Industry-standard APIs written on top of BLAS for solving common linear algebra problems. • Basic Linear Algebra Subprograms (BLAS) Levels I, II, and III. High-quality “building block” routines that perform basic vector and matrix operations using standard APIs. • vMathLib. A vectorized version of libm that provides transcendental operations, enabling you to perform standard math functions on many operands at once.32 Core Technologies Overview OS X Mountain Lion Automation AppleScript AppleScript is Apple’s native language for application automation, as used by the AppleScript Editor. Its English-like syntax generates Apple events, which use a scripting dictionary (provided by most Mac applications) to programmatically create, edit, or transform their documents. AppleScript and other Open Scripting Architecture (OSA) scripts can be activated by contextual menus, user interface elements, iCal events, and even folder actions, such as drag and drop. Automator Automator provides a graphical environment for assembling actions (typically built from AppleScript or shell scripts) into sophisticated workflows, which can be saved as either standalone applications or as custom services, print plugins, folder actions, iCal alarms, and Image Capture plugins. Apple events The Apple Event Bridge framework provides an elegant way for Cocoa applications (including bridged scripting languages) to generate Apple events based on an application’s dictionary, even generating appropriate header files if necessary. Services The Services menu lets you focus on only those actions relevant to your current selection, whether in the menu bar, the Finder action menu, or a contextual menu. Individual services can also be disabled and assigned shortcuts from the Keyboard pane in System Preferences. WebKit WebKit is an open source web browser engine developed by Apple. WebKit’s HTML and JavaScript code began as a branch of the KHTML and KJS libraries from KDE. WebKit is also the name of the OS X system framework version of the engine that’s used by Safari, Dashboard, Mail, and many other OS X applications Key features include: • Lightweight footprint • Great mobile support • Rich HTML5 functionality • Easy to embed in Cocoa and Cocoa touch applications • Available as open source at webkit.org33 Core Technologies Overview OS X Mountain Lion © 2012 Apple Inc. All rights reserved. Apple, the Apple logo, AirPlay, Airport, AirPort Extreme, Apple TV, AppleScript, Back to My Mac, Bonjour, Cocoa, iCloud, MacBook, MacBook Air, Mac Pro, OS X, Safari, Spotlight, Time Machine, and Xcode are trademarks of Apple Inc., registered in the U.S. and other countries. AirDrop and Open CL are trademarks of Apple Inc. App Store and iTunes Store are service marks of Apple Inc., registered in the U.S. and other countries. Intel, Intel Core, and Xeon are trademarks of Intel Corp. in the U.S. and other countries. UNIX® is a registered trademark of The Open Group. Other product and company names mentioned herein may be trademarks of their respective companies. June 2012 L516500A For More Information For more information about OS X Mountain Lion, visit www.apple.com/macosx. • Extensible Firmware Interface (EFI): See www.uefi.org • I/OKit: See Kernel Programming Guide: I/O Kit Overview • Partition Schemes: See Technical Note TN2166: Secrets of the GPT • Recovery Partitions: See OS X Lion: About Lion Recovery. • Full-Disk Encryption: See OA X Lion: About FileVault 2. • Backup: See Mac 101: Time Machine. • File System Events: See Spotlight Overview • Launchd: See the Daemons and Services Programming Guide • Grand Central Dispatch (GCD): See the Concurrency Programming Guide • Sandboxes: See Code Signing Guide • Gatekeeper: See Distributing Outside the Mac App Store • Bonjour: See Bonjour Overview. • XPC: See Daemons and Services Programming Guide: Creating XPC Services. • iCloud: See What’s New In OS X: iCloud Storage APIs • LLVM: See The LLVM Compiler Infrastructure Project • Xcode: See Xcode 4 User Guide • Instruments: See Instruments User Guide • WebKit: See WebKit Objective-C Programming Guide. For More Information OS X Server Product Overview June 2012Contents Page 4 OS X Server Page 6 Server App Simplified Setup Alerts Using Push Notifications Page 7 File Sharing Connection Monitoring File Sharing for Mac, PC, and iPad Standards-Based File Services Flexible File Permissions Spotlight Searching Page 9 Wiki Server Simplified Content Creation Optimized for iPad WebDAV Access Quick Look Page 11 Profile Manager Mobile Device Management Web-Based Administration Self-Service Portal Management Options Page 13 Time Machine Backups Server Backup Page 14 Mail Server Standards-Based SMTP, IMAP, and POP Server Push Notifications Safe and Secure Optimized for Mobile Clients Page 15 Contacts Server Sharing Contacts Standards-Based CardDAV Server Global Address Books Push Notifications OS X Server 2 Product OverviewOS X Server 3 Product Overview Page 17 Calendar Server Standards-Based CalDAV Server Email Invites Page 18 Messages Server Group Collaboration Made Easy Page 19 Websites Virtual Hosting, Including Multiple IP Addresses and Virtual Domains Encrypted Data Transport Using SSL Dynamic Web Content Page 20 VPN Server Standards-Based Protocols VPN On Demand Page 21 NetInstall Page 22 Software Update Server Automatically Download Updates and Cache Them Locally Page 23 Xsan Volume Management Metadata Controller Failover and File System Journaling Real-Time Monitoring, Graphs, and Event Notifications Page 24 Server Fundamentals High-Performance Networking Advanced Server Features Security and Access Controls Page 25 Tech Specs System Requirements Languages Pricing Additional ResourcesOS X Server Product Overview 4 OS X Server is available for $19.99 as an easy download from the Mac App Store. The new OS X Server brings more power to your business, home office, or school. OS X Server makes it easy for your Mac to share data with your iPhone, iPad, and iPod touch, schedule meetings, synchronize contacts, host your own websites, publish wikis, remotely access your network, and more. Following are the key features of OS X Server: File Sharing. Share documents, folders, and exchange files between multiple computers— Mac or PC. And with wireless file sharing for iPad, users can access, copy, and share documents on the server from within applications such as Keynote, Numbers, and Pages. Wiki Server. Improve group collaboration using wikis. Users can create new wikis, add content, formatting, tag, and cross-reference material, upload files and images, add comments, view revision history, and share documents. Profile Manager. Simplify deployment and management using configuration profiles for OS X computers and iOS devices. Time Machine Backups. Use your server as a Time Machine backup destination for all the Mac computers on your network. Mail Server. Standards-based mail services allow OS X Server to work with email clients on the iPhone, iPad, Mac, and PC. Push notifications ensure iPhone and iPad users are immediately notified when they receive new mail messages. Contacts Server. Be more productive by enabling contacts to be shared and kept in sync on your iPhone, iPad, and Mac. OS X ServerOS X Server 5 Product Overview Calendar Server. Easily share calendars, schedule meetings, and coordinate events within your organization. OS X Server provides real-time access to your calendar from your iPhone, iPad, Mac, or web browser. Messages Server. Transfer files securely, share a persistent chat room, conduct an audio conference, or even broadcast a presentation, movie, or photo slideshow to other people using Messages with OS X Mountain Lion. Web Server. Your complete, easy-to-use web hosting solution. You don’t need to be an experienced webmaster to set up websites and host them on OS X Server. VPN Server. Allow users to securely connect to your organization’s network services and confidential information while at home or away from the office. NetInstall. Save time by automating the deployment of software installation and upgrades across your network. Software Update Server. Automatically download Mac software updates and cache them locally. Xsan. Built into OS X, the Xsan file system allows any Mac with appropriate connectivity to access an Xsan volume. OS X Server includes the Xsan Admin application for hosting and configuring Xsan volumes.OS X Server 6 Product Overview The Server app is a powerful tool for managing OS X Server. In one place, it gives you control over managing users and groups and setting up key services such as file sharing, calendaring, messaging, mail, wikis, secure remote access, and backup settings for network clients. Simplified Setup Configuring OS X Server is almost as easy as configuring a desktop computer. Simply launch the Server app. An assistant walks you through the initial setup and helps verify network settings and define your administrator account. Next add users and groups and enable the network services you want to deliver to your organization. Alerts Using Push Notifications The Server app also makes it easy to maintain your server. In addition to email, OS X Server can send push notifications to alert you about new software updates, unresponsive volumes, hard drives that are getting full, and users that have exceeded their mail quota. Server App Designed for the future. Server App features full support for IPv6 services and addressing.OS X Server 7 Product Overview Whether you’re supporting a creative team, a distributed sales force, a class of students, or just about any small business or workgroup, you know your users need to share information to work effectively. OS X Server makes it as easy for users to share files between Mac computers, iPad devices, and PCs as if they were using the files locally. Connection Monitoring See who is accessing your server. File-sharing connection monitoring gives you the status of who is connected, how long they have been connected, and whether they are idle or not. In addition, you can send users notification messages and warn them if the server is going offline. File Sharing for Mac, PC, and iPad Share documents, folders, and exchange files between multiple computers—Mac or PC. And with wireless file sharing for iPad, users can access, copy, and share documents on the server from within applications such as Keynote, Numbers, and Pages. File Sharing Why use a server? Productivity is greatly enhanced when users store work in centralized folders rather than on individual computers. With centralized file storage, all users have access to the same up-to-the-minute file. Because a single version resides on the server, there won’t be any confusion about multiple versions of the same document. And users won’t need to worry about losing important data in the event of a system failure or a lost or stolen laptop. The file is always safe on the server.OS X Server 8 Product Overview Standards-Based File Services OS X Server makes it easy for you to set up central network storage that’s accessible to clients throughout your organization. Using native protocols, OS X Server delivers file services to all the clients on your network: AFP for Mac, SMB/CIFS for PC, NFS for UNIX and Linux, WebDAV for iPad, and FTP for Internet clients. These flexible, cross-platform file services enable groups to work more efficiently when sharing resources, archiving projects, and backing up important documents. Flexible File Permissions OS X Server supports both traditional UNIX file permissions and access control lists (ACLs), offering administrators an unprecedented level of control over file and folder permissions. With file system ACLs, any file object can be assigned multiple users and groups, including groups within groups. Each file object can also be assigned both allow and deny permissions, as well as a granular set of permissions for administrative control, read, write, and delete operations. Spotlight Searching Designed for workgroups with shared documents, projects, and files, the built-in Spotlight Server delivers lightning-fast search results for content stored on the server. Powerful search options such as Boolean logic, quoted phrase searching, category labels, and range support make it easy to locate content in a flash. Content indexing occurs on the server—automatically and transparently—keeping search results up-tothe-moment accurate. To safeguard your organization’s data, Spotlight searching works with access controls in OS X Server, so users see only the search results they have permission to view. This makes it easy for everyone in a group to store files in a single shared location while protecting confidential information from unauthorized access.OS X Server 9 Product Overview OS X Server makes it easy for groups to collaborate and communicate using wikis. With wikis, users can add content, formatting, tag, and cross-reference material, upload files and images, add comments, view revision history, and share documents. And because the wiki content is web based, it is easily accessible from your iPad, iPhone, Mac, or PC. Simplified Content Creation Editing a wiki is easy. An intuitive edit toolbar makes it easy for users to customize fonts, add text, tables, and charts, and attach files, including audio and video. No syntax, HTML, or markup required. You can even customize your wiki look and feel with your own icon, color scheme, banner, and background image. Wiki ServerOS X Server 10 Product Overview Optimized for iPad Wiki Server has an elegant, new touch-based design, giving iPad users faster, more powerful ways to create, edit, and share information. In Safari on iPad, wikis appear as tidy stacks—just tap to take a peek inside. Or tap to reveal recent activity, view change history, or add comments. WebDAV Access iPad users can now open and save attachments from a wiki directly within applications such as Keynote, Numbers, and Pages. Quick Look One of the most useful features of Wiki Server is Quick Look. By clicking the Quick Look icon next to a file attachment on a wiki, users can view the document without downloading it. Quick Look supports all standard file formats, including Word, Excel, PowerPoint, Pages, Numbers, Keynote, QuickTime, PDF, and text documents.OS X Server 11 Product Overview OS X Server is ideal for schools and businesses that need to simplify the deployment, configuration, and management of computers and devices in the organization. Mobile Device Management Profile Manager delivers configuration-based profile setup and Mobile Device Management (MDM) for Mac computers running OS X and iOS devices such as iPad, iPhone, and iPod touch. It simplifies creation of user accounts for mail, calendars, contacts, and chat, enforcement of restrictions and PIN and password policies, configuration of system settings, and more. Web-Based Administration Featuring a web-based administration console, Profile Manager enables management from web browsers such as Safari. Administrators can define profile settings for individual users, groups, devices, and groups of devices. For group-based management, Profile Manager easily integrates with directory services such as Open Directory, Active Directory, and LDAP. Profile ManagerOS X Server 12 Product Overview Self-Service Portal To simplify profile deployment, Profile Manager includes a web portal where users can download and install new configuration profiles for their Mac, iPad, iPhone, or iPod touch. Users can access this portal in Safari to manage their passcode, set the startup password for their Mac, or remotely lock and wipe devices that have been lost or stolen. Management Options Accounts • Email, calendar, contacts, and messages • Exchange • LDAP, CalDAV, and CardDAV • Subscribed calendars • VPN, Wi-Fi • 802.1x settings and digital certificates • Web clips • APN, SCEP, and proxy server iOS Policies and Restrictions • Passcode age, length, and complexity • Application launch restrictions • YouTube • iTunes Store • Safari • Camera • Voice calling • Encryption • Content ratings • iCloud • Siri • Photo Stream • Game Center OS X Policies and Restrictions • System Preferences • Media access restrictions • Gatekeeper • Directory services • Dock settings • Login window and items • Mobility • Software Update • Printers • Energy Saver • Parental controlsOS X Server 13 Product Overview OS X Server can act as a designated Time Machine backup for all the Mac computers on your network. Centralizing your backup storage helps protect valuable data, free up disk space on individual drives, and eliminate the need for separate backup drives. Server Backup OS X Server takes advantage of Time Machine to back up your server data—including shared files, calendars, mail, wikis, and so on—to another hard drive, letting you easily restore your server to an earlier configuration. Time Machine BackupsOS X Server 14 Product Overview OS X Server is the ideal solution for companies who need email access in the office or while on the go. With OS X Server, you can bring email in house and use your own domain name rather than rely upon your ISP to host your email. Standards-Based SMTP, IMAP, and POP Server Based entirely on open Internet standards, OS X Server provides mail services that work with email clients on the iPhone, iPad, Mac, and PC. Push Notifications With integration into Apple’s push notification service, OS X Server can immediately notify iPhone and iPad users when they receive new mail messages. Safe and Secure OS X Server uses security technologies to encrypt your confidential email communication. In addition, it features adaptive filtering and virus detection systems to protect your network from unwanted junk mail and destructive viruses. OS X Server analyzes the content of each mail message and trains itself to recognize—and filter out—marginal mail. It also scans both email messages and attachments for viruses and quarantines and deletes them before they can make their way into your organization. Optimized for Mobile Clients OS X Server improves speed and responsiveness when accessing mail from a mobile device. It features advanced IMAP protocol support that enables server-side document searching of text and attachments, attachment compression, and attachment forwarding without requiring a download. Mail ServerOS X Server 15 Product Overview Accessing an up-to-date list of contacts is critical to the operation of any business. OS X Server keeps your business and employees productive by enabling contacts to be shared and kept in sync on your iPhone, iPad, and Mac. Sharing Contacts With OS X Server, you can share and synchronize contacts—such as a list of customers, suppliers, or employees—with other users, devices, and computers in your organization. Contact information updated by one user is immediately available to everyone accessing the shared CardDAV account. Standards-Based CardDAV Server Contacts Server uses the CardDAV protocol standard supported in iOS and OS X for exchange of contact data. Users manage their contacts directly within Contacts on their iPhone, iPad, or Mac. The information is then stored on OS X Server, allowing users immediate access to the new and modified contacts within applications such as Mail, Messages, and FaceTime. Contacts ServerOS X Server 16 Product Overview Global Address Books Contacts Server delivers real-time search results from individually managed contacts in addition to contacts stored in your company’s existing LDAP directory. Push Notifications With integration into Apple’s push notification service, OS X Server can immediately notify users when contacts are added or modified.OS X Server 17 Product Overview OS X Server makes it easy to share calendars, schedule meetings, and coordinate events within your organization. OS X Server provides real-time access to your calendar from your iPhone, iPad, Mac, or web browser. You and your colleagues can propose meetings, book conference rooms, reserve resources, and add comments quickly and easily. You can even attach files—such as agendas, to-do lists, presentations, and movies—to the invitation. Standards-Based CalDAV Server Calendar Server uses the industry-standard CalDAV protocol for calendar scheduling and sharing. Users access their calendar information directly within the Calendar application on their iPhone, iPad, or web browser. Email Invites Need to invite someone who is not in your organization? No problem. Just add their email address to the meeting proposal and OS X Server sends them an email invitation, then shares their response with the rest of the meeting attendees. Calendar Server Push notifications Calendar Server is integrated with Apple’s push notification services, so you and your colleagues find out immediately when there’s a new meeting invitation or a change to an upcoming event.OS X Server 18 Product Overview Bring the power of collaborative instant messaging to your organization. With Messages Server, users can transfer files securely, share a persistent chat room, conduct an audio conference, or even broadcast a presentation, movie, or photo slideshow to other people using Messages with Mountain Lion. Group Collaboration Made Easy Messages Server works with OS X to automatically populate users’ buddy lists with members of the groups to which they belong, so it’s easy for them to start communicating. And thanks to store-and-forward functionality, Messages Server allows users to send messages to buddies who are online, combining the advantages of instant messaging and email. Messages users can request Messages Server to create and host a persistent chat room. Perfect for virtual-team scenarios, project-specific discussions, and real-time, blow-by-blow updates, the chat room allows individuals to join at any time, leave when they need to—even log out and shut down—and still come back to review all communications from the time the chat room opened. Messages Server Standards based Messages Server uses the Jabber instant messaging protocol. Also known as XMPP, the Jabber protocol enables support for Mac computers using Messages, as well as for other Jabber clients on iPhone, iPad, and PCs.OS X Server 19 Product Overview You don’t need to be an experienced webmaster to set up websites and host them on OS X Server. Web Server is preconfigured with default settings, so deployment is as simple as turning it on. Any HTML content saved to the server’s default web folder will be served over the Internet automatically. Virtual Hosting, Including Multiple IP Addresses and Virtual Domains OS X Server takes the complexity out of configuring, hosting, and managing websites. You can configure individual security options, index files, and access controls, and you can host dynamic web applications on a per-site basis. Encrypted Data Transport Using SSL OS X Server features integrated support for strong encryption and authentication using digital SSL certificates. Dynamic Web Content OS X Server is extremely flexible, so you can add dynamic content for more interactive websites and applications. Web Server supports dynamic content generated by Server Side Includes, PHP, Apache modules, and CGIs. OS X Server even makes it easy to install third-party web apps such as Mailman, Roundcube, Moodle, WordPress, Druple, and others. WebsitesOS X Server 20 Product Overview OS X Server allows users to securely connect to your organization’s network services and confidential information while at home or away from the office. Virtual private network (VPN) access enables your offsite users to securely access network services while preventing access by unauthorized individuals. Standards-Based Protocols OS X Server supports the standards-based L2TP/IPSec and PPTP tunneling protocols to provide encrypted VPN connections for iPad, iPhone, Mac, and PCs. These VPN services use highly secure authentication methods, including MS-CHAP and network-layer IPSec. VPN On Demand When using Profile Manager, administrators can now define VPN on-demand profiles to provide seamless, secure access to your organization’s network. VPN on demand allows your Mac to establish a secure connection to the VPN server without requiring the user to bring up the connection manually. VPN ServerOS X Server 21 Product Overview Designed for administrators who manage operating system installations and software updates for their organizations, NetInstall performs automated software installations, whether it’s a new version of the operating system, a specific suite of applications for a workgroup, or both. NetInstall saves time and eliminates the expense of distributing software on disk and the need for administrators to configure each system in person. NetInstallOS X Server 22 Product Overview By deploying Software Update Server, administrators can control how and when client computers download software, enabling access to approved software updates only. This prevents users from selecting software that’s unsuitable for the organization. At the same time, a local software update server streamlines network use, saving the cost of multiple downloads of the same update and reducing unnecessary bandwidth consumption. Automatically Download Updates and Cache Them Locally Software Update Server acts as a proxy for software updates for OS X. This caching server allows administrators to control when and how software updates become available for users’ systems. Software Update Server is capable of automatically mirroring updates between the Apple software update server and your local server to guarantee that the most current updates are immediately available. Software Update ServerOS X Server 23 Product Overview Xsan is a 64-bit cluster file system specifically designed for small and large computing environments that demand the highest level of data availability. This specialized technology enables multiple Mac computers to share RAID storage volumes over a high-speed Fibre Channel network. Each client can read and write directly to the centralized file system, accelerating user productivity while improving workgroup collaboration. Because everyone can work with the same files on the network, Xsan dramatically improves the efficiency of post-production and other data-intensive workflows. The Xsan file system is built into OS X, allowing any Mac with appropriate connectivity to access an Xsan volume. OS X Server includes the Xsan Admin application for hosting and configuring Xsan volumes. Volume Management Xsan allows you to create storage pools made of identical sets of LUNs and stripe them together for fastest-possible performance. Different pools offering special storage characteristics can be combined into volumes; data placement settings, or affinities, enable you to direct data to specific volumes depending on performance and protection requirements. Metadata Controller Failover and File System Journaling Xsan has a high-availability design that allows users to access mission-critical data even in the event of a system or Fibre Channel network failure. Metadata controller failover protects storage availability from server hardware failure. File system journaling tracks modifications to metadata, enabling quick recovery of the file system in case of unexpected interruptions in service. And Fibre Channel multipathing allows file system clients to automatically use an alternate data path should a failure occur. Real-Time Monitoring, Graphs, and Event Notifications For day-to-day SAN management, OS X Server includes the Xsan Admin application. Xsan Admin makes it easy to manage and monitor your SAN and to receive notifications about impending issues. XsanOS X Server 24 Product Overview OS X Server takes advantage of the UNIX-compliant foundation of OS X. This rock-solid core provides the stability, performance, and security that organizations require—and full UNIX conformance ensures compatibility with existing server and application software. High-Performance Networking Incorporating the latest industry-standard networking and security protocols, OS X uses the time-tested BSD sockets and TCP/IP stack to provide compatibility and integration with IP-based networks. A fully multithreaded IP stack and advanced process- and thread-scheduling algorithms enable OS X to efficiently service requests—even when hundreds of users are simultaneously connected to the server. From the lowest levels of the kernel to everyday applications, performance gains are especially noticeable on the latest Intel multicore systems. Advanced Server Features OS X features an industrial-strength design required for business-critical server deployments. “Headless” operation allows administrators to install and configure services without needing to connect a display to the server. Powerful remote administration tools permit secure service management from anywhere on the network or over the Internet, and support for SSH provides secure access from the UNIX command line. To keep critical services up and running, OS X has built-in tools for monitoring systems, preventing accidental shutdown, and recovering services quickly in case of network or power failure. Security and Access Controls OS X is designed to be secure right out of the box—no security expertise is required. Included are features that keep your systems secure such as advanced security architectures, a built-in firewall, and strong encryption and authentication technologies. Server FundamentalsOS X Server 25 Product Overview System Requirements • Mac computer running OS X Mountain Lion • 10GB of available space • Some features require an Apple ID; terms apply. • Some features require a compatible Internet service provider; fees may apply. Languages English, Chinese, Dutch, French, German, Italian, Japanese, Korean, Spanish Pricing Anyone can quickly and easily turn a Mac running Mountain Lion into a server that’s perfect for home offices, businesses, schools, and hobbyists alike. OS X Server is an application you can add to Mountain Lion right from the Mac App Store for $19.99. Additional Resources • Documentation: http://www.apple.com/osx/server/documentation/ • Training and certification: http://training.apple.com • Product support: http://www.apple.com/support/ Tech Specs © 2012 Apple Inc. All rights reserved. Apple, the Apple logo, FaceTime, iPad, iPhone, iPod touch, Keynote, Mac, Numbers, OS X, Pages, QuickTime, Safari, Siri, Spotlight, Time Machine, and Xsan are trademarks of Apple Inc., registered in the U.S. and other countries. iCloud and iTunes Store are service marks of Apple Inc., registered in the U.S. and other countries. Intel, Intel Core, and Xeon are trademarks of Intel Corp. in the U.S. and other countries. IOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license. UNIX® is a registered trademark of The Open Group. Other product and company names mentioned herein may be trademarks of their respective companies. June 2012 L516499A Apple Server Diagnostics User Guide For Version 3X109KApple Inc. © 2011 Apple Inc. All rights reserved. Under the copyright laws, this manual may not be copied, in whole or in part, without the written consent of Apple. The Apple logo is a trademark of Apple, Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Every effort has been made to ensure that the information in this manual is accurate. Apple is not responsible for printing or clerical errors. Apple 1 Infinite Loop Cupertino, CA 95014 408-996-1010 www.apple.com Apple, the Apple logo, FireWire, Mac, Macintosh, the Mac logo, and Mac OS are trademarks of Apple Inc., registered in the U.S. and other countries. Finder and the FireWire logo are trademarks of Apple Inc. Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products. Simultaneously published in the United States and Canada. 019-2146/2011-075 Chapter 1: Overview and Requirements 5 Overview of Server Diagnostics configurations 6 Requirements 7 Chapter 2: Installation 7 Install Server Diagnostics EFI 8 Install Server Diagnostics Mac OS X 9 Set up a NetBoot server 10 Chapter 3: Use Server Diagnostics 10 Change the startup disk 11 About Server Diagnostics modes 11 Remotely test a client server 13 Test the local server using Server Diagnostics EFI 13 Test the local server using Server Diagnostics Mac OS X 14 Use Server Diagnostics EFI 14 Use Server Diagnostics Mac OS X 3 Contents 5 Apple Server Diagnostics tests your server for hardware issues. You can run Apple Server Diagnostics in Extensible Firmware Interface (EFI), which is referred to as Server Diagnostics EFI, or in Mac OS X, which is referred to as Server Diagnostics Mac OS X. Run Server Diagnostics EFI to diagnose hardware issues that prevent Mac OS X from successfully starting up. Run Server Diagnostics Mac OS X to remotely diagnose hardware issues or to diagnose issues that are not tested in Server Diagnostics EFI. Overview of Server Diagnostics configurations You can install and run Server Diagnostics in the following ways: Method Do this because Use the preinstalled Server Diagnostics EFI No installation is necessary. Install Server Diagnostics EFI or Server Diagnostics Mac OS X on a portable storage device You can use the same portable storage device to test multiple servers. Install Server Diagnostics EFI or Server Diagnostics Mac OS X on the hard disk You don’t need a portable storage. Host a NetBoot server You can use a single Server Diagnostics EFI install image to test multiple servers. 1 Overview and RequirementsRequirements Before you can run Server Diagnostics, you must meet installation, local, and remote requirements. Installation requirements To install Server Diagnostics, you need the following:  You need a Mac Pro or Mac mini server with Mac OS X v10.7 or later installed.  If you’re installing onto a portable storage device, you need a USB 2.0 flash drive, or a USB 2.0 or FireWire hard drive.  If you’re installing Server Diagnostics EFI, you need an empty volume with 100 MB of available space but doesn’t have Mac OS X installed.  If you’re installing Server Diagnostics Mac OS X, you need an empty volume with 10 GB, which will be used for a dedicated Mac OS X installation. Local and remote requirements To run Server Diagnostics remotely, you need:  A computer with Mac OS X v10.6 or later installed. This computer is referred to as the host computer.  A server with Mac OS X v10.7 or later installed. This server is referred to as the client server.  A network connection with DHCP active from the host computer to the client server.  If the client server runs Server Diagnostics EFI and uses a network connection, the network connection must use a built-in Ethernet port, not an Ethernet adapter card.  The client server must have Server Diagnostics installed on an internal volume or on a connected portable storage device, or it must be able to run Server Diagnostics from a NetBoot server.  The host computer must run Server Diagnostics Mac OS X. The client server can run Server Diagnostics EFI or Server Diagnostics Mac OS X.  If the client server is running Server Diagnostics Mac OS X, you must be able to log in to the root account. The root account gives a system administrator complete access to the server. NetBoot server requirements To host Server Diagnostics EFI on a NetBoot server, your NetBoot server must:  Have Mac OS X v10.7 with server components installed.  Be on the same subnet as the server being tested.  Have 100 MB of hard disk space available for a Server Diagnostics NetBoot image. 6 Chapter 1 Overview and Requirements 7 Before you can run Server Diagnostics, you must set up your testing environment and install Server Diagnostics. Make sure you meet Server Diagnostics requirements before attempting setup and installation. For information, see “Requirements” on page 6. Server Diagnostics EFI is preinstalled on the server. The instructions in this chapter show you how to install Server Diagnostics in a different location or set up a NetBoot server. Install Server Diagnostics EFI If you perform this task to install Server Diagnostics EFI on an internal volume on the server, you need administrator access to the server. If you perform this task to install Server Diagnostics EFI on a portable storage device, you can use any computer that you have administrator access to. To install Server Diagnostics EFI: 1 Use Disk Utility to set up an empty volume with a partition map scheme of GUID Partition Table, that has at least 100 MB, and that is formatted as MS-DOS (FAT). For information about using Disk Utility, see Disk Utility Help. 2 On the server, open AppleServerDiagnosticsEFI.pkg. 3 Follow the onscreen instructions and, at the Select Destination step, choose a volume that has at least 100 MB of available space and doesn’t have Mac OS X installed. 4 If you’re asked to authenticate, authenticate as a user with administrator privileges. 2 InstallationInstall Server Diagnostics Mac OS X If you perform this task to install Server Diagnostics Mac OS X on an internal volume, you need administrator access to the server. If you perform this task to install Server Diagnostics Mac OS X on a portable storage device, you can use any computer you have administrator access to. Installing Server Diagnostics Mac OS X involves three steps:  Install Mac OS X.  Copy Server Diagnostics Mac OS X to /Applications/.  Configure Mac OS X. To install Server Diagnostics Mac OS X: 1 Use Disk Utility to set up an empty volume with a partition map scheme of GUID Partition Table and at least 10 GB. For information about using Disk Utility, see Disk Utility Help. 2 Install Mac OS X on the empty volume. 3 Enable the root user. For information about enabling the root user, see “Enabling and using the root user in Mac OS X” at support.apple.com/kb/ht1528. 4 Log in using the root user name and the password of the user you created in the setup assistant. You must set up and run Server Diagnostics Mac OS X as root. Otherwise, you can’t test the server you’ve installed Server Diagnostics Mac OS X on. 5 Copy the AppleServerDiagnostics.app file to the /Applications/ folder on the server. 6 If you’re setting up a client server, open a Finder window, select the /Applications/ folder, choose New Folder from the Action (gear) pop-up menu, and name the folder AppleServerDiagnosticsClient. Client servers are remotely controlled by host computers. 7 Open System Preferences (located in /Applications/) and change the following options in System Preferences panes. 8 Chapter 2 InstallationChapter 2 Installation 9 System Preferences pane Recommended configuration Users & Groups Select the System Administrator account and click Login Items. Click Add (+), select AppleServerDiagnostics.app (typically located in /Applications/), and click Add. CDs & DVDs In all pop-up menus, choose Ignore. Desktop & Screen Saver In the Screen Saver pane, drag the “Start screen saver” slider to Never. Energy Saver In the Sleep pane, drag both sliders to Never and deselect “Put hard disk(s) to sleep when possible.” Mission Control In all pop-up menus, choose “–.” Software Update In the Scheduled Check pane, deselect “Check for updates.” If you can’t change settings in System Preferences, click the lock button and authenticate. Set up a NetBoot server To host Server Diagnostics EFI on a NetBoot server, your NetBoot server must:  Have Mac OS X v10.7 with server components installed.  Be on the same subnet as the server being tested.  Have 100 MB of hard disk space available for a Server Diagnostics NetBoot image. To use the Server Diagnostics NetBoot image: 1 On the server that hosts NetBoot, open AppleServerDiagnosticsNetBoot.pkg and follow the onscreen instructions to install the Server Diagnostics NetBoot image. 2 Configure the NetBoot service to serve the image and start the service. For information about configuring and starting NetBoot, see Server Admin Help.10 This chapter describes how to start up and use Server Diagnostics. Before you start up Server Diagnostics, make sure everything is properly installed and configured. For information, see Chapter 2,“Installation.” Change the startup disk Server Diagnostics is usually installed on a dedicated volume to minimize the risk of server processes interrupting the tests. Because of this, you must change the startup disk to the volume with Server Diagnostics installed before you can use the tools. To start up Server Diagnostics, set the startup volume of the server to the volume or disk image containing Server Diagnostics. You can change the startup disk in the Startup Disk pane of System Preferences. For information about how to change the startup disk in System Preferences, see System Preferences Help. You can also temporarily change the startup disk by holding down a key while starting up the server: Goal Hold down this key at server startup Choose the Server Diagnostics volume before starting up Mac OS X Option Start up the preinstalled Server Diagnostics EFI D Start up using a Server Diagnostics EFI disk image from the Internet Command and D Start up using the Server Diagnostics EFI disk image from a NetBoot server F1 If a firmware password is enabled and you try to temporarily change the startup volume by holding down the Option key at startup, you must authenticate. 3 Use Server DiagnosticsChapter 3 Use Server Diagnostics 11 The Startup Disk pane of System Preferences can start up Server Diagnostics Mac OS X, but not Server Diagnostics EFI. You can press the Option key at startup to start up Server Diagnostics Mac OS X or Server Diagnostics EFI. The server becomes unavailable when you use Server Diagnostics. Before starting tests, alert users that the server will be unavailable. About Server Diagnostics modes Server Diagnostics can start up in any of three modes: Mode Description Automatically enters mode if Host The computer searches for servers that are on the same subnet and start Server Diagnostics in remote mode. When one is found, the host computer controls Server Diagnostics on the client server. You run Server Diagnostics Mac OS X and you’re not logged in as root. Client The server can be controlled by a host computer. You’re running Server Diagnostics EFI and a host computer is on the same subnet or is directly connected. Local The server runs all tests locally. You’re running Server Diagnostics EFI, a host computer isn’t on the same subnet, and it isn’t directly connected. If you’re logged in as root on the server and you run Server Diagnostics Mac OS X, you can choose which mode to enter. Remotely test a client server To test a client server, start up Server Diagnostics on the host computer, set it to connect to the client server, start up the Server Diagnostics on the client server, and then set the client server to be a client of the host computer. The host computer must run Server Diagnostics Mac OS X. The client server can run Server Diagnostics Mac OS X or Server Diagnostics EFI. The available tests are based on which Server Diagnostics the client server is running. When you start up Server Diagnostics EFI, the server looks for a host computer. If it finds a host computer, the server enters client mode. If it doesn’t find a host computer, the server enters local mode.When you start up Server Diagnostics Mac OS X, the server automatically becomes a host computer if you logged in to Mac OS X with an account that isn’t root. If Server Diagnostics Mac OS X doesn’t automatically become a host computer, it asks if it should connect to a client server, be a client of a host computer, or run tests locally. To remotely test a client server: 1 On the host computer, open Server Diagnostics Mac OS X (typically located in /Applications/). 2 Choose from the following:  If you’re logged in as root, when Server Diagnostics Mac OS X opens, a dialog asks you to choose which mode to enter. Choose “Connect to remote server” and click OK.  If you’re not logged in as root, the dialog doesn’t appear, and Server Diagnostics Mac OS X automatically enters host mode. 3 On the client server, change the startup disk to a volume with Server Diagnostics and restart it. You can also temporarily change the startup disk to be a volume with Server Diagnostics on it or to a Server Diagnostics NetBoot disk image when you start up the server. For information about how to change or temporarily change the startup volume, see “Change the startup disk” on page 10. 4 If you’re starting up Server Diagnostics Mac OS X, log in as root. 5 If Server Diagnostics Mac OS X doesn’t open automatically, open the Apple Server Diagnostics application (typically located in /Applications/), choose “Client of a remote host,” and then click OK. If you’re starting up Server Diagnostics EFI, the server enters client mode. 6 Verify that the host computer and client server have established a successful connection by reviewing the following:  The IP address field in the Server Diagnostics window on the host computer should match the IP address assigned to the client server.  The name of the Server Diagnostics window on the host computer is “Apple Server Diagnostics remote log,” not “Apple Server Diagnostics local log.”  The log area of the client server uses more of the Server Diagnostics window. Shut Down, Restart, and a few other buttons are removed. 12 Chapter 3 Use Server DiagnosticsChapter 3 Use Server Diagnostics 13 Test the local server using Server Diagnostics EFI To test the local server, make sure none of the computers on the same subnet as the server running Server Diagnostics Mac OS X is in host mode. If a computer on the same subnet is running Server Diagnostics Mac OS X tools in host mode, the server enters client mode. To test the local server using Server Diagnostics EFI: m Restart the server and hold down the Option or F1 key to start up the volume or NetBoot disk image with Server Diagnostics EFI. For information about how to temporarily change the startup volume while starting the computer, see “Change the startup disk” on page 10. If Server Diagnostics EFI starts up and doesn’t find a host computer, it enters local mode. Test the local server using Server Diagnostics Mac OS X To test the local server, you must log in as root. If you don’t log in as root, Server Diagnostics Mac OS X enters host mode. To test the local server using Server Diagnostics Mac OS X: 1 Change the startup disk of the server to a volume with Server Diagnostics Mac OS X, restart it, and log in as root. 2 If Server Diagnostics Mac OS X doesn’t open, open it (typically located in /Applications/). 3 When Server Diagnostics Mac OS X opens, choose “Local” from the dialog that appears and click OK.Use Server Diagnostics EFI When Server Diagnostics EFI loads, the following screen appears: 3. Click to start testing. 2. Set test options. 1. Select tests to run. 4. View test results. Use Server Diagnostics Mac OS X When Server Diagnostics Mac OS X loads, the following screen appears: 3. Click to start testing. 2. Set test options. 1. Select tests to run. 4. View test results. 14 Chapter 3 Use Server Diagnostics PackageMaker User GuideContents Introduction to PackageMaker User Guide 4 Organization of This Document 4 See Also 5 Packaging Overview 6 Packaging Workflow 9 Create a PackageMaker Project 10 Identify the Product Components 10 Configure Component Packages 11 Component Package Configuration Pane 11 Component Package Contents Pane 13 Component Package Components Pane 14 Component Package Scripts Pane 15 Configure the Product Package 16 Product Package Configuration Pane 16 Product Package Requirements Pane 17 Product Package Actions Pane 18 Configure the Product Package Install Choices 18 Build the Product Package 20 Glossary 22 Document Revision History 24 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 2Figures and Tables Packaging Overview 6 Figure 1-1 The packaging process 7 Packaging Workflow 9 Figure 2-1 PackageMaker project window 9 Figure 2-2 Install Properties dialog 10 Figure 2-3 Component Package Configuration pane 11 Figure 2-4 Component Package Contents pane 13 Figure 2-5 Component Package Components pane 14 Figure 2-6 Component Package Scripts pane 15 Figure 2-7 Product Package Configuration pane 16 Figure 2-8 Product Package Requirements pane 17 Figure 2-9 Product Package Actions pane 18 Figure 2-10 Choice Configuration pane 19 Figure 2-11 Choice requirement editor 20 Table 2-1 Product package installation requirement examples 17 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 3Software packaging is the process used to put a software product into an installation package so that it can be installed by the users of the product on their computers. To package a product you use the PackageMaker application, which is part of the Xcode developer software suite. This document shows how to use PackageMaker to create installation packages. People who take finished product files and create installation packages for them are known as packagers. With PackageMaker, packagers accomplish these objectives: ● Enclose a software product in a transport-agnostic container for delivery to users ● Define the user install experience ● Specify how product files are placed on the user’s file system Software requirements: This document focuses on PackageMaker 3.0, introduced in Xcode 3.0. Most of the descriptions in this document do not apply to earlier releases of PackageMaker. You should read this document if you have a software product that you want to deliver to its users in a way that allows you to define certain aspects of the user install experience and details about how the product files are to be placed on the user’s file system. To get the most out of this document, you should be familiar with Software Delivery Guide , which describes the software delivery model used in OS X. Organization of This Document This document contains the following chapters: ● “Packaging Overview” (page 6). Describes briefly the packaging process in the context of the OS X software delivery model. ● “Packaging Workflow” (page 9). Explains the workflow you should follow when creating installation packages. This document also contains a glossary and a revision history. 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 4 Introduction to PackageMaker User GuideSee Also ● Software Delivery Guide . Explains how to deliver and installsoftware using the PackageMaker and Installer applications. Provides a larger picture of the OS X software-delivery model and more detailed information about the installation process. ● File System Overview. Conceptual information and guidelines describing the structure and usage of the OS X file system. Containsinformation about the OS X file system domains and the recommended locations for software components according to their type. Introduction to PackageMaker User Guide See Also 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 5Packaging is one of the processes that make up the OS X software-delivery model. An installation package is a file package that contains product files (the payload), instructions on how to add them to an OS X–based system, and information used to create an appropriate install experience for the user. When users open your installation package, the Installer application guides them through the installation process, which ensures that their computer meets the installation requirements defined in the package before placing the payload on the user’s file system, among other tasks. The preferred software delivery mechanism for a self-contained application is the manual install, where users drag the product from its container, a disk image, onto their file system. The installation package–based mechanism is the preferred method for delivering a multicomponent product that isn't self-contained in a bundle. A managed install, which is steered by the Installer application after the user opens an installation package, can take advantage of advanced features such as better package management through the Installer package database, downloadable packages, and certificate-based signing. OS X leverages these features to provide users an improved install experience. There are two types of installation packages: product packages and component packages. Product packages contain the payload for an entire product, either as a single component or distributed among several component packages. Component packages enclose a single component of a product and are generally contained within product packages. In addition, product packages can refer to external component packages through package references. 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 6 Packaging OverviewPackageMaker is the application you use to create installation packages. Figure 1-1 shows the packaging process within the software development-packaging-delivery-installation workflow. The rest of this document focuses on the packaging process. Figure 1-1 The packaging process Installation Delivery Packaging Menu • Option 1 • Option 2 • Option 3 Development To package a product: 1. Identify and collect the product’s components 2. Create a PackageMaker project 3. Add the product’s components to the project 4. Configure component packages Packaging Overview 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 75. Configure the product package 6. Define install options (in multicomponent products) 7. Build and test the product package “Packaging Workflow” (page 9) describes the packaging workflow in detail. Packaging Overview 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 8PackageMaker is used to create installation packages. Download the DeveloperUtilities app from http://developer.apple.com/downloads. Figure 2-1 shows the PackageMaker project window. The list following the figure describes the items identified in it. Figure 2-1 PackageMaker project window Product package Install option Component Action Add contents Product-package editor ● The left side of the window contains the package list. The first item in the list represents the product package the project generates. The items in the Contents pane represent component packages and, in product packages with more than one component package, install choices (the items with a blue dot next to them). ● The right side of the project window contains an editor for the item selected in the package list. Figure 2-1 shows the product-package editor. ● The plus sign (+) icon at the bottom-left corner of the window is the Add Contents button. 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 9 Packaging Workflow● The gear icon is the Action pop-up menu (also known as the shortcut menu). Its contents correspond to possible actions on the selected item. The following sections depict the workflow you should follow when creating installation packages. Create a PackageMaker Project A PackageMaker project is where you identify a product to be packaged and define the install experience for the users of the product. To create a PackageMaker project, choose: PackageMaker menu bar: File > New. PackageMaker displays the Install Properties dialog, shown in Figure 2-2. Figure 2-2 Install Properties dialog In this dialog you specify the following package properties: ● Provider Identifier (Organization): Identifies the entity responsible for the package’s contents. PackageMaker uses the provider identifier to generate default package identifiers for the contained component packages. See “Component Package Configuration Pane” (page 11). ● Target OS (Minimum Target): The earliest OS X release on which you intend the package to be installed. Identify the Product Components To define the package’s payload, locate the product components to be included in the package and add them to the Contents pane in the project window. You can add components by dragging them from a Finder window or by choosing: Packaging Workflow Create a PackageMaker Project 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 10PackageMaker menu bar: Project > Add Contents. After adding a second component to a project, PackageMaker creates an install choice for each component you add to the project, unless you add it directly to an existing install choice. Configure Component Packages You configure a component package in the component package editor, which contains four panes: Configuration, Contents, Components, and Scripts. They are described in the following sections. Component Package Configuration Pane The Component Package Configuration pane (shown in Figure 2-3) is where you specify essential information about the component package and its install experience. The list following the figure describes the items it specifies. Figure 2-3 Component Package Configuration pane ● Component source (Install): Pathname to the component’s root directory. This is the location of the component’s files on your file system. These files make up the component package’s payload. ● Destination (To): Location in the target computer’s file system where the component is to be placed. ● Customdestination consent(Allow customlocation): Specifies whether the user installing the component package can specify a different destination. Packaging Workflow Configure Component Packages 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 11● Package identifier: String, in the form of a universal type identifier (UTI), that identifies the component package. For example, com.apple.iSpend.pkg. Install effect: The Installer application uses the package identifier to identify the component package in the Installer package database. ● Package version number: Positive integer that specifies the iteration of the component package. (This version number is not related to any versioning information specified in the payload.) Install effect: The Installer application uses the package version number, together with the package identifier, to determine whether to install the contained component as a new item in the target computer or to upgrade an existing copy of the component. ● Finalization action (Post-install): Action to require the user perform after the installation process is complete. The available actions are log-out, restart, and shutdown. Install effect: After the installation processisfinished, the Installer application displays a dialog indicating the action to be performed. When the user clicks the dialog’s default button, Installer carries out the action. ● Administrator-authentication requirement (Require admin authorization): Specifies whether the user must authenticate as an administrator of the computer before performing the install. This is needed when the user can install a product in one of the privileged file-system domains, such as the local domain (for example, /Applications). You don’t need to select this option when the user can install your package only on their home directory (see “Product Package Configuration Pane” (page 16) for more information). Install effect: The Installer application displays the OS X Authentication dialog. If the user who authenticatesis not an administrator of the computer, the installation process does not proceed. Packaging Workflow Configure Component Packages 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 12Component Package Contents Pane The Component Package Contents pane (shown in Figure 2-4) is where you specify the ownership and access permissions of each of the files that make up the component. Figure 2-4 Component Package Contents pane Ownership and access permissions: The files that the Installer application places on the target computer have the same ownership and access permissions as the payload’s files. Therefore, you must set up the owner and access permissions of component files appropriately before building the installation package; otherwise, users may have difficulty manipulating those files after they are installed or Installer may be unable to copy payloads to their destinations. In most cases, the owner should be root and the group admin. Also, PackageMaker can set the owner, group, and access permissions of the component files to those that work best in OS X, according to the component type. Packaging Workflow Configure Component Packages 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 13Component Package Components Pane The Component Package Components pane (shown in Figure 2-5)specifies whetherthe componentisrelocatable or downgradable. Figure 2-5 Component Package Components pane A relocatable component is one that may be moved by the user after it’sinstalled. For example, after installing an application into /Applications, a user with administrator privileges may move it to /Volumes/Family/Applications. When the user installs a relocatable component a second time on the same computer, the Installer application searches for the component’s existing files in additional locations in the file system, not just the location at which the component was installed, according to the Installer package database). In this pane you also specify whether a component can be downgraded. A downgradable component is one that can be replaced with an earlier version during an install. When the user reinstalls a earlier version of an existing downgradable component, Installer replaces component files that exist in both the payload and the target computer with the ones in the payload and deletes files that are not present in the payload. Packaging Workflow Configure Component Packages 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 14Important: A component’s downgradability is specified by the installation package that may downgrade the component, not by the installation package from which the component was installed. And none of this information is kept in the component itself. That is, if an early release of an installation package specifies one of its components as downgradable but a later release deemsthe same component as not downgradable, after the user installs the later package, they can still downgrade the component using the earlier package. Component Package Scripts Pane The Component Package Scripts pane (shown in Figure 2-6)specifiesinstall operations—which are implemented as executable files—to perform before (preinstall) or after (postinstall) the component is installed. Figure 2-6 Component Package Scripts pane Install effect: The Installer application executesthe specified install operation either at the beginning of the install or at the end of the install. But Installer also warns users that it’s about to execute unsecured code when they open the installation package. Note: Consider defining preinstall and postinstall actions on the product package (see “Product Package Actions Pane” (page 18)) instead of preinstall and postinstall operations in component packages. The latter are inherently less secure and cause the warning described earlier. Important: In OS X v10.5 clients, the only install operations available are preinstall and postinstall. For detailed information about install operations, see Software Delivery Guide . Packaging Workflow Configure Component Packages 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 15Configure the Product Package When you select the product package in the package list, the product package editor appears on the right side of the project window. In this editor you define the product’s packaging details and some installation information. The following sections describe the panes in the product-package editor. Product Package Configuration Pane The Product Package Configuration pane (shown in Figure 2-7) is where you enter information about the product package, such as its title and description. You can also add other product description files, such as the Welcome, Read Me, License, and Conclusion files (see Software Delivery Guide for details). Figure 2-7 Product Package Configuration pane This pane also lets you specify which type of install the user can perform on the product package: easy, custom, or both. In addition, you can specify the locations into which the user can install the product: any volume, the system volume, or the user’s home directory. Packaging Workflow Configure the Product Package 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 16Product Package Requirements Pane A package requirement is a test the Installer application performs at the beginning of the installation process. These requirements may be optional. Any unmet, non-optional package requirement prevents the installation process from continuing. Figure 2-8 shows the Product Package Requirements pane, where you specify these requirements. In this case, the package has two requirements, one required and one optional. Their definition and install effects are described in Table 2-1. Figure 2-8 Product Package Requirements pane Table 2-1 Product package installation requirement examples Description Required Pass if Install effect Preventsinstall unless destination volume has at least 2MB of free space. Disk space on target volume Yes true is at least 2MB Displays a warning when the computer has less than 512MB of RAM. Computer RAM is less than No false 512MB Packaging Workflow Configure the Product Package 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 17Product Package Actions Pane You may want to tell the Installer application to perform a particular action before or after the product package is installed. Installation actions let you specify such tasks. For example, you can instruct Installer to show the installed payload in a Finder window, as shown in Figure 2-9. Figure 2-9 Product Package Actions pane This postinstall action opens a Finder window displaying one of the installed product’s components. Configure the Product Package Install Choices When your product contains multiple components, it may be appropriate to let the user decide which components to install. For example, a particular user of your product may not want to install a documentation or example component. In this case, the user should be able to remove unwanted components from the install process. PackageMaker and the Installer application allow you to define install choices to accomplish such outcome. Install choices allow users of your product package to customize the install by selecting the components to be installed (unselected components are not installed). For example, if your product includes an application and a user guide as separate components, you may allow the user not to install the user guide by having the application and the user guide under separate choices. In the install customization pane (the Custom Install pane in the Installer application), the user selects the components to be installed. Packaging Workflow Configure the Product Package Install Choices 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 18Note: Install choices are not a mechanism by which installed components can be removed from a computer. You configure an install choice by selecting it in the Contents pane in the project window and setting values for its properties in the choice editor, which contains two panes: Configuration and Requirements. Figure 2-10 shows the Choice Configuration pane. Figure 2-10 Choice Configuration pane This pane lets you specify the following choice properties: ● Choice Name: The text the user sees in the install customization pane. ● Identifier: Identifies the choice within the package. ● Initial State: Specifies the value of three user-interface properties (selected, actionable, and visible) of the choice the first time the user arrives at the install customization pane: ● Selected: Specifies whether the choice is selected. ● Enabled: Specifies whether the user can change the selected state of the choice directly. ● Hidden: Specifies whether the user can see the choice. ● Destination (Custom Location): Specifies the destination of the choice’s components. Defining a choice destination overrides the destination specified for the choice’s components in the component package editor (see “Component Package Configuration Pane” (page 11)). You may also allow the user to choose a different destination by selecting “Allow alternate volume.“ You should always specify a destination for every choice with product components. Packaging Workflow Configure the Product Package Install Choices 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 19● Tooltip: Short message (15 words or fewer) that appears when the user hovers the pointer over the choice in the install customization pane. ● Description: Information that appears in the install customization pane when the user selects the choice. As described earlier, a choice has user-interface properties that define the level of interaction the user has with the choice in the install customization pane. While you can specify a value for each UI property in the package, there may be choices that need information about the computer to determine the value of such properties. For example, if an optional plug-in component can work only in certain releases of OS X, you may want to display the choice that contains the component only when the computer is running an appropriate operating system version. Here’s where choice requirements can help. A choice requirement is a test that compares a system property against a value and setsthe initial and dynamic values of the choice’s UI properties based on the test result. (The Installer application sets the dynamic values of the UI properties as the user selects or deselects choices in the install customization pane; see Software Delivery Guide for details.) Figure 2-11 shows the choice requirement editor, which lets you define the test and the resulting values of the choice UI properties if the test fails. Figure 2-11 Choice requirement editor Build the Product Package To build the package, choose: Packaging Workflow Build the Product Package 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 20PackageMaker menu bar: Project > Build. A dialog appears asking for the name and location of the package. Open the generated installation package in the Installer application and ensure that the resulting install experience is what you expect and that your product is installed correctly. You should perform comprehensive tests involving as many of the system configurations your product supports as possible. See Software Delivery Guide for more information. Packaging Workflow Build the Product Package 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 21choice requirement A test that comparesthe value of a system property (such as the amount of random-access memory available) with a value. Choice requirements determine the value of a choice’s user-interface properties: selected, actionable, and visible. choice requirement editor Area of a PackageMaker project window that allows packagers to specify a choice requirement (and how it affects the value of the choice’s user-interface properties). See also choice requirement. component package Installer package that contains a single software component asits payload. See also, product package. component package editor Area of a PackageMaker project window that specifies packaging and installation information about a product component. This editor is displayed when a component isselected in the Contents pane in the project window. downgradable component A product component, such as an application binary or a plug-in, that can be replaced with an earlier version in an install process. finalization action An action required after a completed installation process. The possible finalization actions are log-out, restart, and shutdown. install choice An option users can select or deselect during the installation process to specify whether a product component is to be installed install customization pane A pane users see while interacting with the Installer application if the package being installed allowsthe user to customize the install by choosing the product components to be installed. See also, product package, product component. install operation An install-time operation performed by an executable file that is invoked at the beginning or at the end of the install. The two install operations supported in OS X v10.5 are preinstall and postinstall. installation action A task to be performed before or after an install. PackageMaker defines several installation actions, including Quit Application and Show File in Finder. installation package A file package with the pkg or mpkg extension. Installation packages contain a payload and installation information used by the Installer or Remote Desktop applications to identify the payload’s parts and generate an install experience for the user. Installer package database System-level database of all the installation packages installed by the Installer application. managed install An Installer application–driven installation process. Users open an installer package in Installer, which then guides them through the installation process. 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 22 Glossarymanual install An user-driven installation process. In this software-installation method, users drag a product’sfilesto a location of their choosing in their computer’s file system. See also managed install. package identifier Identifies the package within the Installer package database. See also Installer package database. package list A pane in a PackageMaker project window that lists the packages the project defines. This list is divided in two parts: the installation-package file (which contains all the product’s files) and the subpackages or package referencesthat contain components of the product. package requirement A test that determines whether a package can be installed on the computer. A package requirement can be optional; such requirements display a warning to the user but allows the install to proceed. Non-optional requirements prevent an install from taking place. package version number Positive integer that identifies an iteration of a single-component product package, or an iteration of a component package within a product package. This version number should be incremented when the contents or installation details of the package are changed. See also product package component package. payload The product or product components contained in an installation package. See also installation package. product component Self-contained part of a product. A product can have one or more components. The OS X file system contains special locations for several types of components. For example, application binaries are placed in Application directories, plug-ins are housed in Plugin directories, fonts live in Fonts directories, and so on. product package Installation package that contains all the components of a product. Product packages with multicomponent products contain or reference component packages. See also installation package. product package editor A pane in a PackageMaker project window that specifies packaging and installation information about a product. This pane is displayed when the product package is selected in the package list. provider identifier Identifier for the entity responsible for the contents of an installation package; for example, com.apple. PackageMaker uses this identifier to generate default package identifiers for a product package’s components. See also package identifier. relocatable component A product component, such as an application binary or a plug-in, that the user may move after it has been installed. target OS version The earliest release of OS X in which the installation package isto be installed. The package is installable on the specified release and later. For example, a package whose target OS is OS X v10.4 can be installed on computers running OS X v10.4 and later releases. volume requirement A test that comparesthe value of a volume property (such as free space) with a value. Volume requirements determine whether the user can choose a particular volume as the destination volume of a product package. Glossary 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 23This table describes the changes to PackageMaker User Guide . Date Notes 2012-02-16 Updated download location. 2009-01-06 Made minor technical corrections. New document that describes how to use PackageMaker to create installation packages. 2007-07-23 2012-02-16 | © 2012 Apple Inc. All Rights Reserved. 24 Document Revision HistoryApple Inc. © 2012 Apple Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrievalsystem, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Apple Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Apple’s copyright notice. No licenses, express or implied, are granted with respect to any of the technology described in this document. Apple retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Apple-labeled computers. Apple Inc. 1 Infinite Loop Cupertino, CA 95014 408-996-1010 Apple, the Apple logo, Finder, Mac, OS X, and Xcode are trademarks of Apple Inc., registered in the U.S. and other countries. Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.ASARESULT, THISDOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL,OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state. iOS Security May 20122 Page 3 Introduction Page 4 System Architecture Secure Boot Chain System Software Personalization App Code Signing Runtime Process Security Page 7 Encryption and Data Protection Hardware Security Features File Data Protection Passcodes Classes Keychain Data Protection Keybags Page 13 Network Security SSL, TLS VPN Wi-Fi Bluetooth Page 15 Device Access Passcode Protection Configuration Enforcement Mobile Device Management Device Restrictions Remote Wipe Page 18 Conclusion A Commitment to Security Page 19 Glossary ContentsApple designed the iOS platform with security at its core. Keeping information secure on mobile devices is critical for any user, whether they’re accessing corporate and customer information or storing personal photos, banking information, and addresses. Because every user’s information is important, iOS devices are built to maintain a high level of security without compromising the user experience. iOS devices provide stringent security technology and features, and yet also are easy to use. The devices are designed to make security as transparent as possible. Many security features are enabled by default, so IT departments don’t need to perform extensive configurations. And some key features, like device encryption, are not configurable, so users cannot disable them by mistake. For organizations considering the security of iOS devices, it is helpful to understand how the built-in security features work together to provide a secure mobile computing platform. iPhone, iPad, and iPod touch are designed with layers of security. Low-level hardware and firmware features protect against malware and viruses, while high-level OS features allow secure access to personal information and corporate data, prevent unauthorized use, and help thwart attacks. The iOS security model protects information while still enabling mobile use, third-party apps, and syncing. Much of the system is based on industry-standard secure design principles—and in many cases, Apple has done additional design work to enhance security without compromising usability. This document provides details about how security technology and features are implemented within the iOS platform. It also outlines key elements that organizations should understand when evaluating or deploying iOS devices on their networks. • System architecture: The secure platform and hardware foundations of iPhone, iPad, and iPod touch. • Encryption and Data Protection: The architecture and design that protects the user’s data when the device is lost or stolen, or when an unauthorized person attempts to use or modify it. • Network security: Industry-standard networking protocols that provide secure authentication and encryption of data in transmission. • Device access: Methods that prevent unauthorized use of the device and enable it to be remotely wiped if lost or stolen. iOS is based on the same core technologies as OS X, and benefits from years of hardening and security development. The continued enhancements and additional security features with each major release of iOS have allowed IT departments in businesses worldwide to rapidly adopt and support iOS devices on their networks. Device Key Group Key Apple Root Certificate Crypto Engine Kernel OS Partition User Partition Data Protection Class App Sandbox Encrypted File System Software Hardware and Firmware Introduction 3 Security architecture diagram of iOS provides a visual overview of the different technologies discussed in this document.Entering DFU mode DFU mode can be entered manually by connecting the device to a computer using the 30-pin Dock Connector to USB Cable, then holding down both the Home and Sleep/Wake buttons. After 8 seconds have elapsed, release the Sleep/Wake button while continuing to hold down the Home button. Note: Nothing will be displayed on the screen when in DFU mode. If the Apple logo appears, the Sleep/Wake button was held down for too long. Restoring a device after entering DFU mode returns it to a known good state with the certainty that only unmodified Applesigned code is present. 4 The tight integration of hardware and software on iOS devices allows for the validation of activities across all layers of the device. From initial boot-up to iOS software installation and through to third-party apps, each step is analyzed and vetted to ensure that each activity is trusted and uses resources properly. Once the system is running, this integrated security architecture depends on the integrity and trustworthiness of XNU, the iOS kernel. XNU enforces security features at runtime and is essential to being able to trust higher-level functions and apps. Secure Boot Chain Each step of the boot-up process contains components that are cryptographically signed by Apple to ensure integrity, and proceeds only after verifying the chain of trust. This includes the bootloaders, kernel, kernel extensions, and baseband firmware. When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM. This immutable code is laid down during chip fabrication, and is implicitly trusted. The Boot ROM code contains the Apple Root CA public key, which is used to verify that the Low-Level Bootloader (LLB) is signed by Apple before allowing it to load. This is the first step in the chain of trust where each step ensures that the next is signed by Apple. When the LLB finishes its tasks, it verifies and runs the next-stage bootloader, iBoot, which in turn verifies and runs the iOS kernel. This secure boot chain ensures that the lowest levels of software are not tampered with, and allows iOS to run only on validated Apple devices. If one step of this boot process is unable to load or verify the next, boot-up is stopped and the device displays the “Connect to iTunes” screen. This is called recovery mode. If the Boot ROM is not even able to load or verify LLB, it enters DFU (Device Firmware Upgrade) mode. In both cases, the device must be connected to iTunes via USB and restored to factory default settings. For more information on manually entering recovery mode, see http://support.apple.com/kb/HT1808. System Software Personalization Apple regularly releases software updates to address emerging security concerns; these updates are provided for all supported devices simultaneously. Users receive iOS update notifications on the device and through iTunes, and updates are delivered wirelessly, encouraging rapid adoption of the latest security fixes. The boot process described above ensures that only Apple-signed code can be installed on a device. To prevent devices from being downgraded to older versions that lack the latest security updates, iOS uses a process called System Software Personalization. If downgrades were possible, an attacker who gains possession of a device could install an older version of iOS and exploit a vulnerability that’s been fixed in the newer version. System Architecture5 iOS software updates can be installed using iTunes or over-the-air (OTA) on the device. With iTunes, a full copy of iOS is downloaded and installed. OTA software updates are provided as deltas for network efficiency. During an iOS install or upgrade, iTunes (or the device itself, in the case of OTA software updates) connects to the Apple installation authorization server (gs.apple.com) and sends it a list of cryptographic measurements for each part of the installation bundle to be installed (for example LLB, iBoot, the kernel, and OS image), a random anti-replay value (nonce), and the device’s unique ID (ECID). The server checks the presented list of measurements against versions for which installation is permitted, and if a match is found, adds the ECID to the measurement and signs the result. The complete set of signed data from the server is passed to the device as part of the install or upgrade process. Adding the ECID “personalizes” the authorization for the requesting device. By authorizing and signing only for known measurements, the server ensures that the update is exactly as provided by Apple. The boot-time chain-of-trust evaluation verifies that the signature comes from Apple and that the measurement of the item loaded from disk, combined with the device’s ECID, matches what was covered by the signature. These steps ensure that the authorization is for a specific device and that an old iOS version from one device can’t be copied to another. The nonce prevents an attacker from saving the server’s response and using it to downgrade a user’s device in the future. App Code Signing Once the iOS kernel has booted, it controls which user processes and apps can be run. To ensure that all apps come from a known and approved source and have not been tampered with, iOS requires that all executable code be signed using an Apple-issued certificate. Apps provided with the device, like Mail and Safari, are signed by Apple. Third-party apps must also be validated and signed using an Apple-issued certificate. Mandatory code signing extends the concept of chain of trust from the OS to apps, and prevents third-party apps from loading unsigned code resources or using selfmodifying code. In order to develop and install apps on iOS devices, developers must register with Apple and join the iOS Developer Program. The real-world identity of each developer, whether an individual or a business, is verified by Apple before their certificate is issued. This certificate enables developers to sign apps and submit them to the App Store for distribution. As a result, all apps in the App Store have been submitted by an identifiable person or organization, serving as a deterrent to the creation of malicious apps. They have also been reviewed by Apple to ensure they operate as described and don’t contain obvious bugs or other problems. In addition to the technology already discussed, this curation process gives customers confidence in the quality of the apps they buy. Businesses also have the ability to write in-house apps for use within their organization and distribute them to their employees. Businesses and organizations can apply to the iOS Developer Enterprise Program (iDEP) with a D-U-N-S number. Apple approves applicants after verifying their identity and eligibility. Once an organization becomes a member of iDEP, it can register to obtain a provisioning profile that permits in-house apps to run on devices it authorizes. Users must have the provisioning profile installed in order to run the in-house apps. This ensures that only the organization’s intended users are able to load the apps onto their iOS devices.6 Unlike other mobile platforms, iOS does not allow users to install potentially malicious unsigned apps from websites, or run untrusted code. At runtime, code signature checks of all executable memory pages are made as they are loaded to ensure that an app has not been modified since it was installed or last updated. Runtime Process Security Once an app is verified to be from an approved source, iOS enforces security measures to ensure that it can’t compromise other apps or the rest of the system. All third-party apps are “sandboxed,” so they are restricted from accessing files stored by other apps or from making changes to the device. This prevents apps from gathering or modifying information stored by other apps. Each app has a unique home directory for its files, which is randomly assigned when the app is installed. If a third-party app needs to access information other than its own, it does so only by using application programming interfaces (APIs) and services provided by iOS. System files and resources are also shielded from the user’s apps. The majority of iOS runs as the non-privileged user “mobile,” as do all third-party apps. The entire OS partition is mounted read-only. Unnecessary tools, such as remote login services, aren’t included in the system software, and APIs do not allow apps to escalate their own privileges to modify other apps or iOS itself. Access by third-party apps to user information and features such as iCloud is controlled using declared entitlements. Entitlements are key/value pairs that are signed in to an app and allow authentication beyond runtime factors like unix user ID. Since entitlements are digitally signed, they cannot be changed. Entitlements are used extensively by system apps and daemons to perform specific privileged operations that would otherwise require the process to run as root. This greatly reduces the potential for privilege escalation by a compromised system application or daemon. In addition, apps can only perform background processing through system-provided APIs. This enables apps to continue to function without degrading performance or dramatically impacting battery life. Apps can’t share data directly with each other; sharing can be implemented only by both the receiving and sending apps using custom URL schemes, or through shared keychain access groups. Address space layout randomization (ASLR) protects against the exploitation of memory corruption bugs. Built-in apps use ASLR to ensure that all memory regions are randomized upon launch. Additionally, system shared library locations are randomized at each device startup. Xcode, the iOS development environment, automatically compiles third-party programs with ASLR support turned on. Further protection is provided by iOS using ARM’s Execute Never (XN) feature, which marks memory pages as non-executable. Memory pages marked as both writable and executable can be used only by apps under tightly controlled conditions: The kernel checks for the presence of the Apple-only “dynamic-codesigning” entitlement. Even then, only a single mmap call can be made to request an executable and writable page, which is given a randomized address. Safari uses this functionality for its JavaScript JIT compiler.7 The secure boot chain, code signing, and runtime process security all help to ensure that only trusted code and apps can run on a device. iOS has additional security features to protect user data, even in cases where other parts of the security infrastructure have been compromised (for example, on a device with unauthorized modifications). Like the system architecture itself, these encryption and data protection capabilities use layers of integrated hardware and software technologies. Hardware Security Features On mobile devices, speed and power efficiency are critical. Cryptographic operations are complex and can introduce performance or battery life problems if not designed and implemented correctly. Every iOS device has a dedicated AES 256 crypto engine built into the DMA path between the flash storage and main system memory, making file encryption highly efficient. Along with the AES engine, SHA-1 is implemented in hardware, further reducing cryptographic operation overhead. The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused into the application processor during manufacturing. No software or firmware can read them directly; they can see only the results of encryption or decryption operations performed using them. The UID is unique to each device and is not recorded by Apple or any of its suppliers. The GID is common to all processors in a class of devices (for example, all devices using the Apple A5 chip), and is used as an additional level of protection when delivering system software during installation and restore. Burning these keys into the silicon prevents them from being tampered with or bypassed, and guarantees that they can be accessed only by the AES engine. The UID allows data to be cryptographically tied to a particular device. For example, the key hierarchy protecting the file system includes the UID, so if the memory chips are physically moved from one device to another, the files are inaccessible. The UID is not related to any other identifier on the device. Apart from the UID and GID, all other cryptographic keys are created by the system’s random number generator (RNG) using an algorithm based on Yarrow. System entropy is gathered from interrupt timing during boot, and additionally from internal sensors once the device has booted. Securely erasing saved keys is just as important as generating them. It’s especially challenging to do so on flash storage, where wear-leveling might mean multiple copies of data need to be erased. To address this issue, iOS devices include a feature dedicated to secure data erasure called Effaceable Storage. This feature accesses the underlying storage technology (for example, NAND) to directly address and erase a small number of blocks at a very low level. Encryption and Data ProtectionErase all content and settings The “Erase all content and settings” option in Settings obliterates all the keys in Effaceable Storage, rendering all user data on the device cryptographically inaccessible. Therefore, it’s an ideal way to be sure all personal information is removed from a device before giving it to somebody else or returning it for service. Important: Do not use the “Erase all content and settings” option until the device has been backed up, as there is no way to recover the erased data. 8 File Data Protection In addition to the hardware encryption features built into iOS devices, Apple uses a technology called Data Protection to further protect data stored in flash memory on the device. This technology is designed with mobile devices in mind, taking into account the fact that they may always be turned on and connected to the Internet, and may receive phone calls, text, or emails at any time. Data Protection allows a device to respond to events such as incoming phone calls without decrypting sensitive data and downloading new information while locked. These individual behaviors are controlled on a per-file basis by assigning each file to a class, as described in the Classes section later in document. Data Protection protects the data in each class based on when the data needs to be accessed. Accessibility is determined by whether the class keys have been unlocked. Data Protection is implemented by constructing and managing a hierarchy of keys, and builds on the hardware encryption technologies previously described. Architecture overview Every time a file on the data partition is created, Data Protection creates a new 256-bit key (the “per-file” key) and gives it to the hardware AES engine, which uses the key to encrypt the file as it is written to flash memory using AES CBC mode. The initialization vector (IV) is the output of a linear feedback shift register (LFSR) calculated with the block offset into the file, encrypted with the SHA-1 hash of the per-file key. The per-file key is wrapped with one of several class keys, depending on the circumstances under which the file should be accessible. Like all other wrappings, this is performed using NIST AES key wrapping, per RFC 3394. The wrapped per-file key is stored in the file’s metadata. When a file is opened, its metadata is decrypted with the file system key, revealing the wrapped per-file key and a notation on which class protects it. The per-file key is unwrapped with the class key, then supplied to the hardware AES engine, which decrypts the file as it is read from flash memory. The metadata of all files in the file system are encrypted with a random key, which is created when iOS is first installed or when the device is wiped by a user. The file system key is stored in Effaceable Storage. Since it’s stored on the device, this key is not used to maintain the confidentiality of data; instead, it’s designed to be quickly erased on demand (by the user, with the “Erase all content and settings” option, or by a user or administrator issuing a remote wipe command from a Mobile Device Management server, Exchange ActiveSync, or iCloud). Erasing the key in this manner renders all files cryptographically inaccessible.Passcode considerations If a long password that contains only numbers is entered, a numeric keypad is displayed at the Lock screen instead of the full keyboard. A longer numeric passcode may be easier to enter than a shorter alphanumeric passcode, while providing similar security. Creating strong Apple ID passwords Apple IDs are used to connect to a number of services including iCloud, FaceTime, and iMessage. To help users create strong passwords, all new accounts must contain the following password attributes: • At least eight characters • At least one letter • At least one uppercase letter • At least one number • No more than three consecutive identical characters • Not the same as the account name 9 File Contents File Metadata File Key File System Key Class Key User Passcode Device UID The content of a file is encrypted with a per-file key, which is wrapped with a class key and stored in a file’s metadata, which is in turn encrypted with the file system key. The class key is protected with the hardware UID and, for some classes, the user’s passcode. This hierarchy provides both flexibility and performance. For example, changing a file’s class only requires rewrapping its per-file key, and a change of passcode just rewraps the class key. Passcodes By setting up a device passcode, the user automatically enables Data Protection. iOS supports four-digit and arbitrary-length alphanumeric passcodes. In addition to unlocking the device, a passcode provides the entropy for encryption keys, which are not stored on the device. This means an attacker in possession of a device can’t get access to data in certain protection classes without the passcode. The passcode is “tangled” with the device’s UID, so brute-force attempts must be performed on the device under attack. A large iteration count is used to make each attempt slower. The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. This means it would take more than 5½ years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers, or 2½ years for a nine-digit passcode with numbers only. To further discourage brute-force passcode attacks, the iOS interface enforces escalating time delays after the entry of an invalid passcode at the Lock screen. Users can choose to have the device automatically wiped after 10 failed passcode attempts. This setting is also available as an administrative policy through Mobile Device Management (MDM) and Exchange ActiveSync, and can also be set to a lower threshold.10 Classes When a new file is created on an iOS device, it’s assigned a class by the app that creates it. Each class uses different policies to determine when the data is accessible. The basic classes and policies are as follows: Complete Protection (NSFileProtectionComplete): The class key is protected with a key derived from the user passcode and the device UID. Shortly after the user locks a device (10 seconds, if the Require Password setting is Immediately), the decrypted class key is discarded, rendering all data in this class inaccessible until the user enters the passcode again. The Mail app implements Complete Protection for messages and attachments. App launch images and location data are also stored with Complete Protection. Protected Unless Open (NSFileProtectionCompleteUnlessOpen): Some files may need to be written while the device is locked. A good example of this is a mail attachment downloading in the background. This behavior is achieved by using asymmetric elliptic curve cryptography (ECDH over Curve25519). Along with the usual per-file key, Data Protection generates a file public/private key pair. A shared secret is computed using the file’s private key and the Protected Unless Open class public key, whose corresponding private key is protected with the user’s passcode and the device UID. The per-file key is wrapped with the hash of this shared secret and stored in the file’s metadata along with the file’s public key; the corresponding private key is then wiped from memory. As soon as the file is closed, the per-file key is also wiped from memory. To open the file again, the shared secret is re-created using the Protected Unless Open class’s private key and the file’s ephemeral public key; its hash is used to unwrap the per-file key, which is then used to decrypt the file. Protected Until First User Authentication (NSFileProtectionCompleteUntilFirstUserAuthentication): This class behaves in the same way as Complete Protection, except that the decrypted class key is not removed from memory when the device is locked. The protection in this class has similar properties to desktop full-disk encryption, and protects data from attacks that involve a reboot. No Protection (NSFileProtectionNone): This class key is protected only with the UID, and is kept in Effaceable Storage. This is the default class for all files not otherwise assigned to a Data Protection class. Since all the keys needed to decrypt files in this class are stored on the device, the encryption only affords the benefit of fast remote wipe. If a file is not assigned a Data Protection class, it is still stored in encrypted form (as is all data on an iOS device). The iOS Software Development Kit (SDK) offers a full suite of APIs that make it easy for third-party and in-house developers to adopt Data Protection and ensure the highest level of protection in their apps. Data Protection is available for file and database APIs, including NSFileManager, CoreData, NSData, and SQLite.Components of a keychain item Along with the access group, each keychain item contains administrative metadata (such as “created” and “last updated” time stamps). It also contains SHA-1 hashes of the attributes used to query for the item (such as the account and server name) to allow lookup without decrypting each item. And finally, it contains the encryption data, which includes the following: • Version number • Value indicating which protection class the item is in • Per-item key wrapped with the protection class key • Dictionary of attributes describing the item (as passed to SecItemAdd), encoded as a binary plist and encrypted with the per-item key The encryption is AES 128 in GCM (Galois/ Counter Mode); the access group is included in the attributes and protected by the GMAC tag calculated during encryption. 11 Keychain Data Protection Many apps need to handle passwords and other short but sensitive bits of data, such as keys and login tokens. The iOS keychain provides a secure way to store these items. The keychain is implemented as a SQLite database stored on the file system in the No Protection class, while its security is provided by a different key hierarchy that runs parallel to the key hierarchy used to protect files. There is only one database; the securityd daemon determines which keychain items each process or app can access. Keychain access APIs result in calls to the securityd framework, which queries the app’s “keychain-access-groups” and the “application-identifier” entitlement. Rather than limiting access to a single process, access groups allow keychain items to be shared between apps. Keychain items can only be shared between apps from the same developer. This is managed by requiring third-party apps to use access groups with a prefix allocated to them through the iOS Developer Program. The prefix requirement is enforced through code signing and provisioning profiles. Keychain data is protected using a class structure similar to the one used in file Data Protection. These classes have behaviors equivalent to file Data Protection classes, but use distinct keys and are part of APIs that are named differently. Availability File Data Protection Keychain Data Protection When unlocked NSFileProtectionComplete kSecAttrAccessibleWhenUnlocked While locked NSFileProtectionCompleteUnlessOpen N/A After first unlock NSFileProtectionCompleteUntilFirstUserAuthentication kSecAttrAccessibleAfterFirstUnlock Always NSFileProtectionNone kSecAttrAccessibleAlways Each keychain class has a “This device only” counterpart, which is always protected with the UID when being copied from the device during a backup, rendering it useless if restored to a different device. Apple has carefully balanced security and usability by choosing keychain classes that depend on the type of information being secured and when it’s needed by the OS. For example, a VPN certificate must always be available so the device keeps a continuous connection, but it’s classified as “non-migratory,” so it can’t be moved to another device. For keychain items created by iOS, the following class protections are enforced: Item Accessible Wi-Fi passwords After first unlock Mail accounts After first unlock Exchange accounts After first unlock VPN certificates Always, non-migratory VPN passwords After first unlock LDAP, CalDAV, CardDAV After first unlock iTunes backup When unlocked, non-migratory Voicemail Always Safari passwords When unlocked Bluetooth keys Always, non-migratory Apple Push Notification Service Token Always, non-migratory iCloud certificates and private key Always, non-migratory iMessage keys Always, non-migratory Certificates and private keys installed by Configuration Profile Always, non-migratory SIM PIN Always, non-migratoryComponents of a keybag A header containing: • Version (set to 3 in iOS 5) • Type (System, Backup, Escrow, or iCloud Backup) • Keybag UUID • An HMAC if the keybag is signed • The method used for wrapping the class keys: tangling with the UID or PBKDF2, along with the salt and iteration count A list of class keys: • Key UUID • Class (which file or keychain Data Protection class this is) • Wrapping type (UID-derived key only; UID-derived key and passcode-derived key) • Wrapped class key • Public key for asymmetric classes 12 Keybags The keys for both file and keychain Data Protection classes are collected and managed in keybags. iOS uses the following four keybags: System, Backup, Escrow, and iCloud Backup. System keybag is where the wrapped class keys used in normal operation of the device are stored. For example, when a passcode is entered, the NSFileProtectionComplete key is loaded from the system keychain and unwrapped. It is a binary plist stored in the No Protection class, but whose contents are encrypted with a key held in Effaceable Storage. In order to give forward security to keybags, this key is wiped and regenerated each time a user changes a passcode. The System keybag is the only keybag stored on the device. The AppleKeyStore kernel extension manages the System keybag, and can be queried regarding a device’s lock state. It reports that the device is unlocked only if all the class keys in the System are accessible, having been unwrapped successfully. Backup keybag is created when an encrypted backup is made by iTunes and stored on the computer to which the device is backed up. A new keybag is created with a new set of keys, and the backed-up data is re-encrypted to these new keys. As explained earlier, non-migratory keychain items remain wrapped with the UID-derived key, allowing them to be restored to the device they were originally backed up from, but rendering them inaccessible on a different device. The keybag is protected with the password set in iTunes, run through 10,000 iterations of PBKDF2. Despite this large iteration count, there’s no tie to a specific device, and therefore a brute-force attack parallelized across many computers can be attempted on the backup keybag. This threat can be mitigated with a sufficiently strong password. If a user chooses to not encrypt an iTunes backup, the backup files are not encrypted regardless of their Data Protection class, but the keychain remains protected with a UID-derived key. This is why keychain items migrate to a new device only if a backup password is set. Escrow keybag is used for iTunes syncing and Mobile Device Management (MDM). This keybag allows iTunes to back up and sync without requiring the user to enter a passcode, and it allows an MDM server to remotely clear a user’s passcode. It is stored on the computer that’s used to sync with iTunes, or on the MDM server that manages the device. The Escrow keybag improves the user experience during device synchronization, which potentially requires access to all classes of data. When a passcode-locked device is first connected to iTunes, the user is prompted to enter a passcode. The device then creates an Escrow keybag and passes it to the host. The Escrow keybag contains exactly the same class keys used on the device, protected by a newly generated key. This key is needed to unlock the Escrow keybag, and is stored on the device in the Protected Until First User Authentication class. This is why the device passcode must be entered before backing up with iTunes for the first time after a reboot. iCloud Backup keybag is similar to the Backup keybag. All the class keys in this keybag are asymmetric (using Curve25519, like the Protected Unless Open Data Protection class), so iCloud backups can be performed in the background. For all Data Protection classes except No Protection, the encrypted data is read from the device and sent to iCloud. The corresponding class keys are protected by iCloud keys. The keychain class keys are wrapped with a UID-derived key in the same way as an unencrypted iTunes backup. 13 In addition to the measures Apple has taken to protect data stored on iOS devices, there are many network security measures that organizations can take to safeguard information as it travels to and from an iOS device. Mobile users must be able to access corporate information networks from anywhere in the world, so it’s important to ensure they are authorized and that their data is protected during transmission. iOS uses—and provides developer access to—standard networking protocols for authenticated, authorized, and encrypted communications. iOS provides proven technologies and the latest standards to accomplish these security objectives for both Wi-Fi and cellular data network connections. On other platforms, firewall software is needed to protect numerous open communication ports against intrusion. Because iOS achieves a reduced attack surface by limiting listening ports and removing unnecessary network utilities such as telnet, shells, or a web server, it doesn’t need firewall software. Additionally, communication using iMessage, FaceTime, and the Apple Push Notification Server is fully encrypted and authenticated. SSL, TLS iOS supports Secure Socket Layer (SSL v3) as well as Transport Layer Security (TLS v1.1, TLS v1.2) and DTLS. Safari, Calendar, Mail, and other Internet applications automatically use these mechanisms to enable an encrypted communication channel between the device and network services. High-level APIs (such as CFNetwork) make it easy for developers to adopt TLS in their apps, while low-level APIs (SecureTransport) provide fine-grained control. VPN Secure network services like virtual private networking typically require minimal setup and configuration to work with iOS devices. iOS devices work with VPN servers that support the following protocols and authentication methods: • Juniper Networks, Cisco, Aruba Networks, SonicWALL, Check Point, and F5 Networks SSL-VPN using the appropriate client app from the App Store. These apps provide user authentication for the built-in iOS support. • Cisco IPSec with user authentication by Password, RSA SecurID or Cryptocard, and machine authentication by shared secret and certificates. Cisco IPSec supports VPN On Demand for domains that are specified during device configuration. • L2TP/IPSec with user authentication by MS-CHAPV2 Password, RSA SecurID or Cryptocard, and machine authentication by shared secret. • PPTP with user authentication by MS-CHAPV2 Password and RSA SecurID or Cryptocard. Network Security14 iOS supports VPN On Demand for networks that use certificated-based authentication. IT policies specify which domains require a VPN connection by using a configuration profile. For more information on VPN server configuration for iOS devices, see http://help.apple.com/iosdeployment-vpn/. Wi-Fi iOS supports industry-standard Wi-Fi protocols, including WPA2 Enterprise, to provide authenticated access to wireless corporate networks. WPA2 Enterprise uses 128-bit AES encryption, giving users the highest level of assurance that their data remains protected when sending and receiving communications over a Wi-Fi network connection. With support for 802.1X, iOS devices can be integrated into a broad range of RADIUS authentication environments. 802.1X wireless authentication methods supported on iPhone and iPad include EAP-TLS, EAP-TTLS, EAP-FAST, EAP-SIM, PEAPv0, PEAPv1, and LEAP. Bluetooth Bluetooth support in iOS has been designed to provide useful functionality without unnecessary increased access to private data. iOS devices support Encryption Mode 3, Security Mode 4, and Service Level 1 connections. iOS supports the following Bluetooth profiles: • Hands-Free Profile (HFP 1.5) • Phone Book Access Profile (PBAP) • Advanced Audio Distribution Profile (A2DP) • Audio/Video Remote Control Profile (AVRCP) • Personal Area Network Profile (PAN) • Human Interface Device Profile (HID) Support for these profiles varies by device. For more information, see http://support.apple.com/kb/ht3647.15 iOS supports flexible security policies and configurations that are easily enforced and managed. This enables enterprises to protect corporate information and ensure that employees meet enterprise requirements, even if they are using devices they’ve provided themselves. Passcode Protection In addition to providing the cryptographic protection discussed earlier, passcodes prevent unauthorized access to the device’s UI. The iOS interface enforces escalating time delays after the entry of an invalid passcode, dramatically reducing the effectiveness of brute force attacks via the Lock screen. Users can choose to have the device automatically wiped after 10 failed passcode attempts. This setting is available as an administrative policy and can also be set to a lower threshold through MDM and Exchange ActiveSync. By default, the user’s passcode can be defined as a four-digit PIN. Users can specify a longer, alphanumeric passcode by turning on Settings > General > Passcode > Complex Passcode. Longer and more complex passcodes are harder to guess or attack, and are recommended for enterprise use. Administrators can enforce complex passcode requirements and other policies using MDM or Exchange ActiveSync, or by requiring users to manually install configuration profiles. The following passcode policies are available: • Allow simple value • Require alphanumeric value • Minimum passcode length • Minimum number of complex characters • Maximum passcode age • Passcode history • Auto-lock timeout • Grace period for device lock • Maximum number of failed attempts For details about each policy, see the iPhone Configuration Utility documentation at http://help.apple.com/iosdeployment-ipcu/. Configuration Enforcement A configuration profile is an XML file that allows an administrator to distribute configuration information to iOS devices. Settings that are defined by an installed configuration profile can’t be changed by the user. If the user deletes a configuration profile, all the settings defined by the profile are also removed. In this manner, administrators can Device Access16 enforce settings by tying policies to access. For example, a configuration profile that provides an email configuration can also specify a device passcode policy. Users won’t be able to access mail unless their passcodes meet the administrator’s requirements. An iOS configuration profile contains a number of settings that can be specified: • Passcode policies • Restrictions on device features (disabling the camera, for example) • Wi-Fi settings • VPN settings • Email server settings • Exchange settings • LDAP directory service settings • CalDAV calendar service settings • Web clips • Credentials and keys • Advanced cellular network settings Configuration profiles can be signed and encrypted to validate their origin, ensure their integrity, and protect their contents. Configuration profiles are encrypted using CMS (RFC 3852), supporting 3DES and AES-128. Configuration profiles can also be locked to a device to completely prevent their removal, or to allow removal only with a passcode. Since many enterprise users personally own their iOS devices, configuration profiles that bind a device to an MDM server can be removed—but doing so will also remove all managed configuration information, data, and apps. Users can install configuration profiles directly on their devices using the iPhone Configuration Utility. Configuration profiles can be downloaded via email or over-the-air using an MDM server. Mobile Device Management iOS support for MDM allows businesses to securely configure and manage scaled iPhone and iPad deployments across their organizations. MDM capabilities are built on existing iOS technologies such as Configuration Profiles, Over-the-Air Enrollment, and the Apple Push Notification service. Using MDM, IT departments can enroll iOS devices in an enterprise environment, wirelessly configure and update settings, monitor compliance with corporate policies, and even remotely wipe or lock managed devices. For more information on Mobile Device Management, visit www.apple.com/business/mdm. Device Restrictions Administrators can restrict device features by installing a configuration profile. The following restrictions are available: • Allow app installs • Allow use of camera • Allow FaceTime • Allow screen capture • Allow voice dialing • Allow automatic sync while roaming • Allow in-app purchases • Force user to enter store password for all purchases • Allow multiplayer gaming • Allow adding Game Center Friends • Allow Siri17 • Allow Siri while device is locked • Allow use of YouTube • Allow use of iTunes Store • Allow use of Safari • Enable Safari autofill • Force Fraudulent Website Warning • Enable JavaScript • Block pop-ups • Accept cookies • Allow iCloud backup • Allow iCloud document sync • Allow Photo Stream • Allow diagnostics to be sent to Apple • Allow user to accept untrusted TLS certificates • Force encrypted backups • Restrict media by content rating Remote Wipe iOS devices can be erased remotely by an administrator or user. Instant remote wiping is achieved by securely discarding the block storage encryption key from Effaceable Storage, rendering all data unreadable. Remote wiping can be initiated by MDM, Exchange, or iCloud. When remote wiping is triggered by MDM or iCloud, the device sends an acknowledgment and performs the wipe. For remote wiping via Exchange, the device checks in with the Exchange Server before performing the wipe. Users can also wipe devices in their possession using the Settings app. And as mentioned, devices can be set to automatically wipe after a series of failed passcode attempts.Conclusion A Commitment to Security Each component of the iOS security platform, from hardware to encryption to device access, provides organizations with the resources they need to build enterprise-grade security solutions. The sum of these parts gives iOS its industry-leading security features, without making the device difficult or cumbersome to use. Apple uses this security infrastructure throughout iOS and the iOS apps ecosystem. Hardware-based storage encryption provides instant remote wipe capabilities when a device is lost, and ensures that users can completely remove all corporate and personal information when a device is sold or transferred to another owner. For the collection of diagnostic information, unique identifiers are created to identify a device anonymously. Safari offers safe browsing with its support for OCSP, EV certificates, and certificate verification warnings. Mail leverages certificates for authenticated and encrypted email by supporting S/MIME. iMessage and FaceTime provide client-to-client encryption as well. The combination of required code signing, sandboxing, and entitlements in apps provides solid protection against viruses, malware, and other exploits that compromise the security of other platforms. The App Store submission process works to further protect users from these risks by reviewing every app before it’s made available for sale. Businesses are encouraged to review their IT and security policies to ensure they are taking full advantage of the layers of security technology and features offered by the iOS platform. Apple maintains a dedicated security team to support all Apple products. The team provides security auditing and testing for products under development as well as released products. The Apple team also provides security tools and training, and actively monitors for reports of new security issues and threats. Apple is a member of the Forum of Incident Response and Security Teams (FIRST). For information about reporting issues to Apple and subscribing to security notifications, go to apple.com/support/security. Apple is committed to incorporating proven encryption methods and creating modern mobile-centric privacy and security technologies to ensure that iOS devices can be used with confidence in any personal or corporate environment. 1819 Address space layout randomization (ASLR) A technique employed by iOS to make the successful exploitation of a software bug much more difficult. By ensuring memory addresses and offsets are unpredictable, exploit code can’t hard code these values. In iOS 5, the position of all system apps and libraries are randomized, along with all third-party apps compiled as positionindependent executables. Boot ROM The very first code executed by a device’s processor when it first boots. As an integral part of the processor, it can’t be altered by either Apple or an attacker. Data Protection File and keychain protection mechanism for iOS. It can also refer to the APIs that apps use to protect files and keychain items. DFU A mode in which a device’s Boot ROM code waits to be recovered over USB. The screen is black when in DFU mode, but upon connecting to a computer running iTunes, the following prompt is presented: “iTunes has detected an iPad in recovery mode. You must restore this iPad before it can be used with iTunes.” ECID A 64-bit identifier that’s unique to the processor in each iOS device. Used as part of the personalization process, it’s not considered a secret. Effaceable Storage A dedicated area of NAND storage, used to store cryptographic keys, that can be addressed directly and wiped securely. While it doesn’t provide protection if an attacker has physical possession of a device, keys held in Effaceable Storage can be used as part of a key hierarchy to facilitate fast wipe and forward security. File system key The key that encrypts each file’s metadata, including its class key. This is kept in Effaceable Storage to facilitate fast wipe, rather than confidentiality. GID Like the UID but common to every processor in a class. iBoot Code that’s loaded by LLB, and in turn loads XNU, as part of the secure boot chain. Keybag A data structure used to store a collection of class keys. Each type (System, Backup, Escrow, or iCloud Backup) has the same format: • A header containing: – Version (set to 3 in iOS 5) – Type (System, Backup, Escrow, or iCloud Backup) – Keybag UUID – An HMAC if the keybag is signed – The method used for wrapping the class keys: tangling with the UID or PBKDF2, along with the salt and iteration count • A list of class keys: – Key UUID – Class (which file or keychain Data Protection class this is) – Wrapping type (UID-derived key only; UID-derived key and passcode-derived key) – Wrapped class key – Public key for asymmetric classes Glossary20 Keychain The infrastructure and a set of APIs used by iOS and third-party apps to store and retrieve passwords, keys, and other sensitive credentials. Key wrapping Encrypting one key with another. iOS uses NIST AES key wrapping, as per RFC 3394. Low-Level Bootloader (LLB) Code that’s invoked by the Boot ROM, and in turn loads iBoot, as part of the secure boot chain. Per-file key The AES 256-bit key used to encrypt a file on the file system. The per-file key is wrapped by a class key and is stored in the file’s metadata. Provisioning profile A plist signed by Apple that contains a set of entities and entitlements allowing apps to be installed and tested on an iOS device. A development provisioning profile lists the devices that a developer has chosen for ad hoc distribution, and a distribution provisioning profile contains the app ID of an enterprise-developed app. Tangling The process by which a user’s passcode is turned into a cryptographic key and strengthened with the device’s UID. This ensures that a brute-force attack must be performed on a given device, and thus is rate limited and cannot be performed in parallel. The tangling algorithm is PBKDF2, which uses AES as the pseudorandom function (PRF) with a UID-derived key. UID A 256-bit AES key that’s burned into each processor at manufacture. It cannot be read by firmware or software, and is used only by the processor’s hardware AES engine. To obtain the actual key, an attacker would have to mount a highly sophisticated and expensive physical attack against the processor’s silicon. The UID is not related to any other identifier on the device including, but not limited to, the UDID. XNU The kernel at the heart of the iOS and OS X operating systems. It’s assumed to be trusted, and enforces security measures such as code signing, sandboxing, entitlement checking, and ASLR. Yarrow A cryptographically secure pseudorandom number generator algorithm. An implementation of Yarrow in iOS takes entropy generated by various system events and produces unpredictable random numbers that can be used, for example, as encryption keys. © 2012 Apple Inc. All rights reserved. Apple, the Apple logo, FaceTime, iPad, iPhone, iPod touch, iTunes, Keychain, OS X, Safari, Siri, and Xcode are trademarks of Apple Inc., registered in the U.S. and other countries. iMessage is a trademark of Apple Inc. iCloud and iTunes Store are service marks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. The Bluetooth® word mark and logos are registered trademarks owned by Bluetooth SIG, Inc. and any use of such marks by Apple is under license. Other product and company names mentioned herein may be trademarks of their respective companies. Product specifications are subject to change without notice. May 2012 Guide d’informations importantes sur le produit MacBook ProEau et endroits humides Évitez de placer votre MacBook Pro à proximité de sources de liquide telles que des boissons, un évier, un lavabo, une baignoire ou une douche, par exemple. Protégez votre MacBook Pro de l’humidité et des intempéries (neige, pluie et brouillard par exemple). Adaptateur secteur MagSafe 2 85 W N’utilisez que l’adaptateur secteur qui accompagne le MacBook Pro ou, au besoin, un adaptateur secteur agréé Apple compatible avec ce produit. Veillez à ce que la fiche ou le câble d’alimentation secteur CA soit totalement enclenché dans l’adaptateur secteur avant de brancher ce dernier sur une prise de courant. L’adaptateur secteur peut chauffer au cours d’une utilisation normale de l’appareil. L’adaptateur secteur MagSafe 2 respecte les limites de température de surfaces accessible à l’utilisateur définies par la norme IEC 6590-1 (International Standard for Safety of Information Technology Equipment), Pour réduire la possibilité de surchauffe de l’adaptateur secteur et de blessures liées à la chaleur, effectuez l’une des actions suivantes :  Branchez directement l’adaptateur secteur à une prise secteur. Fiche CA Connecteur MagSafe 2 Adaptateur secteur MagSafe 2  Si vous utilisez le cordon d’alimentation secteur, placez l’adaptateur secteur sur un bureau, une table ou le sol, dans un endroit bien ventilé. Connecteur MagSafe 2 Adaptateur secteur MagSafe 2 Câble secteur Débranchez l’adaptateur secteur et débranchez tous les autres câbles si l’un des cas suivants se présente :  Vous souhaitez nettoyer le boîtier (pour ce faire, suivez à la lettre les instructions fournies à la page suivante).  La prise ou le câble d’alimentation est endommagé.  Le MacBook Pro ou l’adaptateur secteur est exposé à la pluie ou à une humidité excessive, ou du liquide a été versé dans le boîtier.  Le MacBook Pro ou l’adaptateur secteur a subi une chute, le boîtier a été endommagé ou vous pensez qu’une réparation est nécessaire. Le port secteur MagSafe 2 (sur lequel vous branchez le connecteur MagSafe 2) contient un aimant qui peut effacer les données d’une carte de crédit, d’un iPod ou d’autres appareils. Ce Guide d’informations importantes sur le produit contient des informations relatives à la sécurité, à la manipulation, à l’élimination et au recyclage, à la réglementation et à la licence logicielle, ainsi que la garantie limitée d’un an pour votre MacBook Pro de 15 pouces. ±Afin d’éviter toute blessure, consultez les informations relatives à la sécurité ci-dessous, ainsi que le mode d’emploi, avant d’utiliser le MacBook Pro. Une version téléchargeable du Guide de démarrage rapide du MacBook Pro et la plus récente version de ce Guide d’informations importantes sur le produit sont disponibles à la page : support.apple.com/manuals/macbookpro Informations importantes de sécurité et de manipulation AVERTISSEMENT :  Ne pas suivre ces consignes pourrait déclencher un feu, occasionner des décharges électriques ou entraîner tout type de blessure ou dommage du MacBook Pro ou autre. Batterie intégrée Ne retirez pas la batterie de votre MacBook Pro. La batterie doit être remplacée uniquement par un Centre de services agréé Apple Abandonnez toute utilisation de votre MacBook Pro après une chute ou s’il semble avoir été écrasé, plié, déformé ou endommagé. N’exposez pas votre MacBook Pro à des sources extrêmes de chaleur, telles que des radiateurs ou des cheminées, où la température est susceptible d’excéder 100 °C. Manipulation correcte La partie inférieure du MacBook Pro peut chauffer au cours d’une utilisation normale de l’appareil. Le MacBook Pro respecte les limites de température de surfaces accessible à l’utilisateur définies par la norme IEC 6590-1 (International Standard for Safety of Information Technology Equipment). Pour un fonctionnement de l’ordinateur en toute sécurité et une réduction de la possibilité de blessures liées à la chaleur, suivez les directives suivantes :  Installez le MacBook Pro sur un plan de travail stable en veillant à ce que l’air puisse circuler librement sous l’ordinateur et autour de celui-ci.  N’utilisez pas le MacBook Pro en le posant sur un coussin, une couverture ou tout autre objet de structure non solide, car cela pourrait empêcher les conduits d’aération de fonctionner correctement.  Évitez également de placer des objets sur le clavier lorsque vous utilisez votre MacBook Pro.  N’introduisez aucun objet dans les ouvertures servant à la ventilation.  Si votre MacBook Pro est posé sur vos genoux et que la chaleur qu’il dégage vous gêne, posez-le plutôt sur un plan de travail stable.Manipulation des parties en verre Votre MacBook Pro contient des composants en verre, notamment l’écran et le trackpad. Si ces parties sont abîmées, n’utilisez pas votre MacBook Pro tant qu’il n’a pas été réparé par un Centre de Services Agréé Apple. Stockage du MacBook Pro Si vous décidez de ranger le MacBook Pro pendant une longue période, placez-le dans un endroit frais (idéalement, à 22 °C), et déchargez la batterie à 50 pour cent. Avant de ranger votre ordinateur pour une période supérieure à cinq mois, déchargez la batterie à environ 50 pour cent. Pour conserver les capacités de la batterie, rechargez la batterie jusqu’à 50 pour cent tous les six mois environ. Nettoyage du MacBook Pro Pour nettoyer le boîtier de votre MacBook Pro et de ses composants, éteignez d’abord le MacBook Pro et débranchez l’adaptateur secteur. Humidifiez ensuite le chiffon fourni et essuyez le MacBook Pro. Évitez les infiltrations d’humidité par quelque ouverture que ce soit. Ne vaporisez jamais de liquide directement sur l’ordinateur. N’utilisez ni aérosols, ni dissolvants, ni abrasifs qui pourraient endommager les finitions de l’appareil. Nettoyage de l’écran du MacBook Pro Pour nettoyer l’écran du MacBook Pro, éteignez d’abord le MacBook Pro et débranchez l’adaptateur secteur. Humidifiez ensuite, à l’eau seulement, le chiffon fourni et essuyez l’écran. Ne vaporisez jamais de liquide directement sur l’écran. Ergonomie Voici quelques conseils pour la mise en place d’un environnement de travail sain. Clavier et trackpad Lorsque vous tapez au clavier ou que vous vous servez du trackpad, vos épaules doivent être détendues. Le bras et l’avant-bras doivent former un angle droit, la main étant placée dans le prolongement du poignet. Position à éviter Position recommandée Vous devez avoir les mains et les doigts détendus lorsque vous tapez au clavier ou que vous utilisez le trackpad. Évitez de replier les pouces à l’intérieur des paumes. Position à éviter Position recommandée Pour protéger vos données, ne placez pas de matériaux ou d’appareils à sensibilité magnétique (comme ceux cités précédemment ou autres) à moins de 25 mm de ce port. Si des résidus quelconques se trouvent dans le port secteur MagSafe 2, enlevez-les doucement à l’aide d’un bâtonnet de coton. Spécifications de l’alimentation MagSafe 2 : Fréquence : phase unique de 50 à 60 Hz Tension de secteur : de 100 à 240 V Tension de sortie : 20 V DC, 4,25 A Diminution de l’acuité auditive Vous risquez une perte d’audition irréparable si vous utilisez un casque ou des écouteurs à un volume sonore élevé. L’oreille peut s’adapter petit à petit à des volumes sonores de plus en plus élevés qui peuvent sembler normaux,mais qui risquent à la longue d’endommager votre système auditif. En cas de sifflements ou de perte d’acuité auditive, arrêtez d’utiliser le casque ou les écouteurs et consultez un médecin. Plus le volume est élevé, plus votre audition risque d’être affectée rapidement. Pour protéger votre système auditif, les spécialistes conseillent de prendre les mesures suivantes :  Limitez la durée d’utilisation à volume élevé de vos écouteurs ou de votre casque d’écoute.  Évitez d’augmenter le volume afin de bloquer les bruits environnants.  Baissez le volume si vous ne parvenez pas à entendre une personne qui parle à côté de vous. Activités à haut risque Cet ordinateur n’est pas conçu pour être utilisé dans des installations nucléaires, pour la navigation ou la communication aérienne, pour le contrôle du trafic aérien, ni dans aucune autre situation où une panne du système informatique pourrait entraîner la mort, des blessures ou de graves dommages écologiques. Environnement d’utilisation L’utilisation de votre MacBook Pro en dehors de ces plages peut gêner son bon fonctionnement : Température de fonctionnement : de 10 à 35 °C Température de stockage : de -20 à 45 °C Humidité relative : de 5 % à 90 % (sans condensation) Altitude de fonctionnement : de 0 à 3 048 mètres Transport du MacBook Pro Si vous transportez le MacBook Pro dans un sac ou dans un attaché-case, assurezvous que ce dernier ne contient pas d’objets non attachés (des trombones ou des pièces de monnaie, par exemple) qui pourraient pénétrer accidentellement dans l’ordinateur par une ouverture ou se coincer à l’intérieur d’un port. Maintenez également à l’écart du port secteur MagSafe 2 tout objet à sensibilité magnétique. Utilisation des connecteurs et des ports Ne forcez jamais un connecteur à entrer dans un port. Lorsque vous branchez un appareil, assurez-vous que le port ne contient aucun résidu quelconque, que le connecteur correspond bien au port et qu’il est placé de manière à entrer correctement dans le port.Centre d’aide Vous pouvez trouver des réponses à vos questions ainsi que des instructions et des informations concernant le dépannage dans le Centre d’aide. Cliquez sur l’icône Finder, cliquez sur Aide dans la barre des menus et choisissez Centre d’aide. Informations en ligne Pour obtenir des informations en ligne sur le service et l’assistance, consultez la page www.apple.com/fr/support et choisissez votre pays dans le menu local. Vous pouvez faire des recherches dans la base de données AppleCare Knowledge Base, vérifier si de nouvelles mises à jour de logiciels sont disponibles ou obtenir de l’aide dans les forums de discussion Apple. Informations système Pour obtenir des informations sur votre MacBook Pro, servezvous d’Informations système. Cette application vous fournit la liste des composants matériels et des logiciels installés, le numéro de série et de version du système d’exploitation, la quantité de mémoire installée, etc. Pour ouvrir Informations système, choisissez le menu Pomme () > À propos de ce Mac dans la barre des menus, puis cliquez sur Plus d’infos. Apple Hardware Test Utilisez l’application Apple Hardware Test (AHT) pour savoir s’il y a un problème avec les composants matériels de l’ordinateur (les composants affectés peuvent être la mémoire ou le processeur, par exemple). Pour utiliser Apple Hardware Test : Déconnectez tous les périphériques externes de votre ordinateur, sauf l’adaptateur secteur. Redémarrez ensuite votre ordinateur en maintenant la touche D enfoncée lors du démarrage. Lorsque l’écran de sélection d’AHT s’affiche, choisissez votre langue. Appuyez sur la touche Retour ou cliquez sur la flèche droite. Lorsque l’écran principal d’AHT s’affiche (après 45 secondes environ), suivez les instructions à l’écran. En cas de détection d’un problème, AHT affiche un code d’erreur. Notez le code d’erreur avant d’entreprendre les démarches d’assistance. Si AHT ne détecte pas de panne matérielle, il est probable que le problème soit lié aux logiciels. Service et assistance AppleCare Votre MacBook Pro bénéficie d’une assistance technique de 90 jours et d’un an de couverture pour les réparations de matériel effectuées dans les magasins Apple Store ou les centres de réparation agréés Apple, tels que les Centres de services agréés Apple. Vous avez la possibilité d’étendre la durée de cette couverture en adhérant à un programme AppleCare Protection Plan. Pour en savoir plus, consultez la page www.apple.com/fr/support/products ou le site web correspondant à votre pays (la liste figure plus loin dans cette section). Modifiez fréquemment la position de vos mains pour éviter la fatigue. Après un travail continu et intensif sur ordinateur, certains utilisateurs peuvent ressentir des douleurs aux mains, aux poignets ou aux bras. Si ces douleurs persistent, consultez un spécialiste. Souris externe Si vous utilisez une souris externe, veillez à ce qu’elle se trouve à hauteur du clavier. Ménagez un espace suffisant pour la manipuler avec aisance. Siège Optez pour un siège de bureau réglable et offrant un dossier et une assise confortables. Réglez la hauteur du siège de telle sorte que vos cuisses reposent à l’horizontale et vos pieds à plat sur le sol. Le dossier du siège doit soutenir votre région lombaire, c’est-à-dire la partie inférieure de votre dos. Suivez les instructions du fabricant de sorte que le réglage du dossier soit parfaitement adapté à votre morphologie. Au besoin, relevez le siège de manière à ce que vos avantbras et vos mains soient placés correctement par rapport au clavier. Si, dans ce cas, vos pieds ne reposent plus à plat sur le sol, utilisez un repose-pied inclinable et réglable en hauteur. Si vous disposez d’un bureau modulaire, vous pouvez abaisser le niveau du plan de travail pour éviter l’emploi d’un repose-pied. Une troisième solution consiste à utiliser un bureau dont le poste de saisie est situé plus bas que le plan de travail. Écran intégré Orientez l’écran de manière à minimiser les reflets des lampes et fenêtres alentour. Ne forcez pas l’écran si vous rencontrez une résistance. L’angle d’ouverture maximal de l’écran ne peut dépasser 135 degrés. Réglez la luminosité et le contraste de l’écran chaque fois que vous déplacez l’ordinateur ou que l’éclairage ambiant change. Vous trouverez d’autres informations concernant l’ergonomie sur Internet : www.apple.com/about/ergonomics (en anglais) Apple et l’environnement Apple Inc. reconnaît sa responsabilité en matière de réduction de l’impact de ses produits et de ses activités sur l’environnement. Des informations supplémentaires sont disponibles sur Internet :www.apple.com/fr/environment Informations, services et assistance Votre MacBook Pro ne contient aucune pièce réparable par l’utilisateur. Si vous avez besoin de services de réparation, adressez-vous à Apple ou déposez votre MacBook Pro dans un Centre de Services Agréé Apple. Vous trouverez de plus amples informations sur le MacBook Pro dans le Centre d’aide, en ligne, dans Informations système et via Apple Hardware Test. Move the computer farther away from the television or radio.  Plug the computer into an outlet that is on a different circuit from the television or radio. (That is, make certain the computer and the television or radio are on circuits controlled by different circuit breakers or fuses.) If necessary, consult an Apple Authorized Service Provider or Apple. See the service and support information that came with your Apple product. Or consult an experienced radio/ television technician for additional suggestions. Important: Changes or modifications to this product not authorized by Apple Inc. could void the EMC compliance and negate your authority to operate the product. This product has demonstrated EMC compliance under conditions that included the use of compliant peripheral devices and shielded cables (including Ethernet network cables) between system components. It is important that you use compliant peripheral devices and shielded cables between system components to reduce the possibility of causing interference to radios, television sets, and other electronic devices. Responsible party (contact for FCC matters only): Apple Inc. Corporate Compliance 1 Infinite Loop, MS 91-1EMC Cupertino, CA 95014 Wireless Radio Use This device is restricted to indoor use when operating in the 5.15 to 5.25 GHz frequency band. Cet appareil doit être utilisé à l’intérieur. Exposure to Radio Frequency Energy The radiated output power of the AirPort Extreme technology is below the FCC and EU radio frequency exposure limits. Nevertheless, it is advised to use the wireless equipment in such a manner that the potential for human contact during normal operation is minimized. FCC Bluetooth® Wireless Compliance The antenna used with this transmitter must not be colocated or operated in conjunction with any other antenna or transmitter subject to the conditions of the FCC Grant. Canadian Compliance Statement This device complies with Industry Canada license-exempt RSS standard(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device. Si vous avez besoin d’assistance, le personnel d’assistance par téléphone AppleCare peut vous aider à installer et à ouvrir les applications, et propose des services de dépannage. Appelez le centre d’assistance le plus proche de chez vous (gratuit pendant les 90 premiers jours). Gardez la date d’achat et le numéro de série de votre MacBook Pro à portée de main lorsque vous appelez. La période de 90 jours d’assistance gratuite par téléphone débute à la date d’achat. France : (33) 0805 540 003 France DOM-TOM : (33) 0825 77 00 35 Belgique : (32) 070 700 773 Suisse : (41) 0848 000 132 www.apple.com/support/country Les numéros de téléphone sont susceptibles d’être modifiés. Les tarifs téléphoniques locaux et nationaux peuvent s’appliquer. Une liste complète est disponible sur Internet : www.apple.com/fr/support/contact Regulatory Compliance Information FCC Compliance Statement This device complies with part 15 of the FCC rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. See instructions if interference to radio or television reception is suspected. Radio and Television Interference This computer equipment generates, uses, and can radiate radio-frequency energy. If it is not installed and used properly—that is, in strict accordance with Apple’s instructions—it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in Part 15 of FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. You can determine whether your computer system is causing interference by turning it off. If the interference stops, it was probably caused by the computer or one of the peripheral devices. If your computer system does cause interference to radio or television reception, try to correct the interference by using one or more of the following measures:  Turn the television or radio antenna until the interference stops.  Move the computer to one side or the other of the television or radio. Français Par la présente Apple Inc. déclare que l’appareil MacBook Pro est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE. Islenska Apple Inc. lýsir því hér með yfir að þetta tæki MacBook Pro fullnægir lágmarkskröfum og öðrum viðeigandi ákvæðum Evróputilskipunar 1999/5/EC. Italiano Con la presente Apple Inc. dichiara che questo dispositivo MacBook Pro è conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE. Latviski Ar šo Apple Inc. deklarē, ka MacBook Pro ierīce atbilst Direktīvas 1999/5/EK būtiskajām prasībām un citiem ar to saistītajiem noteikumiem. Lietuvių Šiuo „Apple Inc.“ deklaruoja, kad šis MacBook Pro atitinka esminius reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas. Magyar Alulírott, Apple Inc. nyilatkozom, hogy a MacBook Pro megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak. Malti Hawnhekk, Apple Inc., jiddikjara li dan MacBook Pro jikkonforma mal-ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC. Nederlands Hierbij verklaart Apple Inc. dat het toestel MacBook Pro in overeenstemming is met de essentiële eisen en de andere bepalingen van richtlijn 1999/5/EG. Norsk Apple Inc. erklærer herved at dette MacBook Pro -apparatet er i samsvar med de grunnleggende kravene og øvrige relevante krav i EU-direktivet 1999/5/EF. Polski Niniejszym Apple Inc. oświadcza, że ten MacBook Pro są zgodne z zasadniczymi wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC. Português Apple Inc. declara que este dispositivo MacBook Pro está em conformidade com os requisitos essenciais e outras disposições da Directiva 1999/5/CE. Română Prin prezenta, Apple Inc. declară că acest aparat MacBook Pro este în conformitate cu cerinţele esenţiale şi cu celelalte prevederi relevante ale Directivei 1999/5/CE. Slovensko Apple Inc. izjavlja, da je ta MacBook Pro skladne z bistvenimi zahtevami in ostalimi ustreznimi določili direktive 1999/5/ES. Slovensky Apple Inc. týmto vyhlasuje, že toto MacBook Pro spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999/5/ES. Suomi Apple Inc. vakuuttaa täten, että tämä MacBook Pro tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen. Svenska Härmed intygar Apple Inc. att denna MacBook Pro står i överensstämmelse med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 1999/5/EG. Cet appareil est conforme aux normes CNR exemptes de licence d’Industrie Canada. Le fonctionnement est soumis aux deux conditions suivantes : (1) cet appareil ne doit pas provoquer d’interférences et (2) cet appareil doit accepter toute interférence, y compris celles susceptibles de provoquer un fonctionnement non souhaité de l’appareil. Bluetooth Industry Canada Statement This Class B device meets all requirements of the Canadian interference-causing equipment regulations. Cet appareil numérique de la Class B respecte toutes les exigences du Règlement sur le matériel brouilleur du Canada. Industry Canada Statement Complies with the Canadian ICES-003 Class B specifications. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. This device complies with RSS 210 of Industry Canada. European Compliance Statement This product complies with the requirements of European Directives 2006/95/EC, 2004/108/EC, and 1999/5/EC. Europe–EU Declaration of Conformity Български Apple Inc. декларира, че това MacBook Pro е в съответствие със съществените изисквания и другите приложими правила на Директива 1999/5/ЕС. Česky Společnost Apple Inc. tímto prohlašuje, že tento MacBook Pro je ve shodě se základními požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES. Dansk Undertegnede Apple Inc. erklærer herved, at følgende udstyr MacBook Pro overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF. Deutsch Hiermit erklärt Apple Inc., dass sich das MacBook Pro in Übereinstimmung mit den grundlegenden Anforderungen und den übrigen einschlägigen Bestimmungen der Richtlinie 1999/5/EG befinden. Eesti Käesolevaga kinnitab Apple Inc., et see MacBook Pro vastab direktiivi 1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele. English Hereby, Apple Inc. declares that this MacBook Pro is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC. Español Por medio de la presente Apple Inc. declara que este MacBook Pro cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/5/CE. Ελληνικά Mε την παρούσα, η Apple Inc. δηλώνει ότι αυτή η συσκευή MacBook Pro συμμορφώνεται προς τις βασικές απαιτήσεις και τις λοιπές σχετικές διατάξεις της Οδηγίας 1999/5/ΕΚ.警告 本電池如果更換不正確會有爆炸的危險 請依製造商說明書處理用過之電池 Japan VCCI Class B Statement Russia Informations sur le modem externe USB Lorsque vous connectez votre MacBook Pro à la ligne téléphonique à l’aide d’un modem externe USB, référez-vous à la section relative à l’entreprise de télécommunications dans la documentation fournie avec le modem. ENERGY STAR® Compliance As an ENERGY STAR® partner, Apple has determined that standard configurations of this product meet the ENERGY STAR® guidelines for energy efficiency. The ENERGY STAR® program is a partnership with electronic equipment manufacturers to promote energy-efficient products. Reducing energy consumption of products saves money and helps conserve valuable resources. This computer is shipped with power management enabled with the computer set to sleep after 10 minutes of user inactivity. To wake your computer, click the mouse or trackpad button or press any key on the keyboard. For more information about ENERGY STAR®, visit: www.energystar.gov A copy of the EU Declaration of Conformity is available at: www.apple.com/euro/compliance This equipment can be used in the following countries: European Community Restrictions Français Pour usage en intérieur uniquement. Consultez l’Autorité de Régulation des Communications Electroniques et des Postes (ARCEP) pour connaître les limites d’utilisation des canaux 1 à 13. www.arcep.fr Korea Warning Statements B૶ૺૺ(ਜ਼ႜဧ෮໽ቛཅૺၴႁ) ၦૺૺ௴ਜ਼ႜဧ(B૶) ႖ၴኒ႕ጁૺૺച໏჎ച ਜ਼ႜ࿝໏ຫဧዻ௴ઇၕඛ႕ၒചዻඑ, ක౷ხ ࿦࿝໏ຫဧዾ༘ၰཀఁఋ. ෮ቛ၁ધགྷ࿝ಋ൏ધხຫጃ ጄఙඳ໓໕๗௴ဪဧთ႖ኒጯཅਜ਼௻ໜၦၰၗ ၦૺૺ௴ၨ඗ྦ႖઴શഏౘ໏๗༺࿝ຫဧዾ༘࿖ཀఁఋ ఝዽූ૑ ૬ႜ ෟ ა༘ Singapore Wireless Certification Taiwan Wireless Statements Taiwan Class B StatementChina Battery Statement Taiwan Battery Statement Remplacement de la batterie La batterie rechargeable doit être remplacée uniquement par Apple ou un Centre de services agréé Apple. Pour en savoir plus sur les services de remplacement de la batterie, consultez le site : http://www.apple.com/fr/batteries/replacements.html Battery Charger Efficiency 020-5563-A EFUP15china Informations sur l’élimination et le recyclage Le symbole ci-dessus signifie que vous devez vous débarrasser de votre produit selon les normes et la législation de votre pays. Lorsque votre produit n’est plus utilisable, contactez Apple ou les autorités locales afin de connaître les possibilités de recyclage. Pour en savoir plus sur le programme de recyclage Apple, consultez le site : www.apple.com/fr/environment/recycling European Union—Disposal Information The symbol above means that according to local laws and regulations your product should be disposed of separately from household waste. When this product reaches its end of life, take it to a collection point designated by local authorities. Some collection points accept products for free. The separate collection and recycling of your product at the time of disposal will help conserve natural resources and ensure that it is recycled in a manner that protects human health and the environment. Türkiye EEE yönetmeliğine (Elektrikli ve Elektronik Eşyalarda Bazı Zararlı Maddelerin Kullanımının Sınırlandırılmasına Dair Yönetmelik) uygundur. Brasil—Informações sobre descarte e reciclagem O símbolo acima indica que este produto e/ou sua bateria não devem ser descartadas no lixo doméstico. Quando decidir descartar este produto e/ou sua bateria, faça-o de acordo com as leis e diretrizes ambientais locais. Para informações sobre o programa de reciclagem da Apple, pontos de coleta e telefone de informações, visite www.apple.com/br/environment. Informations sur l’enlèvement de la batterie Jetez vos batteries usagées en respectant les lois et les consignes environnementales de votre pays. Deutschland: Dieses Gerät enthält Batterien. Bitte nicht in den Hausmüll werfen. Entsorgen Sie dieses Gerät am Ende seines Lebenszyklus entsprechend der maßgeblichen gesetzlichen Regelungen. Nederlands: Gebruikte batterijen kunnen worden ingeleverd bij de chemokar of in een speciale batterijcontainer voor klein chemisch afval (kca) worden gedeponeerd.contenues dans la documentation technique, les manuels d’utilisation et les communications. CE QUI N’EST PAS COUVERT PAS LA PRESENTE GARANTIE COMMERCIALE La présente garantie commerciale ne s’applique pas aux produits ou logiciels qui ne sont pas de la marque Apple, même s’ils sont emballés ou vendus avec un Produit Apple. Les fabricants, fournisseurs ou éditeurs autres que Apple peuvent vous fournir leurs propres garanties mais Apple, dans la mesure de ce qui est permis par la loi, fournit leurs produits « en l’état ». Les logiciels distribués par Apple, sous la marque Apple ou non, (y compris, de façon non limitative, les logiciels de système) ne sont pas couverts par cette garantie. Nous vous prions de bien vouloir vous reporter au contrat de licence accompagnant le logiciel pour les détails de vos droits concernant son utilisation. Apple ne garantit pas que le fonctionnement du Produit Apple sera ininterrompu ou sans erreur. Apple n’est pas responsable des dommages provenant du non-respect des instructions d’utilisation du produit. Cette garantie ne s’applique pas : (a) aux pièces consommables, telles que les batteries, sauf si le dommage est dû à un vice de matière ou de fabrication ; (b) à tout dommage esthétique, comprenant notamment toute rayure, bosse ou élément en plastique de ports cassé ; (c) à tout dommage causé par l’utilisation avec un autre produit ; (d) à tout dommage causé par accident, abus, mauvaise utilisation, contact avec des éléments liquides, feu, tremblement de terre ou autres causes extérieures ; (e) à tout dommage causé par une utilisation du Produit Apple non conforme aux instructions diffusées par Apple ; (f) à tout dommage causé par toute intervention (y compris les mises à niveau et les extensions) effectuée par toute personne qui n’est pas un représentant d’Apple ou un prestataire de services agréé Apple («PSAA»); (g) à un Produit Apple qui a été modifié de telle manière à en altérer les fonctionnalités ou les capacités sans l’autorisation écrite d’Apple ; (h) aux défauts causés par une usure normale ou dus au vieillissement normal du produit ; ou (i) si un numéro de série Apple a été enlevé du Produit Apple ou rendu illisible. VOS RESPONSABILITES SI VOTRE PRODUIT APPLE EST CAPABLE DE STOCKER DES LOGICIELS, DONNES ET AUTRES INFORMATIONS, ALORS NOUS VOUS RECOMMANDONS D’EFFECTUER DES COPIES DE SAUVEGARDE PERIODIQUES DES INFORMATIONS CONTENUES SUR LE SUPPORT DE STOCKAGE AFIN D’EN PROTEGER LE CONTENU ET DE VOUS PREMUNIR CONTRE D’EVENTUELLES DEFAILLANCES DE FONCTIONNEMENT. Avant de pouvoir bénéficier du service de garantie, Apple ou ses représentants peuvent vous demander de fournir une preuve d’achat, de répondre à des questions dans le but de les assister à diagnostiquer les problèmes potentiels ou de suivre les procédures d’Apple pour obtenir le service de garantie. Avant de déposer votre Produit Apple pour tout service de garantie, vous vous engagez à créer une copie de sauvegarde du support de stockage, à effacer toutes les Contrat de licence du logiciel L’utilisation de MacBook Pro constitue l’acceptation des conditions générales des licences de logiciels d’Apple et de tierces parties, que vous pouvez consulter à l’adresse : www.apple.com/legal/sla Garantie d’Apple Limitée à un (1) an - Mac Pour les produits de marque Apple uniquement EN QUOI LE DROIT DE LA CONSOMMATION SE RAPPORTE-TIL A CETTE GARANTIE  CETTE GARANTIE VOUS CONFERE DES DROITS SPECIFIQUES ET IL SE PEUT QUE VOUS BENEFICIIEZ D’AUTRES DROITS EN FONCTION DE VOTRE PAYS, REGION OU ETAT, Y COMPRIS POUR LES CONSOMMATEURS FRANÇAIS LES DROITS DETAILLES CI-DESSOUS. A L’EXCEPTION DE CE QUI EST AUTORISE PAR LA LOI, APPLE N’EXCLUT, NE LIMITE NI NE SUSPEND AUCUN DES AUTRES DROITS DONT VOUS POURRIEZ BENEFICIER, NOTAMMENT CEUX RESULTANT DE LA GARANTIE LEGALE DE CONFORMITÉ ATTACHEE AU CONTRAT DE VENTE. AFIN DE PRENDRE PLEINEMENT CONNAISSANCE DE VOS DROITS, NOUS VOUS INVITONS A CONSULTER LES LOIS DE VOTRE PAYS, REGION OU ETAT. LES LIMITATIONS DE GARANTIE POUVANT AFFECTER LE DROIT DE LA CONSOMMATION DANS LA MESURE AUTORISEE PAR LA LOI, LA PRESENTE GARANTIE ET LES RECOURS STIPULES CI-DESSUS SONT EXCLUSIFS ET SONT EN LIEU ET PLACE DE TOUTES AUTRES GARANTIES, RECOURS ET DROITS, QU’ILS SOIENT ECRITS OU ORAUX, LEGAUX, EXPRES OU TACITES. APPLE EXCLUT EXPRESSEMENT TOUTES GARANTIES LEGALES ET TACITES, Y COMPRIS ET SANS QUE CETTE LISTE NE SOIT LIMITATIVE, LES GARANTIES DE QUALITE MARCHANDE, DE CONFORMITE A UN USAGE PARTICULIER ET DES VICES CACHES OU LATENTS, DANS LA MESURE DE CE QUI EST PERMIS PAR LA LOI. SI CES GARANTIES NE PEUVENT PAS VALABLEMENT ETRE EXCLUES, APPLE LIMITERA, DANS LA MESURE AUTORISEE, LA DUREE DE CELLES-CI ET LES RECOURS Y AFFERENTS, A LA DUREE DE LA PRESENTE GARANTIE COMMERCIALE ET, A LA DISCRETION D’APPLE, A LA REPARATION OU AU REMPLACEMENT DU PRODUIT, COMME DECRIT CI-DESSOUS. CERTAINS PAYS, ETATS OU REGIONS N’AUTORISENT PAS LA LIMITATION DE LA DUREE DES GARANTIES LEGALES. DE CE FAIT, LES LIMITATIONS PREVUES CI-DESSUS PEUVENT NE PAS S’APPLIQUER A VOUS. CE QUI EST COUVERT PAR LA PRESENTE GARANTIE COMMERCIALE Apple garantit le produit de marque Apple et ses accessoires tels que contenus dans l’emballage d’origine (le “Produit Apple”) contre les vices de fabrication et de matière, dans des conditions normales d’utilisation, conformément aux instructions diffusées par Apple, pour une durée de UN (1) AN à compter de la date d’achat par l’acheteur final (“Durée de la Garantie”). Les instructions diffusées par Apple incluent, sans limitation, les informations d’emballage, afin que vous puissiez faire parvenir votre Produit Apple à un SRA ou à un PSAA, conformément aux instructions d’Apple. Une fois le service effectué, le SRA ou le PSAA vous renverra le Produit Apple. Si toutes les instructions sont suivies, Apple assumera les frais d’envoi et de retour. (iii) Service “faites-le vous-même” (“DIY”). Le service DIY vous permet de réparer vous-même votre Produit Apple. Si le service DIY est applicable compte tenu des circonstances, les procédures suivantes pourront, selon les cas, s’appliquer : (a) Service pour lequel Apple vous demande le retour du produit ou de la pièce remplacé(e). Apple pourra vous demander une autorisation de prélèvement sur votre carte de crédit pour garantir le prix au détail du produit ou de la pièce de remplacement ainsi que les coûts de transport applicables. Si vous n’êtes pas en mesure de fournir une telle autorisation, vous pourrez ne pas être en mesure d’accéder au service DIY et Apple vous proposera alors une solution alternative. Apple vous enverra le produit ou la pièce de remplacement avec, le cas échéant, les instructions pour l’installer, ainsi que les conditions de renvoi du produit ou de la pièce remplacée. Si vous suivez les instructions, Apple annulera l’autorisation de prélèvement, et vous ne supporterez pas les coûts de transport du produit ou de la pièce détachée. Si vous ne retournez pas le produit ou la pièce remplacée comme indiqué ou si le produit ou la pièce remplacée ne remplit pas les conditions permettant de bénéficier du service de garantie, Apple débitera la carte de crédit du montant autorisé. (b) Service pour lequel Apple ne vous demande pas le retour du produit ou de la pièce remplacé(e). Apple vous enverra gratuitement une pièce ou un produit de remplacement avec, le cas échéant, les instructions d’installation, ainsi que toutes les conditions pour le traitement du produit ou de la pièce remplacé(e). (c) Apple n’est responsable d’aucun coût de main d’œuvre que vous pourriez supporter en relation avec le service DIY. Si vous avez besoin d’une assistance particulière, merci de bien vouloir contacter Apple au numéro de téléphone indiqué ci-dessous. Apple se réserve le droit de modifier les moyens par lesquels Apple pourrait vous fournir le service de garantie ainsi que l’éligibilité de votre Produit Apple à une méthode de service en particulier. Le service de garantie sera limité aux options disponibles dans le pays où le service est demandé. Les options du service, la disponibilité des pièces et les délais de traitement varient en fonction des pays. Vous pourrez être tenu de payer les frais d’expédition et de transport si le Produit Apple ne peut pas être réparé dans le pays dans lequel il se trouve. Si vous demandez à bénéficier du service dans un pays qui n’est pas le pays d’achat, vous devrez vous conformer à toutes les lois applicables relatives à l’importation et à l’exportation et serez redevable des droits de douane, de la TVA et toutes autres taxes et coûts informations personnelles que vous souhaitez protéger ainsi qu’à désactiver tous vos mots de passe. IL EST POSSIBLE QUE LE CONTENU DU SUPPORT DE STOCKAGE DE VOTRE PRODUIT APPLE SOIT PERDU REMPLACE OU REFORMATE LORS DE LA MISE EN OEUVRE DES SERVICES DE GARANTIE. DANS UNE TELLE HYPOTHESE, APPLE ET SES REPRESENTANTS NE SERONT PAS RESPONSABLE DE LA PERTE DES LOGICIELS, DONNEES OU AUTRES INFORMATIONS CONTENUES SUR LE SUPPORT DE STOCKAGE OU TOUTE AUTRE PARTIE DU PRODUIT APPLE REMIS. Votre Produit Apple, ou un Produit Apple de remplacement, vous sera retourné configuré tel que vous l’avez acheté, sous réserve des mises à jour applicables. Il vous appartiendra de réinstaller tous les autres logiciels, données et informations. La récupération et la réinstallation des autres programmes de logiciels, données et informations ne sont pas couvertes par cette garantie. QUE FERA APPLE EN CAS DE MISE EN OEUVRE DE LA GARANTIE ? Si une réclamation valable est reçue par Apple ou un PSAA pendant la Durée de la Garantie, Apple va, à son choix (i) réparer le Produit Apple en utilisant des pièces neuves ou des pièces dont les performances et la fiabilité sont équivalentes à celles d’une pièce neuve, ou (ii) échanger le Produit Apple avec un produit qui est au moins fonctionnellement équivalent au produit d’origine et qui est constitué de plusieurs pièces neuves ou de pièces dont les performances et la fiabilité sont équivalentes, ou (iii) rembourser le prix d’achat du Produit Apple. Apple pourra vous demander de remplacer certaines pièces ou certains produits pouvant être installés par l’utilisateur. Un produit ou une pièce de rechange, y compris une pièce pouvant être installée par l’utilisateur et qui aura été installée conformément aux instructions fournies par Apple, sera garantie pour la plus longue des durées suivantes : la durée restant à courir de la garantie du Produit Apple d’origine ou une durée de quatre-vingt dix (90) jours à compter de la date du remplacement ou de la réparation. Lorsqu’un produit ou une pièce est échangé(e) ou remboursé(e), toute pièce de rechange devient votre propriété et la pièce échangée ou remboursée devient la propriété d’Apple. COMMENT OBTENIR LE SERVICE DE GARANTIE? Apple fournira le service de garantie selon l’une des options suivantes : (i) Service sur place. Vous pouvez déposer votre Produit Apple dans un Magasin Apple ou chez un PSAA offrant un service sur place. Le service sera effectué sur place ou le Produit Apple pourra être envoyé par le Magasin Apple ou par le PSAA à un service de réparation Apple (“SRA”) afin d’être réparé. Une fois averti de la réparation de votre produit, vous devrez rapidement venir le récupérer auprès du Magasin Apple ou chez le PSAA, ou, le Produit Apple vous sera directement envoyé par le SRA. (ii) Service prêt à poster. Si Apple estime que votre Produit Apple peut être envoyé par courrier, Apple vous fera parvenir une enveloppe prépayée et si nécessaire, des matériaux Il répond également des défauts de conformité résultant de l’emballage, des instructions de montage ou de l’installation lorsque celle-ci a été mise à sa charge par le contrat ou a été réalisée sous sa responsabilité. » Article L. 211-5 du code de la consommation français « Pour être conforme au contrat, le bien doit : 1° Etre propre à l’usage habituellement attendu d’un bien semblable et, le cas échéant : - correspondre à la description donnée par le vendeur et posséder les qualités que celui-ci a présentées à l’acheteur sous forme d’échantillon ou de modèle ; - présenter les qualités qu’un acheteur peut légitimement attendre eu égard aux déclarations publiques faites par le vendeur, par le producteur ou par son représentant, notamment dans la publicité ou l’étiquetage ; 2° Ou présenter les caractéristiques définies d’un commun accord par les parties ou être propre à tout usage spécial recherché par l’acheteur, porté à la connaissance du vendeur et que ce dernier a accepté. » Article L. 211-12 du code de la consommation français « L’action résultant du défaut de conformité se prescrit par deux ans à compter de la délivrance du bien. » Article 1641 du code civil français « Le vendeur est tenu de la garantie à raison des défauts cachés de la chose vendue qui la rendent impropre à l’usage auquel on la destine, ou qui diminuent tellement cet usage que l’acheteur ne l’aurait pas acquise, ou n’en aurait donné qu’un moindre prix, s’il les avait connus.» Article 1648 alinéa 1er du code civil français « L’action résultant des vices rédhibitoires doit être intentée par l’acquéreur dans un délai de deux ans à compter de la découverte du vice. » RESPECT DE LA VIE PRIVEE Apple, en sa qualité de responsable de traitement, conservera et utilisera les informations du client conformément à la politique de confidentialité Apple, qui peut être consultée sur la page web suivante: www.apple.com/legal/warranty/privacy. STIPULATIONS GENERALES Aucun revendeur, agent ou salarié Apple n’est habilité à modifier, proroger ou compléter la présente garantie. Si une stipulation des présentes est déclarée illégale ou inapplicable, la validité des autres stipulations ne sera pas affectée. Cette garantie est régie et interprétée selon les lois du pays dans lequel le Produit Apple a été acheté. Apple est identifiée à la fin de ce document selon le pays dans lequel le Produit Apple a été acheté. Apple et ses successeurs sont les garants en vertu de cette garantie. associés. En ce qui concerne les services internationaux, Apple peut réparer ou échanger les produits ou les pièces par des produits ou pièces comparables conformes aux standards locaux. LIMITATION DE RESPONSABILITE A L’EXCEPTION DE CE QUI EST PREVU DANS LA PRESENTE GARANTIE COMMERCIALE ET DANS LA MESURE AUTORISEE PAR LA LOI, APPLE N’EST PAS RESPONSABLE DES DOMMAGES DIRECTS, SPÉCIFIQUES, ACCESSOIRES OU INDIRECTS, CONSECUTIFS OU NON, RESULTANT DE LA VIOLATION DE TOUTE GARANTIE OU RESPONSABILITE OU DE TOUT AUTRE CONCEPT JURIDIQUE, Y COMPRIS DE FACON NON LIMITATIVE TOUTE PERTE D’UTILISATION, PERTE DE REVENU, PERTE DE PROFITS REELS OU ANTICIPES (Y COMPRIS TOUTE PERTE DE PROFITS LIES A DES CONTRATS), PERTE DE DISPONIBILITE FINANCIERE, PERTE D’ECONOMIES PREVUES, PERTE D’AFFAIRES, PERTE D’OPPORTUNITES, PERTE DE CLIENTELE, DOMMAGE A LA REPUTATION, PERTE, DOMMAGE A, OU ENDOMMAGEMENT DE DONNEES, OU PERTE OU DOMMAGE INDIRECT OU CONSECUTIF, QUELLE QU’EN SOIT LA CAUSE, Y COMPRIS LE REMPLACEMENT DE MATERIELS OU DE BIENS, TOUS FRAIS DE RECUPERATION, DE PROGRAMMATION OU DE REPRODUCTION DE TOUT PROGRAMME OU DE TOUTE DONNEE STOCKEE OU UTILISEE AVEC LES PRODUITS APPLE ET TOUT ECHEC DANS LA PRESERVATION DE LA CONFIDENTIALITE DES DONNEES STOCKEES SUR LE PRODUIT APPLE. LA PRESENTE LIMITATION NE S’APPLIQUE PAS AUX RECLAMATIONS EN CAS DE DECES OU DE DOMMAGES CORPORELS OU EN CAS DE RESPONSABILITÉ LÉGALE POUR DOL OU FAUTE LOURDE ET/OU OMISSION. APPLE NE DONNE AUCUNE GARANTIE QUANT A SA CAPACITE A REPARER TOUT PRODUIT APPLE AUX TERMES DE LA PRESENTE GARANTIE NI A ECHANGER TOUT PRODUIT APPLE SANS AUCUN RISQUE NI AUCUNE PERTE DE PROGRAMME OU DE DONNEES. CERTAINS PAYS REGIONS, OU ETATS NE PERMETTENT PAS L’EXCLUSION OU LA LIMITATION DE RESPONSABILITE VIS-A-VIS DE CERTAINES CATEGORIES D’ACHETEURS TELS LES CONSOMMATEURS, DE TELLE SORTE QUE CERTAINES EXCLUSIONS ET LIMITATIONS PREVUES CI-DESSUS PEUVENT NE PAS S’APPLIQUER A VOUS. Nonobstant les stipulations de la présente garantie commerciale, Apple reste en toute hypothèse tenue, vis-à-vis des consommateurs, des défauts de conformité, dans les conditions prévues aux articles L. 211-1 et suivants du code de la consommation français et des vices rédhibitoires, dans les conditions prévues aux articles 1641 à 1649 du code civil français. Conformément aux dispositions de l’article L. 211-15 du code de la consommation français, les articles suivants s’appliquent aux consommateurs : Article L. 211-4 du code de la consommation français « Le vendeur est tenu de livrer un bien conforme au contrat et répond des défauts de conformité existant lors de la délivrance.Région/Pays d’achat Adresse Tous les pays Apple Distribution International Hollyhill Industrial Estate Hollyhill, Cork, Republic of Ireland ASIE/PACIFIQUE Australie ; Nouvelle Zélande, Fidji, PapouasieNouvelle- Guinée ; Vanuatu Apple Pty. Limited. PO Box A2629, Sydney South, NSW 1235, Australia Hong Kong Apple Asia Limited 2401 Tower One, Times Square, Causeway Bay; Hong Kong Inde Apple India Private Ltd. 19th Floor, Concorde Tower C, UB City No 24, Vittal Mallya Road, Bangalore 560-001, India Japon Apple Japan Inc. 3-20-2 Nishishinjuku, Shinjuku-ku, Tokyo, Japan Corée Apple Korea Ltd. 3201, ASEM Tower; 159, Samsung-dong, Gangnam-Gu; Seoul 135-798, Republic of Korea Afghanistan, Bangladesh, Bhoutan, Brunei, Cambodge Guam, Indonésie, Laos, Singapour, Malaisie, Népal, Pakistan, Philippines, Sri Lanka, Vietnam Apple South Asia Pte. Ltd. 7 Ang Mo Kio Street 64 Singapore 569086 République populaire de Chine Apple Computer Trading (Shanghai) Co. Ltd. Room 1815, No. 1 Jilong Road, Waigaoqiao Free Trade Zone, Shanghai 200131 China Thaïlande Apple South Asia (Thailand) Limited 25th Floor, Suite B2, Siam Tower, 989 Rama 1 Road, Pataumwan, Bangkok, 10330 Taiwan Apple Asia LLC 16A, No. 333 Tun Hwa S. Road. Sec. 2, Taipei, Taiwan 106 Autres pays d’Asie Pacifique Apple Inc. 1 Infinite Loop; Cupertino, CA 95014, U.S.A. 032212 Mac Warranty French v2 INFORMATION EN LIGNE De plus amples informations sont disponibles en ligne sur les sujets suivants : Information internationales de support www.apple.com/support/country Distributeurs agréés www.apple.com/buy Prestataire de Service Agréé Apple support.apple.com/kb/HT1434 Magasins Apple (“Apple Retail Store”) www.apple.com/retail/storelist/ Support et service Apple support.apple.com/kb/HE57 Support gratuit Apple www.apple.com/support/country/ index.html?dest=complimentary Societe Apple Garante Pour La Région Ou Le Pays D’achat Région/Pays d’achat Adresse AMÉRIQUE Brésil Apple Computer Brasil Ltda Av. Cidade Jardim 400, 2 Andar, Sao Paulo, SP Brasil 01454-901 Canada Apple Canada Inc. 7495 Birchmount Rd.; Markham, Ontario, Canada; L3R 5G2 Canada Mexique Apple Operations Mexico, S.A. de C.V. Prolongación Paseo de la Reforma #600, Suite 132, Colonia Peña Blanca, Santa Fé, Delegación Álvaro Obregón, México D. F., CP 01210, Mexico Etats-Unis et autres pays d’Amérique Apple Inc. 1 Infinite Loop; Cupertino, CA 95014, U.S.A. EUROPE, MOYEN-ORIENT ET AFRIQUE© 2012 Apple Inc. Tous droits réservés. Apple, le logo Apple, AirPort Extreme, iPod, Mac, MacBook et MagSafe sont des marques d’Apple Inc., déposées aux États-Unis et dans d’autres pays. Apple Store et AppleCare sont des marques de service d’Apple Inc. déposées aux États-Unis et dans d’autres pays. La marque et les logos Bluetooth® sont la propriété de Bluetooth SIG, Inc. et sont concédés sous licence par Apple Inc. ENERGY STAR® est une marque déposée aux États-Unis. F034-6359-A Printed in XXXX Pushing the Limits of Hardware The Mac Pro, which was first introduced in 2006, has evolved over the years to take in account the requirements of the creative community around the world, driving hardware trends such as multiprocessor architectures, graphics performance and expansion. Combined with Leopard, the latest release of Mac OS X, the new Mac Pro continues to redefine the creative work environment. Over the years, creative workflows have evolved considerably, moving from mainly print-centric production environments to multiple media and increasingly diverse output channels. While five or ten years ago, the separation between different disciplines were relatively clear-cut, the same is not true any more today. In many cases, the same creative professionals who work on display advertisements, for instance, will also have to tackle interactive content, digital video, web development, 3D rendering and audio production. As a result, the hardware requirements for the creative workstation have grown dramatically in terms of media diversity as well as concerning quantity and size of the files that need to be managed and processed. About this Report This report analyzes the results of a benchmark project conducted by Pfeiffer Consulting for Apple, comparing performance and workflow productivity of the 8-core 2.8GHz and 3.2GHz Mac Pro introduced in early 2008 with earlier Macintosh models including the dual 2.0GHz Power Mac G5, the Power Mac G5 Quad, as well as the previous generation Mac Pro. To find out more about the benchmarks and hardware configurations, please refer to the Methodology sidebar on page 3. The project included system benchmarks as well as performance and productivity measures conducted with Adobe Creative Suite 3 as well as QuarkXPress 7.3.1. Productivity benchmarks cover workflow productivity and inter-application integration measures. In addition, this report takes a closer look at the hardware differences between the latest Mac Pro and previous versions of the Mac Pro family. (See page 6.) If you are interested in a detailed discussion of hardware configurations and benchmark methodology, as well as complete results of all benchmarks, please download the complete Mac Pro 2008 Benchmark Report at www.pfeifferreport.com. Major Findings • The 2008 Mac Pro provides an optimized hardware platform with increased hardware performance and greater memory bandwidth than earlier models. • Based on the benchmarks conducted for this project, the 2008 Mac Pro offers a clear increase in performance and productivity over the previous generation Mac Pro and older Macintosh computers. • The 2008 Mac Pro brings extended multiprocessing architectures to the mainstream by providing eight processing cores in almost all configurations. About Pfeiffer Consulting • Pfeiffer Consulting is an independent technology research institute and consulting operation focused on the needs of publishing, digital content production, and new media professionals. • Download the complete Mac Pro 2008 Benchmark Report at www.pfeifferreport.com. Pfeiffer Report • Benchmark Analysis Pfeiffer Consulting 01001011 Mac Pro 2008: Performance and Productivity for Creative Pros Productivity and workflow efficiency of the 2008 Mac Pro with the Adobe Creative Suite 3 and QuarkXPress 7 © Pfeiffer Consulting 2008 Mac Pro 2008: Performance and Productivity for Creative Pros 1Performance vs. Productivity Performance and productivity are completely different notions and rely on different aspects of a computing platform. Processor frequency, memory speed and bandwidth, disk performance, graphics architecture, and, of course, the operating system all play together to deliver a satisfying and efficient user experience. Only if all hardware and software components work together in an optimal way can we expect maximum efficiency and productivity. In other words, number-crunching prowess is not the only factor that counts. A computer can be very powerful at complex computations such as 3D rendering, yet deliver a poor overall productivity profile. It is for this reason that the benchmarks conducted for this project are comprised of a wide variety of tests and efficiency measures ranging from aspects such as application launch and file copy to pure performance measures of cutting-edge applications such as Photoshop CS3, as well as workflow productivity measures of common tasks. How Does the Latest Mac Pro Stack Up? The benchmarks conducted for this report compare the 8-core 2.8GHz and 3.2GHz Mac Pro released in early 2008 with the previous generation Mac Pro, as well as older Power Mac models. The test results clearly show the increase in performance that the new hardware platform procures. Major Points • Based on the benchmarks conducted for this project, the Mac Pro released in early 2008 represents a highly optimized computing platform that increases performance and productivity over previous Macintosh models. • The 2008 Mac Pro offers a clear increase in performance over the previous generation Mac Pro, the Power Mac G5 and older Macintosh computers in basic system benchmarks, as well as in application-based performance measures. • Efficiency of key applications such as Photoshop CS3 is significantly better on the latest Mac Pro than on older models. Photoshop CS3 Performance (Total Time) Time scale in seconds. Shorter is better. 49.67 57.97 47.50 52.97 0 50 100 150 200 250 300 350 400 Mac Pro 2008 (3.2GHz) Mac Pro 2008 (2.8GHz) Mac Pro 3.0GHz (8-core Xeon) Mac Pro 3.0GHz (4-core Xeon) Power Mac G5 Quad Power Mac G5 (2.0GHz) Mac Pro 3.0GHz (8-core Xeon) Mac Pro 3.0GHz (quad-core Xeon) Mac Pro 2008 (3.2GHz) Mac Pro 2008 (2.8GHz) Power Mac G5 Quad Power Mac G5 (2.0GHz) 6 min 07 sec 3 min 56 sec 59.59 2 min 54 sec 2 min 41 sec 2 min 35 sec 2 min 19 sec 6 min 07 sec 3 min 56 sec 2 min 54 sec 2 min 41 sec 2 min 35 sec 2 min 19 sec Mac Pro 3.0GHz 8-core first gen. Mac Pro 3.0GHz quad-core first gen. Mac Pro 2008 3.2GHz 8-core Mac Pro 2008 2.8GHz 8-core Power Mac G5 Quad Power Mac G5 2.0GHz All Workflow Benchmarks (Total Time) Time scale in seconds. Shorter is better. 49.67 57.97 47.50 52.97 0 100 200 300 400 500 600 0 100 200 300 400 500 600 Mac Pro 2008 (3.2GHz) Mac Pro 2008 (2.8GHz) Mac Pro 3.0GHz (8-core Xeon) Mac Pro 3.0GHz (4-core Xeon) Power Mac G5 Quad Power Mac G5 (2.0GHz) Mac Pro 3.0GHz (8-core Xeon) Mac Pro 3.0GHz (quad-core Xeon) Mac Pro 2008 (3.2GHz) Mac Pro 2008 (2.8GHz) Power Mac G5 Quad Power Mac G5 (2.0GHz) 9 min 29 sec 8 min 06 sec 59.59 6 min 18 sec 6 min 04 sec 5 min 55 sec 5 min 19 sec 6 min 07 sec 3 min 56 sec 2 min 54 sec 2 min 41 sec 2 min 35 sec 2 min 19 sec Mac Pro 3.0GHz 8-core first gen. Mac Pro 3.0GHz quad-core first gen. Mac Pro 2008 3.2GHz 8-core Mac Pro 2008 2.8GHz 8-core Power Mac G5 Quad Power Mac G5 2.0GHz Mac Pro 2008: Key Performance and Productivity Data Performance increases in frequently performed, time-consuming operations are very important in deadline-driven work environments. The chart on the left shows the cumulative time of all Photoshop performance benchmarks in this benchmark project, including common operations such as unsharp masking, resampling and image rotation performed with files of varying sizes. The chart on the right shows the cumulated time of all workflow benchmarks. Both sets of data underline the performance and productivity increase of the latest generation Mac Pro over older Macintosh models. Mac Pro: Key Performance Data © Pfeiffer Consulting 2008 2 Mac Pro 2008: Performance and Productivity for Creative ProsIt is interesting to note that despite a relatively modest increase in processor speed the 2008 Mac Pro is clearly faster than the previous generation Mac Pro. Compared with older models such as the Power Mac G5 Quad, it is almost twice as fast in many tests. A good example for this is the Photoshop Filter Index benchmark. Different Photoshop filters draw upon varying hardware aspects; for example, some use mainly floating point calculations, others rely on integer performance, yet others mainly on memory bandwidth. This makes the Photoshop Filter Index a good indicator of the overall performance of a computer. The 3.2GHz Mac Pro performed significantly better than older models, scoring 0.72 seconds per filter, compared with 0.80 seconds for 3.0 GHz 8-core Mac Pro released in 2007. In other words, the Mac Pro hardware platform keeps evolving at a significant pace, and shows coherent performance and productivity increases over previous models. Combined with the Adobe Creative Suite 3 and QuarkXPress 7.3.1, the 8-core 2.8GHz and 3.2GHz Mac Pro offer a measurably faster and more productive hardware platform than older Macintosh models, and contribute to redefining the creative workflow in terms of efficiency and performance. This report was created by Pfeiffer Consulting (http://www.pfeifferconsulting.com). Reproduction prohibited without prior written permission. For further information, please contact research@pfeifferreport.com. Adobe, Illustrator, InDesign, and Photoshop are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. Apple, the Apple logo, Mac, Macintosh, Mac OS, Mac Pro and Power Mac are trademarks of Apple, Inc., registered in the United States and other countries. PowerPC is a trademark of International Business Machines Corporation, used under license therefrom. All other trademarks are the property of their respective owners. The Photoshop Filter Index benchmark measures the time necessary to compute 103 Photoshop filters in succession on a 10MB image file. The times displayed in this chart show the average time per filter. Basic system benchmarks measure the time necessary for frequent system tasks such as application launch and re-launch. The 2008 Mac Pro is clearly more efficient in these tests: the 3.2GHz model is almost twice as fast as the 2.0GHz Power Mac G5. 49.67 57.97 47.50 52.97 0 30 60 90 120 150 Mac Pro 2008 (3.2GHz) Mac Pro 2008 (2.8GHz) Mac Pro 3.0GHz (8-core Xeon) Mac Pro 3.0GHz (4-core Xeon) Power Mac G5 Quad Power Mac G5 (2.0GHz) 59.59 2 min 19 sec 2 min 02 sec 1 min 30 sec 1 min 26 1 min 21 sec 1 min 17 sec Mac Pro 3.0GHz 8-core first gen. Mac Pro 3.0GHz quad-core first gen. Mac Pro 2008 3.2GHz 8-core Mac Pro 2008 2.8GHz 8-core Power Mac G5 Quad Power Mac G5 2.0GHz Basic System Tests (Total Time) Time scale in seconds. Shorter is better. 0.0 0.5 1.0 1.5 2.0 Mac Pro 2008 (3.2GHz) Mac Pro 2008 (2.8GHz) Mac Pro 3.0GHz (8-core Xeon) Mac Pro 3.0GHz (4-core Xeon) Power Mac G5 Quad Power Mac G5 (2.0GHz) Photoshop Filter Index (Average) Time scale in seconds. Shorter is better. 1.76 1.25 0.85 0.80 0.82 0.72 Mac Pro 3.0GHz 8-core first gen. Mac Pro 3.0GHz quad-core first gen. Mac Pro 2008 3.2GHz 8-core Mac Pro 2008 2.8GHz 8-core Power Mac G5 Quad Power Mac G5 2.0GHz © Pfeiffer Consulting 2008 Mac Pro 2008: Performance and Productivity for Creative Pros 3 Methodology • This benchmark project was conducted by Pfeiffer Consulting for Apple. It analyzes the performance and productivity of the 8-core 2.8GHz and 3.2GHz Mac Pro released in early 2008, as compared with the quadcore and 8-core 3.0GHz Mac Pro released in 2006 and 2007, the 2.5GHz Power Mac G5 Quad, released in the Fall of 2005, the first-generation dual 2.0GHz Power Mac G5 introduced in 2003 and the dual 1.25GHz Power Mac G4 introduced in 2002. • Productivity benchmarks were conducted using a set of workflow and application integration measures executed with Adobe Creative Suite 3 and QuarkXPress 7.3.1. • Benchmarks were conducted on standard hardware configurations. All computers were equipped with 4GB of RAM. The Power Mac G4 was equipped with 2GB of RAM, the maximum amount of RAM supported by this model. • All systems were equipped with the standard hard drives shipped with the computer. All hard drives were reformatted using a single partition before testing. • All benchmarks were run on a standard, unmodified installation of Mac OS X 10.5.1 Leopard. • This benchmark analysis report presents key data from the benchmark project and focuses on the comparison of the Mac Pro with two generations of Power Mac G5. To view the complete results, including the data concerning the dual 1.25GHz Power Mac G4 introduced in 2002, as well as descriptions of the benchmark methodology, and detailed system configurations, please download the complete benchmark report from http://www.pfeifferreport.com. • For more information, please contact research@pfeifferreport.com.An Increasingly Complex Work Environment Over the years, creative workflows have become increasingly complex. Designers now have to routinely handle a variety of different media types, as assignments span a growing number of potential output channels for content and media. Even seemingly straightforward market segments such as digital imaging have reached a level of maturity that requires a set of sophisticated and diversified tools. As different media types are increasingly interconnected, the sophistication and the complexity of the workflow-reality creative professionals face in their average project has evolved dramatically. As a result, efficiency has to some extent displaced features as the main driver for tool adoption. As everyday deadline pressure increases, productivity has become a predominant concern for creative professionals around the globe. The Challenges The size of the files we create and use has grown enormously over the years, image files can easily weigh several hundred megabytes, a complete project can take several gigabyte of data. And size is not the only issue, we also have a seemingly ever-increasing number of documents we need to manage, store, open, sort and access. And all of this needs to be done as fast as possible. Major Points • Creative workflows have become extremely complex over the years: The size of the files that are commonly used has grown considerably, and the number of documents in the typical project has soared. This has created a number of new processing and management challenges for users. • In all workflow benchmarks conducted for this project, the 2008 Mac Pro offers clear productivity advantages over older Macintosh models. • The 3.2GHz Mac Pro offers clearly increased performance and productivity over the 2.8GHz model, and is up to 3 times faster than the 2.0GHz Power Mac G5. InDesign CS3 Workflow Benchmarks: Total Time Time scale in seconds. Shorter is better. 49.67 57.97 47.50 52.97 0 50 100 150 200 Mac Pro 2008 (3.2GHz) Mac Pro 2008 (2.8GHz) Mac Pro 3.0GHz (8-core Xeon) Mac Pro 3.0GHz (4-core Xeon) Power Mac G5 Quad Power Mac G5 (2.0GHz) 59.59 2 min 59 sec 2 min 20 sec 1 min 46 sec 1 min 41 sec 1 min 39 sec 1 min 27 sec Mac Pro 3.0GHz 8-core first gen. Mac Pro 3.0GHz quad-core first gen. Mac Pro 2008 3.2GHz 8-core Mac Pro 2008 2.8GHz 8-core Power Mac G5 Quad Power Mac G5 2.0GHz QuarkXPress 7.3.1 Workflow Benchmarks: Total Time Time scale in seconds. Shorter is better. 49.67 57.97 47.50 52.97 0 50 100 150 200 250 300 Mac Pro 2008 (3.2GHz) Mac Pro 2008 (2.8GHz) Mac Pro 3.0GHz (8-core Xeon) Mac Pro 3.0GHz (4-core Xeon) Power Mac G5 Quad Power Mac G5 (2.0GHz) 59.59 4 min 48 sec 4 min 16 sec 3 min 09 sec 3 min 08 sec 3 min 03 sec 2 min 46 sec Mac Pro 3.0GHz 8-core first gen. Mac Pro 3.0GHz quad-core first gen. Mac Pro 2008 3.2GHz 8-core Mac Pro 2008 2.8GHz 8-core Power Mac G5 Quad Power Mac G5 2.0GHz Design Workflow: InDesign CS 3 and QuarkXPress 7.3.1 Design workflow benchmarks measured a variety of common workflow steps and procedures, such as the time to execute a Photoshop round-trip between a page layout program and the imaging application. Results for these tests show the speed of the applications as well as the fluidity of the inter-application integration. Both Mac Pro models introduced in 2008 were clearly more efficient in these tests than older Macintosh computers. Tests were conducted with InDesign CS3, QuarkXPress 7.3.1, Photoshop CS3 and Illustrator CS3. Workflow Productivity For Creative Professionals © Pfeiffer Consulting 2008 4 Mac Pro 2008: Performance and Productivity for Creative ProsAbout the Workflow Benchmarks The workflow efficiency measures conducted for this benchmark project included a variety of common steps and workflow sequences frequently encountered in creative workflows. Workflow integration benchmarks covered the time necessary to perform a roundtrip between a page layout application (InDesign or QuarkXPress) and graphics applications such as Photoshop CS3 and Illustrator CS3, measuring the time necessary to switch between programs, open a file, apply a simple modification, save the changes, and switch back to update the design document. The Basic Imaging Workflow benchmark focuses on efficiency within Photoshop CS3, and measures the time necessary to open a file, resample it to a specific size, apply RGB to CMYK color conversion, perform an Unsharp Mask filter, and save the file under another name. Workflow efficiency measures include the time necessary for the operator to perform menu selection and other user interface operations required to complete the tasks. This means that workflow benchmarks cover not only program efficiency, but also measure overall fluidity of the computing environment. The Importance of Integration Integration is one of the most important aspects of workflow productivity on any computer: Most creative professionals use a variety of different tools together, rather than individually, moving back and forth between several applications. In this process, the fluidity and speed of integration is at least as important as the processing speed of one particular program. So how does the Mac Pro compare with older Macintosh models in productivity measures where the complexity of the individual task is not the predominant factor? The workflow benchmarks conducted for this project show that the 2008 Mac Pro is clearly more productive than previous Mac Pro models. For example, the 3.2GHz Mac Pro managed to complete the Basic Imaging Workflow Benchmark in just over 1 min. 5 seconds. By comparison, the 3.0GHz Mac Pro introduced in 2007 took 17% longer for the same test; the Power Mac G5 Quad, the fastest PowerPC-based Macintosh ever produced, required almost 40% longer to complete the same benchmark. (See chart below.) Rotate Canvas (300MB Multi-Layered File) Time scale in seconds. Shorter is better. 34.37 22.95 10.84 7.86 7.23 49.67 57.97 47.50 52.97 0 5 10 15 20 Mac Pro 2008 (3.2GHz) Mac Pro 2008 (2.8GHz) Mac Pro 3.0GHz (8-core Xeon) Mac Pro 3.0GHz (4-core Xeon) Power Mac G5 Quad Power Mac G5 (2.0GHz) 59.59 17.90 9.93 8.01 7.01 6.27 5.70 Mac Pro 3.0GHz 8-core first gen. Mac Pro 3.0GHz quad-core first gen. Mac Pro 2008 3.2GHz 8-core Mac Pro 2008 2.8GHz 8-core Power Mac G5 Quad Power Mac G5 2.0GHz RAW Conversion (10 x 13MP File) Time scale in seconds. Shorter is better. 34.37 22.95 10.84 7.86 7.23 49.67 57.97 47.50 52.97 0 10 20 30 40 50 60 70 80 Mac Pro 2008 (3.2GHz) Mac Pro 2008 (2.8GHz) Mac Pro 3.0GHz (8-core Xeon) Mac Pro 3.0GHz (4-core Xeon) Power Mac G5 Quad Power Mac G5 (2.0GHz) 59.59 1 min 05 sec 40.56 29.45 27.31 25.37 23.44 Mac Pro 3.0GHz 8-core first gen. Mac Pro 3.0GHz quad-core first gen. Mac Pro 2008 3.2GHz 8-core Mac Pro 2008 2.8GHz 8-core Power Mac G5 Quad Power Mac G5 2.0GHz Basic Imaging Workflow This benchmark measures the time necessary to complete a set of basic image processing operations common in design and publishing workflows. 49.67 57.97 47.50 52.97 0 20 40 60 80 100 120 Mac Pro 2008 (3.2GHz) Mac Pro 2008 (2.8GHz) Mac Pro 3.0GHz (8-core Xeon) Mac Pro 3.0GHz (4-core Xeon) Power Mac G5 Quad Power Mac G5 (2.0GHz) 59.59 1 min 42 sec 1 min 31 sec 1 min 22 sec 1 min 15 sec 1 min 13 sec 1 min 05 sec Mac Pro 3.0GHz 8-core first gen. Mac Pro 3.0GHz quad-core first gen. Mac Pro 2008 3.2GHz 8-core Mac Pro 2008 2.8GHz 8-core Power Mac G5 Quad Power Mac G5 2.0GHz Basic Imaging Workflow Benchmark (Total Time) Time scale in seconds. Shorter is better. Photoshop Expert Options Photoshop is one of the most widely used software package for creative professionals, and offers a considerable breadth of features targeting a wide variety of users. Some of these specialized options have become the backbone of specific creative workflows, and their efficiency can have a strong impact on the overall productivity. Several such actions or tasks (such as manipulating complex, multi-layered image files, or the conversion of increasingly widely used Raw files from digital cameras) were covered in this benchmark project. The charts show individual results for two of these tests. © Pfeiffer Consulting 2008 Mac Pro 2008: Performance and Productivity for Creative Pros 5Looking Beyond Processor Speed The results of this benchmark project underline a long-term trend in the personal computer industry: Performance and productivity of a hardware platform rely of course on the clock-speed of the central processors, but increasingly also on other hardware aspects such as memory bandwidth, system bus speed, L2 cache, mass storage architecture, and graphics subsystem among many others. Sophisticated operating system support for advanced hardware features such as multiple processor cores is also essential to optimize productivity. The Mac Pro introduced in early 2008 is a case in point. At 3.2GHz, the processor speed of the new high-end configuration is only slightly increased over the previous top-of-the-line model, the 3.0 GHz 8-core Mac Pro released a year earlier, yet performance and productivity are clearly and consistently superior on the newer model, as the benchmark results from this report show. In other words, improvements across the entire system architecture are delivering greater performance and capabilities to the end user. The new Mac Pro benefits from increased L2 cache (a total of 12MB, or 6MB of shared L2 cache per pair of cores), as well as the fastest Xeon architecture available, which includes 1600MHz independent frontside buses and 800MHz FB-DIMM memory, that allow significantly greater memory throughput. Plus, the 2008 Mac Pro extents the capabilities of the platform in terms of expansion capabilities as well as concerning key hardware features with advanced graphics options from both ATI and NVIDIA, up to 4TB of internal storage, and high-performance storage options with 15,000rpm SAS drives and the Mac Pro RAID card. Together, these hardware improvements contribute to make the new model an important evolution of the hardware platform over previous models, and ensure that the Mac Pro can tackle the challenges of the modern creative workflow. Major Points • Performance and productivity of a hardware platform rely increasingly on the perfect integration of a variety of different hardware aspects. • The Mac Pro introduced in early 2008 offers significantly improved memory throughput over older models. • By moving the majority of configurations to 8-core processors, the 2008 Mac Pro brings extended multiprocessing architectures to the mainstream. In addition, Mac OS X Leopard provides increased support for multiprocessing. Processing Two 2.8GHz, 3.0GHz or 3.2GHz Quad-Core Intel Xeon 5400 Series (“Harpertown”) processors or one 2.8GHz Quad-Core Intel Xeon 5400 Series processor L2 Cache: 12MB per quad-core processor (6MB shared per pair of cores) 128-bit SSE4 vector engine 64-bit data paths and registers 1600MHz, 64-bit dual independent frontside buses Memory 800MHz DDR2 ECC FB-DIMM memory 256-bit-wide memory architecture 8 FB-DIMM slots, for up to 32GB of fully buffered memory Graphics and displays Double-wide 16-lane PCI Express 2.0 slot (Supports two 30-inch Apple Cinema HD displays) Storage Four 3.5-inch hard drive bays on independent 3Gb/s Serial ATA channels Up to 4TB of internal storage Optional 15,000 RPM SAS (serial attached SCSI) drives and Mac Pro RAID card Mac Pro 2008 Hardware Highlights Evolutions of the Hardware Platform © Pfeiffer Consulting 2008 6 Mac Pro 2008: Performance and Productivity for Creative Pros iPod shuffle Manuale utenteContenuto 3 Capitolo 1:  Informazioni su iPod shuffle 3 Novità di iPod shuffle 4 Capitolo 2:  Nozioni di base di iPod shuffle 4 Panoramica di iPod shuffle 5 Utilizzare i controlli di iPod shuffle 5 Collegare e scollegare iPod shuffle 7 Informazioni sulla batteria di iPod shuffle 9 Capitolo 3:  Configurazione di iPod shuffle 9 Informazioni su iTunes 10 Configurare la libreria di iTunes 11 Organizzare la musica 11 Collegare iPod shuffle a un computer per la prima volta 12 Aggiungere musica a iPod shuffle 17 Capitolo 4:  Ascoltare musica 17 Riprodurre musica 18 Utilizzare VoiceOver 20 Impostare le tracce per la riproduzione allo stesso livello di volume 21 Impostare un limite di volume 21 Bloccare e sbloccare i pulsanti di iPod shuffle 22 Capitolo 5:  Archiviare file su iPod shuffle 22 Utilizzare iPod shuffle come disco esterno 24 Capitolo 6:  Suggerimenti e risoluzione dei problemi 26 Aggiornare e ripristinare il software di iPod shuffle 28 Capitolo 7:  Sicurezza e pulizia 28 Informazioni di sicurezza importanti 29 Informazioni importanti per un corretto utilizzo 31 Capitolo 8:  Altre informazioni, servizi e supporto 32 Informazioni sulla conformità alle normative     21 3 Congratulazioni per aver acquistato iPod shuffle. ATTENZIONE: Per evitare lesioni, leggi Capitolo 7, Sicurezza e pulizia, a pagina 28 prima di utilizzare iPod shuffle. Per utilizzare iPod shuffle, trasferisci brani e altri file audio sul computer, quindi sincronizzali con iPod shuffle. Utilizza iPod shuffle per: • Sincronizzare brani e playlist da ascoltare in viaggio. • Ascoltare podcast, programmi in stile radiofonico scaricabili, disponibili su Internet. • Ascoltare audiolibri acquistati su iTunes Store o su audible.com • Archiviare o effettuare una copia di backup di file e altri dati usando iPod shuffle come disco esterno. Novità di iPod shuffle • Tasto VoiceOver che pronuncia i titoli delle tracce e i nomi degli artisti, ti consente di cambiare playlist e ti informa sullo stato della batteria • Controlli semplici e intuitivi • Supporto per la sincronizzazione dei mix Genius • Supporto per la sincronizzazione di raccolte iTunes U Informazioni su iPod shuffle2 4 Leggi le informazioni riportate in questo capitolo per maggiori informazioni sulle funzionalità di iPod shuffle, per imparare a usare i controlli e altro ancora. Il pacchetto di iPod shuffle include iPod shuffle, gli auricolari Apple e un cavo USB 2.0 per collegare iPod shuffle al computer. Panoramica di iPod shuffle Luce di stato Porta auricolari Precedente/Riavvolgi Riproduci/Metti in pausa Volume giù Pulsante VoiceOver Interruttore a tre vie Volume su Clip Successivo/Vai avanti velocemente Per utilizzare gli auricolari Apple: m Collega gli auricolari alla porta auricolari di iPod shuffle. Quindi, posiziona gli auricolari nelle orecchie come mostrato in figura. Il cavo auricolari è regolabile. ATTENZIONE: Prima di usare Informazioni di sicurezza importanti a pagina 28, leggi tutte le informazioni di sicurezza in iPod shuffle per evitare danni all'udito. Puoi acquistare altri accessori, come gli auricolari Apple con telecomando e microfono e gli auricolari Apple In-Ear con telecomando e microfono, sul sito www.apple.com/it/ipodstore. La funzionalità microfono non è supportata da iPod shuffle. Nozioni di base di iPod shuffleCapitolo  2    Nozioni di base di iPod shuffle 5 Utilizzare i controlli di iPod shuffle I controlli anteriori, il tasto di VoiceOver e l'interruttore a tre posizioni rendono semplice la riproduzione di brani, audiolibri, podcast audio e raccolte di iTunes U su iPod shuffle. Per Esegui questa operazione Accendere o spegnere iPod shuffle Fai scorrere l'interruttore a tre posizioni (un'ombreggiatura verde sull'interruttore indica che iPod shuffle è acceso). Riprodurre o mettere in pausa Premi Play/Pausa (’). Ridurre o aumentare il volume Premi Volume su (∂) o Volume giù (D). Tieni premuti i tasti per aumentare o diminuire rapidamente il volume. Impostare l'ordine di riproduzione Fai scorrere l'interruttore a tre posizioni per riprodurre in ordine (⁄) o riprodurre in ordine casuale (¡). Passare alla traccia successiva Premi Successivo/Avanza velocemente (‘). Passare alla traccia precedente Premi Precedente/Riavvolgi (]) entro sei secondi dall'inizio della traccia. Dopo 6 secondi, premendo Precedente/Riavvolgi (]) la traccia attuale ricomincia. Avanti velocemente Tieni premuto Successivo/Avanza velocemente (‘). Riavvolgere Tieni premuto Precedente/Riavvolgi (]). Sentire il nome dell'artista e il titolo della traccia Premi il tasto di VoiceOver ( ). Sentire un menu delle playlist fra cui scegliere Tieni premuto il tasto di VoiceOver ( ). Premi Successivo/Avanza velocemente (‘) o Precedente/ Riavvolgi (]) per spostarti attraverso il menu delle playlist. Premi il tasto VoiceOver ( ) o Play/Pausa (’) per selezionare una playlist. Tieni premuto di nuovo il tasto di VoiceOver ( ) per uscire senza selezionare nulla. Bloccare i pulsanti di iPod shuffle (per evitare che si attivino se li premi accidentalmente) Tieni premuto Play/Pausa (’) fino a quando la spia di stato non lampeggia tre volte in arancione. Ripeti per sbloccare i pulsanti. Reimpostare iPod shuffle (se iPod shuffle non risponde o la spia di stato è di colore rosso fisso) Spegni iPod shuffle, attendi 10 secondi, quindi riaccendilo. Trovare il numero di serie di iPod shuffle Cerca sotto il clip di iPod shuffle. Oppure in iTunes (con iPod shuffle collegato al computer), seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Riepilogo. Collegare e scollegare iPod shuffle Collega iPod shuffle al computer per sincronizzare brani e altri file audio e per caricare la batteria. Quando hai terminato, scollega iPod shuffle. Importante: Per collegare iPod shuffle al computer, usa soltanto il cavo USB 2.0 fornito con iPod shuffle.Capitolo  2    Nozioni di base di iPod shuffle 6 Collegare iPod shuffle Per collegare iPod shuffle al computer: m Inserisci un'estremità del cavo USB incluso nella porta degli auricolari di iPod shuffle e l'altra estremità in una porta USB 2.0 ad alta potenza del computer. Nota: Non collegare iPod shuffle ad una delle porte USB della tastiera per la caricarlo. Un cavo USB più lungo è in vendita separatamente su www.apple.com/it/ipodstore. La prima volta che colleghi iPod shuffle al computer, iTunes ti aiuta a configurare e a sincronizzare iPod shuffle con la libreria iTunes. Di default, iTunes sincronizza automaticamente i brani su iPod shuffle quando lo colleghi al computer. Puoi sincronizzare i brani mentre la batteria è in carica. Se colleghi iPod shuffle a un altro computer e iPod shuffle è impostato per la sincronizzazione automatica della musica, iTunes ti avviserà prima di effettuare la sincronizzazione. Se fai clic su Sì, i brani e gli altri file audio presenti su iPod shuffle verranno cancellati e sostituiti con i brani e i file audio presenti sul computer al quale iPod shuffle è stato collegato. Per informazioni su come aggiungere musica a iPod shuffle o su come utilizzare iPod shuffle con più computer, consulta Capitolo 4, Ascoltare musica, a pagina 17. Scollegare iPod shuffle È importante non scollegare iPod shuffle dal computer mentre stai caricando file audio o quando usi iPod shuffle come disco esterno. È possibile scollegare iPod shuffle quando l'indicatore luminoso di stato non lampeggia in arancione o quando visualizzato il messaggio “OK per scollegare” nella parte superiore della finestra di iTunes. Importante: Se vedi il messaggio “Non scollegare” in iTunes o se l'indicatore luminoso di stato di iPod shuffle lampeggia in arancione, devi espellere iPod shuffle prima di scollegarlo. In caso contrario, potresti danneggiare i file presenti su iPod shuffle e sarà necessario ripristinare iPod shuffle in iTunes. Per informazioni sul ripristino, consulta Aggiornare e ripristinare il software di iPod shuffle a pagina 26. Se abiliti iPod shuffle per l'uso come disco (consulta Utilizzare iPod shuffle come disco esterno a pagina 22), devi sempre espellere iPod shuffle prima di scollegarlo. Per espellere iPod shuffle: m In iTunes, fai clic sul pulsante Espelli (C) accanto a iPod shuffle nell'elenco dei dispositivi. Se utilizzi un computer Mac, puoi anche espellere  iPod shuffle trascinando l'icona di iPod shuffle dalla scrivania sul Cestino. Se utilizzi un PC Windows, puoi anche espellere  iPod shuffle in Risorse del computer o facendo clic sull'icona di rimozione sicura dell'hardware, nella barra di sistema di Windows, e selezionando iPod shuffle.Capitolo  2    Nozioni di base di iPod shuffle 7 Per scollegare iPod shuffle: m Scollega il cavo USB da iPod shuffle e dal computer. Informazioni sulla batteria di iPod shuffle iPod shuffle dispone di una batteria ricaricabile che deve essere sostituita soltanto da un fornitore di servizi Apple autorizzato. Per ottimizzare la durata della batteria, la prima volta che utilizzi iPod shuffle, ricarica completamente la batteria per circa tre ore. La batteria si carica all'80 percento in circa due ore e si carica completamente in circa tre ore. Se non utilizzi iPod shuffle per qualche tempo, potresti dover ricaricare la batteria. Mentre la batteria è in carica, puoi continuare a sincronizzare la musica. Puoi scollegare e utilizzare iPod shuffle anche prima che l'operazione di ricarica sia completata. Ricaricare la batteria di iPod shuffle Puoi caricare la batteria di iPod shuffle in due modi: • Collega iPod shuffle al computer. • Usa l'adattatore di alimentazione USB di Apple, in vendita separatamente. Per caricare la batteria utilizzando il computer: m Collega iPod shuffle a una porta USB 2.0 ad alta potenza sul computer utilizzando il cavo USB fornito con iPod shuffle. Il computer dev'essere acceso e non in stop (alcuni modelli di Mac possono caricare iPod shuffle anche durante lo stop). Quando la batteria è in carica, l'indicatore luminoso di stato di iPod shuffle è arancione fisso. Quando la batteria è interamente carica, la spia di stato è verde. In iTunes, l'icona della batteria accanto al nome di iPod shuffle mostra lo stato della batteria. L'icona mostra un fulmine quando la batteria è in carica e una spina quando la batteria è completamente carica. Se iPod shuffle è stato usato come disco esterno o se è in esecuzione la sincronizzazione con iTunes, l'indicatore luminoso di stato lampeggia in arancione per informarti che devi espellere iPod shuffle prima di scollegarlo. In questo caso, la batteria potrebbe esser in carica o completamente carica. Se non vedi l'indicatore luminoso di stato, iPod shuffle potrebbe non essere collegato a una porta USB 2.0 ad alta potenza. Prova con un'altra porta USB 2.0 del computer. Per caricare la batteria se non disponi di un computer, puoi collegare iPod shuffle a un adattatore di alimentazione USB di Apple, in vendita separatamente. Per acquistare gli accessori di iPod shuffle, vai all'indirizzo www.apple.com/it/ipodstore. Per caricare la batteria utilizzando l'adattatore di alimentazione USB di Apple: 1 Collega un'estremità del cavo USB fornito con iPod shuffle all'alimentatore di corrente e inserisci l'altra estremità in iPod shuffle.Capitolo  2    Nozioni di base di iPod shuffle 8 2 Collega l'alimentatore di corrente ad una presa elettrica funzionante. Adattatore di alimentazione USB di Apple (l’adattatore potrebbe sembrare diverso) Cavo USB iPod shuffle ATTENZIONE: Accertati che l'alimentatore di corrente sia completamente assemblato prima di inserirlo in una presa di corrente. Prima dell'uso, leggi tutte le informazioni di sicurezza sull'utilizzo dell'adattatore di alimentazione USB di Apple in Capitolo 7, Sicurezza e pulizia, a pagina 28. Le batterie ricaricabili hanno un numero limitato di cicli di carica. L'autonomia della batteria e il numero di cicli di carica variano in base all'uso e alle impostazioni. Per informazioni, consulta il sito web www.apple.com/it/batteries. Controllare lo stato della batteria Puoi controllare lo stato della batteria di iPod shuffle quando è collegato o scollegato dal computer. L'indicatore luminoso di stato fornisce informazioni sulla carica restante nella batteria. Se iPod shuffle è acceso e non collegato a un computer, puoi utilizzare VoiceOver per sentire lo stato della batteria premendo il tasto di VoiceOver due volte. Indicatore luminoso di stato quando non collegato Messaggio VoiceOver Verde fisso Carica sufficiente “Batteria carica” o “Batteria al 75%” o “Batteria al 50%” Arancione fisso Carica bassa “Batteria al 25%” Rosso fisso Carica molto bassa “Batteria in esaurimento” Indicatore luminoso di stato quando collegato al computer Verde fisso Interamente carica Arancione fisso In carica Arancione lampeggiante Non scollegare (iTunes è in fase di sincronizzazione o iPod shuffle è abilitato per l'uso come disco); può essere in carica o completamente carico3 9 Utilizza iTunes sul computer per configurare iPod shuffle per riprodurre e altro contenuto audio. Quindi, collega iPod shuffle al computer e sincronizzalo con la libreria di iTunes. Continua la lettura per ottenere ulteriori informazioni sull'utilizzo di iPod shuffle, tra cui: • Ottenere musica dalla propria collezione di CD, dal disco rigido o da iTunes Store (parte di iTunes e disponibile solamente in alcuni paesi) all'applicazione iTunes sul computer. • Organizzare i tuoi brani e altri file audio in playlist. • Sincronizzare brani, audiolibri, podcast e raccolte iTunes U nella libreria iTunes con iPod shuffle • Riprodurre musica o ascoltare altri file audio quando si è in giro. Informazioni su iTunes iTunes è l'applicazione gratuita da utilizzare per configurare, organizzare e gestire i contenuti su iPod shuffle. iTunes sincronizza musica, audiolibri e podcast audio con iPod shuffle. Se non hai ancora installato iTunes 10.7 o successivo (richiesto per iPod shuffle) sul computer, puoi scaricarlo da www.itunes.com/it/download. Dopo averlo installato, iTunes si apre automaticamente quando colleghi iPod shuffle al computer. Puoi utilizzare iTunes per importare la musica dai CD e da Internet, acquistare brani e altro contenuto audio da iTunes Store, creare delle raccolte personali dei tuoi brani preferiti (chiamate playlist), sincronizzare iPod shuffle e regolarne le impostazioni. iTunes dispone inoltre di una funzione denominata Genius, che crea playlist e mix all'istante dai brani della tua libreria di iTunes che stanno bene insieme. Puoi sincronizzare i mix e le playlist Genius da iTunes su iPod shuffle. Per utilizzare Genius, ti occorre un account iTunes. Per sapere come configurare Genius, consulta Utilizzare Genius in iTunes a pagina 11. iTunes possiede inoltre molte altre funzioni. Puoi masterizzare i tuoi CD da riprodurre in lettori CD standard (se il computer dispone di un'unità di masterizzazione di CD); ascoltare radio Internet in streaming; assistere a video e spettacoli televisivi; valutare i brani in base alle proprie preferenze; e altro ancora. Per informazioni sull'utilizzo di queste funzionalità, apri iTunes e scegli Aiuto > Aiuto iTunes. Se disponi già di iTunes 10.7 o successivo sul computer e hai configurato la tua libreria di iTunes, puoi passare alla sequenza seguente, Collegare iPod shuffle a un computer per la prima volta a pagina 11. Configurazione di iPod shuffleCapitolo  3    Configurazione di iPod shuffle 10 Configurare la libreria di iTunes Per poter ascoltare musica su iPod shuffle, devi prima importarla nella libreria iTunes del computer. Le modalità per importare musica e altri componenti audio nella libreria iTunes sono tre: • Acquistare musica e audiolibri o scaricare podcast in linea da iTunes Store. • Importare musica e altri elementi audio da CD audio. • Aggiungere la musica e altro audio già presente sul computer alla libreria di iTunes. Acquistare brani e scaricare podcast utilizzando iTunes Store Se disponi di una connessione a Internet, puoi facilmente acquistare e scaricare brani, album e audiolibri utilizzando iTunes Store (disponibile in paesi selezionati). Puoi iscriverti a podcast audio e scaricarli; inoltre, puoi scaricare gratuitamente contenuti educativi da iTunes U. I podcast video non possono essere sincronizzati su iPod shuffle. Per acquistare musica in linea utilizzando iTunes Store, devi creare un account iTunes gratuito in iTunes, cercare i brani desiderati e poi acquistarli. Se disponi già di un account iTunes, puoi utilizzarlo per accedere a iTunes Store e acquistare brani. Non devi disporre di un account iTunes Store per riprodurre o scaricare podcast o lezioni di iTunes U. Per accedere a iTunes Store, apri iTunes e fai clic su iTunes Store (sotto Store) sul lato sinistro della finestra di iTunes. Aggiungere brani già presenti sul computer alla libreria di iTunes Se sul computer sono presenti dei brani codificati con formati supportati da iTunes, puoi facilmente aggiungere i brani a iTunes. Per scoprire come passare i brani dal computer a iTunes, apri iTunes e scegli Aiuto > Aiuto iTunes. Utilizzando iTunes per Windows, puoi convertire i file WMA non protetti in formato AAC o MP3. Questo può essere utile se disponi di una libreria di musica codificata in formato WMA. Per ulteriori informazioni, apri iTunes e scegli Aiuto > Aiuto iTunes. Importare musica da CD audio in iTunes iTunes è in grado di importare musica e altri elementi audio da CD audio. Se disponi di una connessione Internet, iTunes acquisisce i nomi dei brani del CD da Internet (se disponibili) e li visualizza nella finestra. Quando aggiungi dei brani a iPod shuffle, vengono incluse le informazioni sul brano. Per scoprire come importare i brani dai CD audio in iTunes, apri iTunes e scegli Aiuto > Aiuto iTunes.Capitolo  3    Configurazione di iPod shuffle 11 Inserire i nomi dei brani e altre informazioni Se non disponi di una connessione a Internet, se le informazioni del brano non sono disponibili per la musica che importi o se desideri includerne altre (come il nome del compositore), puoi inserirle manualmente. Per scoprire come inserire le informazioni relative a un brano, apri iTunes e scegli Aiuto > Aiuto iTunes. Organizzare la musica In iTunes, puoi organizzare i brani ed altri elementi in elenchi, chiamati playlist, nel modo che preferisci. Ad esempio, puoi creare una playlist con brani da ascoltare mentre svolgi attività fisica o sei in particolari stati d'animo. Puoi anche creare playlist speciali che si aggiornano automaticamente in base alle regole che hai scelto. Quando aggiungi dei brani a iTunes che soddisfano le regole, essi vengono automaticamente aggiunti alla playlist speciale. Puoi attivare Genius in iTunes e creare delle playlist di brani che stanno bene insieme sulla base del brano da te selezionato. Inoltre, Genius è in grado di organizzare automaticamente la tua libreria di iTunes ordinando e raggruppando i brani in raccolte chiamate “mix Genius”. Puoi creare tutte le playlist desiderate utilizzando qualsiasi brano della libreria di iTunes. Non puoi creare una playlist su iPod shuffle quando è scollegato da iTunes. Se aggiungi un brano a una playlist e poi lo rimuovi dalla playlist, non viene eliminato dalla libreria di iTunes. Quando ascolti le playlist su iPod shuffle, tutte le playlist create in iTunes hanno lo stesso comportamento. Puoi sceglierle per nome su iPod shuffle. Per scoprire come configurare le playlist in iTunes, apri iTunes e scegli Aiuto > Aiuto iTunes. Utilizzare Genius in iTunes Genius trova i brani della tua libreria di iTunes che stanno bene insieme e li utilizza per creare playlist e mix Genius. Genius è un servizio gratuito, ma per utilizzarlo ti occorre un account iTunes Store. Se non disponi di un account, puoi configurarne uno quando attivi Genius. Una playlist Genius si basa sul brano da te selezionato. iTunes crea quindi una playlist Genius a partire da brani che stanno bene con quello che hai selezionato. I mix Genius sono delle raccolte preselezionate di brani che stanno bene insieme. Vengono create per te da iTunes, utilizzando i brani della libreria di iTunes. Ogni mix Genius viene progettato per offrire diverse possibilità di ascolto ad ogni riproduzione: iTunes crea fino a 12 mix Genius, a seconda della varietà di musica presente nella tua libreria di iTunes. Per creare delle playlist e dei mix Genius, devi prima attivare Genius in iTunes. Per informazioni, apri iTunes e scegli Aiuto > Aiuto iTunes. Le playlist e i mix Genius creati in iTunes possono esser sincronizzate su iPod shuffle come qualsiasi altra playlist di iTunes. Non puoi aggiungere i mix Genius su iPod shuffle manualmente. Collegare iPod shuffle a un computer per la prima volta La prima volta che colleghi iPod shuffle al computer dopo aver installato iTunes, l'applicazione di apre e viene visualizzato l'assistente di configurazione. Se iTunes non si apre automaticamente, eseguilo.Capitolo  3    Configurazione di iPod shuffle 12 Per utilizzare l'assistente di configurazione di iPod shuffle: 1 Inserisci un nome per iPod shuffle. Sarà il nome con coi il dispositivo verrà visualizzato nell'elenco dei dispositivi nella parte sinistra della finestra di iTunes. 2 Seleziona le impostazioni. La sincronizzazione automatica è selezionata di default. Se la mantieni selezionata e Genius è attivato, iTunes sincronizza i mix Genius dalla tua libreria di iTunes su iPod shuffle. Se Genius non è attivato, iTunes riempie iPod shuffle con brani della tua libreria di iTunes e li raccoglie nella playlist “Tutti i brani”. Per ulteriori informazioni sulla sincronizzazione manuale e automatica, consulta il paragrafo seguente. Anche VoiceOver è abilitato di default. Mantienilo abilitato per sentire i titoli delle tracce e i nomi degli artisti, cambiare playlist e conoscere lo stato della batteria mentre ascolti iPod shuffle. Per ulteriori informazioni, consulta Utilizzare VoiceOver a pagina 18. 3 Fai clic su Fine. Puoi modificare il nome del dispositivo e le impostazioni ogni volta che colleghi iPod shuffle al computer. Dopo che hai fatto clic su Fine, viene visualizzato il pannello Riepilogo. Se hai selezionato la sincronizzazione automatica, iPod shuffle avvia la sincronizzazione. Aggiungere musica a iPod shuffle Dopo aver importato e organizzato la musica in iTunes, puoi aggiungerla facilmente a iPod shuffle. Per gestire il modo in cui i brani e altro contenuto audio vengono aggiunti a iPod shuffle dal computer, collega iPod shuffle al computer, quindi utilizza le preferenze di iTunes per scegliere le opzioni di iPod shuffle. Aggiungere contenuto manualmente o automaticamente Puoi configurare iTunes per aggiungere musica a iPod shuffle in due modi: • Sincronizzazione automatica:  quando colleghi iPod shuffle al computer, iPod shuffle viene aggiornato automaticamente perché i brani e gli altri elementi in esso contenuti coincidano con quelli della tua libreria di iTunes. Se Genius è attivato ed è la prima volta che sincronizzi iPod shuffle, iTunes utilizza fino a quattro mix Genius creati dalla tua libreria di iTunes per riempire iPod shuffle. Se rimane dello spazio libero, iTunes sincronizza dei brani aggiuntivi dalla libreria di iTunes. Se Genius non è attivato, iTunes sincronizza i brani e le playlist della tua libreria di iTunes per riempire iPod shuffle. In seguito, puoi modificare le opzioni di sincronizzazione automatica per includere playlist, artisti, album e generi selezionati. Puoi sincronizzare manualmente anche altri contenuti audio, compresi podcast, audiolibri e raccolte di iTunes U. Per ulteriori informazioni, consulta il paragrafo successivo.Capitolo  3    Configurazione di iPod shuffle 13 • Gestione manuale della musica:  quando colleghi iPod shuffle, puoi trascinare singoli brani e playlist sul dispositivo ed eliminare singoli brani e playlist da iPod shuffle. Questa opzione ti consente di aggiungere brani da più computer, senza eliminarne nessuno da iPod shuffle. Quando gestiscila musica manualmente, devi sempre espellere iPod shuffle da iTunes prima di scollegarlo. Consulta Gestire iPod shuffle manualmente a pagina 15. Sincronizzare automaticamente la musica Di default, iPod shuffle è impostato per la sincronizzazione automatica di tutti i brani e le playlist quando lo colleghi al computer. È il modo più semplice di aggiungere contenuti audio a iPod shuffle: colleghi semplicemente iPod shuffle al computer, lasci che su di esso vengano aggiunti automaticamente brani, audiolibri, podcast audio e raccolte iTunes U, lo scolleghi ed è pronto per l'uso. Se dall'ultima volta che hai collegato iPod shuffle sono stati aggiunti brani a iTunes, i brani vengono sincronizzati con iPod shuffle a seconda dello spazio disponibile. Se hai eliminato brani da iTunes, i brani vengono rimossi anche da iPod shuffle. Per sincronizzare musica con iPod shuffle: m È sufficiente collegare iPod shuffle al computer. Se iPod shuffle è impostato per la sincronizzazione automatica, l'aggiornamento si avvia immediatamente. Importante: Se colleghi iPod shuffle a un computer con cui non è sincronizzato, visualizzi un messaggio in cui ti viene chiesto se desideri sincronizzare i brani automaticamente. Se accetti, tutti i brani e i contenuti audio vengono cancellati da iPod shuffle e sostituiti con quelli presenti sul computer a cui è collegato il dispositivo. Se non accetti, puoi comunque aggiungere manualmente i brani a iPod shuffle senza cancellare quelli già presenti su iPod shuffle. Durante la sincronizzazione della musica dal computer a iPod shuffle, la finestra di stato di iTunes mostra il progredire dell'operazione e viene visualizzata un'icona di sincronizzazione accanto a iPod shuffle nell'elenco dei dispositivi. Al termine dell'aggiornamento, in iTunes visualizzerai un messaggio che ti informa che la sincronizzazione di iPod è terminata. Nella parte inferiore della finestra di iTunes viene visualizzata una barra che ti mostra la quantità di spazio utilizzata per i diversi tipi di contenuto. Se durante la configurazione di iPod shuffle non hai scelto di sincronizzare automaticamente la musica, puoi farlo in seguito. Se iPod shuffle non dispone di spazio libero sufficiente per tutta la tua musica, puoi impostare iTunes perché sincronizzi solo playlist, artisti, album e generi selezionati. Per impostare iTunes per la sincronizzazione di playlist, artisti, album e generi selezionati su iPod shuffle: 1 Collega iPod shuffle al computer. 2 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Riepilogo. 3 Seleziona “Sincronizza musica”, quindi scegli “Playlist, artisti, album e generi selezionati”. 4 Seleziona le playlist, gli artisti, gli album e i generi che desideri. 5 Per impostare iTunes perché riempia automaticamente lo spazio rimanente su iPod shuffle, seleziona “Riempi automaticamente con brani lo spazio libero”. Se hai dei mix Genius, iTunes li utilizza per primi per riempire lo spazio. Se non c'è spazio per un altro mix Genius, iTunes riempie lo spazio rimanente su iPod shuffle con altri brani. 6 Fai clic su Applica. L'aggiornamento inizia automaticamente. Se selezioni l'opzione “Sincronizza solo i brani contrassegnati” nel pannello Musica, iTunes sincronizza soltanto gli elementi selezionati.Capitolo  3    Configurazione di iPod shuffle 14 Sincronizzare mix Genius su iPod shuffle Puoi impostare iTunes perché sincronizzi i mix Genius su iPod shuffle. I mix Genius possono essere sincronizzati solo automaticamente, quindi non puoi aggiungerli a iPod shuffle se gestisci i contenuti manualmente. Se i mix Genius non riempiono lo spazio disponibile e selezioni l'opzione “Riempi automaticamente con brani lo spazio libero”, iTunes seleziona e sincronizza brani aggiuntivi dalla tua libreria di iTunes. Per impostare iTunes perché sincronizzi i mix Genius su iPod shuffle: 1 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Riepilogo. 2 Seleziona “Sincronizza musica”, quindi scegli “Playlist, artisti, album e generi selezionati”. 3 Sotto Playlist, seleziona i mix Genius desiderati, 4 Fai clic su Applica. Se hai selezionato l'opzione “Sincronizza solo i brani contrassegnati” nel pannello Riepilogo, iTunes sincronizza soltanto gli elementi selezionati. Sincronizzare i podcast automaticamente Le impostazioni per aggiungere podcast a iPod shuffle non sono correlate alle impostazioni per aggiungere brani. Le impostazioni dei podcast non influiscono sulle impostazioni dei brani e viceversa. Puoi impostare iTunes per sincronizzare automaticamente tutti i podcast o i podcast selezionati oppure puoi aggiungere manualmente podcast a iPod shuffle. Per impostare iTunes in modo da aggiornare automaticamente i podcast su iPod shuffle: 1 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Podcast. 2 Nel pannello Podcast, seleziona “Sincronizza podcast”. 3 Seleziona le puntate dei podcast e le playlist desiderati, quindi imposta le opzioni di sincronizzazione. 4 Fai clic su Applica. Quando imposti iTunes per la sincronizzazione automatica dei podcast, iPod shuffle viene aggiornato ogni volta che lo colleghi al computer. Se hai selezionato l'opzione “Sincronizza solo i brani contrassegnati” nel pannello Riepilogo, iTunes sincronizza soltanto gli elementi selezionati. Aggiungere raccolte iTunes U a iPod shuffle iTunes U è una parte di iTunes Store dove sono a disposizione conferenze, lezioni di lingua, audiolibri e altro ancora, che puoi scaricare gratuitamente e sincronizzare su iPod shuffle. Le impostazioni per aggiungere raccolte iTunes U a iPod shuffle non sono correlate alle impostazioni per aggiungere altri contenuti e viceversa. Puoi impostare iTunes per sincronizzare automaticamente tutte le raccolte iTunes U oppure puoi aggiungerle manualmente a iPod shuffle. Per impostare iTunes perché sincronizzi automaticamente i contenuti di iTunes U: 1 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello iTunes U. 2 Nel pannello iTunes U, seleziona “Sincronizza iTunes U”. 3 Seleziona le raccolte e gli elementi desiderati, quindi imposta le opzioni di sincronizzazione. 4 Fai clic su Applica.Capitolo  3    Configurazione di iPod shuffle 15 Quando imposti iTunes per la sincronizzazione automatica dei podcast, iPod shuffle viene aggiornato ogni volta che lo colleghi al computer. Se hai selezionato l'opzione “Sincronizza solo i brani contrassegnati” nel pannello Riepilogo, iTunes sincronizza soltanto gli elementi selezionati. Aggiungere audiolibri a iPod shuffle Puoi acquistare e scaricare audiolibri da iTunes Store o da audible.com, oppure importarli da CD e ascoltarli su iPod shuffle. Utilizzare iTunes per aggiungere audiolibri a iPod shuffle Se sincronizzi iPod shuffle automaticamente, ogni audiolibro presente nella tua libreria di iTunes viene sincronizzato come una playlist a parte, che puoi selezionare utilizzando VoiceOver. Se gestisci manualmente il contenuto di iPod shuffle, puoi aggiungere un audiolibro alla volta. Per sincronizzare audiolibri con iPod shuffle: 1 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Libri. 2 Seleziona “Sincronizza audiolibri”, quindi procedi in uno dei seguenti modi: • Seleziona “Tutti gli audiolibri”. • Seleziona “Audiolibri selezionati”, quindi specifica quelli desiderati. 3 Fai clic su Applica. L'aggiornamento inizia automaticamente. Gestire iPod shuffle manualmente Puoi gestire iPod shuffle manualmente, puoi aggiungere o rimuovere singoli brani, playlist, podcast e audiolibri. Puoi aggiungere musica e altro contenuto audio da più computer a iPod shuffle senza cancellare i contenuti già presenti su iPod shuffle. Se lo gestisci manualmente, su iPod shuffle puoi aggiungere le playlist Genius, ma non i mix Genius. Impostando iPod shuffle per la gestione manuale della musica, vengono disattivate le opzioni di sincronizzazione automatica dei pannelli Musica, Podcast e iTunes U in iTunes. Non puoi gestire manualmente alcuni contenute e sincronizzarne altri automaticamente allo stesso tempo. Se imposti iTunes per la gestione manuale del contenuto, puoi reimpostarlo successivamente per la sincronizzazione automatica. Per gestire manualmente i contenuti audio di iPod shuffle: 1 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Riepilogo. 2 Nella sezione Opzioni, seleziona “Gestisci manualmente la musica”. 3 Fai clic su Applica. Quando gestisci iPod shuffle manualmente, devi sempre espellere iPod shuffle da iTunes prima di scollegarlo. Per aggiungere un brano o un altro elemento a iPod shuffle: 1 In iTunes, fai clic su Musica o su un altro elemento nell'elenco Libreria. 2 Trascina un brano o un altro elemento su iPod shuffle nell'elenco dei dispositivi. Puoi trascinare anche intere playlist per sincronizzarle con iPod shuffle, oppure selezionare più elementi e trascinarli tutti insieme su iPod shuffle.Capitolo  3    Configurazione di iPod shuffle 16 Per rimuovere un brano o un altro elemento da iPod shuffle: 1 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi. 2 Seleziona Musica, Audiolibri o Podcast sotto iPod shuffle. 3 Seleziona un brano o un altro elemento e premi il tasto Elimina o Cancella della tastiera. Se rimuovi manualmente un brano o un altro elemento da iPod shuffle, non viene eliminato dalla libreria di iTunes. Per utilizzare iTunes per la creazione di una nuova playlist su iPod shuffle: 1 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi, quindi fai clic sul pulsante Aggiungi (∂) oppure scegli File > Nuova playlist. 2 Inserisci un nome per la playlist. 3 Fai clic su Musica o su un altro elemento nell'elenco Libreria, quindi trascina i brani o altri elementi nella playlist. Se apporti modifiche a una delle playlist di iTunes, ricorda di trascinare la playlist modificata su iPod shuffle quando è collegato a iTunes. Per aggiungere brani o rimuoverli da una playlist su iPod shuffle: m Trascina un brano su una playlist in iPod shuffle per aggiungere il brano. Seleziona un brano di una playlist e premi il tasto Cancella sulla tastiera per eliminarlo. Per impostare iTunes perché sincronizzi automaticamente la musica e altri contenuti audio: 1 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Riepilogo. 2 Deseleziona “Gestisci manualmente la musica”. 3 Fai clic su Applica. L'aggiornamento inizia automaticamente. Trasferire più brani su iPod shuffle Se la libreria di iTunes contiene brani in un formato con una frequenza di bit superiore, come iTunes Plus, Apple Lossless o WAV, puoi fare in modo che iTunes li converta automaticamente in file AAC da 128 kbps durante la sincronizzazione con iPod shuffle. Questa operazione non influisce sulla qualità o sulle dimensioni dei brani archiviati in iTunes. Per convertire i brani con frequenze di bit superiori in formato AAC: 1 Collega iPod shuffle al computer. 2 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi. 3 Fai clic sulla linguetta Riepilogo. 4 Seleziona Converti i brani con bit rate più alto ad ACC a 128 kbps. 5 Fai clic su Applica. Nota: I brani nei formati non supportati da iPod shuffle devonoessere convertiti se vuoi sincronizzarli con iPod shuffle. Per ulteriori informazioni sui formati supportati da iPod shuffle, consulta Se non puoi sincronizzare un brano o un altro elemento su iPod shuffle a pagina 25.4 17 Leggi questo capitolo per informazioni su come ascoltare iPod shuffle in giro. Quando scolleghi iPod shuffle dal computer, puoi portarlo addosso utilizzando l'apposito clip e ascoltare musica, audiolibri, podcast e contenuti di iTunes U. VoiceOver pronuncia il nome della traccia (brano o capitolo di un audiolibro o podcast) in riproduzione, lo stato della batteria o ti consente di scegliere un'altra playlist. Riprodurre musica Dopo aver effettuato la sincronizzazione di iPod shuffle con la musica e i file audio, puoi ascoltarli. ATTENZIONE: Prima di utilizzare iPod shuffle, leggi tutte le istruzioni sulla sicurezza, con speciale attenzione al paragrafo sui danni all'udito, in Capitolo 7, Sicurezza e pulizia, a pagina 28. Per ascoltare i brani e gli altri elementi su iPod shuffle: 1 Inserisci gli auricolari in iPod shuffle e posizionali nelle orecchie come indicato. 2 Fai scorrere l'interruttore a tre posizioni di iPod shuffle dalla posizione OFF a quella della riproduzione in ordine (⁄) o riproduzione in ordine casuale (¡). La riproduzione inizia. Per aumentare la durata della batteria quando non usi iPod shuffle, fai scorrere l'interruttore a tre posizioni su OFF. Per Esegui questa operazione Riprodurre o mettere in pausa Premi Play/Pausa (’). Ridurre o aumentare il volume Premi Volume su (∂) o Volume giù (D). Sentirai un tono se cambi il volume mentre iPod shuffle è in pausa. Passare alla traccia successiva Premi Successivo/Avanza velocemente (‘). Passare alla traccia precedente Premi Precedente/Riavvolgi (]) entro sei secondi dall'inizio della traccia. Dopo 6 secondi, premendo Precedente/Riavvolgi (]) la traccia attuale ricomincia. Avanti velocemente Tieni premuto Successivo/Avanza velocemente (‘). Riavvolgere Tieni premuto Precedente/Riavvolgi (]). Sentire il nome dell'artista e il titolo della traccia Premi il tasto di VoiceOver ( ). Ascoltare musicaCapitolo  4    Ascoltare musica 18 Per Esegui questa operazione Sentire il menu delle playlist Tieni premuto il tasto di VoiceOver ( ). Quanto senti il nome della playlist desiderata, premi il tasto VoiceOver ( ) o Play/Pausa (’) per selezionarla. Puoi premere Successivo/Avanza velocemente (‘) o Precedente/Riavvolgi (]) per spostarti velocemente attraverso le playlist. Uscire dal menu delle playlist Tieni premuto il tasto di VoiceOver ( ). L'indicatore luminoso di stato lampeggia una volta in verde in risposta a quasi tutte le azioni (riprodurre, riavvolgere, mandare avanti velocemente, utilizzare VoiceOver, regolare il volume, ecc.). Se metti in pausa iPod shuffle, l'indicatore luminoso di stato si accende in verde e rimane fisso per 30 secondi. Se raggiungi il limite massimo o minimo del volume, l'indicatore luminoso si accende tre volte in arancione. I comportamenti dell'indicatore luminoso rispetto allo stato della batteria sono descritti in Controllare lo stato della batteria a pagina 8. Impostare iPod shuffle per la riproduzione di brani in ordine o in ordine casuale Puoi impostare iPod shuffle per riprodurre i brani in ordine casuale o riprodurli nell'ordine in cui sono organizzati in iTunes. Quando attivi la riproduzione casuale, i libri, i podcast e i Mix Genius non vengono inclusi: verranno riprodotti secondo l'ordine in cui appaiono in iTunes. Per impostare iPod shuffle per la riproduzione di brani in ordine: m Fai scorrere l'interruttore a tre posizioni per riprodurre in ordine (⁄). Dopo la riproduzione dell'ultimo brano, iPod shuffle inizierà di nuovo la riproduzione del primo brano. Per impostare iPod shuffle per la riproduzione casuale: m Fai scorrere l'interruttore sulla riproduzione casuale (¡). Per riprodurre nuovamente i brani in ordine casuale, scorri l'interruttore a tre posizioni dalla riproduzione casuale (¡) alla riproduzione (⁄), quindi torna di nuovo alla riproduzione casuale. Utilizzare VoiceOver iPod shuffle può fornire un maggiore controllo sulle opzioni di riproduzione pronunciando i titoli dei brani e i nomi degli artisti e pronunciando le playlist tra cui scegliere. VoiceOver fornisce anche informazioni sullo stato della batteria e altri messaggi. Per utilizzarlo, abilita VoiceOver da iTunes. Puoi abilitare VoiceOver al momento della prima configurazione di iPod shuffle oppure in un secondo momento. VoiceOver è disponibile in alcune lingue. Per impostare le opzioni di VoiceOver, utilizza il pannello Riepilogo in iTunes. Le sezioni seguenti descrivono come attivare e personalizzare VoiceOver. Per abilitare VoiceOver quando configuri iPod shuffle: 1 Collega iPod shuffle al computer. 2 Segui le istruzioni su schermo in iTunes. Di default, VoiceOver è abilitato. 3 Fai clic su Continua. 4 Nella linguetta Riepilogo, sotto Voice Feedback, scegli la lingua desiderata nel menu a comparsa Lingua.Capitolo  4    Ascoltare musica 19 Imposta la lingua per la pronuncia da utilizzare per i messaggi di sistema, i nomi delle playlist, i titoli dei brani e i nomi degli artisti. Nota: Per selezionare un'altra lingua per tracce specifiche, selezionale in iTunes, scegli File > Ottieni informazioni, scegli una lingua di VoiceOver dal menu a comparsa del pannello Opzioni, quindi fai clic su OK. 5 Fai clic su Applica. Al termine della configurazione, VoiceOver è abilitato su iPod shuffle. Per abilitare VoiceOver in qualsiasi momento: 1 Collega iPod shuffle al computer. 2 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Riepilogo. 3 In “Feedback voce”, seleziona “Abilita VoiceOver”. 4 Fai clic su Applica. 5 Scegli la lingua desiderata nel menu a comparsa in Voice Feedback. 6 Fai clic su Applica. Al termine della sincronizzazione, VoiceOver è abilitato. Per disabilitare VoiceOver: 1 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Riepilogo. 2 In “Feedback voce”, deseleziona “Abilita VoiceOver”. 3 Fai clic su Applica. Al termine della sincronizzazione, VoiceOver è disabilitato. Sentirai ancora alcuni annunci di sistema in inglese su iPod shuffle, come lo stato della batteria, i messaggi di errore e un menu generico di playlist numerate. Non sentirai i titoli dei brani e i nomi degli artisti. Sentire le informazioni di una traccia VoiceOver pronuncia il titolo e il nome dell'artista del brano attuale mentre lo ascolti su iPod shuffle. Per sentire le informazioni della traccia attuale: m Premi il tasto di VoiceOver ( ) durante la riproduzione. Sentirai il nome dell'artista e il titolo della traccia attuale. Puoi utilizzare VoiceOver per passare ad un altro titolo. Per navigare utilizzando le informazioni di una traccia: • se iPod shuffle è in riproduzione, premi il tasto VoiceOver ( ) per sentire le informazioni della traccia attuale; premi Successivo/Avanza velocemente (‘) per passare alla traccia successiva e sentire le relative informazioni; premi Precedente/Riavvolgi (]) per spostarti alla traccia precedente e sentire le relative informazioni. • se iPod shuffle è in pausa, premi il tasto VoiceOver ( ) per sentire le informazioni della traccia attuale; premi Successivo/Avanza velocemente (‘) per sentire le informazioni della traccia successiva; premi Precedente/Riavvolgi (]) per sentire le informazioni della traccia precedente. Premi il tasto VoiceOver o Play/Pausa (’) per riprodurre la traccia.Capitolo  4    Ascoltare musica 20 Modificare le playlist Quando VoiceOver è abilitato, puoi sentire i nomi delle playlist e sceglierne una qualsiasi di quelle che hai sincronizzato su iPod shuffle. Se sono sincronizzati audiolibri o podcast audio su iPod shuffle, i loro titoli vengono letti come parte del menu delle playlist. Se VoiceOver è disabilitato in iTunes, le playlist vengono identificate in ordine numerico (per esempio “Playlist 1, Playlist 2”, ecc.), invece che per nome. Il menu delle playlist annuncia ogni elemento in questo ordine: • La playlist attuale (se disponibile). • “Tutti i brani” (playlist di default di tutti i brani su iPod shuffle). • Tutte le playlist, comprese le playlist Genius, in ordine alfabetico • Tutti i mix Genius, in ordine alfabetico • Tutti i podcast, in ordine alfabetico • Tutte le raccolte iTunes U, in ordine alfabetico • Tutti gli audiolibri, in ordine alfabetico Per scegliere un elemento dal menu delle playlist: 1 Tieni premuto il tasto di VoiceOver ( ). Sentirai i nomi delle playlist. 2 Quanto senti il nome della playlist desiderata, premi il tasto VoiceOver ( ) o Play/Pausa (’) per selezionarla. Viene riprodotto il primo elemento che appare nella playlist. Quando stai ascoltando il menu delle playlist, puoi premere Successivo/Avanza velocemente (‘) o Precedente/Riavvolgi (]) per spostarti avanti e indietro nel menu delle playlist Per riavviare una playlist, segui i passi descritti sopra per selezionare la playlist desiderata. Per uscire dal menu delle playlist: m Tieni premuto il tasto di VoiceOver ( ). Impostare le tracce per la riproduzione allo stesso livello di volume Il volume dei brani e di altri elementi audio può variare in base alle modalità di registrazione o alla codifica. Puoi impostare iTunes in modo da regolare automaticamente il volume dei brani per riprodurli allo stesso livello di volume relativo e puoi impostare iPod shuffle perché utilizzi l'impostazione di volume di iTunes. La verifica del suono è attivata di default in iTunes, ma non in iPod shuffle. Per impostare iTunes per la riproduzione dei brani allo stesso volume: 1 In iTunes, scegli iTunes > Preferenze (su un computer Mac) oppure Modifica > Preferenze (su un PC Windows). 2 Fai clic su Riproduci e scegli "Livelli volume". Per configurare iPod shuffle in modo che utilizzi l'impostazione del volume di iTunes: 1 Collega iPod shuffle al computer. 2 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi. 3 Fai clic sulla linguetta Riepilogo. 4 Nella sezione Opzioni, seleziona “Abilita Verifica volumi”. 5 Fai clic su Applica. Se non hai attivato l’opzione di verifica del volume in iTunes, configurandola su iPod shuffle non sortirai alcun effetto.Capitolo  4    Ascoltare musica 21 Impostare un limite di volume Puoi impostare un limite del volume per iPod shuffle. Inoltre puoi impostare una password in iTunes per evitare la modifica di questa impostazione da parte di persone senza autorizzate. Se hai impostato un limite di volume su iPod shuffle, l'indicatore luminoso di stato lampeggia tre volte in arancione se tenti di aumentare il volume oltre il limite massimo. Per impostare il limite massimo di volume per iPod shuffle: 1 Imposta iPod shuffle al volume massimo desiderato. 2 Collega iPod shuffle al computer. 3 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Riepilogo. 4 Nella sezione Opzioni, seleziona “Limita il volume massimo”. 5 Trascina il cursore sul volume massimo desiderato. L'impostazione iniziale del cursore mostra il volume a cui iPod shuffle era impostato quando lo hai collegato al computer. ATTENZIONE: Il livello di volume potrebbe anche variare a seconda del tipo di auricolari o di cuffie che usi. Per eliminare il limite massimo di volume: 1 Collega iPod shuffle al computer. 2 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Riepilogo. 3 Nella sezione Opzioni, deseleziona “Limita il volume massimo”. Bloccare e sbloccare i pulsanti di iPod shuffle Puoi bloccare i pulsanti di iPod shuffle per evitare che si attivino se li premi accidentalmente. Questa funzionalità richiede il software 1.0.1 o versione successiva (collega iPod shuffle a iTunes per aggiornare il software). Per bloccare i pulsanti di iPod shuffle: m Tieni premuto Play/Pausa (’) per tre secondi. Quando i pulsanti vengono bloccati, l'indicatore luminoso di stato lampeggia in arancione per tre volte. Se premi un pulsante quando i pulsanti sono bloccati, l'indicatore luminoso di stato lampeggia in arancione una volta. Per sbloccare i pulsanti: m Tieni premuto di nuovo Play/Pausa (’) per tre secondi. Quando i pulsanti vengono sbloccati, l'indicatore luminoso di stato lampeggia in arancione per tre volte. Se indossi gli auricolari, udirai un tono quando i pulsanti vengono bloccati o sbloccati.5 22 Puoi utilizzare iPod shuffle per caricarvi anche i tuoi dati oltre alla musica. Leggi questo capitolo per informazioni sulla modalità di utilizzo di iPod shuffle come un disco rigido esterno. Utilizzare iPod shuffle come disco esterno Puoi utilizzare iPod shuffle come disco esterno per archiviare file di dati. Per sincronizzare iPod shuffle con musica e altro audio da ascoltare, devi utilizzare iTunes. Non puoi riprodurre file audio che copi su iPod shuffle utilizzando il Finder di Macintosh o Esplora risorse di Windows. Per abilitare l'utilizzo di iPod shuffle come disco esterno: 1 Collega iPod shuffle al computer. 2 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Riepilogo. 3 Nella sezione Opzioni, seleziona Abilita utilizzo come disco per vedere le impostazioni del disco potresti dover scorrere verso il basso. 4 Fai clic su Applica. Quando usi iPod shuffle come disco esterno, l'icona del disco di iPod shuffle appare sulla scrivania di un computer Mac oppure come la successiva lettera di disco disponibile in "Esplora risorse" di un PC Windows. Quando iPod shuffle è abilitato come disco rigido e lo colleghi al computer, l'indicatore luminoso di stato si accende in arancione fisso. Prima di scollegare iPod shuffle dal computer, accertati di espellerlo in iTunes. Copiare file tra computer Quando abiliti l'utilizzo come disco su iPod shuffle, puoi copiare file da un computer all'altro. iPod shuffle è formattato come volume FAT-32, supportato sia dai computer Mac che PC. Questo ti consente di utilizzare iPod shuffle per copiare file tra computer con sistemi operativi diversi. Per copiare i file tra computer: 1 Dopo avere abilitato l'uso di iPod shuffle come disco, collegalo al computer da cui desideri copiare i file. Importante: Se iPod shuffle è impostato per la sincronizzazione automatica, quando lo colleghi a un computer o a un account utente diverso, viene visualizzato un messaggio in cui ti viene chiesto se desideri inizializzare iPod shuffle e sincronizzarlo con la nuova libreria di iTunes. Se non desideri inizializzare il contenuto di iPod shuffle, fai clic su Annulla. Archiviare file su iPod shuffleCapitolo  5    Archiviare file su iPod shuffle 23 2 Utilizzando il file di sistema del computer (il Finder su un Mac, Esplora risorse su un PC), trascina i file desiderati su iPod shuffle. 3 Scollega iPod shuffle quindi collegalo all'altro computer. Di nuovo, fai clic su Annulla se non desideri inizializzare il contenuto di iPod shuffle. 4 Trascina i file da iPod shuffle nella posizione desiderata sull'altro computer. Evitare che iTunes si apra automaticamente Puoi impedire l'avvio automatico di iTunes al momento della connessione di iPod shuffle al computer. Per evitare l'avvio automatico di iTunes: 1 Collega iPod shuffle al computer. 2 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Riepilogo. 3 Nella sezione Opzioni, deseleziona Apri iTunes quando questo iPod è collegato. 4 Fai clic su Applica.6 24 La maggior parte dei problemi con iPod shuffle può essere risolta rapidamente seguendo i consigli contenuti in questo capitolo. Le 5 R: Reimposta, riprova, riavvia, reinstalla, ripristina Tieni in mente questi cinque suggerimenti di base se riscontri dei problemi con iPod shuffle. Cerca di eseguire questi passi uno per volta finché il problema non è stato risolto. Se ciò non dovesse bastare, leggi più avanti per trovare una soluzione ai problemi specifici. • Reimposta iPod shuffle spegnendolo e attendendo 10 secondi prima di riaccenderlo. • Riprova con una porta USB 2.0 diversa se iTunes non riconosce iPod shuffle. • Riavvia il computer e assicurati di aver installato gli ultimi aggiornamenti software disponibili. • Reinstalla le versioni più recenti dei software iPod e iTunes disponibili sul web. • Ripristina iPod shuffle. Consulta Aggiornare e ripristinare il software di iPod shuffle a pagina 26. Se l'indicatore luminoso di stato è rosso fisso o se senti il messaggio di errore “Utilizza iTunes per ripristinare” Collega iPod shuffle al computer e ripristinalo in iTunes. Consulta Aggiornare e ripristinare il software di iPod shuffle a pagina 26. Se iPod shuffle non si accende o non risponde ai comandi • Collega iPod shuffle a una porta USB 2.0 ad alta potenza sul computer. Potrebbe essere necessario ricaricare la batteria di iPod shuffle. • Spegni iPod shuffle, attendi 10 secondi, quindi riaccendilo. • Potresti dover ripristinare il software di iPod shuffle. Consulta Aggiornare e ripristinare il software di iPod shuffle a pagina 26. Se iPod shuffle non riproduce musica • iPod shuffle potrebbe non contenere brani musicali. Se senti il messaggio “Utilizzare iTunes per sincronizzare la musica”, collega iPod shuffle al computer per sincronizzare la musica. • Spegni l'interruttore a tre vie e riprova. • Verifica che il connettore delle cuffie auricolari sia completamente inserito. • Assicurati che il volume sia impostato in modo appropriato. Occorre impostare un limite di volume. Consulta Impostare un limite di volume a pagina 21. • iPod shuffle potrebbe essere in pausa. Prova a premere Play/Pausa (’). Se colleghi iPod shuffle al computer e non succede nulla • Collega iPod shuffle a una porta USB 2.0 ad alta potenza sul computer. Potrebbe essere necessario ricaricare la batteria di iPod shuffle. Suggerimenti e risoluzione dei problemiCapitolo  6    Suggerimenti e risoluzione dei problemi 25 • Assicurati di avere installato la versione più recente del software di iTunes da www.itunes.com/it/download. • Prova a collegare il cavo USB a una porta USB 2.0 diversa sul computer. Accertati che il cavo USB sia collegato saldamente a iPod shuffle e al computer. Assicurati che il connettore sia orientato correttamente. È possibile inserirlo in un solo modo. • Potresti dover reimpostare iPod shuffle. Spegni iPod shuffle, attendi 10 secondi, quindi riaccendilo. • Se iPod shuffle non viene visualizzato in iTunes o nel Finder, la batteria potrebbe essere completamente scarica. Lascia iPod shuffle in carica per alcuni minuti per vedere se si riattiva. • Assicurati di avere computer e software richiesti. Consulta Se desideri verificare i requisiti di sistema a pagina 26. • Prova a riavviare il computer. • Potrebbe essere necessario ripristinare il software iPod. Consulta Aggiornare e ripristinare il software di iPod shuffle a pagina 26. • Potresti dover riparare iPod shuffle. Puoi prenotare il servizio di riparazione sul sito web di assistenza per iPod shuffle all'indirizzo www.apple.com/it/support/ipodshuffle/service. Se non puoi sincronizzare un brano o un altro elemento su iPod shuffle Può darsi che il brano sia codificato in un formato non supportato da iPod shuffle. iPod shuffle supporta i seguenti formati audio. Compresi i formati per audiolibri e podcast: • AAC (M4A, M4B, M4P) (da 8 a 320 kbps) • AAC protetto (da iTunes Store) • Apple Lossless (un formato compresso di elevata qualità) • MP3 (da 8 a 320 kbps) • MP3 VBR (Variable Bit Rate) • Audible (formati 2, 3, 4, Audible Enhanced Audio, AAX e AAX+) • WAV • AA (audible.com parlato, formati 2, 3 e 4) • AIFF Un brano codificato nel formato Apple Lossless offre una qualità audio quasi equivalente a quella di un CD, ma occupa solo la metà dello spazio di un brano codificato in formato AIFF o WAV. Lo stesso brano codificato nel formato AAC o MP3 occupa uno spazio ancora inferiore. La musica che importi da un CD utilizzando iTunes, viene convertita di default nel formato AAC. Puoi fare in modo che iPod shuffle converta automaticamente i file codificati con una frequenza bit superiore in file AAC a 128 kbps nel momento in cui vengono sincronizzati con iPod shuffle. Consulta Trasferire più brani su iPod shuffle a pagina 16. Utilizzando iTunes per Windows, puoi convertire file WMA non protetti in formato AAC o MP3. Può esserti utile se disponi di una raccolta di musica codificata in formato WMA. iPod shuffle non supporta i file audio WMA, MPEG Layer 1, MPEG Layer 2 o audible.com formato 1. Se un brano di iTunes non è supportato da iPod shuffle, puoi convertirlo in un formato supportato da iPod shuffle. Per ulteriori informazioni, apri iTunes e scegli Aiuto > Aiuto iTunes.Capitolo  6    Suggerimenti e risoluzione dei problemi 26 Se desideri verificare i requisiti di sistema Per utilizzare iPod shuffle, devi disporre di quanto segue: • Una delle seguenti configurazioni di sistema: • Un Macintosh con una porta USB 2.0 • Un PC Windows PC con una porta USB 2.0 o una scheda USB 2.0 installata • Uno dei seguenti sistemi operativi: Mac OS X 10.5.8 o versione successiva, Windows Vista o Windows XP Home o Professional con Service Pack 3 o successivo • Accesso Internet (si consiglia una connessione a banda larga). • iTunes 10.7 o versione successiva (puoi scaricarlo da www.itunes.com/it/download) Se il PC Windows non è fornito di una porta USB 2.0 ad alta potenza, puoi acquistare e installare una scheda USB 2.0. Porta USB 2.0 ad alta potenza Se desideri utilizzare iPod shuffle con un computer Mac e un PC Windows Se iPod shuffle è impostato per la gestione manuale della musica, puoi aggiungere il contenuto di una o più librerie di iTunes, indipendentemente dal sistema operativo presente sul computer. Se iPod shuffle è impostato per la sincronizzazione automatica, quando lo colleghi a un computer o a un account utente diverso, viene visualizzato un messaggio in cui ti viene chiesto se desideri inizializzare iPod shuffle e sincronizzarlo con la nuova libreria di iTunes. Fai clic su Annulla per mantenere invariato il contenuto di iPod shuffle. Puoi utilizzare iPod shuffle come disco esterno sia con i computer Macintosh che con i PC; in questo modo puoi copiare file da un sistema operativo all'altro. Consulta Capitolo 5, Archiviare file su iPod shuffle, a pagina 22. Aggiornare e ripristinare il software di iPod shuffle Puoi utilizzare iTunes per eseguire l’aggiornamento o il ripristino del software di iPod shuffle. Ti consigliamo di aggiornare iPod shuffle in modo da utilizzare il software più recente. Inoltre, puoi ripristinare il software, riportando così iPod shuffle alle impostazioni originali. • Se scegli di eseguire l'aggiornamento, viene aggiornato il software, ma le impostazioni, i brani e gli altri dati non vengono modificati. • Se scegli di ripristinare, vengono cancellati tutti i dati presenti su iPod shuffle, compresi i brani e qualsiasi altra informazione. Tutte le impostazioni di iPod shuffle verranno ripristinate al loro stato originale. Per aggiornare o ripristinare iPod shuffle: 1 Assicurati di disporre di una connessione a Internet e di avere installato sul computer la versione più recente di iTunes da www.itunes.com/it/download. 2 Collega iPod shuffle al computer. 3 In iTunes, seleziona iPod shuffle nell'elenco dei dispositivi e fai clic sul pannello Riepilogo. In Versione puoi controllare se iPod shuffle è aggiornato o se richiede l'installazione di versione più recente del software.Capitolo  6    Suggerimenti e risoluzione dei problemi 27 4 Esegui una delle seguenti operazioni: • Per installare la versione più recente del software, fai clic su Aggiorna. • Per ripristinare le impostazioni di fabbrica originali di iPod shuffle, fai clic su Ripristina. Il ripristino cancella tutti i dati presenti su iPod shuffle. Per completare la procedura di ripristino, segui le istruzioni visualizzate sullo schermo.7 28 Questo capitolo contiene informazioni importanti sulla sicurezza e la gestione delle informazioni di iPod shuffle. ATTENZIONE: La mancata osservanza delle istruzioni di sicurezza qui riportate può causare incendi, scosse elettriche, altre lesioni o danni a iPod shuffle o altri oggetti. Leggi tutte le informazioni riportate di seguito prima di utilizzare iPod shuffle. Tieni questo Manuale Utente di iPod shuffle a portata di mano per la consultazione. Informazioni di sicurezza importanti Uso adeguato  Non fare cadere, non smontare, aprire, schiacciare, piegare, deformare, forare, tagliare, inserire in un forno a microonde, bruciare, dipingere o inserire oggetti estranei in iPod shuffle. Acqua e luoghi umidi  Non utilizzare iPod shuffle sotto la pioggia, in prossimità di lavandini o altri luoghi umidi. Fai attenzione a non versare liquidi e a non far cadere alimenti di alcun genere su iPod shuffle. Nel caso in cui iPod shuffle si bagni, scollega tutti i cavi, spegnilo (facendo scorrere l'interruttore a tre posizioni su OFF) prima di pulirlo e lascialo asciugare completamente prima di riaccenderlo. Non fare asciugare iPod shuffle con una fonte esterna di calore, come un forno a microonde o un asciugacapelli. Riparazione di iPod shuffle  Non tentare in alcun caso di riparare o modificare iPod shuffle da solo. Se iPod shuffle è stato immerso in acqua, forato o ha subito una grave caduta, non utilizzarlo prima di averlo portato presso un fornitore di servizi Apple autorizzato. iPod shuffle non contiene parti sostituibili dall'utente. Smontare iPod shuffle, compresa la rimozione della custodia sul retro, potrebbe causare dei danni non coperti dalla garanzia. Per le informazioni relative alla riparazione, seleziona Aiuto iPod dal menu Aiuto di iTunes o vai alla pagina web www.apple.com/it/support/ipod/service. La batteria ricaricabile di iPod shuffle deve essere sostituita soltanto da un fornitore di servizi Apple autorizzato. Per ulteriori informazioni sulle batterie, vai su www.apple.com/it/support/ipod/service/battery. Adattatore di alimentazione USB di Apple  Se utilizzi l'adattatore di alimentazione USB di Apple (in vendita separatamente su www.apple.com/it/ipodstore) per caricare iPod shuffle, assicurati che l'alimentatore sia montato correttamente prima di inserirlo in una presa di corrente. Quindi inserisci l'adattatore di alimentazione USB di Apple nella presa elettrica. Non collegare o scollegare l'adattatore di alimentazione USB di Apple con le mani bagnate. Non utilizzare alimentatori di corrente diversi dall'adattatore di alimentazione USB di Apple per caricare iPod shuffle. L'adattatore di alimentazione USB di Apple si riscalda durante il normale utilizzo. Verifica che la ventilazione intorno all'adattatore di alimentazione USB di Apple sia sempre adeguata e maneggialo con cura. Sicurezza e puliziaCapitolo  7    Sicurezza e pulizia 29 Scollega l'adattatore di alimentazione USB di Apple se si verifica una delle seguenti condizioni: • Il cavo dell'alimentatore o la spina sono consumati o danneggiati. • L'alimentatore è stato esposto a pioggia, liquidi o umidità eccessiva. • Il contenitore dell'alimentatore è danneggiato. • Ritieni che l'alimentatore richieda manutenzione o riparazione. • Desideri eseguire la pulizia dell'alimentatore. Danni all'udito  L’utilizzo di auricolari e cuffie ad alto volume può causare danni permanenti all’udito. Evita di regolare il volume su livelli eccessivi. Sebbene col tempo potresti adattarti a un volume più elevato senza apparenti problemi, l’udito potrebbe risultare affetto da lesioni. Se si notano dei fischi nelle orecchie o l'ascolto risulta attutito, interrompere l'ascolto e farsi visitare da uno specialista dell'apparato uditivo. Più alto è il volume d'ascolto e più presto l'udito potrebbe essere danneggiato. Gli specialisti dell'apparato uditivo suggeriscono di proteggere l'udito come segue: • Limitare la quantità di tempo di utilizzo di auricolari e cuffie ad alto volume. • Evitare di alzare il volume per coprire altri rumori ambientali. • Abbassare il volume se non si riescono a sentire le persone che parlano nelle vicinanze. Per informazioni sull'impostazione di un limite di volume su iPod shuffle, consulta Impostare un limite di volume a pagina 21. Sicurezza delle cuffie  L'uso di auricolari (anche se in un solo auricolare) alla guida o in bicicletta non è consigliato ed è illegale in alcune zone. Controlla e rispetta la legislazione e la normativa vigente relativamente all'uso di auricolari e dispositivi come iPod shuffle nelle zone in cui guidi o vai in bicicletta. Presta molta attenzione durante la guida. Smetti di utilizzare iPod shuffle se ritieni che possa essere dannoso o che possa distrarti dalla guida di qualsiasi tipo di veicolo o durante qualunque altra attività che richieda la tua massima attenzione. Informazioni importanti per un corretto utilizzo AVVISO: La mancata osservanza delle istruzioni per un corretto utilizzo qui riportate può causare danni a iPod shuffle o ad altri oggetti. Trasporto iPod shuffle  iPod shuffle contiene componenti delicati. Non piegare, non far cadere e non esercitare una pressione eccessiva su iPod shuffle. Utilizzare i connettori e le porte  Non forzare mai un connettore in una porta. Verifica che non siano presenti ostruzioni sulla porta. Se non puoi inserire facilmente il connettore nella porta, probabilmente il connettore non è quello giusto. Verificare che il connettore sia adatto a quella porta e che sia stato posizionato correttamente in relazione alla stessa. Mantenere iPod shuffle entro temperature accettabili  Utilizza iPod shuffle in luoghi dove la temperatura è sempre compresa tra 0º and 35º C. A basse temperature, la batteria di iPod shuffle potrebbe durare meno. Conserva sempre iPod shuffle in luoghi dove la temperatura è compresa tra -20° e 45° C. Non lasciare iPod shuffle in auto, poiché la temperatura di una vettura parcheggiata potrebbe superare questi valori. Quando utilizzi iPod shuffle o ne carichi la batteria, è normale che la parte inferiore di iPod shuffle si riscaldi. La parte esterna di iPod shuffle funziona come una superficie raffreddante che trasferisce il calore dall'interno dell'unità all'aria esterna più fredda.Capitolo  7    Sicurezza e pulizia 30 Mantenere pulito l'esterno di iPod shuffle  Per pulire iPod shuffle, scollega tutti i cavi, spegnilo (facendo scorrere l'interruttore a tre posizioni su OFF) e utilizza un panno morbido, leggermente umido e non sfilacciato. Non inserire sostanze liquide nelle fessure. Non utilizzare prodotti specifici per vetri e specchi né altri tipi di detergenti o spray, solventi, alcol, ammoniaca o prodotti abrasivi per la pulizia di iPod shuffle. Smaltire iPod shuffle in modo adeguato  Per informazioni sullo smaltimento di iPod shuffle e per altre informazioni importanti sulla conformità alla normativa vigente, consulta Informazioni sullo smaltimento e il riciclaggio a pagina 33. Informazioni sulla conformità Per informazioni sulla conformità relative a iPod shuffle, consulta Informazioni sulla conformità alle normative a pagina 32. 8 31 Ulteriori informazioni sull'uso di iPod shuffle sono disponibili nell'aiuto su schermo e in linea. La tabella che segue illustra dove trovare prodotti software e informazioni su servizi relativi a iPod. Per informazioni su Esegui questa operazione Servizio e assistenza, discussioni, tutorial e download di software Apple Vai a: www.apple.com/it/support/ipodshuffle. Utilizzo di iTunes Apri iTunes e scegli Aiuto > Aiuto iTunes. Per un tutorial in linea di iTunes (disponibile solo in alcuni paesi), vai su: www.apple.com/it/itunes/tutorials Informazioni più recenti su iPod shuffle Vai a: www.apple.com/it/ipodshuffle. Registrare iPod shuffle Installa iTunes e collega iPod shuffle al computer. Trovare il numero di serie di iPod shuffle Cerca sotto il clip di iPod shuffle. Oppure in iTunes (con iPod shuffle collegato al computer), seleziona iPod shuffle nell'elenco dei dispositivi, quindi fai clic sul pannello Riepilogo. Ottenere l'assistenza in garanzia In primo luogo, segui i consigli contenuti in questo opuscolo, nell’aiuto su schermo e nelle risorse in linea e quindi consulta il sito web: www.apple.com/it/support/ipodshuffle/service. Altre informazioni, servizi e supportoDichiarazione di conformità FCC Questo dispositivo è conforme alla parte 15 delle regole FCC. Il funzionamento è soggetto alle seguenti due condizioni: (1) Il presente dispositivo non può causare interferenze dannose, e (2) lo stesso dispositivo deve accettare qualsiasi interferenza ricevuta, incluse le interferenze che potrebbero determinarne un funzionamento inaspettato. Se si sospetta che la ricezione radio o televisiva sia compromessa da interferenze, vedere le istruzioni. Interferenze radio e televisive Questa apparecchiatura genera, utilizza e può emanare energia a radiofrequenze. Se tale apparecchiatura non viene installata e utilizzata correttamente, vale a dire in conformità con le istruzioni Apple, può causare interferenze con la ricezione radio e televisiva. L’apparecchiatura è stata testata ed è risultata conforme alle limitazioni dei dispositivi digitali di Classe B in conformità alle specifiche della Parte 15 delle regole FCC. Queste specifiche sono state create per fornire una protezione efficiente contro tali interferenze in un’installazione residenziale. Tuttavia, non vi è garanzia di protezione contro le interferenze in un’installazione particolare. Per determinare se il sistema informatico causi interferenze, spegnere il computer. Se le interferenze non si verificano più, significa che probabilmente erano causate dal computer o da una delle periferiche. Se il computer causa interferenze con la ricezione radio o televisiva, provare a eliminarle eseguendo una delle seguenti azioni: • Accendere l’antenna radio o televisiva finché l’interferenza si arresta. • Spostare il computer da una parte o dall’altra del televisore o della radio. • Allontanare il computer dal televisore o dalla radio. • Collegare il computer a una presa che si trova su un circuito differente da quello del televisore o della radio. In altre parole, accertarsi che il computer e il televisore o la radio si trovino su circuiti controllati da interruttori o valvole differenti. Se necessario, consultare un fornitore di servizi autorizzato Apple o Apple stessa. Consultare le informazioni sull’assistenza e il supporto fornite con il prodotto Apple. Oppure consultare un tecnico radiotelevisivo esperto per ulteriori suggerimenti. Importante: Modifiche o cambiamenti a questo prodotto non autorizzate da Apple Inc., potrebbero invalidare la conformità agli standard EMC e non consentire l’utilizzo del prodotto. Questa apparecchiatura è stata testata in conformità con gli standard EMC secondo le condizioni che richiedono l’utilizzo delle periferiche Apple, i cavi schermati Apple e connettori tra i componenti del sistema. È importante utilizzare periferiche e cavi e connettori schermati Apple tra i componenti di sistema per ridurre la possibilità di causare interferenze con radio, televisori e altri dispositivi elettronici. Le periferiche e i cavi e i connettori schermati Apple sono disponibili presso i rivenditori Apple autorizzati. Per le periferiche non Apple, contattare il relativo distributore o il rivenditore per assistenza. Parte responsabile (contattare solo per questioni che riguardano la Conformità FCC): Apple Inc. Corporate Compliance 1 Infinite Loop, MS 91-1EMC Cupertino, CA 95014 Dichiarazione di conformità di Industry Canada Questo dispositivo di classe B soddisfa tutti i requisiti delle normative canadesi sulle apparecchiature che causano interferenze. Cet appareil numérique de la classe B respecte toutes les exigences du Règlement sur le matériel brouilleur du Canada. Dichiarazione di conformità VCCI Classe B Dichiarazione di conformità Class B della Corea Comunità europea Questo dispositivo è conforme alle direttive europee LVD e EMC. Sostituzione della batteria La batteria ricaricabile di iPod shuffle deve essere sostituita soltanto da un fornitore di servizi autorizzato. Per i servizi di sostituzione della batteria, vai su: www.apple.com/it/batteries/replacements.html Informazioni sulla conformità alle normative 32Informazioni sullo smaltimento e il riciclaggio iPod dev'essere smaltito conformemente alla legislazione e alle normative locali. Questo prodotto contiene una batteria, pertanto deve essere smaltito separatamente dai rifiuti domestici. Quando iPod raggiunge la fine del proprio ciclo di vita utile, contatta Apple o le autorità locali per informazioni sulle opzioni di riciclaggio. Per informazioni sul programma di riciclaggio di Apple, vai su: www.apple.com/it/recycling China: Taiwan: Efficienza del caricabatteria European Union—Disposal Information: The symbol above means that according to local laws and regulations your product and/or its battery shall be disposed of separately from household waste. When this product reaches its end of life, take it to a collection point designated by local authorities. The separate collection and recycling of your product and/or its battery at the time of disposal will help conserve natural resources and ensure that it is recycled in a manner that protects human health and the environment. Union Européenne—informations sur l’élimination Le symbole ci-dessus signifie que, conformément aux lois et réglementations locales, vous devez jeter votre produit et/ou sa batterie séparément des ordures ménagères. Lorsque ce produit arrive en fin de vie, apportez-le à un point de collecte désigné par les autorités locales. La collecte séparée et le recyclage de votre produit et/ou de sa batterie lors de sa mise au rebut aideront à préserver les ressources naturelles et à s’assurer qu’il est recyclé de manière à protéger la santé humaine et l’environnement. Europäische Union—Informationen zur Entsorgung Das oben aufgeführte Symbol weist darauf hin, dass dieses Produkt und/oder die damit verwendete Batterie den geltenden gesetzlichen Vorschriften entsprechend und vom Hausmüll getrennt entsorgt werden muss. Geben Sie dieses Produkt zur Entsorgung bei einer offiziellen Sammelstelle ab. Durch getrenntes Sammeln und Recycling werden die Rohstoffreserven geschont und es ist sichergestellt, dass beim Recycling des Produkts und/ oder der Batterie alle Bestimmungen zum Schutz von Gesundheit und Umwelt eingehalten werden. Unione Europea—informazioni per lo smaltimento Il simbolo qui sopra significa che, in base alle leggi e alle normative locali, il prodotto e/o la sua batteria dovrebbero essere riciclati separatamente dai rifiuti domestici. Quando il prodotto diventa inutilizzabile, portalo nel punto di raccolta stabilito dalle autorità locali. La raccolta separata e il riciclaggio del prodotto e/o della sua batteria al momento dello smaltimento aiutano a conservare le risorse naturali e assicurano che il riciclaggio avvenga nel rispetto della salute umana e dell’ambiente. Europeiska unionen—Information om kassering Symbolen ovan betyder att produkten och/eller dess batteri enligt lokala lagar och bestämmelser inte får kastas tillsammans med hushållsavfallet. När produkten har tjänat ut måste den tas till en återvinningsstation som utsetts av lokala myndigheter. Genom att låta den uttjänta produkten och/eller dess batteri tas om hand för återvinning hjälper du till att spara naturresurser och skydda hälsa och miljö. Türkiye Türkiye Cumhuriyeti: EEE Yönetmeliğine Uygundur Brasil—Informações sobre descarte e reciclagem O símbolo indica que este produto e/ou sua bateria não devem ser descartadas no lixo doméstico. Quando decidir descartar este produto e/ou sua bateria, faça-o de acordo com as leis e diretrizes ambientais locais. Para informações sobre o programa de reciclagem da Apple, pontos de coleta e telefone de informações, visite www.apple.com/br/environment. Apple e l'ambiente Apple si impegna costantemente per ridurre l'impatto ambientale delle proprie attività e dei propri prodotti. Per ulteriori informazioni, consulta: www.apple.com/it/environment 33KApple Inc. © 2012 Apple Inc. Tutti i diritti riservati. Apple, il logo Apple, Finder, iPod, iPod shuffle, iTunes, Mac, Macintosh, Mac OS X e OS X sono marchi di Apple Inc., registrati negli Stati Uniti e in altri paesi. Apple Store, Genius, iTunes Plus e iTunes Store sono marchi di servizio di Apple Inc., registrati negli Stati Uniti e in altri paesi. I nomi di altre società e prodotti qui menzionati potrebbero essere marchi delle rispettive società. La citazione di prodotti di terze parti è a solo scopo informativo e non costituisce alcun impegno o raccomandazione. Apple declina ogni responsabilità riguardo l’uso e le prestazioni di questi prodotti. Qualsiasi intesa, accordo o garanzia, se presente, prende parte direttamente fra il venditore e l’eventuale utente. Apple si è impegnata perché le informazioni contenute in questo manuale fossero il più possibile precise. Apple declina ogni responsabilità per eventuali errori di stampa. T019-2359/09-2012 iPhone Príručka užívateľa Pre softvér iOS 6Obsah 7 Kapitola 1: iPhone v skratke 7 iPhone 5 – celkový prehľad 7 Príslušenstvo 8 Tlačidlá 10 Stavové ikony 13 Kapitola 2: Začíname 13 Čo budete potrebovať 13 Inštalácia SIM karty 14 Nastavenie a aktivácia iPhonu 14 Pripájanie iPhonu k počítaču 15 Pripájanie na internet 15 Nastavenie emailových a ďalších účtov 15 Apple ID 15 Spravovanie obsahu na vašich iOS zariadeniach 16 iCloud 17 Synchronizácia s iTunes 18 Prezeranie príručky užívateľa na iPhone 19 Kapitola 3: Základy 19 Používanie aplikácií 22 Prispôsobenie iPhonu 24 Písanie 27 Diktovanie 28 Ovládanie hlasom 29 Vyhľadávanie 30 Hlásenia 31 Zdieľanie 32 Pripájanie iPhonu k televízoru alebo inému zariadeniu 33 Tlač pomocou funkcie AirPrint 34 Apple náhlavná sada 35 Bluetooth zariadenia 36 Zdieľanie súborov 36 Bezpečnostné funkcie 37 Batéria 39 Kapitola 4: Siri 39 Čo je Siri? 40 Používanie Siri 43 Reštaurácie 44 Filmy 44 Šport 244 Diktovanie 45 Korekcia Siri 46 Kapitola 5: Telefón 46 Telefonické hovory 50 FaceTime 50 Visual Voicemail (vizuálna odkazová schránka) 52 Kontakty 52 Presmerovanie hovorov, Čakanie hovorov a Zobraziť moje číslo 52 Zvonenia, prepínač Zvoniť/Ticho a vibrovanie 52 Medzinárodné hovory 53 Nastavovanie možností telefónu 54 Kapitola 6: Mail 54 Čítanie emailov 55 Odosielanie emailových správ 56 Triedenie emailových správ 56 Tlačenie správ a príloh 57 Emailové účty a nastavenia 58 Kapitola 7: Safari 61 Kapitola 8: Hudba 61 Získavanie hudby 61 Prehrávanie hudby 63 Cover Flow 63 Podcasty a audioknihy 64 Playlisty 64 Genius 65 Siri a Ovládanie hlasom 65 iTunes Match 66 Domáce zdieľanie 66 Nastavenia aplikácie Hudba 68 Kapitola 9: Správy 68 Odosielanie a prijímanie správ 69 Spravovanie konverzácií 69 Zdieľanie fotografií, videí a ďalších informácií 70 Nastavenia aplikácie Správy 71 Kapitola 10: Kalendár 71 V skratke 72 Práca s viacerými kalendármi 73 Zdieľanie iCloud kalendárov 73 Nastavenia aplikácie Kalendár 74 Kapitola 11: Fotky 74 Prezeranie fotografií a videí 75 Usporadúvanie fotografií a videí 75 Fotostream 76 Zdieľanie fotografií a videí 77 Tlačenie fotografií Obsah 378 Kapitola 12: Kamera 78 V skratke 79 HDR fotografie 79 Prezeranie, zdieľanie a tlač 80 Úprava fotografií a strihanie videa 81 Kapitola 13: Videá 83 Kapitola 14: Mapy 83 Vyhľadávanie lokalít 84 Stanovenie trás 85 3D a Flyover 85 Nastavenia aplikácie Mapy 86 Kapitola 15: Počasie 88 Kapitola 16: Passbook 90 Kapitola 17: Poznámky 92 Kapitola 18: Pripomienky 94 Kapitola 19: Hodiny 95 Kapitola 20: Akcie 97 Kapitola 21: Kiosk 98 Kapitola 22: iTunes Store 98 V skratke 99 Úprava rozloženia tlačidiel na prácu s médiami 100 Kapitola 23: App Store 100 V skratke 101 Vymazávanie aplikácií 102 Kapitola 24: Game Center 102 V skratke 103 Hranie s priateľmi 103 Nastavenia Game Center 104 Kapitola 25: Kontakty 104 V skratke 105 Pridávanie kontaktov 106 Nastavenia aplikácie Kontakty 107 Kapitola 26: Kalkulačka 108 Kapitola 27: Kompas 109 Kapitola 28: Diktafón 109 V skratke 110 Zdieľanie nahrávok s vaším počítačom Obsah 4111 Kapitola 29: Nike + iPod 113 Kapitola 30: iBooks 113 V skratke 114 Čítanie kníh 115 Usporiadanie knižnice 115 Synchronizácia kníh a PDF dokumentov 116 Tlačenie a odosielanie PDF dokumentov emailom 116 Nastavenia iBooks 117 Kapitola 31: Podcasty 119 Kapitola 32: Prístupnosť 119 Funkcie Prístupnosť 119 VoiceOver 129 Presmerovanie zvuku prichádzajúcich hovorov 129 Siri 129 Trojité stlačenie tlačidla Domov 130 Zväčšovanie 130 Veľký text 130 Prevrátenie farieb 130 Rozprávať výber 131 Funkcia Rozprávať autotext 131 Mono zvuk 131 Načúvacie prístroje 132 Priraditeľné zvonenia a vibrácie 132 Upozorňovanie bleskom 132 Asistovaný prístup 133 AssistiveTouch 134 Prístupnosť v OS X 134 Podpora ďalekopisu - TTY 134 Minimálna veľkosť písma emailových správ 134 Priraditeľné zvonenia 134 Visual Voicemail (vizuálna odkazová schránka) 135 Klávesnica orientovaná na šírku 135 Veľká klávesnica telefónu 135 Ovládanie hlasom 135 Skryté titulky 136 Kapitola 33: Nastavenia 136 Režim lietadlo 136 Wi-Fi 137 Bluetooth 137 VPN 138 Zdieľanie internetu 138 Funkcia Nerušiť a hlásenia 139 Operátor 140 Všeobecné 145 Zvuky 146 Jas a pozadie 146 Súkromie Obsah 5148 Príloha A: iPhone ako pracovný nástroj 148 Používanie konfiguračných profilov 148 Nastavenie Microsoft Exchange účtov 149 VPN prístup 149 LDAP a CardDAV účty 150 Príloha B: Medzinárodné klávesnice 150 Používanie medzinárodných klávesníc 151 Špeciálne spôsoby zadávania 153 Príloha C: Bezpečnosť, zaobchádzanie a podpora 153 Dôležité informácie týkajúce sa bezpečnosti 155 Dôležité informácie týkajúce sa zaobchádzania 156 Webová stránka podpory pre iPhone 156 Reštartovanie alebo resetovanie iPhonu 157 Zobrazí sa nápis „Nesprávne heslo“ alebo „iPhone je zablokovaný“ 157 Zobrazí sa nápis „Toto príslušenstvo nie je podporované iPhonom“ 157 Nezobrazujú sa prílohy emailových správ 157 Zálohovanie iPhonu 159 Aktualizácia a obnova softvéru na zariadení iPhone 160 Informácie o softvéri a servise 161 Používanie zariadenia iPhone vo firemnom prostredí 161 Používanie zariadenia iPhone v sieťach iných operátorov 161 Informácie o likvidácii a recyklácii 162 Apple a životné prostredie Obsah 61 7 iPhone 5 – celkový prehľad Poznámka:  Aplikácie a funkcie iPhonu sa môžu líšiť v závislosti od vášho regiónu, jazyka, operátora a modelu iPhonu. Aplikácie, ktoré odosielajú alebo prijímajú dáta cez mobilnú sieť môžu spôsobiť ďalšie poplatky za dátové prenosy. Informácie o volacích programoch a poplatkoch týkajúcich sa iPhonu získate u svojho operátora. Príslušenstvo iPhone sa dodáva s nasledujúcim príslušenstvom: Náhlavná sada Apple:  Použite Apple EarPods s ovládačom a mikrofónom (iPhone 5, na obrázku vyššie) alebo Apple slúchadlá s ovládačom a mikrofónom (iPhone 4S alebo staršie modely) na počúvanie hudby, zvukovej stopy videí a na telefonovanie. Viac v časti Apple náhlavná sada na strane 34. iPhone v skratkeKapitola 1 iPhone v skratke 8 Prepojovací kábel:  Použite kábel Lightning na USB (iPhone 5, na obrázku vyššie) alebo kábel Dock connector – USB (iPhone 4S alebo staršie modely) na pripojenie iPhonu k počítaču kvôli synchronizácii a nabíjaniu. Kábel je takisto možné používať so zariadením iPhone Dock (predáva sa samostatne). Napájací USB adaptér:  Používajte ho s káblom Lightning na USB alebo Dock konektor – USB na nabíjanie batérie iPhonu. Nástroj na vysúvanie SIM karty:  Použite nástroj na vysunutie SIM karty. (Nie je súčasťou balenia vo všetkých oblastiach.) Tlačidlá Tlačidlo Spať/Zobudiť Ak práve iPhone nepoužívate, môžete ho zamknúť, vypnúť jeho displej a šetriť tak batériu. Zamknutie iPhonu:  Stlačte tlačidlo Spať/Zobudiť. Keď je iPhone zamknutý, nereaguje na dotyk obrazovky. iPhone môže aj naďalej prijímať hovory, textové správy a iné aktualizácie. Môžete tiež: • Počúvať hudbu • Nastaviť hlasitosť • Prijímať hovory a počúvať hudbu za pomoci stredného tlačidla na náhlavnej sade Tlačidlo Spať/Zobudiť Tlačidlo Spať/Zobudiť Odomknutie iPhonu:  Stlačte tlačidlo Spať/Zobudiť alebo tlačidlo Domov a potiahnite prepínač. Vypnutie iPhonu:  Stlačte a podržte tlačidlo Spať/Zobudiť na niekoľko sekúnd, až kým sa nezobrazí červený prepínač, ktorý následne potiahnite prstom. Zapnutie iPhonu:  Stlačte a podržte tlačidlo Spať/Zobudiť, až kým sa nezobrazí logo spoločnosti Apple. Otvorenie aplikácie Kamera, keď je iPhone zamknutý:  Stlačte tlačidlo Spať/Zobudiť alebo tlačidlo Domov a potom potiahnite nahor. Prístup k ovládacím prvkom zvuku, keď je iPhone zamknutý:  Stlačte tlačidlo Domov dvakrát . Ak sa približne minútu nedotknete obrazovky, iPhone sa uzamkne. Môžete nastaviť časový interval automatického uzamknutia (alebo vypnutia) iPhonu, ako aj zadanie hesla pred odomknutím.Kapitola 1 iPhone v skratke 9 Úprava časového intervalu automatického uzamknutia alebo vypnutia:  Viac v časti Uzamykanie na strane 142. Vyžadovanie hesla na odomknutie iPhonu:  Viac v časti Uzamykanie heslom na strane 143. Tlačidlo Domov Tlačidlo Domov vás prenesie na plochu bez ohľadu na to, čo práve robíte. Pomocou tlačidla Domov môžete taktiež rýchlo vykonávať niektoré funkcie. Prechod na plochu:  Stlačte tlačidlo Domov . Na ploche otvorte aplikáciu klepnutím. Viac v časti Otváranie a prepínanie medzi aplikáciami na strane 19. Zobrazenie nedávno používaných aplikácií:  Stlačte tlačidlo Domov dvakrát (iPhone musí byť odomknutý). V spodnej časti obrazovky sa zobrazí panel multitaskingu, ktorý zobrazuje najčastejšie používané aplikácie. Ak chcete zobraziť viac aplikácií, potiahnite panel doľava. Zobrazenie ovládania prehrávania zvuku:  • Keď je iPhone zamknutý: Stlačte tlačidlo Domov dvakrát . Viac v časti Prehrávanie hudby na strane 61. • Počas používania inej aplikácie: Stlačte tlačidlo Domov dvakrát a potom potiahnite panel multitaskingu smerom zľava doprava. Používanie funkcie Siri (iPhone 4S alebo novšie modely) alebo ovládania hlasom:  Stlačte a podržte tlačidlo Domov . Viac v časti kapitola 4, Siri, na strane 39 a Ovládanie hlasom na strane 28. Ovládanie hlasitosti Ak práve telefonujete, počúvate hudbu, alebo pozeráte film či iné médiá, tlačidlá na bočnej strane iPhonu menia úroveň hlasitosti. Tieto tlačidlá tiež slúžia na nastavenie hlasitosti zvonenia, pripomienok a ďalších zvukových efektov. UPOZORNENIE:  Dôležité informácie týkajúce sa prevencie pred poškodením sluchu nájdete v časti Dôležité informácie týkajúce sa bezpečnosti na strane 153. Zvýšiť hlasitosť Zvýšiť hlasitosť Znížiť hlasitosť Znížiť hlasitosť Uzamknutie hlasitosti vyzváňania a upozornení:  Prejdite do Nastavenia > Zvuky a vypnite možnosť Upravovať tlačidlami. Obmedzenie hlasitosti hudby a videa:  Prejdite do Nastavenia > Hudba > Obmedzenie hlasitosti. Poznámka:  V niektorých krajinách vás môže iPhone upozorniť, ak nastavenie hlasitosti presiahne úroveň hlasitosti odporúčanú bezpečnostnými smernicami EÚ. Na zvýšenie hlasitosti nad túto úroveň bude zrejme potrebné na okamih uvoľniť tlačidlo ovládania hlasitosti. Ľubovoľné z tlačidiel na ovládanie hlasitosti môžete použiť aj na fotografovanie a natáčanie videí. Viac v časti kapitola 12, Kamera, na strane 78.Kapitola 1 iPhone v skratke 10 Prepínač Zvoniť/Ticho Pomocou prepínača Zvoniť/Ticho prepínate na iPhone medzi hlasným režimom a tichým režimom . Ak je nastavený hlasný režim, iPhone prehráva všetky zvuky. Ak je nastavený tichý režim, iPhone nezvoní, neprehráva pripomienky ani ďalšie zvukové efekty. Dôležité:  Budíky, aplikácie určené na prehrávanie zvuku ako napríklad Hudba a množstvo hier, budú aj naďalej prehrávať zvuky prostredníctvom vstavaného reproduktora, aj keď je iPhone v tichom režime. V niektorých oblastiach budú zvukové efekty aplikácií Kamera a Diktafón prehrávané aj keď je prepínač Zvoniť/Ticho v polohe Ticho. Viac informácií o nastavení zvukov a vibrovaní nájdete v časti Zvuky na strane 145. Na stíšenie hovorov, upozornení a hlásení môžete použiť aj funkciu Nerušiť. Nastavenie funkcie Nerušiť ( ) na iPhone:  Prejdite do Nastavení a zapnite funkciu Nerušiť. Ak je zapnutá funkcia Nerušiť a obrazovka je zamknutá, nebudú hovory, upozornenia a hlásenia vydávať žiadne zvuky a obrazovka zariadenia sa zároveň nebude zapínať. Budíky budú naďalej prehrávané. Ak je obrazovka zariadenia odomknutá, nemá na iPhone funkcia Nerušiť žiaden vplyv. Ak si chcete naplánovať hodiny počas ktorých nechcete byť rušení, povoliť telefonáty od vybraných osôb alebo povoliť zvonenie opakovaných hovorov, prejdite do Nastavenia > Hlásenia > Nerušiť. Viac v časti Funkcia Nerušiť a hlásenia na strane 138. Stavové ikony Ikony v stavovom riadku vo vrchnej časti obrazovky informujú o stave vášho iPhonu: Stavová ikona Význam Signál mobilnej siete* Indikuje, či ste v dosahu mobilnej siete a či môžete uskutočňovať alebo prijímať hovory. Čím viac paličiek je zobrazených, tým je signál silnejší. Ak nie je v dosahu žiadny signál, paličky sú nahradené textom „Žiadna sieť“. Režim lietadlo Indikuje, že je zapnutý režim lietadlo – nie je možné používať telefón, pripájať sa na internet ani používať Bluetooth® zariadenia. K dispozícii nie sú žiadne z funkcií, ktoré používajú bezdrôtové siete. Viac v časti Režim lietadlo na strane 136. LTE Zobrazuje, že sieť LTE vášho operátora je v dosahu iPhonu a môžete sa jej prostredníctvom pripojiť na internet. (iPhone 5, služba nie je dostupná vo všetkých oblastiach). Viac v časti Mobilné na strane 141.Kapitola 1 iPhone v skratke 11 Stavová ikona Význam UMTS Zobrazuje, že sieť 4G UMTS (GSM) vášho operátora je v dosahu iPhonu a môžete sa jej prostredníctvom pripojiť na internet. (iPhone 4S alebo novší. Služba nie je dostupná vo všetkých oblastiach). Viac v časti Mobilné na strane 141. UMTS/EV-DO Zobrazuje, že je 3G UTMS (GSM) alebo EV-DO (CDMA) sieť vášho operátora v dosahu iPhonu a môžete sa prostredníctvom nej pripojiť na internet. Viac v časti Mobilné na strane 141. EDGE Zobrazuje, že sieť EDGE (GSM) vášho operátora je v dosahu iPhonu a môžete sa jej prostredníctvom pripojiť na internet. Viac v časti Mobilné na strane 141. GPRS/1xRTT Zobrazuje, že je GPRS (GSM) alebo 1xRTT (CDMA) sieť vášho operátora v dosahu iPhonu a môžete sa prostredníctvom nej pripojiť na internet. Viac v časti Mobilné na strane 141. Wi-Fi* Zobrazuje, že iPhone je pripojený na internet prostredníctvom Wi-Fi siete. Čím viac paličiek je zobrazených, tým je signál silnejší. Viac v časti Wi-Fi na strane 136. Nerušiť Zobrazuje, že je zapnutá funkcia Nerušiť. Viac v časti Zvuky na strane 145. Zdieľanie internetu Zobrazuje, že iPhone je pripojený k inému iPhonu a zdieľa s ním pripojenie na internet. Viac v časti Zdieľanie internetu na strane 138. Synchronizácia Zobrazuje, že sa iPhone synchronizuje s iTunes. Aktivita siete Signalizuje sieťovú aktivitu. Túto ikonu môžu na identifikáciu aktívnych procesov využívať aj niektoré aplikácie tretích strán. Presmerovanie hovorov Zobrazuje, že je na iPhone zapnuté presmerovanie hovorov. Viac v časti Presmerovanie hovorov, Čakanie hovorov a Zobraziť moje číslo na strane 52. VPN Zobrazuje, že ste pripojení k sieti prostredníctvom VPN. Viac v časti Mobilné na strane 141. Zámok Zobrazuje, že je iPhone zamknutý. Viac v časti Tlačidlo Spať/ Zobudiť na strane 8. TTY Zobrazuje, že je iPhone nastavený na prácu s ďalekopisným strojom (TTY). Viac v časti Podpora ďalekopisu - TTY na strane 134. Play Zobrazuje, že sa práve prehráva skladba, audiokniha alebo podcast. Viac v časti Prehrávanie hudby na strane 61. Zamknutie orientácie na výšku Zobrazuje, že orientácia obrazovky iPhonu je zamknutá na výšku. Viac v časti Orientácia na výšku alebo na šírku na strane 21. Budík Zobrazuje, že máte nastavený budík. Viac v časti kapitola 19, Hodiny, na strane 94. Lokalizačné služby Zobrazuje, že niektorá z aplikácií používa lokalizačné služby. Viac v časti Súkromie na strane 146.Kapitola 1 iPhone v skratke 12 Stavová ikona Význam Bluetooth* Modrá alebo biela ikona:  Bluetooth je zapnuté a spárované so zariadením. Sivá ikona:  Bluetooth je zapnuté a spárované so zariadením, ale zariadenie je mimo dosahu alebo vypnuté. Žiadna ikona:  Bluetooth nie je spárované so zariadením. Viac v časti Bluetooth zariadenia na strane 35. Batéria Bluetooth Zobrazuje úroveň batérie podporovaného a spárovaného Bluetooth zariadenia. Batéria Zobrazuje stav batérie alebo nabíjania. Viac v časti Batéria na strane 37. * Príslušenstvo a bezdrôtový výkon:  Používanie určitého príslušenstva s iPhonom môže znížiť výkon v bezdrôtovej sieti. Nie všetko príslušenstvo určené pre iPad je plne kompatibilné s iPhonom. Rušenie zvuku iPhonu spôsobené príslušenstvom môžete eliminovať zapnutím režimu lietadlo. Keď je zapnutý režim lietadlo, nemôžete uskutočňovať ani prijímať hovory alebo používať funkcie, ktoré používajú na komunikáciu bezdrôtové technológie. Výkon v bezdrôtovej sieti môžete vylepšiť presunutím alebo zmenou polohy iPhonu a pripojeného príslušenstva.2 13 · UPOZORNENIE:  Aby ste predišli zraneniam, prečítajte si časť Dôležité informácie týkajúce sa bezpečnosti na strane 153 predtým, ako začnete používať iPhone. Čo budete potrebovať Na používanie iPhonu potrebujete: • Volací program u mobilného operátora poskytujúceho služby pre iPhone vo vašej oblasti • Pripojenie na internet pre svoj počítač (odporúča sa širokopásmové pripojenie) • Používanie niektorých funkcií, vrátane iCloudu, obchodov App Store a iTunes Store a online nakupovania, vyžaduje Apple ID. Apple ID si môžete vytvoriť počas nastavovania. Na používanie iPhonu so svojim počítačom potrebujete: • Mac s USB 2.0 alebo 3.0 portom alebo PC s USB 2.0 portom a jedným z nasledujúcich operačných systémov: • Mac OS X verzie 10.6.8 alebo novšej • Windows 7, Windows Vista alebo Windows XP Home alebo Professional s balíkom Service Pack 3 alebo novším • Aplikáciu iTunes verzie 10.7 alebo novšej (vyžadujú ju niektoré funkcie) dostupnú na www.apple.com/sk/itunes/download/ Inštalácia SIM karty Ak bola k iPhonu dodaná SIM karta, nainštalujte ju pred spustením nastavovania. Dôležité:  Na používanie mobilných služieb pri pripájaní ku GSM sieťam a niektorým CDMA sieťam sa vyžaduje SIM karta. iPhone 4S alebo novší model, ktorý bol aktivovaný prostredníctvom bezdrôtovej CDMA siete môže využívať SIM kartu na pripájanie ku GSM sieťam (pri medzinárodnom roamingu). Váš iPhone podlieha pravidlám vášho poskytovateľa bezdrôtových služieb. Tieto môžu zahŕňať obmedzenia týkajúce sa zmeny poskytovateľa služby a roamingu a to aj po skončení minimálnej vyžadovanej zmluvy o službách. Viac informácií získate u vášho poskytovateľa bezdrôtových služieb. Dostupnosť mobilných funkcií závisí od bezdrôtovej siete. ZačínameKapitola 2 Začíname 14 Inštalácia SIM karty do iPhonu 5 Nano SIM karta Nano SIM karta Nano SIM dvierka Nano SIM dvierka Spinka na papier alebo nástroj na vysúvanie SIM karty Spinka na papier alebo nástroj na vysúvanie SIM karty Inštalácia SIM karty:  Zasuňte koniec malej spinky na papier alebo nástroja na vysúvanie SIM karty do otvoru na SIM dvierkach. Vytiahnite dvierka SIM karty a vložte SIM kartu tak, ako je to znázornené na obrázku. SIM dvierka spolu so SIM kartou opatrne zasuňte na pôvodné miesto. Nastavenie a aktivácia iPhonu Ak chcete aktivovať iPhone, zapnite ho a nasledujte inštrukcie sprievodcu nastavením. Sprievodca nastavením vás prevedie procesom nastavenia, vrátane pripojenia k Wi-Fi sieti, prihlásenia použitím bezplatného Apple ID alebo vytvorenia Apple ID, nastavenia iCloudu, zapnutia odporúčaných funkcií, ako sú lokalizačné služby alebo Nájsť môj iPhone a aktivácie iPhonu u vášho operátora. Počas nastavovania môžete tiež obnoviť zariadenie z iCloud zálohy alebo zálohy v iTunes. Aktiváciu je možné vykonať prostredníctvom Wi-Fi siete, prípadne na iPhone 4S alebo novšom aj cez mobilnú sieť operátora (táto možnosť nie je dostupná vo všetkých oblastiach). Ak nie je dostupná ani jedna z týchto možností, musíte kvôli aktivácii pripojiť iPhone k počítaču a spustiť iTunes. Pripájanie iPhonu k počítaču Pre dokončením aktivácie môže byť potrebné pripojenie iPhonu k počítaču. Pripojenie iPhonu k počítaču vám tiež umožňuje synchronizovať informácie, hudbu a ďalší obsah s iTunes. Viac v časti Synchronizácia s iTunes na strane 17. Pripojenie iPhonu k počítaču:  Použite kábel Lightning na USB (iPhone 5) alebo Dock connector - USB (staršie modely iPhonov), ktorý bol dodaný s iPhonom.Kapitola 2 Začíname 15 Pripájanie na internet iPhone sa pripája na internet prostredníctvom Wi-Fi pripojenia (ak je dostupné) alebo mobilnej siete vášho operátora vždy, keď je to potrebné. Informácie o pripájaní k Wi-Fi sieti nájdete v časti Wi-Fi na strane 136. Poznámka:  Ak Wi-Fi pripojenie na internet nie je dostupné, niektoré aplikácie a služby na iPhone môžu prenášať dáta prostredníctvom siete vášho operátora. Tieto prenosy dát môžu byť dodatočne spoplatnené. Informácie o poplatkoch za prenos dát v mobilnej sieti nad rámec programu získate u svojho operátora. Informácie o spravovaní používania mobilných dát nájdete v časti Mobilné na strane 141. Nastavenie emailových a ďalších účtov iPhone spolupracuje s iCloudom, Microsoft Exchange a ďalšími populárnymi službami, ktoré na internete poskytujú email, kontakty a kalendáre. Ak zatiaľ nemáte emailový účet, môžete si vytvoriť bezplatný iCloud účet pri prvom nastavení zariadenia iPhone, prípadne tak môžete spraviť neskôr v Nastavenia > iCloud. Viac v časti iCloud na strane 16. Nastavenie iCloud účtu:  Prejdite do Nastavenia > iCloud. Nastavenie iného účtu:  Prejdite do Nastavenia > Mail, kontakty, kalendáre. Kontakty môžete pridávať aj pomocou LDAP alebo CardDAV účtu v prípade, že túto službu podporuje vaša firma alebo organizácia. Viac v časti Pridávanie kontaktov na strane 105. Môžete si pridávať kalendáre pomocou kalendárového účtu CalDAV a odoberať kalendáre iCalendar (.ics), prípadne ich importovať z aplikácie Mail. Viac v časti Práca s viacerými kalendármi na strane 72. Apple ID Apple ID je užívateľské meno bezplatného účtu, ktorý vám poskytuje prístup k službám Apple ako napríklad iTunes Store, App Store a iCloud Na všetky operácie s produktami Apple vám stačí jediné Apple ID. Služby a produkty, ktoré používate, kupujete alebo prenajímate, môžu byť spoplatnené. Ak máte Apple ID, použite ho pri prvom nastavovaní iPhonu a kedykoľvek, keď sa potrebujete prihlásiť na používanie služieb Apple. Ak ešte nemáte Apple ID, môžete si ho vytvoriť počas výzvy na prihlásenie. Ďalšie informácie nájdete na adrese support.apple.com/kb/he37. Spravovanie obsahu na vašich iOS zariadeniach Informácie a súbory môžete medzi vašimi iOS zariadeniami a počítačmi prenášať pomocou iCloudu alebo iTunes. • iCloud uchováva obsah, ako je napríklad hudba, fotky, kalendáre, kontakty, dokumenty a ďalšie dáta a bezdrôtovo ich prenáša na vaše ostatné iOS zariadenia a počítače, takže sú všade automaticky aktualizované. Viac v časti iCloud nižšie.Kapitola 2 Začíname 16 • iTunes synchronizuje hudbu, videá, fotky a ďalšie položky medzi vašim počítačom a zariadením iPhone. Zmeny vykonané na jednom zariadení sú do ostatných zariadení prekopírované pri synchronizácii. iTunes môžete použiť aj na kopírovanie súborov do zariadenia iPhone pre použitie vo vybranej aplikácii, prípadne na kopírovanie dokumentov vytvorených na iPhone do svojho počítača. Viac v časti Synchronizácia s iTunes na strane 17. V závislosti od vašich potrieb môžete používať iCloud alebo iTunes, prípadne obe možnosti. Môžete napríklad použiť iCloud Fotostream na automatické prenášanie fotiek spravených pomocou zariadenia iPhone na všetky svoje ostatné zariadenia a iTunes na synchronizáciu albumov fotografií zo svojho počítača do zariadenia iPhone. Dôležité:  Nemali by ste zároveň synchronizovať položky v paneli Info v iTunes (ako sú kontakty, kalendáre a poznámky) a používať iCloud na aktualizáciu týchto informácií na vašich zariadeniach. V opačnom prípade môže dôjsť k duplicitným dátam. iCloud iCloud uchováva váš obsah, ako je napríklad hudba, fotky, kontakty, kalendáre a podporované dokumenty. Obsah uložený v iCloude sa bezdrôtovo prenáša do ostatných iOS zariadení a počítačov, ktoré sú nastavené pomocou rovnakého iCloud účtu. iCloud je dostupný na zariadeniach so systémom iOS 5 alebo novším, na počítačoch Mac so systémom OS X Lion v10.7.2 alebo novším a na počítačoch PC s doplnkom Ovládací panel iCloudu pre Windows (vyžaduje systém Windows Vista Service Pack 2 alebo Windows 7). Funkcie iCloudu zahŕňajú: • iTunes v cloude — kedykoľvek si do svojho zariadenia iPhone bezplatne stiahnite hudbu a televízne seriály, ktoré ste predtým kúpili v iTunes. • Aplikácie a knihy — kedykoľvek si do svojho zariadenia iPhone bezplatne stiahnite svoje nákupy v obchodoch App Store a iBookstore. • Fotostream — nové spravené fotky sa zobrazia na všetkých zariadeniach. Môžete vytvoriť aj fotostreamy, ktoré budete zdieľať s ostatnými. Viac v časti Fotostream na strane 75. • Dokumenty v cloude — dokumenty a dáta z aplikácií, ktoré podporujú iCloud, môžete uchovávať aktuálne na všetkých svojich zariadeniach. • Mail, Kontakty, Kalendáre — uchovávajte svoje mailové kontakty, kalendáre, poznámky a pripomienky aktuálne na všetkých svojich zariadeniach. • Zálohovanie — automaticky zálohujte svoj iPhone na iCloud vždy, keď je pripojený k napájaniu a k Wi-Fi sieti. Viac v časti Zálohovanie iPhonu na strane 157. • Nájsť môj iPhone — nájdite svoj iPhone na mape, zobrazte na ňom správu, prehrajte zvuk, zamknite obrazovku, prípadne vymažte dáta na diaľku. Viac v časti Nájsť môj iPhone na strane 37. • Nájsť priateľov — zdieľajte svoju polohu s ľuďmi, ktorí sú pre vás dôležití. Stiahnite si bezplatnú aplikáciu z App Store. • iTunes Match – pri odoberaní služby iTunes Match sa všetky hudobné súbory, vrátane hudby, ktorú ste importovali z CD diskov alebo zakúpili mimo iTunes, zobrazia na všetkých vašich zariadeniach a budete si ich môcť stiahnuť a na požiadanie prehrať. Viac v časti iTunes Match na strane 65. • iCloud taby — prezerajte si webové stránky, ktoré ste si otvorili na ostatných iOS zariadeniach a počítačoch so systémom OS X. Viac v časti kapitola 7, Safari, na strane 58.Kapitola 2 Začíname 17 S iCloudom získate bezplatný emailový účet a 5 GB úložiska pre vaše emaily, dokumenty a zálohy. Zakúpená hudba, aplikácie, TV seriály a knihy a ani fotostreamy nezaberajú v úložisku žiadne miesto. Prihlásenie do iCloud účtu, vytvorenie iCloud účtu a nastavenie možností iCloudu:  Prejdite do Nastavenia > iCloud. Zakúpenie dodatočného úložiska na iCloude:  Prejdite do Nastavenia > iCloud > Úložisko a záloha a potom klepnite na Spravovať úložisko. Informácie týkajúce sa zakúpenia úložiska na iCloude nájdete na adrese help.apple.com/icloud. Zobrazovanie a sťahovanie predchádzajúcich nákupov: • Nákupy v obchode iTunes Store: Prejdite do iTunes, klepnite na „More“ (Viac) a potom klepnite na „Purchased“ (Zakúpené). • Nákupy v obchode App Store: Prejdite do App Store, klepnite na „Updates“ (Aktualizácie) a potom klepnite na „Purchased“ (Zakúpené). • Nákupy v obchode iBookstore: Prejdite do iBooks, klepnite na Store a potom klepnite na „Purchased“ (Zakúpené). Zapnutie funkcie Automatické sťahovania pre hudbu, aplikácie alebo knihy:  Prejdite do Nastavenia > iTunes a App Store. Viac informácií o iCloude nájdete v časti www.apple.com/sk/icloud. Informácie týkajúce sa podpory nájdete na adrese www.apple.com/emea/support/icloud/. Synchronizácia s iTunes Pri synchronizácii s iTunes dochádza ku kopírovaniu informácií z vášho počítača do zariadenia iPhone a naopak. Synchronizovať môžete priamym pripojením zariadenia iPhone k svojmu počítaču, prípadne môžete nastaviť iTunes na bezdrôtovú synchronizáciu prostredníctvom Wi-Fi. iTunes môžete nastaviť na synchronizáciu hudby, fotiek, videí, podcastov, aplikácií a ďalšieho obsahu. Pre informácie týkajúce sa synchronizácie zariadenia iPhone s počítačom otvorte iTunes a v menu Pomocník vyberte Pomocník pre iTunes. Nastavenie bezdrôtovej synchronizácie s iTunes:  Pripojte iPhone k svojmu počítaču. V iTunes na počítači vyberte svoj iPhone (v časti Zariadenia), kliknite na Zhrnutie a potom zapnite možnosť Synch. cez Wi-Fi pripojenie. Keď je zapnutá synchronizácia cez Wi-Fi, bude synchronizácia zariadenia iPhone prebiehať každý deň. iPhone musí byť pripojený k zdroju napájania, iPhone a váš počítač musia byť pripojené k rovnakej bezdrôtovej sieti a na vašom počítači musí byť otvorená aplikácia iTunes. Viac informácií nájdete v časti Wi-Fi synch. s iTunes na strane 142. Tipy pre synchronizáciu s iTunes • Ak používate iCloud na synchronizáciu svojich kontaktov, kalendárov, záložiek a poznámok, nesynchronizujte ich súčasne na svoje zariadenie aj pomocou iTunes. • Položky zakúpené cez iPhone v obchode iTunes Store alebo App Store sú spätne synchronizované do vašej knižnice iTunes. Obsah a aplikácie si môžete zakúpiť alebo stiahnuť aj v iTunes Store na svojom počítači a potom ich synchronizovať do svojho zariadenia iPhone. • V paneli Zhrnutie svojho zariadenia v iTunes môžete nastaviť automatickú synchronizáciu zariadenia po pripojení k počítaču. Toto nastavenie môžete v prípade potreby jednorázovo zakázať. Po pripojení zariadenia k počítaču podržte stlačené klávesy Command a Option (na Macu) alebo Shift a Control (na PC), až kým sa iPhone nezobrazí v postrannom paneli.Kapitola 2 Začíname 18 • Ak chcete, aby aplikácia iTunes automaticky šifrovala zálohované dáta pri vytváraní záloh v počítači , vyberte v paneli Zhrnutie vášho zariadenia možnosť Zašifrovať zálohu iPhonu. Šifrované zálohy sú označené ikonou zámku a pri obnove z týchto záloh je potrebné zadať osobitné heslo. Ak sa rozhodnete nepoužívať šifrovanie záloh, nebudú ďalšie heslá (napríklad heslá emailových účtov) zahrnuté v zálohe a po obnovení zariadenia zo zálohy ich budete musieť znovu zadať. • Pri synchronizácii emailových účtov v paneli Informácie zariadenia dôjde k preneseniu nastavení len z vášho počítača do zariadenia iPhone. Zmeny, ktoré vykonáte v emailovom účte na iPhone nemôžu ovplyvniť tento účet vo vašom počítači. • V paneli Informácie môžete po kliknutí na Rozšírené vybrať možnosti, ktoré vám umožňujú pri nasledujúcej synchronizácii nahradiť informácie na zariadení iPhone informáciami z počítača. • Miesto, kde ste prerušili prehrávanie podcastu alebo audioknihy je súčasťou synchronizácie s obsahom iTunes. Ak ste začali prehrávať médiá na iPhone, môžete po synchronizácii pokračovať v prehrávaní od miesta prerušenia v iTunes na svojom počítači a naopak. • V paneli Fotky môžete synchronizovať fotky a videá z priečinka na svojom počítači. Prezeranie príručky užívateľa na iPhone iPhone príručku užívateľa si môžete prezerať na iPhone v prehliadači Safari a v bezplatnej aplikácii iBooks. Zobrazenie príručky užívateľa v aplikácii Safari:  Klepnite na a potom klepnite na záložku iPhone Príručka užívateľa. • Pridanie ikony pre príručku na plochu:  Klepnite na a potom klepnite na Pridať na plochu. • Zobrazenie príručky v inom jazyku:  Na stránke s obsahom klepnite na Zmeniť jazyk. Zobrazenie príručky užívateľa v aplikácii iBooks:  Ak nemáte nainštalovanú aplikáciu iBooks, otvore App Store, vyhľadajte „iBooks“ a nainštalujte si ju. Otvorte aplikáciu iBooks a klepnite na Obchod. Vyhľadajte výraz „iPhone príručka“ a potom vo výsledkoch vyberte príručku a stiahnite ju. Viac informácií o iBooks nájdete v časti kapitola 30, iBooks, na strane 113.3 19 Používanie aplikácií Interakciu s iPhonom môžete realizovať dotykmi prstov na dotykovej obrazovke: klepnutím, dvojitým klepnutím, potiahnutím alebo zovretím/rozovretím. Otváranie a prepínanie medzi aplikáciami Ak sa chcete vrátiť na plochu, stlačte tlačidlo Domov . Otvorenie aplikácie:  Klepnite na ikonu aplikácie. Pre návrat na plochu stlačte znovu tlačidlo Domov . Zobrazenie ďalšej plochy:  Potiahnite obrazovku doľava alebo doprava. Potiahnutím prsta doľava alebo doprava prejdite na susednú plochu. Potiahnutím prsta doľava alebo doprava prejdite na susednú plochu. Prechod na prvú plochu:  Stlačte tlačidlo Domov . Zobrazenie nedávno používaných aplikácií:  Dvojitým stlačením tlačidla Domov sa zobrazte panel multitaskingu. ZákladyKapitola 3 Základy 20 Ak chcete aplikáciu znovu použiť, klepnite na ňu. Ak chcete zobraziť viac aplikácií, potiahnite panel multitaskingu doľava. Naposledy používané aplikácie Naposledy používané aplikácie Ak máte veľké množstvo aplikácií, na ich vyhľadávanie a otváranie môžete použiť Spotlight. Viac v časti Vyhľadávanie na strane 29. Rolovanie Pre rolovanie potiahnite prst po displeji nahor alebo nadol. V niektorých aplikáciách, napríklad pri prezeraní webových stránok, je možné rolovať obraz aj do strán. Počas rolovania obrazu prstom nie je možné vybrať, ani aktivovať žiadny prvok na obrazovke. Čím rýchlejšie pohybujete prstom po obrazovke, tým je rolovanie rýchlejšie. Môžete buď počkať, kým sa pohyb obrazovky zastaví, alebo okamžite zastaviť rolovanie klepnutím prsta na ľubovoľné miesto na obrazovke. Ak sa chcete rýchlo prejsť na vrch strany, klepnite na stavový riadok vo vrchnej časti obrazovky.Kapitola 3 Základy 21 Zoznamy V závislosti od typu zoznamu sa výberom položky môžu vykonať rôzne akcie, napríklad otvorenie nového zoznamu, prehratie skladby, otvorenie emailu, prípadne zobrazenie kontaktných údajov osoby, ktorej chcete zavolať. Výber položky v zozname:  Klepnite na ikonu aplikácie. Niektoré zoznamy obsahujú kvôli rýchlejšiemu prechádzaniu register. Návrat do predošlého zoznamu:  Klepnite na tlačidlo späť v ľahom hornom rohu. Zväčšovanie a zmenšovanie V závislosti od aplikácie budete môcť obraz na obrazovke priblížením zväčšiť alebo oddialením zmenšiť. Napríklad pri prezeraní fotografií, webových stránok, emailových správ alebo máp môžete potiahnutím dvoch prstov k sebe (zovretie) obraz priblížiť a odtiahnutím od seba (rozovretie) oddialiť. Fotografie a webové stránky môžete približovať aj dvojitým klepnutím (rýchle klepnutie dvakrát na obrazovku) a odďaľovať opätovným dvojitým klepnutím. V mapách klepnite dvakrát pre zväčšenie a pre zmenšenie klepnite jedenkrát dvoma prstami. Zväčšovanie je tiež špecifická funkcia prístupnosti, ktorá vám umožňuje zväčšiť obrazovku ľubovoľnej aplikácie a uľahčiť tak jej používanie. Viac v časti Zväčšovanie na strane 130. Orientácia na výšku alebo na šírku Množstvo aplikácii na iPhone je možné zobraziť na šírku alebo na výšku. Otočte iPhone a zároveň sa otočí aj obrazovka a prispôsobí sa novej orientácii.Kapitola 3 Základy 22 Zamknutie orientácie obrazovky na výšku:  Stlačte tlačidlo Domov dvakrát, potiahnite panel multitaskingu smerom zľava doprava a potom klepnite na . Keď je orientácia obrazovky zamknutá, zobrazí sa v stavovej lište ikona zámku orientácie . Nastavenie jasu Jas obrazovky môžete nastaviť manuálne, prípadne môžete zapnúť funkciu Automatický jas, ktorá na základe údajov zo svetelného senzora automaticky upraví jas obrazovky. Nastavenie jasu obrazovky:  Prejdite do Nastavenia > Jas a pozadie a potiahnite posuvník. Vypnutie alebo zapnutie funkcie Automatický jas:  Prejdite do Nastavenia > Jas a pozadie. Viac v časti Jas a pozadie na strane 146. Prispôsobenie iPhonu Môžete si prispôsobiť rozloženie aplikácií na ploche, zoskupovať ich v priečinkoch a meniť pozadie. Usporiadanie aplikácií Prispôsobte si plochu usporiadaním aplikácií, ich presunom do Docku v spodnej časti obrazovky alebo vytvorením ďalších plôch. Preusporiadanie aplikácií:  Dotknite sa a podržte ľubovoľnú aplikáciu na ploche až kým sa nezačne chvieť a potom ju presuňte potiahnutím. Stlačte tlačidlo Domov , čím potvrdíte nové rozmiestnenie ikon aplikácií. Vytvorenie novej plochy:  Počas upravovania rozloženia aplikácií potiahnite aplikáciu na pravý okraj plochy, až kým sa nezobrazí nová plocha. Môžete vytvoriť až 11 plôch. Bodky nad Dockom zobrazujú počet používaných plôch a ktorá z nich je práve zobrazená. Prepínať medzi plochami môžete potiahnutím prsta po obrazovke doľava alebo doprava. Ak sa chcete vrátiť na prvú plochu, stlačte tlačidlo Domov . Presun aplikácie na ďalšiu plochu:  Počas chvenia aplikácie ju potiahnite na okraj obrazovky. Prispôsobenie plochy pomocou aplikácie iTunes:  Pripojte iPhone k počítaču. V iTunes na svojom počítači vyberte iPhone a kliknutím na tlačidlo Aplikácie zobrazte obrázok s plochou iPhonu.Kapitola 3 Základy 23 Obnovenie pôvodného rozmiestnenia aplikácií na ploche:  Prejdite do Nastavenia > Všeobecné a klepnite na Resetovať rozloženie plochy. Resetovaním rozloženia plochy odstránite všetky vytvorené priečinky a zároveň sa vrátite k predvolenému pozadiu na ploche. Usporadúvanie pomocou priečinkov Aplikácie na ploche môžete usporiadať pomocou priečinkov. Priečinky môžete usporiadať rovnako ako aplikácie ťahaním na plochách alebo potiahnutím do Docku. Vytvorenie priečinka:  Dotknite sa aplikácie a podržte na nej prst, až kým sa ikony na ploche nezačnú chvieť. Potom potiahnite aplikáciu na inú aplikáciu. iPhone vytvorí nový priečinok obsahujúci tieto dve aplikácie a pomenuje ho podľa ich typu. Ak chcete zadať odlišný názov, klepnite na pole pre názov. Otvorenie priečinka:  Klepnite na priečinok. Ak chcete zatvoriť priečinok, klepnite mimo neho alebo stlačte tlačidlo Domov . Usporadúvanie pomocou priečinkov:  Počas usporadúvania aplikácií (ikony sa chvejú): • Pridanie aplikácie do priečinka: Potiahnite aplikáciu na priečinok. • Odstránenie aplikácie z priečinka: V prípade potreby priečinok otvorte a aplikáciu z neho potiahnutím von. • Vymazanie priečinka: Potiahnite všetky aplikácie von z priečinka. Priečinok bude automaticky vymazaný. • Premenovanie priečinka: Priečinok otvorte klepnutím, klepnite na jeho názov a zadajte nový názov. Po dokončení úprav stlačte tlačidlo Domov . Zmena pozadia Zamknutú plochu a plochu iPhonu si môžete pomocou vlastného obrázka, ktorý bude použitý ako pozadie. Vyberte si jeden z poskytnutých obrázkov, prípadne fotografiu z albumu Fotoaparát či iného albumu na iPhone. Zmena pozadia:  Prejdite do Nastavenia > Jas a pozadie.Kapitola 3 Základy 24 Písanie Dotyková klávesnica na obrazovke vám umožňuje zadávať text. Zadávanie textu Pomocou klávesnice na obrazovke môžete zadávať text, ako napríklad informácie o kontaktoch, emailové správy a adresy webových stránok. V závislosti od používanej aplikácie a jazyka môže klávesnica opravovať pravopisné chyby, ponúkať slová, ktoré chcete napísať a dokonca sa aj naučiť spôsobu, akým ju používate. Na písanie môžete tiež použiť bezdrôtovú Apple klávesnicu. Viac v časti Bezdrôtová Apple klávesnica na strane 27. Ak chcete namiesto písania používať diktovanie, prejdite na tému Diktovanie na strane 27. Zadávanie textu:  Klepnutím na textové pole zobrazte klávesnicu a potom klepte na klávesy klávesnice. Počas písania sa bude každý zadávaný znak zobrazovať nad vaším prstom alebo palcom. Ak sa dotknete neželaného klávesu, bez zdvihnutia presuňte prst na požadovaný znak. Vybraný znak nebude zadaný, kým nezdvihnete prst z klávesu. • Písanie veľkých písmen: Pred klepnutím na písmeno klepnite na kláves Shift . Prípadne sa dotknite klávesu Shift a s prstom stále priloženým na displeji prejdite na požadované písmeno. • Rýchle vloženie bodky a medzery: Dvakrát rýchlo klepnite na medzerník. • Zapnutie caps lock: Klepnite dvakrát na kláves Shift . Ak chcete vypnúť caps lock, klepnite na kláves Shift. • Zadávanie číslic, interpunkcie alebo symbolov: Stlačte kláves pre číslice . Ak chcete zobraziť doplnkovú interpunkciu a symboly, klepnite na kláves Symbol . • Zadávanie písmen s diakritikou alebo iných alternatívnych znakov: Dotknite sa klávesu, podržte na ňom prst a posunutím vyberte jednu z možností. Pre zadanie alternatívneho znaku podržte kláves a posunutím prsta vyberte niektorú z možností. Pre zadanie alternatívneho znaku podržte kláves a posunutím prsta vyberte niektorú z možností. Nastavenie možností písania:  Prejdite do Nastavenia > Všeobecné > Klávesnica.Kapitola 3 Základy 25 Upravovanie textu Ak potrebujete upraviť text, pomocou lupy na obrazovke si môžete umiestniť kurzor na požadované miesto. Text môžete označiť a následne ho vystrihovať, kopírovať a vkladať. V niektorých aplikáciách môžete tiež vystrihovať, kopírovať a vkladať fotografie a videá. Zmena polohy kurzora:  Podržte prst na mieste a zobrazí sa vám lupa, pomocou ktorej nasmerujte kurzor na požadované miesto. Označenie textu:  Klepnite na kurzor pre zobrazenie tlačidiel označovania. Klepnutím na Označiť označte susediace slovo alebo klepnutím na Označiť všetko označte celý text. Slovo môžete takisto označiť tak, že naň dvakrát klepnete. Potiahnite krajné body pre označenie väčšej alebo menšej časti textu. V dokumentoch určených len na čítanie ako sú webové stránky, slovo označte klepnutím a podržaním. Vystrihnutie alebo kopírovanie textu:  Označte text a potom klepnite na Vystrihnúť alebo Kopírovať. Vkladanie textu:  Klepnite na miesto, kde chcete vložiť text a následne vložte posledný vystrihnutý alebo skopírovaný text klepnutím na Vložiť. Ak chcete text nahradiť, pred klepnutím na Vložiť ho označte. Odvolanie poslednej úpravy:  Potraste iPhonom a následne klepnite na Odvolať. Zmena formátovania textu na tučné, kurzíva alebo podčiarknuté:  Označte text, klepnite na a následne na B/I/U (nie vždy je dostupná). Vyhľadanie významu slova:  Označte slovo a klepnite na Definovať (nie vždy je dostupná). Získanie alternatívnych slov:  Označte slovo a klepnite na možnosť Navrhnúť (nie vždy je dostupná).Kapitola 3 Základy 26 Automatické opravy a kontrola pravopisu iPhone využíva v mnohých jazykoch funkciu aktívneho slovníka, vďaka čomu počas písania opravuje preklepy alebo navrhuje písané slová. Ak iPhone navrhne slovo, môžete ho prijať bez prerušenia písania. Zoznam podporovaných jazykov nájdete na www.apple.com/iphone/specs.html. Navrhované slovo Navrhované slovo Prijatie navrhovaného slova:  Klepnite na medzerník, interpunkčné znamienko alebo na znak enter. Odmietnutie navrhovaného slova:  Klepnite na ikonu „x“ vedľa navrhnutého slova. Ak pri písaní jedného slova ho odmietnete viackrát, iPhone bude v budúcnosti prijímať slovo, ktoré ste napísali namiesto neho. iPhone môže tiež podčiarknuť zadané slová, ktoré považuje za preklepy. Nahradenie slova s preklepom:  Klepnite na podčiarknuté slovo a následne klepnite na správnu verziu. Ak sa nezobrazí požadované slovo, jednoducho ho prepíšte. Vypínanie alebo zapínanie automatických opráv:  Prejdite do Nastavenia > Všeobecné > Klávesnica. Skratky a váš osobný slovník Skratky vám umožňujú napísať dlhé slovo alebo frázu zadaním iba niekoľkých znakov. Po zadaní skratky sa vám zobrazí celý text. Napríklad skratka „snc“ sa po zadaní rozšíri na „Som na ceste!“. Vytvorenie skratky:  Prejdite do Nastavenia > Všeobecné > Klávesnica a potom klepnite na Pridať novú skratku. Vypnutie opravovania slov alebo fráz:  Vytvorte skratku, no pole Skratka ponechajte prázdne. Upravenie skratky:  Prejdite do Nastavenia > Všeobecné > Klávesnica a potom klepnite na skratku. Ak chcete, aby bol váš osobný slovník aktuálny na vašich ostatných iOS zariadeniach:  Prejdite do Nastavenia > iCloud a zapnite možnosť Dokumenty a dáta. Rozloženia klávesnice Aplikáciu Nastavenia môžete použiť na nastavenie rozložení klávesnice na obrazovke alebo bezdrôtovej Apple klávesnice používanej s iPhonom. Dostupné rozloženia závisia od jazyka klávesnice. Viac v časti Bezdrôtová Apple klávesnica nižšie, ako aj v časti Príloha B, Medzinárodné klávesnice, na strane 150. Výber rozložení klávesnice:  Prejdite do Nastavenia > Všeobecné > Medzinárodné > Klávesnice a následne si vyberte žiadané rozloženia.Kapitola 3 Základy 27 Bezdrôtová Apple klávesnica Bezdrôtovú Apple klávesnicu (dostupná osobitne) môžete používať na zadávanie textu na iPhone. Bezdrôtová Apple klávesnica sa pripája k iPhonu prostredníctvom Bluetooth, takže ju najprv musíte spárovať s iPhonom. Viac v časti Párovanie zariadení Bluetooth na strane 35. Po spárovaní sa klávesnica pripojí vždy, keď bude spárovaný iPhone v jej dosahu (do vzdialenosti približne 10 metrov). Keď je bezdrôtová klávesnica pripojená, po klepnutí na textové pole sa nezobrazí softvérová klávesnica na obrazovke. Ak klávesnicu nepoužívate, vypnite ju. Ušetríte tak jej batériu. Prepínanie jazyka počas používania bezdrôtovej klávesnice:  Stlačením klávesov Commandmedzerník zobrazíte zoznam dostupných jazykov. Opätovným stlačením medzerníka, kým je stlačený kláves Command, vyberiete iný jazyk. Vypnutie bezdrôtovej klávesnice:  Podržte tlačidlo napájania na klávesnici, až kým na nej nezhasne zelená kontrolka. iPhone sa odpojí od klávesnice po jej vypnutí alebo keď je mimo jej dosahu. Zrušenie spárovania s bezdrôtovou klávesnicou:  Prejdite do Nastavenia > Všeobecné > Bluetooth, klepnite na vedľa názvu klávesnice a potom klepnite na Odstrániť toto zariadenie. Diktovanie Na iPhone 4S alebo novšom môžete text namiesto písania diktovať. Ak chcete diktovať text, musí byť zapnutá funkcia Siri a iPhone musí byť pripojený na internet. Do textu môžete pridávať interpunkciu a takisto zadávať príkazy na formátovanie. Poznámka:  Prenos dát v mobilnej sieti môže byť spoplatnený. Zapnutie diktovania:  Prejdite do Nastavenia > Všeobecné > Siri a zapnite Siri. Diktovanie textu:  Na dotykovej klávesnici klepnite na a môžete začať hovoriť. Po skončení klepnite na Hotovo. Klepnite, ak chcete začať diktovať. Klepnite, ak chcete začať diktovať. Tieto sa zobrazia počas diktovania textu pomocou funkcie Siri. Tieto sa zobrazia počas diktovania textu pomocou funkcie Siri. Ak chcete pridať text, klepnite ešte raz na a pokračujte v diktovaní. Ak chcete vložiť text, klepnutím najprv vyberte miesto na jeho vloženie. Pomocou diktovania môžete označený text takisto nahradiť. Namiesto klepnutia na na klávesnici si môžete iPhone priložiť k uchu a začať diktovať. Diktovanie ukončíte tak, že iPhone presuniete naspäť pred seba. Pridanie interpunkcie alebo formátovania do textu:  Vyslovte interpunkčný alebo formátovací príkaz. Kapitola 3 Základy 28 Napríklad, „Drahá Mária čiarka šek je v poštovej zásielke výkričník“ sa zobrazí ako „Drahá Mária, šek je v poštovej zásielke!“ Medzi interpunkčné a formátovacie príkazy patria nasledovné: • úvodzovka... uzatváracia úvodzovka • nový odsek • veľké písmená – nasledujúce slovo začína veľkým písmenom • zap. veľké písmená... vyp. veľké písmená – prvé písmeno každého slova veľkým písmenom • všetko veľkým písmenom – celé nasledujúce slovo veľkým písmenom • všetko veľkým písmenom zap.... všetko veľkým písmenom vyp. – označené slová celé veľkým písmenom • žiadne veľké písmená zap.... žiadne veľké písmená vyp. – označené slová celé malým písmenom • bez medzery zap.... bez medzery vyp. – zadanie série slov spolu • smajlík – zadanie symbolu :-) • smutko – zadanie symbolu :-( • žmurko – zadanie symbolu ;-) Ovládanie hlasom Ovládanie hlasom vám umožňuje uskutočňovať telefónne hovory a ovládať prehrávanie hudby pomocou hlasových príkazov. Na iPhone 4S alebo novšom môžete na ovládanie iPhonu hlasom používať aj Siri. Viac v časti kapitola 4, Siri, na strane 39. Poznámka:  Keď je funkcia Siri zapnutá, Ovládanie hlasom a nastavenia Ovládanie hlasom nie sú dostupné. Používanie Ovládania hlasom:  Stlačte a podržte tlačidlo Domov , až kým sa nezobrazí obrazovka ovládania hlasom a nezaznie pípnutie. Môžete tiež stlačiť a podržať stredné tlačidlo na svojej náhlavnej sade. Viac v časti Apple náhlavná sada na strane 34. Pre správne fungovanie Ovládania hlasom: • Hovorte prirodzene a zrozumiteľne. • Vyslovujte len príkazy pre iPhone, mená alebo čísla. Príkazy vyslovujte s krátkymi pauzami. • Používajte celé mená.Kapitola 3 Základy 29 Ovládanie hlasom automaticky očakáva príkazy v jazyku, aký je nastavený pre iPhone (v Nastavenia > Všeobecné > Medzinárodné > Jazyk). Nastavenia Ovládania hlasom vám umožňujú meniť jazyk hovorených príkazov. Pre niektoré jazyky sú dostupné rôzne formy a nárečia. Zmena krajiny alebo jazyka:  Prejdite do Nastavenia > Všeobecné > Medzinárodné > Ovládanie hlasom a následne klepnite na požadovaný jazyk alebo krajinu. Ovládanie hlasom je pre hudbu vždy zapnuté, no môžete vypnúť Hlasové vytáčanie, keď je iPhone zamknutý. Vypnutie Hlasového vytáčania, keď je iPhone zamknutý:  Prejdite do Nastavenia > Všeobecné > Uzamykanie heslom a vypnite Hlasové vytáčanie (táto možnosť je dostupná len ak je vypnuté Siri v Nastavenia > Všeobecné > Siri). Ak chcete použiť hlasové vytáčanie, musíte najprv odomknúť iPhone. Jednotlivé príkazy nájdete v časti Vykonávanie hovorov na strane 46 a Siri a Ovládanie hlasom na strane 65. Ďalšie informácie o používaní ovládania hlasom, vrátane informácií o používaní ovládania hlasom v rôznych jazykoch, nájdete na adrese support.apple.com/kb/HT3597. Vyhľadávanie Na iPhone môžete prehľadávať množstvo aplikácií, ako aj encyklopédiu Wikipédia a  vyhľadávať na internete. Môžete vyhľadať konkrétnu aplikáciu alebo všetky naraz pomocou Spotlightu. Spotlight zároveň vyhľadáva aj v názvoch aplikácií na iPhone, takže ak ich máte nainštalovaných veľa, Spotlight môžete použiť na ich vyhľadanie a spustenie. Vyhľadanie konkrétnej aplikácie:  Zadajte text do vyhľadávacieho poľa. Prehľadávanie iPhonu pomocou Spotlightu:  Na prvej ploche potiahnite prst doprava alebo na akejkoľvek ploche stlačte tlačidlo Domov . Zadajte text do vyhľadávacieho poľa. Počas písania sa začnú zobrazovať výsledky vyhľadávania. Ak chcete skryť klávesnicu a zobraziť viac výsledkov, klepnite na Hľadať. Klepnite na položku v zozname výsledkov vyhľadávania pre jej otvorenie. Podľa ikon budete vedieť, z ktorých aplikácií pochádzajú výsledky. iPhone môže na základe predchádzajúcich vyhľadávaní zobraziť najpopulárnejší výsledok.Kapitola 3 Základy 30 Spotlight prehľadáva nasledovné: • Kontakty — všetok obsah • Aplikácie — názvy • Hudba — názvy skladieb a albumov, mená interpretov, názvy podcastov, videí a audiokníh • Podcasty — názvy • Videá — názvy • Audioknihy — názvy • Poznámky —text poznámok • Kalendár (udalosti) – názvy udalostí, pozvánky, miesta a poznámky • Mail — polia Od, Pre a Predmet v správach vo všetkých účtoch (text správ nie je prehľadávaný) • Pripomienky — názvy • Správy — mená a text správ Prehľadávanie internetu alebo Wikipédie cez Spotlight:  Prejdite rolovaním na spodok výsledkov vyhľadávania a následne klepnite na Hľadať na webe alebo Hľadať vo Wikipedii. Otvorenie aplikácie pomocou vyhľadávania:  Zadajte celý názov aplikácie alebo jej časť a následne klepnite na danú aplikáciu. Výber položiek, ktoré sa majú prehľadávať a poradie ich prehľadávania:  Prejdite do Nastavenia > Všeobecné > Spotlight vyhľadávanie. Hlásenia Aplikácie na iPhone vás môžu upozorňovať, takže nezmeškáte žiadnu dôležitú udalosť. Upozornenie sa môže dočasne zobraziť ako banner vo vrchnej časti obrazovky, ktorý sa po určitom čase stratí, alebo ako okno v strede obrazovky, ktoré tam ostane, až kým naň nezareagujete. Niektoré aplikácie dokážu navyše zobraziť odznak na svojej ikone na ploche, vďaka ktorému viete, koľko nových položiek je k dispozícii — napríklad počet nových emailov. Ak sa vyskytne nejaký problém — napríklad ak nie je možné odoslať správu — zobrazí sa na odznaku výkričník . Odznak s číslom na priečinku označuje celkový počet upozornení od aplikácií, ktoré sa nachádzajú v priečinku. Upozornenia sa môžu zobrazovať aj na zamknutej obrazovke. Odpovedanie na upozornenie keď je iPhone zamknutý:  Potiahnite prst cez upozornenie zľava doprava. Centrum hlásení je miestom, kde sú zobrazené všetky upozornenia. Ak ste teda nemohli reagovať pri prvom zobrazení upozornenia, môžete sa k nemu neskôr vrátiť v centre hlásení. Upozornia môžu byť: • Zmeškané telefónne hovory a odkazy • Nové emailové správy • Nové textové správy • PripomienkyKapitola 3 Základy 31 • Udalosti kalendára • Priateľské žiadosti (Game Center) Môžete tiež zobraziť lokálne počasie a vlastné informácie o akciách. Ak ste sa prihlásili do svojho Twitter alebo Facebook účtu, môžete na tieto účty odosielať tweety a zverejňovať príspevky priamo z centra hlásení. Zobrazenie centra hlásení:  Potiahnite prst z vrchnej časti obrazovky nadol. Ďalšie hlásenia zobrazíte rolovaním v zozname. • Odpovedanie na upozornenie: Klepnite na aplikáciu. • Odstránenie upozornenia: Klepnite na a potom na Vyčistiť. Spravovanie upozornení pre aplikácie:  Prejdite do Nastavenia > Hlásenia. Viac v časti Funkcia Nerušiť a hlásenia na strane 138. Výber zvukov upozornení, úprava hlasitosti upozornenia a zapínanie alebo vypínanie vibrovania:  Prejdite do Nastavenia > Zvuky. Zdieľanie iPhone ponúka množstvo spôsobov zdieľania informácií s ostatnými. Zdieľanie vrámci aplikácií V mnohých aplikáciách zobrazíte klepnutím na možnosti zdieľania a ďalšie akcie, ako napríklad kopírovanie a vkladanie. Možnosti sa líšia v závislosti od používanej aplikácie.Kapitola 3 Základy 32 Facebook Prihláste sa do svojho Facebook účtu (prípadne si vytvorte nový účet) v Nastaveniach a povolíte zverejňovanie príspevkov priamo z mnohých aplikácií na iPhone. Prihlásenie sa do Facebook účtu alebo jeho vytvorenie:  Prejdite do Nastavenia > Facebook. Pridávanie príspevkov z centra hlásení:  Klepnite na Klepnutím zverejniť. Pridávanie príspevkov pomocou Siri:  Povedzte „Post to Facebook…“. Pridávanie príspevkov z aplikácie:  Vo väčšine aplikácií klepnite na . V aplikácii Mapy klepnite na , klepnite na Zdieľať polohu a potom klepnite na Facebook. Nastavenie možností pre Facebook:  Prejdite do Nastavenia > Facebook a môžete: • Aktualizovať kontakty na iPhone použitím mien a kontaktov z Facebooku • Povoliť aplikáciám App Store, Kalendár, Kontakty alebo iTunes používať váš účet Inštalácia aplikácie Facebook:  Prejdite do Nastavenia > Facebook a klepnite na Inštalovať. Twitter Prihláste sa do svojho Twitter účtu (prípadne si vytvorte nový účet) v nastaveniach a povolíte zverejňovanie Tweetov s prílohami priamo z mnohých aplikácií na iPhone. Prihlásenie sa do Twitter účtu alebo jeho vytvorenie:  Prejdite do Nastavenia > Twitter. Pridávanie Tweetov z centra hlásení:  Klepnite na Klepnutím odoslať Tweet. Pridávanie Tweetov pomocou Siri:  Povedzte „Tweet…“. Pridávanie Tweetov z aplikácie:  Zobrazte položku, klepnite na a potom klepnite na Twitter. Ak ikona nie je zobrazená, klepnite na obrazovku. Ak chcete pripojiť aj vašu polohu, klepnite na Pridať polohu. Odoslanie polohy v aplikácii Mapy ako Tweetu:  Klepnite na značku polohy, klepnite na , klepnite na Zdieľať polohu a potom klepnite na Twitter. Počas zostavovania Tweetu je v pravom dolnom rohu obrazovky aplikácie Twitter zobrazený počet zostávajúcich znakov. Prílohy použijú časť zo 140 znakov Tweetu. Pridanie užívateľským mien a fotiek z Twittera do kontaktov:  Prejdite do Nastavenia > Twitter a potom klepnite na Aktualizovať kontakty. Inštalácia aplikácie Twitter:  Prejdite do Nastavenia > Twitter a potom klepnite na Inštalovať. Viac informácií o používaní aplikácie Twitter získate klepnutím na Ja a potom na Pomocník v aplikácii Twitter. Pripájanie iPhonu k televízoru alebo inému zariadeniu Na streamovanie obsahu do HDTV môžete použiť AirPlay s Apple TV, prípadne môžete pripojiť iPhone k svojmu televízoru pomocou káblov. AirPlay Pomocou funkcie AirPlay môžete bezdrôtovo streamovať hudbu, fotky a videá na Apple TV a ďalších zariadení podporujúcich AirPlay. Ovládanie AirPlay sa automaticky zobrazí v prípade, ak je AirPlay zariadenie dostupné v rovnakej Wi-Fi sieti, ku ktorej je pripojený váš iPhone. Môžete tiež zrkadliť obrazovku svojho iPhonu na TV. Streamovanie obsahu na zariadenie podporujúce AirPlay:  Klepnite na a vyberte zariadenie.Kapitola 3 Základy 33 Prístup k ovládaniu AirPlay a ovládaniu zvuku počas používania aplikácie:  Ak je zapnutá obrazovka, stlačte tlačidlo Domov dvakrát a rolovaním prejdite do ľavej časti panela multitaskingu. Prepnutie prehrávania späť na iPhone:  Klepnite na a vyberte iPhone. Zrkadlenie obrazovky iPhonu na TV:  Klepnite na v ľavej časti panela multitaskingu, vyberte Apple TV a potom klepnite na Zrkadlenie. Ak je zapnuté zrkadlenie AirPlay, zobrazí sa vo vrchnej časti obrazovky iPhonu modrá lišta. Všetko to, čo vidíte na obrazovke iPhonu sa zobrazí aj na TV. Pripájanie iPhonu k TV pomocou káblov Na pripojenie iPhonu k TV, projektoru alebo inému externému displeju môžete použiť Apple káble a adaptéry (dostupné osobitne). Ďalšie informácie nájdete na adrese support.apple.com/kb/HT4108. Tlač pomocou funkcie AirPrint AirPrint vám umožňuje bezdrôtovú tlač na tlačiarňach s funkciou AirPrint z týchto aplikácií systému iOS: • Mail — emailové správy a prílohy, ktoré je možné prezerať pomocou funkcie Náhľad • Fotky a Kamera — fotky • Safari — webové stránky, PDF dokumenty a ďalšie prílohy, ktoré je možné prezerať pomocou funkcie Náhľad • iBooks — PDF dokumenty • Mapy — výsek mapy zobrazený na obrazovke • Poznámky — aktuálne zobrazenú poznámku AirPrint môžu podporovať aj ďalšie aplikácie dostupné na App Store. iPhone a tlačiareň musia byť pripojené k rovnakej Wi-Fi sieti. Ďalšie informácie o funkcii AirPrint nájdete na adrese support.apple.com/kb/HT4356. Tlačenie dokumentu:  Klepnite na alebo (v závislosti od používanej aplikácie) a potom klepnite na Tlačiť. Zobrazenie stavu tlačovej úlohy:  Dvakrát stlačte tlačidlo Domov a potom klepnite na Centrum tlače v paneli multitaskingu. Odznak na ikone zobrazuje, koľko dokumentov čaká na tlač vrátane toho aktuálneho. Zrušenie tlačovej úlohy:  V centre tlače vyberte v prípade potreby úlohu a potom klepnite na Zrušiť tlač.Kapitola 3 Základy 34 Apple náhlavná sada Apple EarPods s ovládačom a mikrofónom (iPhone 5) a Apple slúchadlá s ovládačom a mikrofónom (iPhone 4 a staršie modely) obsahujú mikrofón, tlačidlá hlasitosti a integrované tlačidlo umožňujúce odpovedať na hovory a ovládať prehrávanie audia a videa. Stredné tlačidlo Stredné tlačidlo Pomocou náhlavnej sady môžete po jej pripojení počúvať hudbu a telefonovať. Stlačením stredného tlačidla slúchadiel ovládate prehrávanie hudby a môžete odpovedať na hovory aj v prípade, ak je iPhone zamknutý. Nastavenie hlasitosti:  Stlačte tlačidlo alebo . Prehrávanie hudby môžete ovládať pomocou stredného tlačidla. • Pozastavenie skladby alebo videa: Stlačte stredné tlačidlo. Opätovným stlačením tlačidla obnovíte prehrávanie. • Skok na ďalšiu skladbu: Stlačte stredné tlačidlo dvakrát rýchlo po sebe. • Návrat na predchádzajúcu skladbu: Stlačte stredné tlačidlo trikrát rýchlo po sebe. • Rýchle prevíjanie dopredu: Stlačte stredné tlačidlo dvakrát rýchlo po sebe a podržte ho. • Prevíjanie dozadu: Stlačte stredné tlačidlo trikrát rýchlo po sebe a podržte ho. Použitie stredného tlačidla na prijímanie alebo vykonávanie hovorov: • Prijatie prichádzajúceho hovoru: Stlačte stredné tlačidlo. • Ukončenie prebiehajúceho hovoru: Stlačte stredné tlačidlo. • Zamietnutie prichádzajúceho hovoru: Stlačte a podržte stredné tlačidlo približne na 2 sekundy a potom ho pustite. Dve hlboké pípnutia potvrdia odmietnutie hovoru. • Prepnutie na prichádzajúci alebo podržaný hovor a podržanie prebiehajúceho hovoru: Stlačte stredné tlačidlo. Opätovným stlačením tlačidla prepnete na pôvodný hovor. • Prepnutie na prichádzajúci alebo podržaný hovor a ukončenie prebiehajúceho hovoru: Stlačte a podržte stredné tlačidlo približne na 2 sekundy a potom ho pustite. Dve hlboké pípnutia potvrdia ukončenie prvého hovoru. Spustenie Siri alebo ovládania hlasom:  Stlačte a podržte stredné tlačidlo. Viac v časti kapitola 4, Siri, na strane 39 alebo Ovládanie hlasom na strane 28. Ak práve používate náhlavnú sadu a niekto vám volá, vyzváňací tón bude znieť nielen z reproduktora iPhonu, ale aj v náhlavnej sade.Kapitola 3 Základy 35 Bluetooth zariadenia S iPhonom môžete použiť bezdrôtovú Apple klávesnicu a ďalšie Bluetooth zariadenia ako sú Bluetooth náhlavné sady, sady do auta a stereo slúchadlá. Podporované Bluetooth profily nájdete na adrese support.apple.com/kb/HT3647. Párovanie zariadení Bluetooth UPOZORNENIE:  Dôležité informácie týkajúce sa prevencie pred poškodením sluchu a rušivých vplyvov počas šoférovania nájdete v časti Dôležité informácie týkajúce sa bezpečnosti na strane 153. Bluetooth zariadenie musíte pred použitím spárovať so svojim iPhonom. Párovanie Bluetooth zariadenia s iPhonom:  1 Nastavte zariadenie tak, aby bolo viditeľné. Pozrite si dokumentáciu dodanú so zariadením. V prípade bezdrôtovej Apple klávesnice stlačte tlačidlo napájania. 2 Prejdite do Nastavenia > Bluetooth a zapnite Bluetooth. 3 Zvoľte zariadenie a v prípade zobrazenia výzvy zadajte prístupový kľúč alebo kód PIN. Heslo alebo PIN kód zariadenia nájdete v návode na použitie, ktorý je súčasťou zariadenia. Informácie o používaní bezdrôtovej Apple klávesnice nájdete v téme Bezdrôtová Apple klávesnica na strane 27. Ak chcete s iPhonom používať Bluetooth náhlavnú sadu, prečítajte si k nej pribalenú dokumentáciu. Návrat audio výstupu do iPhonu, keď je pripojená Bluetooth náhlavná sada:  Vypnite zariadenie alebo zrušte spárovanie so zariadením, prípadne vypnite Bluetooth v časti Nastavenia > Bluetooth. Vždy, keď sa zariadenie dostane mimo dosahu siete, audiovýstup sa vráti do iPhonu. Na prepnutie audio výstupu do iPhonu môžete takisto použiť AirPlay . Viac v časti AirPlay na strane 32. Stav Bluetooth Po spárovaní zariadenia s iPhonom sa v stavovom riadku vo vrchnej časti obrazovky zobrazí ikona Bluetooth: • alebo :  Bluetooth je zapnuté a spárované so zariadením. (Táto farba závisí od aktuálnej farby stavového riadku.) • :  Bluetooth je zapnuté a spárované so zariadením, ale zariadenie je mimo dosahu a vypnuté. • Žiadna ikona Bluetooth:  Bluetooth nie je spárované so zariadením. Zrušenie párovania Bluetooth zariadenia a iPhonu Ak Bluetooth zariadenie nebudete viac používať, môžete zrušiť jeho spárovanie s iPhonom. Zrušenie párovania Bluetooth zariadenia:  Prejdite do Nastavenia > Bluetooth a zapnite Bluetooth. Klepnite na vedľa názvu zariadenia a potom klepnite na „Odstrániť toto zariadenie“.Kapitola 3 Základy 36 Zdieľanie súborov Na prenos súborov medzi iPhonom a svojim počítačom môžete použiť iTunes. Na iPhone si môžete tiež prezerať súbory prijaté v podobe príloh emailových správ. Viac v časti Čítanie emailov na strane 54. Ak máte na viac ako jednom zariadení rovnaké aplikácie podporujúce iCloud, môžete na automatickú synchronizáciu aktuálnych verzií dokumentov medzi zariadeniami použiť iCloud. Viac v časti iCloud na strane 16. Prenos súborov pomocou aplikácie iTunes:  Pripojte iPhone k počítaču pomocou priloženého kábla. V aplikácii iTunes na svojom počítači vyberte iPhone a kliknite na tlačidlo Aplikácie. Pomocou časti Zdieľanie súborov môžete prenášať dokumenty medzi iPhonom a počítačom. Aplikácie podporujúce zdieľanie súborov sú uvedené v zozname Aplikácie na zdieľanie súborov v iTunes. Ak chcete vymazať súbor, vyberte ho v zozname Súbory a následne stlačte kláves Delete. Bezpečnostné funkcie Bezpečnostné funkcie vám pomáhajú chrániť informácie uložené v iPhone. Heslá a ochrana dát Pre zvýšenie bezpečnosti si môžete nastaviť heslo, ktoré bude potrebné zadať vždy pri zapnutí alebo zobudení iPhonu, ako aj pri pokuse o prístup k nastaveniam uzamykania heslom. Nastavením hesla sa zapne ochrana údajov, ktorá vaše heslo používa ako šifrovací kľúč pri šifrovaní emailových správ a príloh uchovávaných na iPhone. (Niektoré aplikácie dostupné v obchode App Store môžu takisto využívať ochranu dát.) Upozornenie v spodnej časti obrazovky Uzamykanie heslom v nastaveniach indikuje, že ochrana dát je zapnutá. Dôležité:  Ak chcete povoliť ochranu dát na iPhone 3GS, ktorý nebol dodaný so systémom iOS 4 alebo novšou verziou, musíte na ňom obnoviť iOS. Viac v časti Aktualizácia a obnova softvéru na zariadení iPhone na strane 159. Nastavenie hesla:  Prejdite do Nastavenia > Všeobecné > Uzamykanie heslom, následne klepnite na možnosť Zapnúť heslo a nastavte 4-miestne heslo. Použitie bezpečnejšieho hesla:  Ak chcete zlepšiť zabezpečenie, vypnite Jednoduché heslo a používajte dlhšie heslo, tvorené kombináciou číslic, písmen, interpunkcie a špeciálnych znakov. Ak chcete odomknúť iPhone keď je chránený kombinovaným heslom, zadajte heslo pomocou klávesnice. Ak preferujete odomykanie iPhonu pomocou číselnej klávesnice, môžete nastaviť dlhšie heslo len za použitia číslic. Zablokovanie prístupu k Siri, keď je iPhone uzamknutý:  Prejdite do Nastavenia > Všeobecné > Uzamykanie heslom a vypnite Siri. Vypnutie Hlasového vytáčania, keď je iPhone zamknutý:  Prejdite do Nastavenia > Všeobecné > Uzamykanie heslom a vypnite Hlasové vytáčanie. (Dostupné len ak je Siri vypnuté v Nastavenia > Všeobecné > Siri.) Viac v časti Uzamykanie heslom na strane 143.Kapitola 3 Základy 37 Nájsť môj iPhone Funkcia Nájsť môj iPhone vám umožňuje nájsť a zabezpečiť svoj iPhone pomocou bezplatnej aplikácie Nájsť môj iPhone na inom iPhone, iPade alebo iPode touch, prípadne pomocou Macu alebo PC s webovým prehliadačom prihláseným na stránke www.icloud.com. Nájsť môj iPhone obsahuje: • Prehrať zvuk:  Prehráva zvuk po dobu dvoch minút. • Režim strateného zariadenia:  Umožňuje okamžite zamknúť stratený iPhone pomocou hesla a odoslať naň správu s vašimi kontaktnými údajmi. iPhone takisto sleduje a hlási svoju polohu, takže sa v aplikácii Nájsť môj iPhone môžete pozrieť, kde sa nachádza. • Vymazať iPhone:  Chráni vaše súkromie vymazaním všetkých informácií a médií z iPhonu a obnovením iPhonu na pôvodné výrobné nastavenia. Dôležité:  Ak chcete používať tieto funkcie, musí byť na iPhone ešte pred jeho stratením zapnutá v nastaveniach iCloudu funkcia Nájsť môj iPhone a zároveň musí byť iPhone pripojený na internet. Zapnutie funkcie Nájsť môj iPhone:  Prejdite do Nastavenia > iCloud a zapnite Nájsť môj iPhone. Batéria iPhone obsahuje vstavanú nabíjateľnú lítiumiónovú batériu. Ďalšie informácie o batérii, vrátane tipov na predĺženie jej životnosti, nájdete na webovej stránke www.apple.com/sk/batteries. UPOZORNENIE:  Dôležité bezpečnostné informácie týkajúce sa batérie a nabíjania iPhonu nájdete v časti Dôležité informácie týkajúce sa bezpečnosti na strane 153. Nabíjanie batérie:  Pripojte iPhone do elektrickej zásuvky pomocou priloženého kábla a napájacieho USB adaptéra. Poznámka:  Pripojením iPhonu k napájaniu môžete spustiť zálohovanie na iCloud alebo bezdrôtovú synchronizáciu s iTunes. Viac v časti Zálohovanie iPhonu na strane 157 a Synchronizácia s iTunes na strane 17. Nabíjanie batérie a synchronizácia iPhonu pomocou počítača:  Pripojte iPhone k počítaču pomocou priloženého kábla. Prípadne pripojte iPhone k počítaču pomocou priloženého kábla a docku (predávaný samostatne).Kapitola 3 Základy 38 Pokiaľ vaša klávesnica nemá vysokovýkonný port USB 2.0 alebo 3.0, musíte iPhone pripojiť k portu USB 2.0 alebo 3.0 priamo na svojom počítači. Dôležité:  Batéria iPhonu sa môže vybiť, ak je pripojený k počítaču, ktorý je vypnutý, prípadne sa nachádza v režime spánku alebo v úspornom režime. Kapacitu batérie a stav nabíjania batérie zobrazuje ikona v pravom hornom rohu obrazovky. Nabíja sa Nabíja sa Nabíjanie dokončené Nabíjanie dokončené Percentuálne zobrazenie úrovne nabitia batérie:  Prejdite do Nastavenia > Všeobecné > Štatistiky a zapnite nastavenie v časti Používanie batérie. Ak nabíjate batériu počas synchronizácie iPhonu, môže nabíjanie trvať dlhšiu dobu. Dôležité:  Ak je batéria iPhonu takmer úplne vybitá, môže sa zobraziť jeden z nasledujúcich obrázkov, ktoré signalizujú, že sa iPhone pred akýmkoľvek ďalším použitím potrebuje nabíjať po dobu približne 10 minút. Ak je iPhone takmer úplne vybitý, jeho displej môže ostať vypnutý po dobu až 2 minút, kým sa na ňom zobrazí jeden zo stavových obrázkov signalizujúcich vybitie batérie. alebo alebo Nabíjateľné batérie majú obmedzený počet nabíjacích cyklov a je možné, že budete musieť batériu po čase vymeniť. Výmena batérie:  Batériu v iPhone nemôže vymieňať užívateľ, ale len pracovník autorizovaného servisu. Navštívte webovú stránku www.apple.com/sk/batteries/.4 39 Čo je Siri? Siri je inteligentná osobná asistentka, ktorá vám pomocou hovoreného slova pomáha vykonávať rôzne úlohy. Siri rozumie prirodzenej reči, takže sa nemusíte učiť špecifické príkazy alebo si pamätať kľúčové slová. Na danú vec sa môžete opýtať rôznymi spôsobmi. Môžete napríklad povedať „Set the alarm for 6:30 a.m.“ alebo „Wake me at 6:30 in the morning“. Tak alebo onak, Siri to pochopí. UPOZORNENIE:  Dôležité informácie týkajúce sa rušivých vplyvov počas šoférovania nájdete v časti Dôležité informácie týkajúce sa bezpečnosti na strane 153. Poznámka:  Funkcia Siri je dostupná na iPhone 4S a novších modeloch a vyžaduje pripojenie na internet. Prenos dát v mobilnej sieti môže byť spoplatnený. Služba Siri nemusí byť dostupná pre všetky jazyky alebo vo všetkých oblastiach a jej funkcie sa môžu v jednotlivých oblastiach líšiť. Pomocou Siri môžete napísať a odoslať správu, naplánovať si stretnutie, vykonať telefonický hovor, získať trasu cesty, nastaviť pripomienku, prehľadať web a mnoho ďalších aktivít! A to všetko jednoduchým hovorením. Ak Siri potrebuje viac informácií alebo si potrebuje vyjasniť niektorú z vašich požiadaviek, položí vám otázku. Siri tiež používa informácie z vašich kontaktov, hudobnej knižnice, kalendárov, pripomienok a podobne, aby porozumela tomu, o čom rozprávate. Siri bezproblémovo spolupracuje s väčšinou vstavaných aplikácií na iPhone a podľa potreby používa vyhľadávanie a lokalizačné služby. Siri môžete požiadať aj o otvorenie aplikácie. Siri toho môžete povedať veľmi veľa — pre začiatočníkov ponúkame nasledovné príklady: • Call Joe • Set the timer for 30 minutes • Directions to the nearest Apple store • Is it going to rain tomorrow? • Open Passbook • Post to Facebook • Tweet SiriKapitola 4 Siri 40 Používanie Siri Spustenie Siri Siri spustíte stlačením tlačidla. Spustenie Siri:  Stlačte a podržte tlačidlo Domov , až kým sa nezobrazí Siri. Ak ste počas nastavovania iPhonu nezapli Siri, prejdite do Nastavenia > Všeobecné > Siri. Ozvú sa dve rýchle pípnutia a na obrazovke sa objaví veta „What can I help you with?“. Jednoducho začnite rozprávať. Rozsvieti sa ikona mikrofónu, ktorá naznačuje, že vás Siri počuje. Keď začnete konverzáciu so Siri, klepnite na ikonu mikrofónu a pokračujte v dialógu. Siri počká, kým neskončíte, no môžete klepnúť na ikonu mikrofónu a dať tak Siri najavo, že ste dohovorili. Toto je užitočné v prípade, že ste v prostredí, kde je veľa okolitého hluku. Môže to tiež urýchliť vašu konverzáciu so Siri, pretože nebude musieť čakať na vašu pauzu. Keď prestanete rozprávať, Siri zobrazí čo počula a odpovie. Siri často zobrazí súvisiace informácie, ktoré môžu byť užitočné. Ak sa informácia týka aplikácie, napríklad textovej správy, ktorú ste napísali, prípadne lokality, na ktorú ste sa spýtali, jednoducho klepnutím na displej otvorte príslušnú aplikáciu a zobrazte podrobnosti a ďalšie akcie. Čo Siri počul Čo Siri počul Klepnite pre zadanie hlasového povelu pre Siri. Klepnite pre zadanie hlasového povelu pre Siri. Odpoveď Siri Odpoveď Siri Súvisiace informácie — klepnutím otvorte aplikáciu. Súvisiace informácie — klepnutím otvorte aplikáciu. Ak Siri potrebuje viac informácií na vyjasnenie požiadavky, môže vám položiť otázky. Ak napríklad Siri poviete „Remind me to call mom“, Siri sa môže opýtať „What time would you like me to remind you?“ Zrušenie žiadosti:  Povedzte „cancel“, klepnite na alebo stlačte tlačidlo Domov . Zastavenie telefónneho hovoru, ktorý bol spustený pomocou Siri:  Predtým, ako sa otvorí aplikácia Telefón, stlačte tlačidlo Domov . Ak je aplikácia Telefón už otvorená, klepnite na Zložiť.Kapitola 4 Siri 41 Povedzte Siri o sebe Čím lepšie vás Siri pozná, tým viac môže vaše informácie využiť vo váš prospech. Siri získava informácie z vašej osobnej vizitky v Kontaktoch („Moje info“). Povedzte Siri kto ste:  Prejdite do Nastavenia > Všeobecné > Siri > Moje info a potom klepnite na svoje meno. Zadajte na vizitke svoju adresu domov a do práce, aby ste mohli povedať vety ako „How do I get home?“ a „Remind me to call Bob when I get to work“. Siri chce tiež vedieť o dôležitých ľuďoch vo vašom živote, takže na svojej osobnej vizitke zadajte aj tieto vzťahy. Ak napríklad prvýkrát poviete Siri, aby vytočila číslo vašej sestry, Siri sa spýta, kto je vaša sestra (ak na vizitke túto informáciu ešte nemáte). Siri pridá tento vzťah do vašej osobnej vizitky, aby sa to nabudúce nebolo nutné pýtať. V Kontaktoch si vytvorte vizitky pre všetky dôležité vzťahy a zadajte informácie ako telefónne čísla, emailové adresy, adresy domov a do práce, prípadne prezývky, ktoré chcete používať. Sprievodca na obrazovke Siri vám priamo na obrazovke zobrazí príklady viet, ktoré môžete povedať. Spýtajte sa Siri „what can you do“ alebo keď sa Siri prvýkrát objaví, klepnite na . Siri zobrazí zoznam podporovaných aplikácií so vzorovou požiadavkou. Klepnite na položku v zozname pre zobrazenie ďalších príkladov. Siri ako telefón Siri môžete začať zadávať príkazy tak, že si iPhone priložíte k uchu, podobne ako keď telefonujte. Ak obrazovka nie je zapnutá, stlačte najskôr tlačidlo Spať/Zobudiť alebo Domov. Ozvú sa dve rýchle pípnutia, ktoré znamenajú, že Siri počúva. Potom začnite rozprávať. Zapnutie funkcie Priložiť telefón k uchu:  Prejdite do Nastavenia > Všeobecné > Siri.Kapitola 4 Siri 42 Keď si priložíte iPhone k uchu a Siri neodpovedá, začnite tak, že obrazovku budete mať pred sebou, takže vaša ruka bude otočená smerom nahor. Siri v režime bez používania rúk Siri môžete používať s náhlavnou sadou dodanou spolu s iPhonom a s ďalšími kompatibilnými káblovými alebo Bluetooth náhlavnými sadami. Rozprávanie so Siri pomocou náhlavnej sady:  Stlačte a podržte stredné tlačidlo (prípadne tlačidlo na uskutočnenie hovoru na Bluetooth náhlavnej sade). Ak chcete pokračovať v konverzácii so Siri, vždy, keď budete chcieť hovoriť, stlačte a podržte tlačidlo. Počas používania náhlavnej sady bude Siri hovoriť odpovede. Nadiktované textové a emailové správy Siri pred odoslaním nahlas prečíta. Toto vám umožní správu podľa potreby zmeniť. Siri tiež pred vytvorením pripomienok prečíta ich názvy. Lokalizačné služby Pretože Siri pozná lokality (iPhone 4S a novšie modely) ako „current“, „home“ a „work“, môže vám pripomenúť úlohy pri príchode na určité miesto alebo pri jeho opustení. Povedzte Siri „Remind me to call my daughter when I leave the office“ a Siri to spraví. Informácie o polohe nie sú sledované ani ukladané mimo iPhonu. Siri môžete používať aj keď lokalizačné služby vypnete, no Siri nespraví nič, čo bude vyžadovať informácie o polohe. Vypnutie lokalizačných služieb pre Siri:  Prejdite do Nastavenia > Súkromie > Lokalizačné služby. Prístupnosť Siri je dostupná nevidomým užívateľom a ľuďom so zrakovým postihnutím prostredníctvom funkcie VoiceOver, ktorá slúži ako čítačka obrazovky zabudovaná v systéme iOS. VoiceOver nahlas popisuje čo sa nachádza na obrazovke, vrátane ľubovoľného textu v odpovediach Siri, takže iPhone môžete používať aj keď ho nevidíte. Zapnutie funkcie VoiceOver:  Prejdite do Nastavenia > Všeobecné > Prístupnosť. Ak zapnete VoiceOver, bude všetko na obrazovke, dokonca aj vaše upozornenia, čítané nahlas. Viac informácií nájdete v časti VoiceOver na strane 119.Kapitola 4 Siri 43 Nastavenie možností Siri Vypnutie alebo zapnutie Siri  Prejdite do Nastavenia > Všeobecné > Siri. Poznámka:  Vypnutím sa Siri resetuje a zabudne informácie týkajúce sa vášho hlasu. Nastavenie možností Siri:  Prejdite do Nastavenia > Všeobecné > Siri. • Jazyk:  Vyberte jazyk, ktorý chcete so Siri používať. • Hlasová odozva:  Podľa predvoleného nastavenia Siri svoje odpovede hovorí nahlas len v prípade, ak držíte iPhone pri uchu alebo používate náhlavnú sadu. Ak chcete, aby Siri vždy hovorila svoje odpovede, nastavte túto možnosť na Vždy. • Moje info:  Dajte Siri vedieť, ktorá vizitka v Kontaktoch obsahuje vaše osobné informácie. Viac v časti Povedzte Siri o sebe na strane 41. • Priložiť telefón k uchu:  Začnite konverzáciu so Siri priložením iPhonu k uchu, keď je obrazovka aktívna. Túto funkciu môžete vypnúť alebo zapnúť v Nastavenia > Všeobecné > Siri. Povolenie alebo zakázanie prístupu k Siri, keď je iPhone zamknutý pomocou hesla:  Prejdite do Nastavenia > Všeobecné > Uzamykanie heslom. Siri môžete tiež zakázať zapnutím obmedzení. Viac v časti Obmedzenia na strane 143. Reštaurácie Siri spolupracuje s Yelp, OpenTable a ďalšími podobnými službami, takže vám dokáže poskytnúť informácie o reštauráciách a pomôcť pri rezervácii stola. Požiadajte Siri o vyhľadanie reštaurácií podľa druhu kuchyne, ceny, polohy alebo kombinácie týchto možností. Siri dokáže zobraziť dostupné fotky, hviezdičky zo stránky Yelp, ceny a recenzie. Viac informácií môžete získať v aplikáciách Yelp alebo OpenTable. Ak ich zatiaľ nemáte nainštalované, iPhone zobrazí výzvu na ich stiahnutie. Zobrazenie detailných informácií o reštaurácii:  Klepnite na reštauráciu odporúčanú Siri. Nájsť polohu na mape. Nájsť polohu na mape. Zobraziť recenzie zo služby Yelp. Zobraziť recenzie zo služby Yelp. Zavolať do reštaurácie. Zavolať do reštaurácie. Navštíviť webovú stránku. Navštíviť webovú stránku. Rezervovať stôl prostredníctvom služby OpenTable. Rezervovať stôl prostredníctvom služby OpenTable.Kapitola 4 Siri 44 Filmy Opýtajte sa Siri na filmy, ktoré práve hrajú v kinách vo vašom okolí, prípadne zistite, kde si môžete pozrieť vybraný film. Zistite dátum premiéry filmu, meno režiséra alebo ocenenia, ktoré tento film získal. Siri vám poskytne polohu kín, časy predstavení a recenzie zo stránky Rotten Tomato. Zobrazenie detailných informácií o filme:  Klepnite na film odporúčaný Siri. Získať kiná a časy predstavení. Získať kiná a časy predstavení. Prehrať upútavku. Prehrať upútavku. Prečítať si recenzie na Rotten Tomato. Prečítať si recenzie na Rotten Tomato. Šport Siro toho vie o veľa o rôznych športoch, vrátane basketbalu, futbalu a hokeja. Opýtajte sa Siri na rozpisy zápasov, výsledky zápasov aktuálnej sezóny alebo na aktuálne skóre z práve prebiehajúcich zápasov. Povedzte Siri, ako má zobraziť štatistiky hráča a porovnať ich so štatistikami iného hráča. Siri sleduje napríklad aj rekordy tímov. Môžete sa opýtať napríklad nasledovné: • What was the score of the last Giants game? • What are the National League standings? • When is the Chicago Cubs first game of the season? Diktovanie Ak je funkcia Siri zapnutá, môžete tiež diktovať text. Viac v časti Diktovanie na strane 27. Hoci emailové, textové a iné správy môžete vytvoriť priamym rozhovorom so Siri, môžete použiť aj diktovanie. Diktovanie vám umožňuje správu upravovať namiesto toho, aby ste museli celý text nahradiť. Diktovanie vám počas písania poskytuje viac času na premýšľanie. Siri chápe pauzy tak, že ste pre daný okamih skončili s rozprávaním a využije príležitosť na svoju reakciu. Hoci tento systém umožňuje prirodzenú konverzáciu, Siri vás môže prerušiť skôr než naozaj skončíte v prípade, že bola táto pauza príliš dlhá. Pri diktovaní môžete urobiť pauzu kedykoľvek budete chcieť a v diktovaní môžete kedykoľvek pokračovať.Kapitola 4 Siri 45 Môžete tiež text začať písať s pomocou Siri a potom pokračovať diktovaním. Môžete napríklad so Siri vytvoriť emailovú správu, potom klepnúť na rozpísanú správu a otvoriť ju v aplikácii Mail. V aplikácii Mail môžete správu dokončiť alebo upravovať, prípadne robiť iné zmeny, ako napríklad pridávanie a odoberanie príjemcov, úpravy predmetu správy alebo meniť účet, z ktorého budete správu posielať. Korekcia Siri Ak má Siri problém Siri môže mať občas problém s porozumením — napríklad v hlučnom prostredí. Ak rozprávate s prízvukom, Siri môže chvíľu trvať, kým si na váš hlas zvykne. Ak Siri neporozumela tomu, čo ste povedali, môžete sa opraviť. Siri zobrazí, čo od vás počula, spolu s odpoveďou. Oprava toho, čo Siri počula:  Klepnite na bublinu s textom, ktorý Siri počula. Písaním upravte svoju žiadosť, prípadne na klávesnici klepnite na pre diktovanie. Informácie o používaní diktovania nájdete v časti Diktovanie na strane 44. Ak je nejaká časť textu podčiarknutá modrou farbou, klepnite na ňu a Siri navrhne niekoľko alternatív. Klepnite na niektorý z návrhov alebo text nahraďte písaním alebo diktovaním. Korekcia Siri pomocou hlasu:  Klepnite na , zopakujte vetu alebo vysvetlite svoju požiadavku. Napríklad „I meant Boston“. Keď opravujte Siri, nehovorte čo nechcete. Povedzte čo chcete. Korekcia emailovej alebo textovej správy:  Ak sa vás Siri opýta, či chcete odoslať správu, môžete povedať napríklad: • Change it to: Call me tomorrow • Add: See you there question mark. • No, send it to Bob. • No. (pre ponechanie správy bez jej odoslania) • Cancel Ak chcete, aby vám Siri správu prečítala, povedzte „Read it back to me“ alebo „Read me the message.“ Ak je správa v poriadku, môžete povedať niečo ako „Yes, send it.“ Hlučné prostredie V hlučnom prostredí držte iPhone blízko k ústam, ale nerozprávajte priamo do spodnej hrany. Rozprávajte prirodzene a zrozumiteľne. Po skončení hovorenia klepnite na . Počas konverzácie so Siri môžete tiež držať iPhone pri uchu. Sieťové pripojenie Siri vám môže povedať, že má problém s pripojením na sieť. Keďže pri rozpoznávaní reči sa Siri spolieha na servery spoločnosti Apple a na ďalšie služby, budete potrebovať dobré 3G, 4G alebo LTE mobilné alebo Wi-Fi pripojenie na internet. 5 46 Telefonické hovory Vykonávanie hovorov Telefonický hovor na iPhone uskutočníte jednoduchým klepnutím na meno a číslo vo svojich kontaktoch. Ak používate Siri, jednoducho povedzte „call Bob“ (iPhone 4S alebo novšie modely). Hovor uskutočníte aj klepnutím na niektorú zo svojich obľúbených položiek alebo na niektorý z posledných uskutočnených hovorov. Zavolajte obľúbenému kontaktu jediným klepnutím. Zavolajte obľúbenému kontaktu jediným klepnutím. Zobraziť posledné prichádzajúce a odchádzajúce hovory kvôli volaniu späť alebo zobrazeniu ďalších informácií. Červený odznak indikuje počet zmeškaných hovorov. Zobraziť posledné prichádzajúce a odchádzajúce hovory kvôli volaniu späť alebo zobrazeniu ďalších informácií. Červený odznak indikuje počet zmeškaných hovorov. Zavolať, poslať email alebo poslať textovú správu niekomu zo zoznamu kontaktov. Zavolať, poslať email alebo poslať textovú správu niekomu zo zoznamu kontaktov. Vytočiť manuálne. Vytočiť manuálne. Zobraziť zoznam správ v odkazovači. Zobraziť zoznam správ v odkazovači. UPOZORNENIE:  Dôležité informácie týkajúce sa rušivých vplyvov nájdete v časti Dôležité informácie týkajúce sa bezpečnosti na strane 153. Tlačidlá v spodnej časti obrazovky aplikácie Telefón slúžia na rýchly prístup k obľúbeným položkám, posledným telefonátom, kontaktom a k numerickej klávesnici určenej na manuálne vytáčanie čísel. TelefónKapitola 5 Telefón 47 Manuálne vytočenie čísla:  Klepnite na Klávesnica, zadajte číslo a klepnite na Zavolať. • Vloženie čísla na obrazovke s numerickou klávesnicou:  Klepnite na časť obrazovky nad klávesnicou a potom klepnite na Vložiť. • Vloženie krátkej (2-sekundovej) pauzy:  Podržte kláves „*“, až kým sa v čísle nezobrazí čiarka. • Vloženie dlhej pauzy (slúži na pozastavenie vytáčania, až kým neklepnete na Vytočiť): Podržte kláves „#“, až kým sa v čísle nezobrazí dvojbodka. • Opätovné vytočenie posledného čísla:  Klepnite na Klávesnica, klepnutím na Zavolať zobrazte číslo a potom znovu klepnite na Zavolať. Pridanie kontaktu medzi Obľúbené:  V aplikácii Kontakty klepnite na Pridať k obľúb. v spodnej časti vizitky kontaktu. Ak chcete vymazať alebo preusporiadať svoj zoznam obľúbených kontaktov, klepnite na Upraviť. Spustenie Siri alebo ovládania hlasom:  Stlačte a podržte tlačidlo Domov , vyslovte príkazy call (volať) alebo dial (vytočiť) a následne vyslovte žiadané meno alebo číslo. Môžete pridať aj spresnenie at home, work, alebo mobile (domáce, pracovné alebo mobilné číslo). Viac v časti kapitola 4, Siri, na strane 39 a Ovládanie hlasom na strane 28. Ovládanie hlasom bude pracovať spoľahlivejšie, ak vyslovíte celé meno osoby, ktorej chcete zavolať. Pri hlasovom vytáčaní čísla vyslovte každé číslo osobitne – napríklad four one five, five five five, one two one two. V prípade predvoľby 800 v USA môžete povedať eight hundred. Prijímanie hovorov Prijatie hovoru:  Klepnite na Zdvihnúť. Ak je iPhone zamknutý, prstom potiahnite prepínač. Môžete tiež stlačiť stredné tlačidlo na svojej náhlavnej sade. Stíšenie hovoru:  Stlačte tlačidlo Spať/Zobudiť alebo jedno z tlačidiel pre nastavenie hlasitosti. Stíšený hovor môžete aj naďalej prijať, až kým nebude presmerovaný do odkazovača. Odpovedanie na prichádzajúci hovor textovou správou:  Potiahnite nahor, klepnite na Odpovedať správou a potom vyberte niektorú z odpovedí alebo klepnite na Vlastná. Ak si chcete vytvoriť svoje vlastné odpovede, prejdite do Nastavenia > Telefón > Odpovedať správou a prepíšte niektorú z pôvodných správ. Pripomenutie neprijatého prichádzajúceho hovoru:  Potiahnite nahor, klepnite na Pripomenúť neskôr a vyberte čas pripomienky. Odmietnutie hovoru a jeho presmerovanie priamo do odkazovača:  Vykonajte jedno z nasledovných: • Dvakrát rýchlo za sebou stlačte tlačidlo Spať/Zobudiť. • Stlačte a podržte stredné tlačidlo na náhlavnej sade na približne dve sekundy. Dve hlboké pípnutia potvrdia, že bol hovor odmietnutý. • Klepnite na Zrušiť (ak je iPhone počas prichádzajúceho hovoru v aktívnom stave).Kapitola 5 Telefón 48 Blokovanie hovorov bez prerušenia Wi-Fi pripojenia na internet:  Prejdite do aplikácie Nastavenia, zapnite režim lietadlo a potom klepnutím zapnite Wi-Fi. Nastavenie režimu Nerušiť ( ):  Prejdite do nastavení a zapnite režim Nerušiť. Viac v časti Funkcia Nerušiť a hlásenia na strane 138. Keď je iPhone vypnutý, v režime lietadlo alebo režime Nerušiť, prichádzajúce hovory sú presmerované priamo do odkazovača. Počas hovoru Ak práve telefonujete, obrazovka zobrazuje možnosti hovoru. Používanie ďalšej aplikácie počas hovoru:  Stlačte tlačidlo Domov a otvorte aplikáciu. Ak sa chcete vrátiť k hovoru, klepnite na zelenú lištu vo vrchnej časti obrazovky. Ukončenie hovoru:  Klepnite na Zložiť. Prípadne stlačte stredné tlačidlo na náhlavnej sade. Odpovedanie na ďalší prichádzajúci hovor:  • Ignorovanie hovoru a jeho presmerovanie do odkazovača:  Klepnite na Ignorovať. • Podržanie aktuálneho hovoru a odpovedanie na prichádzajúci hovor:  Klepnite na Podržať + Zdvihnúť. • Zloženie prvého hovoru a odpovedanie na nový:  Ak používate GSM sieť, klepnite na Zložiť + Zdvihnúť. V CDMA sieti klepnite na Zložiť a keď vám druhý hovor zavolá späť, klepnite na Odpovedať, prípadne odomknite telefón potiahnutím prepínača (ak je zamknutý). Ak ste vo FaceTime videohovore, môžete buď ukončiť videohovor a zdvihnúť prichádzajúci hovor, alebo odmietnuť prichádzajúci hovor. Prepínanie medzi hovormi:  Klepnite na Prepnúť. Aktívny hovor bude podržaný. V CDMA sieti nemôžete prepínať medzi hovormi, ak je druhý hovor odchádzajúci. Môžete ich však zlúčiť. Ak zložíte druhý hovor alebo zlúčený hovor, budú ukončené oba hovory. Zlúčenie hovorov:  Klepnite na Zlúčiť hovory. V CDMA sieti nemôžete zlúčiť hovory, ak bol druhý hovor prichádzajúci.Kapitola 5 Telefón 49 Konferenčné hovory V GSM sieti môžete v závislosti od svojho operátora realizovať konferenčný hovor až s piatimi účastníkmi naraz. Vytvorenie konferenčného hovoru:  Počas hovoru klepnite na Pridať hovor, vykonajte ďalší hovor a následne klepnite na Zlúčiť hovory. Ďalších ľudí pridáte do konferenčného hovoru zopakovaním tohto postupu. • Ukončenie jedného z hovorov: Klepnite na Konferencia, klepnite na vedľa osoby a potom klepnite na Zložiť. • Súkromný rozhovor v rámci konferencie: Klepnite na Konferencia a potom klepnite na Súkromie vedľa danej osoby. Ak chcete pokračovať v konferencii, klepnite na Zlúčiť hovory. • Pridanie prichádzajúceho hovoru: Klepnite na Podržať + Zdvihnúť a potom na Zlúčiť hovory. Poznámka:  Počas konferenčného hovoru nie je možné uskutočniť FaceTime videohovor. Používanie Bluetooth zariadenia: Ďalšie informácie týkajúce sa používania Bluetooth zariadenia nájdete v dokumentácii dodanej spolu so zariadením. Viac v časti Párovanie zariadení Bluetooth na strane 35. Obídenie Bluetooth zariadenia:  • Odpovedajte na hovor klepnutím na obrazovku iPhonu. • Počas hovoru klepnite na Zvuk a vyberte iPhone alebo Reproduktor. • Vypnite Bluetooth v Nastavenia > Bluetooth. • Vypnite Bluetooth zariadenie, alebo ho presuňte mimo dosahu signálu Bluetooth. Ak má Bluetooth zariadenie zostať pripojené k vášmu iPhonu, vzdialenosť medzi nimi by nemala prekročiť 10 metrov. Tiesňové volania Vykonanie tiesňového volania v prípade, že je iPhone zamknutý:  Na obrazovke Zadajte heslo klepnite na Tiesňové volanie. Dôležité:   iPhone dokáže uskutočniť tiesňové volanie z mnohých miest za predpokladu, že je dostupná mobilná sieť. V prípade núdze by ste sa však naň nemali spoliehať. Niektoré mobilné siete nemusia prijať tiesňové volanie z iPhonu, ak nie je aktivovaný, ak nie je kompatibilný alebo nastavený na spoluprácu s konkrétnou sieťou alebo ak v iPhone nie je nainštalovaná SIM karta alebo je zamknutá PIN kódom. V USA sú pri vytočení tiesňového čísla 911 informácie o vašej polohe (ak sú k dispozícii) automaticky odoslané do tiesňového centra. V sieti CDMA aktivuje iPhone po dokončení tiesňového volania na niekoľko minút Režim tiesňového volania, ktorý umožňuje spätné volanie z tiesňovej linky. Dátové prenosy a textové správy sú v tomto režime blokované. Ukončenie režimu tiesňového volania (CDMA):  Vykonajte jedno z nasledovných: • Klepnite na tlačidlo späť. • Stlačte tlačidlo Spať/Zobudiť alebo tlačidlo Domov . • Vytočte iné číslo pomocou klávesnice.Kapitola 5 Telefón 50 FaceTime Pomocou iPhonu 4 alebo novších modelov môžete uskutočniť videohovor s hocikým, kto má Mac alebo iné iOS zariadenie podporujúce FaceTime. FaceTime kamera je určená na komunikáciu tvárou v tvár. Ak sa počas videohovoru chcete podeliť o obraz svojho okolia, prepnite na iSight kameru na zadnej strane. Poznámka:  Na iPhone 3GS alebo iPhone 4 potrebujete Wi-Fi pripojenie na internet. Na iPhone 4S a novších modeloch môžete používať FaceTime aj prostredníctvom mobilného dátového pripojenia. Prenos dát v mobilnej sieti môže byť spoplatnený. Ak nechcete, aby FaceTime hovory využívali mobilné dáta, prejdite do Nastavenia > Všeobecné > Mobilné. Uskutočnenie FaceTime videohovoru:  V aplikácii Kontakty vyberte meno, klepnite na FaceTime a potom klepnite na telefónne číslo alebo emailovú adresu, ktoré daná osoba používa pre FaceTime. Ak chcete zavolať niekomu, kto má iPhone 4 alebo novší model, môžete najprv uskutočniť telefonický hovor a potom klepnúť na FaceTime. Poznámka:  Počas FaceTime hovoru bude vaše telefónne číslo zobrazené, aj ak je funkcia zobraziť moje číslo zablokovaná alebo vypnutá. Spustenie Siri alebo ovládania hlasom:  Stlačte a podržte tlačidlo Domov , následne vyslovte „FaceTime“ a potom meno osoby, ktorej chcete zavolať. Nastavenie možností FaceTime:  Prejdite do Nastavenia > FaceTime a môžete: • Zapnúť alebo vypnúť FaceTime • Špecifikovať svoje Apple ID alebo emailovú adresu pre prijímanie FaceTime hovorov. Visual Voicemail (vizuálna odkazová schránka) Služba „Visual Voicemail“ vám umožňuje pozrieť si zoznam svojich odkazov a vybrať si, ktoré z nich si chcete vypočuť alebo vymazať a to bez nutnosti vypočuť si hlasové pokyny alebo predchádzajúce odkazy. Odznak na ikone Voicemail vám oznamuje, koľko máte nevypočutých odkazov. Nastavenie funkcie visual voicemail:  Keď klepnete prstom na Odkazy po prvýkrát, budete požiadaní o vytvorenie hesla do svojej odkazovej schránky a o nahratie svojho osobného uvítania pre odkazovú službu.Kapitola 5 Telefón 51 Vypočutie odkazu:  Klepnite na Odkazy a potom klepnite na odkaz. Ak si chcete odkaz vypočuť opäť, vyberte správu a klepnite na . Ak funkcia visual voicemail nie je pre vašu službu dostupná, klepnite na Odkazy a nasledujte hlasové výzvy. Kontrola odkazovej služby z iného telefónu:  Vytočte svoje vlastné číslo alebo číslo vášho operátora pre vzdialený prístup. Odkazy sa budú uchovávať až kým ich nevymažete vy alebo váš operátor. Vymazanie odkazu:  Prejdite prstom po odkaze alebo naň klepnite a potom klepnite na Vymazať. Poznámka:  V niektorých oblastiach môžu byť vymazané odkazy natrvalo odstránené vaším operátorom . Správa vymazaných odkazov:  Klepnite na Vymazané odkazy na začiatku zoznamu správ. K dispozícii máte nasledovné možnosti: • Vypočutie vymazaného odkazu: Klepnite na odkaz. • Obnovenie vymazaného odkazu: Klepnite na odkaz a následne na Obnoviť. • Trvalé vymazanie odkazov: Klepnite na Vymazať všetky. Zmena uvítania:  Klepnite na Odkazy, na Pozdrav, na Vlastný a potom klepnite na Nahrať. Prípadne ak chcete použiť všeobecné uvítanie vášho operátora, klepnite na Pôvodný. Nastavenie upozornenia na nový odkaz:  Prejdite do Nastavenia > Zvuky a klepnite na možnosť Nový odkaz. Poznámka:  Ak je tlačidlo Zvoniť/Ticho v polohe vypnuté, iPhone vás nebude upozorňovať na nový odkaz. Zmena hesla do odkazovej schránky:  Prejdite do Nastavenia >Telefón > Heslo do odkazovača.Kapitola 5 Telefón 52 Kontakty Na obrazovke s informáciami o zobrazenom kontakte môžete klepnutím uskutočniť telefonický hovor, vytvoriť novú emailovú správu, nájsť polohu kontaktu a ďalšie. Viac v časti kapitola 25, Kontakty, na strane 104. Presmerovanie hovorov, Čakanie hovorov a Zobraziť moje číslo Nasledujúce informácie sa vzťahujú len na GSM siete. Informácie o povolení a používaní týchto funkcií v CDMA sieťach získate u svojho operátora. Viac v časti support.apple.com/kb/HT4515. Zapnutie alebo vypnutie presmerovania hovorov:  Prejdite do Nastavenia >Telefón > Presmerovanie. Ak prebieha presmerovanie hovoru, zobrazí sa v stavovom riadku ikona presmerovania hovorov ( ). Pri nastavovaní presmerovania hovorov na iPhone musíte byť v dosahu mobilnej siete, inak vaše hovory nebudú presmerované. Hovory FaceTime nie je možné presmerovať. Zapnutie alebo vypnutie čakania hovorov:  Prejdite do Nastavenia >Telefón > Čakanie hovorov. Ak máte vypnuté čakanie hovorov, sú prichádzajúce hovory počas telefonovania presmerované priamo do odkazovača. Zapnutie alebo vypnutie funkcie ID volajúceho:  Prejdite do Nastavenia > Telefón > Zobraziť moje číslo. Poznámka:  Počas FaceTime hovoru bude vaše telefónne číslo zobrazené, aj ak je funkcia Zobraziť moje číslo vypnutá. Zvonenia, prepínač Zvoniť/Ticho a vibrovanie iPhone obsahuje zvonenia, ktoré si môžete nastaviť pre prichádzajúce hovory, či ako melódiu budíka a časovača. Zvonenia vytvorené zo skladieb si môžete zakúpiť v iTunes. Viac v časti kapitola 22, iTunes Store, na strane 98. Nastavenie globálneho zvonenia:  Prejdite do Nastavenia > Zvuky > Zvonenie. Zapnutie alebo vypnutie vyzváňania:  Prepnite prepínač na boku iPhonu. Dôležité:  Nastavené budíky budú zvoniť aj v prípade, že je prepínač Zvoniť/Ticho nastavený na tichý režim. Vypnutie alebo zapnutie vibrovania:  Prejdite do Nastavenia > Zvuky. Priradenie vlastného zvonenia kontaktu:  V aplikácii Kontakty vyberte kontakt, klepnite na Upraviť, klepnite na Zvonenie a vyberte zvonenie. Viac informácií nájdete v časti Zvuky na strane 145. Medzinárodné hovory Viac informácií o medzinárodných hovoroch vrátane taríf a iných poplatkov vám poskytne váš mobilný operátor, prípadne ich nájdete na webových stránkach svojho mobilného operátora. Pri cestách do zahraničia zrejme budete môcť pomocou iPhonu uskutočňovať hovory, odosielať a prijímať textové správy a používať aplikácie, ktoré pristupujú na internet (v závislosti od dostupných sietí). Aktivácia medzinárodného roamingu:  Pre informácie o dostupnosti a cenách kontaktujte svojho mobilného operátora.Kapitola 5 Telefón 53 Dôležité:  Hlasový a dátový roaming a textové správy môžu byť spoplatnené. Ak chcete predísť poplatkom pri roamingu, vypnite funkcie Hlasový roaming a Dátový roaming. Ak máte iPhone 4S, ktorý bol aktivovaný pre sieť CMDA, budete zrejme môcť využívať roaming v sieťach GSM (v telefóne musíte mať nainštalovanú SIM kartu). Počas roamingu v GSM sieťach má iPhone prístup k službám GSM sietí. Roaming môže byť spoplatnený. Pre viac informácií kontaktujte svojho operátora. Nastavenie možností sietí:  Prejdite do Nastavenia > Všeobecné > Mobilné a môžete: • Vypnúť alebo zapnúť dátový roaming. • Vypnúť alebo zapnúť mobilné dáta. • Vypnúť alebo zapnúť hlasový roaming (CDMA). • Používať GSM siete v cudzine (CDMA). Vypnutie mobilných služieb:  Prejdite do aplikácie Nastavenia, zapnite režim lietadlo a potom klepnutím zapnite Wi-Fi. Prichádzajúce hovory budú presmerované do odkazovača. Ak chcete zapnúť mobilné služby, vypnite Režim lietadlo. Automatické pridávanie predvoľby alebo kódu krajiny v prípade hovorov do USA:  (GSM) Prejdite do Nastavenia > Telefón a potom zapnite možnosť Asistent vytáčania. Umožní vám to používať kontakty a obľúbené položky na vykonávanie hovorov v cudzine. Výber operátora:  Prejdite do Nastavenia > Operátor. Táto možnosť je dostupná len v prípade, že sa nachádzate mimo dosahu siete svojho operátora a sú dostupní operátori, ktorí majú roamingovú zmluvu s vaším operátorom. Viac v časti Operátor na strane 139. Získavanie odkazov z odkazovej služby, keď nie je dostupná služba Visual Voicemail:  Vytočte svoje vlastné číslo (v sieti CDMA pridajte svoje číslo nasledované znakom #) alebo stlačte a podržte „1“ na numerickej klávesnici. Nastavovanie možností telefónu Prejdite do Nastavenia > Telefón a môžete: • Zobraziť telefónne číslo svojho iPhonu • Zmeniť predvolené správy určené na odpovedanie na prichádzajúce hovory • Zapnúť alebo vypnúť presmerovanie hovorov, čakanie hovorov a zobraziť moje číslo (GSM) • Zapnúť alebo vypnúť TTY • Zmeniť heslo do odkazovej schránky (GSM) • Vyžadovať PIN na odomknutie SIM karty po zapnutí iPhonu (vyžadované niektorými operátormi) Prejdite do Nastavenia > FaceTime a môžete: • Zapnúť alebo vypnúť FaceTime • Použiť svoje Apple ID pre FaceTime • Pridať emailovú adresu pre FaceTime • Vypnúť alebo zapnúť mobilné dáta Prejdite do Nastavenia > Zvuky a môžete: • Nastaviť zvonenia a hlasitosť • Nastaviť možnosti vibrovania • Nastaviť zvuk pre nový odkaz6 54 Čítanie emailov Zmeniť schránky alebo účty. Zmeniť schránky alebo účty. Prehľadať túto schránku. Prehľadať túto schránku. VIP VIP Napísať novú správu. Napísať novú správu. Upravte dĺžku náhľadu v Nastavenia > Mail, kontakty a kalendáre. Upravte dĺžku náhľadu v Nastavenia > Mail, kontakty a kalendáre. Vymazať, presunúť alebo označiť viacero správ. Vymazať, presunúť alebo označiť viacero správ. Označenie správy alebo jej nastavenie ako neprečítanej:  Klepnite na . Ak chcete naraz označiť viacero správ, klepnite na Upraviť v zobrazení zoznamu správ. Identifikácia správ, ktoré boli adresované priamo vám:  Prejdite do Nastavenia > Mail, kontakty, kalendáre a zapnite alebo vypnite možnosť Zobraziť Pre/Cc. Správy s vašou adresou v poli Pre alebo Cc budú v zozname správ označené ikonou. Zobrazenie všetkých príjemcov správy:  V poli Od klepnite na slovo Detaily. Ak chcete zobraziť kontaktné údaje príjemcu, prípadne ho pridať do aplikácie Kontakty alebo zoznamu VIP, klepnite na jeho meno alebo emailovú adresu. Vypnutie načítavania vzdialených obrázkov:  Prejdite do Nastavenia > Mail, kontakty, kalendáre a zapnite alebo vypnite možnosť Načítať obrázky. Otvorenie odkazu:  Klepnutím na odkaz vykonáte predvolenú akciu, prípadne zobrazte ďalšie akcie podržaním prsta na odkaze. Môžete napríklad zobraziť adresu na mape alebo ju pridať medzi kontakty. Webový odkaz môžete pridať do zoznamu Na prečítanie. Otvorenie pozvánky na stretnutie alebo prílohy:  Klepnite na položku. Ak môže prílohu používať viacero aplikácií, klepnutím a podržaním si vyberte tú, ktorá má otvoriť súbor. Uložte fotku alebo video z prílohy:  Podržte prst na fotke alebo videu a potom klepnite na Uložiť obrázok alebo video. Uložia sa do vášho albumu Fotoaparát v aplikácii Fotky. MailKapitola 6 Mail 55 Načítanie nových správ:  Ak chcete načítať nové správy v zozname správ alebo v schránke, potiahnite tieto zoznamy smerom nadol. • Nastavenie počtu starších správ, ktoré budú stiahnuté:  Prejdite do Nastavenia > Mail, kontakty, kalendáre > Zobraziť. Vypnutie hlásení nových správ pre vybraný účet:  Prejdite do Nastavenia > Hlásenia > Mail > názov účtu a vypnite Centrum hlásení. Zmena zvukov prehrávaných aplikáciou Mail:  Prejdite do Nastavenia > Zvuky. • Zmena zvuku prehrávaného pri prijatí nového emailu v jednotlivých účtoch:  Prejdite do Nastavenia > Hlásenia > Mail > názov účtu > Nový zvuk emailu. • Zmena zvuku prehrávaného pri prijatí nového emailu od VIP kontaktu:  Prejdite do Nastavenia > Hlásenia > Mail > VIP > Nový zvuk emailu. Odosielanie emailových správ Klepnutím upravte polia Od, Cc alebo Bcc. Klepnutím upravte polia Od, Cc alebo Bcc. Upravte svoj podpis v Nastavenia > Mail, kontakty a kalendáre. Upravte svoj podpis v Nastavenia > Mail, kontakty a kalendáre. Klepnutím priložte fotku alebo video. Klepnutím priložte fotku alebo video. Vytvorenie novej správy:  Klepnite na a zadajte meno alebo emailovú adresu. Po zadaní príjemcov ich môžete potiahnutím presúvať medzi poľami, ako napríklad z poľa Pre do poľa Cc. Ak máte viacero emailových účtov, klepnutím na pole Od môžete zmeniť účet, z ktorého správu odosielate. Automatické odosielanie skrytých kópií na vlastný email:  Prejdite do Nastavenia > Mail, kontakty, kalendáre > Skrytú kópiu sebe. Uloženie rozpísanej správy:  Klepnite na Zrušiť a potom klepnite na Uložiť. Správa bude uložená v schránke Rozpísané daného účtu. Ak si chcete prezrieť svoje rozpísané správy, podržte prst na . Odpovedanie na správu:  Klepnite na a potom klepnite na Odpovedať. Súbory alebo obrázky priložené k pôvodnej správe nebudú odoslané v odpovedi. Ak chcete do odpovede zahrnúť prílohy, namiesto odpovedania na správu ju prepošlite. Preposlanie správy:  Otvorte správu a klepnite na , potom klepnite na Preposlať. V správe budú preposlané aj prílohy pôvodnej správy. Citovanie časti správy, na ktorú odpovedáte alebo ktorú preposielate:  Označte text tak, že na ňom podržíte prst. Potiahnutím krajných bodov označte text, ktorý chcete zahrnúť vo vašej odpovedi a potom klepnite na . • Zmena úrovne odsadenia:  Označte text, ktorý chcete odsadiť, najmenej dvakrát klepnite na a potom klepnite na Úroveň citácie. • Automatické zvýšenie úrovne odsadenia citácie:  Prejdite do Nastavenia > Mail, kontakty, kalendáre a zapnite možnosť Zvýšiť úroveň citácie.Kapitola 6 Mail 56 Odoslanie fotky alebo videa v správe:  Klepnite na kurzor pre zobrazenie tlačidiel označovania. Klepnite na , klepnite na Vložiť fotku alebo video a potom v albume vyberte fotku alebo video. Pomocou aplikácie Fotky môžete odoslať viacero fotiek naraz — viac v časti Zdieľanie fotografií a videí na strane 76. Zmena podpisu:  Prejdite do Nastavenia > Mail, kontakty, kalendáre > Podpis. Ak máte viac ako jeden emailový účet a chcete pre každý z nich špecifikovať iný podpis, klepnite na Podľa účtu. Triedenie emailových správ Zobrazenie správ od VIP kontaktov:  Prejdite do zoznamu schránok (klepnite na Schránky) a potom klepnite na VIP. • Pridanie osoby do zoznamu VIP:  Klepnite na meno alebo adresu osoby v poliach Od, Pre alebo Cc/Bcc a potom klepnite na Pridať do VIP. Zoskupovanie súvisiacich správ:  Prejdite do Nastavenia > Mail, kontakty, kalendáre a klepnutím zapnite alebo vypnite možnosť Zoradiť do vlákien. Vyhľadávanie správ:  Otvorte schránku, prejdite na vrchnú časť obrazovky a do vyhľadávacieho poľa zadajte hľadaný text. Vyhľadávať môžete v poliach Od, Pre a Predmet v aktuálne otvorenej schránke. V emailových účtoch, ktoré podporujú vyhľadávanie správ na serveri, klepnite na Všetky pre vyhľadávanie v poliach Od, Pre, Predmet a v tele správy. Vymazanie správy:  Ak je správa otvorená, klepnite na . • Vymazanie správy bez jej otvárania:  Prejdite prstom po názve správy a potom klepnite na Vymazať. • Vymazanie viacerých správ:  V zobrazení zoznamu správ klepnite na Upraviť. • Vypnutie potvrdzovania vymazania:  Prejdite do Nastavenia > Mail, kontakty, kalendáre > Potvrdiť vymazanie. Obnovenie vymazanej správy:  Prejdite do schránky Kôš daného účtu, otvorte správu, klepnite na a presuňte správu do schránky Prijaté alebo do iného priečinka. • Nastavenie času uchovávania správ v schránke Kôš pred ich trvalým vymazaním:  Prejdite do Nastavenia > Mail, kontakty, kalendáre > názov účtu > Účet > Rozšírené. Vypnutie alebo zapnutie archivácie:  Prejdite do Nastavenia > Mail, kontakty, kalendáre > názov účtu > Účet > Rozšírené. Archivované správy sú presunuté do schránky Všetky správy. Archivovanie nepodporujú všetky emailové účty. Presunutie správy do inej schránky:  Počas prezerania správy klepnite na a vyberte cieľové umiestnenie. Pridanie, premenovanie alebo vymazanie schránky:  V zozname schránok klepnite na Upraviť. Niektoré schránky nie je možné vymazať alebo premenovať. Tlačenie správ a príloh Vytlačenie správy:  Klepnite na a potom klepnite na Tlačiť. Tlačenie obrázka v tele správy:  Podržte prst na obrázku a potom klepnite na Uložiť obrázok. Prejdite do aplikácie Fotky a vytlačte obrázok z albumu Fotoaparát. Tlačenie prílohy:  Klepnutím otvorte prílohu pomocou funkcie Náhľad, klepnite na a potom klepnite na Tlačiť. Viac informácií o tlačení nájdete v časti Tlač pomocou funkcie AirPrint na strane 33.Kapitola 6 Mail 57 Emailové účty a nastavenia Zmena nastavení aplikácie Mail a emailových účtov:  Prejdite do Nastavenia > Mail, kontakty, kalendáre. Môžete nastaviť účty typu: • iCloud • Microsoft Exchange a Outlook • Google • Yahoo! • AOL • Microsoft Hotmail • Ďalšie POP a IMAP účty Nastavenia líšia sa podľa typu účtu, ktorý používate. Informácie potrebné na vytvorenie emailového účtu môžete získať u poskytovateľa internetovej služby alebo správcu systému. Dočasné zastavenie používania účtu:  Prejdite do Nastavenia > Mail, kontakty, kalendáre, vyberte účet a vypnite emailovú službu pre daný účet. Ak je služba vypnutá, iPhone nebude zobrazovať ani synchronizovať dané informácie až do jej opätovného zapnutia. Takýmto spôsobom môžete napríklad pozastaviť prijímanie pracovných emailov na dovolenke. Vymazanie účtu:  Prejdite do Nastavenia > Mail, kontakty, kalendáre, vyberte účet a klepnite na Vymazať účet v spodnej časti obrazovky. Všetky informácie synchronizované s daným účtom, ako napríklad záložky, emailové správy a poznámky, budú vymazané. Nastavenie možností funkcie Push:  Prejdite do Nastavenia > Mail, kontakty, kalendáre > Načítanie dát. Funkcia Push doručuje nové informácie vždy keď sa objavia na serveri v prípade, že máte internetové pripojenie (môže sa vyskytnúť mierne oneskorenie). Ak je funkcia Push vypnutá, použite na určenie intervalu, v ktorom bude prebiehať kontrola nových dát, nastavenie Načítanie dát. Tu zvolené nastavenie prepíše nastavenia pre jednotlivé účty. Ak chcete, aby vám batéria vydržala čo najdlhšie, nevykonávajte túto kontrolu príliš často. Funkciu Push nepodporujú všetky emailové účty. Odosielanie podpísaných a šifrovaných správ:  Prejdite do Nastavenia > Mail, kontakty, kalendáre > názov účtu > Účet > Rozšírené. Zapnite možnosť S/MIME a potom vyberte certifikáty na podpisovanie a šifrovanie odchádzajúcich správ. Ak si chcete nainštalovať certifikáty, skúste získať konfiguračný profil od správcu systému, stiahnite si certifikáty z webovej stránky vydavateľa pomocou aplikácie Safari, prípadne si ich nechajte doručiť ako prílohu v emailovej správe. Nastavenie rozšírených možností:  Prejdite do Nastavenia > Mail, kontakty, kalendáre > názov účtu > Účet > Rozšírené. Možnosti sa líšia v závislosti od používaného účtu a môžu zahŕňať: • Ukladanie rozpísaných, odoslaných a vymazaných správ na iPhone • Nastavovanie času uchovávania vymazaných správ pred ich trvalým vymazaním • Úpravu nastavení emailového servera • Úpravu nastavení SSL a hesla Ak si nie ste istí správnymi nastaveniami pre váš účet, kontaktujte svojho poskytovateľa internetových služieb alebo správcu systému.7 58 Safari obsahuje okrem iných aj nasledovné funkcie: • Čítačka — prečítajte si články bez reklám a ďalších rušivých prvkov • Zoznam Na prečítanie — uložte si články, ktoré si chcete prečítať neskôr • Režim celá obrazovka — aktívny počas prezeranie v orientácii na šírku Na prezeranie stránok, ktoré ste si otvorili na ostatných zariadeniach a aktualizáciu záložiek a zoznamu Na prečítanie použite iCloud. Vyhľadať na webe alebo na aktuálnej stránke. Vyhľadať na webe alebo na aktuálnej stránke. Potiahnutím prechádzate medzi otvorenými webovými stránkami, prípadne otvorte novú webovú stránku. Potiahnutím prechádzate medzi otvorenými webovými stránkami, prípadne otvorte novú webovú stránku. Klepnutím dvakrát na položku alebo pohybom prstov od seba/k sebe upravíte zväčšenie. Klepnutím dvakrát na položku alebo pohybom prstov od seba/k sebe upravíte zväčšenie. Zadajte webovú adresu (URL). Zadajte webovú adresu (URL). Pridať záložku, položku do zoznamu Na prečítanie, ikonu na plochu alebo zdieľať či tlačiť stranu. Pridať záložku, položku do zoznamu Na prečítanie, ikonu na plochu alebo zdieľať či tlačiť stranu. Klepnutím na stavový riadok prejdete do vrchnej časti. Klepnutím na stavový riadok prejdete do vrchnej časti. Zobrazte svoj zoznam Na prečítanie, históriu a záložky. Zobrazte svoj zoznam Na prečítanie, históriu a záložky. Zobrazenie webovej stránky:  Klepnite na pole pre adresu (v lište s názvom), zadajte URL klepnite na Otvoriť. • Rolovanie webovej stránky: Potiahnite stránku nahor, nadol alebo do strán. • Rolovanie v ráme: Potiahnite dva prsty v ráme na webovej stránke. • Zobrazenie stránky na šírku na celej obrazovke: Otočte iPhone a klepnite na . • Opätovné načítanie webovej stránky: Klepnite na v poli pre adresu. Zatvorenie webovej stránky:  Klepnite na a potom klepnite na vedľa stránky. SafariKapitola 7 Safari 59 Prezeranie webových stránok, ktoré ste mali otvorené na svojich ostatných zariadeniach:  Klepnite na a potom klepnite na iCloud taby. Ak chcete zdieľať webové stránky otvorené na iPhone s ostatnými zariadeniami používajúcimi službu iCloud taby, prejdite do Nastavenia > iCloud a zapnite možnosť Safari. Otvorenie odkazu na webovej stránke:  Klepnite na odkaz. • Zobrazenie cieľa odkazu: Klepnite a podržte prst na odkaze. • Otvorenie odkazu na novom tabe: Podržte prst na odkaze a potom klepnite na Otvoriť na novej stránke. Niektoré údaje — ako napríklad telefónne čísla a emailové adresy — sa taktiež zobrazia ako odkazy na webových stránkach. Klepnutím a podržaním prsta na odkaze zobrazíte dostupné možnosti. Zobrazenie článku pomocou čítačky:  Klepnite na tlačidlo Čítačka (ak sa zobrazí v poli pre adresu). • Úprava veľkosti písma: Klepnite na . • Zdieľanie článku:  Klepnite na . Poznámka:  Pri odoslaní článku z Čítačky emailom bude okrem odkazu odoslaný aj celý text článku. • Návrat na normálne zobrazenie: Klepnite na Hotovo. Do zoznamu Na prečítanie si môžete pridávať webové stránky a prečítať si ich neskôr. • Pridanie aktuálnej webovej stránky: Klepnite na a potom klepnite na Pridať do zozn. Na prečítanie. Na iPhone 4 a novších modeloch sa okrem odkazu ukladá aj webová stránka, takže si ju môžete prečítať aj keď nemáte pripojenie na internet. • Pridanie cieľa odkazu: Klepnite a podržte prst na odkaze a potom klepnite na Pridať do zoznamu Na prečítanie. • Zobrazenie zoznamu Na prečítanie: Klepnite na a potom klepnite na Na prečítanie. • Vymazanie položky zo zoznamu Na prečítanie:  Prejdite prstom po položke a potom klepnite na Vymazať. Vyplnenie formulára:  Pre zobrazenie klávesnice klepnite na textové pole. • Prechod na iné textové pole: Klepnite na iné textové pole, prípadne klepnite na tlačidlá Ďalšie alebo Predošlé. • Odoslanie formulára: Pre odoslanie formulára klepnite na Otvoriť, Hľadať alebo na odkaz na webovej stránke. • Povolenie funkcie automatického vypĺňania AutoFill: Prejdite do Nastavenia > AutoFill. Vyhľadávanie na webe, aktuálnej webovej stránke alebo v prehľadávateľnom PDF dokumente:  Zadajte text do vyhľadávacieho poľa. • Vyhľadávanie na webe: Klepnite na niektorý zo zobrazených návrhov, prípadne na klepnite na Hľadať. • Vyhľadávanie textu na aktuálnej webovej stránke alebo v PDF dokumente: Prejdite na spodok obrazovky a klepnite na záznam pod možnosťou Na tejto stránke. Prvý výskyt hľadaného textu na stránke bude zvýraznený. Pre zobrazenie ďalších výskytov klepnite na . Pridanie záložky pre aktuálnu webovú stránku:  Klepnite na a potom klepnite na Záložky.Kapitola 7 Safari 60 Po vytvorení záložky na webovú stránku môžete upraviť jej názov. Záložky sa automaticky ukladajú do najvyššej úrovne záložiek. Ak si chcete zvoliť iný priečinok, na obrazovke Pridať záložku klepnite na Záložky. Vytvorenie ikony na ploche:  Klepnite na a potom klepnite na Pridať na plochu. Safari pridá na plochu ikonu aktuálnej webovej stránky. Pokiaľ stránka nemá vlastnú ikonu, bude táto časť stránky použitá ako ikona web clipu na ploche. Web clipy zálohuje iCloud aj iTunes, no iCloud ich neodosiela na iné zariadenia a iTunes ich nesynchronizuje. Zdieľanie alebo kopírovanie odkazu na aktuálnu webovú stránku:  Klepnite na a potom klepnite na Odoslať emailom, Odoslať správu, Twitter, Facebook alebo Kopírovať. Tlač aktuálnej webovej stránky:  Klepnite na a potom klepnite na Tlačiť. Viac v časti Tlač pomocou funkcie AirPrint na strane 33. Ak chcete, aby boli vaše záložky a zoznam Na prečítanie aktuálne na vašich ostatných iOS zariadeniach a počítačoch, použite iCloud:  Prejdite do Nastavenia > iCloud a zapnite možnosť Safari. Viac v časti iCloud na strane 16. Nastavenie možností pre Safari:  Prejdite do Nastavenia > Safari. Medzi možnosti patria: • Nastavenie vyhľadávača • Používanie funkcie AutoFill na vypĺňanie formulárov • Otváranie odkazov na nových stranách alebo na pozadí • Anonymné prezeranie kvôli ochrane osobných informácií a blokovanie sledovania vašej činnosti pre niektoré stránky • Vyčistenie histórie, cookies a dát • Mobilné dáta pre zoznam Na prečítanie • Upozornenia na falošné webové stránky8 61 Získavanie hudby Hudbu a ďalší audioobsah môžete na iPhone získať nasledovnými spôsobmi: • Zakúpenie a stiahnutie z obchodu iTunes Store: V aplikácii Hudba klepnite na Obchod. Viac v časti kapitola 22, iTunes Store, na strane 98. • Automatické sťahovanie hudby zakúpenej na ostatných iOS zariadeniach a počítačoch: Viac v časti iCloud na strane 16. • Synchronizácia obsahu s iTunes na vašom počítači: Viac v časti Synchronizácia s iTunes na strane 17. • Používanie služby iTunes Match na uchovávanie hudobnej knižnice v iCloude: Viac v časti iTunes Match na strane 65. Prehrávanie hudby UPOZORNENIE:  Dôležité informácie týkajúce sa prevencie pred poškodením sluchu nájdete v časti Dôležité informácie týkajúce sa bezpečnosti na strane 153. Zvuk môžete počúvať zo vstavaného reproduktora, pomocou slúchadiel pripojených do konektora pre slúchadlá alebo cez Bluetooth stereo slúchadlá spárované s iPhonom. Keď sú k iPhonu pripojené slúchadlá alebo je spárovaný so slúchadlami, z reproduktora nevychádza nijaký zvuk. Otvoriť obchod iTunes Store. Otvoriť obchod iTunes Store. Vyberte spôsob prechádzania. Vyberte spôsob prechádzania. Zobraziť ďalšie tlačidlá na prechádzanie. Zobraziť ďalšie tlačidlá na prechádzanie. Klepnutím si vypočujte. Klepnutím si vypočujte. HudbaKapitola 8 Hudba 62 Prehratie skladby:  Prezerajte si zoznamy podľa playlistov, interpretov, skladieb alebo inej kategórie a potom klepnite na žiadanú skladbu. • Zobrazenie ďalších tlačidiel na prezeranie: Klepnite na Viac. • Zmena tlačidiel na prezeranie zobrazených v spodnej časti: Klepnite na Viac, klepnite na Upraviť a potom potiahnite ikonu na miesto tlačidla, ktoré chcete nahradiť. Obrazovka Práve hrá zobrazuje čo sa práve prehráva a sú na nej umiestnené ovládacie prvky prehrávania. Ďalšie/Rýchle prevíjanie dopredu Ďalšie/Rýchle prevíjanie dopredu Prehrávať/Pozastaviť Prehrávať/Pozastaviť Zoznam skladieb Zoznam skladieb Späť Späť Predošlé/ Hlasitosť Hlasitosť Prevíjanie dozadu Predošlé/ Prevíjanie dozadu AirPlay AirPlay Texty sa zobrazia na obrazovke Práve hrá v prípade, že ste ich predtým pridali ku skladbe v okne s informáciami o skladbe v iTunes a iPhone ste synchronizovali s iTunes. Zobrazenie ďalších ovládacích prvkov (iPhone 4S a staršie modely):  Klepnutím na obal albumu na obrazovke Práve hrá zobrazíte indikátor priebehu prehrávania a tlačidlá Opakovať, Genius a Zamiešať. Skok na ktorékoľvek miesto v prehrávanej skladbe:  Potiahnite posuvník na indikátore priebehu prehrávania. Posunutím prsta smerom nadol spomalíte rýchlosť vyhľadávania. Zatrasením zamiešať:  Zatrasením iPhonu zapnete náhodné prehrávanie skladieb a zmeníte skladbu. Ak chcete zapnúť alebo vypnúť funkciu Zatrasením zamiešať, prejdite do Nastavenia > Hudba. Zobrazenie všetkých skladieb z albumu, z ktorého je aktuálna skladba:  Klepnite na . Ak chcete odstrániť skladbu, klepnite na ňu. Klepnutím na hviezdičku ohodnoťte túto skladbu pre vytváranie dynamických playlistov v iTunes. Klepnutím na hviezdičku ohodnoťte túto skladbu pre vytváranie dynamických playlistov v iTunes. Návrat na obrazovku Práve hrá. Návrat na obrazovku Práve hrá. Skladby z albumu Skladby z albumuKapitola 8 Hudba 63 Vyhľadávanie hudby (názvy, interpreti, albumy a skladatelia):  Klepnutím na stavový riadok počas prechádzania zobrazte vyhľadávacie pole vo vrchnej časti obrazovky, do ktorého zadajte hľadaný text. Hudobný obsah môžete vyhľadávať aj z plochy. Viac v časti Vyhľadávanie na strane 29. Zobrazenie ovládania zvuku počas používania inej aplikácie:  Stlačte tlačidlo Domov dvakrát a potom prejdite prstom cez panel multitaskingu smerom doprava. Opätovným potiahnutím prsta smerom doprava zobrazíte ovládanie hlasitosti a tlačidlo AirPlay (ak ste v dosahu zariadenia Apple TV alebo AirPlay reproduktorov). Aktuálna aplikácia na prehrávanie audia — otvorte ju klepnutím. Aktuálna aplikácia na prehrávanie audia — otvorte ju klepnutím. Aktuálne prehrávaná skladba. Aktuálne prehrávaná skladba. Zobrazenie ovládania zvuku keď je obrazovka zamknutá:  Stlačte tlačidlo Domov dvakrát . Prehrávanie hudby na AirPlay reproduktoroch alebo na Apple TV:  Klepnite na . Viac v časti AirPlay na strane 32. Cover Flow Po otočení iPhonu sa váš hudobný obsah zobrazí v Cover Flow. Prezeranie albumov pomocou Cover Flow:  Potiahnite prst smerom doľava alebo doprava. • Zobrazenie zoznamu skladieb v albume: Klepnite na obal albumu alebo na . Rolujte v zozname potiahnutím nahor alebo nadol. Klepnite na skladbu pre jej prehratie. • Návrat na obal albumu: Klepnite na lištu s názvom alebo znovu klepnite na . Podcasty a audioknihy Na iPhone 5 sa informácie o podcastoch a audioknihách a ich ovládanie zobrazia na obrazovke Práve hrá po spustení prehrávania. Poznámka:  Aplikácia Podcasty je bezplatne dostupná v obchode App Store. Viac v časti kapitola 31, Podcasty, na strane 117. Ak si nainštalujete aplikáciu Podcasty, budú podcasty a ich ovládanie odstránené z aplikácie Hudba. Zobrazenie alebo skrytie ovládania a informácií (iPhone 4S a staršie modely):  Klepnite do stredu obrazovky. Poloha Indikátor priebehu Indikátor priebehu prehrávania Poloha prehrávania Rýchlosť prehrávania Rýchlosť prehrávania Preskočiť 15 sekúnd. Preskočiť 15 sekúnd. Zopakovať posledných 15 sekúnd. Zopakovať posledných 15 sekúnd. Odoslať emailom Odoslať emailom Kapitola 8 Hudba 64 Získanie ďalších epizód podcastu:  Klepnite na Podcasty (ak možnosť Podcasty nie je zobrazená, klepnite najprv na Viac) a potom klepnutím na podcast zobrazte dostupné epizódy. Ak chcete stiahnuť ďalšie epizódy, klepnite na Viac epizód. Skrytie textov skladieb a informácií o podcaste:  Prejdite do Nastavenia > Hudba a vypnite Info (texty/podcasty). Playlisty Vytvorenie playlistu:  Zobrazte playlisty, klepnite na Pridať playlist v blízkosti vrchnej časti zoznamu a potom zadajte názov playlistu. Klepnutím na pridajte skladby a videá a potom klepnite na Hotovo. Úprava playlistu:  Vyberte playlist určený na úpravu a klepnite na Upraviť. • Pridanie ďalších skladieb: Klepnite na . • Vymazanie skladby: Klepnite na . Ak vymažete skladbu z playlistu, nebude vymazaná z iPhonu. • Zmena poradia skladieb: Potiahnite . Nové a zmenené playlisty budú skopírované do knižnice iTunes buď pri ďalšej synchronizácii iPhonu s počítačom, alebo bezdrôtovo cez iCloud (ak máte predplatenú službu iTunes Match). Vyčistenie alebo vymazanie playlistu:  Vyberte playlist a klepnite na tlačidlo Vyčistiť alebo Vymazať. Vymazanie skladby z iPhonu:  V zobrazení skladieb prejdite prstom po skladbe a klepnite na Vymazať. Skladba bude vymazaná z iPhonu, no nie z knižnice iTunes na vašom Macu alebo PC či z iCloudu. Ak je zapnutá služba iTunes Match, nemôžete vymazávať hudbu. Ak potrebujete na zariadení uvoľniť miesto, iTunes Match odstráni hudbu za vás, pričom ako prvé budú odstránené najstaršie a najmenej hrané skladby. Genius Genius playlist je zbierka skladieb z vašej knižnice, ktoré sa k sebe hodia. Genius je bezplatná služba, ktorá však vyžaduje Apple ID. Genius Mix je výber skladieb rovnakého druhu hudby z vašej knižnice. Genius Mix je nanovo vytvorený pri každom spustení. Použitie služby Genius na iPhone:  Zapnite Genius v aplikácii iTunes na počítači a potom synchronizujte iPhone s iTunes. Genius Mixy sú synchronizované automaticky okrem prípadov, keď svoju hudbu spravujete manuálne. Synchronizovať môžete aj Genius playlisty. Prezeranie a prehrávanie Genius Mixov:  Klepnite na Genius (ak možnosť Genius nie je zobrazená, klepnite najprv na Viac). K iným mixom získate prístup potiahnutím prsta doľava alebo doprava. Ak chcete prehrať mix, klepnite na . Vytvorenie Genius playlistu:  Zobrazte playlisty, potom klepnite na Genius Playlist a vyberte skladbu. Prípadne na obrazovke Práve hrá klepnutím na obrazovku zobrazte ovládacie prvky a potom klepnite na . • Nahradenie playlistu použitím inej skladby: Klepnite na Nový a vyberte skladbu. • Osvieženie playlistu: Klepnite na Osviežiť.Kapitola 8 Hudba 65 • Uloženie playlistu: Klepnite na Uložiť. Playlist sa uloží s názvom skladby, ktorú ste vybrali a označili pomocou . Úprava uloženého Genius playlistu:  Klepnite na playlist a potom klepnite na Upraviť. • Vymazanie skladby: Klepnite na . • Zmena poradia skladieb: Potiahnite . Vymazanie uloženého Genius playlistu:  Klepnite na Genius playlist a potom klepnite na Vymazať. Genius playlisty vytvorené na iPhone sú pri synchronizácii s iTunes prekopírované do vášho počítača. Poznámka:  Po synchronizácii Genius playlistu s iTunes ho nebudete môcť vymazať priamo z iPhonu. Na úpravu názvu playlistu, zastavenie synchronizácie alebo vymazanie playlistu použite iTunes. Siri a Ovládanie hlasom Siri (iPhone 4S alebo novšie modely) alebo ovládanie hlasom môžete použiť na ovládanie prehrávania hudby. Viac v časti kapitola 4, Siri, na strane 39 a Ovládanie hlasom na strane 28. Spustenie Siri alebo ovládania hlasom:  Stlačte a podržte tlačidlo Domov . • Prehrávanie alebo pozastavenie hudby: Povedzte „play“ alebo „play music“. Ak chcete pozastaviť prehrávanie, vyslovte „pause“ „pause music“ alebo „stop“. Môžete tiež povedať „next song“ alebo “previous song“. • Prehrávanie albumu, interpreta alebo playlistu: Povedzte „play“, potom povedzte „album“, „artist“ alebo „playlist“ a nakoniec povedzte názov. • Zamiešanie aktuálneho playlistu: Povedzte „shuffle“. • Zistenie informácií o práve prehrávanej skladbe: Povedzte „what’s playing“, „who sings this song“ alebo „who is this song by“. • Použitie funkcie Genius na prehrávanie podobných skladieb: Povedzte „Genius“ alebo „play more songs like this“. iTunes Match iTunes Match uchováva vašu hudobnú knižnicu v iCloude, vrátane skladieb importovaných z CD diskov a umožňuje prehrávanie vašej zbierky na iPhone alebo iných iOS zariadeniach a počítačoch. iTunes Match je platená služba. Predplatenie služby iTunes Match:  V iTunes na svojom počítači vyberte Obchod > Zapnúť iTunes Match a potom kliknite na tlačidlo Odoberať. Po predplatení služby pridá iTunes vaše hudobné súbory, playlisty a Genius Mixy na iCloud. Vaše skladby, ktoré sa nachádzajú v obchode iTunes Store, sú automaticky dostupné cez iCloud. Ostatné skladby budú prenesené. Skladby, ktoré sú dostupné v kvalite iTunes Plus (256 kb/s DRM-free AAC), si môžete stiahnuť a prehrávať, aj ako boli vaše pôvodné skladby v nižšej kvalite. Viac informácií nájdete v časti www.apple.com/icloud/features. Zapnutie služby iTunes Match:  Prejdite do Nastavenia > Hudba. Zapnutím iTunes Match odstránite z iPhonu synchronizovanú hudbu a zakážete sa Genius Mixy a Genius playlisty. Kapitola 8 Hudba 66 Poznámka:  Ak je zapnutá funkcia Použiť mobilné dáta, môže byť prenos dát v mobilnej sieti operátora spoplatnený. Skladby sú do iPhonu stiahnuté pri ich prehratí. Skladby si môžete stiahnuť aj manuálne. Stiahnutie albumu na iPhone:  Počas prechádzania hudby klepnite na Albumy, klepnite na album a potom klepnite na . Zobrazenie len tej hudby, ktorá bola stiahnutá z iCloudu:  Prejdite do Nastavenia > Hudba a vypnite možnosť Zobraziť všetku hudbu (táto možnosť je dostupná len ak je zapnutá služba iTunes Match). Spravovanie zariadení pomocou služby iTunes Match alebo funkcie Automatické sťahovania:  V iTunes na svojom počítači prejdite do Obchod > Zobraziť môj účet. Prihláste sa a potom kliknite na Spravovať zariadenia v časti iTunes v cloude. Domáce zdieľanie Domáce zdieľanie vám umožňuje prehrávať na iPhone hudbu, filmy a TV seriály z knižnice iTunes na vašom Macu alebo PC. iPhone a váš počítač musia byť pripojené k rovnakej Wi-Fi sieti. Poznámka:  Domáce zdieľanie vyžaduje iTunes 10.2 alebo novšiu verziu dostupnú na www.apple.com/sk/itunes/download/. Bonusový obsah, ako napríklad digitálne brožúry dodávané s CD a iTunes Extras, nie je možné zdieľať. Prehrávanie hudby z vašej knižnice iTunes na iPhone: 1 V iTunes na svojom počítači vyberte Rozšírené > Zapnúť domáce zdieľanie. Prihláste sa a potom kliknite na Vytvoriť domáce zdieľanie. 2 Na iPhone prejdite do Nastavenia > Hudba a potom sa prihláste do domáceho zdieľania použitím rovnakého Apple ID a hesla. 3 V aplikácii Hudba klepnite na Viac, potom klepnite na Zdieľané a vyberte knižnicu iTunes svojho počítača. Návrat k obsahu na iPhone:  Klepnite na Zdieľané a vyberte Môj iPhone. Nastavenia aplikácie Hudba Prejdite do Nastavenia > Hudba a upravte nastavenia aplikácie Hudba vrátane nasledovných: • Zatrasením zamiešať • Vyrovnanie hlasitosti (na optimalizáciu úrovne hlasitosti audio obsahu) • Ekvalizér Poznámka:  Ekvalizér má vplyv na všetky výstupy zvuku, vrátane konektora pre slúchadlá a AirPlay. Nastavenia ekvalizéra majú vplyv len na hudbu prehrávanú v aplikácii Hudba. Režim Neskorá noc ovplyvňuje všetky audiovýstupy — video aj hudbu. Režim Neskorá noc stlačí dynamický rozsah audiovýstupu, zníži hlasitosť hlasných pasáží a zvýši hlasitosť tichých pasáží. Toto nastavenie sa hodí napríklad pri počúvaní hudby na palube lietadla alebo v inom hlučnom prostredí. • Texty piesní a informácie o podcaste • Zoskupovanie podľa interpreta albumu • iTunes Match • Domáce zdieľanieKapitola 8 Hudba 67 Nastavenie obmedzenia hlasitosti:  Prejdite do Nastavenia > Hudba > Obmedzenie hlasitosti a nastavte posuvník hlasitosti. Poznámka:  V krajinách EÚ môžete obmedziť maximálnu úroveň hlasitosti slúchadiel na úroveň odporúčanú EÚ. Prejdite do Nastavenia > Hudba > Obmedzenie hlasitosti a zapnite možnosť Obmedzenie hlasitosti (EU). Zakázanie úprav obmedzenia hlasitosti:  Prejdite do Nastavenia > Všeobecné > Obmedzenia > Obmedzenie hlasitosti a klepnite na Nepovoliť zmeny.9 68 Odosielanie a prijímanie správ UPOZORNENIE:  Dôležité informácie týkajúce sa rušivých vplyvov počas šoférovania nájdete v časti Dôležité informácie týkajúce sa bezpečnosti na strane 153. Aplikácia Správy vám umožňuje odosielať a prijímať správy z iných zariadení s podporou SMS a MMS správ a z iOS zariadení, ktoré používajú iMessage. iMessage je služba spoločnosti Apple, ktorá vám umožňuje posielať iným užívateľom systémov iOS a OS X Mountain Lion neobmedzené množstvo správ cez Wi-Fi (ako aj cez mobilné pripojenie). V aplikácii iMessage môžete vidieť, kedy druhá osoba práve píše správu a dať ostatným vedieť, že ste si ich správy prečítali. Správy iMessages sa zobrazujú na všetkých vašich iOS zariadeniach prihlásených do rovnakého účtu, takže konverzáciu môžete začať na jednom zariadení a pokračovať v nej na inom zariadení. Správy iMessages sú kvôli zabezpečeniu šifrované. Pre zahrnutie fotky alebo videa klepnite na tlačidlo priložiť médium. Pre zahrnutie fotky alebo videa klepnite na tlačidlo priložiť médium. Klepnite pre zadávanie textu. Klepnite pre zadávanie textu. Modrá indikuje konverzáciu typu iMessage. Modrá indikuje konverzáciu typu iMessage. Začatie textovej konverzácie:  Klepnite na , potom klepnite na a vyberte kontakt, vyhľadajte kontakt zadaním mena, prípadne manuálne zadajte telefónne číslo alebo emailovú adresu. Zadajte správu a klepnite na Odoslať. SprávyKapitola 9 Správy 69 Ak správu nie je možné odoslať, zobrazí sa odznak s upozornením . Klepnutím na upozornenie v konverzácii môžete skúsiť znovu odoslať správu. Klepnutím dvakrát odošlete správu ako SMS textovú správu. Pokračovanie v konverzácii:  Klepnite na konverzáciu v zozname Správy. Používanie obrázkových znakov:  Prejdite do Nastavenia > Všeobecné > Klávesnica > Klávesnice > Pridať novú klávesnicu a potom klepnite na Emoji, čím sprístupníte danú klávesnicu. Počas písania správy klepnite na , čím zobrazíte Emoji klávesnicu. Viac v časti Špeciálne spôsoby zadávania na strane 151. Zobrazenie kontaktných údajov osoby:  Rolovaním prejdite na vrchnú časť obrazovky (klepnite na stavový riadok) a zobrazia sa dostupné akcie, ako napríklad uskutočnenie FaceTime hovoru. Zobrazenie predošlých správ v konverzácii:  Rolovaním prejdite na vrchnú časť obrazovky (klepnite na stavový riadok). V prípade potreby klepnite na Načítať staršie správy. Posielanie správ skupinám (iMessage a MMS):  Klepnite na a zadajte viacero príjemcov. Ak používate MMS, musí byť v Nastavenia > Správy zapnuté odosielanie skupinových správ. Odpovede sú doručované len vám, nie sú kopírované ostatným ľuďom v skupine. Spravovanie konverzácií Konverzácie sú ukladané do zoznamu Správy. Neprečítané správy sú označené modrou bodkou . Klepnutím zobrazte konverzáciu, v ktorej potom môžete pokračovať. Preposlanie konverzácie:  Klepnite na Upraviť, vyberte časti konverzácie, ktoré chcete preposlať a klepnite na Preposlať. Úprava konverzácie:  Klepnite na Upraviť, vyberte časti konverzácie, ktoré chcete vymazať a potom klepnite na Vymazať. Ak chcete vymazať všetky správy a prílohy bez vymazania samotnej konverzácie, klepnite na Vym. všetky. Vymazanie konverzácie:  V zozname správ prejdite prstom po konverzácii a klepnite na Vymazať. Vyhľadanie konverzácie:  Klepnutím na vrchnú časť obrazovky zobrazte vyhľadávacie pole, do ktorého zadajte hľadaný text. Konverzácie môžete vyhľadávať aj z plochy. Viac v časti Vyhľadávanie na strane 29. Pridanie osoby do zoznamu kontaktov:  Klepnite na telefónne číslo v zozname Správy a potom klepnite na Pridať do kontaktov. Zdieľanie fotografií, videí a ďalších informácií Pomocou iMessage alebo MMS správ môžete odosielať a prijímať fotky a videá, ako aj odosielať údaje o polohe, kontaktné údaje a nahrávky. Maximálna veľkosť príloh je stanovená vaším poskytovateľom služieb — iPhone môže v prípade potreby stlačiť fotografické alebo video prílohy. Odoslanie fotky alebo videa:  Klepnite na . Odoslanie polohy:  V aplikácii Mapy klepnite na pre danú polohu, klepnite na Zdieľať polohu a potom klepnite na Správy. Odoslanie kontaktných údajov:  V aplikácii Kontakty vyberte kontakt, klepnite na Zdieľať kontakt a potom klepnite na Správy.Kapitola 9 Správy 70 Odoslanie nahrávky:  V aplikácii Diktafón klepnite na , klepnite na nahrávku, klepnite na Zdieľať a potom klepnite na Správy. Uloženie prijatej fotky alebo videa do albumu Fotoaparát:  Klepnite na fotku alebo video a potom klepnite na . Kopírovanie fotografie alebo videa:  Klepnite na prílohu a podržte na nej prst. Potom klepnite na Kopírovať. Pridanie osoby do zoznamu kontaktov zo zoznamu Správy:  Klepnite na telefónne číslo alebo emailovú adresu, klepnutím na stavový riadok prejdite do vrchnej časti obrazovky a potom klepnite na Pridať kontakt. Uloženie prijatých kontaktných údajov:  Klepnite na bublinu s kontaktnými údajmi v konverzácii a potom na Vytvoriť nový kontakt alebo Pridať ku kontaktu. Nastavenia aplikácie Správy Prejdite do Nastavenia > Správy a upravte nastavenia aplikácie Správy vrátane nasledovných: • Zapnutie alebo vypnutie služby iMessage • Informovanie ostatných užívateľov o prečítaní správy • Špecifikovanie Apple ID alebo emailovej adresy, ktoré budú použité pre Správy • Možnosti správ SMS a MMS • Zobrazenie poľa Predmet • Zobrazenie počtu znakov Spravovanie hlásení pre správy:  Viac v časti Funkcia Nerušiť a hlásenia na strane 138. Nastavenie zvukového upozornenia prichádzajúcich textových správ:  Viac v časti Zvuky na strane 145.10 71 V skratke V iPhone si môžete jednoducho naplánovať svoj čas. Môžete si prezerať jednotlivé kalendáre, alebo zobraziť niekoľko kalendárov naraz. Bodka na dni označuje udalosť. Bodka na dni označuje udalosť. Zmeniť kalendáre alebo účty. Zmeniť kalendáre alebo účty. Zobraziť pozvánky. Zobraziť pozvánky. Zobrazenie alebo úprava udalosti:  Klepnite na udalosť. Môžete vykonať nasledovné: • Nastaviť primárne alebo sekundárne upozornenie • Zmeniť dátum, čas alebo dĺžku trvania udalosti • Preniesť udalosť do iného kalendára • Pozvať iných účastníkov do udalostí v kalendároch iCloud, Microsoft Exchange a CalDAV • Vymazať udalosť Udalosť môžete aj presunúť jej podržaním a potiahnutím do nového časového obdobia alebo úpravou krajných bodov. Pridanie udalosti:  Klepnite na , zadajte informácie o udalosti a potom klepnite na Hotovo. • Nastavenie predvoleného kalendára pre nové udalosti:  Prejdite do Nastavenia > Mail, kontakty, kalendáre > Predvolený kalendár. • Nastavenie predvolených časov upozornení pre narodeniny a udalosti:  Prejdite do Nastavenia > Mail, kontakty, kalendáre > Predvolené časy upozornení. Vyhľadávanie udalostí:  Klepnite na Zoznam a zadajte text do vyhľadávacieho poľa. Budú sa prehľadávať nadpisy, lokalizácie a poznámky prezeraných kalendárov. Udalosti aplikácie Kalendár môžete vyhľadávať aj z plochy. Viac v časti Vyhľadávanie na strane 29. KalendárKapitola 10 Kalendár 72 Nastavenie zvuku upozornení kalendára:  Prejdite do Nastavenia > Zvuky > Upozornenia kalendára. Týždenné zobrazenie:  Otočte iPhone naležato. Importovanie udalostí z kalendárového súboru:  Ak ste v aplikácii Mail dostali súbor kalendára .ics, otvorte správu a klepnutím na súbor kalendára naimportujte všetky udalosti, ktoré obsahuje. Súbory typu .ics zverejnené na webových stránkach môžete importovať aj klepnutím na odkaz súboru. Niektoré .ics súbory namiesto pridania udalostí do vášho kalendára zapnú odoberanie kalendára. Viac v časti Práca s viacerými kalendármi na strane 72. Ak máte iCloud účet, Microsoft Exchange alebo podporovaný CalDAV účet, môžete prijímať pozvánky od ľudí zo svojej organizácie a odpovedať na ne. Pozvanie ostatných do udalosti:  Klepnite na udalosť, klepnite na Upraviť a klepnutím na Pozvaní vyberte osoby z aplikácie Kontakty. Odpovedanie na pozvánku:  Klepnite na pozvánku v kalendári. Prípadne klenutím na zobrazte obrazovku Udalosti a potom klepnite na pozvánku. Môžete si prezerať informácie o organizátorovi a ďalších pozvaných osobách. Ak pridáte komentáre, ktoré nemusia byť dostupné pre všetky typy kalendárov, tieto komentáre uvidí organizátor, nie však ostatní účastníci. Prijatie udalosti bez označenia času ako rezervovaného:  Klepnite na udalosť, klepnite na Dostupnosť a vyberte možnosť „Mám čas“. Udalosť zostane vo vašom kalendári, no ostatným osobám posielajúcim pozvánky sa nezobrazí, že ste zaneprázdnení. Práca s viacerými kalendármi Môžete si prezerať jednotlivé kalendáre, alebo niekoľko kalendárov naraz. Môžete odoberať kalendáre služieb iCloud, Google, Yahoo! alebo kalendáre typu iCalendar, ako aj udalosti a narodeniny z Facebooku. Zapnutie kalendárov iCloud, Google, Exchange alebo Yahoo!:  Prejdite do Nastavenia > Mail, kontakty, kalendáre, vyberte účet a klepnite na Kalendár. Pridanie CalDAV účtu:  Prejdite do Nastavenia > Mail, kontakty, kalendáre, klepnite na Pridať účet a potom klepnite na Iný. V časti Kalendáre klepnite na Pridať CalDAV účet. Zobrazenie udalostí z Facebooku:  Prejdite do Nastavenia > Facebook, prihláste sa do svojho Facebook účtu a zapnite prístup k službe Kalendár. Výber kalendárov na prezeranie:  Klepnite na Kalendáre a potom vyberte kalendáre, ktoré si chcete prezerať. Udalosti všetkých vybratých kalendárov sa zobrazia v jednom zobrazení. Zobrazenie narodeninového kalendára:  Klepnite na Kalendáre a potom klepnite na Narodeniny. Narodeniny z vašich kontaktov budú pridané medzi udalosti. Ak ste si nastavili Facebook účet, môžete sem zahrnúť aj narodeniny priateľov na Facebooku. Odoberať môžete kalendáre, ktoré používajú formát iCalendar (.ics). Odoberanie kalendárov podporujú mnohé kalendárové služby, vrátane služieb iCloud, Yahoo!, Google a aplikácie iCalendar v systéme OS X. Odoberané kalendáre sú určené len na čítanie. Udalosti z odoberaných kalendárov si na iPhone môžete prezerať, nie je však možné ich upravovať, ani v nich vytvárať nové udalosti. Odoberanie kalendára:  Prejdite do Nastavenia > Mail, kontakty, kalendáre a klepnite na Pridať účet. Klepnite na Iný a potom na Pridať odoberaný kalendár. Zadajte server a názov súboru s príponou .ics, ktorého kalendár chcete odoberať. iCalendar (formát .ics) zverejnený na internete môžete odoberať jednoduchým klepnutím na odkaz.Kapitola 10 Kalendár 73 Zdieľanie iCloud kalendárov iCloud kalendár môžete zdieľať s ďalšími užívateľmi iCloudu. Zdieľaný kalendár si môžu ostatní užívatelia prezerať a môžete im povoliť aj pridávanie a upravovanie udalostí. Môžete zdieľať aj verziu kalendára určenú len na čítanie, ktorú si môže prezerať ktokoľvek. Vytvorenie iCloud kalendára:  Klepnite na Kalendáre, klepnite na Upraviť a potom klepnite na Pridať kalendár. Zdieľanie iCloud kalendára:  Klepnite na Kalendáre, klepnite na Upraviť a potom klepnite na iCloud kalendár, ktorý chcete zdieľať. Klepnite na Pridať osobu a vyberte niekoho z aplikácie Kontakty. Vybranej osobe bude doručená emailová pozvánka na pripojenie sa do kalendára, no na jej prijatie potrebuje Apple ID a iCloud účet. Vypnutie hlásení pre zdieľané kalendáre:  Prejdite do Nastavenia > Mail, kontakty, kalendáre a vypnite možnosť Upozor. zdieľaného kal. Upravenie prístupu osoby do zdieľaného kalendára:  Klepnite na Kalendáre, klepnite na Upraviť a potom klepnite na osobu, s ktorou zdieľate kalendár. Môžete vypnúť možnosť upravovania kalendára, znovu poslať pozvánku na pripojenie sa do kalendára alebo zastaviť zdieľanie kalendára s danou osobou. Zdieľanie kalendára určeného len na čítanie so všetkými:  Klepnite na Kalendáre, klepnite na Upraviť a potom klepnite na iCloud kalendár, ktorý chcete zdieľať. Zapnite možnosť Verejný kalendár a potom klepnite na Zdieľať odkaz pre kopírovanie alebo odoslanie adresy URL kalendára. Túto URL môžu na odoberanie vášho kalendára v kompatibilnej aplikácii, ako napríklad Kalendár v iOS alebo OS X, používať ľubovoľní užívatelia. Nastavenia aplikácie Kalendár Nastavenia aplikácie Kalendár a kalendárových účtov ovplyvňuje niekoľko rôznych nastavení v Nastavenia > Mail, kontakty, kalendáre. Sú to medzi inými: • Synchronizácia udalostí z minulosti (budúce udalosti sa synchronizujú vždy) • Zvuk upozornenia na nové pozvánky na stretnutia • Podpora časových pásiem kalendára na zobrazovanie dátumov a časov v inom časovom pásme11 74 Prezeranie fotografií a videí Aplikácia Fotky vám na vašom iPhone umožňuje prezerať fotky v: • Albume Fotoaparát — fotky a videá, ktoré ste spravili na iPhone alebo ste ich uložili z emailu, textovej správy, webovej stránky a snímky obrazovky • Albumoch Fotostreamov — fotky v albume Môj Fotostream a vašich zdieľaných fotostreamoch (Viac v časti Fotostream na strane 75). • Fotoarchíve a ďalších albumoch synchronizovaných zo svojho počítača (viac v časti Synchronizácia s iTunes na strane 17) Prehrať prezentáciu. Prehrať prezentáciu. Upraviť fotku. Upraviť fotku. Vymazať fotku. Vymazať fotku. Klepnutím na obrazovku zobrazte ovládanie. Klepnutím na obrazovku zobrazte ovládanie. Zdieľať fotku, priradiť ju ku kontaktu, použiť ju ako pozadie alebo ju vytlačiť. Zdieľať fotku, priradiť ju ku kontaktu, použiť ju ako pozadie alebo ju vytlačiť. Streamovanie fotiek pomocou funkcie AirPlay. Streamovanie fotiek pomocou funkcie AirPlay. Prezeranie fotografií a videí:  Klepnite na album a potom klepnite na miniatúru. • Zobrazenie nasledujúcej alebo predchádzajúcej fotografie alebo videa: Potiahnite prst po obrazovke doľava alebo doprava. • Zväčšovanie a zmenšovanie: Klepnite dvakrát, prípadne potiahnite od seba alebo k sebe dva prsty. • Posúvanie fotografie: Potiahnite ju. FotkyKapitola 11 Fotky 75 • Prehranie videa: Klepnite na v strede obrazovky. Ak chcete prepnúť medzi zobrazením na celú obrazovku a zobrazením prispôsobeným veľkosti obrazovky, dvakrát klepnite na obrazovku. Albumy synchronizované s aplikáciou iPhoto 8.0 (iLife ’09) alebo novšou verziou, prípadne s aplikáciou Aperture 3.0.2 je možné prezerať podľa udalostí alebo tvárí. Fotky je možné si prezerať aj podľa miesta, kde boli odfotené (ak boli spravené pomocou fotoaparátu, ktorý podporuje geotagging). Zobrazenie prezentácie:  Klepnite na miniatúru a potom klepnite na . Nastavte možnosti a potom klepnite na Spustiť prezentáciu. Ak chcete zastaviť prezentáciu, klepnite na obrazovku. Ak chcete nastaviť iné možnosti, klepnite na Nastavenia > Fotky a Kamera. Streamovanie prezentácií alebo videí na TV:  Viac v časti AirPlay na strane 32. Usporadúvanie fotografií a videí Vytvorenie albumu:  Klepnite na Albumy, klepnite na , zadajte názov a klepnite na Uložiť. Vyberte položky, ktoré chcete pridať do albumu a potom klepnite na Hotovo. Poznámka:  Albumy vytvorené na iPhone nie sú synchronizované s počítačom. Pridávanie položiek do albumu:  Počas prezerania miniatúr klepnite na Upraviť, vyberte požadované položky a potom klepnite na Pridať. Spravovanie albumov:  Klepnite na Upraviť. • Premenovanie albumu: Vyberte album a zadajte jeho nový názov. • Zmena usporiadania albumov: Potiahnite . • Vymazanie albumu: Klepnite na . Premenovať alebo vymazať je možné len albumy vytvorené na iPhone. Fotostream Fotostream, ktorý je funkciou iCloudu (viac v časti iCloud na strane 16), automaticky prenáša fotky spravené na iPhone na ostatné zariadenia nastavené na používanie Fotostreamu, vrátane vášho Macu alebo PC. Fotostream vám taktiež umožňuje zdieľať fotky priamo na zariadenia rodiny a priateľov a na webovej stránke. O službe Fotostream Keď je zapnutá funkcia Fotostream, fotky, ktoré spravíte na iPhone (a aj ostatné fotky pridané do albumu Fotoaparát) sa zobrazia vo vašom fotostreame po opustení aplikácie Kamera. iPhone musí byť zároveň pripojený na internet prostredníctvom Wi-Fi. Tieto fotky sa zobrazia v albume Môj Fotostream na iPhone a na vašich ostatných zariadeniach nastavených na používanie fotostreamu. Zapnutie Fotostreamu:  Prejdite do Nastavenia > iCloud > Fotostream. Fotky pridané do vášho fotostreamu z vašich ostatných iCloud zariadení sa taktiež zobrazia v albume Môj Fotostream. iPhone a ostatné iOS zariadenia môžu v albume Môj Fotostream uchovať až 1000 najnovších fotiek. Všetky fotky z Fotostreamu si môžete natrvalo uložiť vo svojich počítačoch. Poznámka:  Fotky vo Fotostreame nezaberajú v iCloud úložisku žiadne miesto.Kapitola 11 Fotky 76 Spravovanie obsahu fotostreamu:  V albume fotostreamu klepnite na Upraviť. • Uloženie fotografií v iPhone:  Označte fotografie a klepnite na Uložiť. • Zdieľanie, tlač, kopírovanie alebo ukladanie fotiek do albumu Fotoaparát:  Označte fotografie a klepnite na Zdieľať. • Vymazanie fotografií: Označte fotografie a klepnite na Vymazať. Poznámka:  Po vymazaní budú fotky odstránené z fotostreamov na všetkých vašich zariadeniach, no pôvodné fotky zostanú v albume Fotoaparát na zariadení, na ktorom boli vytvorené. Fotky z fotostreamu, ktoré boli uložené na zariadení alebo v počítači nebudú vymazané. Ak chcete vymazať fotky z Fotostreamu, musíte mať na iPhone a na všetkých ostatných zariadeniach systém iOS 5.1 alebo novší. Viac v časti support.apple.com/kb/HT4486. Zdieľané Fotostreamy Zdieľané Fotostreamy vám umožňujú zdieľať fotky z vybranými ľuďmi. V systémoch iOS 6 a OS X Mountain Lion môžu užívatelia odoberať vaše zdieľané fotostreamy, prezerať si posledné pridané fotky, označiť jednotlivé fotky ako „Páči sa“ a komentovať fotky priamo zo svojich zariadení. Na zdieľanie fotostreamu s ostatnými na webe môžete pre zdieľaný fotostream vytvoriť verejnú webovú stránku. Poznámka:  Zdieľané fotostreamy fungujú cez Wi-Fi pripojenie aj cez mobilné siete. Prenos dát v mobilnej sieti môže byť spoplatnený. Zapnutie funkcie Zdieľané fotostreamy:  Prejdite do Nastavenia > iCloud > Fotostream. Vytvorenie zdieľaného fotostreamu:  Klepnite na Fotostream a potom klepnite na . Ak chcete pozvať užívateľov systémov iOS 6 alebo OS X Mountain Lion na odoberanie svojho zdieľaného fotostreamu, zadajte ich emailové adresy. Ak chcete zverejniť fotostream na serveri icloud.com, zapnite možnosť Verejná webstránka. Pomenujte album a klepnite na Vytvoriť. Pridanie fotiek do zdieľaného fotostreamu:  Vyberte fotku, klepnite na , klepnite na Fotostream a vyberte zdieľaný fotostream. Ak chcete pridať viacero fotiek z jedného albumu, klepnite na Upraviť, vyberte fotky a potom klepnite na Zdieľať. Vymazanie fotiek zo zdieľaného fotostreamu:  Klepnite na zdieľaný fotostream, klepnite na Upraviť, vyberte fotky a potom klepnite na Vymazať. Úprava zdieľaného fotostreamu:  Klepnite na Fotostream a potom klepnite na . Môžete: • Premenovať fotostream • Pridať alebo odstrániť odoberateľov a znovu poslať pozvánky • Vytvoriť verejnú webstránku a zdieľať odkaz • Vymazať fotostream Zdieľanie fotografií a videí Fotky môžete zdieľať v emailovej správe, textovej správe (MMS alebo iMessage), vo fotostreamoch, prípadne ich môžete zverejniť na Twitteri alebo na Facebooku. Videá môžete zdieľať v emailových a textových správach (MMS alebo iMessage) a na YouTube. Zdieľanie alebo kopírovanie fotky alebo videa:  Vyberte fotku alebo video a potom klepnite na . Ak symbol nie je zobrazený, klepnutím na obrazovku zobrazte ovládanie. Maximálna veľkosť príloh je stanovená vaším poskytovateľom služby. iPhone môže v prípade potreby stlačiť fotografické alebo video prílohy.Kapitola 11 Fotky 77 Fotky a videá môžete kopírovať a vložiť ich do emailovej alebo textovej správy (MMS alebo iMessage). Zdieľanie alebo kopírovanie viacerých fotografií a videí:  Počas prezerania miniatúr klepnite na Upraviť, vyberte fotky alebo videá a potom klepnite na Zdieľať. Uloženie fotografie alebo videa:  • Z emailu: Klepnutím stiahnite položku (ak je to potrebné), klepnite na fotku, prípadne podržte prst na videu a potom klepnite na Uložiť. • Z textovej správy: Klepnite na položku v konverzácii, klepnite na a potom klepnite na Uložiť do albumu Fotoaparát. • Z webovej stránky (len fotky): Klepnite na fotografiu, podržte na nej prst a potom klepnite na Uložiť obrázok. Fotky a videá, ktoré ste prijali alebo uložili z webových stránok, sú ukladané do albumu Fotoaparát. Tlačenie fotografií Tlač na tlačiarniach s funkciou AirPrint:  • Tlač jednotlivej fotografie: Klepnite na a potom klepnite na Tlačiť. • Tlačenie viacerých fotografií: Počas prezerania fotoalbumu klepnite na Upraviť, vyberte fotografie, klepnite na Zdieľať a potom klepnite na Tlačiť. Viac v časti Tlač pomocou funkcie AirPrint na strane 33.12 78 V skratke Ak chcete rýchlo otvoriť aplikáciu Kamera na zamknutom iPhone, potiahnite nahor. S iPhonom môžete fotografovať a natáčať videá. Okrem iSight kamery na zadnej strane sa na prednej strane nachádza FaceTime kamera určená na komunikáciu v aplikácii FaceTime a fotografovanie autoportrétov. LED blesk na zadnej strane vám v prípade potreby dodá viac svetla. Klepnutím na osobu alebo objekt zaostrite a upravte expozíciu. Klepnutím na osobu alebo objekt zaostrite a upravte expozíciu. Prepínanie medzi kamerami. Prepínanie medzi kamerami. Odfotiť. Odfotiť. Prepínač Fotoaparát/ Video Prepínač Fotoaparát/ Video Zobraziť nasnímané fotky a videá. Zobraziť nasnímané fotky a videá. Nastaviť režim LED blesku. Nastaviť režim LED blesku. Zapnite mriežku alebo HDR, prípadne spravte panoramatickú fotku. Zapnite mriežku alebo HDR, prípadne spravte panoramatickú fotku. Na mieste ostrenia fotoaparátu alebo kamery sa na krátky okamih zobrazí obdĺžnik. Pri fotografovaní osôb pomocou iPhonu 4S alebo novšieho využije iPhone detekciu tvárí a automaticky zaostrí a vyváži expozíciu až pre desať tvárí. Na každej zdetegovanej tvári sa zobrazí obdĺžnik. KameraKapitola 12 Kamera 79 Fotografovanie:  Klepnite na alebo stlačte jedno z tlačidiel na ovládanie hlasitosti. • Zväčšovanie a zmenšovanie: Použite gesto rozovretia dvoch prstov (len iSight kamera). Fotografovanie panorámy (iPhone 4S alebo novšie modely):  Klepnite na Možnosti a potom klepnite na Panoráma. Nasmerujte iPhone na miesto, kde chcete začať snímať panorámu a klepnite na . Pevne držte iPhone a pomaly ním otáčajte v smere šípky. Snažte sa udržať šípku priamo na horizonte. Po skončení klepnite na Hotovo. • Obrátenie smeru snímania: Klepnite na šípku. Nahrávanie videa:  Prepnite na a potom klepnite na alebo použite jedno z tlačidiel na ovládanie hlasitosti na spustenie alebo ukončenie nahrávania. • Fotografovanie počas nahrávania videa: Klepnite na . Ak spravíte fotografiu alebo spustíte nahrávanie videa, iPhone prehrá zvuk uzávierky. Hlasitosť tohto zvuku môžete upraviť pomocou tlačidiel hlasitosti alebo stíšiť zvuk pomocou prepínača Zvoniť/Ticho. Poznámka:  V niektorých krajinách bude zvuk uzávierky prehrávaný aj po stíšení iPhonu. Ak sú zapnuté lokalizačné služby, sú k fotkám a videám priradené informácie o polohe, ktoré môžete využiť v iných aplikáciách a na webových stránkach určených na zdieľanie fotiek. Viac v časti Súkromie na strane 146. Nastavenie zaostrenia a expozície:  • Nastavenie zaostrenia a expozície pre aktuálny záber: Klepnite na objekt na obrazovke. Detekcia tvárí bude dočasne vypnutá. • Zamknutie zaostrenia a expozície: Dotknite sa obrazovky a podržte na nej prst, až kým obdĺžnik nezačne pulzovať. V spodnej časti obrazovky sa zobrazí nápis Zámok AE/AF a zaostrenie a expozícia zostanú zamknuté, až kým znovu neklepnete na obrazovku. Odfotenie snímky obrazovky:  Naraz stlačte a hneď uvoľnite tlačidlá Spať/Zobudiť a Domov . Fotografia bude pridaná do vášho albumu Fotoaparát. HDR fotografie Funkcia HDR (iPhone 4 a novšie modely) skombinuje tri rôzne expozície do jednej fotografie s vysokým dynamickým rozsahom (angl. skratka HDR). Najlepšie výsledky získate, ak bude iPhone aj snímaný predmet nehybný. Zapnutie HDR:  Klepnite na Možnosti a potom nastavte HDR. Ak je funkcia HDR zapnutá, blesk je vypnutý. Ponechanie normálnej fotky okrem HDR verzie:  Prejdite do Nastavenia > Fotky a Kamera. Ak si ponecháte obe verzie snímky, zobrazí sa v ľavom hornom rohu HDR fotky . Fotka musí byť zobrazená v albume Fotoaparát a musí byť zobrazené ovládanie. Prezeranie, zdieľanie a tlač Fotografie a videá nasnímané pomocou aplikácie Fotoaparát sa automaticky ukladajú do vášho albumu Fotoaparát. Ak je zapnutý Fotostream, zobrazia sa nové fotky aj v albume Fotostream a sú prenesené na všetky vaše ostatné zariadenia. Viac v časti Fotostream na strane 75. Zobrazenie vášho albumu Fotoaparát:  Potiahnite prst doprava alebo klepnite na miniatúru. Váš album Fotoaparát môžete zobraziť v aplikácii Fotky. • Zobrazenie alebo skrytie ovládania pri prezeraní fotiek alebo videí: Klepnite na obrazovku.Kapitola 12 Kamera 80 • Zdieľanie fotografie alebo videa: Klepnite na . Ak chcete poslať viacero fotografií alebo videí, počas prezerania miniatúr klepnite na , označte položky a potom klepnite na Zdieľať. • Tlačenie fotografie: Klepnite na . Viac v časti Tlač pomocou funkcie AirPrint na strane 33. • Vymazanie fotografie alebo videa: Klepnite na . Návrat do kamery:  Klepnite na . Prenos fotografií a videí do počítača:  Pripojte iPhone k počítaču. • Mac:  Vyberte fotografie lebo videá a potom kliknite na Importovať alebo Stiahnuť v aplikácii iPhoto, alebo v inej aplikácii určenej na spravovanie fotografií na vašom počítači. • PC:  Riaďte sa inštrukciami dodanými k aplikácii na správu fotografií. Ak po prenose do počítača vymažete fotografie alebo videá z iPhonu, budú odstránené z albumu Fotoaparát. Na synchronizáciu fotiek a videí (videá je možné synchronizovať len s počítačom Mac) s aplikáciou Fotky na iPhone môžete použiť panel nastavení Fotky v iTunes. Viac v časti Synchronizácia s iTunes na strane 17. Úprava fotografií a strihanie videa Otočiť Otočiť Autovylepšenie Autovylepšenie Odstrániť červené oči Odstrániť červené oči Orezať Orezať Úprava fotografie:  Počas prezerania fotografie na celej obrazovke klepnite na Upraviť a potom klepnite na nástroj. • Autovylepšenie: Pri vylepšení fotky dôjde k úprave celkového jasu fotografie, sýtosti farieb a ďalších vlastností. Ak sa rozhodnete, že vylepšenie sa vám nepáči, znovu klepnite na nástroj (a to aj v prípade, že ste uložili zmeny). • Korekcia červených očí: Klepnite na každé oko, ktoré vyžaduje korekciu. • Orezanie: Potiahnite rohy mriežky, potiahnutím upravte polohu fotky a potom klepnite na Orezať. Ak chcete nastaviť konkrétny pomer strán, klepnite na Pomer strán. Skrátenie videa:  Počas prezerania videa zobrazte klepnutím na obrazovku ovládacie prvky. Potiahnite jeden z koncov nástroja na prezeranie snímok navrchu a potom klepnite na Skrátiť. Dôležité:  Ak vyberiete možnosť Skrátiť originál, budú orezané snímky natrvalo vymazané z pôvodného videa. Ak vyberiete možnosť Uložiť nový klip, bude v albume Fotoaparát uložené nové skrátené video a pôvodné video ostane nezmenené.13 81 Používajte aplikáciu Videá na pozeranie filmov, TV seriálov a hudobných videí. Na prehrávanie videopodcastov si nainštalujte bezplatnú aplikáciu Podcasty z obchodu App Store. Viac v časti kapitola 31, Podcasty, na strane 117. Videá nahraté pomocou kamery iPhonu si môžete prehrávať v aplikácii Fotky. Vyhľadávajte potiahnutím nadol. Vyhľadávajte potiahnutím nadol. Prezerajte si ďalšie epizódy série. Prezerajte si ďalšie epizódy série. Klepnutím na video spustite jeho prehrávanie. Klepnutím na video spustite jeho prehrávanie. UPOZORNENIE:  Dôležité informácie týkajúce sa prevencie pred poškodením sluchu nájdete v časti Dôležité informácie týkajúce sa bezpečnosti na strane 153. Získavanie videí: • Kupovanie alebo požičiavanie videí v obchode iTunes store (služba nie je dostuopná vo všetkých oblastiach):  Otvorte aplikáciu iTunes na iPhone a klepnite na Videá. Viac v časti kapitola 22, iTunes Store, na strane 98. • Prenos videí z počítača:  Pripojte iPhone a zosynchronizujte videá z iTunes na svojom počítači. Viac v časti Synchronizácia s iTunes na strane 17. • Streamovanie videí z počítača:  Zapnite Domáce zdieľanie v iTunes na svojom počítači. Potom na iPhone prejdite do Nastavenia > Video a zadajte svoje Apple ID spolu s heslom, ktoré ste použili pri nastavovaní domáceho zdieľania na svojom počítači. Potom otvorte aplikáciu Videá na iPhone a klepnite na Zdieľané v hornej časti zoznamu videí. VideáKapitola 13 Videá 82 Konvertovanie videa do formátu vhodného pre iPhone:  Ak sa pri prenášaní videa z iTunes na iPhone zobrazí správa upozorňujúca na to, že ho na iPhone nie je možné prehrať, môžete toto video konvertovať. Vyberte video vo svojej knižnici iTunes a vyberte Rozšírené > Vytvoriť verziu pre iPod alebo iPhone. Potom preneste konvertované video na iPhone. Klepnutím na video zobrazíte alebo skryjete ovládanie. Klepnutím na video zobrazíte alebo skryjete ovládanie. Prehrať video na TV pomocou Apple TV. Prehrať video na TV pomocou Apple TV. Potiahnite pre prechod dopredu alebo dozadu. Potiahnite pre prechod dopredu alebo dozadu. Vybrať kapitolu. Vybrať kapitolu. Potiahnutím upravte hlasitosť. Potiahnutím upravte hlasitosť. Prehranie videa:  Klepnite na video v zozname videí. • Roztiahnutie videa na celú obrazovku alebo na šírku obrazovky:  Klepnite na alebo . Prípade dvojitým klepnutím roztiahnite video bez zobrazenia ovládania. • Spustenie prehrávania od začiatku:  Ak video obsahuje kapitoly, potiahnite posuvník v indikátore priebehu na ľavý okraj. Ak video neobsahuje kapitoly, klepnite na . • Prechod na ďalšiu alebo predošlú kapitolu (ak je dostupná):  Klepnite na alebo . Môžete tiež dvakrát (prejsť na ďalšiu) alebo trikrát (prejsť na predošlé) stlačiť stredné tlačidlo alebo jeho ekvivalent na kompatibilnej náhlavnej sade. • Prevíjanie dopredu alebo dozadu:  Dotknite sa a podržte alebo . • Výber inej jazykovej verzie (ak je k dispozícii):  Klepnite na a v zozname zvukových verzií vyberte jazyk. • Zobrazenie a skrytie titulkov (ak sú k dispozícii):  Klepnite na a v zozname Titulky vyberte jazyk, prípadne vyberte Vyp. • Zobrazenie alebo skrytie skrytých titulkov (ak sú k dispozícii):  Prejdite do Nastavenia > Videá. • Prehrávanie videí na televízore:  Viac v časti Pripájanie iPhonu k televízoru alebo inému zariadeniu na strane 32. Nastavenie automatického vypnutia:  Otvorte aplikáciu Hodiny, klepnite na Časovač a potiahnutím prsta nastavte počet hodín a minút. Klepnite na Po uplynutí času a vyberte Zastaviť prehrávanie, klepnite na Nastaviť a klepnutím na Štart spustite odpočítavanie. Po vypršaní zadaného času sa na iPhone zastaví prehrávanie hudby alebo videí, zatvoria sa všetky spustené aplikácie a zariadenie sa zamkne. Vymazanie videa:  Potiahnite prst na videu v zozname doľava alebo doprava. Vymazaním videa z iPhonu (s výnimkou požičaného filmu) nevymažete video z knižnice iTunes. Dôležité:  Ak z iPhonu vymažete požičaný film, bude vymazaný definitívne a nie je možné ho preniesť späť na váš počítač. Ak z iPhonu vymažete video (neplatí to pre požičané filmy), nebude vymazané z knižnice iTunes na vašom počítači a môžete ho neskôr znovu synchronizovať na iPhone. Ak nechcete video znovu synchronizovať na iPhone, vypnite jeho synchronizáciu v iTunes. Viac v časti Synchronizácia s iTunes na strane 17.14 83 Vyhľadávanie lokalít UPOZORNENIE:  Dôležité informácie týkajúce sa bezpečného navigovania a rušivých vplyvov počas šoférovania nájdete v časti Dôležité informácie týkajúce sa bezpečnosti na strane 153. Tlačiť, zobraziť premávku, zobraziť výsledky alebo vybrať zobrazenie. Tlačiť, zobraziť premávku, zobraziť výsledky alebo vybrať zobrazenie. Klepnutím na značku zobrazte banner s informáciami. Klepnutím na značku zobrazte banner s informáciami. Rýchla navigácia Rýchla navigácia Získať ďalšie informácie. Získať ďalšie informácie. Klepnite dvakrát pre zväčšenie, klepnite dvoma prstami pre zmenšenie. Prípadne použite gesto rozovretie. Klepnite dvakrát pre zväčšenie, klepnite dvoma prstami pre zmenšenie. Prípadne použite gesto rozovretie. Aktuálna poloha Aktuálna poloha Zadajte vyhľadávanie. Zadajte vyhľadávanie. Zobraziť aktuálnu polohu. Zobraziť aktuálnu polohu. Flyover (3D v štandardnom zobrazení) Flyover (3D v štandardnom zobrazení) Získať trasu. Získať trasu. Dôležité:  Mapy, smery, 3D, Flyover a aplikácie založené na určovaní polohy sú závislé od dátových služieb. Tieto údaje a služby sa môžu meniť a nemusia byť dostupné vo všetkých oblastiach, čo môže spôsobiť, že mapy, smery, 3D, Flyover alebo informácie stanovujúce polohu môžu byt nedostupné, nepresné alebo neúplné. Porovnajte informácie získané pomocou iPhonu so svojím okolím a korigujte tak akékoľvek nezrovnalosti. Niektoré funkcie aplikácie Mapy vyžadujú lokalizačné služby. Viac v časti Súkromie na strane 146. Vyhľadanie lokality:  Klepnite na vyhľadávacie pole a zadajte adresu alebo iné informácie ako napríklad: • Križovatku • Oblasť • Orientačný bod MapyKapitola 14 Mapy 84 • PSČ • Podnik alebo firmu Prípadne klepnite na niektorý z návrhov v zozname pod vyhľadávacím poľom. Základy práce s mapou: • Posunutie nahor, nadol, doľava alebo doprava:  Potiahnite obrazovku. • Otočenie mapy:  Priložte na obrazovku dva prsty a otočte ich. V pravom hornom rohu sa zobrazí kompas, ktorý ukazuje orientáciu mapy. • Návrat na orientáciu smerom na sever:  Klepnite na . Vyhľadanie polohy kontaktu alebo uloženého či posledného vyhľadávania:  Klepnite na . Získanie a zdieľanie informácií o lokalite:  Klepnutím na značku zobrazte informačný banner a potom klepnite na . Ak sú dostupné, môžete získať aj recenzie a fotky zo služby Yelp. Môžete tiež získať trasu, kontaktovať firmu, navštíviť jej domovskú stránku, pridať firmu do svojich kontaktov, zdieľať polohu alebo pridať polohu medzi obľúbené. • Čítanie recenzií:  Klepnite na Recenzie. Ak chcete použiť ďalšie funkcie služby Yelp, klepnite na niektoré z tlačidiel pod recenziami. • Zobrazenie fotiek:  Klepnite na Fotky. • Odoslanie polohy emailom, v textovej správe alebo jej zverejnenie na Facebooku:  Klepnite na Zdieľať polohu. Ak chcete odoslať polohu ako tweet alebo ju zdieľať na Facebooku, musíte byť prihlásení do týchto účtov. Viac v časti Zdieľanie na strane 31. Použitie značky (špendlíka) na označenie polohy:  Dotknite sa mapy a podržte na nej prst. Zobrazí sa značka (vyzerá ako špendlík). Výber štandardného, hybridného alebo satelitného zobrazenia mapy:  Klepnite na pravý dolný roh. Nahlásenie problému:  Klepnite na pravý dolný roh. Stanovenie trás Stanovenie trasy pre cestu autom:  Klepnite na , klepnite na , zadajte začiatočnú a koncovú polohu a klepnite na Trasa. Prípadne vyberte polohu alebo trasu zo zoznamu (ak je dostupný). Ak sa zobrazí viacero trás, klepnite na tú, ktorú chcete použiť. Klepnutím na Štart spustite navigáciu. • Zapnutie navigácie pomocou hlasových pokynov (iPhone 4S alebo novšie modely):  Klepnite na Štart. Aplikácia Mapy bude sledovať vašu polohu na mape a pomocou hlasových pokynov vás bude navigovať do cieľa. Klepnutím na obrazovku zobrazíte alebo skryjete ovládanie. Ak sa iPhone automaticky zamkne, aplikácia Mapy ostane zobrazená na obrazovke a bude vás naďalej navigovať do cieľa. Hlasové pokyny budú pokračovať aj po zapnutí inej aplikácie. Ak sa chcete vrátiť späť do aplikácie Mapy, klepnite na banner vo vrchnej časti obrazovky. • Zobrazenie podrobnej navigácie (iPhone 4S alebo novšie modely):  Klepnite na Štart a potom zobrazte nasledujúci krok potiahnutím prsta smerom doľava. • Návrat na prehľad trasy:  Klepnite na Prehľad. • Zobrazenie navigačných pokynov ako zoznamu:  Klepnite na na obrazovke s prehľadom. • Zastavenie podrobnej navigácie:  Klepnite na Zložiť.Kapitola 14 Mapy 85 Získanie rýchlej trasy autom z aktuálnej polohy:  Klepnite na na banneri svojej aktuálnej polohy a potom klepnite na Trasa sem. Stanovenie pešej trasy:  Klepnite na , klepnite na , zadajte začiatočnú a koncovú polohu a klepnite na Trasa. Prípadne vyberte polohu alebo trasu zo zoznamu (ak je dostupný). Klepnite na Štart a potom zobrazte nasledujúci krok potiahnutím prsta smerom doľava. Stanovenie trasy verejnou dopravou:  Klepnite na , klepnite na , zadajte začiatočnú a koncovú polohu a klepnite na Trasa. Prípadne vyberte polohu alebo trasu zo zoznamu (ak je dostupný). Stiahnite si a otvorte aplikácie prepravných služieb, ktoré chcete použiť. Zobrazenie dopravnej situácie:  Klepnite na pravý dolný roh obrazovky a potom klepnite na Premávka. Oranžové body sa zobrazia na miestach so spomalenou premávkou a červené body na miestach, kde sa vytvárajú zápchy. Ak chcete zobraziť hlásenie o nehode, klepnite na značku. 3D a Flyover Na iPhone 4S alebo novších modeloch môžete použiť 3D (štandardné zobrazenie) alebo Flyover (satelitné alebo hybridné zobrazenie) na zobrazenie trojrozmerných modelov veľkých miest na celom svete. Môžete používať navigáciu obvyklým spôsobom a po zväčšení mapy zobraziť budovy. Taktiež môžete upraviť uhol kamery. Budova Transamerica Pyramid je registrovaná značka služby spoločnosti Transamerica Corporation. Budova Transamerica Pyramid je registrovaná značka služby spoločnosti Transamerica Corporation. Použitie 3D alebo Flyover:  Zväčšujte mapu, až kým sa neaktivujú tlačidlá alebo a potom klepnite na jedno z nich. Prípadne potiahnite nahor dva prsty. Prepínať medzi zobrazením 3D a Flyover môžete klepnutím do pravého dolného rohu a zmenou zobrazenia. Úprava uhla kamery:  Potiahnite dva prsty smerom nahor alebo nadol. Nastavenia aplikácie Mapy Nastavenie možností pre Mapy:  Prejdite do Nastavenia > Mapy. Nastaviť môžete okrem iných: • Úroveň hlasitosti hlasovej navigácie (iPhone 4S alebo novšie modely): • Vzdialenosti v kilometroch alebo v míľach • Jazyk popisov a ich veľkosť15 86 Získajte aktuálnu teplotu a predpoveď na šesť dní pre jedno alebo viacero miest na svete. Aplikácia Počasie dokáže zobraziť aj hodinovú predpoveď na najbližších 12 hodín. Aplikácia Počasie využíva lokalizačné služby, takže môžete získať predpoveď pre svoj aktuálnu polohu. Aktuálne podmienky Aktuálne podmienky Pridať alebo vymazať mestá. Pridať alebo vymazať mestá. Aktuálna teplota Aktuálna teplota Aktuálna hodinová predpoveď Aktuálna hodinová predpoveď Počet uložených miest Počet uložených miest Ak je ciferník hodín svetlomodrý, je v danom meste deň. Tmavofialová farba označuje noc. Spravovanie zoznamu miest:  Klepnite na a potom pridajte mesto alebo vykonajte iné zmeny. Po skončení klepnite na Hotovo. • Pridanie mesta: Klepnite na . Zadajte názov mesta alebo PSČ a potom klepnite na Vyhľadať. • Zmena poradia miest: Potiahnite nahor alebo nadol. • Vymazanie mesta: Klepnite na a potom na Vymazať. • Výber stupňov Fahrenheita alebo Celzia: Klepnite na °F alebo °C. Zobrazenie počasia v inom meste:  Potiahnite obrazovku doľava alebo doprava. Na obrazovke úplne vľavo je zobrazené miestne počasie. Zobrazenie aktuálnej hodinovej predpovede: • iPhone 5:  Potiahnite hodinové zobrazenie doľava alebo doprava. • iPhone 4S alebo starší:  Klepnite na Každú hodinu. Zapnutie alebo vypnutie miestneho počasia:  Prejdite do Nastavenia > Súkromie > Lokalizačné služby. Viac v časti Súkromie na strane 146. Zobrazenie informácií o meste zo stránky yahoo.com:  Klepnite na . PočasieKapitola 15 Počasie 87 Použitie služby iCloud na prenesenie zoznamu miest na vaše ostatné iOS zariadenia:  Prejdite do Nastavenia > iCloud > Dokumenty a dáta a potom zapnite možnosť Dokumenty a dáta (v predvolených nastaveniach je zapnutá). Viac v časti iCloud na strane 16.16 88 Aplikácia Passbook umožňuje uchovanie všetkých vašich lístkov, ako napríklad palubných vstupeniek alebo lístkov do kina, na jednom mieste. Klepnutím na lístok ho zobrazíte. Klepnutím na lístok ho zobrazíte. V Passbooku môžete uchovať darčekové karty, kupóny, lístky a ďalšie tipy vstupeniek. Ak si chcete pozrieť lístok alebo ho použiť, zobrazte si ho v Passbooku alebo na zamknutej ploche. Pridanie lístka do aplikácie Passbook:  Na webovej stránke predajcu alebo v potvrdzovacom emaily klepnite na Pridať do Passbooku. Lístok môžete taktiež pridať priamo z aplikácie, ktorá podporuje Passbook. Ak chcete pridávať lístky do Passbooku, musíte byť prihlásení do iCloudu. Použitie lístka:  Vyberte lístok a nasmerujte čiarový kód na čítačku. PassbookKapitola 16 Passbook 89 Ak sú zapnuté lokalizačné služby a predajca to podporuje, zobrazí sa lístok v prípade potreby na zamknutej ploche. Lístok sa takýmto spôsobom zobrazí napríklad pri príchode na letisko, do hotela alebo do kina. Klepnite pre zobrazenie ďalších detailov. Klepnite pre zobrazenie ďalších detailov. Zobrazenie ďalších informácií:  Klepnite na . Vymazanie lístka:  Klepnite na a potom klepnite na . Zabránenie zobrazovania lístkov na zamknutej ploche:  Prejdite do Nastavenia > Všeobecné > Uzamykanie heslom, klepnite na Zapnúť heslo, potom prejdite do Povoliť prístup zo zamknutej obrazovky a vypnite Passbook. Prenos lístka do iného iPhonu alebo iPodu touch:  Prejdite do Nastavenia > iCloud a zapnite možnosť Passbook. 17 90 Zaznamenajte si poznámky na iPhone a vďaka iCloudu budú dostupné na všetkých vašich ostatných iOS zariadeniach a počítačoch Mac. Poznámky môžete čítať a vytvárať aj v ostatných účtoch, ako je napríklad Gmail alebo Yahoo!. Klepnite na poznámku pre jej úpravu. Klepnite na poznámku pre jej úpravu. Vymazať poznámku. Vymazať poznámku. Tlačiť poznámku alebo ju odoslať emailom. Tlačiť poznámku alebo ju odoslať emailom. Pridať novú poznámku. Pridať novú poznámku. Zobraziť zoznam poznámok. Zobraziť zoznam poznámok. Zobraziť predošlú alebo ďalšiu poznámku. Zobraziť predošlú alebo ďalšiu poznámku. Ak chcete, aby boli vaše poznámky aktuálne na vašich iOS zariadeniach a počítačoch Mac, použite iCloud: • Ak v iCloude používate emailovú adresu s príponou me.com alebo mac.com:  Prejdite do Nastavenia > iCloud a zapnite možnosť Poznámky. • Ak v iCloude používate Gmail alebo iný IMAP účet:  Prejdite do Nastavenia > Mail, kontakty, kalendáre a zapnite pre tento účet možnosť Poznámky. Výber predvoleného účtu pre nové poznámky:  Prejdite do Nastavenia > Poznámky. Vytvorenie poznámky v špecifickom účte:  Klepnite na Účty, zvoľte daný účet a potom vytvorte poznámku klepnutím na . Ak tlačidlo Účty nie je zobrazené, klepnite najprv na tlačidlo Poznámky. Zobrazenie len poznámok konkrétneho účtu:  Klepnite na Účty a vyberte účet. Ak tlačidlo Účty nie je zobrazené, klepnite najprv na tlačidlo Poznámky. Vymazanie poznámky počas prezerania zoznamu poznámok:  Potiahnite prst cez poznámku v zozname. PoznámkyKapitola 17 Poznámky 91 Vyhľadávanie poznámok:  Počas prezerania zoznamu poznámok zobrazíte prejdite rolovaním do vrchnej časti obrazovky a zobrazí sa vyhľadávacie pole. Klepnite do poľa a zadajte hľadaný výraz. Poznámky môžete vyhľadávať aj z plochy. Viac v časti Vyhľadávanie na strane 29. Tlačenie alebo odoslanie poznámky emailom:  Počas čítania poznámky klepnite na . Ak chcete odoslať poznámku prostredníctvom emailu, musí byť na iPhone nastavený emailový účet. Viac v časti Nastavenie emailových a ďalších účtov na strane 15. Zmena písma:  Prejdite do Nastavenia > Poznámky.18 92 Pripomienky vás upozornia na všetky veci, ktorým sa potrebujete venovať. Dokončená položka Dokončená položka Pridať položku. Pridať položku. Zobraziť zoznamy Zobraziť zoznamy Zobrazenie podrobností pripomienky:  Klepnite na pripomienku. Môžete: • Zmeniť alebo vymazať pripomienku • Nastaviť termín ukončenia pripomienky • Nastaviť prioritu pripomienky • Pridať poznámky • Preniesť pripomienku do iného zoznamu Pripomienky vás môžu upozorniť pri príchode na určité miesto alebo pri jeho opustení. Pridanie upozornenia na polohu:  Počas zadávania pripomienky klepnite na a zapnite možnosť Pripomenúť na mieste. Ak chcete použiť inú polohu, klepnite na svoju aktuálnu polohu. Medzi polohy v zozname patria adresy z vašej osobnej vizitky v aplikácii Kontakty ako napríklad adresa vášho domova a pracoviska. Ak chcete použiť inú adresu, klepnite na Zadajte adresu. Poznámka:  Polohové pripomienky nie sú dostupné na iPhone 3GS. V účtoch Microsoft Exchange a Outlook nie je možné nastaviť polohu pre pripomienky. Vyhľadávanie pripomienok:  Klepnite na a zobrazí sa vyhľadávacie pole. Pripomienky môžete vyhľadávať aj priamo z plochy. Prehľadávané sú názvy pripomienok. Na vyhľadávanie alebo  pridávanie pripomienok môžete použiť aj Siri. PripomienkyKapitola 18 Pripomienky 93 Vypnutie hlásení pripomienok:  Prejdite do Nastavenia > Hlásenia. Viac informácií nájdete v časti Funkcia Nerušiť a hlásenia na strane 138. Nastavenie zvuku prehrávaného pri pripomienkach:  Prejdite do Nastavenia > Zvuky. Synchronizácia pripomienok s ostatnými zariadeniami:  Prejdite do Nastavenia > iCloud a potom zapnite možnosť Pripomienky. Ak chcete mať prístup aj k pripomienkam v systéme OS X Mountain Lion, zapnite iCloud aj na svojom Macu. Pripomienky sú podporované aj niektorými inými typmi účtov, ako napríklad Exchange. Prejdite do Nastavenia > Mail, kontakty, kalendáre a pre účty, ktoré chcete používať, zapnite možnosť Pripomienky. Nastavenie predvoleného zoznamu pre nové pripomienky:  Prejdite do Nastavenia > Mail, kontakty, kalendáre a v časti Pripomienky klepnite na Predvolený zoznam.19 94 Pridať hodiny. Pridať hodiny. Zobraziť hodiny, nastaviť budík, spustiť stopky alebo nastaviť časovač. Zobraziť hodiny, nastaviť budík, spustiť stopky alebo nastaviť časovač. Vymazať alebo upraviť poradie hodín. Vymazať alebo upraviť poradie hodín. Pridanie hodín:  Klepnite na a zadajte názov mesta alebo vyberte mesto zo zoznamu. Pokiaľ sa mesto, ktoré hľadáte, nenašlo, skúste vyhľadať väčšie mesto v rovnakom časovom pásme. Usporiadanie hodín:  Klepnite na Upraviť a potom potiahnite pre presun alebo klepnite na pre vymazanie. Nastavenie budíka:  Klepnite na Budík a potom klepnite na . Zmena budíka:  Klepnite na Upraviť, potom klepnite na pre zmenu nastavení alebo na pre vymazanie. Nastavenie automatického vypnutia iPhonu:  Nastavte časovač, klepnite na Po uplynutí času a vyberte Zastaviť prehrávanie. Hodiny20 95 Sledujte cenu svojich akcií, jej vývoj v čase a informujte sa o svojich investíciách. Spravovanie zoznamu akcií:  Klepnite na a potom pridajte akcie alebo vykonajte iné zmeny. Po skončení klepnite na Hotovo. • Pridanie položky: Klepnite na . Zadajte symbol, názov spoločnosti, fondu alebo index a klepnite na Vyhľadať. • Vymazanie položky: Klepnite na . • Zmena poradia položiek: Potiahnite nahor alebo nadol. Zobrazenie informácií o akciách:  • Prepínanie medzi zobrazením percentuálnej zmeny, zmeny ceny a trhovej kapitalizácie Klepnite na ktorúkoľvek hodnotu na pravej strane obrazovky. • Zobrazenie zhrnutia, grafu alebo aktualít: Potiahnite prstom cez informácie pod zoznamom akcií. Ak si chcete prečítať článok nejakej aktuality v Safari, klepnite na jej nadpis. Ak chcete zmeniť časový úsek grafu, klepnite na 1d, 1t, 1m, 3m, 6m, 1r alebo 2r. • Pridanie novinového článku do zoznamu Na prečítanie: Klepnite a podržte prst na názve článku a potom klepnite na Pridať do zoznamu Na prečítanie. • Zobrazenie ďalších informácií o akciách na yahoo.com:  Klepnite na . Ceny sa môžu zobrazovať s oneskorením 20 a viac minút (v závislosti od rýchlosti služby). Ak chcete zobraziť akcie ako informáciu v centre hlásení, prečítajte si tému Hlásenia na strane 30. AkcieKapitola 20 Akcie 96 Zobrazenie grafu na celej obrazovke:  Otočte iPhone do orientácie na šírku. • Zobrazenie hodnoty v konkrétnom dátume alebo čase: Dotknite sa grafu jedným prstom. • Zobrazenie rozdielu hodnôt v čase: Dotknite sa grafu dvomi prstami. Ak chcete, aby bol váš zoznam akcií aktuálny na vašich iOS zariadeniach a počítačoch, použite iCloud:  Prejdite do Nastavenia > iCloud > Dokumenty a dáta a potom zapnite možnosť Dokumenty a dáta (v predvolených nastaveniach je zapnutá). Viac v časti iCloud na strane 16.21 97 Kiosk je miesto, kde si môžete uchovať aplikácie časopisov a novín. Kiosk vás zároveň upozorní na nové čísla, akonáhle budú dostupné. Podržte prst na publikácii pre zmenu usporiadania. Podržte prst na publikácii pre zmenu usporiadania. Vyhľadať aplikácie typu Kiosk. Vyhľadať aplikácie typu Kiosk. Kiosk je miesto, kde si môžete uchovať aplikácie časopisov a novín a jednoducho k nim pristupovať. Vyhľadanie aplikácii typu Kiosk:  Klepnite na Kiosk pre zobrazenie police a potom klepnite na Obchod. Zakúpená aplikácia typu Kiosk bude pridaná na policu. Po stiahnutí aplikácie ju otvorte a zobrazíte tak jednotlivé čísla a možnosti odoberania. Odoberania sú nákupy v rámci aplikácií, ktoré sú účtované na váš účet. Vypnutie automatického sťahovania nových čísiel:  Prejdite do Nastavenia > Kiosk. Ak to daná aplikácia podporuje, Kiosk stiahne nové čísla po pripojení k Wi-Fi. Kiosk22 98 V skratke Pomocou obchodu iTunes Store môžete do svojho iPhonu pridávať hudbu, TV seriály a podcasty. Prechádzať Prechádzať Zobraziť nákupy, stiahnuté a ďalšie položky. Zobraziť nákupy, stiahnuté a ďalšie položky. iTunes Store môžete využívať na: • Vyhľadávanie alebo prechádzanie obchodu za účelom vyhľadania hudby, TV seriálov, filmov, zvonení a ďalších položiek. • Prezeranie si svojich osobných odporúčaní služby Genius • Sťahovanie už zakúpených položiek Poznámka:  Na používanie obchodu iTunes Store potrebujete pripojenie na internet a Apple ID. Prezeranie obsahu:  Klepnite na niektorú z kategórií. Pre zobrazenie špecifických zoznamov klepnite na „Genres“ (Žánre). Ak chcete zobraziť viac informácií o danej položke, klepnite na ňu. Vyhľadávanie obsahu:  Klepnite na „Search“ (Vyhľadať), do vyhľadávacieho poľa zadajte jedno alebo viac slov a potom klepnite na kláves Hľadať. Prehratie ukážky položky:  Klepnutím na skladbu alebo video prehrajte ukážku. Zakúpenie položky:  Klepnite na cenu (alebo na tlačidlo „Free“ (Zdarma)) a potom opätovným klepnutím na toto tlačidlo zakúpte položku. Ak už máte položku kúpenú, zobrazí sa namiesto ceny tlačidlo „Download“ (Stiahnuť) a nebude vám naúčtovaná cena položky. Počas sťahovania položiek môžete zobraziť priebeh sťahovania klepnutím na „More“ (Viac) a potom na „Downloads“ (Sťahovania). iTunes StoreKapitola 22 iTunes Store 99 Vypožičanie filmu:  V niektorých oblastiach sú dostupné na vypožičanie vybrané filmy. Vypožičaný film môžete začať pozerať do 30 dní. Po spustení prehrávania filmu si ho počas najbližších 24 hodín môžete prehrať koľkokrát budete chcieť. Po vypršaní týchto časových limitov bude film vymazaný. Stiahnutie už zakúpenej položky:  Klepnite na „More“ (Viac) a potom klepnite na „Purchased“ (Zakúpené). Ak chcete automaticky sťahovať položky zakúpené na iných zariadeniach, prejdite do Nastavenia > iTunes a App Store. Uplatnenie darčekovej karty alebo kódu:  Klepnite na jednu z kategórií, prejdite rolovaním na spodok a klepnite na „Redeem“ (Uplatniť). Zobrazenie alebo úprava účtu:  Prejdite do Nastavenia > iTunes a App Store, klepnite na svoje Apple ID a potom klepnite na Zobraziť Apple ID. Položky upravíte klepnutím na ne. Ak chcete zmeniť svoje heslo, klepnite na pole Apple ID. Zapnutie alebo vypnutie služby iTunes Match:  Prejdite do Nastavenia > iTunes a App Store. iTunes Match je platená služba, ktorá uchováva všetku vašu hudbu v iCloude, takže k nej môžete pristupovať z ľubovoľného zariadenia. Prihlásenie použitím iného Apple ID:  Prejdite do Nastavenia > iTunes a App Store, klepnite na názov svojho účtu a potom klepnite na Odhlásiť sa. Pri ďalšom stiahnutí aplikácie budete môcť zadať iné Apple ID. Sťahovanie zakúpených položiek použitím mobilnej siete:  Prejdite do Nastavenia > iTunes a App Store > Použiť mobilné dáta. Sťahovanie zakúpených položiek a používanie služby iTunes Match prostredníctvom mobilnej siete môže byť spoplatnené vaším operátorom. Úprava rozloženia tlačidiel na prácu s médiami Tlačidlá v spodnej časti obrazovky môžete vymeniť a preusporiadať. Ak napríklad často sťahujete zvonenia a málokedy pozeráte TV seriály , môžete tieto tlačidlá vymeniť. Úprava tlačidiel na prechádzanie obsahu:  Klepnite na „More“ (Viac) a na) „Edit“ (Upraviť). Potom potiahnite tlačidlo na dolnú časť obrazovky, na miesto tlačidla, ktoré chcete nahradiť. Po skončení klepnite na Hotovo.23 100 V skratke V App Store si môžete prezerať, nakupovať a sťahovať aplikácie pre svoj iPhone. Zobraziť kategóriu. Zobraziť kategóriu. Zobraziť aktualizácie a predchádzajúce nákupy. Zobraziť aktualizácie a predchádzajúce nákupy. Tlačidlá na prechádzanie Tlačidlá na prechádzanie Obchod App Store môžete používať na: • Získavanie bezplatných alebo spoplatnených aplikácií prezeraním alebo vyhľadávaním • Sťahovanie predošlých nákupov a aktualizácií • Uplatnenie darčekovej karty alebo kódu • Odporučenie aplikácie priateľovi • Spravovanie svojho App Store účtu Poznámka:  Na používanie obchodu App Store potrebujete pripojenie na internet a Apple ID. Zakúpenie aplikácie:  Klepnite na cenu (alebo na tlačidlo „Free“ (Zdarma)) aplikácie a potom klepnite na „Buy Now“ (Kúpiť). Ak ste si už danú aplikáciu zakúpili, namiesto ceny sa zobrazí tlačidlo „Install“ (Inštalovať). Opätovné stiahnutie tejto aplikácie nebude spoplatnené. Počas sťahovania aplikácie sa na ploche zobrazí jej ikona s indikátorom priebehu sťahovania. Stiahnutie už zakúpenej položky:  Klepnite na „Updates“ (Aktualizácie) a potom klepnite na „Purchased“ (Zakúpené). Ak chcete automaticky sťahovať nové položky zakúpené na iných zariadeniach, prejdite do Nastavenia > iTunes a App Store. App StoreKapitola 23 App Store 101 Sťahovanie aktualizovaných aplikácií:  Klepnite na „Updates“ (Aktualizácie). Klepnutím na aplikáciu si prečítajte informácie o novej verzii a následne ju stiahnite klepnutím na „Update“ (Aktualizovať). Prípadne klepnite na „Update All“ (Aktualizovať všetky) – začnú sa sťahovať všetky aplikácie v zozname. Uplatnenie darčekovej karty alebo kódu:  Klepnite na „Featured“ (Populárne), prejdite rolovaním na spodok a klepnite na „Redeem“ (Uplatniť). Informovanie priateľa o aplikácii:  Vyhľadajte aplikáciu, klepnite na a vyberte spôsob, akým ju chcete zdieľať. Zobrazenie a úprava účtu:  Prejdite do Nastavenia > iTunes a App Store, klepnite na svoje Apple ID a potom klepnite na Zobraziť Apple ID. Môžete zapnúť odoberanie noviniek v iTunes a zobraziť si zásady ochrany osobných údajov Apple. Ak chcete zmeniť svoje heslo, klepnite na pole Apple ID. Prihlásenie použitím iného Apple ID:  Prejdite do Nastavenia > iTunes a App Store, klepnite na názov svojho účtu a potom klepnite na Odhlásiť sa. Pri ďalšom stiahnutí aplikácie budete môcť zadať iné Apple ID. Vytvorenie nového Apple ID:  Prejdite do Nastavenia > iTunes a App Store a potom klepnite na Vytvoriť nové Apple ID. Riaďte sa pokynmi na obrazovke. Sťahovanie zakúpených položiek použitím mobilnej siete:  Prejdite do Nastavenia > iTunes a App Store > Použiť mobilné dáta. Sťahovanie zakúpených položiek prostredníctvom mobilnej siete môže byť spoplatnené vaším operátorom. Aplikácie Kiosk sa aktualizujú výlučne cez sieť Wi-Fi. Vymazávanie aplikácií Vymazanie aplikácie zakúpenej v App Store:  Podržte prst na ikone takejto aplikácie na ploche, až kým sa nezačne chvieť a potom klepnite na . Vstavané aplikácie nie je možné vymazať. Po dokončení úprav stlačte tlačidlo Domov . Vymazaním aplikácie dôjde aj k vymazaniu dát. Akúkoľvek aplikáciu, ktorú ste si zakúpili v App Store, si môžete opäť bezplatne stiahnuť. Viac informácií o trvalom vymazaní všetkých aplikácií, dát a nastavení nájdete v časti Resetovanie na strane 145.24 102 V skratke Game Center vám umožňuje hrať svoje obľúbené hry s priateľmi, ktorí používajú iPhone, iPad, iPod touch alebo Mac so systémom OS X Mountain Lion. UPOZORNENIE:   Dôležité informácie týkajúce sa prevencie pred zraneniami spôsobenými vykonávaním opakovaných pohybov nájdete v časti Dôležité informácie týkajúce sa bezpečnosti na strane 153. Zobraziť najlepších hráčov. Zobraziť najlepších hráčov. Odpovedať na priateľské žiadosti. Odpovedať na priateľské žiadosti. Zobraziť zoznam cieľov hry. Zobraziť zoznam cieľov hry. Hrať hru. Hrať hru. Nájsť súpera. Nájsť súpera. Vybrať hru. Vybrať hru. Vyhľadať výzvy od priateľov. Vyhľadať výzvy od priateľov. Pozvať priateľov na hranie hry. Pozvať priateľov na hranie hry. Upraviť stav, zmeniť fotku alebo sa odhlásiť. Upraviť stav, zmeniť fotku alebo sa odhlásiť. Prihlásenie:  Otvorte Game Center. Ak je vo vrchnej časti obrazovky zobrazená vaša prezývka a meno, ste prihlásení. Ak tieto nie sú zobrazené, zadajte svoje Apple ID a heslo a klepnite na Prihlásiť sa. Môžete použiť rovnaké Apple ID, aké používate pre iCloud alebo na nakupovanie. Ak chcete na hranie používať osobitné Apple ID, klepnite na Vytvoriť nový účet. Zakúpenie hry:  Klepnite na Hry a potom klepnite na odporúčanú hru alebo na Nájsť Game Center hry. Hranie hry:  Klepnite na Hry, vyberte hru a klepnite na Hrať. Návrat do Game Center po dohraní hry:  Stlačte tlačidlo Domov a na ploche klepnite na Game Center. Game CenterKapitola 24 Game Center 103 Odhlásenie:  Klepnite na Ja, klepnite na banner účtu a potom klepnite na Odhlásiť sa. Nie je potrebné sa odhlasovať pri každom ukončení aplikácie Game Center. Hranie s priateľmi Pozvanie priateľov do hry pre viacerých hráčov:  Klepnite na Priatelia, vyberte priateľa, vyberte hru a potom klepnite na Hrať. Ak hra umožňuje alebo vyžaduje viacerých hráčov, vyberte ich a potom klepnite na Ďalej. Odošlite pozvánku a počkajte, kým bude prijatá ostatnými. Keď sú všetci pripravení, spustite hru. Ak priateľ nie je dostupný alebo nereaguje na pozvánku, môžete klepnúť na možnosť Autospoluhráč a nechať Game Center nech vám vyhľadá spoluhráča. Prípadne môžete klepnúť na Pozvať priateľa a pozvať niekoho iného. Odoslanie priateľskej žiadosti:  Klepnite na Priatelia alebo na Žiadosti, klepnite na a potom zadajte emailovú adresu priateľa alebo jeho prezývku v Game Center. Ak si chcete prezerať kontakty, klepnite na . Ak chcete do jednej žiadosti pridať viacerých priateľov, klepnite po zadaní každej z adries na Return. Odoslanie výzvy na prekonanie úspechu v hre:  Klepnite na svoje skóre alebo dosiahnutý úspech a potom klepnite na Vyzvať priateľov. Zobrazenie hier, ktoré hrá priateľ a jeho skóre:  Klepnite na Priatelia, potom klepnite na meno priateľa a nakoniec na Hry alebo Body. Zakúpenie hry, ktorú má váš priateľ:  Klepnite na Priatelia a potom klepnite na meno svojho priateľa. Klepnite na hru v zozname hier svojho priateľa a potom klepnite na cenu hry zobrazenú vo vrchnej časti obrazovky. Zobrazenie zoznamu priateľových priateľov:  Klepnite na Priatelia, potom klepnite na meno priateľa a nakoniec na Priatelia pod obrázkom priateľa. Odstránenie priateľa:  Klepnite na Priatelia, klepnite na meno a potom klepnite na Odstrániť. Utajenie emailovej adresy:  V nastaveniach svojho Game Center účtu vypnite Verejný profil. Viac v časti „Nastavenia Game Center“ nižšie. Vypnutie aktivít pre viacerých hráčov alebo priateľských žiadostí:  Prejdite do Nastavenia > Všeobecné > Obmedzenia a vypnite Hry pre viac hráčov alebo Pridávanie priateľov. Ak sú tieto prepínače neaktívne, klepnite najprv na Povoliť obmedzenia na vrchu obrazovky. Nahlásenie urážlivého alebo nevhodného správania:  Klepnite na Priatelia, potom klepnite na meno osoby a nakoniec na Nahlásiť problém. Nastavenia Game Center Niektoré nastavenia Game Center sú priradené k Apple ID, ktoré používate na prihlásenie. Ďalšie nastavenia sa nachádzajú v aplikácii Nastavenia na iPhone. Zmena nastavení Game Center pre vaše Apple ID:  Prihláste sa pomocou svojho Apple ID, klepnite na Ja, klepnite na banner účtu a potom vyberte Zobraziť účet. Výber hlásení, ktoré chcete používať pre Game Center:  Prejdite do Nastavenia > Hlásenia > Game Center. Ak sa Game Center nezobrazí, zapnite Hlásenia. Zmena obmedzení pre Game Center:  Prejdite do Nastavenia > Všeobecné > Obmedzenia.25 104 V skratke iPhone vám umožňuje jednoducho pristupovať k zoznamom kontaktov z vášho osobného, firemného a organizačného účtu a upravovať tieto zoznamy. Otvoriť v aplikácii Mail. Otvoriť v aplikácii Mail. Odoslať Tweet. Odoslať Tweet. Vytočiť číslo. Vytočiť číslo. Nastavenie vizitky Moje info:  Prejdite do Nastavenia > Mail, kontakty, kalendáre, klepnite na Moje info a vyberte vizitku so svojim menom a informáciami. Vizitku Moje info používa Siri a ďalšie aplikácie. Pomocou polí Súvisiaci ľudia definujte svoj vzťah s kontaktami, takže Siri bude vedieť reagovať na vaše žiadosti typu „call my sister“. Vyhľadanie kontaktov:  Klepnite na vyhľadávacie pole vo vrchnej časti zoznamu kontaktov a zadajte hľadané slovo. Kontakty môžete vyhľadávať aj z plochy. Viac v časti Vyhľadávanie na strane 29. Zdieľanie kontaktu:  Klepnite na kontakt a potom na Zdieľať kontakt. Kontaktné informácie môžete odoslať prostredníctvom emailu alebo správ. Pridanie kontaktu:  Klepnite na . Nemôžete pridávať kontakty do adresára, ktorý si môžete len prezerať, ako napríklad Microsoft Exchange Global Address List. Pridanie kontaktu do zoznamu Obľúbené:  Vyberte kontakt, rolovaním prejdite nadol a klepnite na tlačidlo Pridať k obľúb. Zoznam Obľúbené využíva funkcia Nerušiť. Viac v časti Funkcia Nerušiť a hlásenia na strane 138. Pridanie telefónneho čísla do aplikácie Kontakty počas vytáčania:  V časti Telefón klepnite na Klávesnica, zadajte číslo a potom klepnite na . Potom klepnite na Vytvoriť nový kontakt alebo na Pridať ku kontaktu a vyberte kontakt. KontaktyKapitola 25 Kontakty 105 Pridanie aktuálneho volajúceho do aplikácie Kontakty:  Klepnite na Telefón, klepnite na Posledné a potom klepnite na vedľa čísla. Potom klepnite na Vytvoriť nový kontakt, prípadne klepnite na „Pridať ku kontaktu“ a vyberte kontakt. Vymazanie kontaktu:  Vyberte kontakt a klepnite na Upraviť. Klepnite na Vymazať kontakt v spodnej časti obrazovky. Úprava kontaktu:  Vyberte kontakt a klepnite na Upraviť. Môžete vykonať nasledovné: • Pridať nového pole:  Klepnite na a následne si zvoľte alebo zadajte popis poľa. • Zmeniť popis poľa:  Klepnite na popis a vyberte iný popis. Ak chcete pridať nové pole, klepnite na Pridať popis. • Zmeniť zvonenie lebo text správy kontaktu:  Klepnite na pole zvonenie alebo zvuk správy a vyberte nový zvuk. Ak chcete kontaktu zmeniť predvolené zvonenie, prejdite do Nastavenia > Zvuky. • Zmeniť vibrovanie pri prijatí hovoru alebo správy od kontaktu:  Klepnite na pole vibrovanie pre zvonenie alebo zvuk správy a vyberte vibrovanie. Ak pole vibrovanie nie je zobrazené, klepnite najprv na Upraviť a pridajte ho. Informácie o vytváraní vlastných vibrovaní nájdete v časti Zvuky na strane 145. • Priradiť fotku ku kontaktu:  Klepnite na Pridať fotku. Môžete spraviť fotku pomocou fotoaparátu alebo použiť existujúcu fotku. • Aktualizácia kontaktných údajov pomocou Twittera:  Prejdite do Nastavenia > Twitter > Aktualizovať kontakty. Kontakty budú zlúčené na základe emailových adries. Vizitky priateľov, ktorých sledujete, budú aktualizované použitím fotky a užívateľského mena z Twittera. • Aktualizácia kontaktných údajov pomocou Facebooku:  Prejdite do Nastavenia > Facebook > Aktualizovať kontakty. Kontakty budú zlúčené na základe emailových adries. Vizitky priateľov, ktorých máte vo svojom zozname priateľov na Facebooku, budú aktualizované použitím fotky a užívateľského mena z Facebooku. • Vloženie pauzy do telefónneho čísla:  Klepnite na a potom klepnite na Pauza alebo Čakať. Každá pauza trvá dve sekundy. Každý príkaz Čakať zastaví vytáčanie až do opätovného klepnutia na Vytočiť. Tieto príkazy môžete používať napríklad na automatické vytáčanie klapky alebo hesla. Pridávanie kontaktov Okrem pridania kontaktov na iPhone ich môžete pridať aj nasledovnými spôsobmi: • Použite svoje iCloud kontakty:  Prejdite do Nastavenia > iCloud a potom zapnite možnosť Kontakty. • Naimportujte svojich priateľov z Facebooku:  Prejdite do Nastavenia > Facebook a v zozname Povoliť týmto aplikáciám používať váš účet zapnite Kontakty. Takto vytvoríte v aplikácii Kontakty skupinu Facebook. • Nastavte prístup k adresáru Microsoft Exchange Global Address List:  Prejdite do Nastavenia > Mail, kontakty, kalendáre, klepnite na svoj Exchange účet a zapnite Kontakty. • Nastavenie účtu LDAP alebo CardDAV a prístup k firemným alebo školským adresárom:  Prejdite do Nastavenia > Mail, kontakty, kalendáre > Pridať účet > Iný. Následne klepnite na „Pridať LDAP účet“ alebo „Pridať CardDAV účet“ a zadajte informácie o účte. • Synchronizujte kontakty zo svojho počítača a účtov Yahoo! alebo Google:  V aplikácii iTunes nainštalovanej na počítači zapnite v paneli informácií zariadenia synchronizáciu kontaktov. Ďalšie informácie nájdete v pomocníkovi pre iTunes.Kapitola 25 Kontakty 106 • Naimportujte kontakty zo SIM karty (GSM):  Prejdite do Nastavenia > Mail, kontakty, kalendáre > Importovať zo SIM karty. • Naimportujte kontakty zo súboru vCard:  Klepnite na prílohu .vcf v emaile, správe alebo na webovej stránke. Prehľadanie GAL, CardDAV alebo LDAP servery:  Klepnite na Skupiny, potom na adresár, ktorý chcete prehľadávať a zadajte slová na vyhľadanie. Uloženie kontaktných údajov zo serverov GAL, LDAP alebo CardDAV:  Vyhľadajte kontakt, ktorý chcete pridať a potom klepnite na Pridať kontakt. Zobrazenie a skrytie skupín:  Klepnite na Skupiny a potom vyberte skupiny, ktoré chcete zobraziť. Toto tlačidlo sa zobrazí len v prípade, ak máte viac ako jeden zdroj kontaktov. Ak máte kontakty z viacerých zdrojov, môžete mať pre jednu osobu viac záznamov. Ak chcete predísť zobrazovaniu prebytočných kontaktov v zozname všetkých kontaktov, kontakty s rovnakým krstným menom a priezviskom sú prepojené a zobrazujú sa ako jediný jednotný kontakt. Pri prezeraní jednotného kontaktu sa vo vrchnej časti obrazovky zobrazí nadpis Jednotné info. Prepojenie kontaktu:  Upravte kontakt. Klepnite na Upraviť, potom klepnite na a vyberte kontakt, ktorý chcete prepojiť. Prepojené kontakty nie sú zlúčené. Ak upravíte informácie v jednotnom kontakte alebo doň pridáte informácie, budú tieto zmeny prekopírované do každého zdrojového účtu, v ktorom tieto informácie existujú. Ak prepojíte kontakty, ktoré nemajú rovnaké krstné meno alebo priezvisko, mená individuálnych vizitiek nebudú zmenené. Na jednotnej vizitke sa však zobrazí len jedno meno. Ak chcete vybrať meno, ktoré sa zobrazí pri prezeraní jednotnej vizitky, klepnite na prepojenú vizitku s preferovaným menom a potom klepnite na Použiť toto meno pre jednotnú vizitku. Zobrazenie kontaktných údajov zo zdrojového účtu:  Klepnite na jeden zo zdrojových účtov. Rozpojenie kontaktu:  Klepnite na Upraviť, potom klepnite na a nakoniec na Rozpojiť. Nastavenia aplikácie Kontakty Ak chcete upraviť nastavenia aplikácie Kontakty, prejdite do Nastavenia > Mail, kontakty, kalendáre. Dostupné možnosti vám umožňujú: • Meniť spôsob usporiadania kontaktov • Zobrazovať kontakty podľa krstného mena alebo priezviska • Nastaviť predvolený účet pre nové kontakty • Nastaviť vizitku Moje info26 107 Používajte aplikáciu Kalkulačka rovnakým spôsobom, akým používate štandardnú kalkulačku. Pridať číslo do pamäte. Pridať číslo do pamäte. Vyčistiť pamäť. Vyčistiť pamäť. Vyčistiť displej. Vyčistiť displej. Odčítať číslo od pamäte. Odčítať číslo od pamäte. Získať číslo z pamäte (biely kruh indikuje číslo uložené v pamäti). Získať číslo z pamäte (biely kruh indikuje číslo uložené v pamäti). Používanie vedeckej kalkulačky:  Otočte iPhone do orientácie na šírku. Kalkulačka27 108 Stanovenie smeru, ktorým je otočený váš iPhone:  Podržte iPhone vo vodorovnej polohe (displej by mal byť v jednej rovine so zemou). Ak sú pri zapnutí kompasu vypnuté lokalizačné služby, môžete byť požiadaný o ich zapnutie. Kompas môžete používať aj s vypnutými lokalizačnými službami. Viac v časti Súkromie na strane 146. Dôležité:  Presnosť kompasu môže byť ovplyvnená magnetickým rušením alebo rušením prostredia. Dokonca aj magnety v slúchadlách iPhonu môžu spôsobiť odchýlku. Digitálny kompas používajte len ako pomôcku pri základnej navigácii. Nespoliehajte sa naň pre presnom určovaní polohy, vzdialenosti alebo smeru. Kompas28 109 V skratke Vďaka aplikácii Diktafón môžete používať iPhone ako prenosné zariadenie určené na nahrávanie zvuku pomocou vstavaného mikrofónu, mikrofónu iPhone slúchadiel alebo Bluetooth náhlavnej sady, prípadne pomocou akéhokoľvek iného podporovaného externého mikrofónu. Spustiť, pozastaviť alebo zastaviť nahrávanie. Spustiť, pozastaviť alebo zastaviť nahrávanie. Úroveň nahrávania Úroveň nahrávania Zobraziť zoznam nahrávok. Zobraziť zoznam nahrávok. Spustenie nahrávania:  Klepnite na alebo stlačte stredné tlačidlo na náhlavnej sade. Klepnite na pre pozastavenie, alebo na pre zastavenie nahrávania, prípadne stlačte stredné tlačidlo na svojej náhlavnej sade. Nahrávky vytvorené pomocou vstavaného mikrofónu sú v monofónnej kvalite, ale môžete nahrávať aj v stereofónnnej kvalite pomocou externého mikrofónu, ktorý funguje s konektorom pre slúchadlá iPhonu, ako aj s Lightning konektorom (iPhone 5) alebo Dock konektorom (staršie modely iPhonov). Hľadajte príslušenstvo označené logom Apple „Made for iPhone“ (Vyrobené pre iPhone) alebo logom „Works with iPhone“ (Spolupracuje s iPhonom). Úprava úrovne nahrávania:  Posuňte mikrofón bližšie k nahrávanému objektu, prípadne ho posuňte ďalej od tohto objektu. Ak chcete dosiahnuť najlepšiu kvalitu nahrávania, mala by sa najvyššia úroveň hlasitosti na indikátore hlasitosti pohybovať medzi –3 dB a 0 dB. Prehranie alebo stlmenie tónu štart/stop:  Pomocou tlačidiel hlasitosti iPhonu môžete hlasitosť celkom znížiť. DiktafónKapitola 28 Diktafón 110 Používanie inej aplikácie počas nahrávania:  Stlačte tlačidlo Domov a otvorte aplikáciu. Ak sa chcete vrátiť do aplikácie Diktafón, klepnite na červenú lištu v hornej časti obrazovky. Prehratie nahrávky:  Klepnite na , klepnite na nahrávku a potom na . Pre pozastavenie prehrávania klepnite na . Orezať alebo upraviť popis nahrávky. Orezať alebo upraviť popis nahrávky. Vypočutie si nahrávky. Vypočutie si nahrávky. Pripojiť nahrávku k emailovej alebo textovej správe. Pripojiť nahrávku k emailovej alebo textovej správe. Potiahnite pre prechod na ľubovoľnú časť. Potiahnite pre prechod na ľubovoľnú časť. Prepínanie medzi reproduktorom a prijímačom. Prepínanie medzi reproduktorom a prijímačom. Orezanie nahrávky:  Klepnite na vedľa nahrávky a potom klepnite na Orezať. Potiahnite okraje audiorozsahu a potom klepnite na pre prehratie ukážky. Ak je to potrebné, upravte rozsah a potom uložte orezanú nahrávku klepnutím na Orezať nahrávku. Orezané časti nie je možné obnoviť. Zdieľanie nahrávok s vaším počítačom Aplikácia iTunes synchronizuje nahrávky s vašou knižnicou iTunes po pripojení iPhonu k počítaču. Nahrávky zostanú po synchronizácii s iTunes uložené v aplikácii Diktafón, až kým ich nevymažete. Ak vymažete nahrávku z iPhonu, nebude vymazaná z playlistu Nahrávky v iTunes. Ak však vymažete nahrávku z iTunes, táto bude vymazaná z iPhonu pri najbližšej synchronizácii s iTunes. Synchronizácia nahrávok s iTunes:  Pripojte iPhone k svojmu počítaču a v zozname zariadení v iTunes vyberte iPhone. Vo vrchnej časti obrazovky vyberte Hudba (medzi Aplikácie a Filmy), vyberte Synchronizovať hudbu, vyberte možnosť Zahrnúť nahrávky a kliknite na Použiť. Nahrávky z iPhonu sa zobrazia v playliste Nahrávky v iTunes.29 111 Spolu so senzorom Nike + iPod (predávané samostatne) poskytuje aplikácia Nike + iPod zvukovú odozvu na vašu rýchlosť, prebehnutú vzdialenosť, čas a spálené kalórie počas prechádzky alebo behu. Prechádzať históriu tréningov. Prechádzať históriu tréningov. Kalibrovať na základe posledného tréningu. Kalibrovať na základe posledného tréningu. Vybrať štandardný tréning. Vybrať štandardný tréning. Vybrať alebo vytvoriť vlastný tréning. Vybrať alebo vytvoriť vlastný tréning. Vybrať typ tréningu. Vybrať typ tréningu. Ikona aplikácie Nike + iPod sa na ploche zobrazí až po jej zapnutí. Zapnutie Nike + iPod:  Prejdite do Nastavenia > Nike + iPod. Zariadenie Nike + iPod získava tréningové údaje z bezdrôtového senzora (predáva sa osobitne), ktorý sa pripája k bežeckej obuvi. Senzor musíte pred prvým použitím prepojiť s iPhonom. Prepojenie senzora s iPhonom: Vložte senzor do svojej topánky a potom prejdite do Nastavenia > Nike + iPod > Senzor. Spustenie tréningu:  Klepnite na Tréningy a vyberte si tréning. • Prerušenie tréningu:  Zobuďte iPhone a klepnite na na zamknutej obrazovke. Ak ste pripravení pokračovať, klepnite na . • Ukončenie tréningu:  Zobuďte iPhone, klepnite na a potom klepnite na Skončiť tréning. Zmena nastavení tréningu:  Prejdite do Nastavenia > Nike + iPod. Kalibrácia Nike + iPod:  Nahrajte tréning na trati so známou dĺžkou (minimálna dĺžka je 400 metrov). Potom po klepnutí na Skončiť tréning klepnite na Kalibrovať na obrazovke so zhrnutím a zadajte skutočnú dĺžku trasy, ktorú ste práve prebehli alebo prešli. Obnovenie predvolenej kalibrácie:  Prejdite do Nastavenia > Nike + iPod. Nike + iPodKapitola 29 Nike + iPod 112 Odosielanie tréningových dát na stránku nikeplus.com:  S iPhonom pripojeným na internet vyberte Nike + iPod, klepnite na História a potom klepnite na „Odoslať do Nike+“. Zobrazenie tréningov na nikeplus.com:  V Safari otvorte nikeplus.com, prihláste sa do svojho účtu a postupujte podľa pokynov na obrazovke.30 113 V skratke iBooks je aplikácia určená na čítanie a nakupovanie kníh. Stiahnite si z App Store bezplatnú aplikáciu iBooks a čítajte akékoľvek knihy, vrátane klasiky a bestsellerov. Prejsť na inú stranu. Prejsť na inú stranu. Záložka Záložka Obsah, záložky a poznámky Obsah, záložky a poznámky iBooks je skvelá aplikácia určená na čítanie kníh a súborov vo formáte PDF. Stiahnite si z App Store bezplatnú aplikáciu iBooks a potom si vo vstavanom obchode iBookstore sťahujte akékoľvek knihy, vrátane klasiky a bestsellerov. Ak si chcete stiahnuť aplikáciu iBooks a používať službu iBookstore, potrebujete pripojenie na internet a Apple ID. Návšteva iBookstore:  V iBooks klepnite na Obchod a môžete: • Vyberať si knihy prechádzaním alebo vyhľadávaním • Stiahnuť si ukážku knihy a zistiť, či sa vám páči • Čítať a písať recenzie a zistiť, aké bestsellery sú dnes v móde • Povedať o knižke priateľovi prostredníctvom emailu Zakúpenie knihy:  Nájdite požadovanú knihu, klepnite na jej cenu a potom si ju stiahnite opätovným klepnutím na cenu. Získanie informácií o knihe:  Môžete si prečítať súhrnné informácie o knihe, prečítať si recenzie a pred zakúpením si prečítať ukážku z knihy. Po zakúpení knihy môžete napísať svoju vlastnú recenziu. iBooksKapitola 30 iBooks 114 Stiahnutie už zakúpenej položky:  Klepnite na „Purchased“ (Zakúpené). Knihu si môžete stiahnuť počas prechádzania klepnutím na Stiahnuť na mieste, kde sa obvykle nachádza cena. Cena knihy vám už nebude naúčtovaná. Ak chcete automaticky sťahovať položky zakúpené na ostatných zariadeniach, prejdite do Nastavenia > iTunes a App Store. Čítanie kníh Čítanie kníh je jednoduché. Prejdite do knižnice a klepnite na knihu, ktorú si chcete prečítať. V závislosti od obsahu a formátu má každá kniha určitú sadu funkcií. Niektoré funkcie popísané nižšie nemusia byť k dispozícii v knihe, ktorú práve čítate. Otvorenie knihy:  Klepnite na knihu, ktorú chcete čítať. Ak ju nevidíte v knižnici, potiahnite prst doľava alebo doprava a prezrite si ostatné zbierky. • Zobrazenie ovládacích prvkov:  Klepnite zhruba do stredu strany. • Zväčšenie obrázka:  Klepnite dvakrát na obrázok. V niektorých knihách si môžete zväčšovať obrázky pomocou lupy, ktorú zobrazíte podržaním prsta na obrazovke. • Prechod na konkrétnu stranu:  Použite ovládacie prvky navigácie v spodnej časti obrazovky. Môžete tiež klepnúť na , zadať číslo strany a vo výsledkoch vyhľadávania klepnúť na číslo strany. • Vyhľadanie slova v slovníku:  Dvakrát klepnite na slovo, pomocou krajných bodov upravte výber a potom v menu klepnite na Definovať. Definície nemusia byť dostupné pre všetky jazyky. • Zobrazenie obsahu:  Klepnite na . V niektorých knihách môžete zobraziť obsah rozovretím dvoch prstov. • Pridanie alebo odstránenie záložky:  Klepnite na . Ak chcete odstrániť záložku, klepnite znovu na tento symbol. Pri zatvorení knihy nie je potrebné pridávať záložku, pretože aplikácia iBooks si zapamätá miesto, kde ste knihu zatvorili. Môžete mať zároveň viacero záložiek – ak chcete zobraziť všetky, klepnite na a potom klepnite na Záložky. Pridanie poznámky v knihe:  Do knihy môžete pridávať poznámky a zvýrazňovať jej časti. • Pridanie zvýraznenia:  Dvakrát klepnite na slovo, pomocou krajných bodov upravte výber, potom klepnite na Zvýrazniť a vyberte farbu alebo podčiarknutie. • Odstránenie zvýraznenia:  Klepnite na zvýraznený text a potom klepnite na . • Pridanie poznámky:  Dvakrát klepnite na slovo, klepnite na Zvýrazniť a potom v menu vyberte . • Odstránenie poznámky:  Vymažte text poznámky. Ak chcete odstrániť poznámku a jej zvýraznenie, klepnite na zvýraznený text a potom na . • Zobrazenie všetkých poznámok:  Klepnite na a potom na Poznámky. Pre tlač poznámok alebo ich odoslanie emailom klepnite na . Zmena vzhľadu knihy:  V niektorých knihách je možné zmeniť veľkosť a typ písma a farbu stránok. • Úprava veľkosti a typu písma:  Klepnutím v blízkosti stredu strany zobrazte ovládacie prvky a potom klepnite na . Klepnutím na Písma vyberte rez písma. V niektorých knihách je možné zmeniť veľkosť písma iba ak je iPhone orientovaný na výšku. • Zmena farby strany a textu:  Klepnutím v blízkosti stredu strany zobrazte ovládacie prvky, klepnite na a potom klepnite na Téma. Toto nastavenie bude použité na všetky knihy, ktoré ho podporujú.Kapitola 30 iBooks 115 • Úprava jasu:  Klepnutím v blízkosti stredu strany zobrazte ovládacie prvky a potom klepnite na . Ak sa nezobrazuje , klepnite najprv na . • Zapnutie alebo vypnutie zarovnania textu a delenia slov:  Prejdite do Nastavenia > iBooks. Niektoré PDF dokumenty a knihy nie je možné zarovnať ani v nich deliť slová. Usporiadanie knižnice Použite knižnicu na prezeranie a usporadúvanie vašich kníh a PDF dokumentov. Položky je taktiež možné usporiadať do zbierok. Podržte prst na knihe pre zmenu usporiadania. Podržte prst na knihe pre zmenu usporiadania. Zobraziť zbierky. Zobraziť zbierky. Presunutie knihy alebo PDF dokumentu do zbierky:  Klepnite na Upraviť. Vyberte položky, ktoré chcete presunúť, klepnite na Presunúť a vyberte zbierku. Prezeranie a spravovanie zbierok:  Klepnutím na názov aktuálnej zbierky vo vrchnej časti obrazovky, ako napríklad Knihy alebo PDF, zobrazte zoznam zbierok. Vstavané zbierky kníh a PDF dokumentov nie je možné upravovať ani vymazávať. Triedenie knižnice:  Klepnutím na stavový riadok prejdite do vrchnej časti obrazovky, klepnite na a v spodnej časti obrazovky vyberte jeden zo spôsobov radenia. Vymazanie položky z knižnice:  Klepnite na Upraviť a klepnutím označte položky určené na vymazanie (zobrazí sa vedľa nich symbol zaškrtnutia). Klepnite na Vymazať. Po skončení klepnite na Hotovo. Ak vymažete zakúpenú knihu, môžete si ju znovu stiahnuť v iBookstore, v časti „Purchases“ (Zakúpené). Vyhľadávanie kníh:  Prejdite do knižnice. Klepnutím na stavový riadok prejdite do vrchnej časti obrazovky a potom klepnite na . Prehľadávané sú názvy kníh a mená autorov. Synchronizácia kníh a PDF dokumentov Pomocou iTunes synchronizujte svoje knihy a PDF dokumenty medzi zariadením iPhone a svojim počítačom. V iTunes môžete tiež kupovať knihy v obchode iTunes Store. Keď je iPhone pripojený k počítaču, panel Knihy vám umožňuje vybrať si položky určené na synchronizáciu. Do knižnice iTunes môžete pridať aj bezplatné knihy typu ePub a PDF dokumenty, ktoré nájdete na webe. Synchronizácia kníh alebo PDF dokumentov so zariadením iPhone:  V iTunes na svojom počítači vyberte Súbor > Pridať do knižnice a vyberte súbor. Následne vykonajte synchronizáciu.Kapitola 30 iBooks 116 Pridanie knihy alebo PDF do iBooks bez synchronizácie:  Ak kniha alebo PDF dokument nie sú príliš veľké, môžete ich odoslať samým sebe emailom z počítača. Na zariadení iPhone otvorte emailovú správu, podržte prst na prílohe a v zobrazenom menu vyberte možnosť Otvoriť v iBooks. Tlačenie a odosielanie PDF dokumentov emailom Aplikácia iBooks umožňuje odosielať kópie PDF dokumentov emailom, ako aj tlač celého PDF dokumentu alebo jeho časti na tlačiarni podporujúcej AirPrint. Odoslanie PDF dokumentu emailom:  Otvorte PDF, klepnite na a vyberte Odoslať emailom. Tlač súboru PDF:  Otvorte PDF, klepnite na a vyberte Tlačiť. Viac informácií nájdete v časti Tlač pomocou funkcie AirPrint na strane 33. Nastavenia iBooks Aplikácia iBooks ukladá vaše zbierky, záložky, poznámky a informácie o aktuálnej strane použitím vášho Apple ID, takže si môžete nerušene čítať knihy na všetkých svojich iOS zariadeniach. iBooks ukladá informácie pre všetky knihy pri otvorení alebo ukončení aplikácie. Jednotlivé knihy sú ukladané aj pri ich otvorení alebo zatvorení. Vypnutie alebo zapnutie synchronizácie:  Prejdite do Nastavenia > iBooks. Synchronizovať môžete aj zbierky a záložky. Niektoré knihy môžu mať prístup k videám alebo zvukovým súborom, ktoré sú uložené na webe. Ak iPhone používa bezdrôtové dátové pripojenie, prehrávanie týchto súborov môže byť spoplatnené operátorom. Vypnutie alebo zapnutie prístupu k online videám alebo zvukovým súborom:  Prejdite do Nastavenia > iBooks > Online audio a video. Zmena smeru otáčania strán po klepnutí na ľavý okraj:  Prejdite do Nastavenia > iBooks > Klepnutie na ľavý okraj.31 117 Stiahnite si v obchode App Store bezplatnú aplikáciu Podcasty a môžete prechádzať, odoberať a prehrávať svoje obľúbené audio a videopodcasty. Zobraziť podcasty vo svojej knižnici. Zobraziť podcasty vo svojej knižnici. Prechádzajte všetky dostupné podcasty. Prechádzajte všetky dostupné podcasty. Klepnutím na podcast zobrazte dostupné epizódy. Klepnutím na podcast zobrazte dostupné epizódy. Prechádzajte a prehrajte si ukážky z najobľúbenejších podcastov. Prechádzajte a prehrajte si ukážky z najobľúbenejších podcastov. Rolovaním prechádzajte celú svoju knižnicu. Rolovaním prechádzajte celú svoju knižnicu. Zobraziť ovládanie prehrávania. Zobraziť ovládanie prehrávania. Získavanie podcastov: • Prechádzanie celého katalógu:  Klepnite na Katalóg a potom klepnite na ľubovoľný podcast, ktorý vás zaujal. • Prechádzanie najobľúbenejších podcastov:  Klepnite na Top stanice (ak táto možnosť nie je zobrazená, klepnite najprv na Knižnica). Potiahnutím prsta doprava alebo doľava zmeníte kategóriu a potiahnutím nahor alebo nadol prechádzate aktuálnu kategóriu. Pre prehratie ukážky poslednej epizódy klepnite na podcast, prípadne klepnite na pre zobrazenie zoznamu epizód. • Streamovanie epizódy:  Klepnite na epizódu. • Stiahnutie epizódy, ktorú si potom môžete prehrať aj bez pripojenia k Wi-Fi:  Klepnite na vedľa ľubovoľnej epizódy. • Odoberanie podcastu kvôli automatickému sťahovaniu nových epizód:  Ak prechádzate katalóg, klepnite na podcast pre zobrazenie zoznamu epizód a potom klepnite na Odoberať. Ak ste si už stiahli epizódu, klepnite na podcast vo svojej knižnici, potom naň klepnite ešte raz vo vrchnej časti zoznamu epizód a zapnite odoberanie. PodcastyKapitola 31 Podcasty 118 • Automatické získanie najnovšej epizódy odoberaného podcastu:  Klepnite na podcast vo svojej knižnici, potom naň klepnite ešte raz vo vrchnej časti zoznamu epizód a zapnite automatické sťahovanie. Ovládanie prehrávania zvuku:  Všetky ovládacie prvky podcastu zobrazíte potiahnutím prsta nahor na grafike aktuálne prehrávaného podcastu. Prehrať predošlú epizódu. Prehrať predošlú epizódu. Zdieľať tento podcast. Zdieľať tento podcast. Skok na ďalšiu epizódu. Skok na ďalšiu epizódu. Skok dopredu o 30 sekúnd. Skok dopredu o 30 sekúnd. Nastavenie časovača. Nastavenie časovača. Potiahnutím indikátora priebehu prehrávania skočíte na inú časť podcastu. Potiahnutím indikátora priebehu prehrávania skočíte na inú časť podcastu. Potiahnutím nahor alebo nadol zobrazíte alebo skryjete ovládanie. Potiahnutím nahor alebo nadol zobrazíte alebo skryjete ovládanie. Úprava rýchlosti prehrávania. Úprava rýchlosti prehrávania. Ovládanie prehrávania videa:  Počas prehrávania videopodcastu klepnite na obrazovku.32 119 Funkcie Prístupnosť iPhone obsahuje nasledujúce funkcie prístupnosti: • VoiceOver • Presmerovanie audia • Hlasová asistentka Siri • Zväčšovanie • Veľký text • Prevrátenie farieb • Funkcia Rozprávať výber • Funkcia Rozprávať autotext • Mono zvuk a vyváženie sterea • Načúvacie prístroje a režim Načúvací prístroj • Priraditeľné zvonenia a vibrácie • Upozorňovanie bleskom • Asistovaný prístup • AssistiveTouch • Podpora braillových displejov • Prehrávanie textu skrytých titulkov Zapínanie funkcií prístupnosti pomocou iPhonu:  Prejdite do Nastavenia > Všeobecné > Prístupnosť. Zapínanie funkcií prístupnosti pomocou iTunes:  Pripojte iPhone k svojmu počítaču a v zozname zariadení v iTunes vyberte iPhone. Kliknite na Zhrnutie a v spodnej časti obrazovky so zhrnutím kliknite na Nastaviť Univerzálny prístup. Viac informácií o funkciách prístupnosti na iPhone nájdete na adrese www.apple.com/accessibility. Funkciu Veľký text je možné zapnúť alebo vypnúť len v nastaveniach na vašom iPhone. Viac v časti Veľký text na strane 130. VoiceOver Funkcia VoiceOver nahlas popisuje dianie na obrazovke, takže môžete používať iPhone bez toho, aby ste ho videli. Funkcia VoiceOver popisuje každú položku na obrazovke, ktorú označíte. Ak na obrazovke vyberiete nejakú položku, bude označená kurzorom VoiceOver (čierny obdĺžnik) a VoiceOver prečíta jej názov alebo ju popíše. PrístupnosťKapitola 32 Prístupnosť 120 Ak chcete, aby VoiceOver prečítal iné položky na obrazovke, dotknite sa obrazovky, prípadne potiahnite prsty na obrazovke. Ak vyberiete text, VoiceOver ho prečíta. Ak zapnete funkciu Hlasové nápovedy, VoiceOver môže vysloviť názov danej položky, a poskytnúť inštrukcie — napríklad „klepnite dvakrát pre otvorenie“. Ak chcete interagovať s položkami na obrazovke, ako sú tlačidlá alebo odkazy, použite gestá popísané v časti Gestá funkcie VoiceOver na strane 122. Ak prejdete na inú obrazovku, VoiceOver prehrá zvuk a potom označí a popíše prvú položku na obrazovke (najčastejšie je to položka v ľavom hornom rohu). VoiceOver vás tiež informuje o zmene orientácie displeja a odomknutí resp. uzamknutí obrazovky. Poznámka:  VoiceOver rozpráva jazykom vybraným v nastavení Medzinárodné. Jazyk môže byť ovplyvnený nastavením formátu regiónu v Nastavenia > Všeobecné > Medzinárodné. Funkcia VoiceOver je dostupná pre mnohé jazyky, nie však pre všetky. Základy funkcie VoiceOver Dôležité:  Funkcia VoiceOver mení gestá, ktorými ovládate iPhone. Akonáhle je funkcia VoiceOver zapnutá, musíte na ovládanie iPhonu používať gestá VoiceOver, dokonca aj keď chcete vypnúť samotnú funkciu VoiceOver a pokračovať v normálnom režime. Vypnutie a zapnutie funkcie VoiceOver:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver. Vypnúť a zapnúť VoiceOver môžete aj trojitým stlačením tlačidla Domov. Viac v časti Trojité stlačenie tlačidla Domov na strane 129. Preskúmanie obrazovky:  Prejdite prstom po displeji. VoiceOver vysloví každú položku, ktorej sa dotknete. Zdvihnutím prsta ponecháte danú položku vybratú. • Výber položky:  Klepnite na položku alebo počas ťahania prsta cez danú položku zdvihnite prst. • Výber ďalšej alebo predošlej položky:  Potiahnite jeden prst doľava alebo doprava. Poradie položiek je zľava doprava, zhora nadol. • Výber položky nad alebo pod:  Pomocou rotora zapnite vertikálnu navigáciu a potom potiahnite jeden prst nahor alebo nadol. • Výber prvej alebo poslednej položky na obrazovke:  Potiahnite nahor alebo nadol štyri prsty. • Výber položky podľa jej názvu:  Klepnutím trikrát dvoma prstami kdekoľvek na obrazovke otvoríte Výber položky. Potom zadajte názov do vyhľadávacieho poľa, prípadne potiahnite prst doprava alebo doľava pre prechádzanie zoznamu v abecednom poradí. Môžete tiež klepnúť na register vpravo od zoznamu a potiahnutím nahor alebo nadol rýchlo prechádzať položky v zozname. • Zmena názvu vybratej položky (jej vyhľadávanie tak bude jednoduchšie):  Podržte dva prsty kdekoľvek na obrazovke. • Prečítanie textu vybranej položky:  Nastavte ovládanie rotora na znaky alebo slová a potom potiahnite jeden prst nahor alebo nadol. • Vypnutie alebo zapnutie funkcie hlasovej nápovedy:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver. • Použitie fonetického hláskovania:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver > Použiť fonetiku. • Čítanie celej obrazovky počnúc jej vrchnou časťou:  Potiahnite nahor dva prsty. • Čítanie od aktuálnej položky až na spodok obrazovky:  Potiahnite nadol dva prsty.Kapitola 32 Prístupnosť 121 • Zastavenie čítania:  Klepnite raz dvoma prstami. Ak chcete, aby rozprávanie pokračovalo, znovu klepnite dvoma prstami. Rozprávanie bude pokračovať po označení ďalšej položky. • Stíšenie funkcie VoiceOver:  Klepnite trikrát tromi prstami. Ak chcete zrušiť stíšenie, znovu klepnite trikrát troma prstami. Ak chcete vypnúť len zvuky funkcie VoiceOver, prepnite tlačidlo Zvoniť/Ticho do polohy Ticho. Ak máte pripojenú externú klávesnicu, môžete stíšiť/ zrušiť stíšenie funkcie VoiceOver stlačením klávesu Control. Nastavenie čítajúceho hlasu:  Môžete upraviť špecifiká čítajúceho hlasu funkcie VoiceOver pre jeho ľahšie pochopenie: • Úprava hlasitosti rozprávania:  Použite tlačidlá hlasitosti na iPhone. Hlasitosť môžete pridať aj do rotora a potom ju upravovať potiahnutím nahor alebo nadol. Podrobnosti nájdete v téme Používanie rotora VoiceOver na strane 124. • Úprava rýchlosti rozprávania:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver a potiahnite posuvník pre Rýchlosť rozprávania. Rýchlosť rozprávania môžete pridať aj do rotora a potom ju upravovať potiahnutím nahor alebo nadol. • Používanie zmien výšky:  VoiceOver bude používať vyšší tón pri vyslovovaní prvej položky zo skupiny (ako je zoznam alebo tabuľka) a nižší tón pri vyslovovaní poslednej položky. Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver > Meniť výšky. • Zmena jazyka iPhonu:  Prejdite do Nastavenia > Všeobecné > Medzinárodné > Jazyk. Výslovnosť funkcie VoiceOver je pre niektoré jazyky ovplyvnená nastavením v položke Nastavenia > Všeobecné > Medzinárodné > Formát regiónu. • Zmena výslovnosti:  Nastavte rotor na Jazyk a potom potiahnite prst smerom nahor alebo nadol. Možnosť Jazyk je na rotore dostupná len ak ste vybrali viac ako jednu výslovnosť. • Výber výslovností dostupných v jazykovom rotore:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver > Jazykový rotor. Ak chcete zmeniť polohu jazyka v zozname, potiahnite nahor alebo nadol. • Zmena základného hlasu čítania:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver > Použiť kompaktný hlas. Používanie iPhonu pomocou funkcie VoiceOver Odomknutie iPhonu:  Zvoľte ovládací prvok odomknutia a klepnite dvakrát na obrazovku. „Klepnutie“ pre aktiváciu danej položky:  Dvakrát klepnite na ľubovoľné miesto na obrazovke. „Dvojité klepnutie“ na označenú položku:  Trikrát klepnite na ľubovoľné miesto na obrazovke. Ovládanie posuvníkov:  Zvoľte posuvník a následne potiahnite jeden prst nahor alebo nadol. Používanie štandardných gest so zapnutou funkciou VoiceOver:  Dvakrát klepnite prstom na obrazovku a podržte ho tam. Séria tónov vás upozorní na to, že môžete používať štandardné gestá. Štandardné gestá môžete používať až kým nezdvihnete prst z displeja – vtedy začnú fungovať gestá funkcie VoiceOver. Rolovanie v zozname alebo na obrazovke:  Potiahnite nahor alebo nadol tri prsty. Ak posúvate stránky zoznamu, funkcia VoiceOver vás bude informovať o rozsahu zobrazených položiek (napríklad „Zobrazené sú riadky 5 až 10“). • Plynulé rolovanie zoznamu:  Klepnite dvakrát a podržte prst na displeji. Po tom, čo zaznie séria tónov, môžete ťahaním prsta smerom nahor alebo nadol plynule rolovať v zozname. Akonáhle zdvihnete prst z displeja, bude plynulé rolovanie ukončené.Kapitola 32 Prístupnosť 122 • Používanie registrov:  V niektorých zoznamoch je na pravej strane zobrazený abecedný register. Register nie je možné označiť prepínaním medzi jednotlivými položkami. Dá sa označiť len priamym dotykom. V registri sa pohybujete potiahnutím prsta smerom nahor alebo nadol. Môžete tiež klepnúť dvakrát a posúvať prst smerom nahor alebo nadol. • Preusporiadanie zoznamu:  Môžete zmeniť poradie položiek v niektorých zoznamoch ako napríklad súčasti rotora a jazykového rotora v nastaveniach Prístupnosť. Vyberte v pravej časti zoznamu, klepnite dvakrát a podržte prst na obrazovke, až kým nezaznie zvuk. Potom potiahnite položku smerom nahor alebo nadol. VoiceOver prečíta názov položky nad alebo pod presúvanou položkou, v závislosti od smeru, ktorým ju presúvate. Úprava plochy:  Na ploche označte ikonu, ktorú chcete presunúť. Klepnite dvakrát na ikonu a podržte na nej prst. Potom ikonu potiahnite. VoiceOver vás počas presúvania ikony bude informovať, v ktorom riadku a stĺpci sa nachádza. Ak sa ikona nachádza na želanom mieste pustite ju. Môžete presúvať ďalšie ikony. Ak chcete položku presunúť na inú stránku plochy, potiahnite ju k ľavému alebo pravému okraju obrazovky. Po dokončení úprav stlačte tlačidlo Domov . Prečítanie informácií o stave iPhonu:  Ak si chcete vypočuť informácie o nabití batérie, sile Wi-Fi signálu a ďalšie, klepnite na vrchnú časť obrazovky. Prečítanie hlásení:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver a zapnite možnosť Rozprávať hlásenia. Hlásenia, vrátane textu v prijatých správach, sú čítané okamžite pri ich prijatí, dokonca aj keď je iPhone zamknutý. Hlásenia, na ktoré ste nereagovali, budú po odomknutí iPhonu zopakované. Zapnutie alebo vypnutie clony obrazovky:  Klepnite štyrikrát troma prstami. Ak je clona obrazovky zapnutá, je obsah obrazovky aktívny aj napriek tomu, že je displej vypnutý. Gestá funkcie VoiceOver Ak je funkcia VoiceOver zapnutá, štandardné dotykové gestá sa zmenia. Tieto gestá spolu s niektorými ďalšími gestami vám umožňujú pohyb na obrazovke a ovládanie jednotlivých položiek (položky, ktoré chcete ovládať, musia byť najprv označené). Gestá VoiceOver zahŕňajú klepnutie a potiahnutie použitím dvoch alebo troch prstov. Gestá využívajúce dva a tri prsty fungujú spoľahlivejšie, ak sa uvoľníte a ponecháte medzi prstami dostatočne veľké medzery. Gestá funkcie VoiceOver je možné vykonávať použitím rôznych techník. Napríklad klepnutie dvoma prstami môžete vykonať dvoma prstami jednej ruky alebo jedným prstom z každej ruky. Môžete použiť aj palce. Množstvo užívateľov pokladá za obzvlášť efektívne gestá typu „rozdelené klepnutie“: namiesto označenia položky a klepnutia dvakrát môžete klepnúť na položku a podržať na nej jeden prst a potom klepnúť na obrazovku iným prstom. Vyskúšajte si rôzne techniky a nájdite tú, s ktorou sa vám pracuje najlepšie. Ak gestá nefungujú, skúste zrýchliť svoje pohyby. Platí to najmä pre gestá využívajúce klepnutie dvakrát a potiahnutie prstov. Pre potiahnutie skúste rýchlo pošúchať displej prstom resp. prstami. Po zapnutí funkcie VoiceOver sa zobrazí tlačidlo Precvičovanie VoiceOver, vďaka ktorému si môžete pred pokračovaním precvičiť gestá funkcie VoiceOver. Cvičenie gest funkcie VoiceOver:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver a potom klepnite na Precvičovanie VoiceOver. Ak ste skončili s precvičovaním, klepnite na Hotovo. Ak tlačidlo Precvičovanie VoiceOver nie je zobrazené, uistite sa, že je funkcia VoiceOver zapnutá.Kapitola 32 Prístupnosť 123 Prehľad dôležitých gest VoiceOver: Navigácia a čítanie • Klepnutie:  Prečítať položku. • Potiahnutie prsta doprava alebo doľava:  Vybrať nasledujúcu alebo predchádzajúcu položku. • Potiahnutie prsta nahor alebo nadol:  Závisí od nastavenia ovládania rotora. Viac v časti Používanie rotora VoiceOver na strane 124. • Klepnutie dvoma prstami:  Zastaviť čítanie aktuálnej položky. • Švihnutie nahor dvoma prstami:  Čítať všetko od hornej časti obrazovky. • Švihnutie nadol dvoma prstami:  Čítať všetko od aktuálnej polohy kurzora. • „Šúchanie“ dvoma prstami:  Posuňte dva prsty dopredu a dozadu trikrát rýchlo po sebe (opíšte „z“ ), ak chcete zrušiť pripomienku, alebo sa vrátiť na predošlú obrazovku. • Potiahnutie troch prstov nahor alebo nadol:  Rolovať po jednotlivých stranách. • Potiahnutie troch prstov doprava alebo doľava:  Prejsť na predošlú alebo ďalšiu stranu (ako napríklad plocha, Akcie alebo Safari). • Klepnutie troma prstami:  Prerozprávať dodatočné informácie, ako je napríklad poloha v zozname alebo či je vybraný text. • Klepnutie štyrmi prstami vo vrchnej časti obrazovky:  Označiť prvú položku na strane. • Klepnutie štyrmi prstami v spodnej časti obrazovky:  Označiť poslednú položku na strane. Aktivácia • Klepnutie dvakrát:  Aktivovať označenú položku. • Klepnutie trikrát:  Klepnutie dvakrát na položku. • Rozdelené klepnutie:  Alternatívou k označeniu položky a klepnutiu dvakrát pre jej aktiváciu je dotknúť sa jej jedným prstom a klepnúť na obrazovku iným prstom. • Klepnutie dvakrát a podržanie (1 sekundu) + štandardné gesto:  Použiť štandardné gesto. Dvojitým klepnutím a následným podržaním prsta na displeji nariadite iPhonu, aby nasledujúce gesto interpretoval ako štandardné. Napríklad ak klepnete dvakrát a podržíte prst na displeji, môžete potom bez jeho zdvihnutia potiahnutím prepnúť prepínač. • Klepnutie dvoma prstami dvakrát:  Odpovedať na hovor alebo ho ukončiť. Prehrávať alebo pozastaviť v aplikáciách Hudba, Videá, Diktafón alebo Fotky. Spraviť fotografiu v aplikácii Kamera. Spustiť alebo zastaviť nahrávanie v aplikáciách Fotoaparát alebo Diktafón. Spustiť alebo zastaviť stopky. • Klepnutie dvakrát dvoma prstami a podržanie prstov na displeji:  Zmeniť popis položky a uľahčiť tak jej vyhľadávanie. • Klepnutie trikrát dvoma prstami:  Otvoriť Výber položky. • Klepnutie trikrát tromi prstami:  Stíšiť alebo zrušiť stíšenie funkcie VoiceOver. • Štvorité klepnutie troma prstami:  Zapnúť alebo vypnúť clonu obrazovky.Kapitola 32 Prístupnosť 124 Používanie rotora VoiceOver Pomocou rotora si môžete vybrať, čo sa stane po potiahnutí nahor alebo nadol pri zapnutej funkcii VoiceOver. Ovládanie rotora:  Otočte dva prsty na obrazovke zariadenia iPhone okolo bodu medzi nimi. Zmena možností, ktoré sú zahrnuté v rotore:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver > Rotor a vyberte možnosti, ktoré chcete zahrnúť do rotora. Funkcia nastavenia rotora pritom závisí od toho, čo práve robíte. Napríklad ak čítate email, môžete použiť rotor na výber (potiahnutím nahor alebo nadol) medzi vyslovovaním po znakoch alebo po slovách. Pri prezeraní webovej stránky môžete nastaviť rotor na čítanie celého textu (po slovách alebo po znakoch), alebo prechod z jedného typu položky (ako sú napr. odkazy alebo hlavičky) na iný. Zadávanie a upravovanie textu použitím funkcie VoiceOver Ak vstúpite do upraviteľného textového poľa, môžete na zadávanie textu použiť dotykovú klávesnicu alebo externú klávesnicu pripojenú k svojmu iPhonu. Zadávanie textu:  Označte textové pole, klepnite dvakrát pre zobrazenie kurzora a dotykovej klávesnice a potom zadávajte znaky. • Štandardné písanie:  Potiahnutím do strán vyberte znak na klávesnici a zadajte ho klepnutím dvakrát. Prípadne potiahnite prst po klávesnici, podržte ho na požadovanom klávese a klepnite na obrazovku iným prstom. VoiceOver vysloví kláves pri jeho označení a aj pri jeho zadaní. • Dotykové písanie:  Dotykom vyberte kláves na klávesnici a zdvihnutím prsta zadajte znak. Ak sa dotknete nesprávneho klávesu, presuňte prst na požadovaný kláves a označte ho. VoiceOver vysloví znak každého klávesu, ktorého sa dotknete, znak však zadá až po zdvihnutí prsta. Dotykové písanie funguje len pre klávesy na zadávanie textu – v prípade ostatných klávesov ako Shift, Delete a Return použite štandardný spôsob zadávania. • Výber štandardného alebo dotykového písania:  So zapnutou funkciou VoiceOver a klávesom označeným na klávesnici vyberte v rotore možnosť Režim písania a potom potiahnite prst smerom nahor alebo nadol. Presúvanie kurzora:  Potiahnutím nahor alebo nadol presúvate kurzor dopredu alebo dozadu v texte. Pre výber presúvania kurzora po znakoch, slovách alebo po riadkoch použite rotor. VoiceOver prehrá pri presune kurzora zvuk a vysloví znak, slovo alebo riadok, cez ktorý sa kurzor posunul. Pri presúvaní smerom dopredu po slovách bude kurzor umiestnený na koniec každého slova, pred medzeru alebo interpunkčné znamienko, ktoré za ním nasleduje. Pri presúvaní smerom dozadu bude kurzor umiestnený na koniec predošlého slova, pred medzeru alebo interpunkčné znamienko, ktoré za ním nasleduje. Vloženie kurzora za interpunkčné znamienko na konci slova alebo vety:  Použite rotor na prepnutie späť na režim znakov.Kapitola 32 Prístupnosť 125 Pri presúvaní kurzora po riadkoch vyslovuje VoiceOver každý riadok, cez ktorý ho presuniete. Pri presúvaní smerom dopredu bude kurzor umiestnený na začiatok nasledujúceho riadku (s výnimkou posledného riadku odstavca, kedy bude kurzor umiestnený na koniec vysloveného riadku). Pri presúvaní smerom dozadu bude kurzor umiestnený na začiatok vyslovovaného riadku. Zmena odozvy na písanie:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver > Odozva písania. Použitie fonetiky v odozve na písanie:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver > Použiť fonetiku. Text bude čítaný po jednotlivých znakoch. VoiceOver najprv prečíta znak a potom jeho fonetický ekvivalent — napríklad „f“ a potom „františek“. Vymazanie znaku:  Označte kláves a klepnite dvakrát, prípadne použite rozdelené klepnutie. Tento postup musíte zachovať aj v prípade, že používate dotykové písanie. Ak chcete naraz vymazať viacero znakov, podržte prst na klávese Delete (Vymazať) a potom ďalším prstom klepnite na obrazovku jedenkrát pre každý znak, ktorý chcete vymazať. VoiceOver vysloví znak počas jeho vymazávania. Ak máte zapnutú funkciu Meniť výšky, VoiceOver bude vyslovovať vymazávané znaky nižším tónom. Označenie textu:  Nastavte rotor na Upraviť, potiahnutím nahor alebo nadol vyberte Označiť alebo Označiť všetko a klepnite dvakrát. Ak vyberiete možnosť Označiť, bude označené slovo, ktoré sa nachádza najbližšie pri kurzore pri klepnutí dvakrát. Ak vyberiete možnosť Označiť všetko, bude označený celý text. Veľkosť výberu môžete meniť pomocou gesta rozovretia alebo zovretia dvoch prstov. Vystrihovanie, kopírovanie alebo vkladanie:  Uistite sa, že je rotor nastavený na Upraviť. Ak máte označený text, potiahnite prst nahor alebo nadol pre výber jednej z možností (Vystrihnúť, Kopírovať alebo Vložiť) a potom klepnite dvakrát. Odvolať:  Zatraste iPhonom, potiahnutím prsta doprava alebo doľava vyberte akciu, ktorú chcete odvolať a potom klepnite dvakrát. Vloženie znaku s diakritikou:  V štandardnom režime písania označte znak bez diakritiky, klepnite dvakrát a podržte prst, až kým sa neprehrá zvuk, ktorý upozorňuje na zobrazenie alternatívnych znakov. Potiahnite prst smerom doprava alebo doľava pre označenie a vypočutie si vybraných znakov. Zdvihnutím prsta vložíte do textu vybraný znak. Zmena jazyka klávesnice:  Nastavte rotor na Jazyk a potom potiahnite prst smerom nahor alebo nadol. Ak chcete použiť jazyk zvolený v Medzinárodných nastaveniach, vyberte možnosť „Predvolený jazyk“. Jazykový rotor sa vám zobrazí len v prípade, že máte zvolený viac ako jeden jazyk v Nastavenia > Všeobecné > Prístupnosť > VoiceOver > Jazykový rotor. Vykonávanie telefónnych hovorov pomocou VoiceOver Prijatie alebo ukončenie hovoru:  Klepnite na obrazovku dvakrát dvomi prstami. Ak nadviažete telefónny hovor a funkcia VoiceOver je zapnutá, na obrazovke sa namiesto možností hovoru zobrazí numerická klávesnica. Zobrazenie možností hovoru:  Označte tlačidlo Skryť kláv. v pravom dolnom rohu a klepnite dvakrát. Opätovné zobrazenie numerickej klávesnice:  Označte tlačidlo Klávesnica v blízkosti stredu obrazovky a klepnite dvakrát.Kapitola 32 Prístupnosť 126 Používanie VoiceOver s aplikáciou Safari Pri prehľadávaní webu v aplikácii Safari so zapnutou funkciou VoiceOver vám rotor s výsledkami vyhľadávania umožní vypočuť si zoznam navrhovaných vyhľadávaných fráz. Vyhľadávanie na webe:  Vyberte vyhľadávacie pole, zadajte hľadaný termín a potom potiahnutím prsta do strán prechádzajte zoznam navrhovaných termínov. Potom klepnutím dvakrát na obrazovku vyhľadajte na webe požadovaný termín. Nastavenie možností rotora pre prehliadanie internetu:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver > Rotor. Klepnutím označte alebo odznačte možnosti, prípadne potiahnite nahor pre zmenu poradia položiek. Preskakovanie obrázkov počas navigácie:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver > Navigovať v obrázkoch. Môžete sa rozhodnúť, či chcete preskakovať všetky obrázky, alebo len tie bez popisov. Odstránenie rušivých prvkov zo stránky pre jednoduchšie čítanie a navigáciu:  V poli pre adresu v Safari vyberte položku Čítačka (nie je dostupná pre všetky stránky). Používanie VoiceOver s aplikáciou Mapy VoiceOver môžete použiť na preskúmanie mapy, prechádzanie zaujímavých lokalít, sledovanie ciest zväčšovanie alebo získanie informácií o lokalite. Preskúmanie mapy:  Ťahajte prst po obrazovke, prípadne sa presúvajte medzi položkami potiahnutím to strán. Zväčšovanie a zmenšovanie:  Vyberte mapu, nastavte rotor na Zväčšovanie a potom potiahnite jeden prst nahor alebo nadol. Posúvanie mapy:  Potiahnite tri prsty. Prechádzanie zobrazených bodov záujmu:  Nastavte rotor na Body záujmu a potom potiahnite jeden prst nahor alebo nadol. Sledovanie cesty:  Podržte prs na ceste, počkajte, kým nezaznie „pozastaviť kvôli sledovaniu“ a potom ťahajte prst po ceste za asistencie tónu. Ak sa váš prst vzdiali od cesty, zosilnie výška tónu. Výber značky:  Dotknite sa značky, prípadne potiahnutím do strán vyberte značku. Získanie informácií o lokalite:  Ak je vybraná značka, klepnutím dvakrát zobrazíte informácie. Potiahnutím doprava alebo doľava označte tlačidlo Viac informácií a klepnutím dvakrát zobrazte obrazovku s informáciami. Čítanie názvov lokalít počas pohybu na mape:  Zapnite sledovanie s kurzom pre čítanie mien ulíc a záujmových bodov počas pohybu na mape. Upravovanie videí a nahrávok pomocou funkcie VoiceOver Gestá VoiceOver môžete použiť na orezanie videí natočených pomocou kamery a nahratých hlasových nahrávok. Orezanie nahrávky:  Na obrazovke s nahrávkami označte tlačidlo vpravo od nahrávky, ktorú chcete orezať a klepnite dvakrát. Označte možnosť Orezať a klepnite dvakrát. V nástroji na orezávanie vyberte začiatok a koniec orezanej časti. Potiahnite nahor pre posunutie doprava alebo nadol pre posunutie doľava. VoiceOver vás bude informovať o čase, ktorý bude orezaný z nahrávky. Ak chcete dokončiť orezávanie nahrávky, označte tlačidlo Orezať nahrávku a klepnite dvakrát.Kapitola 32 Prístupnosť 127 Skrátenie videa:  Počas prehrávania videa v aplikácii Fotky klepnite dvakrát na obrazovku pre zobrazenie ovládacích prvkov videa a potom vyberte počiatočný alebo koncový bod nástroja na orezanie. Potiahnutím nahor ťaháte okraje označeného výberu doprava a potiahnutím nadol doľava. VoiceOver vás bude informovať o čase, ktorý bude orezaný z nahrávky. Ak chcete dokončiť orezávanie, označte možnosť Orezať a klepnite dvakrát. Ovládanie funkcie VoiceOver pomocou bezdrôtovej Apple klávesnice VoiceOver môžete ovládať pomocou bezdrôtovej Apple klávesnice spárovanej s iPhonom. Viac v časti Bezdrôtová Apple klávesnica na strane 27. Pomocou klávesových príkazov VoiceOver sa môžete pohybovať po obrazovke, vyberať položky, čítať obsah obrazovky, upraviť rotor a vykonávať ďalšie úkony funkcie VoiceOver. Všetky klávesové príkazy (s výnimkou jedného) zahŕňajú použitie klávesov Control-Option. Tieto sú v tabuľke označené ako „VO“. Pomocník VoiceOver vyslovuje počas písania klávesy alebo klávesové príkazy. Prostredníctvom pomocníka VoiceOver sa môžete zoznámiť s rozložením klávesnice a úkonmi priradenými ku klávesovým kombináciám. Klávesové príkazy funkcie VoiceOver VO = Control-Option • Čítať všetko počnúc aktuálnou polohou kurzora:  VO–A • Čítať od vrchu:  VO–B • Presun na stavový riadok:  VO–M • Stlačenie tlačidla Domov:  VO–H • Výber ďalšej alebo predošlej položky:  VO–šípka vpravo alebo VO–šípka vľavo • Klepnutie na položku:  VO–medzerník • Klepnutie dvakrát dvomi prstami:  VO–„-“ • Výber ďalšej alebo predchádzajúcej položky rotora:  VO–šípka nahor alebo VO–šípka nadol • Výber ďalšej alebo predchádzajúcej položky rečového rotora:  VO–Command–šípka vpravo alebo VO–Command–šípka vľavo • Úprava položky rečového rotora:  VO–Command–šípka nahor alebo VO–Command–šípka nadol • Stíšenie alebo zrušenie stíšenia funkcie VoiceOver:  VO–S • Zapnutie alebo vypnutie clony obrazovky:  VO–Shift-S • Zapnutie Pomocníka VoiceOver:  VO–K • Návrat na predchádzajúcu obrazovku alebo vypnutie pomocníka VoiceOver:  Escape (ESC) Rýchla navigácia Ak zapnete funkciu Rýchla navigácia, môžete ovládať funkciu VoiceOver pomocou kláves šípok. • Zapnutie alebo vypnutie rýchlej navigácie:  Šípka vľavo-šípka vpravo • Výber ďalšej alebo predošlej položky:  Šípka vpravo alebo šípka vľavo • Výber ďalšej alebo predchádzajúcej položky rotora:  Šípka nahor alebo šípka nadol • Výber prvej alebo poslednej položky:  Control–šípka nahor alebo Control–šípka nadol • „Klepnutie“ na položku:  Šípka nahor-šípka nadol • Rolovanie nahor, nadol, doľava alebo doprava:  Option–šípka nahor, Option–šípka nadol, Option–šípka vľavo, or Option–šípka vpravo • Zmena rotora:  Šípka nahor–šípka vľavo alebo Šípka nahor–šípka vpravoKapitola 32 Prístupnosť 128 Klávesy s číslicami na bezdrôtovej Apple klávesnici môžete použiť aj na vytáčanie telefónnych čísiel v aplikácii Telefón, alebo na zadávanie číslic v aplikácii Kalkulačka. Rýchla navigácia na webe pomocou jedného písmena Pri prezeraní webových stránok so zapnutou funkciou Rýchla navigácia sa môžete rýchlo pohybovať na stránke použitím nasledujúcich kláves: Stlačením klávesu presuniete kurzor na nasledujúcu položku daného typu. Ak chcete prejsť na predchádzajúcu položku, podržte zároveň stlačený kláves Shift. • Hlavičky:  H • Odkaz:  L • Textové pole:  R • Tlačidlo:  B • Ovládanie formulárov:  C • Obrázok:  I • Tabuľka:  T • Statický text:  S • Orientačný bod ARIA:  W • Zoznam:  X • Položka rovnakého typu:  M • Nadpis úrovne 1:  1 • Nadpis úrovne 2:  2 • Nadpis úrovne 3:  3 • Nadpis úrovne 4:  4 • Nadpis úrovne 5:  5 • Nadpis úrovne 6:  6 Použitie braillovho displeja s funkciou VoiceOver Na prečítanie výstupu funkcie VoiceOver v braillovom písme môžete použiť braillov displej s technológiou Bluetooth a možnosťou obnovenia. Tento displej môžete použiť so vstupnými klávesmi a inými prvkami na ovládanie zariadenia iPhone v prípade, že funkcia VoiceOver je zapnutá. iPhone pracuje s mnohými bezdrôtovými braillovými displejmi. Zoznam podporovaných displejov nájdete na adrese www.apple.com/accessibility/iphone/braille-display.html. Nastavenie braillovho displeja:  Zapnite displej a potom prejdite do Nastavenia > Bluetooth a zapnite Bluetooth. Potom prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver > Slepecké písmo a vyberte displej. Vypínanie a zapínanie skratkopisu alebo 8-bodového slepeckého písma:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > VoiceOver > Slepecké písmo. Informácie o bežných braillových príkazoch pre navigáciu funkcie VoiceOver a ďalšie špecifické informácie pre určité displeje nájdete na adrese support.apple.com/kb/HT4400. Braillov displej používa jazyk nastavený pre Ovládanie hlasom. Štandardne je to jazyk nastavený pre iPhone v Nastavenia > Medzinárodné > Jazyk. V nastavení jazyka funkcie VoiceOver môžete nastaviť iný jazyk pre funkciu VoiceOver a pre braillov displej. Nastavenie jazyka VoiceOver:  Prejdite do Nastavenia > Všeobecné > Medzinárodné > Ovládanie hlasom a potom vyberte jazyk.Kapitola 32 Prístupnosť 129 Ak zmeníte jazyk pre iPhone, budete zrejme musieť znovu nastaviť jazyk pre funkciu VoiceOver a pre braillov displej. Krajné bunky braillovho displeja môžete nastaviť tak, že budú zobrazovať stav systému alebo ďalšie informácie: • História oznamov obsahuje neprečítanú správu • Aktuálna správa histórie oznamov zatiaľ nebola prečítaná • Rozprávanie funkcie VoiceOver je stíšené • Batéria iPhonu je takmer vybitá (kapacita je nižšia ako 20 %) • iPhone je orientovaný na šírku • Obrazovka je vypnutá • Aktuálny riadok obsahuje ďalší text vľavo • Aktuálny riadok obsahuje ďalší text vpravo Nastavenie krajných buniek na zobrazovanie stavových informácií:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Slepecké písmo > Stavová bunka a klepnite na Vľavo alebo Vpravo. Zobrazenie rozšíreného popisu stavovej bunky:  Na vašom braillovom displeji stlačte tlačidlo smerovača stavovej bunky. Presmerovanie zvuku prichádzajúcich hovorov Zvuk prichádzajúcich hovorov môžete automaticky presmerovať zo slúchadla iPhonu do náhlavnej sady alebo reproduktora. Presmerovanie zvuku prichádzajúcich hovorov:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Prichádzajúce hovory a vyberte výstup pre prichádzajúce hovory. Siri Pomocou Siri môžete vykonávať úlohy (napríklad otvárať aplikácie) tak, že jednoducho poviete, čo chcete spraviť. VoiceOver zároveň môže čítať odpovede Siri určené pre vás. Viac v časti kapitola 4, Siri, na strane 39. Trojité stlačenie tlačidla Domov Trojité stlačenie tlačidla Domov vám umožňuje zapínať a vypínať niektoré funkcie Prístupnosti stlačením tlačidla Domov  trikrát rýchlo po sebe. Trojité stlačenie tlačidla Domov môžete použiť pre: • VoiceOver • Prevrátenie farieb • Zväčšovanie • AssistiveTouch • Ovládanie načúvacieho prístroja • Asistovaný prístup (trojité stlačenie spustí Asistovaný prístup len ak je zapnutý Viac v časti Asistovaný prístup na strane 132. Nastavenie trojitého stlačenia tlačidla Domov:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Trojité stlačenie Domov. Ak ste vybrali viac ako jednu funkciu, budete po každom trojitom stlačení požiadaný o výber funkcie, ktorú chcete použiť.Kapitola 32 Prístupnosť 130 Spomalenie rýchlosti stláčania:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Rýchlosť stlačenia tlačidla. Zväčšovanie Množstvo aplikácií vám umožňuje zväčšovať a zmenšovať vybrané položky na obrazovke. Napríklad v Safari môžete klepnutím dvakrát alebo použitím dvoch prstov zväčšovať časti webových stránok. Je tu však aj funkcia prístupnosti Zväčšovanie, pomocou ktorej môžete zväčšiť celú obrazovku počas používania ľubovoľnej aplikácie. Zväčšovanie môžete používať súčasne s funkciou VoiceOver. Zapnutie funkcie Zväčšovanie:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Zväčšovanie. Prípadne použite funkciu Trojité stlačenie Domov. Viac v časti Trojité stlačenie tlačidla Domov na strane 129. Zväčšovanie a zmenšovanie:  Klepnite na obrazovku dvakrát troma prstami. Zmena úrovne zväčšenia:  Klepnite na obrazovku troma prstami a potiahnite ich nahor alebo nadol. Toto gesto sa podobá na klepnutie dvakrát, avšak po druhom klepnutí nezdvihnete prsty, ale potiahnete ich po obrazovke. Po začatí ťahania môžete pokračovať v ťahaní už len jedným prstom. iPhone sa po opätovnom zväčšení alebo zmenšení pomocou gesta dvojtého klepnutia pomocou troch prstov vráti späť na nastavenú úroveň zväčšenia. Pohyb po obrazovke:  Počas zväčšenia potiahnite obrazovku troma prstami. Akonáhle začnete ťahať, môžete používať už len jeden prst, takže vidíte väčšiu časť obrazovky. Prípadne podržte prst v blízkosti okraja obrazovky pre pohyb do daného smeru. Čím bližšie sa váš prst nachádza pri okraji obrazovky, tým je pohyb rýchlejší. Po otvorení novej obrazovky sa zväčšenie presunie do hornej a strednej časti obrazovky. Ak používate Zväčšovanie s bezdrôtovou Apple klávesnicou (viac v časti Bezdrôtová Apple klávesnica na strane 27), pohybuje sa zväčšená časť obrazovky spolu s kurzorom tak, že sa tento neustále nachádza v jej strede. Veľký text Funkcia Veľký text vám umožňuje zväčšiť text v pripomienkach a aplikáciách Kalendár, Kontakty, Mail, Správy a Poznámky. Nastavenie veľkosti textu:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Veľký text. Prevrátenie farieb V niektorých prípadoch môže prevrátenie farieb na obrazovke iPhonu zjednodušiť čítanie textu. Ak je funkcia Prevrátenie farieb zapnutá, obrazovka vyzerá ako fotografický negatív. Obrátenie farieb obrazovky:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Prevrátiť farby. Rozprávať výber Aj keď je funkcia VoiceOver vypnutá, môžete nastaviť iPhone tak, nahlas čítal označený text. iPhone najprv analyzuje text kvôli identifikácii jazyka a potom ho prečíta so správnou výslovnosťou. Zapnutie funkcie Rozprávať výber:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Rozprávať výber. Môžete tiež:Kapitola 32 Prístupnosť 131 • Upraviť rýchlosť rozprávania • Vybrať zvýrazňovanie jednotlivých slov počas čítania Prečítanie textu:  Označte text a klepnite na Rozprávať. Funkcia Rozprávať autotext Funkcia Rozprávať autotext číta počas písania na klávesnici iPhonu navrhované slová a opravy. Zapnutie a vypnutie funkcie Rozprávať autotext:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Rozprávať autotext. Funkciu Rozprávať auto text je možné používať súčasne s funkciami VoiceOver a Zväčšovanie. Mono zvuk Mono zvuk kombinuje ľavý a pravý stereo kanál do mono signálu, ktorý je potom prehrávaný v oboch kanáloch. Vyváženie mono signálu môžete pre dosiahnutie vyššej hlasitosti vpravo alebo vľavo upraviť. Zapnutie a vypnutie funkcie Mono zvuk a úprava vyváženia zvuku:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Mono zvuk. Načúvacie prístroje Načúvacie prístroje určené na používanie s iPhonom Ak máte načúvací prístroj určený na používanie s iPhonom (bývajú označené logom „Made for iPhone“ a sú dostupné pre iPhone 4S alebo novšie modely), môžete upraviť jeho nastavenia priamo na iPhone. Úprava nastavení načúvacieho prístroja:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Načúvacie prístroje alebo nastavte trojité stlačenie tlačidla Domov na otváranie ovládania načúvacieho prístroja. Viac v časti Trojité stlačenie tlačidla Domov na strane 129. Kompatibilita s načúvacími prístrojmi Agentúra FCC upravila pravidlá kompatibility načúvacích prístrojov (Hearing Aid Compatibility - HAC) pre digitálne bezdrôtové telefóny. Tieto pravidlá vyžadujú testovanie a hodnotenie vybraných telefónov podľa štandardov American National Standard Institute (ANSI) C63.19- 2007, ktoré sú stanovené pre kompatibilitu s načúvacími prístrojmi. ANSI štandard pre kompatibilitu s načúvacími prístrojmi obsahuje dva typy hodnotení: • Hodnotenie „M“ pre obmedzené rádiofrekvenčné rušenie umožňujúce akustické prepojenie s načúvacími prístrojmi, ktoré nepracujú v režime telecoil. • Hodnotenie „T“ pre indukčné prepojenie s načúvacími prístrojmi, ktoré pracujú v režime telecoil. Hodnotenie prebieha na stupnici od jedna do štyri, kde štyri znamená najväčšiu kompatibilitu. Podľa pravidiel FCC sa telefón považuje za kompatibilný, ak dosiahol hodnotenie M3 alebo M4 pri akustickom spojení a T3 alebo T4 pri indukčnom spojení. Informácie o aktuálnom hodnotení kompatibility iPhonu s načúvacími prístrojmi nájdete na adrese www.apple.com/support/hac.Kapitola 32 Prístupnosť 132 Tieto hodnotenia však nezaručujú, že bude konkrétny model telefónu spolupracovať s konkrétnym načúvacím zariadením. Niektoré načúvacie zariadenia fungujú dobre aj s telefónmi, ktoré nespĺňajú konkrétne hodnotenia. Ak si chcete byť istý kompatibilitou telefónu a načúvacieho prístroja, skúste ich pred zakúpením otestovať. Tento iPhone bol testovaný a hodnotený na používanie s načúvacími prístrojmi pre niektoré z bezdrôtových technológií, ktoré používa. Napriek tomu môže tento telefón využívať novšie bezdrôtové technológie, ktoré zatiaľ neboli testované na používanie s načúvacími prístrojmi. Je dôležité dôkladne si vyskúšať rôzne funkcie tohto telefónu na rôznych miestach s vaším načúvacím prístrojom alebo kochleárnym implantátom a zistiť, či nedochádza k rušeniu. Informácie o kompatibilite načúvacích prístrojov zistíte u svojho poskytovateľa služby alebo priamo u Apple. Otázky týkajúce sa vrátenia alebo výmeny tovaru konzultujte so svojím poskytovateľom služby alebo predajcom telefónu. Režim načúvací prístroj iPhone 4 obsahuje režim Načúvací prístroj, ktorý môže po aktivácii znížiť rušenie niektorých typov načúvacích prístrojov. Režim načúvací prístroj obmedzuje výkon mobilného vysielača v pásme GSM 1900, čo môže mať za následok zníženú silu mobilného 2G signálu. Aktivovanie režimu Načúvací prístroj:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Načúvacie prístroje. Priraditeľné zvonenia a vibrácie Jednotlivým ľuďom z vášho zoznamu kontaktov môžete priradiť špecifické zvonenia, takže ich bude možné identifikovať podľa zvuku. Môžete si tiež vytvoriť špecifické vibrovania pre hlásenia jednotlivých aplikácií, telefónne hovory, FaceTime hovory alebo správy od špecifických kontaktov.Vlastné vibrovania vás tiež môžu upozorniť na ďalšie udalosti, ako napríklad nový odkaz, odoslanie emailu, Tweetu, príspevku na Facebook alebo na pripomienku. Vyberte si niektoré z existujúcich vibrovaní, prípadne si vytvorte nové. Viac v časti Zvuky na strane 145. Zvonenia si môžete zakúpiť v iTunes Store na vašom iPhone. Viac v časti kapitola 22, iTunes Store, na strane 98. Upozorňovanie bleskom Ak nepočujete zvuky oznamujúce prichádzajúce hovory a ďalšie upozornenia, môžete nastaviť iPhone tak, aby vás na ne upozorňoval pomocou LED blesku (nachádza sa vedľa fotoaparátu v zadnej časti iPhonu). Upozorňovanie bleskom funguje iba ak je iPhone zamknutý alebo v režime spánku. Táto funkcia je dostupná len na iPhone 4 a novších modeloch. Zapnutie funkcie upozorňovanie bleskom:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Upozorňovať bleskom. Asistovaný prístup Asistovaný prístup vám môže pomôcť sústrediť sa počas používania iPhonu na konkrétnu úlohu. Asistovaný prístup obmedzí používanie iPhonu na jedinú aplikáciu a umožňuje vám kontrolovať dostupnosť funkcií aplikácie. Asistovaný prístup môžete využiť na: • Dočasné obmedzenie iPhonu na konkrétnu aplikáciu • Zakázanie oblastí na obrazovke, ktoré nie sú dôležité pre vykonávanie danej úlohy alebo oblastí, v ktorých nebude vykonávať žiadne gestá • Zakázanie hardvérových tlačidiel iPhonuKapitola 32 Prístupnosť 133 Používanie Asistovaného prístupu:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > Asistovaný prístup a môžete: • Zapnúť alebo vypnúť Asistovaný prístup • Nastaviť heslo určené na ovládanie Asistovaného prístupu a zabrániť tak užívateľom v opustení aktívnej relácie • Nastaviť, či môže iPhone počas aktívnej relácie zaspať Spustenie Asistovaného prístupu:  Otvorte aplikáciu, ktorá má byť spustená a trikrát stlačte tlačidlo Domov. Upravte nastavenia relácie a kliknite na Spustiť. • Zakázanie ovládacích prvkov aplikácie a oblastí na obrazovke:  Zakrúžkujte tie časti obrazovky, ktoré chcete zakázať. Veľkosť oblastí môžete upraviť pomocou rukovätí. • Ignorovanie všetkých dotykov na obrazovke:  Vypnite Dotyk. • Zabránenie otáčania obrazovky alebo reagovania na iné pohyby:  Vypnite Pohyb. Ukončenie Asistovaného prístupu:  Trikrát stlačte tlačidlo Domov a zadajte heslo pre Asistovaný prístup. AssistiveTouch Funkcia AssistiveTouch vám uľahčuje používanie iPhonu v prípade, že máte problémy so stláčaním tlačidiel alebo ovládaním dotykovej obrazovky. iPhone môžete ovládať pomocou funkcie AssistiveTouch spolu s kompatibilným adaptívnym príslušenstvom (ako je napríklad joystick). Funkciu AssistiveTouch môžete používať na uľahčenie vykonávania ťažkých gest aj bez použitia príslušenstva. Zapnutie funkcie AssistiveTouch:  Prejdite do Nastavenia > Všeobecné > Prístupnosť > AssistiveTouch. Zapínanie a vypínanie funkcie AssistiveTouch môžete priradiť aj trojitému stlačeniu tlačidla Domov. Prejdite do Nastavenia > Všeobecné > Prístupnosť > Trojité stlačenie Domov. Úprava rýchlosti pohybu (s pripojeným príslušenstvom):  Nastavenia > Všeobecné > Prístupnosť > AssistiveTouch > Rýchlosť dotyku. Zobrazenie a skrytie menu funkcie AssistiveTouch:  Kliknite na sekundárne tlačidlo na vašom príslušenstve. Presunutie tlačidla menu:  Potiahnite ho na ľubovoľný okraj obrazovky. Skrytie tlačidla menu (s pripojeným príslušenstvom):  Prejdite do Nastavenia > Všeobecné > Prístupnosť > AssistiveTouch > Vždy zobraziť menu. Vykonanie potiahnutie alebo ťahania, ktoré vyžaduje 2, 3, 4 alebo 5 prstov:  Klepnite na tlačidlo menu, klepnite na Gestá a potom klepnite na počet prstov potrebných na vykonanie gesta. Po tom, čo sa na obrazovke zobrazia kruhy (ich počet zodpovedá počtu prstov), potiahnite prsty v smere vyžadovanom gestom. Po skončení klepnite na tlačidlo menu. Vykonanie gesta priblíženia alebo oddialenia dvoch prstov:  Klepnite na tlačidlo Menu, klepnite na Obľúbené a potom klepnite na Zovrieť. Na obrazovke sa zobrazia kruhy pre vykonanie gesta zovrieť. Klepnutím kdekoľvek na obrazovke presuniete tieto kruhy na dané miesto. Potiahnutím kruhov vykonáte gesto určené na zmenšovanie alebo zväčšovanie. Po skončení klepnite na tlačidlo menu. Vytvorenie vlastného gesta:  Klepnite na tlačidlo Menu, klepnite na Obľúbené a potom klepnite na kontajner bez gesta. Prípadne prejdite do Nastavenia > Všeobecné > Prístupnosť > AssistiveTouch > Vytvoriť nové gesto.Kapitola 32 Prístupnosť 134 Odomknutie alebo otočenie displeja, úprava hlasitosti iPhonu alebo simulácia zatrasenia iPhonom:  Klepnite na tlačidlo menu a potom klepnite na Zariadenie. Simulácia stlačenia tlačidla Domov:  Klepnite na tlačidlo menu a potom klepnite na Domov. Opustenie menu bez vykonania gesta:  Klepnite kdekoľvek mimo menu. Prístupnosť v OS X Pri používaní iTunes na synchronizáciu informácií a obsahu svojej knižnice iTunes s iPhonom, využite funkcie služby Prístupnosť v OS X. V aplikácii Finder vyberte Pomocník > Centrum pomoci a potom vyhľadajte termín „prístupnosť“. Viac informácií o funkciách prístupnosti zariadenia iPhonu a systému OS X nájdete na adrese www.apple.com/accessibility. Podpora ďalekopisu - TTY Na pripojenie iPhonu k TTY prístroju môžete použiť adaptér iPhone TTY (dostupný osobitne v mnohých oblastiach). Navštívte www.apple.com/store (služba nemusí byť dostupná vo všetkých oblastiach), alebo kontaktujte vášho lokálneho predajcu Apple. Pripojenie iPhonu k ďalekopisnému stroju:  Prejdite do Nastavenia > Telefón a zapnite možnosť TTY. Potom pripojte váš iPhone k TTY prístroju pomocou adaptéra iPhone TTY. Ak je na iPhone zapnuté TTY, v stavovom riadku vo vrchnej časti obrazovky sa zobrazí ikona TTY . Pre viac informácií o používaní ďalekopisného stroja si pozrite k nemu priloženú dokumentáciu. Minimálna veľkosť písma emailových správ Ak chcete zlepšiť čitateľnosť textu emailov, nastavte minimálnu veľkosť písma v aplikácii Mail na Veľké, Extra veľké alebo Obrovské. Nastavenie minimálnej veľkosti písma emailových správ:  Prejdite do Nastavenia > Mail, kontakty, kalendáre > Veľkosť písma. Veľkosť písma nastavená pomocou funkcie Veľký text anuluje toto nastavenie. Priraditeľné zvonenia Jednotlivým ľuďom z vášho zoznamu kontaktov môžete priradiť špecifické zvonenia, takže ich bude možné identifikovať podľa zvuku. Zvonenia si môžete zakúpiť v iTunes Store na vašom iPhone. Viac v časti kapitola 22, iTunes Store, na strane 98. Visual Voicemail (vizuálna odkazová schránka) Ovládacie prvky pre prehrávanie a pozastavenie prehrávania odkazu v službe „Visual Voicemail“ vám umožňujú ovládať prehrávanie správ. Potiahnutím posuvníka na indikátore priebehu prehrávania môžete opakovane prehrať tú časť správy, ktorá vám nie je zrozumiteľná. Viac v časti Visual Voicemail (vizuálna odkazová schránka) na strane 50.Kapitola 32 Prístupnosť 135 Klávesnica orientovaná na šírku Množstvo aplikácií, vrátane aplikácií Mail, Safari, Správy, Poznámky a Kontakty, vám umožňujú otočiť iPhone počas písania, takže môžete používať väčšiu klávesnicu. Veľká klávesnica telefónu Telefonujte jednoduchým klepnutím na položky v zozname kontaktov a obľúbených položiek. Vytáčanie čísel vám uľahčí veľká numerická klávesnica na iPhone. Viac v časti Telefonické hovory na strane 46. Ovládanie hlasom Ovládanie hlasom vám umožňuje uskutočňovať telefónne hovory a ovládať prehrávanie hudby pomocou hlasových príkazov. Viac v časti Vykonávanie hovorov na strane 46 a Siri a Ovládanie hlasom na strane 65. Skryté titulky Zapnutie skrytých titulkov vo videách:  Prejdite do Nastavenia > Videá > Skryté titulky. Nie všetky videá obsahujú skryté titulky.33 136 Aplikácia Nastavenia vám umožňuje konfigurovať iPhone, nastavovať možnosti aplikácií, pridávať účty a meniť ďalšie nastavenia. Informácie týkajúce sa nastavovania vstavaných aplikácií nájdete v ďalších kapitolách. Napríklad informácie o nastaveniach Safari nájdete v časti kapitola 7, Safari, na strane 58. Režim lietadlo Režim lietadlo deaktivuje všetky bezdrôtové funkcie kvôli zníženiu možných interferencií s prístrojmi lietadla a iným elektronickým vybavením. Aktivácia režimu lietadlo:  Prejdite do aplikácie Nastavenia a zapnite Režim lietadlo. Ak je režim lietadlo spustený, v stavovom riadku vo vrchnej časti obrazovky sa zobrazí symbol . iPhone nevysiela žiadny telefonický, rádiový, Wi-Fi ani Bluetooth signál a príjem GPS je vypnutý. Nebude možné používať aplikácie ani funkcie, ktoré sú závislé na týchto signáloch (napríklad pripájať sa na internet, vykonávať a prijímať telefonické hovory, odosielať a prijímať textové správy, získavať správy visual voicemail a ďalšie). Ak je to povolené leteckou spoločnosťou a platnými zákonmi a nariadeniami, môžete na iPhone používať aplikácie, ktoré nevyžadujú tieto signály. Ak je dostupná Wi-Fi sieť, je to povolené leteckým operátorom a platnými zákonmi a nariadeniami, môžete prejsť do Nastavenia > Wi-Fi a zapnúť Wi-Fi. Môžete tiež zapnúť Bluetooth v Nastavenia > Bluetooth. Wi-Fi Pripájanie k Wi-Fi sieťam Nastavenia Wi-Fi slúžia na pripojenie zariadenia iPhone na internet pomocou lokálnych Wi-Fi sietí. Keď je iPhone pripojený k Wi-Fi sieti, zobrazuje ikona Wi-Fi  v stavovom riadku vo vrchnej časti obrazovky intenzitu Wi-Fi signálu. Čím viac paličiek vidíte, tým je signál silnejší. Ak nie sú v oblasti dostupné žiadne Wi-Fi siete, alebo ak je Wi-Fi vypnuté, iPhone sa pripojí na internet prostredníctvom vašej mobilnej dátovej siete (v prípade, že je dostupná). Po pripojení k Wi-Fi sieti sa iPhone bude k tejto sieti pripájať vždy, keď bude v jej dosahu. Ak je v dosahu viac než jedna už použitá sieť, iPhone sa pripojí k tej, ktorá bola použitá naposledy. iPhone môžete použiť aj na nastavenie novej základne AirPort, ktorá poskytuje Wi-Fi služby ďalším zariadeniam doma alebo v kancelárii. Viac v časti Nastavenie základne AirPort na strane 137. NastaveniaKapitola 33 Nastavenia 137 Zapnutie alebo vypnutie Wi-Fi:  Prejdite do Nastavenia > Wi-Fi. Môžete vykonať nasledovné: • Nastaviť iPhone tak, aby vyžadoval vaše potvrdenie pri pripájaní sa k novej sieti:  Zapnite alebo vypnite možnosť „Potvrdiť pripojenie“. Ak je možnosť „Potvrdiť pripojenie“ vypnutá a posledná použitá sieť nie je v dosahu, musíte sa pre pripojenie na internet pripojiť k sieti Wi-Fi manuálne. • Odstrániť už použitú sieť, takže iPhone sa k nej viac nebude pripájať:  Klepnite na  vedľa siete, ku ktorej ste už boli pripojení. Potom klepnite na Odstrániť zo zoznamu. • Pripojiť sa k uzavretej Wi-Fi sieti:  V zozname názvov sietí klepnite na Iné a zadajte názov uzavretej siete. Pri prihlasovaní sa k uzavretej sieti musíte vopred poznať názov siete, heslo a typ zabezpečenia danej siete. • Upraviť nastavenia pre pripájanie k Wi-Fi sieti:  Klepnite na vedľa siete. Môžete nastaviť HTTP proxy, definovať nastavenia statickej siete, zapnúť BootP alebo obnoviť nastavenia, ktoré poskytuje DHCP server. Nastavenie základne AirPort Základňa AirPort poskytuje Wi-Fi pripojenie k sieti u vás doma, v škole alebo vo vašej firme. iPhone môžete použiť na nastavenie novej základne AirPort Express, AirPort Extreme alebo Time Capsule. Použitie Sprievodcu nastavením AirPortu:  Prejdite do Nastavenia > Wi-Fi. V časti „Nastaviť základňu AirPort“ klepnite na názov základne, ktorú chcete nastaviť. Potom sa riaďte inštrukciami na obrazovke. Ak základňa, ktorú chcete nastaviť, nie je uvedená v zozname, uistite sa, že je pripojená k zdroju napájania, že ste v jej dosahu a že zatiaľ nebola nakonfigurovaná. Nastaviť môžete len nové základne alebo základne, ktoré boli resetované. Niektoré staršie typy základní nie je možné nastaviť pomocou iOS zariadenia. Informácie týkajúce sa nastavenia nájdete v dokumentácii dodanej so zariadením. Spravovanie siete AirPort:  Ak je iPhone pripojený k základni AirPort, klepnite na vedľa názvu siete. Ak ešte nemáte stiahnutú aplikáciu AirPort utilita, otvorí sa obchod App Store, kde si ju môžete stiahnuť. Bluetooth iPhone sa môže bezdrôtovo spájať s inými Bluetooth zariadeniami, ako sú napríklad náhlavné sady a slúchadlá s mikrofónom alebo sady do áut určené na počúvanie hudby a hands-free telefonovanie. Prostredníctvom Bluetooth môžete tiež pripojiť bezdrôtovú Apple klávesnicu. Viac v časti Bezdrôtová Apple klávesnica na strane 27. Vypnutie alebo zapnutie Bluetooth:  Prejdite do Nastavenia > Bluetooth. Pripojenie k Bluetooth zariadeniu:  V zozname Zariadenia klepnite na zariadenie a pomocou inštrukcií na obrazovke sa k nemu pripojte. Informácie týkajúce sa párovania Bluetooth zariadenia nájdete v dokumentácii, ktorá sa dodáva so zariadením. VPN Vaša organizácia môže používať VPN na bezpečný prenos súkromných informácií cez verejnú sieť. VPN je potrebné nastaviť napríklad vtedy, ak chcete pristupovať k svojim pracovným emailom. Toto nastavenie sa zobrazí, ak máte na svojom iPhone nakonfigurované pripojenie k VPN (virtuálna privátna sieť). Nastavenie vám umožňuje zapnúť alebo vypnúť VPN. Viac v časti Mobilné na strane 141.Kapitola 33 Nastavenia 138 Zdieľanie internetu Zdieľanie internetu (iPhone 4 novšie modely) môžete použiť na zdieľanie internetového pripojenia s iným počítačom alebo zariadením (iPod touch, iPad alebo iný iPhone), ktoré je pripojené k vášmu iPhonu cez Wi-Fi. Pomocou zdieľania internetu môžete zdieľať internetové pripojenie aj s počítačom, ktorý je pripojený k vášmu iPhonu cez Bluetooth alebo USB. Zdieľanie internetu funguje len v prípade, že je iPhone pripojený na internet prostredníctvom mobilnej dátovej siete. Poznámka:  Táto funkcia nemusí byť dostupná vo všetkých oblastiach. Služba môže byť spoplatnená. Pre viac informácií kontaktujte svojho operátora. Zdieľanie internetového pripojenia:  Prejdite do Nastavenia > Všeobecné > Mobilné a klepnite na Nastaviť zdieľanie internetu (ak sa táto možnosť zobrazí) pre nastavenie tejto služby u svojho operátora. Po zapnutí zdieľania internetu sa môžu nasledovnými spôsobmi pripájať ďalšie zariadenia: • Wi-Fi:  Na zariadení vyberte v zozname dostupných Wi-Fi sietí váš iPhone. • USB:  Pripojte iPhone k svojmu počítaču pomocou priloženého kábla. V nastaveniach siete svojho počítača vyberte iPhone a upravte nastavenia siete. • Bluetooth:  Na iPhone prejdite do Nastavenia > Bluetooth a zapnite Bluetooth. Informácie o spárovaní a prepojení iPhonu s vaším počítačom nájdete v dokumentácii dodanej s počítačom. Ak je zariadenie pripojené, zobrazí sa v hornej časti obrazovky iPhonu modrý pás. Zdieľanie internetu prostredníctvom USB zostáva zapnuté, aj keď ho aktívne nepoužívate. Poznámka:  V stavovom riadku iOS zariadení, ktoré využívajú zdieľanie internetu, sa zobrazí ikona zdieľania internetu . Zmena hesla Wi-Fi pre iPhone:  Prejdite do Nastavenia > Zdieľanie internetu > Heslo Wi-Fi a potom zadajte heslo s dĺžkou minimálne 8 znakov. Monitorovanie využívania mobilnej dátovej siete:  Prejdite do Nastavenia > Všeobecné > Štatistiky > Mobilné používanie. Funkcia Nerušiť a hlásenia Hlásenia typu „push“ sa zobrazujú v centre hlásení a upozorňujú vás na nové informácie aj vtedy, ak nie je spustená príslušná aplikácia. Hlásenia závisia od aplikácie a môžu obsahovať textové alebo zvukové upozornenia, prípadne odznak s číslom na ikone aplikácie na ploche. Vypnutie všetkých hlásení:  Prejdite do aplikácie Nastavenia a zapnite funkciu Nerušiť. Ak je táto funkcia zapnutá a iPhone je zamknutý, budú stíšené všetky hlásenia a hovory, no budíky sa budú naďalej prehrávať. V časti Nastavenia > Hlásenia > Nerušiť môžete upraviť nasledovné možnosti: • Automatické zapínanie funkcie Nerušiť:  Nastavte si začiatok a koniec časti dňa, kedy nechcete byť rušení. Počas týchto hodín iPhone zapne funkciu Nerušiť. • Povolenie hovorov z vybraných čísiel v čase, kedy nechcete byť rušení:  Ak je zapnutá funkcia Nerušiť, sú hovory automaticky odosielané do odkazovača. Ak chcete povoliť zvonenie pri hovoroch z vybraných čísiel, klepnite na Povoliť hovory od. Môžete povoliť hovory zo zoznamu Obľúbené alebo z inej skupiny kontaktov. Informácie o Obľúbených nájdete v časti kapitola 25, Kontakty, na strane 104.Kapitola 33 Nastavenia 139 • Povolenie zvonenia opakovaných hovorov:  Zapnite Opakované hovory. Ak rovnaký volajúci (podľa ID volajúceho) zavolá dvakrát v priebehu troch minút, bude iPhone zvoniť. Zapínanie alebo vypínanie hlásení aplikácií:  Prejdite do Nastavenia > Hlásenia. Klepnite na položku v zozname a potom pre ňu zapnite alebo vypnite hlásenia. Aplikácie, ktoré majú vypnuté hlásenia, sa zobrazia v zozname Nie v centre hlásení. Zmena zobrazenia hlásení:  Prejdite do Nastavenia > Hlásenia. Môžete vykonať nasledovné: • Zmeniť počet hlásení:  V zozname centra hlásení vyberte danú položku. Ak chcete nastaviť počet hlásení tohto typu, ktoré sa zobrazia v centre hlásení, klepnite na Zobraziť. • Zmeniť štýl upozornenia:  V zozname centra hlásení vyberte danú položku. Vyberte štýl upozornenia alebo výberom možnosti Žiadne vypnite upozornenia a bannery. Hlásenia sa prestanú zobrazovať v Centre hlásení. • Zmeniť poradie hlásení:  Klepnite na Upraviť. Ťahaním upravte hlásenia do želaného poradia. Ak chcete vypnúť hlásenie, potiahnite ho do zoznamu Nie v centre hlásení. • Zobrazovať odznaky s číslami na ikonách aplikácií s hlásením:  Vyberte položku v zozname V centre hlásení a zapnite možnosť Odznak na aplikácii. • Skryť upozornenia aplikácie ak je iPhone zamknutý:  Vyberte aplikáciu v zozname V centre hlásení a vypnite možnosť Na zamknutej ploche. Niektoré aplikácie obsahujú aj ďalšie možnosti. Napríklad aplikácia Správy vám umožňuje špecifikovať počet opakovaní zvuku upozornenia a to, či majú hlásenia obsahovať aj náhľad správy. Odstránenie príspevkov na Facebooku a Tweetov z centra hlásení:  Tieto možnosti zdieľania sa zobrazia len ak máte nastavený Facebook alebo Twitter účet. Ak chcete odstrániť tieto tlačidlá, prejdite do Nastavenia > Hlásenia a vypnite možnosť Widget zdieľanie. Zobrazenie vládnych upozornení v centre hlásení:  V zozname Government Alerts si vyberte upozornenia, ktoré sa majú zobrazovať. Tieto upozornenia nie sú dostupné vo všetkých oblastiach, líšia sa v závislosti od modelu iPhonu a vášho operátora a nemusia fungovať vo všetkých podmienkach. Napríklad v USA môžete na iPhone 4S a novších modeloch prijímať prezidentské upozornenia a môžete zapínať a vypínať AMBER upozornenia a Emergency upozornenia. V Japonsku môžete na iPhone 4 a novších modeloch prijímať upozornenia na zemetrasenia od japonskej meteorologickej služby. Operátor Toto nastavenie sa zobrazí v GSM sieťach v prípade, že ste mimo dosahu siete svojho mobilného operátora a v oblasti sú dostupné iné dátové siete, ktoré je možné použiť na telefonovanie, službu „Visual Voicemail“ a pripojenie na internet cez mobilnú dátovú sieť. Telefonovať môžete len u tých operátorov, ktorí majú s vaším operátorom uzatvorenú roamingovú zmluvu. Služba môže byť spoplatnená. Roamingové poplatky vám môžu byť vyúčtované prostredníctvom vášho operátora. Výber operátora:  Prejdite do Nastavenia > Operátor a vyberte sieť, ktorú chcete používať. Akonáhle vyberiete sieť, bude iPhone používať už len túto sieť. Ak vybraná sieť nie je dostupná, zobrazí sa na obrazovke zariadenia iPhone nápis „Žiadna sieť“.Kapitola 33 Nastavenia 140 Všeobecné Všeobecné nastavenia obsahujú nastavenia siete, zdieľania, bezpečnosti a ďalšie nastavenia. Môžete tu tiež nájsť informácie o iPhone a resetovať rôzne nastavenia zariadenia iPhone Informácie Zobrazenie informácií o iPhone:  Prejdite do Nastavenia > Všeobecné > Informácie. Položky, ktoré si môžete prezerať zahŕňajú: • Dostupné úložné miesto • Sériové číslo • Verzia iOS • Sieťová adresa • IMEI (International Mobile Equipment Identity) • ICCID (Integrated Circuit Card Identifier alebo Smart Card) pre GSM siete • MEID (Mobile Equipment Identifier) pre CDMA siete • Právne informácie, licenciu a normy. Ak chcete kopírovať sériové číslo alebo iný identifikátor, podržte na ňom prst, až kým sa nezobrazí Kopírovať. Zmena názvu zariadenia:  Prejdite do Nastavenia > Všeobecné > Informácie a potom klepnite na Názov. Názov zariadenia sa zobrazí v postrannom paneli iTunes po pripojení k iTunes a zároveň ho používa iCloud. iPhone odosiela diagnostické informácie a informácie týkajúce sa používania za účelom vylepšovania Apple produktov a služieb. Tieto dáta neobsahujú žiadne osobné informácie, no môžu obsahovať informácie o polohe. Prezeranie alebo vypnutie diagnostických informácií:  Prejdite do Nastavenia > Všeobecné > Informácie > Diagnostika a používanie. Aktualizácia softvéru Aktualizácia softvéru vám umožňuje sťahovať a inštalovať aktualizácie iOS od spoločnosti Apple. Aktualizácia na najnovšiu verziu:  Prejdite do Nastavenia > Všeobecné > Aktualizácia softvéru. Ak je dostupná novšia verzia iOS, riaďte sa počas jej sťahovania a inštalácie inštrukciami na obrazovke. Štatistiky používania Zobrazenie informácií o používaní:  Prejdite do Nastavenia > Všeobecné > Štatistiky. Môžete vykonať nasledovné: • Zobraziť používanie mobilnej siete a resetovať štatistiky • Zobraziť a vymazať zálohy v iCloude, vypnúť zálohovanie albumu Fotoaparát a dokupovať ďalší úložný priestor • Prezerať si úložný priestor každej aplikácie • Zobraziť úroveň nabitia batérie v percentách • Zobraziť čas, ktorý uplynul od nabitia iPhonuKapitola 33 Nastavenia 141 Siri Povolenie Siri:  Prejdite do Nastavenia > Všeobecné > Siri. Viac informácií o používaní Siri a zmene nastavení nájdete v časti Nastavenie možností Siri na strane 43. Mobilné Pomocou nastavení v časti Mobilné môžete zapínať a vypínať mobilné dáta a roaming, nastaviť zdieľanie internetu a nastaviť možnosti mobilných dát. Ak sa niektorá aplikácia potrebuje pripojiť na internet, iPhone vykoná postupne nasledovné úkony, až kým nepripojí: • Pripojí sa prostredníctvom naposledy použitej dostupnej Wi-Fi siete. • Zobrazí zoznam Wi-Fi sietí v dosahu a pripojí sa prostredníctvom siete, ktorú vyberiete. • Pripojí sa prostredníctvom mobilnej dátovej siete (ak je dostupná). Ak je iPhone pripojený na internet prostredníctvom mobilnej dátovej siete, zobrazí sa v stavovom riadku ikona , , , alebo . Mobilné siete LTE, 4G a 3G v sieti GSM podporujú simultánnu hlasovú a dátovú komunikáciu. Ak ste pripojení k inému typu mobilnej siete, nemôžete telefonovať a zároveň používať internetové služby, pokiaľ iPhone nie je pripojený na internet prostredníctvom Wi-Fi. V závislosti od pripojenia k sieti je možné, že nebudete môcť prijímať telefónne hovory, kým iPhone prenáša dáta cez mobilnú sieť — napríklad počas sťahovania webovej stránky. GSM siete:  S pripojením EDGE alebo GPRS môžu byť hovory počas dátových prenosov presmerované priamo do odkazovej schránky. Dátové prenosy budú pozastavené počas hovorov, na ktoré sa rozhodnete odpovedať. CDMA siete:  S pripojením EV-DO sú pri odpovedaní na prichádzajúce hovory dátové prenosy pozastavené. S 1xRTT pripojením môžu byť hovory počas dátových prenosov presmerované priamo do odkazovej schránky. Dátové prenosy budú pozastavené počas hovorov, na ktoré sa rozhodnete odpovedať. Dátové prenosy budú pokračovať po ukončení hovoru. Ak sú vypnuté mobilné dáta, všetky dátové služby budú používať len Wi-Fi — vrátane emailu, prezerania webových stránok, push hlásení a ďalších služieb. Ak sú zapnuté mobilné dáta, môže byť prenos dát v sieti operátora spoplatnený. Napríklad niektoré funkcie a služby, ako Siri alebo iMessage, prenášajú dáta a využívanie týchto funkcií a služieb môže ovplyvniť výšku poplatkov za dátový program. Vypnutie a zapnutie Mobilných dát:  Prejdite do Nastavenia > Všeobecné > Mobilné a vypnite alebo zapnite Mobilné dáta. Dostupné môžu byť aj nasledovné možnosti: • Zapnutie alebo vypnutie hlasového roamingu (CDMA):  Ak sa chcete vyhnúť poplatkom za používanie sietí iných operátorov, vypnite hlasový roaming. Ak nie je dostupná sieť vášho operátora, iPhone nebude poskytovať mobilné (hlasové alebo dátové) služby. • Zapnutie alebo vypnutie dátového roamingu:  Dátový roaming umožňuje prístup na internet cez mobilnú dátovú sieť v prípade, že sa nenachádzate v dosahu siete vášho mobilného operátora. Keď cestujete a chcete sa vyhnúť neočakávaným poplatkom za dátový roaming, vypnite túto funkciu. Viac v časti Operátor na strane 139.Kapitola 33 Nastavenia 142 • Zapnutie alebo vypnutie siete 3G:  Používanie siete 3G načíta v niektorých prípadoch internetové údaje rýchlejšie, ale môže skrátiť výdrž batérie. Ak veľa telefonujete, môžete sieť 3G vypnúť a predĺžiť tak výdrž batérie. Táto možnosť nie je dostupná vo všetkých oblastiach. Nastavenie zdieľania internetu:  Prejdite do Nastavenia > Všeobecné > Mobilné > Nastaviť zdieľanie internetu. Zdieľanie internetu zdieľa internetové pripojenie iPhonu s vašim počítačom a iOS zariadeniami. Viac v časti Zdieľanie internetu na strane 138. Nastavenie používania mobilných dát:  Prejdite do Nastavenia > Všeobecné > Mobilné a zapnite alebo vypnite mobilné dáta pre iCloud Dokumenty, iTunes, FaceTime, aktualizácie Passbooku alebo zoznam Na prečítanie. Ak sú tieto nastavenia vypnuté, iPhone bude používať len Wi-Fi. iTunes zahŕňa službu iTunes Match aj automatické sťahovania z obchodov iTunes Store a App Store. VPN Siete typu VPN sa používajú v mnohých organizáciách a umožňujú bezpečný prenos súkromných informácií cez verejnú sieť. VPN je potrebné nastaviť napríklad vtedy, ak chcete pristupovať k svojim pracovným emailom. Informácie o nastaveniach VPN siete získate u svojho správcu siete. Po nastavení jedného alebo viacerých VPN pripojení môžete: • Vypnúť alebo zapnúť VPN:  Prejdite do Nastavenia > VPN. • Prepínať medzi jednotlivými VPN:  Prejdite do Nastavenia > Všeobecné > VPN a vyberte konfiguráciu. Viac v časti Príloha A, iPhone ako pracovný nástroj, na strane 148. Wi-Fi synch. s iTunes iPhone môžete synchronizovať s iTunes na počítači, ktorý je pripojený k rovnakej Wi-Fi sieti. Povolenie funkcie Wi-Fi synch. s iTunes:  Ak nastavujete synchronizáciu prostredníctvom Wi-Fi prvý krát, pripojte iPhone k počítaču, s ktorým ho chcete synchronizovať. Inštrukcie nájdete v časti Synchronizácia s iTunes na strane 17. Po nastavení synchronizácie prostredníctvom Wi-Fi sa bude iPhone automaticky synchronizovať s iTunes raz denne, po splnení nasledovných podmienok: • iPhone je pripojený k zdroju napájania, • iPhone a váš počítač sú pripojené k rovnakej bezdrôtovej sieti • a na vašom počítači je spustená aplikácia iTunes. Vyhľadávanie Spotlight V nastaveniach vyhľadávania Spotlight môžete určiť obsah, ktorý bude prehľadávaný a meniť usporiadanie výsledkov vyhľadávania. Nastavenie obsahu, v ktorom prebehne vyhľadávanie:  Prejdite do Nastavenia > Všeobecné > Spotlight vyhľadávanie a potom vyberte položky, ktoré chcete prehľadávať. Takisto môžete zmeniť poradie výsledných kategórií. Uzamykanie Keď sa iPhone zamkne, znamená to, že sa kvôli úspore batérie a kvôli prevencii pred nechcenou manipuláciou vypne displej zariadenia iPhone. Aj v tomto stave môžete prijímať hovory a textové správy, nastavovať hlasitosť a používať tlačidlo mikrofónu na náhlavnej sade počas počúvania hudby alebo počas hovoru. Nastavenie času, po uplynutí ktorého sa iPhone zamkne:  Prejdite do Nastavenia > Všeobecné > Uzamykanie a vyberte čas.Kapitola 33 Nastavenia 143 Uzamykanie heslom iPhone je spočiatku nastavený tak, aby pre odomknutie nevyžadoval zadanie hesla. Nastavenie hesla:  Prejdite do Nastavenia > Všeobecné > Uzamykanie heslom a nastavte 4-miestne heslo. Ak chcete zvýšiť úroveň bezpečnosti, vypnite Jednoduché heslo a použite dlhšie heslo. Ak zabudnete heslo, budete musieť obnoviť softvér svojho zariadenia iPhone. Viac v časti Aktualizácia a obnova softvéru na zariadení iPhone na strane 159. Povolenie prístupu, keď je iPhone zamknutý:  Prejdite do Nastavenia > Všeobecné > Uzamykanie heslom. Bez odomykania iPhonu môžete používať nasledovné: • Siri (Viac v časti Nastavenie možností Siri na strane 43.) • Hlasové vytáčanie (Toto nastavenie je dostupné, iba ak je Siri vypnuté.) • Odpovedať správou (Viac v časti Prijímanie hovorov na strane 47.) • Passbook (Viac v časti kapitola 16, Passbook, na strane 88.) Vymazanie dát po desiatich neúspešných pokusoch o zadanie hesla:  Prejdite do Nastavenia > Všeobecné > Uzamykanie heslom a potom klepnite na Vymazať dáta. Po desiatich neúspešných pokusoch o zadanie hesla budú resetované všetky nastavenia. Všetky vaše informácie a médiá budú vymazané odstránením šifrovacieho kľúča (šifrované použitím 256-bitového AES šifrovania). Obmedzenia Môžete nastaviť obmedzenia niektorých aplikácií a zakúpeného obsahu. Tieto nastavenia napríklad umožňujú rodičom obmedziť zobrazovanie mládeži neprístupného obsahu v playlistoch alebo zabrániť inštalácii aplikácií. Zapnutie obmedzení:  Prejdite do Nastavenia > Všeobecné > Obmedzenia a potom klepnite na Povoliť obmedzenia. Budete požiadaní o vytvorenie hesla pre obmedzenia. Vytvorenie hesla je nevyhnutné pre zapnutie obmedzení. Jedná sa o iné heslo než to, ktorým odomykáte iPhone. Dôležité:  Ak zabudnete heslo pre obmedzenia, budete musieť obnoviť softvér svojho zariadenia iPhone. Viac v časti Aktualizácia a obnova softvéru na zariadení iPhone na strane 159. Môžete nastaviť obmedzenia pre tieto aplikácie: • Safari • Kamera (ako aj aplikácií, ktoré používajú kameru) • FaceTime • iTunes Store • iBookstore • Siri (vrátane hlasových príkazov a diktovania) Môžete obmedziť nasledovné: • Inštalácia aplikácií:  Služba App Store je zakázaná a jej ikona odstránená z plochy. Nemôžete inštalovať aplikácie na iPhone. • Vymazávanie aplikácií:  Nemôžete vymazávať aplikácie zo zariadenia iPhone. sa pri úprave plochy nezobrazí na ikonách aplikácií. • Nevhodný jazyk:  Siri sa pokúsi nahradiť nevhodné slová, ktoré poviete, hviezdičkou a zvukom pípnutiaKapitola 33 Nastavenia 144 • Súkromie:  Aktuálne nastavenia súkromia pre lokalizačné služby, Kontakty, Kalendár, Pripomienky, Fotky, Bluetooth, zdieľanie, Twitter a Facebook môžete zamknúť. • Účty:  Aktuálne nastavenia Mail, kontakty, kalendáre sú zamknuté. Nemôžete pridávať, upravovať alebo vymazávať účty. Taktiež nie je možné upravovať nastavenia iCloudu. • Nájsť priateľov:  Aktuálne nastavenia pre Nájsť priateľov sú zamknuté. Táto možnosť je dostupná len ak je nainštalovaná aplikácia Nájsť priateľov. • Obmedzenie hlasitosti:  Aktuálne nastavenie obmedzenia hlasitosti je zamknuté. • Nakupovanie v apl.:  Keď je funkcia Nakupovanie v apl. vypnutá, nemôžete nakupovať dodatočný obsah alebo funkcie v aplikáciách stiahnutých z App Store. • Vyžadovať heslo:  Vyžaduje zadanie Apple ID pre nakupovanie v aplikáciách po uplynutí špecifikovaného času. • Obmedzenia obsahu:  Klepnite na Hodnotenie pre a zo zoznamu vyberte krajinu. Potom nastavte obmedzenia pre hudbu, podcasty, filmy, TV seriály a aplikácie. Obsah, ktorý nespĺňa vybrané hodnotenie sa na iPhone nezobrazí. • Hry pre viacerých hráčov:  Ak sú hry pre viacerých hráčov vypnuté, nie je možné odosielať žiadosti na hry, odosielať či prijímať pozvánky na hranie hier či pridávať priateľov v Game Center. • Pridávanie priateľov:  Ak je Pridávanie priateľov vypnuté, nemôžete v Game Center odosielať alebo prijímať priateľské žiadosti. Ak je Pridávanie priateľov zapnuté, môžete sa hrať s existujúcimi priateľmi. Dátum a čas Tieto nastavenia ovplyvňujú čas zobrazovaný v stavovom riadku vo vrchnej časti obrazovky, svetový čas a kalendáre. Prepínanie medzi 24-hodinovým a 12-hodinovým časom na iPhone:  Vyberte Nastavenia > Všeobecné > Dátum a čas a vypnite alebo zapnite 24-hodinový čas. (24-hodinový čas nemusí byť dostupný vo všetkých oblastiach.) Nastavenie automatickej aktualizácie dátumu a času na iPhone  Prejdite do Nastavenia > Všeobecné > Dátum a čas a vypnite alebo zapnite 24-hodinový čas. Ak ste nastavili zariadenie iPhone na automatické nastavovanie času, správny čas získava z mobilnej siete a aktualizuje ho podľa časového pásma, v ktorom sa momentálne nachádzate. Niektorí operátori nepodporujú funkciu času cez mobilnú sieť a preto v niektorých oblastiach iPhone nemusí dokázať automaticky zisťovať lokálny čas. Manuálne nastavenie dátumu a času:  Prejdite do Nastavenia > Všeobecné > Dátum a čas a vypnite možnosť Nastaviť automaticky. Klepnutím na časové pásmo nastavte časové pásmo. Klepnite na tlačidlo Dátum a čas a potom klepnite na Nastaviť dátum a čas. Klávesnica Môžete si zapnúť klávesnice pre zadávanie textu v rôznych jazykoch a ďalšie funkcie, ako je napríklad kontrola pravopisu. Viac informácií o klávesnici nájdete v časti Písanie na strane 24. Viac informácií o medzinárodných klávesniciach nájdete v časti Príloha B, Medzinárodné klávesnice, na strane 150.Kapitola 33 Nastavenia 145 Medzinárodné Prejdite do Nastavenia > Všeobecné > Medzinárodné a potom nastavte nasledovné: • Jazyk iPhonu. • Formát kalendára. • Jazyk pre funkciu Ovládanie hlasom. • Klávesnice, ktoré chcete používať. • Formát dátumu, času a telefónnych čísel. Prístupnosť Prejdite do Nastavenia > Všeobecné > Prístupnosť a zapnite požadované funkcie. Viac v časti kapitola 32, Prístupnosť, na strane 119. Profily Toto nastavenia sa zobrazí vtedy, ak na iPhone nainštalujete jeden alebo viac profilov. Klepnutím na Profily zobrazíte informácie o nainštalovaných profiloch. Viac informácií nájdete v časti Používanie konfiguračných profilov na strane 148. Resetovanie Resetovať môžete slovník klávesnice, nastavenia siete, rozloženie ikon na ploche a lokalizačné upozornenia. Môžete tiež vymazať všetok svoj obsah a nastavenia. Resetovanie zariadenia iPhone:  Prejdite do Nastavenia > Všeobecné > Resetovať a vyberte niektorú z možností: • Resetovať všetky nastavenia:  Všetky vaše nastavenia budú resetované na pôvodné. • Vymazanie celého obsahu a všetkých nastavení:  Budú vymazané všetky informácie a nastavenia. iPhone nebude možné používať pred jeho opätovným nastavením. • Resetovať nastavenia siete:  Ak resetujete nastavenia siete, dôjde k vymazaniu zoznamu známych sietí a tých nastavení VPN, ktoré neboli nainštalované pomocou konfiguračného profilu. Wi-Fi sa vypne a znovu zapne, pričom vás odpojí od akejkoľvek práve používanej siete. Wi-Fi a nastavenie „Potvrdiť pripojenie“ zostanú zapnuté. Ak chcete odstrániť nastavenia VPN nainštalované pomocou konfiguračného profilu, prejdite do Nastavenia > Všeobecné > Profil, klepnite na profil a potom na Odstrániť. Týmto tiež odstránite ďalšie nastavenia alebo účty poskytnuté profilom. • Resetovať slovník klávesnice:  Do slovníka klávesnice sú slová pridané v prípade, že odmietnete slová, ktoré vám iPhone pri písaní navrhuje. Resetovaním slovníka klávesnice vymažete všetky slová, ktoré doň boli pridané. • Resetovať rozloženie plochy:  Bude obnovené pôvodné rozloženie ikon vstavaných aplikácií na ploche. • Resetovať polohu a súkromie:  Resetuje lokalizačné služby a nastavenia súkromia na pôvodné. Zvuky iPhone môžete nastaviť tak, aby prehral zvuk pri každom prijatí novej správy, emailu, hovoru, Tweetu, príspevku na Facebooku, odkazu alebo pripomienky. Zároveň môžete nastaviť zvuky pre odoslanie emailu, stlačenie klávesu na dotykovej klávesnici alebo pre zamknutie zariadenia iPhone. Informácie o stíšení iPhonu nájdete v časti Prepínač Zvoniť/Ticho na strane 10.Kapitola 33 Nastavenia 146 Zmena nastavení zvukov:  Prejdite do Nastavenia > Zvuky. Medzi dostupné možnosti patria: • Nastavenie vibrovania iPhonu pri prichádzajúcom hovore. • Nastavenie vibrovania iPhonu v tichom režime. • Úprava hlasitosti vyzváňania a upozornení. • Vypnutie zmeny hlasitosti vyzváňania prostredníctvom bočných tlačidiel. • Nastavenie zvonenia. Ak chcete priradiť nejakej osobe konkrétne zvonenie, prejdite do jej vizitky v aplikácii Kontakty. • Nastavenie upozornenia a ďalších zvukov. • Zapnutie zvukov klávesnice a zvuku zamykania iPhonu. Nastavenie vibrovania:  Prejdite do Nastavenia > Zvuky a potom v zozname Zvuky a vibrovania vyberte položku. Klepnutím na Vibrovanie vyberte niektoré z nich. • Vytvorenie nového vibrovania:  Klepnite na položku v zozname Zvuky a vibrovania a potom klepnite na Vibrovanie. Klepnite na Vytvoriť nové vibrovanie a potom klepaním na obrazovku vytvorte vlastné vibrovanie. Jas a pozadie Jas obrazovky ovplyvňuje výdrž batérie. Pre predĺženie času, počas ktorého nebude nutné iPhone nabíjať, stlmte jas obrazovky, prípadne použite funkciu Automatický jas. Nastavenie jasu obrazovky:  Prejdite do Nastavenia > Jas a pozadie a potiahnite posuvník. Ak je funkcia Automatický jas zapnutá, iPhone sám nastavuje jas obrazovky podľa aktuálneho osvetlenia, hodnotu ktorého získava pomocou vstavaného svetelného senzora. Nastavenia pozadia vám umožnia nastaviť obrázok alebo fotku ako pozadie pre zamknutú obrazovku alebo pre plochu. Viac v časti Zmena pozadia na strane 23. Súkromie Nastavenia Súkromia vám umožňujú kontrolovať prístup aplikácií a systémových služieb k lokalizačným službám, kontaktom, kalendárom, pripomienkam a fotkám. Lokalizačné služby umožňujú aplikáciám ako Pripomienky, Mapy a Kamera, ktoré sú založené na určovaní polohy, získavať a používať dáta určujúce vašu polohu. Vaša približná poloha je stanovená pomocou dostupných informácií z mobilnej dátovej siete, miestnych Wi-Fi sietí (v prípade, že máte zapnuté Wi-Fi) a GPS (nemusí byť dostupné vo všetkých oblastiach). Dáta získavané spoločnosťou Apple nie sú vo formáte, ktorý by umožňoval identifikovať vašu osobu. Ak aplikácia používa lokalizačné služby, v stavovom riadku sa zobrazí . Zapnutie alebo vypnutie lokalizačných služieb:  Prejdite do Nastavenia > Súkromie > Lokalizačné služby. Môžete ich zapnúť alebo vypnúť pre niektoré alebo pre všetky aplikácie a služby. Ak vypnete lokalizačné služby, budete vyzvaný k ich opätovnému zapnutiu v prípade, že sa ich nejaká aplikácia alebo služba pokúsi použiť. Vypnutie lokalizačných služieb pre systémové služby:  Lokalizačné služby využíva niekoľko systémových služieb. Napríklad kalibrácia kompasu alebo iAds založené na polohe. Ak chcete zobraziť ich stav, zapnite ich alebo vypnite, prípadne zapnite zobrazovanie ikony v lište. Táto ikona indikuje používanie lokalizačných služieb. Prejdite do Nastavenia > Súkromie > Lokalizačné služby > Systémové služby.Kapitola 33 Nastavenia 147 Vypnutie prístupu k súkromným informáciám:  Prejdite do Nastavenia > Súkromie. Zobrazí sa zoznam aplikácií, ktoré požiadali o prístup k nasledovným informáciám: • Kontakty • Kalendár • Pripomienky • Fotky • Zdieľanie Bluetooth • Twitter • Facebook Môžete vypnúť prístup každej z aplikácií ku každej jednej kategórii. Ak chcete zistiť, ako aplikácie tretích strán používajú vyžadované dáta, pozorne si prečítajte ich zmluvné podmienky a zásady ochrany osobných údajov.A 148 Vďaka podpore zabezpečeného prístupu do firemných sietí a adresárov a podpore Microsoft Exchange je iPhone pripravený na používanie vo firemnom prostredí. Detailné informácie týkajúce sa používania iPhonu vo firme nájdete na adrese www.apple.com/iphone/business. Používanie konfiguračných profilov Vo firemnom prostredí je často možné nastaviť na iPhone účty a iné položky pomocou konfiguračných profilov. Konfiguračné profily umožňujú vášmu správcovi nastaviť iPhone na používanie informačných systémov vo vašej firme, škole alebo organizácii. Konfiguračný profil môže napríklad nastaviť iPhone na prístup k serverom Microsoft Exchange v práci, takže na ňom bude možné pristupovať k Exchange emailom, kalendárom a kontaktom a zároveň môže kvôli zabezpečeniu informácií zapnúť uzamykanie heslom. Váš správca môže distribuovať konfiguračné profily emailom, umiestniť ich na zabezpečenú webovú stránku alebo ich priamo nainštalovať na váš iPhone. Váš správca môže na iPhone nainštalovať profil, ktorý ho prepojí so serverom na správu mobilných zariadení, takže bude možné upravovať nastavenia iPhonu na diaľku. Inštalácia konfiguračných profilov:  Na iPhone otvorte emailovú správu alebo si stiahnite konfiguračné profily z webovej stránky, ktorú poskytol správca. Po otvorení konfiguračného profilu sa spustí inštalácia. Dôležité:  Zrejme budete požiadaní o potvrdenie dôveryhodnosti konfiguračného profilu. Ak si nie ste istí, overte to si pred inštaláciou dôveryhodnosť profilu u svojho správcu. Nastavenia upravené konfiguračným profilom nemôžete meniť. Ak chcete zmeniť nastavenia, musíte najprv odinštalovať konfiguračný profil alebo nainštalovať nový konfiguračný profil s novými nastaveniami. Odstránenie konfiguračného profilu:  Prejdite do Nastavenia > Všeobecné > Profil, vyberte konfiguračný profil a klepnite na Odstrániť. Odstránením konfiguračného profilu dôjde k vymazaniu nastavení a všetkých ostatných informácií nainštalovaných profilom. Nastavenie Microsoft Exchange účtov Microsoft Exchange poskytuje email, kontakty, úlohy a kalendáre, ktoré môžete automaticky bezdrôtovo synchronizovať s iPhonom. Exchange účet môžete nastaviť priamo na iPhone. Nastavenie Exchange účtu na iPhone:  Prejdite do Nastavenia > Mail, kontakty, kalendáre. Klepnite na Pridať účet a potom klepnite na Microsoft Exchange. Nastavenia zistíte u svojho poskytovateľa služby alebo správcu. iPhone ako pracovný nástroj PrílohaPríloha A iPhone ako pracovný nástroj 149 VPN prístup VPN (Virtuálna privátna sieť) poskytuje zabezpečený prístup do súkromných sietí — napríklad vo vašej firme alebo v škole — prostredníctvom internetu. Na konfiguráciu a zapnutie VPN na iPhone použite nastavenia Siete. Nastavenia VPN získate od svojho správcu. VPN je možné nastaviť aj automaticky pomocou konfiguračného profilu. Ak je VPN nastavené pomocou konfiguračného profilu, iPhone môže zapínať VPN automaticky podľa potreby. Viac informácií získate u svojho správcu. LDAP a CardDAV účty Nastavením LDAP účtu umožníte prezeranie a vyhľadávanie kontaktov na LDAP serveri vašej organizácie. Server sa zobrazí ako nová skupina v aplikácii Kontakty. LDAP kontakty nebudú stiahnuté na váš iPhone, takže si ich môžete prezerať len ak máte pripojenie na internet. Nastavenia účtu a ďalšie požiadavky (napríklad VPN) získate u svojho správcu. Nastavením CardDAV účtu umožníte bezdrôtovú aktualizáciu kontaktov s iPhonom. Zároveň bude možné vyhľadávať kontakty na CardDAV serveri vašej organizácie. Nastavenie LDAP alebo CardDAV účtu:  Prejdite do Nastavenia > Mail, kontakty, kalendáre a klepnite na Pridať účet. Klepnite na Iný. Nastavenia zistíte u svojho poskytovateľa služby alebo správcu.B 150 Medzinárodné klávesnice vám umožňujú písať text v rôznych jazykoch, vrátane ázijských jazykov so smerom písania sprava doľava. Používanie medzinárodných klávesníc Medzinárodné klávesnice vám umožňujú písať text v rôznych jazykoch, vrátane ázijských jazykov so smerom písania sprava doľava. Zoznam podporovaných klávesníc nájdete na adrese www.apple.com/iphone/specs.html. Spravovanie klávesníc:  Prejdite do Nastavenia > Všeobecné > Medzinárodné > Klávesnice. • Pridanie klávesnice:  Klepnite na Pridať klávesnicu a v zozname vyberte požadovanú klávesnicu. Pre pridanie ďalších klávesníc zopakujte tento postup. • Odstránenie klávesnice:  Klepnite na Upraviť, klepnite na vedľa klávesnice, ktorú chcete odstrániť a potom klepnite na Vymazať. • Úprava zoznamu klávesníc:  Klepnite na Upraviť a potom potiahnite vedľa klávesnice na nové miesto v zozname. Ak chcete zadávať text v inom jazyku, prepnite klávesnice. Prepínanie klávesníc počas písania:  Podržte stlačený kláves Glóbus pre zobrazenie všetkých povolených klávesníc. Pre výber klávesnice presuňte prst na názov klávesnice a potom ho zdvihnite. Kláves Glóbus sa zobrazí len v prípade, ak je povolená viac ako jedna klávesnica. Môžete tiež klepnúť na . Po klepnutí na sa na krátky okamih zobrazí názov novo aktivovanej klávesnice. Ďalším klepnutím na toto tlačidlo prepínate na ostatné povolené klávesnice. Množstvo klávesníc umožňuje zadávanie písmen, číslic a symbolov, ktoré nie sú zobrazené na klávesnici. Zadávanie písmen s diakritikou alebo iných znakov:  Podržte prst na súvisiacom písmene, číslici alebo znaku a potom ho presuňte na požadovaný variant. Napríklad: • Na thajskej klávesnici:  Thajské číslo vyberte dotykom a podržaním prsta na príslušnom arabskom čísle. • Na čínskej, japonskej alebo arabskej klávesnici:  Navrhované znaky alebo alternatívy sa zobrazujú v hornej časti klávesnice. Klepnutím na kandidáta ho zadáte a švihnutím prsta doľava zobrazíte ďalších kandidátov. Používanie rozšíreného zoznamu kandidátov:  Pre zobrazenie celého zoznamu kandidátov klepnite na šípku nahor (nachádza sa vpravo). • Rolovanie zoznamom:  Švihnite prstom nahor alebo nadol. • Návrat na krátky zoznam:  Klepnite na šípku nadol. Medzinárodné klávesnice PrílohaPríloha B Medzinárodné klávesnice 151 Pri používaní istých čínskych alebo japonských klávesníc si môžete vytvoriť skratky pre páry slov a vstupov. Skratky budú pridané do vášho osobného slovníka. Ak zadáte skratku a zároveň používate podporovanú klávesnicu, bude skratka nahradená príslušným slovom. Vypnutie alebo zapnutie skratiek:  Prejdite do Nastavenia > Všeobecné > Klávesnica > Skratky. Skratky sú dostupné pre: • Zjednodušená čínština:  Pinyin • Tradičná čínština:  Pinyin a Zhuyin • Japončina:  Romaji a 50-klávesová Špeciálne spôsoby zadávania Klávesnice môžete používať na zadávanie textu v niektorých jazykoch rôznymi spôsobmi. Medzi niekoľko príkladov patria čínske Cangjie, Wubihua a japonská Kana a Facemarks. Zároveň môžete prstom alebo pomocou stylusu písať čínske znaky priamo na obrazovke. Skladanie čínskych znakov z jednotlivých Cangjie klávesov:  Navrhované znaky sa zobrazia počas písania. Vyberte znak klepnutím, prípadne pokračujte v zadávaní najviac piatich komponentov pre zobrazenie ďalších možností. Skladanie čínskych znakov Wubihua (ťahmi):  Použite klávesnicu na skladanie čínskych znakov pomocou najviac piatich ťahov v správnom poradí: vodorovne, zvislo, zľava dovnútra, sprava dovnútra a háčik. Napríklad čínsky znak 圈 (kruh) by mal začať vertikálnym ťahom 丨. • Počas písania sa budú zobrazovať navrhované čínske znaky (ako prvé sa zobrazia najpoužívanejšie znaky). Klepnutím vyberiete znak. • Ak si nie ste istí správnosťou ťahu, zadajte hviezdičku (*). Ak chcete zobraziť ďalšie možnosti znakov, zadajte ďalší ťah, prípadne ho vyberte v zozname znakov. Klepnite na kláves pre zhodu (匹配), ak chcete zobraziť len znaky presne zodpovedajúce tomu, čo ste napísali. Písanie čínskych znakov prstom:  Čínske znaky píšte prstom priamo na obrazovku so zapnutým rukopisným formátom Zjednodušená alebo Tradičná čínština. iPhone bude rozpoznávať písmená počas písania ťahom a zobrazovať zhodné znaky v zozname (znaky s najväčšou zhodou sú zobrazené vo vrchnej časti zoznamu). Keď si vyberiete nejaký znak, zobrazí sa v zozname súvisiacich znakov znak, ktorý za ním pravdepodobne nasleduje Touchpad Touchpad Niektoré komplexné znaky, ako napríklad 鱲 (súčasť názvu medzinárodného letiska v Hongkongu), 𨋢 (výťah) a 㗎 súčasť používaná v kantónskej čínštine), je možné vytvoriť napísaním dvoch alebo viacerých súčastí za sebou. Klepnite na znak pre nahradenie písaných znakov. Rozpoznávané sú aj znaky typu Roman.Príloha B Medzinárodné klávesnice 152 Písanie v japonskej kane:  Použite Kana klávesnicu pre výber slabík. Pre väčší výber slabík klepnite na kláves šípka a v okne vyberte ďalšiu slabiku alebo slovo. Písanie v japonskej romaji:  Na zadávanie slabík použite Romaji klávesnicu. Alternatívne slabiky sa zobrazujú vo vrchnej časti klávesnice. Zadáte ich klepnutím na ne. Pre väčší výber slabík klepnite na kláves šípka a v okne vyberte ďalšiu slabiku alebo slovo. Písanie znakov Facemark a emotikonov:  Použite japonskú klávesnicu Kana a klepnite na kláves ^_^. Prípadne môžete: • Použiť japonskú klávesnicu Romaji (QWERTY – japonské rozloženie):  Klepnite na kláves pre číslice a následne na kláves ^_^. • Použiť čínsku klávesnicu Pinyin (zjednodušená alebo tradičná) alebo Zhuyin (tradičná).  Klepnite na kláves pre symboly a následne na kláves ^_^.C 153 Dôležité informácie týkajúce sa bezpečnosti UPOZORNENIE:  Nedodržanie nasledovných bezpečnostných pokynov môže viesť k vzniku požiaru, elektrického šoku alebo iného zranenia, prípadne k poškodeniu iPhonu alebo iného majetku. Pred používaním iPhonu so prečítajte všetky nižšie uvedené bezpečnostné informácie. Zaobchádzanie  S iPhonom zaobchádzajte opatrne. Je vyrobený z kovu, skla a plastov a obsahuje citlivé elektronické komponenty. iPhone sa môže poškodiť pri páde, zapálení, prepichnutí alebo stlačení, prípadne ak príde do kontaktu s tekutinou. Používanie poškodeného iPhonu (napríklad s prasknutou obrazovkou) by mohlo mať za následok zranenie. Ak sa obávate škrabancov, zvážte používanie obalu. Oprava Neotvárajte iPhone a nepokúšajte sa ho sami opraviť. Rozoberanie iPhonu môže viesť k zraneniu alebo k poškodeniu iPhonu. Ak je iPhone poškodený, nefunguje alebo prišiel do kontaktu s tekutinou, kontaktujte spoločnosť Apple alebo autorizovaného poskytovateľa servisu Apple. Viac informácií o servise získate na stránke www.apple.com/support/iphone/service/faq. Batéria Nepokúšajte sa vymieňať batériu v iPhone. Mohli by ste ju poškodiť, čo môže mať za následok prehriatie zariadenia a zranenie osôb. Lítiumiónová batéria by mala byť vymieňaná len spoločnosťou Apple alebo autorizovaným poskytovateľom servisu Apple a musí byť recyklovaná alebo zlikvidovaná oddelene od odpadu z domácnosti. Batériu sa nepokúšajte spáliť. Informácie o recyklácii a výmene batérií nájdete na adrese www.apple.com/sk/batteries. Strata pozornosti Používanie iPhonu vás môže v niektorých situáciách rozptyľovať a viesť k vzniku nebezpečných situácií. Oboznámte sa s pravidlami, ktoré zakazujú alebo obmedzujú používanie mobilných telefónov alebo slúchadiel (vyhnite sa napríklad posielaniu textových správ počas šoférovania alebo počúvaniu hudby prostredníctvom slúchadiel počas bicyklovania). Navigácia Mapy, smery, Flyover a aplikácie založené na určovaní polohy sú závislé na dátových službách. Tieto údaje a služby sa môžu meniť a nemusia byť dostupné vo všetkých oblastiach, čo môže spôsobiť, že mapy, smery, Flyover alebo informácie stanovujúce polohu môžu byt nedostupné, nepresné alebo neúplné. Porovnajte informácie získané pomocou iPhonu so svojím okolím a korigujte tak akékoľvek nezrovnalosti. Niektoré funkcie aplikácie Mapy vyžadujú lokalizačné služby. Viac v časti Súkromie na strane 146. Počas navigácie sa riaďte zdravým rozumom. Bezpečnosť, zaobchádzanie a podpora PrílohaPríloha C Bezpečnosť, zaobchádzanie a podpora 154 Nabíjanie iPhone nabíjajte pomocou priloženého USB kábla a napájacieho adaptéra, prípadne pomocou iných káblov a napájacích adaptérov tretích strán, ktoré sú označené logom „Made for iPhone“ (Vyrobené pre iPhone), kompatibilné s USB 2.0 a spĺňajú jednu alebo viacero nasledovných noriem EN 301489-34, IEC 62684, YD/T 1591-2009, CNS 15285, ITU L.1000, prípadne inú vyhovujúcu normu, ktorá zaručuje kompatibilitu napájacích adaptérov mobilných telefónov. Pripojenie iPhonu k niektorých kompatibilným napájacím adaptérom môže vyžadovať iPhone Micro USB adaptér (dostupný v niektorých oblastiach) alebo iný adaptér. Používanie poškodených káblov alebo nabíjačiek, prípadne nabíjanie vo vlhkom prostredí môže spôsobiť elektrický šok. Ak na nabíjanie iPhonu používate napájací USB adaptér, uistite sa pred jeho zasunutím do zásuvky, že je správne zložený (napájacia zástrčka alebo napájací kábel musia byť správne zasunuté do adaptéra). Napájacie adaptéry sa počas bežného používania môžu zohriať a pri dlhšom kontakte by mohli spôsobiť zranenie. Počas používania napájacieho adaptéra vždy zabezpečte adekvátne vetranie. Poznámka:  Kompatibilné sú len micro USB adaptéry v určitých oblastiach, ktoré spĺňajú príslušné štandardy kompatibility napájacích adaptérov pre mobilné telefóny. Ak chcete zistiť, či váš micro USB adaptér spĺňa tieto štandardy, kontaktujte jeho výrobcu. Poškodenie sluchu  Počúvanie zvuku s vysokou úrovňou hlasitosti môže mať za následok poškodenie sluchu. Zvuk istej úrovne sa pri dlhšom počúvaní môže javiť tichší, ako je v skutočnosti. Podobný vplyv na vnímanie hlasitosti zvuku môže mať aj hluk na pozadí. Pred používaným slúchadiel najprv zapnite zvuk a skontrolujte jeho hlasitosť. Viac informácií o poškodení sluchu nájdete na adrese www.apple.com/sound. Informácie o nastavení obmedzenia maximálnej hlasitosti nájdete v časti Nastavenia aplikácie Hudba na strane 66. UPOZORNENIE:  Ak chcete predísť poškodeniu sluchu, nepočúvajte zvuk s vysokou úrovňou hlasitosti po dlhšiu dobu. Apple náhlavné sady Náhlavné sady predávané s iPhonom 4S a novšími modelmi v Číne (môžete ich rozpoznať podľa tmavých izolačných krúžkov na konektore) boli navrhnuté tak, aby spĺňali čínske štandardy a sú kompatibilné so zariadeniami iPhone 4S a novšími modelmi, iPad 2 a novšími modelmi a iPod touch 5. generácie. So svojím zariadením používajte len kompatibilné náhlavné sady. Rádiové signály  iPhone používa na pripájanie k bezdrôtovým sieťam rádiové signály. Informácie o množstve energie používanej na prenos týchto signálov a o minimalizácii rizika vystavovania sa týmto vyžarovaniu nájdete v časti Nastavenia > Všeobecné > Informácie > Právne > RF žiarenie Rádiofrekvenčné rušenie  Venujte pozornosť značkám a upozorneniam, ktoré zakazujú alebo obmedzujú používanie mobilných telefónov (napríklad v zdravotníckych zariadeniach alebo pri odpaľovacích prácach). Aj keď bol iPhone navrhnutý, testovaný a vyrobený tak, aby spĺňal normy týkajúce sa rádiofrekvenčného vyžarovania, môže takéto vyžarovanie iPhonu negatívne ovplyvniť prevádzku iných elektronických zariadení a spôsobiť ich poruchy. Na miestach, kde je to zakázané, ako napríklad na palube lietadla, vypnite iPhone alebo použite režim lietadlo, ktorý vypne bezdrôtové vysielače iPhonu.Príloha C Bezpečnosť, zaobchádzanie a podpora 155 Zdravotné prístroje iPhone obsahuje vysielače, ktoré vytvárajú elektromagnetické polia. Tieto elektromagnetické polia môžu spôsobiť rušenie kardiostimulátorov alebo iných zdravotných prístrojov. Ak máte kardiostimulátor, dodržujte vzdialenosť najmenej 15 cm medzi kardiostimulátorom a iPhonom. Ak máte podozrenie, že iPhone spôsobuje rušenie vášho kardiostimulátora alebo iného zdravotného prístroja, prestaňte používať iPhone a obráťte sa na svojho lekára. iPhone obsahuje v spodnej časti magnety a priložené slúchadlá taktiež obsahujú magnety, ktoré môžu spôsobiť rušenie kardiostimulátorov, defibrilátorov a ďalších zdravotných prístrojov Dodržujte vzdialenosť najmenej 15 cm medzi kardiostimulátorom alebo defibrilátorom a iPhonom alebo slúchadlami. Zdravotný problémy Ak máte akékoľvek zdravotné problémy, na ktoré by iPhone mohol mať vplyv (napríklad závrate, stratu vedomia, bolesti očí alebo hlavy), konzultujte ich pred používaním iPhonu so svojim lekárom. Explozívne ovzdušie  Nenabíjajte iPhone na žiadnych miestach s potenciálne explozívnym ovzduším, ako sú napríklad čerpacie stanice alebo miesta, kde vzduch obsahuje chemikálie alebo iné častice (ako napríklad prach alebo železný prach). Dodržiavajte inštrukcie a príkazy. Opakované pohyby  Pri vykonávaní opakovaných pohybov počas práce s iPhonom, ako je napríklad písanie alebo hranie hier, môžete občas pociťovať bolesti dlaní, rúk, ramien, krku alebo iných častí tela. Ak sa u vás vyskytnú takéto bolesti, konzultujte ich so svojim lekárom. Rizikové aktivity  Toto zariadenie nebolo navrhnuté na používanie na miestach, kde by jeho zlyhanie mohlo viesť k smrti, zraneniu osôb alebo závažnému poškodeniu životného prostredia. Riziko zadusenia  Niektoré z príslušenstva iPhonu môže predstavovať riziko zadusenia pre malé deti. Uchovávajte takéto príslušenstvo mimo dosahu malých detí. Dôležité informácie týkajúce sa zaobchádzania Čistenie iPhone vyčistite okamžite keď príde do kontaktu s akýmikoľvek látkami, ktoré môžu spôsobiť škvrny, ako napríklad nečistoty, atrament, líčidlá alebo kozmetické prípravky. Čistenie: • Odpojte od iPhonu všetky káble a vypnite ho (podržte tlačidlo Spať/Zobudiť a prstom potiahnite prepínač na obrazovke). • Použite mäkkú handričku, ktorá neuvoľňuje vlákna. • Zabráňte tomu, aby sa do otvorov dostala vlhkosť. • Nepoužívajte čistiace prostriedky ani stlačený vzduch. Predná a zadná časť iPhonu môže byť vyrobená zo skla, ktoré je pokryté oleofobickou (odpudzuje mastnotu) vrstvou odolnou voči odtlačkom prstov. Tento typ povrchu sa pri normálnom používaní po čase opotrebováva. Čistiace prostriedky a drsné materiály ničia takýto povrch ešte rýchlejšie a môžu spôsobiť poškrabanie skla. Abrazívne látky môžu takisto poškriabať povrch iPhonu. Používanie konektorov, portov a tlačidiel  Nikdy nepripájajte konektor do portu nasilu ani príliš silno nestláčajte tlačidlá. Mohlo by dôjsť k poškodeniu, na ktoré sa nevzťahuje záruka. Ak sa konektor nedá s ľahkosťou pripojiť do portu, zrejme spolu nepasujú. Skontrolujte, či konektor neblokujú prekážky, či sa konektor a port k sebe hodia a či ste správne umiestnili konektor vzhľadom na port.Príloha C Bezpečnosť, zaobchádzanie a podpora 156 Lightning  Lightning konektor môže počas bežného používania zmeniť farbu. Zmena farby môže byť spôsobená špinou, prachom a vystavením tekutinám. Ak chcete odstrániť zafarbenie alebo ak sa počas používania kábel zahrieva či nenabíja ani nesynchronizuje iPhone, odpojte ho od svojho počítača alebo napájacieho adaptéra a vyčistite ho suchou mäkkou handričkou, ktorá nepúšťa vlákna. Na čistenie Lightning konektora nepoužívajte kvapaliny ani čistiace prostriedky. Prevádzková teplota  iPhone bol navrhnutý na prevádzku v prostredí s teplotou od 0° do 35° C a uskladnenie v prostredí s teplotou od -20° do 45° C. Ak budete používať alebo uskladňovať iPhone mimo tohto rozsahu teplôt, môže dôjsť k jeho poškodeniu a k skráteniu životnosti batérie. Nevystavujte iPhone dramatickým zmenám teploty alebo vlhkosti. Počas bežného používania alebo nabíjania batérie sa iPhone môže zahriať. Ak vnútorná teplota iPhonu prekročí stanovené limity (napríklad v zaparkovanom aute alebo na priamom slnečnom svetle), môže sa pokúsiť znížiť svoju teplotu. Prejaví sa to nasledovne: • iPhone sa prestane nabíjať. • Obrazovka stmavne. • Zobrazí sa obrazovka s varovaním o teplote. • Niektoré aplikácie sa môžu zatvoriť. Dôležité:  Ak sa zobrazí upozornenie na prehriatie, iPhone zrejme nebude možné používať. Ak iPhone nedokáže regulovať svoju vnútornú teplotu, prepne sa do hlbokého spánkového režimu a zotrvá v ňom, až kým nevychladne. Premiestnite iPhone na chladnejšie miesto mimo priameho slnečného žiarenia a počkajte niekoľko minút pred jeho ďalším použitím. Ďalšie informácie nájdete na adrese support.apple.com/kb/HT2101. Webová stránka podpory pre iPhone Vyčerpávajúce informácie týkajúce sa podpory nájdete na adrese www.apple.com/sk/support/iphone. Ak chcete kontaktovať spoločnosť Apple a získať osobnú podporu (nie je dostupná pre všetky oblasti), navštívte stránku expresslane.apple.com. Reštartovanie alebo resetovanie iPhonu Väčšina prípadov s nesprávnym fungovaním zariadenia iPhone sa dá vyriešiť vynúteným zatvorením aplikácie, reštartovaním alebo resetovaním zariadenia iPhone. Reštartovanie zariadenia iPhone:  Stlačte a podržte tlačidlo Spať/Zobudiť, až kým sa nezobrazí červený prepínač. iPhone vypnete potiahnutím prepínača pomocou prsta. iPhone následne zapnete stlačením a podržaním tlačidla Spať/Zobudiť, až kým sa nezobrazí logo spoločnosti Apple. Vynútené zatvorenie aplikácie:  Stlačte a podržte tlačidlo Spať/Zobudiť niekoľko sekúnd, až kým sa nezobrazí červený prepínač a potom podržte tlačidlo Domov , až kým nedôjde k zatvoreniu aplikácie. Vynútiť zatvorenie aplikácie môžete aj tak, že ju odstránite zo zoznamu naposledy používaných aplikácií. Viac v časti Otváranie a prepínanie medzi aplikáciami na strane 19. Ak sa iPhone nedá vypnúť a problém pretrváva, pravdepodobne bude potrebné resetovať zariadenie iPhone. Túto možnosť by ste mali zvoliť len v prípade, že sa vypnutím a zapnutím zariadenia iPhone problém nevyriešil. Resetovanie zariadenia iPhone:  Stlačte a niekoľko sekúnd podržte tlačidlo Spať/Zobudiť naraz s tlačidlom Domov , až kým sa nezobrazí logo spoločnosti Apple.Príloha C Bezpečnosť, zaobchádzanie a podpora 157 Zobrazí sa nápis „Nesprávne heslo“ alebo „iPhone je zablokovaný“ Ak zabudnete svoje heslo alebo iPhone zobrazí upozornenie, že je zablokovaný, pozrite si stránku „iOS: Wrong passcode results in red disabled screen” na adrese support.apple.com/kb/HT1212. Zobrazí sa nápis „Toto príslušenstvo nie je podporované iPhonom“ Pripojené príslušenstvo nemusí správne fungovať s iPhonom. Uistite sa, že USB kábel a konektory nie sú znečistené a obráťte sa na dokumentáciu dodanú s príslušenstvom. Nezobrazujú sa prílohy emailových správ Ak iPhone nedokáže zobraziť prílohy z emailov, skúste nasledovné: • Zobrazte si prílohu:  Klepnite na prílohu pre jej zobrazenie pomocou funkcie Náhľad. Je možné, že budete musieť chvíľu počkať na jej stiahnutie. • Uložte fotku alebo video z prílohy:  Klepnite na prílohu pre jej zobrazenie pomocou funkcie Náhľad. Je možné, že budete musieť chvíľu počkať na jej stiahnutie. Náhľad podporuje nasledujúce typy dokumentov: • .doc, .docx — Microsoft Word • .htm, .html — webová stránka • .key — Keynote • .numbers — Numbers • .pages — Pages • .pdf — Preview, Adobe Acrobat • .ppt, .pptx — Microsoft PowerPoint • .rtf — Formátovaný text • .txt — text • .vcf — kontaktné údaje • .xls, .xlsx — Microsoft Excel Informácie týkajúce sa riešenia ďalších problémov nájdete na adrese www.apple.com/sk/support/iphone. Zálohovanie iPhonu Na automatické zálohovanie zariadenia iPhone môžete použiť iCloud alebo iTunes. Ak sa rozhodnete pre zálohovanie na iCloud, nemôžete zároveň používať iTunes na automatické zálohovanie do svojho počítača. iTunes však môžete použiť na manuálne zálohovanie do počítača. Zálohovanie na iCloud iCloud denne zálohuje iPhone cez Wi-Fi, keď je pripojený k zdroju napájania a zamknutý. Dátum a čas poslednej zálohy je zobrazený v spodnej časti obrazovky Úložisko a záloha. iCloud zálohuje: • Zakúpenú hudbu, TV seriály aplikácie a knihy • Fotky a videá v albume Fotoaparát • Nastavenia iPhonuPríloha C Bezpečnosť, zaobchádzanie a podpora 158 • Dáta aplikácií • Usporiadanie plochy a aplikácií • Správy (iMessage, SMS a MMS) • Zvonenia Poznámka:  Zakúpená hudba nie je zálohovaná vo všetkých oblastiach a TV seriály nie sú dostupné vo všetkých oblastiach. Ak ste nepovolili iCloud zálohu pri úvodnom nastavení zariadenia iPhone, môžete ju zapnúť neskôr v nastaveniach iCloudu. Zapnutie iCloud záloh:  Prejdite do Nastavenia > iCloud a ak je to potrebné, prihláste sa pomocou svojho Apple ID a hesla. Prejdite do Úložisko a záloha a potom zapnite možnosť iCloud záloha. Okamžité zálohovanie:  Prejdite do Nastavenia > iCloud > Úložisko a záloha a potom klepnite na Zálohovať. Spravovanie záloh:  Prejdite do Nastavenia > iCloud > Úložisko a záloha a potom klepnite na Spravovať úložisko. Klepnite na názov svojho iPhonu. Zapnutie alebo vypnutie zálohovania albumu Fotoaparát:  Prejdite do Nastavenia > iCloud > Úložisko a záloha a potom klepnite na Spravovať úložisko. Klepnite na názov svojho iPhonu a potom zapnite alebo vypnite zálohovanie albumu Fotoaparát. Zobrazenie zálohovaných zariadení:  Prejdite do Nastavenia > iCloud > Úložisko a záloha > Spravovať úložisko. Zastavenie zálohovania na iCloud:  Prejdite do Nastavenia > iCloud > Úložisko a záloha > Záloha a vypnite možnosť iCloud záloha. Hudba, ktorá nebola zakúpená v iTunes, nie je zálohovaná na iCloude. Na zálohovanie a obnovenie takéhoto obsahu musíte použiť iTunes. Viac v časti Synchronizácia s iTunes na strane 17. Dôležité:  Zálohy pre hudbu a TV seriály nie sú dostupné vo všetkých oblastiach. Predchádzajúce nákupy nemusia byť dostupné, ak sa viac nenachádzajú v iTunes Store, App Store alebo iBookstore. Zakúpený obsah a obsah albumu Fotostream nezaberajú na 5 GB bezplatnom iCloud úložisku žiadne miesto. Zálohovanie v iTunes iTunes vytvára zálohy fotiek v albumoch Fotoaparát alebo Uložené fotky a zálohy textových správ, poznámok, histórie hovorov, vášho zoznamu Obľúbené, nastavení zvuku a ďalších dát. Mediálne súbory, ako napríklad skladby a niektoré fotky, nie sú zálohované, no môžete ich obnoviť synchronizáciou s iTunes. Po pripojení zariadenia iPhone k počítaču, s ktorým ho bežne synchronizujete, vytvorí iTunes zálohu v nasledujúcich prípadoch: • Synchronizácia s iTunes:  iTunes synchronizuje iPhone pri každom pripojení zariadenia iPhone k vášmu počítaču. iTunes nebude automaticky zálohovať iPhone ktorý nie je nastavený na synchronizáciu s daným počítačom. Viac v časti Synchronizácia s iTunes na strane 17. • Aktualizácia alebo obnova zariadenia iPhone:  iTunes zálohuje zariadenie iPhone pred aktualizáciou a obnovením.Príloha C Bezpečnosť, zaobchádzanie a podpora 159 iTunes môže kvôli ochrane vašich dát zašifrovať zálohy zariadenia iPhone. Šifrovanie záloh zariadenia iPhone:  V paneli Zhrnutie v iTunes vyberte možnosť Zašifrovať zálohu iPhone. Obnovenie súborov a nastavení na iPhone:  Pripojte iPhone k počítaču, s ktorým ho bežne synchronizujete, v okne iTunes vyberte iPhone a v paneli Zhrnutie vyberte Obnoviť. Ďalšie informácie o zálohovaní nájdete na adrese support.apple.com/kb/HT1766. Odstraňovanie záloh z iTunes Zálohu zariadenia iPhone môžete odstrániť zo zoznamu záloh v iTunes. Túto funkciu je vhodné využiť napríklad v prípade, ak bola vaša záloha vytvorená na inom počítači. Odstránenie zálohy: 1 V iTunes otvorte Nastavenia iTunes. • Mac:  Vyberte iTunes > Nastavenia. • Windows:  Vyberte Upraviť > Nastavenia. 2 Kliknite na Zariadenia (iPhone nemusí byť pripojený k iTunes). 3 Vyberte zálohu, ktorú chcete vymazať a klepnite na Vymazať zálohu. 4 Potvrďte vymazanie kliknutím na Vymazať a potom kliknite na Potvrdiť. Aktualizácia a obnova softvéru na zariadení iPhone Softvér zariadenia iPhone môžete aktualizovať v nastaveniach na zariadení alebo pomocou iTunes. Zariadenie iPhone môžete tiež vymazať a obnoviť a potom ho pomocou iCloudu alebo iTunes obnoviť zo zálohy. Vymazané dáta viac nebudú dostupné prostredníctvom užívateľského rozhrania zariadenia iPhone, ale nie sú natrvalo vymazané zo zariadenia iPhone. Viac informácií o trvalom vymazaní celého obsahu a nastavení nájdete v časti Resetovanie na strane 145. Aktualizácia iPhonu Softvér na iPhone môžete aktualizovať v nastaveniach na zariadení alebo pomocou iTunes. Bezdrôtová aktualizácia na iPhone:  Prejdite do Nastavenia > Všeobecné > Aktualizácia softvéru. iPhone vyhľadá dostupné aktualizácie softvéru. Aktualizácia softvéru v iTunes:  iTunes vyhľadá dostupné aktualizácie softvéru pri každej synchronizácii zariadenia iPhone pomocou iTunes. Viac v časti Synchronizácia s iTunes na strane 17. Ďalšie informácie o aktualizácii softvéru zariadenia iPhone nájdete na adrese support.apple.com/kb/HT4623. Obnova iPhonu zo zálohy Na obnovenie zariadenia iPhone zo zálohy môžete použiť iCloud alebo iTunes. Obnova z iCloud zálohy:  Resetujte iPhone kvôli vymazaniu všetkých nastavení a informácií. Prihláste sa do iCloudu a v aplikácii Sprievodca nastavením vyberte možnosť Obnoviť zo zálohy. Viac v časti Resetovanie na strane 145. Obnova zo zálohy v iTunes:  Pripojte iPhone k počítaču, s ktorým ho bežne synchronizujete, v okne iTunes vyberte iPhone a v paneli Zhrnutie vyberte Obnoviť.Príloha C Bezpečnosť, zaobchádzanie a podpora 160 Po obnovení softvéru na zariadení iPhone ho môžete nastaviť ako nový iPhone, alebo obnoviť svoju hudbu, videá, aplikačné dáta a ďalší obsah zo zálohy. Ďalšie informácie o obnove softvéru zariadenia iPhone nájdete na adrese support.apple.com/kb/HT1414. Informácie o softvéri a servise Nasledujúca tabuľka popisuje spôsoby, akými môžete získať viac informácií týkajúcich sa bezpečnosti, softvéru a servisu pre iPhone. Pre informácie o Urobte toto Bezpečné používanie zariadenia iPhone Viac v časti Dôležité informácie týkajúce sa bezpečnosti na strane 153. Servis a podpora pre iPhone, tipy, diskusné fóra a Apple softvér určený na stiahnutie Navštívte stránku www.apple.com/sk/support/iphone. Služby a podpora od vášho operátora Kontaktujte svojho operátora, alebo navštívte jeho webovú stránku. Najnovšie informácie o iPhone Navštívte stránku www.apple.com/sk/iphone. Spravovanie Apple ID účtu Navštívte stránku appleid.apple.com. Používanie iCloudu Navštívte stránku www.apple.com/emea/support/icloud/. Používanie iTunes Otvorte iTunes a vyberte Pomoc > Pomocník pre iTunes. Online sprievodca aplikáciou iTunes je dostupný (nemusí byť dostupný vo všetkých oblastiach) na adrese www.apple.com/emea/support/itunes/. Používanie ďalších Appe iOs aplikácií Navštívte stránku www.apple.com/emea/support/ios/. Vyhľadanie sériového čísla a čísiel IMEI, ICCID alebo MEID vášho zariadenia iPhone Sériové číslo vášho zariadenia iPhone a čísla International Mobile Equipment Identity (IMEI), ICCD alebo Mobile Equipment Identifier (MEID) nájdete na balení zariadenia iPhone. Prípadne na iPhone vyberte Nastavenia > Všeobecné > Informácie. Ďalšie informácie nájdete na adrese support.apple.com/kb/ht4061. Záručný servis Najprv postupujte podľa pokynov v tejto príručke. Potom navštívte stránku www.apple.com/sk/support/iphone. Zobrazenie informácií o normách na iPhone Na iPhone prejdite do Nastavenia > Všeobecné > Informácie > Právne > Normy. Výmena batérie Navštívte www.apple.com/sk/batteries/. Používanie zariadenia iPhone vo firemnom prostredí Na webovej stránke www.apple.com/iphone/business nájdete ďalšie informácie o funkciách zariadenia iPhone, vrátane používania Microsoft Exchange, IMAP, CalDAV, CardDAV, VPN a ďalších. Príloha C Bezpečnosť, zaobchádzanie a podpora 161 Používanie zariadenia iPhone vo firemnom prostredí Na webovej stránke www.apple.com/iphone/business nájdete ďalšie informácie o funkciách zariadenia iPhone, vrátane používania Microsoft Exchange, IMAP, CalDAV, CardDAV, VPN a ďalších. Používanie zariadenia iPhone v sieťach iných operátorov Niektorí operátori vám umožnia odomknúť iPhone, takže ho môžete používať v ich sieti. Ak chcete zistiť, či váš operátor túto možnosť ponúka, navštívte support.apple.com/kb/HT1937. Vyžiadajte si od svojho operátora informácie o autorizácii a nastavení. Pre dokončenie procesu bude potrebné pripojiť iPhone k iTunes. Služba môže byť spoplatnená. Informácie o riešení problémov nájdete na adrese support.apple.com/kb/TS3198. Informácie o likvidácii a recyklácii Program na recykláciu spoločnosti Apple (k dispozícii v niektorých oblastiach):  Informácie o bezplatnej recyklácii starého mobilného telefónu spolu s predplatenou obálkou a inštrukciami nájdete na adrese www.apple.com/recycling. Likvidácia a recyklácia iPhonu  iPhone musíte zlikvidovať v zhode s miestnymi zákonmi a nariadeniami. iPhone obsahuje elektronické súčasti a batériu, preto musíte svoj iPhone likvidovať oddelene od domového odpadu. Keď iPhone dosiahne koniec svojho životného cyklu, kontaktujte mieste úrady pre viac informácií o možnostiach likvidácie a recyklácie, alebo ho jednoducho zaneste späť autorizovanému predajcovi Apple, či vráťte do Apple. Batéria bude recyklovaná ekologicky nezávadným spôsobom. Viac informácií nájdete na adrese www.apple.com/recycling. Výmena batérie:  Lítiumiónová batéria by mala byť vymieňaná len spoločnosťou Apple alebo autorizovaným poskytovateľom servisu Apple a musí byť recyklovaná alebo zlikvidovaná oddelene od odpadu z domácnosti. Viac informácií týkajúcich sa výmeny batérie nájdete na adrese www.apple.com/sk/batteries/. Účinnosť nabíjačky batérie Türkiye Türkiye Cumhuriyeti: EEE Yönetmeliğine Uygundur.Príloha C Bezpečnosť, zaobchádzanie a podpora 162 Európska únia — informácie týkajúce sa likvidácie elektroniky a batérií:  Vyššie uvedený symbol znamená, že v súlade s miestnymi zákonmi a nariadeniami by váš produkt a/alebo batéria mali byť zlykvidované oddelene od domového odpadu. Ak tento produkt dosiahne koniec životného cyklu, zaneste ho na zberné miesto určené miestnymi úradmi. Oddelený zber a recyklácia vášho produktu a/alebo batérie pomáhajú šetriť prírodné zdroje a zaručujú recykláciu spôsobom, ktorý chráni ľudské zdravie a životné prostredie. Union Européenne—informations sur l’élimination:  Le symbole ci-dessus signifie que, conformément aux lois et réglementations locales, vous devez jeter votre produit et/ou sa batterie séparément des ordures ménagères. Lorsque ce produit arrive en fin de vie, apportez-le à un point de collecte désigné par les autorités locales. La collecte séparée et le recyclage de votre produit et/ou de sa batterie lors de sa mise au rebut aideront à préserver les ressources naturelles et à s’assurer qu’il est recyclé de manière à protéger la santé humaine et l’environnement. Europäische Union—Informationen zur Entsorgung:  Das oben aufgeführte Symbol weist darauf hin, dass dieses Produkt und/oder die damit verwendete Batterie den geltenden gesetzlichen Vorschriften entsprechend und vom Hausmüll getrennt entsorgt werden muss. Geben Sie dieses Produkt zur Entsorgung bei einer offiziellen Sammelstelle ab. Durch getrenntes Sammeln und Recycling werden die Rohstoffreserven geschont und es ist sichergestellt, dass beim Recycling des Produkts und/oder der Batterie alle Bestimmungen zum Schutz von Gesundheit und Umwelt eingehalten werden. &Unione Europea—informazioni per lo smaltimento:  Il simbolo qui sopra significa che, in base alle leggi e alle normative locali, il prodotto e/o la sua batteria dovrebbero essere riciclati separatamente dai rifiuti domestici. Quando il prodotto diventa inutilizzabile, portalo nel punto di raccolta stabilito dalle autorità locali. La raccolta separata e il riciclaggio del prodotto e/o della sua batteria al momento dello smaltimento aiutano a conservare le risorse naturali e assicurano che il riciclaggio avvenga nel rispetto della salute umana e dell’ambiente. Europeiska unionen—information om kassering:  Symbolen ovan betyder att produkten och/eller dess batteri enligt lokala lagar och bestämmelser inte får kastas tillsammans med hushållsavfallet. När produkten har tjänat ut måste den tas till en återvinningsstation som utsetts av lokala myndigheter. Genom att låta den uttjänta produkten och/eller dess batteri tas om hand för återvinning hjälper du till att spara naturresurser och skydda hälsa och miljö. Brasil:  Informações sobre descarte e reciclagem O símbolo acima indica que este produto e/ou sua bateria não devem ser descartadas no lixo doméstico. Quando decidir descartar este produto e/ou sua bateria, faça-o de acordo com as leis e diretrizes ambientais locais. Para informações sobre o programa de reciclagem da Apple, pontos de coleta e telefone de informações, visite www.apple.com/environment. Apple a životné prostredie V Apple si uvedomujeme našu povinnosť minimalizovať dopady našich prevádzok a produktov na životné prostredie. Viac informácií nájdete na stránke www.apple.com/environment.KApple Inc. © 2012 Apple Inc. Všetky práva vyhradené. Apple, logo Apple, AirPlay, AirPort, AirPort Express, AirPort Extreme, Aperture, Apple TV, Cover Flow, FaceTime, Finder, iBooks, iCal, iLife, iMovie, iPad, iPhone, iPhoto, iPod, iPod touch, iSight, iTunes, Keynote, Mac, Mac OS, Numbers, OS X, Pages, Passbook, Safari, Siri, Spotlight, Time Capsule a logo Works with iPhone sú ochranné známky spoločnosti Apple Inc., registrované v USA a ďalších krajinách. AirPrint, EarPods, Flyover, Guided Access, iMessage, logo Made for iPhone a Multi-Touch sú ochranné známky spoločnosti Apple Inc. Apple Store, Genius, iAd, iCloud, iTunes Extras, iTunes Plus a iTunes Store sú značky služieb spoločnosti Apple Inc. zaregistrované v USA a ďalších krajinách. App Store, iBookstore a iTunes Match sú značky služieb spoločnosti Apple Inc. IOS je ochranná známka alebo registrovaná ochranná známka spoločnosti Cisco v USA a ďalších krajinách a jej použitie podlieha licencii. NIKE a logo Swoosh Design sú ochrannými známkami spoločnosti NIKE, Inc a jej dcérskych spoločností a ich používanie podlieha licencii. Bluetooth® je registrovaná obchodná známka Bluetooth SIG, Inc. a akékoľvek použitie tejto značky Apple Inc. podlieha licencii. Adobe a Photoshop sú registrovanými obchodnými známkami Adobe Systems Incorporated v USA a/alebo ďalších krajinách. Ďalšie názvy spoločností alebo produktov spomenuté v tomto dokumente môžu byť registrovanými obchodnými známkami príslušných spoločností. Zmienky o produktoch tretích strán majú len informačný význam a nie sú myslené ako propagácia alebo odporúčanie. Apple nepreberá žiadnu zodpovednosť za fungovanie a používanie týchto produktov. Akékoľvek dohody alebo záruky sú výlučne záležitosťou predajcu a potenciálnych zákazníkov. Tento manuál bol vytvorený tak, aby informácie v ňom boli presné. Apple nenesie zodpovednosť za tlačové alebo administratívne chyby. SL019-2344/2012-09 Aan de slag met de PowerBook G4 Installatie en uitbreiding van PowerBook G4-computers en het oplossen van problemenK Apple Computer, Inc. © 2001 Apple Computer, Inc. Alle rechten voorbehouden. Volgens de auteursrechtelijke bepalingen mag deze handleiding niet zonder schriftelijke toestemming van Apple geheel of gedeeltelijk worden gekopieerd. Het Apple logo is een handelsmerk van Apple Computer, Inc., dat is gedeponeerd in de Verenigde Staten en andere landen. Zonder voorafgaande schriftelijke toestemming van Apple is het niet toegestaan het via het toetsenbord op te roepen Apple logo (Option-Shift-K) te gebruiken voor commerciële doeleinden. Deze handleiding is met uiterste zorg samengesteld. Apple aanvaardt geen aansprakelijkheid voor druk- of typefouten. Apple Computer, Inc. 1 Infinite Loop Cupertino, CA 95014-2084 408-996-1010 www.apple.com Apple, het Apple logo, AppleTalk, FireWire, Mac, Macintosh, het Mac OS-logo, PowerBook, QuickTime en Sherlock zijn handelsmerken van Apple Computer, Inc., die zijn gedeponeerd in de Verenigde Staten en andere landen. AirPort, de Apple Store en iMovie zijn handelsmerken van Apple Computer, Inc. ENERGY STAR® is een handelsmerk dat is gedeponeerd in de Verenigde Staten. Java is een handelsmerk van Sun Microsystems, Inc. PowerPC is een handelsmerk van International Business Machines Corporation, dat in licentie wordt gebruikt. Andere in deze handleiding genoemde bedrijfs- of productnamen zijn handelsmerken van de betreffende bedrijven. Producten van andere fabrikanten worden alleen genoemd ter informatie. Dit betekent niet dat deze producten door Apple worden aanbevolen of door Apple zijn goedgekeurd. Apple aanvaardt geen enkele aansprakelijkheid met betrekking tot de betrouwbaarheid van deze producten. Vervaardigd in licentie van Dolby Laboratories. “Dolby”, “Pro Logic” en het dubbele D-symbool zijn handelsmerken van Dolby Laboratories. Confidential Unpublished Works, © 1992–1997 Dolby Laboratories, Inc. Alle rechten voorbehouden. Het product dat in deze handleiding wordt beschreven, bevat technologie voor auteursrechtenbescherming waarop bepaalde Amerikaanse patenten en andere intellectuele eigendomsrechten van Macrovision Corporation en anderen van toepassing zijn. Het gebruik van deze technologie voor auteursrechtenbescherming moet worden goedgekeurd door Macrovision Corporation en is uitsluitend bedoeld voor thuisgebruik en andere toepassingen met een beperkt aantal kijkers, tenzij anders overeengekomen met Macrovision Corporation. Het is niet toegestaan deze technologie te decompileren of van ontwerp te herleiden. Voor patentnummer 4.631.603, 4.577.216, 4.819.098 en 4.907.093 ( V.S.) is een licentie verleend voor gebruik met een beperkt aantal kijkers. 3 Inhoud 1 Aan de slag 7 De computer aansluiten 8 Het beeldscherm opklappen 9 De computer aanzetten 10 Het stuurvlak gebruiken 12 De instellingen van het interne beeldscherm aanpassen 14 En nu? 16 De batterij kalibreren 16 De PowerBook in de sluimerstand zetten of uitschakelen 17 2 Vertrouwd raken met de computer 19 Informatie voor nieuwe Macintosh gebruikers 19 De onderdelen en regelaars van de PowerBook 20 De poorten en connectors van de PowerBook 22 De binnenkant van de PowerBook 24 Mac OS X 26 iTools: gratis Internet-diensten voor Mac-gebruikers 28 Sherlock 2: uw persoonlijke speurder op het Internet 30 Apple.com: uw vertrekpunt voor het Internet 32 QuickTime: audio en video op het Internet 34 iMovie 2: zelf digitale films maken en bewerken 36 iTunes: digitale muziek op de Mac 38 Programmatuur automatisch bijwerken: de computer automatisch up-to-date houden 40 Meerdere gebruikers: meerdere Macintosh computers in één 42 Mac Help: antwoorden op al uw vragen over de Macintosh 444 Inhoud 3 Werken met de computer 45 USB (Universal Serial Bus) 46 FireWire 48 PC Cards 50 Draadloze Internet- en netwerktoegang via AirPort 51 Ethernet (10/100/1000Base-T) 53 Infrarood (IrDA) 54 Ondersteuning voor extern videoapparaat ( VGA en S-Video) 55 Batterij 58 Dvd-romspeler 62 Optionele cd-rw-speler 64 Regelaars op het toetsenbord en programmeerbare functietoetsen 65 Beveiliging en toetsenbordvergrendeling 67 4 Werken met het besturingssysteem 69 Mac OS X 70 'Classic' gebruiken in Mac OS X 70 Schakelen tussen besturingssystemen 71 Problemen? 72 5 Extra apparatuur installeren of de batterij vervangen 73 Extra geheugen installeren 73 De interne harde schijf verwijderen 82 Een AirPort-kaart installeren 91 6 Problemen oplossen 93 Inhoud van dit hoofdstuk 93 Problemen die het gebruik van de computer verhinderen 94 De programmatuur herstellen 96 Andere problemen 97 Het serienummer 97 Bijlage A Specificaties 99 Apple Systeemprofiel 99 Specificaties van de PowerBook 100Inhoud 5 Bijlage B Informatie over onderhoud, gebruik en veiligheid 103 De PowerBook schoonmaken 103 De PowerBook vervoeren 103 De PowerBook opbergen 103 Aanwijzingen voor de installatie en het gebruik van de computer 104 Belangrijke wenken voor uw veiligheid 105 Uw werkplek inrichten 1067 H O O F D S T U K 1 1 Aan de slag De PowerBook is zo ontworpen dat u er onmiddellijk mee aan de slag kunt. Lees dit gedeelte als u voor het eerst kennismaakt met een Macintosh of als u nog nooit met een PowerBook hebt gewerkt. Het bevat informatie over het gebruik van de PowerBook en helpt u bij het vinden van aanvullende informatie. Als u een ervaren gebruiker bent, weet u vermoedelijk al voldoende om direct met de nieuwe PowerBook te gaan werken. Raadpleeg hoofdstuk 2, “Vertrouwd raken met de computer” voor meer informatie over de nieuwe functies van deze PowerBook. Opmerking: het is mogelijk dat de lichtnetadapter niet is voorzien van een stekker. Composite-naar-S-videokabel Lichtnetadapter Netsnoer Wisselstroomstekker Telefoonkabel Belangrijk Lees de installatie-instructies en wenken voor uw veiligheid (raadpleeg pagina 103) grondig door voordat u de computer op het lichtnet aansluit.8 Hoofdstuk 1 De computer aansluiten Als u de adapter aansluit, krijgt de computer voeding via het lichtnet en wordt de batterij van de computer opgeladen. U dient de adapter bij het eerste gebruik aan te sluiten, omdat het mogelijk is dat de lading van de batterij tijdens het transport en de opslag van de computer is teruggelopen. 1 Sluit de wisselstroomstekker van de adapter aan op een stopcontact. Er gaat een lampje branden op de stekker van de lichtnetadapter. Een oranje lampje geeft aan dat de batterij wordt opgeladen. Een groen lampje geeft aan dat de batterij volledig is opgeladen. 2 Sluit de stekker van de lichtnetadapter aan op de daarvoor bestemde poort (aangeduid met het symbool ¯) op het achterpaneel van de computer. Als het snoer van de adapter te lang is, kunt u het om de klemmen wikkelen die op twee hoeken van de lichtnetadapter zijn bevestigd. Opmerking: Mogelijk sluiten de wisselstroomstekker en de adapter niet volledig op elkaar aan. U kunt ook de wisselstroomstekker uit het stopcontact verwijderen en het ene uiteinde van het netsnoer op de adapter aansluiten en het andere uiteinde op een stopcontact aansluiten. G ™ Æ W Wisselstroomstekker Stekker lichtnetadapter ¯ Poort voor lichtnetadapter WInterne modem Telefoonkabel Netsnoer LichtnetadapterAan de slag 9 De interne modem aansluiten Als u onmiddellijk toegang tot het Internet wilt hebben, sluit u het ene uiteinde van de telefoonkabel aan op de interne-modempoort (aangeduid met het symbool W) en het andere uiteinde op een analoge telefooncontactdoos (de modem is niet geschikt voor een ISDN-aansluiting). Het beeldscherm opklappen 1 Druk op de knop voor het ontgrendelen van het beeldscherm. 2 Zet het beeldscherm in een voor u prettige stand. Attentie Sluit geen digitale telefoonlijn aan op de modem. Hierdoor kan de modem beschadigd raken. Neem contact op met uw telefoonmaatschappij als u niet weet of u een digitale telefoonlijn hebt. ®10 Hoofdstuk 1 De computer aanzetten Om de computer aan te zetten, drukt u op de Aan/uit-knop (®). Wanneer de computer wordt ingeschakeld, hoort u een geluidssignaal. Het duurt even voordat de computer is opgestart. Dit is normaal. Telkens als u de computer aanzet, wordt het interne geheugen van de PowerBook gecontroleerd. Hoe meer geheugen is geïnstalleerd, hoe langer het opstarten duurt. ® Aan/uit-knop ®Aan de slag 11 Problemen met opstarten? Er gebeurt niets als u op de Aan/uit-knop drukt. m Misschien is de batterij leeg. Controleer of de adapter goed is aangesloten op de computer en het stopcontact. Het lampje op de stekker van de lichtnetadapter brandt als deze goed op het achterpaneel van de PowerBook is aangesloten. m Als de computer niet opstart nadat u op de Aan/uit-knop hebt gedrukt, drukt u met het uiteinde van een paperclip de reset-knop op het achterpaneel van de computer in (raadpleeg pagina 22). Controleer of de knop weer in de oorspronkelijke positie terugkeert nadat u deze hebt ingedrukt. Wacht enkele seconden en druk nogmaals op de Aan/uit-knop. m Als de computer nog steeds niet opstart, raadpleegt u pagina 95 voor meer tips voor het oplossen van dit probleem. U ziet het symbool van een diskette of map met een knipperend vraagteken. m Dit symbool geeft meestal aan dat er geen systeemprogrammatuur kan worden gevonden op de harde schijf van de computer of op andere schijven die op de computer zijn aangesloten. Mogelijk dient u de systeemprogrammatuur opnieuw te installeren. Raadpleeg pagina 94.12 Hoofdstuk 1 Het stuurvlak gebruiken Met het stuurvlak van de PowerBook kunt u, net als met de muis van een bureaucomputer, onderdelen op het scherm selecteren en verplaatsen. Schuif uw vinger over het stuurvlak om de aanwijzer over het scherm te verplaatsen. Druk op de knop bij het stuurvlak om een onderdeel op het scherm te selecteren of enkel of dubbel op het onderdeel te klikken. Opmerking: U kunt ook direct op het stuurvlak klikken en dubbel klikken. U kunt deze optie inschakelen in het regelpaneel 'Stuurvlak' in Mac OS 9 of in het paneel 'Muis' van het programma 'Systeemvoorkeuren' in Mac OS X. Het stuurvlak reageert op de snelheid waarmee u uw vinger beweegt. Als u de aanwijzer een klein stukje over het scherm wilt verplaatsen, beweegt u uw vinger langzaam over het stuurvlak. Hoe sneller u uw vinger beweegt, hoe groter de afstand is waarover de aanwijzer op het scherm wordt verplaatst. ® Stuurvlak StuurvlakknopAan de slag 13 Tips voor het gebruik van het stuurvlak Het stuurvlak werkt het beste als u zich aan de volgende richtlijnen houdt: m Gebruik één vinger. Bedien het stuurvlak niet met een pen of ander voorwerp. m Houd uw vinger en het stuurvlak droog. Is het stuurvlak vochtig, wrijf het dan voorzichtig droog met een schone doek voordat u het gebruikt. m Gebruik geen schoonmaakmiddelen om het stuurvlak te reinigen. Kies 'Mac Help' of 'Mac oefeningen' uit het Help-menu voor meer informatie over het gebruik van het stuurvlak.14 Hoofdstuk 1 De instellingen van het interne beeldscherm aanpassen Voordat u met de nieuwe PowerBook gaat werken, dient u wellicht de instellingen van het beeldscherm aan te passen zodat alle onderdelen op het scherm goed zichtbaar zijn. De helderheid aanpassen Gebruik de toetsen met de aanduiding ¤ om de helderheid van het scherm te wijzigen. ® ¤ HelderheidsregelaarsAan de slag 15 De resolutie aanpassen U kunt de weergave op het beeldscherm vergroten door van de standaardresolutie over te schakelen naar een lagere resolutie. U kunt de resolutie van het beeldscherm als volgt aanpassen: m Klik in Mac OS 9 op de module 'Beeldschermresolutie' in de Regelbalk. m Open in Mac OS X het paneel 'Beeldschermen' van het programma 'Systeemvoorkeuren'. Als u de beeldscherminstellingen via het beeldschermsymbool in de menubalk wilt opgeven, schakelt u het aankruisvak 'Toon beeldschermsymbool in menubalk' in. Ondersteunde resoluties voor het interne beeldscherm De PowerBook is voorzien van een breed beeldscherm met een resolutie van 1152 x 768 dat ook standaardresoluties ondersteunt, zoals 1024 x 768. Als u gebruikmaakt van een standaardresolutie, verschijnt aan beide zijden van het beeldscherm een zwarte balk. Bij de meeste programma's wordt automatisch de beste resolutie geselecteerd. U kunt bijvoorbeeld gebruikmaken van een standaardresolutie voor synchrone weergave op een extern beeldscherm of voor bepaalde programma's, zoals spelletjes of presentatieprogramma's, die het beste worden weergegeven met een standaardresolutie. Als u met een programma werkt waarvoor de standaardresolutie het meest geschikt is en u wilt de zwarte balken verbergen, kunt u de "uitgerekte" versie van de resolutie selecteren. Het beeld wordt dan over het gehele scherm uitgerekt, zodat de zwarte balken niet zichtbaar zijn. Als u in Mac OS 9 andere uitgerekte resoluties wilt selecteren, houdt u de Control-toets ingedrukt terwijl u klikt op de module 'Beeldschermresolutie' in de Regelbalk. In Mac OS X kunt u een resolutie van 896 x 600 of lager instellen via het beeldschermsymbool in de menubalk. Dit worden geschaalde resoluties genoemd. Wanneer u naar een geschaalde resolutie overschakelt, zien onderdelen op het scherm er groter uit, waardoor ze beter zichtbaar zijn. Het is echter mogelijk dat lagere resoluties minder scherp worden weergegeven dan de standaardresolutie. De module 'Beeldschermresolutie'16 Hoofdstuk 1 En nu? Dit is alles dat u hoeft te weten om met de PowerBook aan de slag te kunnen gaan. Wanneer u de computer voor de eerste keer opstart, helpt de configuratie-assistent u stapsgewijs verder met de configuratie van de computer en het gebruiksklaar maken voor het Internet. Als u meer wilt weten, raadpleegt u de volgende gedeelten in deze handleiding: De batterij kalibreren Om de batterij zo lang mogelijk te kunnen gebruiken, dient u de batterij binnen een week na aanschaf van de PowerBook te ontladen. Vervolgens laadt u de batterij volledig op. Ga hierbij als volgt te werk: 1 Sluit de lichtnetadapter aan en laad de batterij volledig op totdat het indicatielampje van de batterij brandt en het metertje op het scherm (raadpleeg pagina 59) aangeeft dat de batterij volledig is opgeladen. 2 Koppel de lichtnetadapter los en gebruik de PowerBook totdat er voor het eerst een waarschuwingsvenster verschijnt dat aangeeft dat de batterij bijna leeg is. 3 Sluit de lichtnetadapter aan en laat deze aangesloten totdat de batterij volledig is opgeladen. Voor meer informatie over... Raadpleegt u... De computer uitschakelen en in de sluimerstand zetten “De PowerBook in de sluimerstand zetten of uitschakelen” op pagina 17. De voorzieningen van de apparatuur en programmatuur van de PowerBook hoofdstuk 2, “Vertrouwd raken met de computer” Aanvullende informatie in Mac Help “Mac Help: antwoorden op al uw vragen over de Macintosh” op pagina 44. Bepaalde voorzieningen van de PowerBook hoofdstuk 3, “Werken met de computer” Geheugen installeren hoofdstuk 5, “Extra apparatuur installeren of de batterij vervangen” Problemen met de PowerBook oplossen hoofdstuk 6, “Problemen oplossen” Belangrijk U hoeft deze procedure slechts één keer uit te voeren om de batterij te kalibreren. Vervolgens kunt u de lichtnetadapter bij elke batterijlading aansluiten of loskoppelen.Aan de slag 17 De PowerBook in de sluimerstand zetten of uitschakelen Als u de PowerBook kortere of langere tijd niet gebruikt, kunt u het volgende doen. De PowerBook in de sluimerstand zetten Zet de PowerBook in de sluimerstand als u deze even niet gebruikt. Als de sluimerstand is geactiveerd, kunt u de computer zeer snel starten doordat het opstartproces wordt overgeslagen. Als de sluimerstand is ingeschakeld, is het scherm donker en knippert er een wit lampje onder het beeldscherm. U kunt de PowerBook op de volgende twee manieren snel in de sluimerstand zetten: m Klap het scherm dicht. m Kies 'Sluimer' uit het Speciaal-menu in Mac OS 9 of uit het Apple-menu (K) in Mac OS X. De computer uit de sluimerstand halen: m Klap het beeldscherm op als het gesloten is. De sluimerstand wordt opgeheven zodra u het beeldscherm van de PowerBook opklapt. (U kunt deze optie uitschakelen in het regelpaneel 'Energiestand' in Mac OS 9.) m Als het beeldscherm al is opgeklapt, drukt u op de Aan/uit-toets (®) of op een willekeurige toets op het toetsenbord. De PowerBook uitzetten Zet de PowerBook uit als u de computer gedurende langere tijd niet gebruikt. Ga volgens een van de volgende procedures te werk: m Kies 'Zet uit' uit het Speciaal-menu in Mac OS 9 of uit het Apple-menu (K) in Mac OS X. m Druk op de Aan/uit-knop en klik op 'Zet uit' in het dialoogvenster dat verschijnt. Raadpleeg “De PowerBook opbergen” op pagina 103 als u de PowerBook voor langere tijd opbergt en wilt voorkomen dat de batterij volledig leeg raakt. Attentie Wacht een aantal seconden totdat het lampje van de sluimerstand begint te knipperen (het teken dat de sluimerstand van de computer is geactiveerd en de harde schijf niet meer draait) voordat u de PowerBook verplaatst. Als u de computer verplaatst terwijl de harde schijf draait, kan de harde schijf beschadigd raken. Dit kan tot gevolg hebben dat gegevens verloren gaan of dat de computer niet meer vanaf de harde schijf kan worden opgestart.19 H O O F D S T U K 2 2 Vertrouwd raken met de computer In dit hoofdstuk vindt u een overzicht van belangrijke voorzieningen van de apparatuur en programmatuur van de computer en de unieke Internet-diensten voor Macintosh gebruikers. Met de PowerBook hebt u een zeer complete notebook in handen. Deze computer is uitgerust met het nieuwste op het gebied van computertechnologie, zoals een PowerPC™ G4-processor, FireWire, USB en AirPort voor draadloze Internet- en netwerkverbinding. Bovendien is de PowerBook uitgerust met het Mac OS-besturingssysteem, dat krachtige functies biedt om via het Internet videobeelden te bekijken, informatie te zoeken, te winkelen en zelfs uw programmatuur automatisch bij te werken. Verder is iMovie geïnstalleerd, een gebruikersvriendelijk programma voor het bewerken van digitale videobeelden. Met dit programma kunt u uw eigen desktop movies maken. Hiervoor hoeft u alleen een digitale videocamera op de FireWire-poort aan te sluiten, iMovie te openen en u kunt direct aan de slag. Op de PowerBook is ook iTunes geïnstalleerd, het digitale audioprogramma waarmee u nummers van muziek-cd's kunt importeren, uw eigen iTunes- bibliotheek kunt maken, naar een van de vele radiostations op het Internet kunt luisteren en uw eigen cd's kunt branden. Ten slotte biedt Apple u gratis Internet-diensten, waaronder uw eigen opslagruimte op het Internet, een persoonlijk e-mailadres bij Mac.com, functies waarmee u eenvoudig uw eigen website of iMovie-bioscoop kunt maken en nog veel meer. Informatie voor nieuwe Macintosh gebruikers Als dit uw eerste Macintosh computer is, raadpleegt u de Mac oefeningen voor meer informatie over hoe u met het stuurvlak onderdelen op het scherm kunt verplaatsen, hoe u sites op het world wide web kunt bezoeken en nog veel meer. Kies hiervoor in Mac OS 9 'Mac oefeningen' uit het Help-menu. Opmerking: doordat Apple regelmatig nieuwe versies uitbrengt van haar programma's en systeemprogrammatuur en de Internet-site geregeld bijwerkt, wijken de afbeeldingen in deze handleiding mogelijk iets af van de afbeeldingen op het scherm.20 Hoofdstuk 2 De onderdelen en regelaars van de PowerBook ® Ingebouwde luidspreker ® Aan/uit-knop Opening voor antidiefstalkabel Ruimte voor AirPortantenne Ingebouwde luidspreker/ microfoon Indicatielampje sluimerstand Functietoets (Fn) Beeldscherm- Stuurvlakknop ontgrendelingsknop Stuurvlak Optische-schijfeenheid met sleuf (dvd-rom of cd-rw) Volumetoetsen Schuifje voor verwijdering toetsenbord ¤ Helderheidsregelaars Vergrendeling toetsenbord/ Num Lock-indicatielampje Num Lock-toets Schuifje voor verwijdering toetsenbord — Toets voor uitschakelen geluid - Cd/dvdverwijdertoets Programmeerbare functietoetsen Vertrouwd raken met de computer 21 ¤ Helderheidsregelaars Hiermee regelt u de helderheid van het beeldscherm. - Volumetoetsen Hiermee verhoogt of verlaagt u het volume van de ingebouwde luidsprekers en de geluidsuitvoerpoort. Vergrendeling toetsenbord Door ervoor te zorgen dat het toetsenbord niet gemakkelijk kan worden verwijderd, beveiligt u de interne onderdelen van de PowerBook. Num Lock-toets Hiermee activeert u het numerieke toetsenblok op het toetsenbord van de PowerBook. Als het numerieke toetsenblok is vergrendeld, brandt het groene lampje van de toetsenbordvergrendeling. Cd/dvd-verwijdertoets Als u deze toets ingedrukt houdt, kunt u een cd of dvd verwijderen. U kunt een schijf ook verwijderen door het schijfsymbool naar de prullenmand te slepen. ® Aan/uit-knop Hiermee zet u de PowerBook aan, uit of in de sluimerstand. Optische-schijfeenheid met sleuf (dvd-rom of optionele cd-rw) Met de dvd-speler van de PowerBook kunt u cd’s, Photo-cd's, dvd’s, standaardaudio-cd's, dvd-films en andere media gebruiken. Met de optionele cd-rw-speler kunt u cd's lezen en muziek, documenten en andere digitale bestanden op een cd-r- of cd-rw-schijf opslaan. Functietoets (Fn) Hiermee activeert u de functietoetsen (F1–F12). Schuifjes voor verwijdering van het toetsenbord Wanneer u geheugen wilt installeren, trekt u deze schuifjes naar u toe om het toetsenbord te verwijderen. Microfoon (onder de luidspreker) Hiermee kunt u geluiden direct op de harde schijf van de computer opnemen. U kunt ook een externe microfoon aansluiten op een van de USB-poorten of een professionele microfoon gebruiken die u op een PC Card aansluit. Ç Opening voor antidiefstalkabel Hier kunt u een antidiefstalkabel bevestigen om de PowerBook tegen diefstal te beveiligen. Indicatielampje sluimerstand Een knipperend wit lampje geeft aan dat de sluimerstand van de PowerBook is geactiveerd. Stuurvlak Hiermee verplaatst u de aanwijzer op het scherm. U kunt het stuurvlak ook zodanig instellen dat u hiermee dubbel kunt klikken op onderdelen of deze kunt selecteren zonder dat u de knop bij het stuurvlak hoeft te gebruiken.22 Hoofdstuk 2 De poorten en connectors van de PowerBook G ™ Æ W PC Card-sleuf Knop voor verwijderen PC Cards Ruimte voor AirPort-antenne W Poort interne modem Koptelefoonpoort Infraroodvenster USB-poorten ¯ Poort voor lichtnetadapter ™ Poort extern beeldscherm Ethernet-poort (10/100/1000Base-T) G Reset-knop FireWirepoort Indicatielampje sluimerstand ÆS-video-uitvoerpoort f G ™ WVertrouwd raken met de computer 23 FireWire-poort Op deze poorten kunt u snelle externe apparaten aansluiten, zoals digitale videocamera's, printers en externe opslagmedia. G Ethernet-poort (10/100/1000 Base-T) Hiermee kunt u de computer op een snel 10/100/1000 Base-T Ethernet-netwerk aansluiten of een verbinding tot stand brengen met een andere computer voor het uitwisselen van bestanden. Andere Ethernet-apparaten worden automatisch herkend dankzij de automatische detectiefunctie van de Ethernet-poort. U hoeft geen Ethernet-crossoverkabel te gebruiken om andere Ethernet-apparaten aan te sluiten. Twee USB-poorten (Universal Serial Bus) Op deze poorten kunt u extra apparatuur aansluiten, zoals printers, externe opslagmedia, modems, toetsenborden en joysticks. ™ Poort voor extern beeldscherm (VGA) Op deze poort kunt u een extern beeldscherm of een externe projector met een VGAconnector aansluiten. Æ S-video-uitvoerpoort Hierop kunt u een televisie, videorecorder of ander videoapparaat aansluiten. Met behulp van deze poort kunt u presentaties geven of dvd-films op de televisie afspelen. Reset-knop Hiermee kunt u de computer opnieuw opstarten als u de computer niet kunt uitschakelen met de Aan/uit-knop of als u de computer niet op de juiste manier opnieuw kunt opstarten. W Interne-modempoort Op de interne modem kunt u rechtstreeks een standaardtelefoonlijn aansluiten. Infraroodvenster Via dit venster kunt u draadloos bestanden naar een andere computer met infraroodvoorzieningen verzenden, afdrukken op een printer met infraroodvoorzieningen of een verbinding tot stand brengen met een IrDA-netwerk. Ook kunt u synchroniseren met bepaalde "handheld" apparaten of, indien beschikbaar, met behulp van een mobiele telefoon een verbinding tot stand brengen met uw Internet-aanbieder. f Koptelefoonpoort Op deze poort kunt u externe luidsprekers, een koptelefoon of een ander apparaat voor geluidsuitvoer aansluiten. PC Card-sleuf Met de Type II-sleuf, die geschikt is voor PC Cards en CardBus-kaarten, kunt u de mogelijkheden van de PowerBook uitbreiden.24 Hoofdstuk 2 De binnenkant van de PowerBook Batterij Serienummer Ethernet-ID en AirPort-ID ® Omgeklapt toetsenbord PowerBook met omgeklapt toetsenbord zodat de interne RAM-sleuf zichtbaar is Omgedraaide PowerBook Bovenste geheugensleuf Onderste geheugensleuf (bezet)Vertrouwd raken met de computer 25 Geheugensleuven De computer heeft twee geheugensleuven. In de onderste sleuf is de geheugenmodule geïnstalleerd. U kunt een extra geheugenmodule installeren in de bovenste sleuf. (Als u vooraf extra geheugen hebt laten installeren, is de bovenste sleuf mogelijk al bezet.) U kunt maximaal 1 GB RAM-geheugen in de PowerBook installeren, verdeeld over twee 512-MB DIMM-modules in elk van de RAM-sleuven. Raadpleeg voor meer informatie het gedeelte “Extra geheugen installeren” op pagina 73. Verwisselbare harde schijf U kunt de interne harde schijf verwijderen om de schijf te repareren of op te bergen. Raadpleeg voor meer informatie het gedeelte “De interne harde schijf verwijderen” op pagina 82. AirPort-kaart Met de AirPort-kaart kunt u een draadloze verbinding met een netwerk tot stand brengen.26 Hoofdstuk 2 Mac OS X Apple-menu Gebruik dit menu om instellingen te wijzigen, recente onderdelen te openen en de computer uit te schakelen. Venster met knoppen Klik op een knop om het venster te sluiten, in het Dock te plaatsen of te maximaliseren. Finderknoppenbalk Klik hier om mappen, bestanden en snelkoppelingen toe te voegen. Dock Klik op een symbool in het Dock om het onderdeel te openen of te activeren. Bepaalde symbolen geven de programmastatus aan. Uitrolvenster Documentvensters bevatten uitrolvensters voor het bewaren en afdrukken. Knop Als een knop oplicht, kunt u op de Enter- of Return-toets drukken. Statussymbolen Controleer de status van systeemvoorkeuren in de menubalk.Vertrouwd raken met de computer 27 De mogelijkheden Mac OS X bevat een nieuwe, krachtige en elegante gebruikersinterface. Met Mac OS X hoeft u niet in te zitten over de hoeveelheid geheugen die aan een programma moet worden toegewezen of over hoe u de computer na een fout in een programma opnieuw moet starten. In de Classic-omgeving van Mac OS X kunt u behalve alle Mac OS Xprogramma's ook alle Mac OS 9-programma's gebruiken. Raadpleeg hoofdstuk 4, “Werken met het besturingssysteem” op pagina 69 voor meer informatie over de Classic-omgeving. Mac OS X biedt ook ondersteuning voor Java™ en UNIX-programma's. Aan de slag Met het programma 'Systeemvoorkeuren' kunt u alle computerinstellingen wijzigen, van het bureaublad tot het instellen van gegevens voor netwerktoegang. Met 'Finder' en het Dock hebt u snel toegang tot mappen, programma's, documenten en andere onderdelen. Raadpleeg de handleiding Welkom bij Mac OS X bij de computer of kies 'Mac Help' uit het Help-menu in Mac OS X voor meer informatie over de voorzieningen in Mac OS X. Snelle methoden en tips 'Finder' aanpassen U kunt een afbeelding of kleur voor het bureaublad instellen met het paneel 'Bureaublad' van het programma 'Systeemvoorkeuren'. U kunt ook de onderdelen in de knoppenbalk van het Finder-venster selecteren en de volgorde van de symbolen wijzigen. Kies 'Pas knoppenbalk aan' uit het Weergave-menu en sleep de onderdelen naar de werkbalk. Het Dock aanpassen U kunt de grootte van de symbolen in het Dock wijzigen en de vergrotingsfunctie inschakelen, zodat de symbolen onder de aanwijzer groter worden weergegeven dan de rest van het Dock. U kunt het Dock aan de onder-, linker- of rechterkant van het scherm plaatsen. Kies 'Dock' uit het Apple-menu (K) en kies vervolgens 'Dock-voorkeuren'. U kunt ook het programma 'Systeemvoorkeuren' openen en vervolgens op 'Dock' klikken. Het bureaublad ordenen Houd het bureaublad overzichtelijk door geopende vensters te minimaliseren, zodat deze in het Dock worden weergegeven. Klik dubbel op de titelbalk van een venster of klik op de middelste knop in de linkerbovenhoek om het venster te verplaatsen naar het Dock. Klik op het symbool van het venster in het Dock om het venster weer te openen. U kunt bepaalde systeeminstellingen ook beheren met de statussymbolen in de menubalk. Meer informatie Raadpleeg de handleiding Welkom bij Mac OS X bij de computer voor meer informatie over het aanpassen van de Mac OS X-omgeving en over het werken met Mac OS X.28 Hoofdstuk 2 iTools: gratis Internet-diensten voor Mac-gebruikers iTools-diensten worden in het Engels aangeboden. U kunt heel eenvoudig gratis een eigen e-mailadres krijgen bij Mac.com. Dit adres is bruikbaar in alle e-mailprogramma's. 20 MB eigen opslagruimte op de Internet-servers van Apple. Hier kunt u foto's, films en andere bestanden toegankelijk maken voor alle Internetgebruikers. U kunt ook extra opslagruimte kopen. Hiermee maakt u in drie eenvoudige stappen een eigen website. Hierop kunt u bijvoorbeeld geboortekaartjes, uw curriculum vitae, fotoalbums of uw eigen iMovie-films plaatsen. Uw website wordt op de Internet-server van Apple geplaatst, zodat elke Internet-gebruiker uw site kan bekijken. Hiermee kunt u iCards voor elke gelegenheid sturen. U kunt kiezen uit kant-en-klare foto's of eigen iCards maken met de foto's die op uw iDisk staan.Vertrouwd raken met de computer 29 De mogelijkheden iTools is een nieuw type Internet-diensten dat Apple Mac-gebruikers biedt. Met iTools verzendt u e-mails en kaarten naar uw vrienden en maakt u foto's en films beschikbaar voor andere Internet-gebruikers. U kunt zelfs uw eigen website maken. Aan de slag 1 Breng een verbinding tot stand met het Internet. 2 Ga naar www.apple.com (Engelstalig). 3 Klik op de tab 'iTools' en klik vervolgens op de knop 'Sign Up'. Snelle methoden en tips Afbeeldingen naar de iDisk uploaden om zo aangepaste iCards te maken U kunt iCards verzenden met een eigen afbeelding. Sla de afbeelding op in de vorm van een GIF- of JPEG-bestand en kopieer deze naar de map 'Pictures' op uw iDisk. Als u daarna een iCard maakt via de categorie 'Create your own', wordt uw afbeelding als keuzemogelijkheid weergegeven. Met een HomePage-sjabloon in enkele minuten uw eigen webpagina maken In HomePage vindt u sjablonen voor webpagina's die u kunt wijzigen door uw eigen tekst en afbeeldingen toe te voegen. Zo kunnen leraren met behulp van de educatieve sjablonen van HomePage informatie over de lessen, opgegeven huiswerk en andere gegevens voor ouders op het Internet plaatsen. Ook kunt u met het fotoalbum van HomePage en de iMoviesjablonen foto's en films op eenvoudige wijze aan vrienden en familie laten zien. In plaats van met een webbrowser kunt u iDisk ook als volgt direct openen: m Selecteer in Mac OS 9 het symbool 'iDisk' en kies 'Maak Alias' uit het Archief-menu. Als u toegang tot uw iDisk wilt krijgen, klikt u dubbel op de alias en geeft u uw wachtwoord op. m Kies in Mac OS X 'iDisk' uit de knoppenbalk van een Finder-venster of kies 'iDisk' uit het Ga-menu.30 Hoofdstuk 2 Sherlock 2: uw persoonlijke speurder op het Internet Knop 'Zoek' Geef op wat u zoekt en klik vervolgens op deze knop om de zoekopdracht uit te voeren. Zoeksites Hier vindt u de zoekprogramma's die door Sherlock worden gebruikt om op het Internet te zoeken. Sherlock-kanalen Zoek op het Internet naar personen, winkels, nieuws, Apple informatie en meer. Sherlock-symbool Klik op het Sherlocksymbool in het Dock.Vertrouwd raken met de computer 31 De mogelijkheden Met Sherlock 2 kunt u op het Internet zowel informatie zoeken als on line winkelen. Met dit programma vindt u in een handomdraai personen, nieuws en wat u verder maar wilt. U kunt op zoek gaan naar boeken en muziek, veilingen bezoeken, de diverse prijzen vergelijken en nagaan of de gewenste producten verkrijgbaar zijn. Aan de slag 1 Breng een verbinding tot stand met het Internet. 2 Open Sherlock 2 als volgt: m Klik in Mac OS 9 dubbel op het symbool 'Sherlock' op het bureaublad. U kunt ook 'Zoek op Internet' uit het Archief-menu of 'Sherlock 2' uit het Apple-menu (K)kiezen. m Klik in Mac OS X op het symbool 'Sherlock' in het Dock of kies 'Zoek' uit het Archiefmenu als u bestanden op de computer wilt zoeken. 3 Selecteer een Sherlock-kanaal. 4 Geef op wat u zoekt en klik op de knop 'Zoek'. Snelle methoden en tips Uw eigen Sherlock-zoekkanaal maken 1 Kies 'Nieuw kanaal' uit het Kanalen-menu. 2 Selecteer een naam, een kanaaltype en een symbool. 3 Download Sherlock-plug-ins en sleep deze naar de lijst met zoeksites. U kunt ook de Optiontoets ingedrukt houden en plug-ins uit andere zoeklijsten naar het symbool van het nieuwe kanaal slepen. Meer informatie Voor meer informatie over de mogelijkheden van Sherlock opent u Mac Help en zoekt u op 'Sherlock'. Als u extra plug-ins wilt downloaden en wilt weten hoe u een eigen Sherlockplugin maakt, raadpleegt u de Sherlock-website op www.apple.com/nl/sherlock. 32 Hoofdstuk 2 Apple.com: uw vertrekpunt voor het Internet Programmatuur voor de Mac guide.apple.com ussoftware.lasso Hier kunt u per categorie zoeken naar Mac-programmatuur van Apple en andere fabrikanten. De Apple Store www.apple.com/nlstore De nieuwste Apple apparatuur en programmatuur en accessoires. Macintosh Products Guide www.apple.com/guide Raadpleeg deze website als u op zoek bent naar apparatuur of programmatuur voor de Mac of let op het Mac-logo (Engelstalig).Vertrouwd raken met de computer 33 Apple Nieuws www.apple.com/nl/hotnews Het laatste nieuws van Apple, informatie over evenementen, programmatuurupdates voor de Mac en de mooiste QuickTime-films. Apple ondersteuning www.apple.com/nl/support Op deze website vindt u onder andere de meest recente informatie over het oplossen van problemen, kunt u programmatuurupdates downloaden en kunt u zoeken naar informatie over het AppleCare Protection Plan. Mac OS X www.apple.com/nl/macosx Voor het laatste nieuws over Mac OS X, het meest geavanceerde besturingssysteem ter wereld.34 Hoofdstuk 2 QuickTime: audio en video op het Internet Volumeregelaar QuickTime TV Als u hier klikt, ziet u welke QuickTime TVkanalen u via de computer kunt bekijken. QuickTime-symbool Klik op het QuickTimesymbool in het Dock.Vertrouwd raken met de computer 35 De mogelijkheden U kunt met QuickTime niet alleen video- en muziekbestanden op de Mac afspelen maar ook live-uitzendingen en opgenomen uitzendingen via het Internet bekijken. U kunt uw favoriete kanalen opslaan door deze te slepen naar uw persoonlijke QuickTime-favorietenlade ( ). Aan de slag 1 Breng een verbinding tot stand met het Internet. 2 Open QuickTime Player als volgt: m Klik in Mac OS 9 dubbel op het symbool 'QuickTime Player' op het bureaublad. U kunt ook achtereenvolgens de map 'Programma's' en de map 'QuickTime' openen. Klik vervolgens dubbel op 'QuickTime Player'. m Klik in Mac OS X op het symbool 'QuickTime Player' in het Dock. U kunt ook dubbel klikken op 'QuickTime Player' in de map 'Applications'. 3 Selecteer een kanaal of kies een optie uit het QuickTime Player-menu. QuickTime TV gebruikt Internet-streaming waardoor u de nieuwste video-, muziek- en gegevensbestanden van het Internet kunt halen, zonder de bestanden op te slaan op de harde schijf. U kunt de favorietenlade ( ) weergeven door 'Favorieten' te kiezen uit het QTV-menu en vervolgens 'Toon favorieten' uit het submenu te kiezen. Snelle methoden en tips Extra QuickTime TV-kanalen toevoegen Ga naar www.apple.com/nl/quicktime en klik op de knop voor QTV-kanalen. Hier vindt u alle beschikbare QuickTime-kanalen. Terwijl u naar een QuickTime TV-kanaal kijkt, kunt u dit met één klik toevoegen aan de favorietenlade in QuickTime Player. Stap over op QuickTime Pro voor de volgende mogelijkheden: m video's schermvullend afspelen en het formaat van films wijzigen; m streaming films maken; m met meer dan dertig audio-, video- en afbeeldingsstructuren werken, waaronder Flash; m films en audiobestanden maken, openen, bewerken en opslaan met een werkwijze die net zo eenvoudig is als knippen en plakken. Meer informatie Video's kijken via het Internet is slechts één van de mogelijkheden van QuickTime. Raadpleeg QuickTime Help voor meer informatie. Als u extra kanalen wilt downloaden of informatie wilt zoeken over het opzetten van een eigen Internet-streamingserver, raadpleegt u de QuickTime-website op www.apple.com/nl/quicktime. ♥ ♥36 Hoofdstuk 2 iMovie 2: zelf digitale films maken en bewerken Monitorvenster! Hier kunt u een voorvertoning van uw film bekijken of videobeelden direct vanaf een digitale camera weergeven. Afspeelknoppen Hiermee speelt u de film af in het monitorvenster van iMovie. Modusknoppen Hier kunt u kiezen tussen de camera- of de bewerkmodus. Tijdbalkviewer De fragmentenviewer en de tijdbalkviewer zijn visuele tijdbalken voor het maken en bewerken van films. Bewerkingsknoppen Via deze knoppen opent u de paletten waarmee u het geluid, de video-effecten, de titels (tekst) en de overgangen instelt en aanpast. Met de knop 'Archief' opent u het fragmentenpalet. Navigatiebalk Met behulp van deze balk kunt u gedeelten van de film selecteren. Audiosporen Hiermee kunt u opgenomen geluiden, muziek en geluidseffecten bewerken. Afspeelkop Deze kop geeft de locatie aan van het beeld in het monitorvenster van iMovie. Verplaats de afspeelkop om te zien waar fragmenten in de film voorkomen. Videospoor Hier kunt u de videobeelden selecteren waarvan u het geluid wilt bewerken. Fragmentenviewer Archief Nadat u de videofragmenten hebt geïmporteerd, sleept u ze vanuit het archief naar de fragmentenviewer.Vertrouwd raken met de computer 37 De mogelijkheden iMovie is een gebruikersvriendelijk programma voor het bewerken van digitale videobeelden. Met iMovie en een dv-camcorder (digitale video) kunt u uw eigen films maken en bewerken. Importeer videobeelden van uw camera, bewerk fragmenten en voeg overgangen, titels, geluidseffecten en muziek toe. Kopieer de film vervolgens naar een camcorderband of maak een QuickTime-film. U kunt uw QuickTime-film ook aan anderen laten zien door deze op uw iDisk of HomePage te plaatsen. De computer wordt geleverd met een versie van iMovie die geschikt is voor Mac OS X, en een versie voor Mac OS 9. Aan de slag 1 Neem de video op en sluit de camera aan op de FireWire-poort van de computer. 2 Open iMovie in de map 'iMovie' in de programmamap. 3 Klik op de knop 'Importeer' om filmfragmenten in het archief te importeren. Voeg de fragmenten vervolgens toe aan de film door deze naar de fragmentenviewer te slepen. 4 Stel uw film samen en bewerk deze in de fragmentenviewer en de tijdbalkviewer. 5 Voeg overgangen, titels, geluid en muziek toe. 6 Kies 'Exporteer' uit het Archief-menu zodra u klaar bent. Snelle methoden en tips De film die u met iMovie hebt gemaakt aan familie en vrienden vertonen Exporteer uw film in de vorm van een QuickTime Web-film en kopieer de film naar uw iDisk. Maak vervolgens met HomePage uw eigen iMovie-bioscoop, zodat anderen uw film op het Internet kunnen bekijken. Meer informatie Raadpleeg iMovie Help of de iMovie-oefeningen voor meer informatie over het gebruik van iMovie. Voor de meest recente informatie over iMovie, zoals iMovie-updates, extra plug-ins en een lijst met compatibele dv-camcorders, raadpleegt u de iMovie-website op www.apple.com/nl/imovie. 38 Hoofdstuk 2 iTunes: digitale muziek op de Mac Verwijderknop Tuner Hiermee kunt u afstemmen op een van de vele Internetradiostations. Audio-cd's U kunt cd's afspelen via de computer en nummers in iTunes importeren. Muziek voor onderweg! U kunt nummers overzetten naar een MP3-speler door deze vanuit de bibliotheek naar de speler te slepen. Nieuwe afspeellijst! U kunt eigen afspeellijsten maken met behulp van de nummers in de muziekbibliotheek. Zoekvenster Als u hier begint te typen, worden in iTunes de nummers weergegeven die voldoen aan uw zoekopdracht. Visuele effecten In iTunes is een adembenemende lichtshow ingebouwd, die synchroon loopt met de maat van de muziek. De kleuren en patronen zijn voor elk nummer weer anders.Vertrouwd raken met de computer 39 De mogelijkheden Met iTunes kunt u nummers van audio-cd's als MP3-bestanden importeren, afspeellijsten samenstellen, nummers overbrengen naar een draagbare MP3-speler, luisteren naar een van de vele radiostations op het Internet en nog veel meer. Aan de slag 1 Open iTunes (in de map 'Applications (Mac OS 9)' op de harde schijf ). 2 Plaats een muziek-cd in de optische-schijfeenheid. 3 Schakel het aankruisvak in naast de nummers die u wilt importeren. 4 Klik op de knop 'Importeer'. De nummers worden geconverteerd naar MP3-bestanden en opgeslagen in de bibliotheek. Snelle methoden en tips Afspeellijsten samenstellen met uw favoriete nummers Met iTunes kunt u afspeellijsten van nummers uit uw bibliotheek samenstellen. Een afspeellijst is een lijst met nummers in een bepaalde volgorde. Met behulp van afspeellijsten kunt u de muziek geheel afstemmen op uw gemoedstoestand. Ook kunt u de nummers sorteren op artiest of thema. Klik op de knop linksonder in het venster om een nieuwe afspeellijst aan te maken en sleep nummers vanuit de bibliotheek naar de afspeellijst. Het iTunes-venster verkleinen of iTunes vanuit de Regelbalk bedienen U kunt het iTunes-venster samenvouwen, zodat alleen de afspeelregelaars en de status worden weergegeven. Klik in het zoom-vak in het iTunes-venster. De regelaars zijn ook toegankelijk via de module 'iTunes' in de Regelbalk (Mac OS 9) of via het Dock (Mac OS X). Cd-gegevens opvragen via de CDDB-database iTunes brengt automatisch een verbinding met de CDDB-database op het Internet tot stand om de naam van de cd, de titels en andere informatie over uw audio-cd op te zoeken. Als u geen verbinding met het Internet hebt, kunt u de volgende keer dat u een verbinding tot stand brengt, informatie zoeken over de nummers die u hebt geïmporteerd. Selecteer het nummer en kies 'Haal cd-tracknamen op' uit het Geavanceerd-menu. De PowerBook op een stereo-installatie aansluiten U kunt de PowerBook eenvoudig op een stereo-installatie aansluiten. Verbind de koptelefoonpoort (f) met de geluidsinvoerpoorten op de stereo-installatie met behulp van een kabel met een ministekker en een RCA-stekker (niet inbegrepen). Meer informatie Raadpleeg voor meer informatie over iTunes de iTunes Help of de iTunes-website op www.apple.com/nl/itunes.40 Hoofdstuk 2 Programmatuur automatisch bijwerken: de computer automatisch up-todate houden Werk nu bij Klik op 'Werk nu bij' om na te gaan of er op de Internet-servers van Apple bijgewerkte versies van uw programmatuur beschikbaar zijn. In het paneel 'Programmatuurupdate' worden alle updates weergegeven die op uw systeem van toepassing zijn. Programmatuur bijwerken Hier stelt u in hoe vaak wordt gezocht naar programmatuurupdates van Apple.Vertrouwd raken met de computer 41 De mogelijkheden Met de functie voor het automatisch bijwerken van de programmatuur worden de meest recente updates, besturingsbestanden en andere Apple uitbreidingen automatisch van het Internet gedownload en zelfs geïnstalleerd. Desgewenst stelt u de computer zo in dat de server van Apple regelmatig automatisch wordt gecontroleerd. U kunt zelfs instellen dat de bijgewerkte programmatuur automatisch voor u wordt gedownload en geïnstalleerd. Aan de slag 1 Breng een verbinding tot stand met het Internet. 2 Open Programmatuurupdate als volgt: m Kies in Mac OS 9 'Regelpanelen' uit het Apple-menu (K) en vervolgens 'Programmatuurupdate' uit het submenu. m Open in Mac OS X het programma 'Systeemvoorkeuren' en klik op 'Programmatuurupdate'. 3 Klik op 'Werk nu bij', selecteer de programmatuur die u wilt bijwerken, en klik vervolgens op 'Installeer'. Snelle methoden en tips Het schema voor programmatuurupdates aanpassen Als u een permanente verbinding met het Internet hebt, kunt u een schema voor de computer instellen. Op basis hiervan wordt op vaste tijdstippen op bepaalde dagen gekeken of er programmatuurupdates beschikbaar zijn. Als u zelf moet inbellen om toegang tot het Internet te verkrijgen, worden deze controles uitgevoerd zodra u weer een verbinding met het Internet tot stand brengt. Nieuwe programmatuur automatisch installeren U kunt de computer zo instellen dat elke week wordt gecontroleerd of er programmatuurupdates beschikbaar zijn. Als dat het geval is, worden deze automatisch geïnstalleerd. U kunt een schema instellen op basis waarvan er moet worden gezocht naar programmatuurupdates. Schakel het aankruisvak 'Bevestig installatie nieuwe programmatuur' uit (Mac OS 9). Meer informatie Voor meer informatie over het verwerken van programmatuurupdates zoekt u in Mac Help op 'Programmatuurupdate'. Voor de meest recente informatie over het Mac OS raadpleegt u de Mac OS-website op www.apple.com/nl/macos. 42 Hoofdstuk 2 Meerdere gebruikers: meerdere Macintosh computers in één Gebruikers In het paneel 'Gebruikers' in 'Systeemvoorkeuren' kunt u nieuwe gebruikersaccounts aanmaken. De map 'Shared' Om toegang te geven tot de map 'Shared', dient de gebruiker 'Samengebruik' in te schakelen in het paneel 'Samengebruik'. Thuismap Elke gebruiker heeft een thuismap met zijn of haar eigen naam. De instellingen voor 'Finder', Dock, iTools en 'Mail' worden voor elke gebruiker afzonderlijk in de thuismap opgeslagen, zodat alle gebruikers Mac OS X aan hun eigen wensen kunnen aanpassen.Vertrouwd raken met de computer 43 De mogelijkheden Verschillende gebruikers kunnen werken met één computer door in te loggen met een eigen gebruikersaccount. Elke gebruiker kan eigen instellingen opgeven, zoals bladwijzer- en bureaubladweergaven, en toegang krijgen tot een eigen opslagruimte (thuismap). Alle gebruikers van de computer hebben ook toegang tot de algemene map 'Shared'. De eerste gebruiker die u op de computer aanmaakt, is de beheerder. Beheerders zijn gebruikers met speciale toegangsprivileges. Zij kunnen nieuwe gebruikers toegang tot de computer verlenen, programmatuur installeren en de instellingen van de computer wijzigen. Opmerking: Als u het beheerderswachtwoord bent vergeten, kunt u dit opnieuw instellen met de Mac OS X-cd. Start de computer op vanaf de Mac OS X-cd en kies 'Stel wachtwoord opnieuw in' uit het Installer-menu. Met behulp van de cd hebben gebruikers onbeperkt toegang tot de computer. Het is daarom van belang dat u de cd op een veilige plaats bewaart. Aan de slag 1 U maakt als volgt een nieuwe gebruiker aan: m Kies in Mac OS 9 'Regelpanelen' uit het Apple-menu (K) en 'Meerdere gebruikers' uit het submenu. Schakel 'Gebruikersaccounts' in en klik op 'Nieuwe gebruiker'. m Kies in Mac OS X 'Systeemvoorkeuren' uit het Apple-menu (K), klik op 'Gebruikers' en klik vervolgens op de knop 'Nieuwe gebruiker'. 2 Bewerk de gebruikersgegevens. U kunt beheerdersprivileges toewijzen aan gebruikers. 3 Sluit het venster. Snelle methoden en tips De computer beveiligen U kunt een wachtwoord instellen voor toegang tot een computer nadat de schermbeveiliging is ingeschakeld. Open hiervoor het programma 'Systeemvoorkeuren', klik op 'Schermbeveiliging' en vervolgens op de tab 'Inschakeling' om de gewenste periode van inactiviteit in te stellen waarna de schermbeveiliging moet worden gestart. Schakel vervolgens de optie 'Vraag om het wachtwoord van mijn gebruikersaccount' in. Gebruikersprivileges instellen In Mac OS 9 kunnen beheerders documenten en programma's opgeven waartoe gebruikers toegang hebben, en algemene instellingen definiëren, zoals een welkomstbericht. Zoek op 'Meerdere gebruikers' in Mac Help in Mac OS 9 voor meer informatie. Meer informatie Voor meer informatie over het instellen van gebruikersaccounts in Mac OS X zoekt u op 'gebruikers' in Mac Help. 44 Hoofdstuk 2 Mac Help: antwoorden op al uw vragen over de Macintosh Zoek Typ een vraag en klik op 'Zoek'.45 H O O F D S T U K 3 3 Werken met de computer De PowerBook bevat een groot aantal ingebouwde voorzieningen en uitbreidingsmogelijkheden waarmee u de computer volledig naar wens kunt aanpassen, zoals: m USB (Universal Serial Bus) voor het aansluiten van extra apparatuur op de PowerBook, zoals printers, scanners, joysticks, toetsenborden, digitale camera's en diskette-eenheden. m FireWire voor het aansluiten van snelle apparatuur, zoals digitale videocamera's en externe harde schijven. m Het nieuwste op het gebied van communicatietechnologie zoals een 56K-modem, een infraroodvoorziening, 10/100/1000Base-T Ethernet en AirPort voor draadloze Internet- of netwerkverbinding. m De mogelijkheid om een extern beeldscherm, een videoprojector of televisie op de PowerBook aan te sluiten en ondersteuning voor synchrone weergave en een extra groot bureaublad. Gebruik de ingebouwde video-ondersteuning van de PowerBook om presentaties te geven, een extern beeldscherm aan te sluiten of om dvd-video's op uw televisie af te spelen. m Een batterij met een lange levensduur, een Type II PC Card/CardBus-sleuf en nog veel meer. In dit hoofdstuk worden de mogelijkheden van de PowerBook besproken. Aanvullende informatie vindt u in 'Mac Help' (raadpleeg pagina 44) of op een van de vele websites van Apple.46 Hoofdstuk 3 USB (Universal Serial Bus) De PowerBook is voorzien van twee USB-poorten waarop u een groot aantal externe apparaten kunt aansluiten, zoals printers, scanners, digitale camera's, gamepads, joysticks, toetsenborden en diskette-eenheden. Met USB is het zeer eenvoudig om externe apparaten aan te sluiten. In de meeste gevallen kunt u een USB-apparaat aansluiten of loskoppelen terwijl de computer aan staat. Nadat u het apparaat hebt aangesloten, is het klaar voor gebruik. U hoeft de computer dus niet opnieuw op te starten of te configureren. Werken met USB-apparaten Om een USB-apparaat te gebruiken, sluit u het aan op de computer. De computer laadt automatisch de juiste programmatuur wanneer u een nieuw apparaat aansluit. Opmerking: De computer is door Apple al voorzien van programmatuur die geschikt is voor allerlei USB-apparaten. Als de PowerBook niet de juiste programmatuur kan vinden wanneer u een USB-apparaat aansluit, kunt u de programmatuur installeren die bij het apparaat is geleverd. U kunt ook aan de hand van de melding die verschijnt de desbetreffende programmatuur op het Internet zoeken en deze vervolgens downloaden en installeren. USB-apparaten en energieverbruik Op de PowerBook kunnen USB-apparaten, zoals joysticks en toetsenborden, worden aangesloten die van stroom worden voorzien via de USB-aansluiting in plaats van via een aparte lichtnetadapter. Het gebruik van dit soort USB-apparaten kan er echter voor zorgen dat de batterij van de PowerBook sneller leeg raakt. Het is daarom aan te raden de lichtnetadapter aan te sluiten wanneer u externe apparaten aansluit op de computer. 1 2 G ™ Æ WWerken met de computer 47 Meerdere USB-apparaten tegelijk gebruiken De PowerBook is voorzien van twee USB-poorten. Als u meerdere USB-apparaten wilt aansluiten op dezelfde USB-poort, dient u een USB-hub aan te schaffen. U sluit de USB-hub aan op een vrije poort van de computer, waarna u over extra USB-poorten beschikt (meestal vier of zeven). Meer informatie over USB Aanvullende informatie over USB is beschikbaar in 'Mac Help' (raadpleeg pagina 44). Kies 'Mac Help' uit het Help-menu en zoek op 'USB'. Meer informatie kunt u ook vinden op de USB-website van Apple op www.apple.com/nl/usb. Raadpleeg de Macintosh Products Guide op www.apple.com/guide (Engelstalig) om te zien welke USB-apparaten voor uw computer beschikbaar zijn. G ™ Æ W USB-hub48 Hoofdstuk 3 FireWire De computer is voorzien van een FireWire-poort. Met FireWire kunt u eenvoudig snelle externe apparaten, zoals digitale videocamera's, printers, scanners en harde schijven, aansluiten en loskoppelen. U kunt FireWire-apparaten aansluiten en loskoppelen zonder de computer opnieuw te hoeven opstarten. Met FireWire kunt u onder andere het volgende doen: m Een digitale videocamera aansluiten en videobeelden van hoge kwaliteit opnemen en direct naar de computer overbrengen. Deze videobeelden kunt u vervolgens bewerken met speciale programmatuur, zoals iMovie. m Een externe FireWire harde schijf aansluiten voor het opslaan van gegevens of het overdragen van bestanden. Nadat u de FireWire harde schijf hebt aangesloten, verschijnt een symbool van de schijf op het bureaublad. m Vanaf een externe FireWire harde schijf opstarten. Sluit een externe FireWire-schijf (met een bruikbare, geïnstalleerde Systeemmap) aan en voer de volgende handelingen uit: m Open in Mac OS 9 het regelpaneel 'Opstartschijf' en klik op de FireWire-schijf. m Open in Mac OS X het paneel 'Opstartschijf' van het programma 'Systeemvoorkeuren' en klik op de FireWire-schijf. m Start de computer opnieuw op. Werken met FireWire-apparaten Om een FireWire-apparaat in combinatie met de computer te gebruiken, sluit u het apparaat op de computer aan en installeert u de eventuele bijbehorende programmatuur. Als u een nieuw apparaat aansluit, wordt dit automatisch door de computer herkend. G ™ Æ WWerken met de computer 49 FireWire-apparaten en energieverbruik Op de PowerBook kunnen FireWire-apparaten, zoals bepaalde externe harde schijven, worden aangesloten die van stroom worden voorzien via de FireWire-verbinding in plaats van via een aparte lichtnetadapter. Het gebruik van dit soort FireWire-apparaten kan er echter voor zorgen dat de batterij van de PowerBook sneller leeg raakt. Het is daarom aan te raden de lichtnetadapter aan te sluiten wanneer u voor langere tijd externe apparaten op de computer gebruikt. FireWire-doelschijfmodus Als zich een probleem voordoet waardoor u de computer niet kunt opstarten, of als u bestanden wilt uitwisselen tussen de PowerBook en een andere computer met FireWire, kunt u de PowerBook in de FireWire-doelschijfmodus op een andere computer aansluiten. Om de PowerBook aan te sluiten in de FireWire-doelschijfmodus, gaat u als volgt te werk: 1 Controleer of de PowerBook is uitgeschakeld. 2 Gebruik een standaard-FireWire-kabel met een 6-pens connector aan beide uiteinden om de PowerBook op een andere computer met FireWire aan te sluiten. 3 Start de PowerBook op terwijl u de T-toets ingedrukt houdt. Op het scherm van de PowerBook verschijnt het FireWire-logo en op het bureaublad van de andere computer verschijnt het symbool van de interne harde schijf van de PowerBook. 4 Nadat de bestanden zijn uitgewisseld, sleept u het symbool van de harde schijf van de PowerBook naar de prullenmand. 5 Zet de PowerBook uit met behulp van de Aan/uit-knop en koppel vervolgens de FireWirekabel los. Opmerking: De FireWire-poort levert een vermogen van maximaal 7 watt aan FireWireapparaten. U kunt meerdere apparaten aan elkaar koppelen en deze keten van apparaten aansluiten op de FireWire-poort van de computer. Er mag echter slechts één apparaat stroom van de computer krijgen. De overige apparaten in de keten moeten stroom krijgen via afzonderlijke lichtnetadapters. Als u meerdere FireWire-apparaten aansluit die stroom krijgen van de computer, kunnen er problemen ontstaan. Als er een probleem optreedt, zet u de computer uit, verwijdert u de FireWire-apparaten en start u de computer opnieuw op. Belangrijk Op de computer waarop u de PowerBook wilt aansluiten, dient FireWire versie 2.3.3 of hoger te zijn geïnstalleerd. Controleer in Apple Systeemprofiel welke versie van FireWire op de computer is geïnstalleerd. In Mac OS 9 vindt u Apple Systeemprofiel in het Apple-menu (K). In Mac OS X vindt u Apple Systeemprofiel in de map 'Utilities' (in de map 'Applications').50 Hoofdstuk 3 Meer informatie over FireWire Aanvullende informatie over FireWire is beschikbaar in 'Mac Help' (raadpleeg pagina 44). Kies 'Mac Help' uit het Help-menu en zoek op 'FireWire'. Daarnaast kunt u informatie vinden op de FireWire-website van Apple op www.apple.com/nl/firewire. PC Cards Met behulp van de PC Card-sleuf kunt u de mogelijkheden van de computer uitbreiden. De PowerBook heeft een PC Card-sleuf die geschikt is voor PCMCIA-kaarten van Type I en Type II (inclusief CardBus-kaarten). U kunt een PC Card in de sleuf plaatsen als de computer aan, uit of in de sluimerstand staat. Een PC Card installeren en verwijderen Houd de kaart recht en plaats deze met het etiket naar boven in de sleuf. U voelt enige weerstand als u de kaart in de sleuf duwt. Als de kaart goed op zijn plaats zit, voelt u deze vastklikken. Vervolgens verschijnt een symbool voor de PC Card op het bureaublad. U kunt een PC Card verwijderen terwijl de computer is in- of uitgeschakeld, maar niet als deze in de sluimerstand staat. Om een PC Card te verwijderen, gaat u als volgt te werk: 1 Als de computer aan staat, sleept u het symbool van de kaart naar de prullenmand. G ™ Æ W PC Card-sleuf Verwijderknop Belangrijk De AirPort-kaart is in een interne sleuf geïnstalleerd. In tegenstelling tot kaarten voor draadloze verbinding van andere fabrikanten kunt u de AirPort-kaart niet installeren in de PC Card-sleuf. Als u de AirPort-kaart in de PC Card-sleuf installeert, kunt u de kaart niet gebruiken en werkt de computer niet naar behoren.Werken met de computer 51 2 Druk eenmaal op de verwijderknop naast de sleuf van de PC Card om de knop te ontgrendelen. 3 Druk nogmaals op de knop om de kaart te verwijderen. 4 Haal de kaart uit de sleuf en druk nogmaals op de verwijderknop om de sleuf in de computer te schuiven. Meer informatie over PC Cards Raadpleeg de Macintosh Products Guide op www.apple.com/guide (Engelstalig) om te zien welke PC Cards beschikbaar zijn voor de PowerBook. Draadloze Internet- en netwerktoegang via AirPort De PowerBook is volledig gereed voor AirPort. De computer heeft een ingebouwde antenne en is mogelijk al voorzien van een AirPort-kaart. Met AirPort kunt u op een eenvoudige en betaalbare manier vanuit elke ruimte in uw huis, klaslokaal of kantoor een draadloze verbinding met het Internet tot stand brengen. Door AirPort wordt niet gebruikgemaakt van de gebruikelijke kabels, maar van draadloze LAN-technologie (local area network) om communicatie tussen computers tot stand te brengen. Via een draadloos netwerk kunt u bijvoorbeeld een verbinding tot stand brengen met het Internet, bestanden uitwisselen of computerspellen met meerdere deelnemers spelen. Opmerking: Voor draadloze Internet-toegang zijn een AirPort-kaart, AirPort-basisstation en een Internet-abonnement nodig (waarvoor u mogelijk dient te betalen). Bepaalde Internetaanbieders, zoals America Online, zijn momenteel niet compatibel met AirPort. Het bereik van AirPort kan variëren, afhankelijk van de omgeving.52 Hoofdstuk 3 Draadloze toegang tot het Internet via AirPort Met behulp van AirPort brengt u een draadloze verbinding tot stand met een apparaat dat het basisstation wordt genoemd en dat een fysieke verbinding met het Internet heeft. De werking van de AirPort-technologie kunt u vergelijken met die van een draadloze telefoon. Via de AirPort-kaart wordt een draadloze verbinding tot stand gebracht met het basisstation dat is aangesloten op een telefoonlijn. Meer informatie over AirPort Om een AirPort-basisstation aan te schaffen, neemt u contact op met een door Apple erkende leverancier of raadpleegt u de Apple Store op www.apple.com/nlstore. Raadpleeg 'AirPort Help' voor meer informatie over AirPort. Kies 'Help-centrum' uit het Helpmenu en kies vervolgens 'AirPort Help'. Bovendien kunt u informatie vinden op de AirPortwebsite van Apple op www.apple.com/nl/airport. AirPort-basisstation Verbinding met het Internet Stopcontact ®Werken met de computer 53 Ethernet (10/100/1000Base-T) De computer is voorzien van een ingebouwde twisted-pair Ethernet-netwerkaansluiting met een doorvoersnelheid van 10/100/1000 Mbps (megabits per seconde), waarmee u een verbinding met een Ethernet-netwerk, een kabelmodem of een DSL-modem tot stand kunt brengen. Als u de computer op een netwerk aansluit, hebt u toegang tot andere computers. U kunt dan gegevens opslaan en ophalen, netwerkprinters en netwerkmodems gebruiken, elektronische post versturen of een verbinding met het Internet tot stand brengen. U kunt Ethernet ook gebruiken om bestanden uit te wisselen tussen twee computers of om een klein netwerk op te zetten. Andere Ethernet-apparaten worden automatisch herkend door de Ethernet-poort op de PowerBook. U hebt geen Ethernet-crossoverkabel nodig om een verbinding met andere Ethernet-apparaten tot stand te brengen. m Gebruik Category 3 Ethernet-kabels met twee paren om een verbinding tot stand te brengen met een 10Base-T Ethernet-netwerk. m Gebruik Category 5 Ethernet-kabels met twee paren om een verbinding tot stand te brengen met een 100Base-T Ethernet-netwerk. m Gebruik Category 5 Ethernet-kabels met vier paren om een verbinding tot stand te brengen met een 1000Base-T Ethernet-netwerk. Meer informatie over Ethernet Raadpleeg 'Mac Help' (zie pagina 44) voor meer informatie over het opzetten van een Ethernet-netwerk of het uitwisselen van bestanden via Ethernet. Kies 'Mac Help' uit het Helpmenu en zoek op 'Ethernet' of 'netwerk'. Raadpleeg voor informatie over de netwerkproducten die u met de PowerBook kunt gebruiken de Macintosh Products Guide op www.apple.com/guide (Engelstalig). G ™ Æ W G54 Hoofdstuk 3 Infrarood (IrDA) De PowerBook heeft ingebouwde infraroodvoorzieningen (IR) waarmee u draadloos gegevens kunt versturen en ontvangen. De infraroodvoorzieningen in de PowerBook zijn gebaseerd op de standaardcommunicatiemethode IrDA. Met behulp van infrarood kunt u bestanden uitwisselen met een andere computer met infraroodvoorzieningen, een verbinding tot stand brengen met andere infraroodapparaten, zoals een organizer, of een infraroodnetwerk en zelfs afdrukken op een infraroodprinter. Het uitwisselen van bestanden via infrarood werkt hetzelfde als via Ethernet. Het enige verschil is dat de verbinding tot stand komt via infrarood in plaats van via Ethernet. U kunt geen bestanden uitwisselen of afdrukken via IrDA in Mac OS X. Opmerking: u kunt geen bestanden uitwisselen met een computer die alleen geschikt is voor IRTalk (een afwijkende methode voor IR-communicatie die wordt gebruikt in bepaalde oudere computertypen). Een infraroodverbinding tot stand brengen Om een infraroodverbinding tot stand te brengen met een andere computer, gaat u als volgt te werk: 1 Plaats de infraroodvensters van beide computers op minder dan één meter afstand recht tegenover elkaar. 2 Stel in de regelpanelen 'AppleTalk' en 'TCP/IP' in dat de verbinding via infrarood tot stand moet worden gebracht. 3 Controleer of de optie voor samengebruik in het regelpaneel 'Samengebruik' in Mac OS 9 is ingeschakeld. G ™ Æ WWerken met de computer 55 Meer informatie over infrarood Raadpleeg 'Mac Help' (zie pagina 44) voor meer informatie over het configureren van het Mac OS om communicatie via infrarood mogelijk te maken. Kies 'Mac Help' uit het Helpmenu en zoek op 'infrarood' of 'samengebruik'. Ondersteuning voor extern videoapparaat (VGA en S-Video) De computer is voorzien van een beeldschermpoort waarop u een beeldscherm met een VGA-adapter of een ander extern videoapparaat, bijvoorbeeld een videoprojector, kunt aansluiten. Via de tv-uitvoerpoort (ook wel S-video-uitvoerpoort genoemd) op de computer kunt u een televisie, videorecorder of videoprojector aansluiten met behulp van een S-videokabel of een composite-videokabel (verkrijgbaar bij elektronicazaken). U kunt op die manier computerbeelden op een televisie weergeven of op een videorecorder opnemen, of dvdschijven afspelen op uw televisie. Als het apparaat dat u wilt aansluiten geen S-videopoort heeft, kunt u de composite-naar-Svideoadapter gebruiken die bij de PowerBook is geleverd. Als u een extern beeldscherm of een televisie hebt aangesloten, kunt u kiezen of u hetzelfde beeld wilt weergeven op zowel het externe als het interne beeldscherm (synchrone weergave) of dat u het Mac OS-bureaublad verspreid over twee beeldschermen wilt weergeven (de modus voor een extra groot bureaublad). G ™ Æ W ™ Poort extern beeldscherm Æ S-video-uitvoerpoort VGA-beeldschermkabel Composite-naar-S-videokabel56 Hoofdstuk 3 Opmerking: de beeldkwaliteit van de meeste televisies is minder goed dan die van een intern of extern beeldscherm. Een extern beeldscherm aansluiten Om een extern beeldscherm op de computer aan te sluiten, gaat u als volgt te werk: 1 Zet het externe beeldscherm uit. 2 Sluit de kabel van het beeldscherm aan op de PowerBook. 3 Zet het externe beeldscherm aan. 4 Houd de Command-toets (x) ingedrukt en druk op de toets voor het verhogen van de helderheid/F2 ( ) zodat het nieuwe beeldscherm automatisch wordt herkend. 5 Pas de resolutie van het externe beeldscherm aan: m Klik in Mac OS 9 op de module 'Beeldschermresolutie' in de Regelbalk. Als u de Controltoets ingedrukt houdt terwijl u klikt op 'Beeldschermresolutie', verschijnt er een lijst met alle resoluties. m Klik in Mac OS X op de tab 'Beeldscherm' in het paneel 'Beeldschermen' van het programma 'Systeemvoorkeuren' of klik op het beeldschermsymbool in de menubalk. Raadpleeg “Extern beeldscherm in de modus voor een extra groot bureaublad of in de modus 'Synchrone weergave'” op pagina 101 voor meer informatie over ondersteunde resoluties van externe beeldschermen. Als u hetzelfde beeld wilt weergeven op het PowerBook-beeldscherm en het externe beeldscherm, schakelt u synchrone weergave in via de Regelbalk (Mac OS 9) of via het beeldschermsymbool in de menubalk (Mac OS X). U kunt heen en weer schakelen tussen synchrone weergave en een extra groot bureaublad door te drukken op de Command-toets (x) en de toets voor het verlagen van de helderheid/F1 ( ). Belangrijk Bij synchrone weergave krijgt u het beste resultaat als u dezelfde resolutie en kleurdiepte instelt voor het ingebouwde beeldscherm en het externe beeldscherm. Werken met de PowerBook terwijl het scherm dichtgeklapt is Wanneer u een extern beeldscherm, een toetsenbord, een muis en de lichtnetadapter hebt aangesloten, kunt u met de PowerBook werken terwijl het ingebouwde beeldscherm is dichtgeklapt. Kleurdiepte Beeldscherm- Synchrone weergave resolutieWerken met de computer 57 Om met de computer te werken als u een extern beeldscherm hebt aangesloten en het scherm hebt dichtgeklapt, gaat u als volgt te werk: 1 Sluit een extern USB-toetsenbord en een USB-muis aan op de PowerBook. 2 Klap het beeldscherm van de PowerBook dicht om de sluimerstand te activeren. 3 Volg de stappen in het vorige gedeelte om een extern beeldscherm aan te sluiten op de PowerBook. 4 Wacht een aantal seconden en druk vervolgens op een toets op het externe toetsenbord om de computer uit de sluimerstand te halen. Een televisie, videorecorder of ander apparaat aansluiten Om een apparaat op de tv-uitvoerpoort aan te sluiten, gaat u als volgt te werk: 1 Sluit een S-videokabel aan op de tv-uitvoerpoort (Æ) van de PowerBook (of sluit een composite-videokabel aan met behulp van de adapter) en sluit het andere uiteinde aan op het externe apparaat. 2 Als u het geluid van de PowerBook wilt doorgeven aan het externe apparaat, dient u een kabel met een ministekker en een RCA-stekker (niet meegeleverd) aan te sluiten op de geluidsuitvoerpoort (f) van de PowerBook en de geluidsinvoerpoort van het apparaat. 3 Zet het externe apparaat aan. 4 Houd de Command-toets (x) ingedrukt en druk op de toets voor het verhogen van de helderheid/F2 ( ) zodat het tv-scherm automatisch wordt herkend. 5 Pas de weergave-instellingen voor het apparaat aan: m Gebruik in Mac OS 9 de module 'TV-weergave' in de Regelbalk. m Gebruik in Mac OS X het paneel 'Beeldschermen' van het programma 'Systeemvoorkeuren'. Meer informatie over het gebruik van een extern beeldscherm of een televisie Raadpleeg 'Mac Help' (zie pagina 44) voor meer informatie over het gebruiken en configureren van een extern beeldscherm. Kies 'Mac Help' uit het Help-menu en zoek op 'beeldscherm'. TV-weergave58 Hoofdstuk 3 Batterij Als de lichtnetadapter niet is aangesloten, wordt de computer van stroom voorzien door de batterij. Aan het aantal oplichtende indicatielampjes op de batterij zelf kunt u zien hoe vol de batterij nog is. Hoe meer lampjes branden, hoe voller de batterij is. Nadat u op de knop hebt gedrukt, blijven de indicatielampjes een paar seconden branden. U kunt de lading controleren als de batterij zich in de PowerBook bevindt of als de batterij is verwijderd. Belangrijk Als nog maar één lampje knippert, is de batterij zo goed als leeg. Als er geen lampjes branden is de batterij helemaal leeg en start de computer niet op, tenzij u de lichtnetadapter hebt aangesloten. Sluit de lichtnetadapter gedurende enkele uren aan zodat de batterij wordt opgeladen. Batterij LED-indicatielampjesWerken met de computer 59 De batterij verwijderen of vervangen U verwijdert de batterij als volgt: m Zet de PowerBook uit of schakel de sluimerstand in. Draai de computer om en kijk waar het ontgrendelingsschuifje van de batterij zich bevindt. Schuif het schuifje naar de zijkant en verwijder de batterij voorzichtig. De batterij verwisselen terwijl de sluimerstand is ingeschakeld Als de batterij bijna leeg is terwijl u aan het werk bent, kunt u de sluimerstand inschakelen en de batterij vervangen door een opgeladen batterij. De interne reservebatterij levert voldoende stroom om de inhoud van het RAM-geheugen drie minuten te behouden, zodat u de batterij kunt vervangen. De batterij opladen De batterij kan worden opgeladen als de computer wordt gebruikt, in de sluimerstand staat of is uitgeschakeld. Er gaat een lampje branden op de stekker van de lichtnetadapter. Een oranje lampje geeft aan dat de batterij wordt opgeladen. Een groen lampje geeft aan dat de batterij volledig is opgeladen. De batterij wordt het snelst opgeladen als de computer is uitgeschakeld of in de sluimerstand staat. U kunt de batterijlading controleren. m Gebruik in Mac OS 9 de indicator van de batterijlading in de Regelbalk. m Gebruik in Mac OS X het batterijsymbool in de menubalk. Batterij Ontgrendeling Indicator van de batterijlading60 Hoofdstuk 3 Om de gebruiksduur van de batterij zo lang mogelijk te maken, dient u zo veel mogelijk gebruik te maken van de lichtnetadapter. De batterij kalibreren voor de beste prestaties Om een nieuwe batterij zo lang mogelijk te kunnen gebruiken, dient u de batterij binnen een week na ingebruikneming te ontladen en vervolgens volledig op te laden. Hiervoor gaat u als volgt te werk: 1 Sluit de lichtnetadapter aan en laad de batterij volledig op totdat het indicatielampje van de batterij brandt en het metertje op het scherm aangeeft dat de batterij volledig is opgeladen. 2 Koppel de lichtnetadapter los en gebruik de PowerBook totdat er voor het eerst een waarschuwingsvenster verschijnt dat aangeeft dat de batterij bijna leeg is. 3 Sluit de lichtnetadapter aan en laat deze aangesloten totdat de batterij volledig is opgeladen. Belangrijk U hoeft deze procedure slechts één keer uit te voeren om de batterij te kalibreren. Vervolgens kunt u de lichtnetadapter bij elke batterijlading aansluiten of loskoppelen.Werken met de computer 61 Tips voor energiebesparing Hoe lang u precies met de PowerBook kunt werken voordat u de batterij opnieuw moet opladen, is afhankelijk van de apparatuur die u gebruikt en de maatregelen die u neemt om het stroomverbruik te beperken. U kunt het volgende doen om het stroomverbruik te beperken: m Koppel alle USB- of FireWire-apparaten met busstroom die u niet gebruikt, los van de computer. m Sluit alle geopende programma's die u niet gebruikt. m Verwijder cd-rom- en dvd-romschijven die niet in gebruik zijn. m Verminder de helderheid van het scherm met behulp van de helderheidsregelaars op het toetsenbord van de PowerBook. m Maak bij elke werkonderbreking gebruik van de sluimerstand van de PowerBook. m Schakel in Mac OS 9 het aankruisvak 'Ingebouwd beeldscherm uit in plaats van in sluimerstand' in het tabblad 'Extra instellingen' van het regelpaneel 'Energiestand' in. U kunt ook het volgende doen: m Zorg dat de sluimerstand van de harde schijf al na een klein aantal minuten wordt ingeschakeld. m Schakel de sluimerstand in nadat de PowerBook vijf minuten inactief is. U krijgt als volgt toegang tot de energie-instellingen van de computer: m Gebruik in Mac OS 9 de module 'Energie-instellingen' in de Regelbalk. m Gebruik in Mac OS X het paneel 'Energiestand' van het programma 'Systeemvoorkeuren'. Meer informatie over de batterij van de PowerBook Raadpleeg 'Mac Help' (zie pagina 44) voor meer informatie. Kies 'Mac Help' uit het Helpmenu en zoek op 'batterij'.62 Hoofdstuk 3 Dvd-romspeler Alle programmatuur die nodig is voor het gebruik van de computer en toegang tot het Internet, is al geïnstalleerd op de PowerBook. (De cd's die u bij de PowerBook hebt ontvangen, hebt u alleen nodig als u problemen ondervindt of als u de systeemprogrammatuur opnieuw moet installeren.) Als u extra programmatuur hebt aangeschaft, kunt u deze installeren vanaf cd of afspelen vanaf een dvd-schijf via de dvdromspeler van de PowerBook. Opmerking: Als u oudere programmatuur hebt die op diskettes is geleverd, neemt u contact op met de fabrikant van de programmatuur om na te gaan of de programmatuur ook op een cd-romschijf beschikbaar is. Ook kunt u een externe diskette-eenheid, zoals een LS120/SuperDisk, van een andere fabrikant aanschaffen bij een door Apple erkende leverancier of via de Apple Store op het Internet (www.apple.com/nlstore). Een cd- of dvd-schijf in de speler plaatsen Om programma's vanaf een cd- of dvd-schijf te installeren of uit te voeren, gaat u als volgt te werk: 1 Zet de computer aan, plaats de schijf met het etiket naar boven in de sleuf totdat u voelt dat de schijf naar binnen wordt getrokken. ® Gaatje voor het verwijderen van schijven PaperclipWerken met de computer 63 2 Zodra het symbool van de schijf op het bureaublad verschijnt, kunt u de schijf gebruiken. Een schijf uit de speler verwijderen U verwijdert een schijf uit de speler door het symbool van de schijf naar de prullenmand te slepen of door de mediaverwijdertoets ( ) op het toetsenbord ingedrukt te houden. Als u een schijf niet kunt verwijderen, gaat u als volgt te werk: m Sluit de programma's of bestanden die gebruikmaken van de schijf en probeer het opnieuw. m Start de computer opnieuw op en houd de knop van het stuurvlak ingedrukt totdat de speler wordt geopend. m Als dit niet werkt, steekt u het uiteinde van een paperclip in het gaatje naast de verwijderknop (rechts naast de sleuf van de dvd-romspeler) om de interne verwijderknop in te drukken. Deze procedure kunt u alleen uitvoeren als de PowerBook aan staat. Dvd-schijven afspelen U kunt met de dvd-speler ook dvd-schijven afspelen op de PowerBook. Plaats de dvd-schijf in de speler en ga als volgt te werk: m Kies in Mac OS 9 'Apple dvd-speler' uit het Apple-menu (K). m Start in Mac OS X het programma 'Apple dvd-speler' in de map 'Applications' op de harde schijf. Als u de PowerBook met behulp van een S-videokabel op een televisie aansluit (raadpleeg pagina 55) om een dvd-video op het televisiescherm te bekijken, selecteert u 720 x 480 NTSC ( Verenigde Staten) of 720 x 576 PAL (Europa en alle overige regio's). m Gebruik in Mac OS 9 de module 'Beeldschermresolutie' in de Regelbalk. m Gebruik in Mac OS X het tabblad 'Beeldscherm' in het paneel 'Beeldschermen' van het programma 'Systeemvoorkeuren'. Opmerking: Wanneer u een extern beeldscherm hebt aangesloten, kunt u dvd's alleen afspelen in de modus voor een extra groot bureaublad. U kunt geen dvd's afspelen in de modus 'Synchrone weergave'. U kunt de PowerBook eenvoudig op een stereo-installatie aansluiten. Verbind de koptelefoonpoort (f) op de PowerBook met de geluidsinvoerpoorten op de stereoinstallatie via een kabel met een ministekker en een RCA-stekker (niet meegeleverd). Belangrijk In de dvd-romspeler van de PowerBook kunnen ronde schijven met een diameter van 12 cm of 8 cm worden geplaatst. Schijven met een afwijkende vorm en schijven met een diameter van minder dan 8 cm kunt u niet gebruiken. Schijven die niet rond zijn, kunnen in de speler vast komen te zitten.64 Hoofdstuk 3 Meer informatie over de dvd-speler Voor instructies bij het gebruik van Apple dvd-speler opent u het programma en kiest u vervolgens 'Apple dvd-speler Help' uit het Help-menu. Optionele cd-rw-speler Als de PowerBook een cd-rw-speler heeft, kunt u uw favoriete muziek, programma's en bestanden op cd-r- en cd-rw-schijven opslaan. U kunt uw eigen muziek-cd's samenstellen, die u vervolgens op elke standaard-cd-speler kunt afspelen. U kunt ook computerbestanden, zoals programma's, documenten of andere digitale bestanden, opslaan op een beschrijfbare cd. Cd-r-schijven (cd-recordable) kunt u slechts eenmaal beschrijven. Als u gegevens op een cd-rschijf hebt opgeslagen, kunt u deze gegevens niet meer wijzigen. Afhankelijk van het programma dat u gebruikt, is het mogelijk gegevens toe te voegen totdat de schijf vol is. Raadpleeg de documentatie bij het programma voor meer informatie over het beschrijven van cd-r-schijven. Voor het opnemen van audio-cd's kunt u het beste cd-r-schijven gebruiken. Op de meeste cd-spelers kunnen namelijk geen cd-rw-schijven worden afgespeeld. Op een cd-rw-schijf (cd-rewritable) kunt u meerdere malen gegevens opslaan en wijzigen. Met sommige programma's voor het opnemen van mediabestanden op cd (zoals Disc Burner van iTunes) kunt u echter slechts eenmaal gegevens op de schijf opslaan. Een cd in de speler plaatsen Om een programma vanaf cd te installeren of te gebruiken, gaat u als volgt te werk: 1 Zet de computer aan, plaats de schijf met het etiket naar boven in de sleuf totdat u voelt dat de schijf naar binnen wordt getrokken. 2 Zodra het symbool van de schijf op het bureaublad verschijnt, kunt u de schijf gebruiken. Kies 'iTunes Help' uit het Help-menu voor meer informatie over het opslaan van muziekbestanden op cd met behulp van iTunes. Een schijf uit de speler verwijderen U verwijdert een schijf uit de speler door het symbool van de schijf naar de prullenmand te slepen of door de mediaverwijdertoets ( ) op het toetsenbord ingedrukt te houden. Als u een schijf niet kunt verwijderen, doet u het volgende: Belangrijk In de cd-rw-speler van de PowerBook kunnen ronde schijven met een diameter van 12 cm of 8 cm worden geplaatst. Schijven met een afwijkende vorm en schijven met een diameter van minder dan 8 cm kunt u niet gebruiken. Schijven die niet rond zijn, kunnen in de speler vast komen te zitten.Werken met de computer 65 m Sluit de programma's of bestanden die gebruikmaken van de schijf en probeer het opnieuw. m Start de computer opnieuw op en houd de knop van het stuurvlak ingedrukt totdat de speler wordt geopend. Regelaars op het toetsenbord en programmeerbare functietoetsen Met de regelaars op het toetsenbord kunt u snel de instellingen van bijvoorbeeld het volume en de helderheid van het beeldscherm aanpassen en een cd of dvd verwijderen. Het toetsenbord van de PowerBook bevat ook vijf extra toetsen die u kunt configureren om veelgebruikte programma's of documenten in Mac OS 9 te openen. Deze toetsen worden programmeerbare functietoetsen genoemd. U kunt met deze toetsen bijvoorbeeld de webbrowser, een tekstverwerkingsprogramma of uw favoriete spelletje openen. En zodra u meerdere programma's hebt gestart, kunt u met behulp van de toetsen snel tussen deze programma's schakelen. Programmeerbare functietoetsen toewijzen Als u in Mac OS 9 voor het eerst op een van de functietoetsen drukt, verschijnt een dialoogvenster waarin u de functietoets aan een bepaald programma kunt toewijzen. In het regelpaneel 'Toetsenbord' kunt u de instellingen van de functietoetsen wijzigen. ® ¤ Helderheids- regelaars - Volume- toetsen Speciale functietoetsen Cd/dvd-verwijdertoets Functietoets (Fn)De standaardfunctietoetsen gebruiken U kunt een regelaar of programmeerbare functietoets snel veranderen in een standaardtoets door op de Fn-toets te drukken terwijl u op de desbetreffende toets drukt. Ook kunt u met het regelpaneel 'Toetsenbord' in Mac OS 9 de prioriteit wijzigen, zodat de standaardfunctietoetsen de primaire toetsen zijn en de schermregelaars en programmeerbare functietoetsen de secundaire toetsen. (U drukt dan bijvoorbeeld op de Fntoets om de helderheid van het beeldscherm aan te passen.) In Mac OS X kunt u de functietoetsen configureren met behulp van het paneel 'Toetsenbord' van het programma 'Systeemvoorkeuren'. Het numerieke toetsenblok gebruiken De meeste bureaucomputers hebben naast het gewone toetsenbord een apart blok met numerieke toetsen. Op de PowerBook is het numerieke toetsenblok ingebed in het toetsenbord. De toetsen die ook voor het numerieke toetsenblok worden gebruikt, zijn voorzien van een extra label. Om het numerieke toetsenblok te activeren, drukt u op de Num Lock-toets op het toetsenbord. Als het toetsenblok actief is, brandt het lampje naast de Num Lock-toets. Als u klaar bent, drukt u nogmaals op de Num Lock-toets om het numerieke toetsenblok weer uit te schakelen. Opmerking: wanneer het numerieke toetsenblok actief is, zijn de andere toetsen en sneltoetsen (zoals x-Q om programma's te verlaten) uitgeschakeld. ® Numeriek toetsenblok Num Lock-toetsWerken met de computer 67 Meer informatie over de regelaars op het toetsenbord Raadpleeg 'Mac Help' (zie pagina 44) voor meer informatie over het configureren van de regelaars op het toetsenbord en het toewijzen van functietoetsen. Kies 'Mac Help' uit het Help-menu en zoek op 'toetsenbord'. Beveiliging en toetsenbordvergrendeling U kunt een antidiefstalkabel en een slot aanschaffen om de PowerBook tegen diefstal te beschermen. Met een slot kunt u de computer aan een bureau of tafel bevestigen. Ook het toetsenbord van de PowerBook heeft een vergrendelingsmechanisme. Als het toetsenbord is vergrendeld, kunt u het niet omklappen en zijn de interne onderdelen, waaronder het RAM-geheugen, niet toegankelijk. Dit vergrendelingsmechanisme bevindt zich op het plastic schuifje links van de Num Locktoets, waarop zich ook het Num Lock-indicatielampje bevindt. Het toetsenbord is niet vergrendeld wanneer u de PowerBook aanschaft. U vergrendelt het toetsenbord door het schroefje met een schroevendraaiertje met platte kop een halve slag naar rechts te draaien. Een schuifje voorkomt dat het toetsenbord kan worden verwijderd. Opmerking: De vergrendelingsschroef heeft een uitsparing waaraan u kunt zien of het toetsenbord is vergrendeld of niet. Als de uitsparing zich aan de bovenkant van de schroef bevindt, is het toetsenbord niet vergrendeld. Als de uitsparing zich aan de onderkant bevindt, is het toetsenbord vergrendeld. ® Voorbeeld van beveiliging met antidiefstalkabel Opening voor antidiefstalkabel68 Hoofdstuk 3 Meer informatie over beveiliging Raadpleeg 'Mac Help' (zie pagina 44) voor meer informatie over de beveiligingsvoorzieningen van programma's op de PowerBook, zoals wachtwoorden voor meerdere gebruikers en bestanden coderen. Kies 'Mac Help' uit het Help-menu en zoek op 'beveiliging' of 'meerdere gebruikers'. Opmerking: Als u met Mac OS 9 werkt, is het regelpaneel 'Wachtwoordbeveiliging', dat op oudere modellen beschikbaar is, niet compatibel met de PowerBook. Dit regelpaneel is niet op de computer geïnstalleerd.69 H O O F D S T U K 4 4 Werken met het besturingssysteem Een besturingssysteem is de bureaubladomgeving van de computer. Deze omgeving bepaalt hoe de onderdelen op het bureaublad worden weergegeven en hoe u met de onderdelen kunt werken. Elk besturingssysteem werkt anders. Op de computer is Mac OS 9 als standaardbesturingssysteem geïnstalleerd. Als u de computer voor het eerst opstart, wordt de computer opgestart met Mac OS 9. Op de computer bevinden zich ook Mac OS X en 'Classic', een technologie die u in staat stelt in Mac OS X met Mac OS 9-programma's te werken. Bepaalde programma's werken niet optimaal onder Mac OS X of 'Classic'. Deze programma's kunt u het beste gebruiken in Mac OS 9. Als u alleen werkt met Mac OS 9-programma's en de speciale functies van Mac OS X niet nodig hebt, kunt u instellen dat de computer wordt opgestart met Mac OS 9. In dit hoofdstuk vindt u informatie over een aantal functies van Mac OS X en 'Classic', en instructies voor het selecteren van een ander besturingssysteem.70 Hoofdstuk 4 Mac OS X Start de computer met Mac OS X en ervaar de geavanceerde technologie van dit besturingssysteem, zoals de elegante nieuwe gebruikersinterface, de geweldige grafische mogelijkheden en de verbeterde stabiliteit en prestaties. Alle computerprocessen worden met Mac OS X uitgevoerd, zodat u zich volledig op uw werk kunt concentreren. Met Mac OS X hoeft u niet in te zitten over hoe de computer na een fout in een programma opnieuw moet worden gestart. Het programma wordt simpelweg afgesloten en u kunt zonder onderbreking doorwerken. Dankzij het virtuele-geheugenbeheer van Mac OS X wordt aan elk programma precies de juiste hoeveelheid geheugen toegewezen. Raadpleeg de handleiding Welkom bij Mac OS X voor meer informatie over dit besturingssysteem. Deze handleiding bevat een beschrijving van de functies in Mac OS X en tips voor Mac OS 9- gebruikers over het uitvoeren van Mac OS 9-taken in Mac OS X. Als zich problemen voordoen, raadpleegt u het gedeelte "Problemen oplossen" achter in de handleiding of kiest u 'Mac Help' uit het Help-menu in Mac OS X. De compatibiliteit van programmatuur met Mac OS X Raadpleeg voor meer informatie over de compatibiliteit van programma's met Mac OS X of voor meer informatie over Mac OS X de volgende website van Apple: guide.apple.com/ macosx/ 'Classic' gebruiken in Mac OS X In de Classic-omgeving kunt u behalve alle Mac OS X-programma's ook alle Mac OS 9- programma's gebruiken. 'Classic' wordt in de achtergrond gebruikt voor toegang tot Mac OS 9-functies en -programma's. Als 'Classic' is gestart, werkt de Mac OS 9-programmatuur in Mac OS X precies zoals in Mac OS 9. Er wordt echter niet gebruikgemaakt van Mac OS Xfuncties, zoals de nieuwe gebruikersinterface. Het enige wat u hoeft te doen is een Mac OS 9- programma openen of dubbel klikken op een document dat in een Mac OS 9-programma is gemaakt. Als 'Classic' op dat moment niet actief is, wordt het automatisch gestart. 'Classic' wordt vervolgens in de achtergrond uitgevoerd, zelfs als er geen Classic-programma's zijn geopend, zodat het openen van Mac OS 9-programma's en -documenten sneller en eenvoudiger verloopt. U kunt instellen dat 'Classic' automatisch wordt gestart wanneer u inlogt onder Mac OS X. Kies hiervoor 'Systeemvoorkeuren' uit het Apple-menu (K), klik op 'Classic' en selecteer 'Start 'Classic' bij inloggen op computer'. Belangrijk Omdat Mac OS X al op de computer is geïnstalleerd, hoeft u de installatieinstructies in Welkom bij Mac OS X niet meer door te lezen. Neem in plaats daarvan de instructies voor het inloggen en werken met Mac OS X door.Werken met het besturingssysteem 71 Als u 'Classic' wilt stoppen, klikt u op de knop 'Stop' in het paneel 'Classic' van het programma 'Systeemvoorkeuren'. Vervolgens kunt u wijzigingen die u hebt aangebracht in de Classic-documenten opslaan en 'Classic' stoppen. Schakelen tussen besturingssystemen Als u de computer voor het eerst opstart, wordt de computer opgestart met Mac OS 9. U kunt echter schakelen tussen Mac OS 9 en Mac OS X. Als u Mac OS X hebt geselecteerd, wordt de computer opgestart met Mac OS X, totdat u Mac OS 9 kiest als besturingssysteem. Om in te stellen dat de computer wordt opgestart met Mac OS X, gaat u als volgt te werk: 1 In Mac OS 9 kiest u 'Regelpanelen' uit het Apple-menu (K) en vervolgens 'Opstartschijf' uit het submenu. 2 Klik in het regelpaneel 'Opstartschijf' dubbel op de harde schijf met de besturingssystemen en selecteer de systeemmap van Mac OS X als de opstartschijf. Klik op het driehoekje links van het symbool voor de harde schijf als u wilt zien welke systeemmappen op de harde schijf zijn geïnstalleerd. Start de computer opnieuw op. Opmerking: doordat Apple regelmatig nieuwe versies en updates uitbrengt van haar systeemprogrammatuur, wijkt het versienummer van de besturingssystemen Mac OS X en Mac OS 9 in deze handleiding mogelijk af van de versie die op de computer is geïnstalleerd. Belangrijk Verwijder het besturingssysteem Mac OS 9 niet van de computer. De Classicomgeving werkt alleen als Mac OS 9 is geïnstalleerd.72 Hoofdstuk 4 Om in te stellen dat de computer wordt opgestart met Mac OS 9, gaat u als volgt te werk: 1 Kies 'Systeemvoorkeuren' uit het Apple-menu (K) en klik op 'Opstartschijf'. 2 Selecteer de systeemmap van Mac OS 9 als de opstartmap. (Als de symbolen niet beschikbaar zijn, klikt u op het vergrendelingssymbool onder in het venster en typt u de gebruikersnaam en het wachtwoord dat u eerder hebt opgegeven in de configuratie-assistent.) Raadpleeg Welkom bij Mac OS X voor meer informatie over het inloggen als beheerder. 3 Start de computer opnieuw op. Bepaalde taken en programma's kunt u alleen uitvoeren in Mac OS 9. U kunt op elk gewenst moment instellen met welk Mac OS-besturingssysteem de computer moet worden gestart. Problemen? Kies 'Mac Help' uit het Help-menu en klik op de blauwe onderstreepte tekst voor meer informatie over de functies van de Macintosh computer. Of typ een vraag in het veld 'Zoek' en druk op de Return-toets op het toetsenbord. 73 H O O F D S T U K 5 5 Extra apparatuur installeren of de batterij vervangen Dit hoofdstuk bevat informatie over de manier waarop u extra apparatuur installeert en de batterij vervangt, plus de bijbehorende instructies. In dit hoofdstuk komen de volgende procedures aan bod: m “Extra geheugen installeren” op pagina 73 m “De interne harde schijf verwijderen” op pagina 82 m “Een AirPort-kaart installeren” op pagina 91 Extra geheugen installeren De computer heeft twee geheugensleuven boven elkaar. U krijgt toegang tot deze sleuven door het toetsenbord te verwijderen. De computer wordt geleverd met een geheugen van 128 MB SDRAM (Synchronous Dynamic Random-Access Memory) in de onderste sleuf. In de bovenste geheugensleuf kunt u een SDRAM-module installeren die voldoet aan de volgende specificaties: m SO-DIMM-formaat (Small Outline-Dual Inline Memory Module) m 1,25 inch of kleiner m 64, 128, 256 of 512 MB m 144-pens m "PC-133" RAM Attentie Aanbevolen wordt om de installatie van extra geheugen of het verwijderen van de interne harde schijf uit te laten voeren door een door Apple erkende technicus. In het bij de computer geleverde boekje over service en ondersteuning door Apple vindt u hierover meer informatie. Eventuele schade die ontstaat doordat u de installatie zelf uitvoert, valt niet onder de garantie die u op de computer hebt.74 Hoofdstuk 5 U kunt ook SDRAM-modules van oudere typen PowerBook-computers gebruiken die voldoen aan deze specificaties. U kunt maximaal 1 GB RAM-geheugen op de PowerBook installeren, verdeeld over twee 512- MB DIMM-modules in elk van de RAM-sleuven. Extra RAM-geheugen installeren 1 Zet de computer uit. Koppel de lichtnetadapter, de telefoonkabel en alle andere op de computer aangesloten kabels los. 2 Draai de computer om en verwijder de batterij. Deze maatregelen dienen om te voorkomen dat u de computer per ongeluk aanzet terwijl u geheugen installeert. Batterij Ontgrendeling Attentie De interne onderdelen van de PowerBook kunnen heet zijn. Als u de PowerBook kort tevoren hebt gebruikt, laat u de interne onderdelen van de computer een half uur afkoelen voordat u verder gaat. Extra apparatuur installeren of de batterij vervangen 75 3 Controleer of de vergrendelingsschroef van het toetsenbord niet is aangedraaid. Bij levering is het toetsenbord van de PowerBook niet vergrendeld. U kunt deze stap dan ook overslaan, tenzij het toetsenbord door uzelf of iemand anders is vergrendeld. 4 Ontgrendel het toetsenbord door de schuifjes links van de F1- en F9-toets naar u toe te trekken en til vervolgens het bovenste gedeelte van het toetsenbord omhoog. ® ®76 Hoofdstuk 5 5 Til het bovenste gedeelte van het toetsenbord een stukje omhoog en trek het van u af, zodat de lipjes vrijkomen die het onderste gedeelte van het toetsenbord op zijn plaats houden. 6 Klap het toetsenbord om zodat het op de polssteunen en het stuurvlak komt te liggen. 7 Raak één van de metalen onderdelen in de computer aan om eventuele statische elektriciteit te ontladen. ® ® Extra apparatuur installeren of de batterij vervangen 77 8 Kijk waar de bovenste RAM-uitbreidingssleuf zich bevindt. 9 Houd de RAM-uitbreidingskaart in een hoek van 30 graden ten opzichte van de uitbreidingssleuf. Zorg dat de uitsparing in de kaart zich recht tegenover het lipje in de RAMuitbreidingssleuf bevindt. Duw de RAM-uitbreidingskaart vervolgens in de uitbreidingssleuf. Mogelijk voelt u enige weerstand. Als het niet lukt om de kaart in de sleuf te duwen, probeert u eerst de ene zijde en dan de andere zijde in de uitbreidingssleuf te drukken. ® Bovenste RAMsleuf Onderste RAM-sleuf (bezet) ® Plaats de RAM-uitbreidingskaart in een hoek van 30 graden 30 O78 Hoofdstuk 5 10 Duw de RAM-uitbreidingskaart voorzichtig aan totdat de twee uitsparingen aan weerszijden van de kaart vastklikken. 11 Klap het toetsenbord terug en plaats de lipjes aan de onderzijde van het toetsenbord in de corresponderende openingen in de behuizing van de PowerBook. ® ® Extra apparatuur installeren of de batterij vervangen 79 12 Trek de schuifjes links van de F1- en F9-toets naar u toe en duw vervolgens het bovenste gedeelte van het toetsenbord naar beneden. 13 Laat de schuifjes los om het toetsenbord te vergrendelen. 14 Draai de PowerBook om en plaats de batterij weer terug. 15 Sluit de lichtnetadapter en alle andere kabels weer aan. ®80 Hoofdstuk 5 Controleren of de computer het nieuwe geheugen herkent Nadat u extra geheugen op de PowerBook hebt geïnstalleerd, dient u te controleren of de computer het nieuwe geheugen herkent. Ga als volgt te werk: 1 Start de computer op. 2 Als het bureaublad verschijnt, kiest u 'Over deze computer' uit het Apple-menu (K). In Mac OS 9 In Mac OS X Totale hoeveelheid geheugen in de PowerBook Totale hoeveelheid geheugen in de PowerBook Extra apparatuur installeren of de batterij vervangen 81 Het totale geheugen bestaat uit het geheugen dat al in de computer was geïnstalleerd en het geheugen dat u hebt toegevoegd. Voor een gedetailleerder overzicht van het geheugen in de computer start u Apple Systeemprofiel. Kies in Mac OS 9 'Apple Systeemprofiel' uit het Apple-menu (K). Open in Mac OS X de map 'Applications', open vervolgens de map 'Utilities' en klik dubbel op 'Apple System Profiler' om het programma te starten. Als het geheugen niet wordt herkend of als de computer niet op de juiste manier opstart, zet u de PowerBook uit en raadpleegt u nogmaals de instructies om te zien of het geheugen compatibel is met deze PowerBook en of u het correct hebt geïnstalleerd. Als het probleem niet is opgelost, verwijdert u de geheugenmodule en raadpleegt u de documentatie bij uw Apple product voor meer informatie over service en ondersteuning door Apple. 82 Hoofdstuk 5 De interne harde schijf verwijderen Als de computer is uitgeschakeld, kunt u de interne harde schijf verwijderen, bijvoorbeeld om de schijf te repareren of veilig op te bergen. 1 Zet de computer uit. Koppel de lichtnetadapter, de telefoonkabel en alle andere op de computer aangesloten kabels los. 2 Leg een zachte doek voor u op tafel. De doek dient ter bescherming van het toetsenbord en beeldscherm wanneer u de PowerBook omdraait. Zorg ervoor dat de doek groot genoeg is voor de PowerBook en dat de doek over de rand van de tafel hangt. 3 Klap het beeldscherm van de PowerBook open, draai de PowerBook om en leg deze op de rand van de tafel. Zorg ervoor dat het gewicht van de computer op de tafel rust en niet op het beeldscherm. Zachte doek Bovenkant van het beeldscherm rust op uw schoot Belangrijk Klap het beeldscherm niet verder open dan hierboven getoond. Extra apparatuur installeren of de batterij vervangen 83 4 Verwijder de batterij door de ontgrendeling naar links te schuiven. Vergeet niet de ontgrendeling hierna weer helemaal naar rechts te schuiven. 5 Verwijder de acht schroeven waarmee de behuizing aan de onderkant van de PowerBook is bevestigd in de hieronder aangegeven volgorde. Gebruik een Torx T-8-schroevendraaier. Attentie De interne onderdelen van de PowerBook kunnen heet zijn. Als u de PowerBook kort tevoren hebt gebruikt, laat u de interne onderdelen van de computer een half uur afkoelen voordat u verder gaat. 7 8 5 2 3 4 1 684 Hoofdstuk 5 6 Schuif de onderkant voorzichtig van u af. 7 Til de onderkant van de behuizing op zoals getoond in de onderstaande afbeelding. 8 Raak één van de metalen onderdelen in de computer aan om eventuele statische elektriciteit te ontladen. Belangrijk Draai de behuizing niet heen en weer. Schuif de onderkant van de behuizing eerst helemaal naar voren voordat u deze optilt. Indien u weerstand voelt wanneer u de onderkant optilt, controleert u nogmaals of de onderkant van de computer helemaal naar voren is geschoven en niet meer vastzit aan de sleuf van de optische-schijfeenheid. Extra apparatuur installeren of de batterij vervangen 85 9 Koppel de connectorkabel los van de hoofdprintplaat. 10 Verwijder met een Torx T-8-schroevendraaier de twee schroeven waarmee de hardeschijfhouder aan de beugel is bevestigd. Verwijder de harde schijf voorzichtig. Connectorkabel Schroeven86 Hoofdstuk 5 De harde schijf en de onderkant van de behuizing terugplaatsen Om de harde schijf terug te plaatsen, gaat u als volgt te werk: 1 Verwijder de schroef aan de bovenkant van de bevestigingsbeugel van de harde schijf. 2 Til de bevestigingsbeugel op en draai de beugel voorzichtig over het eerste lipje van de batterijnis. Het lipje zorgt ervoor dat de beugel niet in de weg zit. Bevestigingsbeugel Lipje van batterijnis Schroef Attentie Til de beugel niet hoger dan nodig is om de beugel over het lipje van de batterijnis te bewegen. Als u de beugel boven het lipje tilt, kan de beugel beschadigd raken. Eventuele schade valt niet onder de garantie die u op de computer hebt. Extra apparatuur installeren of de batterij vervangen 87 3 Plaats de twee schroeven in de twee rubberen dopjes en schroef ze vast in de linkerkant van de schijf. Controleer vervolgens of de onderkant, de linkerkant en de rechterkant van de schijf worden bedekt door het Mylar-omhulsel. 4 Plaats eerst de rechterkant van de schijf en vervolgens de linkerkant van de schijf. Bepaal met behulp van de gaten in de schijfhouder de juiste positie van de schijf ten opzichte van de beugel. Schroef Mylar-omhulsel Rubberen dopje88 Hoofdstuk 5 5 Til de beugel over het lipje van de batterijnis en duw de beugel omlaag naar de oorspronkelijke positie. Bevestig de schroef aan de bovenkant van de beugel. Draai de schroef niet te vast. 6 Sluit de connectorkabel van de harde schijf op de hoofdprintplaat aan. Schroef Bevestigingsbeugel Connectorkabel Extra apparatuur installeren of de batterij vervangen 89 7 Plaats de onderkant van de computer weer terug en draai de acht schroeven vast in de hieronder aangegeven volgorde. Lijn de uitsparingen aan de linker- en rechterkant van de behuizing uit. Duw de onderkant van de behuizing voorzichtig omlaag om deze te bevestigen. Zorg ervoor dat de onderkant van de behuizing en het frame goed op elkaar aansluiten. Controleer de buitenste randen en de naden rondom de batterijnis. Controleer of de gaten voor de schroeven zich precies boven elkaar bevinden, zodat u zeker weet dat de onderkant op de juiste manier wordt bevestigd. 8 Plaats de batterij weer terug en draai de computer om. 2 1 7 6 4 5 8 390 Hoofdstuk 5 9 Controleer of de behuizing bij de sleuf van de optische-schijfeenheid juist is bevestigd. Als er onder de sleuf van de optische-schijfeenheid een spleet te zien is, trekt u voorzichtig de onderzijde van de sleuf naar u toe, zodat de optische-schijfeenheid correct in de behuizing wordt bevestigd en de spleet verdwijnt. 10 Sluit de lichtnetadapter en alle andere kabels weer aan. ® Sleuf optischeschijfeenheid Extra apparatuur installeren of de batterij vervangen 91 Een AirPort-kaart installeren Als er geen AirPort-kaart in de computer is geïnstalleerd, kunt u een AirPort-kaart aanschaffen bij uw Apple leverancier of via de Apple Store op www.apple.com/nlstore. Vervolgens kunt u de AirPort-kaart zelf installeren of door een door Apple erkende serviceaanbieder laten installeren. Als u een AirPort-kaart in de PowerBook wilt installeren, dient u de onderkant van de computer te verwijderen. Volg de instructies in het vorige gedeelte, “De interne harde schijf verwijderen” op pagina 82. Ga daarna als volgt te werk: 1 Als de AirPort-kaart is geleverd met een AirPort-adapter, verwijdert u de metalen klem en trekt u de AirPort-kaart uit de adapter. (De adapter en de klem zijn niet geschikt voor de PowerBook.) 2 Raak één van de metalen onderdelen in de computer aan om eventuele statische elektriciteit te ontladen. 3 Koppel de AirPort-antenne los van de antennehouder. 4 Schuif de AirPort-kaart met de AirPort-ID's en de streepjescode naar boven in de connector. AirPortantenne92 Hoofdstuk 5 Duw de kaart goed aan totdat u voelt dat deze stevig op de connector is aangesloten. 5 Sluit de AirPort-kaart aan op het uiteinde van de antennekabel. Controleer of het stekkertje aan het uiteinde van de antennekabel recht is voordat u deze op de kaart aansluit. Als de antennekabel is aangesloten, controleert u of het uiteinde van de kabel vastzit met het kleine schuifje, zoals weergegeven in de onderstaande afbeelding. 6 Schuif het plastic afdekplaatje op de AirPort-kaart over de bovenkant van de kaart. Plaats de onderkant van de computer weer terug. Volg de instructies in het vorige gedeelte, “De interne harde schijf verwijderen” vanaf pagina 85. AirPort-kaart Schuifje antenne Belangrijk Het is belangrijk dat u het plastic afdekplaatje over de kaart schuift. Als u dit niet doet, kunt u de onderkant van de computer niet goed terugplaatsen.93 H O O F D S T U K 6 6 Problemen oplossen Het kan voorkomen dat u problemen ondervindt tijdens het gebruik van de PowerBook. De oorzaak van deze problemen heeft meestal te maken met een onjuiste instelling van de programmatuur of het gebruik van programma's of extensies die niet compatibel zijn met de Mac OS-versie (de systeemprogrammatuur) op de computer. Andere minder waarschijnlijke oorzaken zijn problemen met het Mac OS (die meestal verholpen zijn nadat u de systeemprogrammatuur opnieuw hebt geïnstalleerd of hebt bijgewerkt) en problemen met de onderdelen van de computer, zoals het geheugen of de harde schijf. In de meeste gevallen zijn problemen met de computer snel en eenvoudig op te lossen. Ga in geval van een probleem na wat zich voorafgaand aan het probleem heeft voorgedaan. Om een duidelijk overzicht van de eventuele oorzaken te krijgen, is het handig om op papier te zetten welke handelingen u hebt uitgevoerd voordat het probleem optrad. Schrijf op: m met welk programma u werkte toen het probleem optrad (problemen die zich alleen voordoen wanneer u met een bepaald programma werkt, kunnen erop wijzen dat het programma niet compatibel is met de Mac OS-versie die op de computer is geïnstalleerd); m welke programmatuur u recentelijk hebt geïnstalleerd, met name programmatuur die mogelijk onderdelen aan de Systeemmap heeft toegevoegd (bij bepaalde programma's worden extensies geïnstalleerd die mogelijk niet compatibel zijn met de Mac OS-versie die op de computer is geïnstalleerd); m welke nieuwe apparatuur (zoals extra geheugen of een randapparaat) u hebt geïnstalleerd. Inhoud van dit hoofdstuk Dit hoofdstuk bevat oplossingen voor problemen met de computer waardoor u niet verder kunt werken, zoals een vastgelopen systeem of problemen met opstarten. Voor meer informatie over het oplossen van problemen raadpleegt u Mac Help (zie pagina 44) of de Support-website van Apple op www.apple.com/nl/support.94 Hoofdstuk 6 Problemen die het gebruik van de computer verhinderen De computer reageert niet of de aanwijzer kan niet meer worden verplaatst. m Druk op de Command-toets (x) en typ tegelijkertijd een punt (.). Klik in het dialoogvenster dat verschijnt op 'Annuleer'. m Als dat niet werkt, houdt u de Option-toets en de Command-toets (x) ingedrukt en drukt u vervolgens op de Escape-toets. Klik in het dialoogvenster dat verschijnt op 'Stop'. Sla vervolgens uw werk in alle openstaande programma's op en start de computer opnieuw op om te controleren of het probleem volledig is opgelost. m Als het niet lukt om het programma te verlaten, houdt u de Aan/uit-knop (®) een paar seconden ingedrukt om de computer uit te schakelen. m Als de computer dan nog steeds niet reageert, probeert u de computer opnieuw op te starten door tegelijkertijd op de Command- (x) Control- en Aan/uit-toets (®) op het toetsenbord te drukken. m Als ook dit niet lukt, probeert u het met de reset-knop op het achterpaneel van de computer (raadpleeg pagina 22). Druk de reset-knop voorzichtig in met het uiteinde van een paperclip. Controleer of de knop weer in de oorspronkelijke positie terugkeert en druk vervolgens op de Aan/uit-knop (®) om de computer opnieuw op te starten. Als u op de reset-knop hebt gedrukt, is het mogelijk dat u de datum en de tijd opnieuw moet instellen (met het regelpaneel 'Datum en tijd' (Mac OS 9) of met het paneel 'Datum en tijd' van het programma 'Systeemvoorkeuren' (Mac OS X)). Als het probleem regelmatig voorkomt, kiest u 'Mac Help' uit het Help-menu. Raadpleeg het gedeelte over het voorkomen en oplossen van problemen. Mogelijk doen zich extensieconflicten voor of moet u de systeemprogrammatuur opnieuw installeren. Als het probleem zich alleen bij een bepaald programma voordoet, informeert u bij de fabrikant van het programma of het compatibel is met de computer. De computer loopt vast tijdens het opstarten of er verschijnt een knipperend vraagteken op het scherm. m Schakel in Mac OS 9 de System-extensies uit door de computer opnieuw op te starten terwijl u de Shift-toets ingedrukt houdt. In Mac OS X worden geen System-extensies gebruikt. Om de extensies in 'Classic' uit te schakelen, gaat u als volgt te werk: m Kies in Mac OS X 'Schakel extensies uit' uit het venstermenu op het tabblad 'Geavanceerd' in het paneel 'Classic' van het programma 'Systeemvoorkeuren'. Klik op 'Herstart 'Classic''. m Als dit niet werkt, plaatst u de cd met de Mac OS 9- of Mac OS X-systeemprogrammatuur in de speler en start u de computer opnieuw op terwijl u de C-toets ingedrukt houdt. (Controleer of de Caps Lock-toets niet is ingeschakeld.)Problemen oplossen 95 Nadat de computer is opgestart, kiest u 'Mac Help' uit het Help-menu. Raadpleeg het gedeelte over het voorkomen en oplossen van problemen. Mogelijk doen zich extensieconflicten voor of dient u de systeemprogrammatuur opnieuw te installeren. Als u de PowerBook alleen met behulp van de cd kunt opstarten, dient u de systeemprogrammatuur opnieuw te installeren. Raadpleeg 'Mac Help' voor installatieinstructies of open het installatie- of herstelprogramma en volg de instructies op het scherm. De computer gaat niet aan of start niet op. m Controleer of de lichtnetadapter zowel op de computer als op een werkend stopcontact is aangesloten. m Mogelijk dient de batterij te worden opgeladen. Druk op het knopje aan de zijkant van de batterij (raadpleeg pagina 58). U ziet nu een tot vier lampjes die de batterijlading aangeven. m Als ook dit niet lukt, probeert u het met de reset-knop op het achterpaneel van de computer (raadpleeg pagina 22). Druk de reset-knop voorzichtig in met de punt van een pen. Controleer of de knop weer in de oorspronkelijke positie terugkeert nadat u erop hebt gedrukt. Opmerking: Als u op de reset-knop hebt gedrukt, is het mogelijk dat u de datum en de tijd opnieuw moet instellen (met het regelpaneel 'Datum en tijd' (Mac OS 9) of met het paneel 'Datum en tijd' van het programma 'Systeemvoorkeuren' (Mac OS X)). m Als dit niet lukt, drukt u op de Aan/uit-knop (®) en houdt u tegelijkertijd de Command- (x), Option-, P- en R-toets ingedrukt totdat u het opstartsignaal een tweede keer hoort. m Als u onlangs extra geheugen hebt geïnstalleerd, controleert u of dit onderdeel op de juiste manier is geïnstalleerd en of het geschikt is voor de computer. Controleer of de computer wel opstart nadat u het onderdeel hebt verwijderd. m Als het nog steeds niet lukt om de computer op te starten, raadpleegt u de documentatie bij de PowerBook voor informatie over service en ondersteuning door Apple.96 Hoofdstuk 6 De programmatuur herstellen Met Apple Programmatuurinstallatie wordt de inhoud van de harde schijf of partitie volledig gewist en wordt de oorspronkelijke inhoud hersteld, zoals de oorspronkelijke systeemprogrammatuur, de fabrieksinstellingen en programma's waarmee de computer is geleverd. Als u de programmatuur dient te herstellen, gebruikt u de Apple programmatuurherstel-cd's die bij de computer zijn geleverd. U dient, indien mogelijk, reservekopieën van belangrijke programma's en bestanden te maken voordat u de programmatuur herstelt. Opmerking: Als u de inhoud van de harde schijf niet wilt wissen, kunt u alleen de systeemprogrammatuur of bepaalde programma's opnieuw installeren met behulp van de programmatuurinstallatie-cd's of de programma-cd's die bij de computer zijn geleverd. Raadpleeg de handleiding Welkom bij Mac OS X voor instructies voor de installatie van Mac OS 9 en Mac OS X. 1 Controleer of u beschikt over alle Apple programmatuurherstel-cd's die bij de computer zijn geleverd. 2 Plaats de eerste programmatuurherstel-cd in de speler. 3 Start de computer opnieuw op en houd de C-toets ingedrukt, zodat de computer vanaf de cd wordt opgestart. 4 Volg de aanwijzingen op het scherm. De configuratie-assistent verschijnt om u te helpen de computer in Mac OS 9 te configureren. Als u de computer voor het eerst met Mac OS X opstart, verschijnt de configuratie-assistent om u te helpen met de configuratie van de Mac OS X-instellingen. Problemen oplossen 97 Andere problemen U hebt een probleem met een programma. m Raadpleeg de fabrikant als het programmatuur betreft van een andere fabrikant dan Apple. Vaak plaatsen fabrikanten updates van hun programmatuur op hun website. U kunt instellen dat automatisch wordt gecontroleerd of er nieuwe versies van Apple programma's beschikbaar zijn, waarna deze versies direct op de PowerBook worden geïnstalleerd. U stelt dit in met het regelpaneel 'Programmatuurupdate' (Mac OS 9) of met het paneel 'Programmatuurupdate' van het programma 'Systeemvoorkeuren' (Mac OS X). Als u meer informatie wilt, kiest u 'Mac Help' uit het Help-menu en zoekt u op 'Programmatuurupdate'. U kunt geen verbinding met het Internet tot stand brengen. m Controleer of de telefoonlijn of netwerkkabel goed zijn aangesloten en geen mankementen vertonen. m Als u gebruikmaakt van een inbelverbinding, controleert u of de telefoonkabel juist is aangesloten op de modempoort (aangeduid met het symbool W) en niet op de Ethernetpoort (aangeduid met het symbool G). m Kies 'Mac Help' uit het Help-menu. Hierin wordt beschreven waar u de Internetinstellingen en gegevens over uw Internet-aanbieder kunt vinden (als u een Internetaccount hebt aangemaakt met behulp van de Internet-configuratie-assistent). U hebt een probleem met het gebruik van de computer of het Mac OS. m Raadpleeg 'Mac Help' als u het antwoord op uw vragen niet in deze handleiding vindt. m Raadpleeg de Apple Support-website op www.apple.com/nl/support voor de laatste informatie over het oplossen van problemen en het bijwerken van programmatuur. U vermoedt dat er problemen zijn met de apparatuur van de computer. m Met behulp van de Apple Hardware Test-cd kunt u vaststellen of er een probleem is met een van de onderdelen van de computer, zoals het geheugen of de processor. Het serienummer U vindt het serienummer van de PowerBook aan de binnenzijde van de batterijnis. Raadpleeg “De batterij verwijderen of vervangen” op pagina 59 voor meer informatie over het verwijderen van de batterij.99 B I J L A G E A A Specificaties Dit gedeelte bevat algemene productspecificaties. U vindt meer informatie via het programma Apple Systeemprofiel op de harde schijf, en op het Internet op www.apple.com/ nl/powerbook en www.apple.com/nl/support. Apple Systeemprofiel In Apple Systeemprofiel vindt u gedetailleerde informatie over uw specifieke PowerBook, zoals de hoeveelheid geheugen, de grootte van de harde schijf, de aangesloten apparatuur en het serienummer. U krijgt als volgt toegang tot de informatie in Apple Systeemprofiel: m Kies in Mac OS 9 'Apple Systeemprofiel' uit het Apple-menu (K). m Open in Mac OS X 'Apple System Profiler' in de map 'Utilities' in de map 'Applications'. Klik op de driehoekjes in het venster om de informatie van de verschillende categorieën te tonen of te verbergen.100 Bijlage A Specificaties van de PowerBook Processor, geheugen en harde schijf m Processor: PowerPC G4-processor van minimaal 550 MHz m Geheugen: minimaal 128 MB; maximaal 1 GB m Harde schijf: minimaal 20 GB Videogeheugen en videocontroller m Videogeheugen: 16 MB DDR SDRAM m Videocontroller: ATI Mobility Radeon Modem m Modemstandaards: K56flex en V.90 m Modemsnelheid: 56 Kbps (kilobit per seconde) Opmerking: De werkelijke downloadsnelheden kunnen variëren, afhankelijk van de verbinding en de modemcapaciteit van uw Internet-aanbieder. Conform de Amerikaanse FCC-regels is de maximale overdrachtsnelheid 53 Kbps. AirPort-kaart m Draadloze gegevenssnelheid: tot 11 Mbps (megabit per seconde) m Bereik: maximaal 45 meter bij normaal gebruik (afhankelijk van het type gebouw) m Frequentieband: 2,4 GHZ Lichtnetadapter m Ingangsspanning: 100–240 V wisselstroom, 50/60 Hz m Uitgangsspanning: 24 V gelijkstroom, 1,875 A Batterij m Uitgangsspanning: 14,4 V gelijkstroom m Capaciteit: 3840 mAh (milliampère-uur)Specificaties 101 Extern beeldscherm in de modus voor een extra groot bureaublad of in de modus 'Synchrone weergave' Wanneer het beeldscherm is ingesteld op miljoenen kleuren in de resolutie 1152 x 768, ondersteunt een extern VGA-beeldscherm de volgende resoluties: m Miljoenen kleuren: 640 x 480, 640 x 870, 800 x 600, 832 x 624, 1024 x 768, 1152 x 870, 1280 x 960, 1280 x 1024 en 1600 x 1200 m Duizenden kleuren: 1280 x 960, 1280 x 1024, 1600 x 1200, 1792 x 1344, 1856 x 1392 en 1920 x 1440 Wanneer u in synchrone weergave een hogere resolutie kiest dan 1152 x 768, wordt het beeld op het externe beeldscherm verkleind (het beeldscherm wordt niet volledig gevuld) zodat het even groot is als de weergave in 1152 x 768 op het interne beeldscherm. Extern beeldscherm bij een dichtgeklapt beeldscherm Als het scherm van de PowerBook is dichtgeklapt, ondersteunt een extern VGA-beeldscherm de volgende resoluties: m Miljoenen kleuren: 640 x 480, 800 x 600, 1024 x 768, 1152 x 870, 1280 x 960, 1280 x 1024, 1600 x 1200, 1792 x 1344, 1856 x 1392 en 1920 x 1440 m Duizenden kleuren: 1792 x 1344, 1856 x 1392 en 1920 x 1440 Externe S-Video of Composite Video (NTSC) Een extern NTSC-videoapparaat of -televisietoestel ondersteunt de volgende resoluties: m Miljoenen kleuren: 640 x 480, 720 x 480 (alleen NTSC), 800 x 600, 832 x 624 en 1024 x 768 bij 60 Hz102 Bijlage A Externe S-Video of Composite Video (PAL) Een extern PAL-videoapparaat of -televisietoestel ondersteunt de volgende resoluties: m Miljoenen kleuren: 640 x 480, 720 x 576, 800 x 600, 832 x 624 en 1024 x 768 bij 50 Hz Opmerking: Het afspelen van dvd-films op een extern beeldscherm of televisietoestel vermindert het beschikbare geheugen voor het beeldscherm. Bij bepaalde hogere resoluties zijn mogelijk minder kleuren beschikbaar. Afmetingen en gewicht m Hoogte: 2,6 cm m Breedte: 34,1 cm m Diepte: 24,1 cm m Gewicht: 2,4 kg Opmerking: het gewicht kan variëren, afhankelijk van de configuratie van de computer en het fabricageproces. Omgeving m Temperatuur bij gebruik: 10 tot 35˚C m Temperatuur bij opslag: –25 tot 60˚C m Hoogte: maximaal 3048 m m Hoogte bij transport: maximaal 10.668 m m Relatieve vochtigheid: 20% tot 80% (niet-condenserend)103 B I J L A G E B B Informatie over onderhoud, gebruik en veiligheid De PowerBook schoonmaken Om de computer en andere systeemonderdelen aan de buitenkant schoon te maken, volgt u de onderstaande richtlijnen: m Gebruik een vochtige, zachte, pluisvrije doek. Zorg dat er geen vocht in de behuizing terechtkomt. m Gebruik geen spuitbussen, oplosmiddelen of schuurmiddelen. Het beeldscherm schoonmaken U maakt het beeldscherm van de PowerBook als volgt schoon: m Zet de PowerBook uit. m Maak een schone, zachte en pluisvrije doek of een stuk keukenpapier vochtig met water en wrijf het scherm schoon. Spuit nooit vloeistof rechtstreeks op het scherm. De PowerBook vervoeren Als u de PowerBook in een tas of koffer vervoert, dient u erop te letten dat zich hierin geen losse voorwerpen bevinden, zoals paperclips of munten, die via de dvd-sleuf in de computer terecht kunnen komen. De PowerBook opbergen Als u de PowerBook voor langere tijd opbergt, voert u een van de volgende handelingen uit om te voorkomen dat de batterij volledig leeg raakt: m Houd de lichtnetadapter aangesloten. m Laad de batterij volledig op voordat u de computer opbergt.104 Bijlage B m Laad de batterij volledig op en verwijder deze vervolgens uit de PowerBook als u deze opbergt. (Dit is vooral van belang als u de computer meer dan vijf maanden niet zult gebruiken.) Aanwijzingen voor de installatie en het gebruik van de computer De lichtnetadapter aansluiten Zorg dat de luchtcirculatie rond de lichtnetadapter niet wordt belemmerd. Plaats de apparatuur daarom tijdens het werken niet in een besloten ruimte. Verwijder de lichtnetadapter en de batterij voordat u de computer opent om geheugen te installeren of de harde schijf te verwijderen. Een telefoonlijn op de interne modem aansluiten Verwijder de telefoonkabel voordat u de computer opent om geheugen te installeren of de harde schijf te verwijderen. De PowerBook gebruiken Wanneer u met de PowerBook werkt of de batterij oplaadt, wordt de onderzijde van de behuizing warm. De onderzijde van de behuizing fungeert als een koelvlak waarlangs warmte die in de computer is ontstaan, wordt afgevoerd naar buiten. Er is ruimte aan de onderkant van de behuizing vrijgelaten, zodat er lucht kan circuleren en de normale werktemperatuur van de computer kan worden gehandhaafd. Attentie Gebruik alleen de adapter die bij de PowerBook is geleverd. Adapters voor andere elektrische apparaten, zoals andere typen PowerBook-computers en andere draagbare computers, zien er misschien hetzelfde uit, maar kunnen schade veroorzaken aan de computer. De lichtnetadapter die bij de PowerBook is geleverd, is uitgerust met een randgeaarde netstekker. Gebruik uit veiligheidsoverwegingen uitsluitend een geaard stopcontact. Het gebruik van de randgeaarde stekker is van wezenlijk belang voor uw veiligheid. Attentie Sluit geen digitale telefoonlijn aan op de modem. Hierdoor kan de modem beschadigd raken. Attentie Plaats de PowerBook niet op een kussen of een ander zacht voorwerp als de computer is ingeschakeld. Zacht materiaal kan de ventilatieopeningen blokkeren, waardoor de computer oververhit kan raken. Informatie over onderhoud, gebruik en veiligheid 105 Belangrijke wenken voor uw veiligheid Om uzelf en de apparatuur te beschermen, dient u de onderstaande voorzorgsmaatregelen in acht te nemen. Koppel het netsnoer los (houd de kabel hierbij altijd vast aan de stekker en niet aan het snoer), verwijder de batterij uit de uitbreidingsnis en verwijder de telefoonkabel wanneer: m u onderdelen wilt verwijderen (sluit de snoeren pas weer aan als u het toetsenbord weer hebt bevestigd); m het netsnoer gerafeld of anderszins is beschadigd; m u iets in de behuizing hebt gemorst; m de computer aan regen of andere zeer vochtige omstandigheden is blootgesteld; m u de computer hebt laten vallen of de behuizing op een andere manier is beschadigd; m u vermoedt dat uw computer onderhoud nodig heeft of gerepareerd dient te worden; m u de behuizing schoon wilt maken (volg hierbij altijd de eerder beschreven methode). Onthoud het volgende: m Gebruik de computer niet in vochtige ruimten, zoals doucheruimtes. m Gebruik de computer niet onder vochtige weersomstandigheden, zoals regen of sneeuw. m Lees de installatie-instructies grondig door voordat u de computer op het lichtnet aansluit. m Zorg dat u deze informatie altijd binnen handbereik hebt. m Volg alle instructies en waarschuwingen die betrekking hebben op de computer. Attentie Zet de computer nooit aan voordat alle interne en externe onderdelen zich weer op hun plaats bevinden en de computer is gesloten. Wanneer de computer is geopend of wanneer er onderdelen ontbreken, kan dat gevaar opleveren voor de gebruiker of schade aan de computer veroorzaken. Belangrijk De enige manier om de stroomvoorziening volledig te onderbreken is door het netsnoer, de telefoonkabel en de batterij te verwijderen. Zorg ervoor dat een van de uiteinden van het netsnoer zich altijd binnen handbereik bevindt zodat u deze, indien nodig, kunt loskoppelen. Attentie Elektrische apparatuur kan gevaarlijk zijn bij onoordeelkundig gebruik. Zorg dat kinderen nooit zonder toezicht van een volwassene met dit apparaat werken. Voorkom dat kinderen toegang hebben tot het binnenwerk van elektrische apparaten en laat hen nooit netsnoeren aansluiten.106 Bijlage B Uw werkplek inrichten Toetsenbord en stuurvlak Houd uw schouders ontspannen wanneer u het toetsenbord en stuurvlak gebruikt. Zorg dat uw boven- en onderarm een bijna rechte hoek vormen en dat uw hand en pols in een vrijwel rechte lijn liggen. Sla de toetsen op het toetsenbord licht aan en houd uw handen en vingers ontspannen wanneer u het toetsenbord en het stuurvlak bedient. Vouw uw duimen niet onder uw handpalmen. Verander tijdens het werken regelmatig de positie van uw handen om vermoeidheid te voorkomen. Als u intensief met een computer werkt en weinig pauzes inlast, kunt u na verloop van tijd last krijgen van uw armen, polsen of handen. Raadpleeg een arts als u merkt dat u last krijgt van chronische pijn in armen, polsen of handen. Stoel Ideaal is een verstelbare stoel die veel steun biedt. Stel de hoogte van uw stoel zo in dat uw heupen horizontaal zijn en uw voeten plat op de vloer rusten. De rugleuning van de stoel dient veel steun te bieden aan de onderrug. Volg de instructies van de fabrikant voor de juiste afstelling van de rugleuning. Attentie Duw geen voorwerpen door de openingen in de behuizing naar binnen. Dit kan gevaar opleveren, brand veroorzaken of een gevaarlijke elektrische schok tot gevolg hebben. Zo Niet zo Zo Niet zo Informatie over onderhoud, gebruik en veiligheid 107 Het is mogelijk dat u uw stoel in hoogte moet verstellen om uw onderarm en hand in de juiste stand ten opzichte van het toetsenbord te brengen. Als het hierdoor niet meer mogelijk is om uw voeten plat op de vloer te laten rusten, kunt u een voetenbankje gebruiken. U kunt natuurlijk ook het werkblad verlagen, als dit mogelijk is. Een andere mogelijkheid is het gebruik van een bureau met een apart, verstelbaar segment voor het toetsenbord. Muis Als u een muis gebruikt, plaatst u deze op dezelfde hoogte als het toetsenbord. Zorg dat u voldoende ruimte hebt om de muis te bedienen. Intern beeldscherm Stel de hoek van het beeldscherm zo in dat verlichting en ramen er zo min mogelijk in worden weerspiegeld. Het kan nodig zijn de helderheid en het contrast aan te passen wanneer u de computer in een andere omgeving gebruikt of wanneer het licht in uw werkruimte verandert. Meer informatie Raadpleeg voor meer informatie de website op www.apple.com/about/ergonomics (Engelstalig).Regelgeving inzake communicatie, telefoon en modem Voor meer informatie over de FCC-regelgeving, informatie over storing op radio en televisie en informatie over telefoon en modem met betrekking tot dit product raadpleegt u de bestanden in de map 'Info communicatieregelgeving' in de map 'Documenten' op de harde schijf. Laserinformatie Demonteer nooit het kastje waarin de laser zich bevindt. De laserstraal die in dit product wordt gebruikt, is schadelijk voor de ogen. Het gebruik van optische instrumenten, zoals vergrootglazen, verhoogt het risico voor uw ogen. Laat in het belang van uw eigen veiligheid onderhoud en reparatie van uw apparatuur over aan een door Apple erkende serviceaanbieder. Uw computer is een Klasse 1-laserproduct. Dit wordt aangegeven door middel van het Klasse 1-etiket op een voor de gebruiker toegankelijke plaats. Er bevindt zich een waarschuwingsetiket op een voor serviceaanbieder toegankelijke plaats. Het kan zijn dat de etiketten er in werkelijkheid iets anders uitzien dan in de onderstaande afbeeldingen. Technische specificaties van de laser Laser op opnameapparaat (bij het lezen van een cd) m Soort: halfgeleider GaAlAs-laser m Golflengte: 790 nm m Vermogen uit objectieflens: 3,3 mW m Straaldivergentie: horizontaal 12°, verticaal 35° Laser (bij lezen dvd-schijf ) m Soort: halfgeleiderlaser, GaAs m Golflengte: 658 nm m Vermogen uit objectieflens: 6 mW m Straaldivergentie: horizontaal 8,5°, verticaal 27° Activiteiten met een verhoogd risico Deze computer is niet bedoeld voor gebruik bij de bediening van nucleaire installaties, navigatie- of communicatiesystemen voor de luchtvaart of apparatuur voor luchtverkeersleiding, of in andere situaties waarin problemen met het gebruik van de Apple programmatuur kunnen leiden tot de dood, persoonlijk letsel of ernstige schade aan zaken of het milieu. ENERGY STAR® Als ENERGY STAR®-partner heeft Apple vastgesteld dat de standaarduitvoeringen van dit product die gebruikmaken van het besturingssysteem Mac OS 9 voldoen aan de ENERGY STAR®-richtlijnen voor energiezuinige apparaten. Het ENERGY STAR®-programma is een samenwerkingsverband tussen overheid en fabrikanten van kantoorapparatuur, dat is gericht op energiebesparing. Energiebesparende kantoorproducten zijn zuiniger en zorgen voor minder milieuvervuiling als gevolg van minder verspilde energie. ATTENTIE Wanneer u aanpassingen aanbrengt of procedures uitvoert die niet worden beschreven in de handleiding bij het apparaat, kan er gevaarlijke straling vrijkomen. Klasse 1-etiket Waarschuwingsetiket AirPort Express คู่มือการติดตั้งสารบัญ 5 เริ่มต้นใช้งาน 7 พอร์ตบน AirPort Express ของคุณ 9 ไฟสถานะ AirPort Express 10 การใช้AirPort Express 10 เครือข่าย AirPort Express 12 การติดตั้ง AirPort Express 12 ความต้องการของระบบ 14 การติดตั้ง AirPort Express 14 การตั้งค่าตัวเลือกขั้นสูง 16 การใช้AirPort Express เพื่อกระจายเพลง 18 เทคนิคและวิธีแก้ไข 18 สถานที่ที่ดีที่สุดสำาหรับ AirPort Express4 19 การหลีกเลี่ยงการรบกวน 19 ปัญหาและวิธีแก้ปัญหา 25 การเรียนรู้เพิ่มเติม บริการ และการสนับสนุน 25 ความช่วยเหลือบนหน้าจอในเครื่องคอมพิวเตอร์ของคุณ 25 แหล่งข้อมูลออนไลน์ 26 การบริการสำาหรับการรับประกันที่ได้รับ 26 การค้นหาหมายเลขประจำาเครื่องของ AirPort Express 27 ข้อมูลจำาเพาะและข้อมูลความปลอดภัย 28 เทคนิคความปลอดภัยของ AirPort Express 30 Regulatory Compliance Information1 5 เริ่มต้นใช้งาน AirPort Express ได้จัดเตรียมการทำางานที่อยู่ได้บนสองย่านความถี่พร้อมๆ กันของเครือข่ายไร้สาย มาตรฐาน 802.11n สำาหรับทุกๆ อุปกรณ์ไร้สายของ คุณ รวมถึงเครื่อง Mac และ Windows และอุปกรณ์iOS เช่น iPad, iPhone, iPod touch และ Apple TV เมื่อคุณติดตั้งสถานีฐาน AirPort Express ของคุณแล้ว เครื่องจะสร้างเครือ ข่าย Wi-Fi ความเร็วสูงทั้งสองแบบขึ้น:  เครือข่าย 2.4 กิกะเฮิรตซ์(GHz) สำาหรับอุปกรณ์แบบ 802.11b, 802.11g และ 802.11n เช่น iPhone, iPod touch และคอมพิวเตอร์รุ่นเก่า  เครือข่าย 5 GHz สำาหรับอุปกรณ์แบบ 802.11n และ 802.11a ไม่ว่าเครือข่ายไหนก็ตามที่อุปกรณ์ไร้สายของคุณเข้าเชื่อมจะใช้งานได้เต็ม ประสิทธิภาพและเหมาะสมที่สุด คุณสามารถใช้AirPort Express เพื่อแบ่งปันการเชื่อมต่ออินเทอร์เน็ตของคุณ กับอุปกรณ์ไร้สายบนเครือข่าย แบ่งปันเครื่องพิมพ์แบบเครือข่าย และเชื่อมต่อ ไปยังอุปกรณ์อื่นๆ AirPort Express ยังมาพร้อมกับ AirPlay ที่ง่ายในการเล่นเพลงใน iTunes ผ่านสเตอริโอหรือลำาโพงระยะไกลในบ้านของคุณได้6 บท 1 เริ่มต้นใช้งาน ปุ่มรีเซ็ต WAN อีเธอร์เน็ต USB สัญญาณเสียงออก ออปติคอลแบบอะนาล็อค กระแสไฟ สายไฟ (สายไฟของคุณอาจดูแตกต่าง) ไฟแสดงสถานะ ไฟแสดงสถานะ การเชื่อมต่อบท 1 เริ่มต้นใช้งาน 7 พอร์ตบน AirPort Express ของคุณ AirPort Express ประกอบด้วยห้าพอร์ตที่ด้านหลัง: < พอร์ตเครือข่าย Ethernet แบบกว้าง (WAN) มาตรฐาน 10/100Base-T สำาหรับการเชื่อมต่อ DSL หรือเคเบิลโมเด็ม หรือการเชื่อมต่อเครือข่าย Ethernet ที่มีอยู่แล้ว G พอร์ตเครือข่าย Ethernet แบบเฉพาะที่ (LAN) มาตรฐาน 10/100Base-T สำาหรับการเชื่อมต่ออุปกรณ์Ethernet เช่น เครื่องพิมพ์หรือคอมพิวเตอร์ หรือการเชื่อมต่อเครือข่าย Ethernet ที่มีอยู่แล้ว d พอร์ต USB สำาหรับการเชื่อมต่อเครื่องพิมพ์แบบ USB - มินิแจ็คเสียงสเตอริโอออปติคอลแบบอะนาล็อคและดิจิตอล สำาหรับการเชื่อมต่อ AirPort Express ไปยังสเตอริโอหรือลำาโพง พอร์ตกระแสไฟ สำาหรับการเชื่อมต่อ AirPort Express เข้ากับแหล่งจ่ายไฟเอซี ถัดจากพอร์ตเหล่านี้จะเป็นปุ่มรีเซ็ทสำาหรับการแก้ไขปัญหา AirPort Express ของคุณ ไฟสถานะที่ด้านหน้าของ AirPort Express จะแสดงสถานะปัจจุบัน8 บท 1 เริ่มต้นใช้งาน ก่อนคุณเสียบปลัก๊ AirPort Express ของคุณ อันดับแรกนั้นให้เชื่อมต่อเคเบิล ไปยังพอร์ตที่ต้องการใช้งานอย่างเหมาะสม รวมถึง:  การเชื่อมต่อเคเบิล Ethernet ของ DSL หรือเคเบิลโมเด็มไปยังพอร์ต WAN (ถ้าคุณจะเชื่อมต่ออินเตอร์เน็ต)  การเชื่อมต่อเคเบิลเสียงของสเตอริโอไปยังพอร์ตส่งออกเสียง (ถ้าคุณจะใช้ AirPlay เพื่อเล่นเพลงจากคลัง iTunes ของคุณ)  การเชื่อมต่อเคเบิลเครื่องพิมพ์แบบ USB หรือ Ethernet ไปยังพอร์ต USB หรือ Ethernet (ถ้าคุณจะพิมพ์งานไปยังเครื่องพิมพ์โดยใช้AirPort Express) หลังจากคุณเชื่อมต่อเคเบิลสำาหรับทุกๆ อุปกรณ์ที่คุณจะใช้งานแล้ว ให้เสียบ ปลักไฟ ๊ AirPort Express ลงในพอร์ตกระแสไฟและแหล่งจ่ายไฟภายนอก ซึ่ง เครื่องจะไม่มีสวิตช์เปิดหรือปิด เมื่อคุณเสียบปลักไฟ ๊ AirPort Express ไปยังแหล่งจ่ายไฟภายนอก ไฟสถานะ จะเรืองแสงเป็นสีเหลืองอำาพันระหว่างเริ่มต้น และจากนั้นจะกระพริบระหว่างการ ติดตั้ง ไฟสถานะจะเป็นสีเขียวหลังจาก AirPort Express ของคุณได้ติดตั้งและ เชื่อมต่อไปยังอินเทอร์เน็ตหรือเครือข่ายแล้วบท 1 เริ่มต้นใช้งาน 9 ไฟสถานะ AirPort Express ตารางต่อไปนี้จะอธิบายถึงไฟสถานะ AirPort Express ตามลำาดับและ ความหมายของแสงไฟ แสง สถานะ/คำาอธิบาย ปิด AirPort Express ถูกถอดปลักอยู่ ๊ สีเขียวทึบ AirPort Express ถูกเปิดและทำางานอย่างเหมาะสม สีเหลืองอำาพันแบบ กระพริบ AirPort Express ยังไม่ได้ติดตั้งหรือไม่สามารถสร้างการ เชื่อมต่อไปยังเครือข่ายหรืออินเทอร์เน็ตได้ใช้ยูทิลิตี้AirPort เพื่อค้นหากรณีอื่นๆ นอกจากนี้โปรดดู“ถ้าไฟสถานะ AirPort Express กระพริบสีเหลืองอำาพัน” ในหน้า 23 สีเหลืองอำาพันทึบ AirPort Express กำาลังเริ่มต้นใช้งาน กระพริบสีเหลืองอำาพัน และเขียว เครื่องอาจประสบปัญหาในการเริ่มต้นใช้งาน AirPort Express จะเริ่มต้นใช้งานและพยายามดำาเนินการใหม่อีกครั้ง10 บท 1 เริ่มต้นใช้งาน การใช้AirPort Express สำาหรับ AirPort Express คุณสามารถ:  สร้างรหัสผ่านเพื่อป้องกันเครือข่ายไร้สายของบ้านคุณ และจากนั้นเชื่อมต่อ อินเทอร์เน็ตและแบ่งปันการเชื่อมต่ออินเทอร์เน็ตกับคอมพิวเตอร์และอุปกรณ์ ไร้สายอื่นๆ เช่น iPad, iPhone และ Apple TV ได้  สร้างเครือข่ายอิสระที่มีหรือไม่มีการป้องกันด้วยรหัสผ่าน เพื่อให้เพื่อนหรือ ผู้มาเยี่ยมเยียนคุณได้เข้าถึงอินเทอร์เน็ตได้อย่างไร้สาย อุปกรณ์ที่เชื่อมต่อไป ยังเครือข่ายอิสระเท่านั้นที่สามารถเข้าถึงอินเทอร์เน็ต  เชื่อมต่อ AirPort Express ของคุณไปยังเครือข่าย Ethernet คอมพิวเตอร์ Mac และ Windows ที่มีอุปกรณ์ไร้สายและอุปกรณ์ไร้สายอื่นๆ จะสามารถ เข้าถึงเครือข่ายโดยไม่ต้องใช้งานสายเคเบิลได้  เชื่อมต่ออุปกรณ์USB หรือ Ethernet เช่น เครื่องพิมพ์ไปยัง AirPort Express ของคุณ คอมพิวเตอร์ทั้งหมดที่อยู่บนเครือข่าย AirPort จะสามารถ เข้าถึงอุปกรณ์ได้  เชื่อมต่อสเตอริโอหรือลำาโพงของคุณไปยัง AirPort Express และจากนั้นใช้ AirPlay เพื่อเล่นคลัง iTunes ของคุณจากคอมพิวเตอร์หรืออุปกรณ์iOS เครือข่าย AirPort Express แผนภาพต่อไปนี้จะแสดงถึง AirPort Express ที่เชื่อมต่อไปยังอินเทอร์เน็ต โดยโมเด็มและการสร้างเครือข่ายไร้สายความถี่ 2.4 และ 5 GHz AirPort Express ที่เชื่อมต่อไปยังลำาโพง ซึ่งคอมพิวเตอร์หรืออุปกรณ์iOS อื่นๆ บน เครือข่ายสามารถเล่นเพลงผ่านลำาโพงนี้ได้โดยใช้AirPlay เครื่องยังถูกเชื่อมบท 1 เริ่มต้นใช้งาน 11 ต่อไปยังเครื่องพิมพ์แบบเครือข่ายโดยใช้Ethernet ดังนั้นคอมพิวเตอร์ทั้งหมด บนเครือข่ายจะสามารถพิมพ์งานไปยังเครื่องพิมพ์นั้นได้ คอมพิวเตอร์ หรือ iPad iPhone หรือ iPod touch ไปยังอินเทอร์เน็ต เครื่องพิมพ์เครือข่าย เคเบิล/DSL โมเด็ม 2.4 หรือ 5 GHz AirPort Express 2.4 GHz ลำโพงแบบมีภาคขยายเสียงในตัว ไปยังพอร์ต LAN แบบอีเธอร์เน็ต ไปยังพอร์ต WAN แบบอีเธอร์เน็ต ไปยังพอร์ตสัญญาณเสียงออก โปรดดูบทถัดไป “การติดตั้ง AirPort Express” เพื่อค้นหาวิธีใช้ซอฟต์แวร์ AirPort บนคอมพิวเตอร์หรืออุปกรณ์iOS ของคุณเพื่อติดตั้ง AirPort Express และเครือข่ายไร้สาย2 12 การติดตั้ง AirPort Express ใช้ยูทิลิตี้AirPort บนคอมพิวเตอร์หรือการตั้งค่า Wi-Fi บนอุปกรณ์iOS ของ คุณเพื่อปฏิบัติอย่างใดอย่างหนึ่งต่อไปนี้:  การติดตั้ง AirPort Express ของคุณเพื่อสร้างเครือข่ายใหม่ที่คอมพิวเตอร์ และอุปกรณ์สามารถใช้การเชื่อมต่ออินเทอร์เน็ตได้อย่างไร้สาย  การติดตั้ง AirPort Express ของคุณเพื่อเข้าเชื่อมเครือข่ายที่มีอยู่ ถ้า เครือข่ายถูกเชื่อมต่ออินเทอร์เน็ต คอมพิวเตอร์และอุปกรณ์ไร้สายทั้งหมดบน เครือข่าย AirPort จะสามารถใช้การเชื่อมต่ออินเทอร์เน็ตได้ถ้าเครือข่ายได้ ถูกติดตั้งเพื่อขยายออกไป AirPort Express จะสามารถขยายช่วงของ เครือข่ายได้ คุณสามารถปฏิบัติได้ทั้งหมดสำาหรับส่วนพื้นฐานของการติดตั้งเครือข่ายและ การตั้งค่าด้วยผู้ช่วยการตั้งค่าในยูทิลิตี้AirPort บนเครื่อง Mac หรือ Windows หรือการตั้งค่า Wi-Fi บนอุปกรณ์iOS ของคุณ สำาหรับจัดการเครือข่ายและตั้ง ค่าตัวเลือกขั้นสูงของคุณ โปรดดู“การตั้งค่าตัวเลือกขั้นสูง” ในหน้า 14 ความต้องการของระบบ สำาหรับการติดตั้ง AirPort Express โดยใช้Mac คุณจำาเป็นต้องมี:  เครื่อง Mac ที่ประกอบด้วยการ์ด AirPort ติดตั้งอยู่ (เพื่อติดตั้งอย่างไร้สาย) หรือเครื่อง Mac ที่เชื่อมต่อไปยัง AirPort Express ที่ประกอบด้วยเคเบิล Ethernet (เพื่อติดตั้งโดยใช้Ethernet)บท 2 การติดตั้ง AirPort Express 13  Mac OS X เวอร์ชั่น 10.5.7 หรือใหม่กว่า  ยูทิลิตี้AirPort เวอร์ชั่น 5.6.1 หรือใหม่กว่า ใช้อัปเดตซอฟต์แวร์เพื่อขอรับเวอร์ชั่นล่าสุดของยูทิลิตี้AirPort สำาหรับการติดตั้ง AirPort Express โดยใช้Windows PC คุณจำาเป็นต้องมี:  เครื่อง Windows ที่ประกอบด้วยตัวประมวลผลความเร็ว 300 MHz หรือสูง กว่า และ Wi-Fi ที่รองรับความสามารถแบบไร้สาย (เพื่อติดตั้งอย่างไร้สาย) หรือเครื่อง Windows ที่เชื่อมต่อไปยัง AirPort Express ที่ประกอบด้วย เคเบิล Ethernet (เพื่อติดตั้งโดยใช้Ethernet)  Windows 7 (SP1)  ยูทิลิตี้AirPort สำาหรับ Windows เวอร์ชั่น 5.6.1 หรือใหม่กว่า สำาหรับการติดตั้ง AirPort Express โดยใช้อุปกรณ์iOS คุณจำาเป็นต้องมี:  iPad, iPhone หรือ iPod touch ที่มีiOS 5 หรือใหม่กว่า คุณจำาเป็นต้องใช้งาน iTunes เวอร์ชั่น 10.4 หรือใหม่กว่าในการเล่นเสียงจาก คอมพิวเตอร์ไปยังสเตอริโอที่เชื่อมต่อกับ AirPort Express คุณสามารถใช้AirPort Express กับอุปกรณ์ไร้สายใดๆ ที่รองรับการใช้งาน Wi-Fi ได้ ถ้าคุณกำาลังใช้งาน AirPort Express เพื่อเชื่อมต่ออินเทอร์เน็ต คุณจำาเป็นต้อง มีบัญชีบรอดแบนด์(DSL หรือเคเบิลโมเด็ม) ที่มีผู้ให้บริการอินเทอร์เน็ตหรือ การเชื่อมต่ออินเทอร์เน็ตโดยใช้เครือข่าย Ethernet ที่มีอยู่แล้ว ถ้าคุณได้รับ ข้อมูลจากผู้ให้บริการของคุณ เช่น ที่อยู่ IP แบบคงที่หรือชื่อผู้ใช้และรหัสผ่าน ของ PPPoE คุณอาจจำาเป็นต้องป้อนข้อมูลดังกล่าวด้วย โปรดเตรียมข้อมูล เหล่านี้ให้พร้อมใช้งานก่อนเริ่มต้นการติดตั้ง AirPort Express ของคุณ14 บท 2 การติดตั้ง AirPort Express การติดตั้ง AirPort Express สำาหรับการติดตั้ง AirPort Express โดยใช้คอมพิวเตอร์: 1 เปิดยูทิลิตี้AirPort ซึ่งจะอยู่ใน /แอปพลิเคชั่น/ยูทิลิตี้/ บนเครื่อง Mac และ ในโปรแกรมทั้งหมดบนเครื่อง Windows 2 เลือก AirPort Express ของคุณและคลิกต่อไป 3 ปฏิบัติตามขั้นตอนบนหน้าจอสำาหรับการสร้างเครือข่ายใหม่หรือเข้าเชื่อมเครือ ข่ายที่มีอยู่แล้ว ถ้าคุณกำาลังใช้Mac OS X คุณสามารถใช้เมนูสถานะ Wi-Fi ในแถบเมนูเพื่อ เลือก AirPort Express ของคุณ เมื่อคุณเลือกแล้ว ยูทิลิตี้AirPort จะเปิดขึ้น เพื่อติดตั้ง AirPort Express ของคุณ สำาหรับการติดตั้ง AirPort Express โดยใช้อุปกรณ์iOS: 1 แตะตั้งค่าบนหน้าจอโฮม และจากนั้นแตะ Wi-Fi 2 แตะชื่อ AirPort Express ของคุณ 3 ปฏิบัติตามขั้นตอนบนหน้าจอสำาหรับการสร้างเครือข่ายใหม่หรือเข้าเชื่อมเครือ ข่ายที่มีอยู่แล้ว การตั้งค่า Wi-Fi จะสามารถใช้เพื่อติดตั้ง AirPort Express ที่ยังไม่ถูกตั้งค่า เท่านั้น การตั้งค่าตัวเลือกขั้นสูง สำาหรับตั้งค่าตัวเลือกขั้นสูง ให้ใช้ยูทิลิตี้AirPort บนคอมพิวเตอร์หรือดาวน์ โหลดยูทิลิตี้AirPort จาก App Store คุณสามารถกำาหนดการตั้งค่าขั้นสูง ได้เช่น การเลือกช่องสัญญาณไร้สาย เครือข่ายแบบปิด การควบคุมการเข้าถึงบท 2 การติดตั้ง AirPort Express 15 บัญชีผู้ใช้งาน ตัวเลือกความปลอดภัย และอื่นๆ อีกมากมาย สำาหรับตั้งค่าตัวเลือกขั้นสูงหรือทำาการเปลี่ยนแปลงค่าไปยังเครือข่ายที่ติดตั้งไว้ เรียบร้อยแล้ว: 1 เลือกเครือข่ายไร้สายที่ต้องการเปลี่ยน  บนเครื่อง Mac ให้ใช้เมนูสถานะ Wi-Fi ในแถบเมนู  บนเครื่อง Windows ให้ชี้ค้างไว้เหนือไอคอนการเชื่อมต่อไร้สายจนกระทั่ง คุณพบชื่อเครือข่าย AirPort (SSID) และเลือกจากรายการถ้าปรากฏหลายๆ เครือข่ายที่สามารถใช้งานได้  บนอุปกรณ์iOS ให้เลือกเครือข่ายในตั้งค่า Wi-Fi ถ้าคุณไม่ได้ติดตั้ง AirPort Express ของคุณไว้โดยทั่วไปแล้วชื่อของเครือ ข่ายสำาหรับสถานีฐานของ Apple จะเป็น AirPortNetWork xxxxxx โดยที่ xxxxxx คือตัวเลขหกตำาแหน่งสุดท้ายของ AirPort ID 2 เปิดยูทิลิตี้AirPort 3 ถ้าปรากฏสถานีฐานมากกว่าหนึ่งสถานีในรายการ ให้เลือกอันใดอันหนึ่งที่ ต้องการ ถ้าคุณไม่พบสถานีฐาน ให้คลิกสแกนใหม่ 4 ถ้าคุณพบหน้าต่างโต้ตอบสำาหรับรหัสผ่าน ให้ป้อนรหัสผ่านที่เกี่ยวข้อง 5 ปรับเปลี่ยนการตั้งค่าที่ต้องการเพื่อเปลี่ยนแปลง AirPort Express หรือเครือ ข่ายของคุณ สำาหรับอื่นๆ เกี่ยวกับเครือข่ายไร้สายและคุณสมบัติพิเศษของยูทิลิตี้AirPort โปรดดูApple AirPort Networks ได้ที่ www.apple.com/asia/ support/airport3 16 การใช้AirPort Express เพื่อ กระจายเพลง ถ้าคุณเชื่อมต่อ AirPort Express ไปยังสเตอริโอ หรือลำาโพงของคุณ คุณ สามารถใช้AirPlay เพื่อเล่นเพลงจาก iTunes บนคอมพิวเตอร์ใดๆ หรือจาก อุปกรณ์iOS บนเครือข่ายของคุณได้ สำาหรับการตั้งค่า: 1 เชื่อมต่อพอร์ตส่งออกเสียงบน AirPort Express ไปยังสเตอริโอหรือลำาโพง ของบ้านคุณ ใช้เคเบิลใยแก้วนำาแสงแบบดิจิตอล เคเบิลมินิสเตอริโอคู่ RCA แบบอะนาล็อค หรือเคเบิลมินิสเตอริโอไปมินิสเตอริโอ ทั้งนี้ขึ้นอยู่กับประเภท ของตัวเชื่อมต่อสเตอริโอที่คุณใช้งาน หมายเหตุ: คุณไม่สามารถใช้ลำาโพง USB กับ AirPort Express ได้ใช้ลำาโพง สเตอริโอตัวเชื่อมต่อแบบมินิแจ็ค 2 สำาหรับเข้าเชื่อมเครือข่ายไร้สาย:  บนเครื่อง Mac ให้ใช้เมนูสถานะ AirPort ในแถบเมนู  บนเครื่อง Windows ให้ชี้ค้างไว้เหนือไอคอนการเชื่อมต่อไร้สายจนกระทั่ง คุณพบชื่อเครือข่าย AirPort (SSID) และเลือกจากรายการถ้าปรากฏหลายๆ เครือข่ายที่สามารถใช้งานได้ป้อนรหัสผ่านเครือข่ายถ้าจำาเป็น  บนอุปกรณ์iOS ให้เลือกเครือข่ายที่ต้องการเข้าเชื่อมจากรายการเครือข่ายใน การตั้งค่า Wi-Fiบท 3 การใช้AirPort Express เพื่อกระจายเพลง 17 3 ใช้AirPlay เพื่อกระจายเพลงไปยังสเตอริโอหรือลำาโพงของคุณ:  บนเครื่อง Mac หรือ Windows ให้เปิด iTunes และเลือก AirPort Express ของคุณจากเมนูป็อปอัพ AirPlay ( ) ที่ด้านล่างขวา ของหน้าต่าง iTunes  บนอุปกรณ์iOS ให้เลือก AirPort Express ที่ีต้องการใช้จากเมนูป็อปอัพ AirPlay ( ) ถ้าคุณมีAirPort Express มากกว่าหนึ่งเครื่อง คุณสามารถเชื่อมต่อไปยัง เครื่องใดเครื่องหนึ่งกับสเตอริโอในห้องนั่งเล่นของคุณและเชื่อมต่อเครื่องอื่นๆ ไปยังลำาโพงในห้องส่วนตัวของคุณได้การใช้AirPlay คุณจะสามารถกระจาย เพลงใน iTunes จากคอมพิวเตอร์หรืออุปกรณ์ไร้สายใดๆ บนเครือข่ายไปยัง AirPort Express ในบ้านของคุณได้ คุณยังสามารถกระจายเพลงไปยัง AirPort Express มากกว่าหนึ่งเครื่องพร้อม กันโดยใช้iTunes ได้แต่อุปกรณ์เดียวเท่านั้นที่สามารถกระจายเพลงไปยัง AirPort Express ในเวลาเดียวกันได้4 18 เทคนิคและวิธีแก้ไข คุณสามารถแก้ไขปัญหาต่างๆ ที่เกิดขึ้นกับ AirPort Express ได้อย่างรวดเร็ว โดยการปฏิบัติตามคำาแนะนำาในบทนี้ สถานที่ที่ดีที่สุดสำาหรับ AirPort Express การปฏิบัติตามคำาแนะนำานี้จะช่วยให้AirPort Express ของคุณเกิดประสิทธิภาพ ในการทำางานไร้สายและเครือข่ายได้ดีที่สุด  วาง AirPort Express ในพื้นที่เปิดโล่ง ไม่มีสิ่งกีดขวางใดๆ เช่น เฟอร์นิเจอร์ ขนาดใหญ่หรือกำาแพง วางเครื่องให้ห่างจากพื้นผิวที่เป็นโลหะ  หลีกเลี่ยงการวาง AirPort Express ไว้ที่ด้านหลังของเฟอร์นิเจอร์หรือในชั้น วางของ  ห้ามวาง AirPort Express ทางด้านข้างของเครื่อง  ห้ามวาง AirPort Express ของคุณในพื้นที่ที่รอบๆ นั้นมีพื้นผิวเป็นโลหะ ตั้งแต่สามด้านขึ้นไป  ถ้าคุณวาง AirPort Express ในสถานบันเทิงที่มีอุปกรณ์สเตอริโออยู่ ห้าม ให้รอบๆ AirPort Express เต็มไปด้วยเคเบิลเสียง วิดีโอ หรือสายไฟ วาง AirPort Express ของคุณให้สายเคเบิลอยู่ด้านใดหน้าหนึ่ง โปรดรักษา ระยะห่างระหว่าง AirPort Express และเคเบิลต่างๆ  วาง AirPort Express ของคุณให้ห่างจากเตาไมโครเวฟ โทรศัพท์แบบ ไร้สายความถี่ 2.4 GHz หรือแหล่งรบกวนอื่นๆ อย่างน้อย 25 ฟุต (8 เมตร)บท 4 เทคนิคและวิธีแก้ไข 19 การหลีกเลี่ยงการรบกวน สิ่งต่างๆ ต่อไปนี้อาจเป็นสาเหตุการรบกวนการสื่อสารแบบไร้สายได้:  เตาไมโครเวฟ  การแผ่รังสีของคลื่นความถี่วิทยุในบริการดาวเทียมโดยตรง (DSS)  เคเบิลโคแอกเชียลที่ต่อพ่วงมาจากจานรับสัญญาณดาวเทียม โปรดติดต่อ ผู้ผลิตอุปกรณ์เพื่อขอรับเคเบิลใหม่  อุปกรณ์ไฟฟ้า เช่น สายไฟ รางรถไฟฟ้า และสถานีจ่ายไฟ  โทรศัพท์แบบไร้สายที่ทำางานในย่านความถี่ 2.4 GHz ถ้าคุณพบปัญหา เกี่ยวกับโทรศัพท์หรือ AirPort ของคุณ ให้เปลี่ยนช่องสัญญาณ AirPort Express ที่คุณใช้งาน  สถานีฐานใกล้เคียงที่ใช้ช่องสัญญาณในย่านใกล้เคียงกัน ตัวอย่าง ถ้าอุปกรณ์ A ใช้ช่องสัญญาณ 1 อุปกรณ์B ควรใช้ช่องสัญญาณ 6 หรือ 11 สำาหรับ ให้เกิดประสิทธิผลสูงสุด ให้ใช้ช่องสัญญาณ 1, 6 หรือ 11 เมื่อคุณใช้งาน อุปกรณ์ที่มีความถี่อยู่ในช่วง 2.4 GHz โปรดออกห่างจากแหล่งรบกวนเหล่านี้เพื่อช่วยลดปัญหาที่อาจเกิดขึ้นได้ ปัญหาและวิธีแก้ปัญหา ถ้าซอฟต์แวร์AirPort ไม่สามารถตรวจจับ AirPort Express ของ คุณได้ ตรวจสอบให้แน่ใจว่าเครื่อง Mac ของคุณกำาลังใช้งาน Wi-Fi ให้ใช้เมนูสถานะ Wi-Fi ในแถบเมนูเพื่อตรวจสอบให้แน่ใจว่า Wi-Fi เปิดใช้อยู่20 บท 4 เทคนิคและวิธีแก้ไข ถ้าคุณกำาลังใช้เครื่อง Windows ตรวจสอบให้แน่ใจว่าการ์ดเครือข่ายไร้สาย หรืออะแดปเตอร์ถูกติดตั้งอย่างถูกต้อง สำาหรับตรวจสอบการเชื่อมต่อ โปรดดู เอกสารที่มาพร้อมกับคอมพิวเตอร์ของคุณ ถ้าคุณไม่สามารถเล่นเพลงจาก iTunes บนสเตอริโอของคุณได้  ตรวจสอบให้แน่ใจว่า AirPort Express ของคุณได้เสียบปลักเข้ากับแหล่ง ๊ จ่ายไฟและอยู่ในช่วงของคอมพิวเตอร์หรืออุปกรณ์ไร้สายสามารถเชื่อมต่อได้ อีกทั้งคุณได้เชื่อมต่อเคเบิลอย่างถูกต้องแล้ว คุณอาจจำาเป็นต้องเข้าเชื่อม เครือข่าย AirPort Express  ตรวจสอบให้แน่ใจว่าคุณได้เลือก AirPort Express จากเมนูป็อปอัพ AirPlay ( ) ในหน้าต่าง iTunes บนคอมพิวเตอร์หรือจากเมนูป็อปอัพ AirPlay บนอุปกรณ์iOS ของคุณแล้ว  ตรวจสอบให้แน่ใจว่าคุณกำาลังใช้งาน iTunes เวอร์ชั่น 10.4 หรือใหม่กว่าบน คอมพิวเตอร์อยู่ ถ้าคุณไม่ได้ยินเสียงเพลงที่กำาลังเล่นอยู่ ถ้าเพลงกำาลังเล่นอยู่ (หัวเล่นในแถบความคืบหน้าที่ด้านบนของหน้าต่าง iTunes กำาลังเคลื่อนย้าย) แต่คุณไม่ได้ยินเสียงใดๆ โปรดตรวจสอบสิ่งต่างๆ ต่อไปนี้:  ตรวจสอบให้แน่ใจว่าคุณได้เลือกลำาโพงระยะไกลจากเมนูป็อปอัพ AirPlay ( ) ในหน้าต่าง iTunes บนคอมพิวเตอร์หรือจากเมนูป็อปอัพ AirPlay บน อุปกรณ์iOS ของคุณแล้ว อีกทั้งยังต้องตรวจสอบให้แน่ใจว่าระดับเสียงของ ลำาโพงระยะไกลไม่ได้ถูกปิดลงบท 4 เทคนิคและวิธีแก้ไข 21  ตรวจสอบให้แน่ใจว่าสเตอริโอหรือลำาโพงของคุณถูกเปิดอยู่ และระดับเสียง ถูกเปิดให้ดัง ถ้าคุณลืมรหัสผ่านเครือข่ายหรือรหัสผ่าน AirPort Express คุณสามารถล้างรหัสผ่านเครือข่าย AirPort หรือรหัสผ่านของ AirPort Express ได้โดยการรีเซ็ท AirPort Express สำาหรับรีเซ็ทรหัสผ่าน AirPort Express และเครือข่าย: 1 ใช้ปลายสุดของคลิปหนีบกระดาษที่ดัดตรงแล้ว กดลงที่ปุ่มรีเซ็ทประมาณ หนึ่งวินาที 2 เลือกเครือข่าย AirPort ของคุณ บนเครื่อง Mac ให้ใช้เมนูสถานะ AirPort ในแถบเมนูเพื่อเลือกเครือข่ายที่ สร้างขึ้นโดย AirPort Express (ชื่อเครือข่ายจะไม่เปลี่ยน) บนเครื่อง Windows ให้ชี้ค้างไว้เหนือไอคอนการเชื่อมต่อไร้สายจนกระทั่งคุณ พบชื่อเครือข่าย AirPort (SSID) และจากนั้นเลือกเครือข่าย 3 เปิดยูทิลิตี้AirPort 4 เลือก AirPort Express ของคุณและคลิกกำาหนดค่า 5 ในหน้าต่างโต้ตอบที่ปรากฏ ให้ทำาการเปลี่ยนแปลงต่อไปนี้:  รีเซ็ทรหัสผ่าน AirPort Express  เปิดการเข้ารหัสเพื่อเปิดใช้งานการป้องกันด้วยรหัสผ่านสำาหรับเครือข่าย AirPort ของคุณ ถ้าคุณเปิดการเข้ารหัส ให้ป้อนรหัสผ่านใหม่สำาหรับ เครือข่าย AirPort ของคุณ 6 คลิกตกลง22 บท 4 เทคนิคและวิธีแก้ไข AirPort Express จะเริ่มต้นการทำางานและโหลดการตั้งค่าใหม่อีกครั้ง ถ้า AirPort Express ของคุณไม่ตอบสนอง ให้ถอดสายจากแหล่งจ่ายไฟและเสียบสายใหม่อีกครั้ง ถ้า AirPort Express ของคุณหยุดการตอบสนองโดยสมบูรณ์คุณอาจจำาเป็น ต้องรีเซ็ทเครื่องเพื่อใช้การตั้งค่าจากโรงงาน ซึ่งจะเป็นการลบการตั้งค่าทั้งหมดที่ คุณได้ทำาไว้และจะรีเซ็ทการตั้งค่าเหล่านั้นกลับเป็นค่าเริ่มต้น สำาหรับคืนค่า AirPort Express ของคุณให้กลับเป็นค่าจากโรงงาน: m ใช้ปลายสุดของคลิปหนีบกระดาษที่ดัดตรงแล้ว กดลงที่ปุ่มรีเซ็ทค้างไว้ประมาณสิบวินาที AirPort Express จะเริ่มต้นการทำางานใหม่ด้วยการตั้งค่าต่อไปนี้:  AirPort Express จะรับที่อยู่ IP ของเครื่องโดยใช้DHCP  ชื่อเครือข่ายจะคืนกลับเป็น AppleNerwork xxxxxx (โดยที่ x เป็นตัวอักษร หรือตัวเลข)  รหัสผ่าน AirPort Express จะคืนกลับเป็นสาธารณะ ถ้าคุณได้ใช้ยูทิลิตี้AirPort สำาหรับการสร้างโปรไฟล์AirPort Express ของ คุณไว้ก่อนหน้านี้โปรไฟล์นั้นจะถูกเก็บรักษาไว้เมื่อคุณรีเซ็ท AirPort Express ถ้าคุณจำาเป็นต้องคืนค่า AirPort Express ของคุณกลับเป็นการตั้งค่าจาก โรงงานและลบโปรไฟล์ที่คุณได้กำาหนดไว้: 1 ถอดสาย AirPort Express 2 ใช้ปลายสุดของคลิปหนีบกระดาษที่ดัดตรงแล้ว กดลงที่ปุ่มรีเซ็ทค้างไว้ขณะ เสียบสายของ AirPort Express รอจนกระทั่งไฟสถานะกระพริบ และจากนั้นรีเซ็ทสถานีฐานบท 4 เทคนิคและวิธีแก้ไข 23 ถ้าไฟสถานะ AirPort Express กระพริบสีเหลืองอำาพัน เคเบิล Ethernet อาจไม่ได้เชื่อมต่ออย่างถูกต้อง AirPort Express อาจอยู่ นอกขอบเขตของเครือข่าย AirPort หรือเครื่องอาจเกิดปัญหากับการติดต่อ ผู้ให้บริการอินเทอร์เน็ต ถ้าคุณได้เชื่อมต่ออินเทอร์เน็ตด้วย DSL หรือเคเบิลโมเด็ม โมเด็มอาจจะสูญเสีย การเชื่อมต่อได้ถึงแม้ว่าโมเด็มอาจจะทำางานอย่างถูกต้องแล้ว ให้ทดลองตัด การเชื่อมต่อโมเด็มจากแหล่งจ่ายไฟ รอประมาณสองสามวินาทีและจากนั้น เชื่อมต่ออีกครั้ง ตรวจสอบให้แน่ใจว่า AirPort Express ได้เชื่อมต่อไปที่โมเด็ม ผ่าน Ethernet โดยตรงก่อนการเชื่อมต่อแหล่งจ่ายไฟไปยังโมเด็ม สำาหรับข้อมูลเกี่ยวกับการกระพริบไฟสีเหลืองอำาพัน ให้เปิดยูทิลิตี้AirPort บน คอมพิวเตอร์หรืออุปกรณ์iOS และเลือกสถานีฐาน ป้อนรหัสผ่านของสถานีฐาน ถ้าจำาเป็น จากนั้นเลือก AirPort Express ของคุณเพื่อแสดงข้อมูลสถานะ บนคอมพิวเตอร์คุณยังสามารถเลือกกล่องกาเครื่องหมาย “เฝ้าสังเกตสถานีฐาน สำาหรับปัญหา” ในการตั้งค่ายูทิลิตี้AirPort ถ้าสถานีฐานเกิดปัญหาขึ้น ยูทิลิตี้ AirPort จะเปิดขึ้นและช่วยคุณแก้ไขปัญหาดังกล่าว ถ้าคุณต้องการอัปเดตซอฟต์แวร์AirPort Express Apple จะอัปเดตยูทิลิตี้AirPort อย่างสม่ำาเสมอ สำาหรับดาวน์โหลดเวอร์ชั่น ล่าสุด:  บนเครื่อง Mac หรือ Windows ไปที่ www.apple.com/asia/support/airport  บนอุปกรณ์iOS ไปที่ App Store24 บท 4 เทคนิคและวิธีแก้ไข สำาหรับอัปเดตเฟิร์มแวร์AirPort Express จากคอมพิวเตอร์: 1 เปิดยูทิลิตี้AirPort 2 เลือก AirPort Express ของคุณ 3 คลิกอัปเดตถัดจากหมายเลขเวอร์ชั่น สำาหรับอัปเดตเฟิร์มแวร์AirPort Express จากอุปกรณ์iOS: m เปิดยูทิลิตี้AirPort ให้เลือก AirPort Express และจากนั้นแตะเวอร์ชั่น5 25 การเรียนรู้เพิ่มเติม บริการ และการ สนับสนุน คุณสามารถค้นหาข้อมูลเพิ่มเติมเกี่ยวกับการใช้งาน AirPort Express ในความช่วยเหลือบนหน้าจอและบนเว็บได้ ความช่วยเหลือบนหน้าจอในเครื่องคอมพิวเตอร์ของคุณ สำาหรับเรียนรู้เพิ่มเติมเกี่ยวกับการใช้งาน AirPort ให้เปิดยูทิลิตี้AirPort และ เลือกวิธีใช้> วิธีใช้ยูทิลิตี้AirPort แหล่งข้อมูลออนไลน์ สำาหรับข้อมูลล่าสุดเกี่ยวกับ AirPort Express ไปที่ www.apple.com/asia/airportexpress สำาหรับลงทะเบียน AirPort Express ของคุณ ให้ไปที่ www.apple.com/register สำาหรับบริการของ AirPort และข้อมูลการบริการ เข้าถึงได้ในห้องแสดง ความคิดเห็นเกี่ยวกับข้อมูลจำาเพาะของผลิตภัณฑ์และความคิดเห็นต่างๆ รวมถึง ดาวน์โหลดซอฟต์แวร์ของ Apple โดยไปที่ www.apple.com/asia/support/airport สำาหรับการสนับสนุนภายนอกประเทศสหรัฐอเมริกา ไปที่ www.apple.com/ asia/support และเลือกประเทศของคุณจากเมนูป็อปอัพ26 การเรียนรู้เพิ่มเติม บริการ และการสนับสนุน การบริการสำาหรับการรับประกันที่ได้รับ ถ้า AirPort Express ของคุณได้รับการกระแทกหรือไม่ทำางานอย่างถูกต้อง ให้ปฏิบัติตามคำาแนะนำาในคู่มือ ความช่วยเหลือบนหน้าจอ และแหล่งข้อมูล ออนไลน์ ถ้า AirPort Express ของคุณยังไม่สามารถทำางานได้อย่างถูกต้อง ให้ไป ที่ www.apple.com/asia/support และคลิก Check Your Service & Support Coverage สำาหรับข้อมูลเกี่ยวกับบริการสำาหรับการรับประกันที่ได้รับ การค้นหาหมายเลขประจำาเครื่องของ AirPort Express หมายเลขประจำาเครื่องจะถูกพิมพ์ทางด้านหลังของ AirPort Express6 27 ข้อมูลจำาเพาะและข้อมูลความ ปลอดภัย ข้อมูลจำาเพาะ AirPort  ย่านความถี่: 2.4 และ 5 กิกะเฮิรตซ์(GHz)  มาตรฐาน: 802.11n Wi-Fi ส่วนติดต่อ  RJ-45 10/100Base-T Ethernet WAN (<)  RJ-45 10/100Base-T Ethernet LAN (G)  บัสการสื่อสารแบบอนุกรม (USB) 2.0 (d)  มินิแจ็คออปติคอลแบบอะนาล็อคหรือดิจิตอล ขนาด 3.5 มม. (-)  Wi-Fi มาตรฐาน 802.11n ที่ทำางานได้บนสองย่านความถี่พร้อมกัน ข้อมูลจำาเพาะของสิ่งแวดล้อม  อุณหภูมิการทำางาน: 32° F ถึง 95° F (0° C ถึง 35° C)  อุณหภูมิการเก็บรักษา: -13° F ถึง 140° F (-25° C ถึง 60° C)  ความชื้นสัมพัทธ์(การทำางาน): 20% ถึง 80% ของความชื้นสัมพัทธ์  ความชื้นสัมพัทธ์(การเก็บรักษา): 10% ถึง 90% ของความชื้นสัมพัทธ์ แบบไม่ควบแน่น28 บท 6 ข้อมูลจำาเพาะและข้อมูลความปลอดภัย  ความสูงของการทำางาน: 0 ถึง 10,000 ฟุต (0 ถึง 3048 ม.)  ความสูงการเก็บรักษาสูงสุด: 15,000 ฟุต (4572 ม.) ขนาด  ความยาว: 3.9 นิ้ว (98 มม.)  ความกว้าง: 3.9 นิ้ว (98 มม.)  ความหนา: .9 นิ้ว (23 มม.) เทคนิคความปลอดภัยของ AirPort Express  การตัดการเชื่อมต่อจากแหล่งจ่ายไฟนั้นจะเป็นวิธีเดียวในการตัดกระแสไฟที่ จ่ายไปยัง AirPort Express ของคุณได้อย่างสมบูรณ์  AirPort Express ของคุณเป็นอุปกรณ์ที่ใช้แรงดันไฟสูง ห้ามเปิดเครื่องออก สำาหรับกรณีใดๆ ถึงแม้ว่าเครื่องจะถูกถอดปลักแล้ว ๊ ถ้า AirPort Express ของคุณจำาเป็นต้องได้รับการบริการ โปรดดู“การเรียนรู้เพิ่มเติม บริการ และ การสนับสนุน” ในหน้า 25  งดใช้แรงบังคับตัวเชื่อมต่อเพื่อใส่ลงในพอร์ต ตรวจสอบให้มั่นใจว่าตัว เชื่อมต่อนั้นสอดคล้องกับพอร์ตและตำาแหน่งที่ถูกต้องในพอร์ตที่สัมพันธ์กันบท 6 ข้อมูลจำาเพาะและข้อมูลความปลอดภัย 29 หลีกเลี่ยงพื้นที่เปียกชื้น คำเตือน: สำาหรับลดความเสี่ยงของการถูกช็อตหรือการบาดเจ็บ ห้ามใช้ AirPort Express ในหรือบริเวณใกล้พื้นที่ที่มีน้ำาหรือเปียกชื้น  เก็บรักษา AirPort Express ให้ห่างจากแหล่งของเหลว เช่น เครื่องดื่ม อ่างล้างหน้า อ่างอาบน้ำา หรือห้องอาบน้ำา  ป้องกัน AirPort Express จากฝนหรือความชื้นอื่นๆ  ดูแลรักษาไม่ให้อาหารหรือของเหลวหกหล่นบน AirPort Express ของคุณ ถ้าคุณต้องการทำาความสะอาด ให้ถอดปลัก๊ AirPort Express ออกก่อน ทุกครั้ง ในกรณีของวัตถุที่หกหล่นใส่ คุณอาจจำาเป็นต้องส่งอุปกรณ์ให้กับ Apple เพื่อ ขอรับบริการ โปรดดู“การเรียนรู้เพิ่มเติม บริการ และการสนับสนุน” ในหน้า 25 ห้ามซ่อมแซมด้วยตัวเอง คำเตือน: ห้ามเปิดหรือแยกชิ้นส่วน AirPort Express ของคุณ คุณอาจเสี่ยง ต่อการถูกไฟฟ้าช็อตและเป็นโมฆะภายใต้การรับประกันที่จำากัด ไม่มีชิ้นส่วนใด ภายในที่ผู้ใช้สามารถเปลี่ยนเองได้Regulatory Compliance Information 30 คำาแถลงข้อบังคับของ FCC อุปกรณ์นี้ได้สอดคล้องกับกฎของ FCC ส่วนที่ 15 ใน กระบวนการทำางานจะต้องปฏิบัติภายใต้สองเงื่อนไข ต่อไปนี้: (1) อุปกรณ์นี้อาจเป็นสาเหตุการรบกวน ที่เป็นอันตรายได้และ (2) อุปกรณ์นี้อาจจำาเป็นที่ จะได้รับการรบกวนอื่นๆ รวมถึงการรบกวนที่อาจ เป็นสาเหตุที่ก่อให้เกิดการทำางานที่ผิดพลาด โปรดดู ขั้นตอนปฏิบัติถ้าเกิดการรบกวนที่สงสัยไปยังวิทยุ หรือโทรทัศน์ การรบกวนวิทยุและโทรทัศน์ อุปกรณ์สำาหรับคอมพิวเตอร์จะสร้าง ใช้และสามารถ แผ่คลื่นความถี่วิทยุได้ถ้าอุปกรณ์ไม่ได้ถูกติดตั้งและ ใช้งานอย่างถูกวิธีตามขั้นตอนแนะนำาของ Apple จะ ทำาให้เกิดการรบกวนกับการรับสัญญาณของวิทยุ และโทรทัศน์ อุปกรณ์นี้ได้รับการทดสอบและสอดคล้องกับข้อบังคับ สำาหรับอุปกรณ์ดิจิตอลระดับ B ตามข้อบังคับใน ส่วนที่ 15 ของกฎ FCC คุณสมบัติเหล่านี้ได้รับ การออกแบบเพื่อให้มีการป้องกันที่เหมาะสมต่อ การรบกวนดังกล่าวสำาหรับการติดตั้งในที่อยู่อาศัย อย่างไรก็ตามยังไม่สามารถรับรองได้ว่าการรบกวนจะ ไม่เกิดขึ้นในส่วนของการติดตั้ง คุณสามารถพิจารณาได้ว่าระบบคอมพิวเตอร์ของ คุณนั้นเป็นสาเหตุของการรบกวนหรือไม่ โดยการ ปิดเครื่อง ถ้าการรบกวนสิ้นสุดลง สาเหตุของการ รบกวนอาจมาจากคอมพิวเตอร์หรืออุปกรณ์ต่อพ่วง ที่ใช้งานร่วมอยู่ ถ้าระบบคอมพิวเตอร์ของคุณเป็นสาเหตุของการ รบกวนไปยังวิทยุหรือโทรทัศน์ให้ทดลองเพื่อแก้ไข การรบกวนโดยการปรับตามข้อหนึ่งๆ หรือหลายๆ ข้อต่อไปนี้: • หมุนจานรับสัญญาณของโทรทัศน์หรือวิทยุจน กระทั่งการรบกวนสิ้นสุดลง • ย้ายคอมพิวเตอร์ไปด้านใดด้านหนึ่งของโทรทัศน์ หรือวิทยุ • ย้ายคอมพิวเตอร์ออกห่างจากโทรทัศน์หรือวิทยุ • เสียบปลักคอมพิวเตอร์เข้ากับแหล่งจ่ายไฟที่อยู่ ๊ วงจรอื่นๆ กับโทรทัศน์หรือวิทยุ (ส่วนนี้จะเป็นการ ทำาให้คอมพิวเตอร์และโทรทัศน์หรือวิทยุอยู่บนวงจร ควบคุมโดยเบรกเกอร์หรือฟิวส์ที่แตกต่างกัน) ถ้าจำาเป็นให้ขอรับคำาปรึกษาจากตัวแทนผู้ให้บริการ ของ Apple หรือจาก Apple โดยตรง โปรดดูข้อมูล การบริการและสนับสนุนที่มาพร้อมกับผลิตภัณฑ์ Apple ของคุณ หรือขอรับคำาปรึกษาจากช่างผู้ ชำานาญเกี่ยวกับโทรทัศน์หรือวิทยุสำาหรับขอคำา แนะนำาเพิ่มเติม ข้อมูลสำคัญ: การปรับเปลี่ยนหรือดัดแปลงโดยไม่รับ อนุญาตจากบริษัท Apple Inc. อาจเป็นโมฆะตาม EMC และลบล้างสิทธิ์ของคุณในการดำาเนินงานของ ผลิตภัณฑ์31 ผลิตภัณฑ์นี้ได้รับการทดสอบตามข้อบังคับของ FCC ภายใต้เงื่อนไขที่ได้รวมถึงการใช้งานอุปกรณ์ของ Apple ที่ใช้ต่อพ่วงกับคอมพิวเตอร์และเคเบิลฉนวน ของ Apple และตัวเชื่อมต่อระหว่างองค์ประกอบ ของระบบ ซึ่งจะเป็นสิ่งสำาคัญอย่างยิ่งเมื่อคุณใช้งาน อุปกรณ์ของ Apple ที่ใช้ต่อพ่วงกับคอมพิวเตอร์และ เคเบิลฉนวนของ Apple และตัวเชื่อมต่อระหว่าง องค์ประกอบของระบบเพื่อลดโอกาสในการเกิดการ รบกวนไปยังวิทยุ โทรทัศน์และอุปกรณ์ไฟฟ้าอื่นๆ คุณสามารถได้รับอุปกรณ์ของ Apple ที่ใช้ต่อพ่วง กับคอมพิวเตอร์และเคเบิลฉนวนของ Apple และตัว เชื่อมต่อผ่านทางตัวแทนจำาหน่ายที่ได้รับอนุญาตจาก Apple สำาหรับอุปกรณ์ต่อพ่วงที่ไม่ใช่ของ Apple โปรดติดต่อตัวแทนผู้ผลิตหรือผู้จำาหน่าย บุคคลที่มีความรับผิดชอบ (ติดต่อสำาหรับกรณีของ FCC เท่านั้น) Apple Inc. Corporate Compliance 1 Infinite Loop, 91-1EMC Cupertino, CA 95014 การใช้งานคลื่นความถี่วิทยุแบบไร้สาย อุปกรณ์นี้ถูกจำากัดให้ใช้งานภายในอาคาร โดย ขณะทำางานนั้นย่านความถี่จะอยู่ในช่วง 5.15 ถึง 5.25 GHz Cet appareil doit être utilisé à l’intérieur. การสัมผัสกับพลังงานคลื่นความถี่วิทยุ พลังงานการแผ่คลื่นที่ส่งออกมาของการ์ด AirPort ในอุปกรณ์นี้อยู่ภายใต้การจำากัดการสัมผัสคลื่น ความถี่วิทยุของ FCC และ EU สำาหรับอุปกรณ์ที่ไม่มี การควบคุม อุปกรณ์นี้ควรอยู่ห่างระหว่างเสาสัญญาณ การ์ด AirPort และร่างกายอย่างน้อย 8 นิ้ว (20 ซม.) ขณะใช้งานและจะต้องไม่ร่วมอยู่หรือใช้งาน กับเสาสัญญาณหรือตัวถ่ายโอนอื่นๆ ตามเงื่อนไข ของ FCC Grant คำาแถลงข้อบังคับของประชาชนชาวแคนาดา อุปกรณ์นี้สอดคล้องกับใบอนุญาตอุตสาหกรรม แคนาดาที่ได้รับยกเว้นตามมาตรฐาน RSS ใน กระบวนการทำางานจะต้องปฏิบัติภายใต้สองเงื่อนไข ต่อไปนี้: (1) อุปกรณ์นี้อาจเป็นสาเหตุการรบกวนที่ เป็นอันตรายได้และ (2) อุปกรณ์นี้อาจจำาเป็นที่จะ ได้รับการรบกวนอื่นๆ รวมถึงการรบกวนที่อาจเป็น สาเหตุที่ก่อให้เกิดการทำางานที่ผิดพลาดของอุปกรณ์ Cet appareil est conforme aux normes CNR exemptes de licence d’Industrie Canada. Le fonctionnement est soumis aux deux conditions suivantes : (1) cet appareil ne doit pas provoquer d’interférences et (2) cet appareil doit accepter toute interférence, y compris celles susceptibles de provoquer un fonctionnement non souhaité de l’appareil. คำาแถลงของอุตสาหกรรมของแคนาดา สอดคล้องกับข้อมูลจำาเพาะระดับ B ตาม ICE-003 ของแคนาดา Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. อุปกรณ์นี้ได้สอดคล้องกับ RSS 210 ของอุตสาหกรรมของแคนาดา32 ใบรับรองมาตรฐานของสหภาพยุโรป หรือ EU Български Apple Inc. декларира, че това WLAN Access Point е в съответствие със съществените изисквания и другите приложими правила на Директива 1999/5/ЕС. Česky Společnost Apple Inc. tímto prohlašuje, že tento WLAN Access Point je ve shodě se základními požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES. Dansk Undertegnede Apple Inc. erklærer herved, at følgende udstyr WLAN Access Point overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF. Deutsch Hiermit erklärt Apple Inc., dass sich das Gerät WLAN Access Point in Übereinstimmung mit den grundlegenden Anforderungen und den übrigen einschlägigen Bestimmungen der Richtlinie 1999/5/EG befinden. Eesti Käesolevaga kinnitab Apple Inc., et see WLAN Access Point vastab direktiivi 1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele. English Hereby, Apple Inc. declares that this WLAN Access Point is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC. Español Por medio de la presente Apple Inc. declara que este WLAN Access Point cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/5/CE. Ελληνικά Mε την παρούσα, η Apple Inc. δηλώνει ότι αυτή η συσκευή WLAN Access Point συμμορφώνεται προς τις βασικές απαιτήσεις και τις λοιπές σχετικές διατάξεις της Οδηγίας 1999/5/ΕΚ. Français Par la présente Apple Inc. déclare que l’appareil WLAN Access Point est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE. Islenska Apple Inc. lýsir því hér með yfir að þetta tæki WLAN Access Point fullnægir lágmarkskröfum og öðrum viðeigandi ákvæðum Evróputilskipunar 1999/5/EC. Italiano Con la presente Apple Inc. dichiara che questo dispositivo WLAN Access Point è conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE. Latviski Ar šo Apple Inc. deklarē, ka WLAN Access Point ierīce atbilst Direktīvas 1999/5/EK būtiskajām prasībām un citiem ar to saistītajiem noteikumiem. Lietuvių Šiuo „Apple Inc.“ deklaruoja, kad šis WLAN Access Point atitinka esminius reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas.33 Magyar Alulírott, Apple Inc. nyilatkozom, hogy a WLAN Access Point megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak. Malti Hawnhekk, Apple Inc., jiddikjara li dan WLAN Access Point jikkonforma mal-ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC. Nederlands Hierbij verklaart Apple Inc. dat het toestel WLAN Access Point in overeenstemming is met de essentiële eisen en de andere bepalingen van richtlijn 1999/5/EG. Norsk Apple Inc. erklærer herved at dette WLAN Access Point-apparatet er i samsvar med de grunnleggende kravene og øvrige relevante krav i EU-direktivet 1999/5/EF. Polski Niniejszym Apple Inc. oświadcza, że ten WLAN Access Point są zgodne z zasadniczymi wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC. Português Apple Inc. declara que este dispositivo WLAN Access Point está em conformidade com os requisitos essenciais e outras disposições da Directiva 1999/5/CE. Română Prin prezenta, Apple Inc. declară că acest aparat WLAN Access Point este în conformitate cu cerinţele esenţiale şi cu celelalte prevederi relevante ale Directivei 1999/5/CE. Slovensko Apple Inc. izjavlja, da je ta WLAN Access Point skladne z bistvenimi zahtevami in ostalimi ustreznimi določili direktive 1999/5/ES. Slovensky Apple Inc. týmto vyhlasuje, že toto WLAN Access Point spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999/5/ES. Suomi Apple Inc. vakuuttaa täten, että tämä WLAN Access Point tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen. Svenska Härmed intygar Apple Inc. att denna WLAN Access Point står i överensstämmelse med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 1999/5/EG. สำาเนาประกาศใบรับรองมาตรฐานของสหภาพยุโรป สามารถดูได้ที่: www.apple.com/euro/compliance จุดเข้าถึง Apple WLAN นี้สามารถถูกใช้งานได้ใน ประเทศต่างๆ ต่อไปนี้: AT EE BG FI BE FR CY DE CZ GR DK HU IE IT LV LT LU MT NL PL PT RO SK SL ES SE GB IS LI NO CH ข้อกำาหนดแห่งสหภาพยุโรป Français Pour usage en intérieur uniquement. Consultez l’Autorité de Régulation des Communications Electroniques et des Postes (ARCEP) pour connaître les limites d’utilisation des canaux 1 à 13. www.arcep.fr34 คำาแถลงคำาเตือนของเกาหลี B૶ૺૺ(ਜ਼ႜဧ෮໽ቛཅૺၴႁ) ၦૺૺ௴ਜ਼ႜဧ(B૶) ႖ၴኒ႕ጁૺૺച໏჎ച ਜ਼ႜ࿝໏ຫဧዻ௴ઇၕඛ႕ၒചዻඑ, ක౷ ხ࿦࿝໏ຫဧዾ༘ၰཀఁఋ. ෮ቛ၁ધགྷ࿝ಋ൏ધხຫጃ ጄఙඳ໓໕๗௴ဪဧთ႖ኒጯཅਜ਼௻ໜၦၰၗ ၦૺૺ௴ၨ඗ྦ႖઴શഏౘ໏๗༺࿝ຫဧዾ༘࿖ཀఁఋ ఝዽූ૑ ૬ႜ ෟ ა༘ ใบรับรองการสื่อสารไร้สายของสิงคโปร์ คำาแถลงการสื่อสารไร้สายของไต้หวัน คำาแถลงระดับ B ของไต้หวัน 警告 本電池如果更換不正確會有爆炸的危險 請依製造商說明書處理用過之電池 คำาแถลงระดับ B ตามมาตรฐาน VCCI ของญี่ปุ่น35 ข้อมูลกระบวนการกำาจัดและการรีไซเคิล สัญลักษณ์นี้จะแสดงถึงผลิตภัณฑ์ของคุณนั้นต้องได้ รับการกำาจัดอย่างถูกวิธีตามกฎหมายท้องถิ่นและ ข้อบังคับ เมื่อผลิตภัณฑ์ของคุณหมดอายุการใช้งาน โปรดติดต่อ Apple หรือตัวแทนในท้องถิ่นเพื่อเรียนรู้ เกี่ยวกับตัวเลือกการรีไซเคิล สำาหรับข้อมูลเกี่ยวกับโปรแกรมการรีไซเคิลของ Apple ไปที่ www.apple.com/asia/recycling ข้อมูลกระบวนการกำาจัดแห่งสหภาพยุโรป สัญลักษณ์ด้านบนจะหมายถึง ตามกฎหมายและ ข้อบังคับท้องถิ่นสำาหรับผลิตภัณฑ์ของคุณ ควรถูก กำาจัดแยกออกจากขยะครัวเรือน เมื่อผลิตภัณฑ์นี้หมด อายุการใช้งาน ให้นำาผลิตภัณฑ์ไปยังจุดรวบรวมที่ถูก ออกแบบโดยตัวแทนท้องถิ่น จุดรวบรวมบางแห่งจะ ยอมรับผลิตภัณฑ์ได้โดยไม่เสียค่าใช้จ่าย การแยก ชิ้นส่วนและการรีไซเคิลผลิตภัณฑ์ของคุณ ในกระบวนการกำาจัดนั้นจะช่วยอนุรักษ์ ทรัพยากรธรรมชาติและเพื่อให้มั่นใจว่าผลิตภัณฑ์จะ ถูกรีไซเคิลที่ไม่เป็นพิษต่อมนุษย์และสิ่งแวดล้อม. Türkiye EEE yönetmeliğine (Elektrikli ve Elektronik Eşyalarda Bazı Zararlı Maddelerin Kullanımının Sınırlandırılmasına Dair Yönetmelik) uygundur. Brasil—Informações sobre descarte e reciclagem O símbolo acima indica que este produto e/ou sua bateria não devem ser descartadas no lixo doméstico. Quando decidir descartar este produto e/ou sua bateria, faça-o de acordo com as leis e diretrizes ambientais locais. Para informações sobre o programa de reciclagem da Apple, pontos de coleta e telefone de informações, visite www.apple.com/br/environment. ข้อมูลกระบวนการกำาจัดแบตเตอรี่ กระบวนการกำาจัดของแบตเตอรี่ปฏิบัติตามกฎหมาย และนโยบายสิ่งแวดล้อมท้องถิ่น Deutschland: Dieses Gerät enthält Batterien. Bitte nicht in den Hausmüll werfen. Entsorgen Sie dieses Gerät am Ende seines Lebenszyklus entsprechend der maßgeblichen gesetzlichen Regelungen. Nederlands: Gebruikte batterijen kunnen worden ingeleverd bij de chemokar of in een speciale batterijcontainer voor klein chemisch afval (kca) worden gedeponeerd.36 คำาแถลงเกี่ยวกับแบตเตอรี่ของจีน คำาแถลงเกี่ยวกับแบตเตอรี่ของไต้หวัน © 2012 Apple Inc. สงวนลิขสิทธิ์ Apple หรือสัญลักษณ์Apple, AirPlay, AirPort, AirPort Express, AirPort Extreme, Apple TV, iPad, iPhone, iPod touch, iTunes, Mac และ Mac OS เป็นเครื่องหมายการค้าของบริษัท Apple Inc. ที่จดทะเบียนในประเทศสหรัฐอเมริกา และประเทศอื่นๆ App Store เป็นเครื่องหมายบริการของบริษัท Apple Inc. IOS เป็นเครื่องหมายการค้าหรือเครื่องหมายการค้า ที่จดทะเบียนของ Cisco ในประเทศสหรัฐอเมริกา และประเทศอื่นๆ ชื่อผลิตภัณฑ์และบริษัทอื่นๆ ที่กล่าวถึงในที่นี้อาจเป็น เครื่องหมายการค้าของบริษัทที่เกี่ยวข้องเหล่านั้นwww.apple.com/airportexpress www.apple.com/support/airport TH034-6427-A Printed in XXXX iPod nano BenutzerhandbuchInhalt 4 Kapitel 1: Der iPod nano im Überblick 4 iPod nano Überblick 5 Zubehör 5 Der Home-Bildschirm 6 Symbole in der Statusleiste 7 Kapitel 2: Einführung 7 Einrichten des iPod nano 9 Kapitel 3: Grundlagen 9 Verwenden der Multi-Touch-Funktion 11 Festlegen von Einstellungen 13 Verbinden und Trennen des iPod nano 14 Informationen zur Batterie 16 Konfigurieren der iTunes-Synchronisierung 18 Kapitel 4: Musik und andere Audiodateien 18 Abspielen von Musik 21 Abspielen von Podcasts, Hörbüchern und iTunes U-Sammlungen 24 Erstellen von Wiedergabelisten auf dem iPod nano 27 Anpassen der Lautstärke 29 Kapitel 5: Videos 29 Hinzufügen von Videos auf dem iPod nano 29 Wiedergeben von Videos auf dem iPod nano 30 Wiedergeben von ausgeliehenen Filmen 32 Kapitel 6: FM-Radiosendungen 32 Anhören von FM-Radiosendungen 33 Anhalten von Live-Radiosendungen 34 Finden lokaler Sender und Festlegen von Favoriten 35 Kennzeichnen von Musiktiteln für Hörprobe und Kauf 35 Festlegen Ihrer Radioregion 37 Kapitel 7: Fitness 37 Festlegen der Fitnesseinstellungen 38 Schrittzählung 39 Erstellen von Trainingseinheiten mit Musik 41 Kalibrieren des iPod nano 41 Anzeigen und Verwalten von Fitnessdaten 243 Kapitel 8: Fotos 43 Anzeigen von Fotos auf dem iPod nano 45 Synchronisieren von Fotos 48 Kapitel 9: Uhr 48 Anpassen der Uhr 49 Verwenden der Stoppuhr 49 Verwenden des Timers 51 Kapitel 10: Sprachmemos 51 Aufzeichnen von Sprachmemos 51 Abspielen von Sprachaufnahmen 52 Verwalten der Aufnahmen 54 Kapitel 11: Bedienungshilfen 54 Funktionen der Bedienungshilfen 54 Verwenden von VoiceOver 56 Festlegen der Funktion „Mono-Audio“ 57 Umkehren der Farben auf dem Bildschirm 57 Schnelles Aktivieren der Funktionen für die Bedienungshilfen 58 Kapitel 12: EarPods und Bluetooth-Zubehör 58 Verwenden der Apple EarPods 58 Verwenden der Apple EarPods mit Fernbedienung und Mikrofon 59 Anschließen von Bluetooth-Zubehör 61 Wechseln zwischen Audioausgabegeräten 62 Kapitel 13: Tipps und Fehlerbeseitigung 62 Allgemeine Vorschläge 66 Aktualisieren und Wiederherstellen der iPod-Software 68 Kapitel 14: Sicherheit und Handhabung 68 Wichtige Sicherheitsinformationen 70 Wichtige Informationen zur Handhabung 72 Kapitel 15: Weitere Informationen, Service und Support 73 Regulatory Compliance Information Inhalt 31 4 iPod nano Überblick Lightning-Anschluss Standby-Taste Statusleiste Multi-Touch-Bildschirm Home-Taste Symbole für Menüund App Kopfhöreranschluss Leiser Lauter Start/Pause Funktion Aktion Die Bildschirmanzeige ein- oder ausschalten, während Sie Musik oder andere Audiodateien anhören Drücken Sie die Standby-Taste. Ausschalten des iPod nano oder erneutes Einschalten Halten Sie die Standby-Taste einige Sekunden lang gedrückt. Anpassen der Lautstärke, während Sie Musik oder andere Medien anhören Drücken Sie die Taste „Lauter“ oder „Leiser“. Diese Tasten steuern auch die Lautstärke für Warnmeldungen und andere Töne. Starten oder Unterbrechen der Audiowiedergabe: Drücken Sie die Start/Pause-Taste. Wechseln zur nächsten Audiospur Drücken Sie die Start/Pause-Taste zweimal. Wechseln zur nächsten Audiospur Drücken Sie die Start/Pause-Taste dreimal. Zurückkehren zum Home-Bildschirm Drücken der Home-Taste Der iPod nano im ÜberblickKapitel 1 Der iPod nano im Überblick 5 Zubehör Das folgende Zubehör ist im Lieferumfang des iPod nano enthalten: Apple EarPods Lightning-auf-USB-Kabel Verwenden Sie das Lightning-Kabel zum Anschluss des iPod nano an Ihren Computer, um Inhalte zu synchronisieren und die Batterie aufzuladen. Sie können dieses Kabel auch mit dem Apple USB Power Adapter (separat erhältlich) verwenden. Verwenden Sie die Apple EarPods, um Musik, Hörbücher und Podcasts anzuhören. Ferner fungieren die EarPods als Antenne zum Anhören von Radiosendungen. Information zum Verwenden des Zubehörs mit dem iPod nano, einschließlich optionaler Headsets und Bluetooth®-Geräte finden Sie unter Kapitel 12, EarPods und Bluetooth-Zubehör, auf Seite 58. Der Home-Bildschirm Nach dem Einschalten des iPod nano wird der Home-Bildschirm angezeigt. Tippen Sie zum Öffnen im Home-Bildschirm auf ein Symbol und verwenden Sie zum Navigieren die entsprechenden Gesten (vgl. Verwenden der Multi-Touch-Funktion auf Seite 9). Wenn Sie den iPod nano zum ersten Mal einschalten, sehen Sie folgende Symbole auf dem Home-Bildschirm: Titel Bietet schnellen Zugriff auf Ihre Musiktitel und andere Audioinhalte sortiert nach Wiedergabelisten, Songs uvm. Videos Bietet schnellen Zugriff auf Ihre Filme und Videos, sortiert nach Typ. Fitness Öffnet die Funktion „Fitness“, mit der Sie Ihre Schritte beim Gehen oder Laufen zählen und die Trainingszeit, Strecke, Tempo und verbrauchte Kalorien beim Training aufzeichnen können. Podcasts Listet die mit Ihrer iTunes-Mediathek synchronisierten Podcasts auf. Fotos Zeigt die mit Ihrem Computer synchronisierten Fotos an. Radio Öffnet das FM-Radio, wenn Sie EarPods oder Kopfhörer an den iPod nano anschließen. Streichen Sie nach links, um auf einem zweiten Bildschirm diese weiteren Symbole anzuzeigen: Uhr Öffnet die Uhr, die Stoppuhr und den Timer. Einstellungen Öffnet die Einstellungen für den iPod nano und viele seiner Funktionen.Kapitel 1 Der iPod nano im Überblick 6 Hörbücher Listet die mit Ihrer iTunes-Mediathek synchronisierten Hörbücher auf (und wird nicht angezeigt, wenn keine Hörbücher vorhanden sind). iTunes U Listet die mit Ihrer iTunes-Mediathek synchronisierten iTunes U-Sammlungen auf (und wird nicht angezeigt, wenn keine Sammlungen vorhanden sind). Sprachmemos Öffnet die Bedienelemente zum Aufzeichnen und Verwalten von Sprachmemos. Diese Bedienelemente sind nur sichtbar, wenn ein Mikrofon am iPod nano angeschlossen ist oder wenn sich auf dem iPod nano bereits aufgezeichnete Sprachmemos befinden. Symbole in der Statusleiste Die Symbole in der Statusleiste oben im Bildschirm stellen Informationen über den iPod nano bereit: Zeigt, dass Bluetooth aktiviert, jedoch nicht mit einem Bluetooth-Gerät verbunden oder daran geschlossen ist, oder dass das Gerät sich außer Reichweite befindet oder ausgeschaltet ist. oder Zeigt, dass Bluetooth aktiviert und mit einem Bluetooth-Gerät verbunden ist. Die Farbe wird durch die aktuelle Farbe der Statusleiste bestimmt. Zeigt, dass das Radio verwendet wird. Zeigt, dass ein Musiktitel, ein Podcast, ein Hörbuch oder eine iTunes U-Folge wiedergegeben wird. Zeigt, dass ein Musiktitel, ein Podcast, ein Hörbuch, eine iTunes U-Folge oder eine Radiosendung gestoppt wurde. Die Schritte werden gezählt. Zeigt den Batterieladezustand oder den Status des Aufladevorgangs an.2 7 · ACHTUNG: Bitte lesen Sie vor dem Verwenden des iPod nano die Informationen unter Wichtige Sicherheitsinformationen auf Seite 68, um Verletzungen und Beschädigungen zu vermeiden. Einrichten des iPod nano Konfigurieren Sie den iPod nano mithilfe von iTunes auf Ihrem Computer. Während der Konfiguration können Sie einen iTunes Store-Account einrichten oder einen bestehenden Account angeben. (Der iTunes Store ist möglicherweise nicht in allen Ländern oder Regionen verfügbar.) Die Seriennummer des angeschlossenen iPod nano wird von iTunes für den Fall angezeigt und erfasst, dass Sie sie einmal benötigen. iPod nano einrichten 1 Laden und installieren Sie die neuste Version von iTunes von folgender Website: www.itunes.com/de/download. Sie benötigen iTunes 10.7 oder neuer. 2 Verbinden Sie den iPod nano mit einem High-Power-USB 2.0- oder einem USB 3.0-Anschluss Ihres Mac oder PCs und verwenden Sie dazu das mit dem iPod nano gelieferte Kabel. 3 Befolgen Sie die in iTunes angezeigten Anleitungen, um den iPod nano zu registrieren und mit den Musiktiteln aus Ihrer iTunes-Mediathek zu synchronisieren. Informationen zum Verwenden des iPod nano-Assistenten finden Sie unter Konfigurieren der iTunes-Synchronisierung auf Seite 16. Wird der iPod nano mit Ihrem Computer synchronisiert, wird auf dem iPod nano die Meldung „Synchronisieren“ angezeigt. Sobald die Synchronisierung abgeschlossen ist, zeigt iTunes die Meldung „Synchronisierung des iPod abgeschlossen“ an. 4 Optimale Ergebnisse erzielen Sie, wenn Sie die Batterie beim erstmaligen Verwenden des iPod nano mindestens drei Stunden lang aufladen bzw. so lange aufladen, bis das Batteriesymbol anzeigt, dass die Batterie vollständig aufgeladen ist. Ist der iPod nano am USB-Anschluss angeschlossen, wird die Batterie nicht aufgeladen, wenn der Computer ausgeschaltet ist oder sich im Ruhezustand befindet. EinführungKapitel 2 Einführung 8 Sie können den iPod nano vom Computer trennen, bevor die Batterie vollständig aufgeladen ist, und die Synchronisierung während des Ladevorgangs starten. Weitere Informationen finden Sie unter Informationen zur Batterie auf Seite 14. 5 Trennen Sie die Kabelverbindung zum iPod nano, wenn Sie fertig sind. Trennen Sie den iPod nano nicht, während die Meldung „Verbunden“ oder „Synchronisieren“ angezeigt wird. Wenn eine dieser Meldungen angezeigt wird, müssen Sie den iPod nano vor dem Trennen vom Computer auswerfen, um eine Beschädigung der Dateien auf dem iPod nano zu vermeiden. Weitere Informationen zum sicheren Trennen des iPod nano finden Sie unter Trennen des iPod nano von Ihrem Computer auf Seite 13.3 9 Sie steuern den iPod nano mit Gesten auf dem Multi-Touch-Bildschirm, mit den Tasten oben und an der Seite des iPod nano und mit den Steuerelementen an kompatiblem Zubehör. Sie können den iPod nano mithilfe von Einstellungen anpassen und ihn mithilfe von iTunes mit Ihrem Computer synchronisieren. Im Folgenden erfahren Sie, wie Sie den iPod nano korrekt anschlie- ßen, die Verbindung trennen, die Batterie aufladen und Batteriestrom sparen. Verwenden der Multi-Touch-Funktion Der Multi-Touch-Bildschirm und einfache Fingerbewegungen (Gesten) machen das Verwenden des iPod nano sehr einfach. Tippen und Doppeltippen Durch Tippen können Sie ein Symbol öffnen oder ein Objekt in einem Menü oder einer Liste auswählen. Tippen Sie zweimal auf ein Foto, um es schnell zu vergrößern. Durch erneutes Doppeltippen können Sie das Foto schnell wieder verkleinern. Beim Ansehen eines Videos können Sie durch Doppeltippen die Anzeige des Videos auf dem Bildschirm ändern. Streichen mit dem Finger Streichen Sie mit dem Finger nach links oder rechts, um zum nächsten oder vorherigen Bildschirm zu gelangen. GrundlagenKapitel 3 Grundlagen 10 Schnelles Streichen mit dem Finger Streichen Sie mit dem Finger schnell nach oben oder unten, um schnell zu blättern. Sie können warten, bis der Blättervorgang stoppt, oder eine beliebige Stelle auf dem Bildschirm berühren, um den Vorgang sofort zu stoppen. Wenn Sie den Bildschirm berühren, um einen Blättervorgang zu stoppen, werden keine Objekte ausgewählt oder aktiviert. In einigen Listen, wie Wiedergabelisten, können Sie nach unten streichen, um oben im Bildschirm Bedienelemente für die Bearbeitung einzublenden. Bewegen Bewegen Sie den Finger über Navigationsleisten oder Regler, um deren Bedienelemente zu bewegen. Verkleinern oder Vergrößern Sie können die Anzeige eines Fotos Schritt für Schritt verkleinern und vergrößern. Ziehen Sie die Finger auseinander, um das Foto zu vergrößern, ziehen Sie die Finger zusammen, um die Anzeige zu verkleinern. Durch Doppeltippen können Sie auf die Maximalgröße vergrößern, durch erneutes Doppeltippen können Sie die Anzeige wieder verkleinern.Kapitel 3 Grundlagen 11 Hier einige weitere Möglichkeiten, den iPod nano mithilfe von Gesten und Tasten zu steuern: Ausschalten des iPod nano oder erneutes Einschalten Halten Sie die Standby-Taste einige Sekunden lang gedrückt, um den iPod nano vollständig auszuschalten. Die Wiedergabe von Audiodateien wird ausgeschaltet. Zum Wiedereinschalten des iPod nano, nachdem er auf diese Weise ausgeschaltet wurde, halten Sie die Standby-Taste einige Sekunden lang gedrückt. Beenden des Ruhezustands des iPod nano Drücken Sie die Standby-Taste. Ausschalten der Bildschirmanzeige Drücken Sie die Standby-Taste. Musik oder andere Audiodateien werden weiter abgespielt. Einschalten der Hintergrundbeleuchtung Tippen Sie auf den Bildschirm, wenn die Hintergrundbeleuchtung ausgeblendet ist. Zurücksetzen des iPod nano (wenn er nicht reagiert) Drücken und halten Sie die Standby-Taste und die Home-Taste sechs Sekunden lang, bis der Bildschirm dunkel wird. Nach einigen Sekunden wird das Apple-Logo und dann der Home-Bildschirm angezeigt. Auswählen eines Objekts Tippen Sie auf das Objekt. Zurückkehren zum vorherigen Bildschirm Streichen Sie mit dem Finger nach rechts. Wechseln zum nächsten Bildschirm (sofern verfügbar) Streichen Sie mit dem Finger nach links. Zum Anfang einer Liste Tippen Sie auf die Statusleiste oben auf dem Bildschirm. Anzeigen von Informationen über Musiktitel, Künstler oder Albumnamen Streichen Sie mit dem Finger über den Namen. Direktes Zurückkehren zum Home-Bildschirm Drücken Sie die Home-Taste . Direktes Zurückkehren zum Bildschirm „Sie hören“ Drücken Sie die Home-Taste zweimal. Festlegen von Einstellungen In den „Einstellungen“ können Sie den iPod nano-Bildschirm anpassen, die Anzeige von Datum und Uhrzeit ändern, Bluetooth aktivieren und andere Einstellungen festlegen. Hier legen Sie auch die Einstellungen für die Wiedergabe von Musik, Videos, Fotos und Radio fest. Einstellungen für den iPod nano öffnen m Streichen Sie mit dem Finger nach links über den Home-Bildschirm und tippen Sie auf „Einstellungen“. Informationen zu Ihrem iPod nano Wählen Sie „Einstellungen“ > „Allgemein“ > „Über“, um die folgenden Informationen über Ihren iPod nano anzuzeigen: • Kapazität und Größe des verfügbaren Speicherplatzes • Anzahl der Songs, Fotos und Videos auf dem iPod nano • Seriennummer, Modell und Softwareversion • Bluetooth-Adresse • Copyright, regulatorische und rechtliche InformationenKapitel 3 Grundlagen 12 Allgemeine Einstellungen Tippen Sie auf „Einstellungen“ > „Allgemein“, um folgende Einstellungen anzuzeigen: Helligkeit die Helligkeit des Bildschirms anpassen. die Helligkeit verringern, um Batteriestrom zu sparen. Hintergrundbild ein Hintergrundbild für den Home-Bildschirm festlegen. Tippen Sie auf ein Muster, um es auf dem Bildschirm anzuzeigen. Tippen Sie dann auf „Abbrechen“ oder „Festlegen“. Datum & Uhrzeit Datum, Uhrzeit und Zeitzone festlegen. für die Uhrzeitanzeige die 24-Stunden-Uhr verwenden. Beim Beenden des Ruhezustands die Uhr anzeigen. Wählen Sie ein Zifferblatt aus (vgl. Anpassen der Uhr auf Seite 48). Sprache die Sprache für den iPod nano festlegen. Bedienungshilfen VoiceOver und Mono-Audiowiedergabe aktivieren. die Farben auf dem Bildschirm umkehren. einen Kurzbefehl zum Aktivieren bzw. Deaktivieren der Bedienungshilfefunktionen festlegen. Informationen zu den Funktionen der Bedienungshilfen finden Sie unter Funktionen der Bedienungshilfen auf Seite 54. Musikeinstellungen Tippen Sie auf „Einstellungen“ > „Musik“, um folgende Einstellungen festzulegen: Schütteln für die zufällige Wiedergabe die Funktion des iPod nano zum Starten der Zufallswiedergabe durch Schütteln aktivieren bzw. deaktivieren. Anpassen der Lautstärke festlegen, dass die Lautstärke der Titel automatisch angepasst wird, sodass sie alle mit derselben relativen Lautstärke abgespielt werden. EQ eine Equalizer-Einstellung auswählen. Obergrenze für die Lautstärke Sie können auf Ihrem iPod nano eine Obergrenze für die Lautstärke festlegen und dieser eine Zahlenkombination zuweisen, mit der verhindert wird, dass die Einstellung ohne Ihre Kenntnis geändert werden kann. Audioüberblendung festlegen, dass der iPod nano das Ende jedes Titels automatisch ausblendet und den Anfang des jeweils folgenden Titels einblendet. Zusammenstellen von Gruppen Musiktitel aus Compilations zusammenstellen. Compilations werden als Unterkategorien unter „Interpreten“ und bestimmten Genres im Bereich „Musik“ angezeigt. Einstellungen für Videos, Fotos und Radio In den Einstellungen können Sie auch festlegen, wie Videos, Radiosendungen und Fotos wiedergegeben werden. Weitere Informationen finden Sie unter: • Kapitel 5, Videos, auf Seite 29. • Kapitel 6, FM-Radiosendungen, auf Seite 32. • Kapitel 8, Fotos, auf Seite 43.Kapitel 3 Grundlagen 13 Zurücksetzen von Einstellungen Sie können den iPod nano auf Standardwerte zurücksetzen, ohne dass Ihre synchronisierten Inhalte beeinträchtigt werden. Alle Einstellungen zurücksetzen 1 Tippen Sie im Home-Bildschirm auf „Einstellungen“. 2 Tippen Sie auf „Einstellungen zurücksetzen“. 3 Tippen Sie auf „Zurücksetzen“ oder „Abbrechen“, wenn Sie die Einstellungen nicht zurücksetzen wollen. 4 Tippen Sie auf Ihre Sprache und dann auf „Fertig“. Verbinden und Trennen des iPod nano Sie verbinden den iPod nano mit Ihrem Computer, um Dateien zu synchronisieren und die iPod nano-Batterie aufzuladen. Es ist möglich, gleichzeitig Musiktitel zu synchronisieren und die Batterie aufzuladen. Wichtig: Die Batterie wird nicht aufgeladen, wenn sich Ihr Computer im Ruhezustand oder Standby-Modus befindet. Verbinden des iPod nano mit Ihrem Computer iTunes synchronisiert Musiktitel auf dem iPod nano automatisch, wenn Sie ihn mit dem Computer verbinden, es sei denn, Sie haben andere Synchronisierungseinstellungen in iTunes gewählt. Den iPod nano mit Ihrem Computer verbinden m Schließen Sie das mitgelieferte Lightning-Kabel an einen USB 3.0- oder einen High-PowerUSB 2.0-Anschluss Ihres Computers an. Schließen Sie das andere Ende des Kabels an den iPod nano an. Der USB-Anschluss der meisten Tastaturen liefert nicht ausreichend Strom, um den iPod nano zu laden. Trennen des iPod nano von Ihrem Computer Ist die Hintergrundbeleuchtung deaktiviert, drücken Sie zum Aktivieren die Standby-Taste, sodass Sie die Meldung auf dem Bildschirm sehen können. Den iPod nano trennen m Warten Sie, bis der Home-Bildschirm oder eine Meldung angezeigt wird, das Sie die Verbindung trennen können. Trennen Sie dann die Kabelverbindung zum iPod nano. Trennen Sie den iPod nano nicht, während die Meldung „Verbunden“ oder „Synchronisieren“ angezeigt wird. Wenn eine dieser Meldungen angezeigt wird, müssen Sie den iPod nano vor dem Trennen vom Computer auswerfen, um eine Beschädigung der Dateien auf dem iPod nano zu vermeiden. Den iPod nano auswerfen m In iTunes wählen Sie „Steuerung“ > „Medium auswerfen“ oder klicken Sie auf die Auswurftaste neben iPod nano. m Wenn Sie einen Mac verwenden, können Sie das iPod nano-Symbol vom Schreibtisch in den Papierkorb bewegen. Kapitel 3 Grundlagen 14 m Wenn Sie einen Windows-PC verwenden, können Sie den iPod nano im Bildschirm „Mein Computer“ auswerfen, indem Sie auf das Symbol für das sichere Entfernen von Hardware im Windows-Infobereich klicken und den iPod nano auswählen. Falls Sie den iPod nano versehentlich vom Computer trennen, ohne ihn auszuwerfen, verbinden Sie ihn wieder mit Ihrem Computer und synchronisieren Sie ihn erneut. Informationen zur Batterie ACHTUNG: Wichtige Informationen zur Sicherheit bei der Handhabung von Batterien und zum Aufladen des iPod nano finden Sie unter Wichtige Sicherheitsinformationen auf Seite 68. Der iPod nano hat eine interne Batterie, die vom Benutzer nicht entfernt oder ausgetauscht werden kann. Optimale Ergebnisse erzielen Sie, wenn Sie die Batterie beim erstmaligen Verwenden des iPod nano mindestens drei Stunden lang aufladen bzw. so lange aufladen, bis das Batteriesymbol anzeigt, dass die Batterie vollständig aufgeladen ist. Die Batterie des iPod nano ist nach ungefähr eineinhalb Stunden zu 80 Prozent und nach ungefähr drei Stunden vollständig aufgeladen. Wenn Sie den iPod nano aufladen, während Sie Dateien hinzufügen, Musik abspielen, Radiosendungen anhören oder eine Diashow ansehen, dauert der Ladevorgang u. U. länger. Aufladen der Batterie Sie können die Batterie des iPod nano aufladen, indem Sie den iPod nano an Ihren Computer oder an den Apple USB Adapter (separat erhältlich) anschließen. Die Batterie über Ihren Computer aufladen m Schließen Sie den iPod nano an einen USB 3.0- oder einen High-Power-USB 2.0-Anschluss Ihres Computers an. Der Computer muss eingeschaltet sein und darf sich nicht im Ruhezustand befinden. Wichtig: Wenn die Meldung „Bitten laden Sie die Batterie auf“ auf dem Bildschirm des iPod nano angezeigt wird, muss erst die Batterie geladen werden, bevor der iPod nano mit Ihrem Computer kommunizieren kann. Vgl. Auf dem iPod nano wird die Meldung „Bitte laden Sie die Batterie auf“ angezeigt auf Seite 64. Wenn Sie den iPod nano aufladen möchten und Ihr Computer nicht in der Nähe ist, können Sie den optional erhältlichen Apple USB Power Adapter (Netzteil) verwenden. Die Batterie mit dem Apple USB Power Adapter aufladen 1 Schließen Sie das Lightning-Kabel an den Apple USB Power Adapter an. 2 Schließen Sie das andere Ende des Lightning-Kabels an den iPod nano an.Kapitel 3 Grundlagen 15 3 Schließen Sie den Apple USB Power Adapter an eine funktionierende Steckdose an. Apple USB Power Adapter (Ihr Netzteil kann anders aussehen) Lightning-auf-USB-Kabel ACHTUNG: Vergewissern Sie sich, dass das Netzteil korrekt zusammengesetzt ist, bevor Sie es an eine Steckdose anschließen. Die verschiedenen Symbole für den Batteriestatus Wenn der iPod nano nicht an eine Stromquelle angeschlossen ist, zeigt ein Batteriesymbol oben rechts im iPod nano-Bildschirm an, wie viel Batterieladung ungefähr noch vorhanden ist. Die Batterie ist weniger als 20 % aufgeladen. Die Batterie ist etwa zur Hälfte aufgeladen. Die Batterie ist vollständig aufgeladen. Ist der iPod nano am Stromnetz angeschlossen, ändert sich das Batteriesymbol, wenn die Batterie aufgeladen wird bzw. vollständig aufgeladen ist. Es ist möglich, den iPod nano vom Computer zu trennen und ihn zu verwenden, bevor die Batterie vollständig aufgeladen ist. Die Batterie wird aufgeladen (Blitzsymbol) Die Batterie ist vollständig aufgeladen (Steckersymbol) Hinweis: Die Anzahl der Ladezyklen bei wiederaufladbaren Batterien ist begrenzt. Daher müssen diese Batterien irgendwann von einem Apple Autorisierten Service-Partner ersetzt werden. Die Batterielaufzeit und die Anzahl der Ladezyklen hängt von der Nutzung und von den Einstellungen ab. Informationen hierzu finden Sie unter www.apple.com/de/batteries. Einsparen von Batteriestrom Der iPod nano spart während der Wiedergabe auf intelligente Weise den Batteriestrom. Zum Einsparen von Batteriestrom wird die Bildschirmanzeige des iPod nano ausgeblendet, wenn Sie den Bildschirm 20 Sekunden lang nicht berühren, und dann ausgeschaltet. Drücken Sie auf die Standby-Taste, um den Bildschirm wieder ein- bzw. auszuschalten. Der Bildschirm schaltet sich automatisch aus, wenn auf dem iPod nano keine Aktivität verzeichnet wird (keine Audio- oder Videowiedergabe erfolgt oder bei der Schrittzählung keine Bewegung registriert wird). Zum Wiedereinschalten des iPod nano drücken Sie die Standby-Taste. Sie können den iPod nano auch vollständig ausschalten, indem Sie die Standby-Taste einige Sekunden lang gedrückt halten. Zum Wiedereinschalten des iPod nano, nachdem er auf diese Weise ausgeschaltet wurde, halten Sie die Standby-Taste einige Sekunden lang gedrückt. Kapitel 3 Grundlagen 16 Das Ausschalten des iPod nano bewirkt Folgendes: • Die Wiedergabe von Musik und anderen Audiodateien wird gestoppt • Angehaltene Radiosendungen werden gelöscht • Eine evtl. wiedergegebene Diashow wird gestoppt • Ein evtl. wiedergegebenes Video wird gestoppt • Ein gerade aufgezeichnetes Sprachmemo wird gesichert • Die Schrittzählung wird gestoppt • Nike+-Trainingsdaten werden gestoppt und gesichert Ist der iPod nano ausgeschaltet, hören Sie kein Wecksignal, wenn der Timer abgelaufen ist. Wenn Sie den iPod nano wieder einschalten, ertönen die Wecksignale wie geplant, sofern die eingestellte Zeit noch nicht abgelaufen ist. Wenn Sie nicht mit einem Bluetooth-Gerät verbunden sind oder Sie ein solches Gerät nicht verwenden, deaktivieren Sie zum Einsparen von Batteriestrom Bluetooth unter „Einstellungen“ > „Bluetooth“. Konfigurieren der iTunes-Synchronisierung iTunes ist eine kostenlose Software, mit der Sie Musik, Hörbücher, Podcasts, Fotos, Videos und iTunes U-Sammlungen mit Ihrem Computer und dem iPod nano synchronisieren und Ihre Trainingsdaten an die Nike+ Website senden können. Sie benötigen iTunes 10.7 (oder neuer), um die iPod nano-Funktionen zu verwenden. Sie können Inhalte im iTunes Store (verfügbar in bestimmten Ländern) anhören oder ansehen und in iTunes auf Ihren Computer laden. Näheres zu iTunes und den iTunes Store erfahren Sie, indem Sie iTunes öffnen und „Hilfe“ > „iTunes-Hilfe“ auswählen. Automatisches Synchronisieren Wenn Sie den iPod nano mit Ihrem Computer verbinden, wird er automatisch mit den Objekten in Ihrer iTunes-Mediathek aktualisiert. Nach der Aktualisierung wird in iTunes eine entsprechende Nachricht angezeigt. Ein Balken unten im iTunes-Fenster zeigt, wie viel Speicherplatz von den verschiedenen Inhalten belegt wird. Der iPod nano kann mit nur jeweils einem Computer automatisch synchronisiert werden. Wichtig: Wenn Sie den iPod nano zum ersten Mal mit einem Computer verbinden, mit dem er nicht synchronisiert ist, werden Sie in einer Meldung gefragt, ob Sie Titel automatisch synchronisieren möchten. Wenn Sie dies bestätigen, werden alle Musiktitel, Hörbücher und anderen Inhalte auf dem iPod nano gelöscht und durch die Musiktitel und anderen Dateien dieses Computers ersetzt. Sie können die Synchronisierung des iPod nano verhindern, wenn er mit einem anderen als dem normalerweise zur Synchronisierung verwendeten Computer verbunden wird. Die automatische Synchronisierung für den iPod nano deaktivieren 1 Schließen Sie den iPod nano an Ihren Computer an und starten Sie iTunes. 2 Deaktivieren Sie die Option „iTunes öffnen, wenn dieser iPod angeschlossen wird“ im Abschnitt „Übersicht“. 3 Klicken Sie auf „Anwenden“. Wenn Sie die automatische Synchronisierung deaktiviert haben, können Sie die Synchronisierung durch Tippen auf die Taste „Synchronisieren“ starten.Kapitel 3 Grundlagen 17 Manuelles Verwalten des iPod nano Wenn Sie den iPod nano manuell verwalten, haben Sie die Möglichkeit, Inhalte von mehreren Computern zum iPod nano hinzuzufügen, ohne Objekte zu löschen, die bereits auf dem iPod nano abgelegt sind. Wenn Sie den iPod nano für das manuelle Verwalten von Musiktiteln konfiguriert haben, werden die Optionen zur automatischen Synchronisierung in den Bereichen „Musik“, „Podcasts“, „iTunes U“ und „Fotos“ deaktiviert. Es ist nicht möglich, einige Kategorien manuell zu verwalten und gleichzeitig andere automatisch zu synchronisieren. Hinweis: Wenn Sie Ihre Inhalte manuell verwalten, funktionieren Genius-Mixe nicht. Sie können Genius-Wiedergabeliste weiterhin mit dem iPod nano synchronisieren und nach einer manuellen Synchronisierung der Genius-Inhalte auf dem iPod erstellen. Vgl. Abspielen von Genius-Mixen auf Seite 26. iTunes für das manuelle Verwalten von Inhalten konfigurieren 1 Öffnen Sie die iTunes-Einstellungen (im Menü unter iTunes) und klicken Sie auf „Geräte“. 2 Wählen Sie „Automatische Synchronisierung für alle iPhones, iPods und iPad s deaktivieren“. Klicken Sie anschließend auf „OK“. 3 Wählen Sie den iPod nano im iTunes-Fenster aus und klicken Sie auf „Übersicht“. 4 Wählen Sie „Musik und Videos manuell verwalten“ im Abschnitt „Optionen“ aus. 5 Klicken Sie auf „Anwenden“. Wenn Sie den Inhalt auf dem iPod nano manuell verwalten, müssen Sie den iPod nano immer in iTunes auswerfen, bevor Sie ihn vom Computer trennen. Vgl. Trennen des iPod nano von Ihrem Computer auf Seite 13. Sie können den iPod nano jederzeit zurücksetzen, um die automatische Synchronisierung wieder zu aktivieren. Deaktivieren Sie die Option „Musik manuell verwalten“ und klicken Sie auf „Anwenden“. Möglicherweise müssen Sie Ihre Synchronisierungsoptionen erneut auswählen. Übertragen gekaufter Inhalte auf einen anderen Computer Inhalte, die Sie mit einem bestimmten Computer über iTunes gekauft haben, können vom iPod nano in die iTunes-Mediathek eines anderen Computers übertragen werden. Damit Sie die Inhalte abspielen können, muss der andere Computer für die Wiedergabe von Inhalten mit Ihrem iTunes-Account aktiviert werden. Übertragen gekaufter Inhalte auf einen anderen Computer 1 Öffnen Sie iTunes auf dem anderen Computer und wählen „Store“ > „Computer aktivieren“. 2 Verbinden Sie den iPod nano mit dem soeben aktivierten Computer. 3 Starten Sie iTunes, öffnen Sie das Menü „Ablage“ bzw. „Datei“ und wählen Sie „Einkäufe vom iPod übertragen“ aus.4 18 Mit dem iPod nano ist es sehr einfach Musiktitel, Podcasts und iTunes U-Programme zu finden und abzuspielen. Sie können Titel wiederholen, schnell vorspulen, in Zufallsfolge wiedergeben und den Multi-Touch-Bildschirm zum Erstellen von Wiedergabelisten verwenden. Sie können einen Genius-Mix – Titel aus Ihrer Mediathek, die gut zusammenpassen – oder eine GeniusWiedergabeliste auf Basis Ihres Lieblings-Songs abspielen. ACHTUNG: Wichtige Informationen zum Vermeiden von Hörschäden finden Sie unter Kapitel 14, Sicherheit und Handhabung, auf Seite 68. Abspielen von Musik Während der Wiedergabe eines Titels wird dessen Albumcover auf dem Bildschirm „Sie hören“ angezeigt und in der Statusleiste oben in den anderen Bildschirmen werden die Symbole „Start“ ( ) oder „Pause“ ( ) angezeigt. Sie können während der Wiedergabe von Musik oder anderen Audioinhalten Musiktitel auf dem iPod nano durchsuchen und Einstellungen ändern. Hinweis: Der iPod nano muss auf dem Computer ausgeworfen werden, damit Musiktitel und andere Audiotitel abgespielt werden können. Einen Musiktitel abspielen Führen Sie einen der folgenden Schritte aus: m Tippen Sie im Home-Bildschirm auf „Musik“, eine Kategorie (Wiedergabelisten, Alben oder eine andere Kategorie) und dann auf einen Titel. m Drücken Sie die Start/Pause-Taste (zwischen den Lautstärketasten), um einen zufälligen Titel wiederzugeben. Wurde ein Titel angehalten, wird dessen Wiedergabe fortgesetzt. m Schütteln Sie den iPod nano kurz, um die Titel in zufälliger Folge abzuspielen. Musik und andere AudiodateienKapitel 4 Musik und andere Audiodateien 19 Wenn Sie den iPod nano während der Wiedergabe von Musik oder anderen Audiodateien ausschalten (indem Sie die Standby-Taste drücken und halten), wird die Wiedergabe angehalten. Wenn Sie den iPod nano wieder einschalten, tippen Sie auf oder drücken Sie die Start/PauseTaste, um die Wiedergabe fortzusetzen. Musiktitel in der Musik-Mediathek finden Führen Sie einen der folgenden Schritte aus: m Blättern Sie durch Streichen in Listen mit Titeln und Alben, tippen Sie auf die Menüleiste, um zum Anfang einer Liste zurückzukehren. m Streichen Sie von rechts nach links über einen Titel, um dessen Text einzublenden (der Text wird weitergeblättert, sodass Sie ihn komplett lesen können). m Bewegen Sie Ihren Finger in einer Indexliste nach unten, um einen Großbuchstaben über der Liste einzublenden. Heben Sie den Finger an, wenn der gewünschte Buchstabe angezeigt wird. Steuern der Wiedergabe von Musiktiteln Sie können die Wiedergabe mit den Bedienelementen im Bildschirm „Sie hören“, der Start/ Pause-Taste (zwischen den Lautstärketasten auf dem iPod nano), den Tasten an den Apple EarPods mit Fernbedienung und Mikrofon (separat erhältlich) und anderen kompatiblen Audiogeräten steuern. Titelposition Bedienelemente für den Titel Lautstärke Zum Einblenden dieser Bedienelemente auf Bildschirm tippenKapitel 4 Musik und andere Audiodateien 20 Für folgende Funktionen verwenden Sie die iPod nano-Bedienelemente und -Tasten: Anhalten eines Musiktitels Tippen Sie auf , drücken Sie die Start/Pause-Taste (zwischen den Lautstärketasten) oder trennen Sie die EarPods. Abspielen eines gestoppten Musiktitels Tippen Sie auf oder drücken Sie die Start/PauseTaste (zwischen den Lautstärketasten). Erneutes Abspielen eines Musiktitels Tippen auf . Abspielen des vorherigen Musiktitels Tippen Sie zweimal auf . Wechseln zum nächsten Musiktitel Tippen Sie auf oder drücken Sie die Start/PauseTaste (zwischen den Lautstärketasten) zweimal. Schneller Vor-/Rücklauf eines Musiktitels Legen Sie den Finger auf oder auf . Wiederholen von Musiktiteln Tippen Sie auf den Bildschirm „Sie hören“ und dann auf . Tippen Sie erneut und weitere Optionen anzuzeigen: = Wiederholt alle Titel des aktuellen Albums oder der aktuellen Liste. = Wiederholt permanent nur den aktuellen Titel. Erstellen einer Genius-Wiedergabeliste Starten Sie die Wiedergabe und tippen Sie auf den Bildschirm „Sie hören“ und auf . Zufällige Wiedergabe von Titeln Tippen Sie auf den Bildschirm „Sie hören“ und dann auf . Wenn die Schüttelfunktion in den Einstellungen aktiviert ist, schütteln Sie den iPod nano kurz. Springen zu einer beliebigen Stelle in einem Musiktitel Bewegen Sie die Abspielposition auf dem Bedienelement für die Titelposition. Streichen Sie mit dem Finger nach unten, um die Geschwindigkeit zu verringern und eine höhere Präzision zu erreichen. Je weiter Sie mit dem Finger nach unten streichen, desto genauer lässt sich die Geschwindigkeit regulieren. Musiktitel bewerten Tippen Sie auf den Bildschirm „Sie hören“ und auf und bewegen Sie den Finger über die Punkte oben im Bildschirm. Musiktitel eines Albums anzeigen Tippen Sie auf den Bildschirm „Sie hören“ und auf oder tippen Sie auf das Album in der Albumsliste. Audiowiedergabe umleiten Tippen Sie auf das Symbol zum Umleiten der Audiowiedergabe neben dem Lautstärkeregler und dann auf das Gerät, an das die Audiowiedergabe geleitet werden soll.Kapitel 4 Musik und andere Audiodateien 21 Zufällige Wiedergabe von Titeln Sie können Musiktitel, Alben oder Wiedergabelisten in zufälliger Folge abspielen und festlegen, dass der iPod nano die Zufallswiedergabe startet, wenn Sie ihn schütteln. Hier einige Möglichkeiten für die Zufallswiedergabe von Musik: Zufällige Wiedergabe und Abspielen aller Titel Tippen Sie oben in der Titelliste auf „Zufällig“. Der iPod nano startet die Wiedergabe der Titel in der iPod nano-Mediathek in zufälliger Reihenfolge und lässt dabei Hörbücher, Podcasts und iTunes U-Sammlungen aus. Titel im Bildschirm „Sie hören“ in zufälliger Reihenfolge abspielen Tippen Sie auf den Bildschirm und dann auf . Verwenden der Schüttelfunktion Schütteln Sie den iPod nano, wenn die Bildschirmanzeige zu sehen ist, um die Zufallswiedergabe zu starten. Ist die Bildschirmanzeige aus, drücken Sie vor dem Schütteln die Standby-Taste. Die Option „Schüttelfunktion“ ist standardmäßig aktiviert, kann jedoch in den Einstellungen deaktiviert werden. Abspielen von Podcasts, Hörbüchern und iTunes U-Sammlungen Bei Podcasts handelt es sich um kostenlose, ladbare Sendungen, die im iTunes Store verfügbar sind. Podcasts sind unterteilt nach Sendungen, Folgen innerhalb der Sendungen und Kapiteln innerhalb der Folgen. Wenn Sie die Wiedergabe eines Podcasts stoppen und später fortsetzen, wird sie an der Stelle fortgesetzt, an der sie unterbrochen wurde. Hörbücher können im iTunes Store gekauft und geladen werden. Wenn Sie Hörbücher anhören, die Sie im iTunes Store oder bei audible.de erworben haben, können Sie die Wiedergabegeschwindigkeit schneller oder langsamer als normal einstellen. Ein Hörbuch-Symbol erscheint nur dann auf dem Home-Bildschirm, wenn Sie Hörbücher aus Ihrer iTunes-Mediathek synchronisiert haben. iTunes U gehört zum iTunes Store und stellt kostenlose Vorlesungen, Sprachkurse und mehr bereit, die Sie laden und mit dem iPod nano abspielen können. Die iTunes U-Inhalte sind nach Sammlungen, Objekten innerhalb von Sammlungen, Autoren und Anbietern sortiert. Ein iTunes U-Symbol erscheint nur dann auf dem Home-Bildschirm, wenn Sie iTunes U-Inhalte aus Ihrer iTunes-Mediathek synchronisiert haben.Kapitel 4 Musik und andere Audiodateien 22 Podcasts, Hörbücher und iTunes U-Sammlungen finden m Tippen Sie im Home-Bildschirm auf „Podcasts“ (oder „Hörbücher“ oder „iTunes U“) und dann auf eine Sendung oder einen Titel. Podcasts, Hörbücher und iTunes U-Inhalte werden ebenfalls unter „Musik“ aufgelistet. Podcast-Sendungen und iTunes U-Sammlungen werden in chronologischer Reihenfolge angezeigt, sodass Sie sie in der Reihenfolge ihres Erscheinens abspielen können. Ein blauer Punkt markiert Sendungen und Folgen, die noch nicht abgespielt wurden. Nachdem eine Podcast-Folge oder ein iTunes U-Programm abgespielt wurde, wird die Wiedergabe der nächsten noch nicht bzw. teilweise abgespielten Folge automatisch gestartet. Weitere Informationen zu Podcasts erhalten Sie, indem Sie iTunes öffnen und „Hilfe“ > „iTunesHilfe“ wählen. Suchen Sie dann nach „Podcasts“. Steuern der Wiedergabe von Podcasts, Hörbüchern und iTunes U-Sammlungen Die Bedienelemente für Podcasts, Hörbücher und iTunes U-Sammlungen unterscheiden sich leicht von denen für Musiktitel. Titelposition Bedienelemente für den Titel Lautstärke Zum Einblenden dieser Bedienelemente auf Bildschirm tippenKapitel 4 Musik und andere Audiodateien 23 Mit den Bedienelementen auf dem Bildschirm und den iPod nano-Tasten können Sie die Wiedergabe von Podcasts, iTunes U-Inhalten und Hörbüchern wie folgt steuern: Pause Tippen Sie auf , trennen Sie die EarPods oder drücken Sie die Start/Pause-Taste (zwischen den Lautstärketasten). Angehaltenes Programm fortsetzen Tippen Sie auf oder drücken Sie die Start/PauseTaste (zwischen den Lautstärketasten). Erneutes Starten Tippen auf . Abspielen der vorherigen Folge oder des vorherigen Kapitels Tippen Sie beim Starten der Folge oder des Kapitel auf oder während der Wiedergabe zweimal auf . Abspielen der nächsten Folge bzw. des nächsten Kapitels Tippen Sie auf oder drücken Sie die Start/PauseTaste (zwischen den Lautstärketasten) zweimal. Springen zu einer beliebigen Stelle in einem Podcast, Hörbuch oder einer iTunes U-Sammlung Bewegen Sie die Abspielposition auf dem Bedienelement für die Titelposition. Streichen Sie mit dem Finger nach unten, um die Geschwindigkeit zu verringern und eine höhere Präzision zu erreichen. Je weiter Sie mit dem Finger nach unten streichen, desto genauer lässt sich die Geschwindigkeit regulieren. Wiedergabe der letzten 30 Sekunden Tippen Sie auf den Bildschirm „Sie hören“ und dann auf . Festlegen der Wiedergabegeschwindigkeit Tippen Sie auf den Bildschirm „Sie hören“ und dann auf . Tippen Sie ein weiteres Mal, um die Geschwindigkeit zu ändern. = Wiedergabe erfolgt mit doppelter Geschwindigkeit. = Wiedergabe erfolgt mit normaler Geschwindigkeit. = Wiedergabe erfolgt mit halber Geschwindigkeit. Anzeigen von Folgen oder Kapiteln für Podcasts, iTunes U oder Hörbücher Tippen Sie auf den Bildschirm „Sie hören“ und dann auf . Anzeigen von Informationen über Podcasts, iTunes U oder Hörbücher Tippen Sie auf den Bildschirm „Sie hören“.Kapitel 4 Musik und andere Audiodateien 24 Erstellen von Wiedergabelisten auf dem iPod nano Auch wenn der iPod nano nicht mit Ihrem Computer verbunden ist, können Sie eigene Wiedergabelisten mit Musiktiteln, Podcasts und Hörbüchern erstellen oder mit der Funktion „Genius“ Genius-Wiedergabelisten anlegen. Wiedergabelisten, die Sie auf dem iPod nano anlegen, werden mit iTunes synchronisiert, wenn Sie den iPod nano mit Ihrem Computer verbinden. Erstellen und Bearbeiten von Wiedergabelisten Sie können eigene Wiedergabelisten auf dem iPod nano erstellen und bearbeiten. Wiedergabeliste erstellen 1 Tippen Sie im Home-Bildschirm auf „Musik“ > „Wiedergabelisten“. 2 Streichen Sie nach unten und tippen Sie auf „Hinzufügen“. 3 Tippen Sie auf eine Kategorie (Musiktitel, Alben, Podcasts usw.) und dann auf die Objekte, die Sie hinzufügen wollen. Tippen Sie erst auf „Fertig“, wenn Sie alle Objekte zur Wiedergabeliste hinzugefügt haben. 4 Streichen Sie nach links, um weitere Inhalte hinzuzufügen. Sie können Inhalte aus jeder Kategorie hinzufügen. Sie können beispielsweise Podcasts mit Musiktiteln in einer Wiedergabeliste mischen. 5 Tippen Sie abschließend auf „Fertig“. Die neue Wiedergabeliste wird mit „Neue Wiedergabeliste 1“ (oder „Neue Wiedergabeliste 2“ usw.) benannt. Bei der nächsten Synchronisierung können Sie diesen Namen in iTunes ändern. Wenn Sie die Synchronisierung erneut starten, wird der Name der Wiedergabeliste auf dem iPod nano aktualisiert. Objekte aus einer Wiedergabeliste entfernen 1 Tippen Sie im Home-Bildschirm auf „Musik“ > „Wiedergabelisten“ und dann auf die Wiedergabeliste, die Sie bearbeiten möchten. 2 Streichen Sie nach unten und tippen Sie auf „Bearbeiten“. 3 Tippen Sie auf neben dem Objekt, das Sie löschen wollen. Tippen Sie anschließend auf „Löschen“, wenn diese Taste rechts neben dem Objekt angezeigt wird.Kapitel 4 Musik und andere Audiodateien 25 4 Tippen Sie abschließend auf „Fertig“. Wiedergabeliste löschen 1 Tippen Sie im Home-Bildschirm auf „Musik“ > „Wiedergabelisten“. 2 Streichen Sie nach unten und tippen Sie auf „Bearbeiten“. 3 Tippen Sie auf neben der Wiedergabeliste, die Sie löschen wollen. Tippen Sie anschließend auf „Löschen“, wenn diese Taste neben der Liste angezeigt wird. Wenn Sie versehentlich auf die falsche Wiedergabeliste getippt haben, tippen Sie einfach nochmals auf die Liste, die gelöscht werden soll. 4 Tippen Sie auf „Löschen“ bzw. auf „Abbrechen“, wenn Sie Ihre Meinung geändert haben. 5 Wenn Sie fertig sind, streichen Sie nach oben und tippen auf „Fertig“ (oder streichen Sie nach rechts, um nach dem Tippen auf „Abbrechen“ zum Home-Bildschirm zurückzukehren). Erstellen einer intelligenten Wiedergabeliste auf der Basis von Bewertungen für Musiktitel Sie können Musiktiteln eine Bewertung hinzufügen (von 0 bis zu 5 Sternen), um anzugeben, wie sehr Ihnen ein Titel gefällt. Die Wertungen, die Sie Musiktiteln auf dem iPod nano zuweisen, werden bei der Synchronisierung an iTunes übertragen. Diese Bewertungen helfen Ihnen dabei, automatisch intelligente Wiedergabelisten in iTunes zu erstellen. Einen Musiktitel bewerten 1 Tippen Sie während der Wiedergabe auf den Bildschirm „Sie hören“. 2 Tippen auf . 3 Tippen Sie oben im Bildschirm auf die Wertungspunkte oder bewegen Sie den Finger darüber ( ), um die Anzahl der Sterne zuzuweisen. Erstellen von Genius-Wiedergabelisten Bei einer Genius-Wiedergabeliste handelt es sich um eine Sammlung von Musiktiteln, die gut zu einem von Ihnen gewählten Titel aus Ihrer Mediathek passen. Sie können Genius-Wiedergabelisten auf dem iPod nano erstellen und die mit iTunes erstellten Genius-Wiedergabelisten synchronisieren. Genius ist ein kostenloser Dienst, zu dessen Nutzung ein iTunes Store-Account erforderlich ist. Informationen zum Einrichten der Funktion „Genius“ in iTunes erhalten Sie, indem Sie iTunes öffnen und „Hilfe“ > „iTunes-Hilfe“ wählen. Kapitel 4 Musik und andere Audiodateien 26 Eine Genius-Wiedergabeliste auf dem iPod nano erstellen 1 Starten Sie die Wiedergabe und tippen Sie auf den Bildschirm „Sie hören“. 2 Tippen auf . Die neue Wiedergabeliste wird angezeigt. Sie sehen eine Meldung, wenn eine der folgenden Bedingungen zutrifft: • Sie haben Genius in iTunes nicht aktiviert. • Genius erkennt den ausgewählten Musiktitel nicht. • Genius erkennt den Musiktitel, aber in Ihrer Mediathek befinden sich nicht mindestens zehn ähnliche Titel. 3 Streichen Sie nach oben oder unten, um die Titel in der Wiedergabeliste anzuzeigen. 4 Tippen Sie auf „Sichern“. Die Wiedergabeliste wird mit dem Namen und Interpreten des Titels gesichert, den Sie zum Erstellen der Wiedergabeliste verwendet haben. Wenn Sie eine gesicherte Wiedergabeliste aktualisieren, ersetzt die neue Liste die vorherige. Die vorherige Wiedergabeliste kann nicht wiederhergestellt werden. Die auf dem iPod nano gesicherten Genius-Wiedergabelisten werden wieder mit iTunes synchronisiert, wenn Sie den iPod nano an Ihren Computer anschließen. Abspielen von Genius-Mixen iTunes erstellt automatisch Genius-Mixe, die Titel aus Ihrer Mediathek enthalten, die gut zusammenpassen. Mit Genius-Mixen genießen Sie Ihre Titel jedes Mal neu. Einen Genius-Mix abspielen 1 Tippen Sie im Home-Bildschirm auf „Musik“ > „Genius-Mixe“. 2 Streichen Sie nach links oder rechts, um die Genius-Mixe zu durchblättern. Die Punkte unten auf dem Bildschirm geben an, wie viele Genius-Mixe auf dem iPod nano vorhanden sind. 3 Tippen Sie auf dem Genius-Mix, den Sie abspielen wollen. auf .Kapitel 4 Musik und andere Audiodateien 27 Anpassen der Lautstärke ACHTUNG: Wichtige Informationen zum Vermeiden von Hörschäden finden Sie unter Kapitel 14, Sicherheit und Handhabung, auf Seite 68. Die Lautstärketasten befinden sich an der Seite des iPod nano. Drücken Sie die Taste „Lauter“ oder „Leiser“, um die Lautstärke während der Wiedergabe einzustellen. Hinweis: In einigen Ländern zeigt der iPod nano möglicherweise an, dass Sie eine höhere die Lautstärke eingestellt haben, als die in Richtlinien zum Sicheren Hören der Europäischen Union definierte. Wenn Sie die Lautstärke höher als auf diesen Wert einstellen wollen, müssen Sie möglicherweise zunächst das Einstellen der Lautstärke stoppen und dann erneut beginnen. Heben Sie zum Beispiel Ihren Finger von der Lautstärketaste ab und legen sie ihn erneut darauf. Sie können einen Equalizer-Einstellung festlegen, indem Sie auf dem iPod nano „Einstellungen“ > „Musik“ wählen. Wenn Sie in iTunes einem Musiktitel eine Equalizer-Einstellung zugewiesen haben und der iPod nano Equalizer deaktiviert ist, wird für die Wiedergabe des Titels die iTunesEinstellung verwendet. Im Folgenden werden weitere Einstellungen beschrieben, mit denen Sie die maximale Lautstärke festlegen und die Audioqualität verbessern können. Einstellen der Obergrenze für die Lautstärke Sie können auf Ihrem iPod nano eine Obergrenze für die Lautstärke festlegen und dieser eine Zahlenkombination zuweisen, mit der verhindert wird, dass die Einstellung ohne Ihre Kenntnis geändert werden kann. Zubehör, das über den Lightning-Anschluss angeschlossen wird, unterstützt keine Obergrenzen für die Lautstärke. Eine Obergrenze für die Lautstärke für den iPod nano einstellen 1 Tippen Sie im Home-Bildschirm auf „Einstellungen“ > „Allgemein“ > „Maximale Lautstärke“. Der Lautstärkeregler zeigt die maximale Lautstärke an. 2 Bewegen Sie den Regler nach links, um die maximale Lautstärke zu verringern, bzw. nach rechts, um die Obergrenze zu erhöhen. Hinweis: In einigen Ländern können Sie die Obergrenze für die Lautstärke eines Headsets auf den von der EU empfohlenen Wert einstellen. Tippen Sie auf „Einstellungen“ > „Musik“ und dann auf den Schalter im Abschnitt „Max. Lautstärke (EU)“, um die Einstellung zu aktivieren. Festlegen, dass zum Ändern der maximalen Lautstärke eine Zahlenkombination eingegeben werden muss 1 Legen Sie die maximale Lautstärke fest und tippen Sie anschließend auf „Maximale Lautstärke sperren“. 2 Geben Sie im angezeigten Bildschirm eine vierstellige Zahlenkombination ein. Wenn Sie versehentlich auf eine Zahl getippt haben, tippen Sie auf und dann auf die gewünschte Zahl Durch wiederholtes Tippen auf können Sie alle Zahlen löschen und zum Bildschirm zum Einstellen der Maximallautstärke zurückkehren, ohne einen Zahlencode festzulegen.Kapitel 4 Musik und andere Audiodateien 28 3 Geben Sie die Zahlen erneut ein, wenn Sie aufgefordert werden, den Zahlencode noch einmal einzugeben. Die Obergrenze für die Lautstärke löschen 1 Tippen Sie im Home-Bildschirm auf „Einstellungen“ > „Allgemein“ > „Maximale Lautstärke“. 2 Bewegen Sie den Regler ganz nach rechts. Haben Sie einen Zahlencode festgelegt, tippen Sie zunächst auf „Maximale Lautstärke entsperren“, geben die Zahlenkombination ein und bewegen dann den Regler. Wenn Sie den Code vergessen haben, können Sie Ihren iPod nano zurücksetzen. Vgl. Aktualisieren und Wiederherstellen der iPod-Software auf Seite 66. Abspielen von Musiktiteln mit einer konstanten Lautstärke Die Lautstärke von Musiktiteln und anderem Tonmaterial kann je nach Art der Aufnahme und Codierung variieren. Die Lautstärke kann auch abhängig von den verwendeten Ohr- und Kopfhörern unterschiedlich sein. Sie können iTunes so konfigurieren, dass die Lautstärke der Titel automatisch angepasst wird, damit sie alle mit derselben relativen Lautstärke abgespielt werden. Sie können den iPod nano auch so einstellen, dass er dieselben Lautstärkeeinstellungen wie iTunes verwendet. Festlegen, dass Musiktitel mit der gleichen Lautstärke wiedergegeben werden 1 Öffnen Sie iTunes und wählen Sie „iTunes“ > „Einstellungen“, wenn Sie einen Mac verwenden, oder „Bearbeiten“ > „Einstellungen“, wenn Sie einen Windows-PC verwenden. 2 Klicken Sie auf „Wiedergabe“ und wählen Sie „Lautstärke anpassen“. Klicken Sie dann auf „OK“. 3 Tippen Sie im Home-Bildschirm auf „Einstellungen“. 4 Tippen Sie auf „Musik“. 5 Tippen Sie auf neben der Option „Lautstärke anpassen“, um sie zu aktivieren. Wenn Sie die Option „Lautstärke anpassen“ in iTunes nicht aktiviert haben, hat das Einstellen dieser Option auf dem iPod nano keine Auswirkung. Wenn Sie in iTunes einem Musiktitel eine Equalizer-Einstellung zugewiesen haben und der iPod nano Equalizer deaktiviert ist, wird für die Wiedergabe des Titels die iTunes-Einstellung verwendet. Sie können einen Equalizer-Einstellung festlegen, indem Sie auf dem iPod nano „Einstellungen“ > „Musik“ wählen.5 29 Auf dem iPod nano können Sie Filme, Musikvideos, Video-Podcasts, iTunes U-Programme und Fernsehsendungen in iTunes ansehen. Filme, die Sie in iMovie aufgenommen haben, können Sie für die Anzeige auf dem iPod nano konvertieren. ACHTUNG: Wichtige Informationen zum Vermeiden von Hörschäden finden Sie unter Kapitel 14, Sicherheit und Handhabung, auf Seite 68. Hinzufügen von Videos auf dem iPod nano Das Hinzufügen von Videos auf den iPod nano mithilfe von iTunes funktioniert ähnlich wie das Hinzufügen von Musiktiteln. Informationen zum Synchronisieren mit iTunes finden Sie unter Konfigurieren der iTunes-Synchronisierung auf Seite 16. Neben iTunes-Videos können Sie auch andere Typen von Videos auf dem iPod nano hinzufügen. Sie können beispielsweise Videos hinzufügen, die Sie in iMovie auf einem Mac erstellt oder aus dem Internet geladen haben. Wird eine Meldung angezeigt, dass das Video auf dem iPod nano nicht wiedergegeben werden kann, können Sie das Video möglicherweise konvertieren (vgl. iTunes-Hilfe). Der iPod nano unterstützt SD-Videos (Standard Definition). HD-Videos werden nicht mit dem iPod nano synchronisiert. Wiedergeben von Videos auf dem iPod nano Filme, Fernsehsendungen, Musikvideos und andere Videos, die Sie auf dem iPod nano hinzugefügt haben, werden im Menü „Videos“ nach Typ sortiert angezeigt. Video auf dem iPod nano abspielen m Tippen Sie im Home-Bildschirm auf „Video“ und dann auf ein im Menü angezeigtes Video. Zum Einblenden der Bedienelemente für Videos auf Bildschirm tippen Titelposition VideosKapitel 5 Videos 30 Hier einige Steuerungsmöglichkeiten für die Videowiedergabe: Ein- oder Ausblenden der Bedienelemente für die Wiedergabe Tippen Sie während der Wiedergabe des Videos auf den Bildschirm. Anhalten oder Fortsetzen der Wiedergabe Tippen Sie auf , auf oder drücken Sie die Start/ Pause-Taste (zwischen den Lautstärketasten). Starten der Wiedergabe vom Anfang Enthält das Video Kapitel, bewegen Sie die Abspielposition auf dem Bedienelement für die Titelposition ganz nach links. Sind keine Kapitel vorhanden, tippen Sie auf . Wurde das Video in der Videowiedergabeliste weniger als fünf Sekunden lang abgespielt, wird das vorherige Video in Ihrer Wiedergabeliste geöffnet. Andernfalls wird die Videoliste geöffnet. Wechseln zum vorherigen Video oder Filmkapitel Tippen Sie zweimal auf . Wechseln zum nächsten Video oder Filmkapitel Tippen Sie auf oder drücken Sie die Start/PauseTaste (zwischen den Lautstärketasten) zweimal. Schneller Vor-/Rücklauf eines Musiktitels Legen Sie den Finger auf oder auf . Wechseln zu einer beliebigen Stelle in einem Video Bewegen Sie die Abspielposition auf dem Bedienelement für die Titelposition. Streichen Sie mit dem Finger nach unten, um die ScrubbingGeschwindigkeit zu verringern, um eine höhere Präzision zu erreichen. Je weiter Sie mit dem Finger nach unten streichen, desto genauer lässt sich die Geschwindigkeit regulieren. Wechseln zum nächsten Kapitel Tippen Sie auf oder drücken Sie die Start/PauseTaste (zwischen den Lautstärketasten) zweimal. (Nicht immer verfügbar.) Wechseln zum vorherigen Kapitel Tippen Sie zweimal auf . (Nicht immer verfügbar.) Wechseln zu einem bestimmten Kapitel Tippen Sie auf , und wählen Sie ein Kapitel. (Nicht immer verfügbar.) Wird rechts neben den Videobedienelementen ein Bluetooth-Symbol angezeigt, können Sie den Film über Bluetooth-Kopfhörer oder -Lautsprecher anhören. Weitere Informationen finden Sie unter Anschließen von Bluetooth-Zubehör auf Seite 59 Sie können Untertitel aktivieren oder deaktivieren und auswählen, an welcher Stelle angehaltene Videos wieder abgespielt werden. Wählen Sie hierzu „Einstellungen“ > „Video“ . Wiedergeben von ausgeliehenen Filmen Sie können Filme in iTunes kaufen oder ausleihen und sie mit dem iPod nano synchronisieren (ausgeliehene Filme sind möglicherweise nicht in allen Regionen verfügbar). Filme mit Kapiteln verfügen über zusätzliche Bedienelemente, mit denen Sie das Kapitel auswählen können, das Sie ansehen wollen. Wichtig: Sie können einen ausgeliehenen Film nur auf jeweils einem Gerät ansehen. Wenn Sie also beispielsweise einen Film im iTunes Store ausleihen und ihn auf den iPod nano übertragen, können Sie diesen Film nur auf dem iPod nano ansehen. Wenn Sie den Film nach iTunes zurück- übertragen, können Sie ihn nur auf dem Computer ansehen, aber nicht mehr auf dem iPod nano. Bitte achten Sie darauf, wann die Leihfrist abläuft.Kapitel 5 Videos 31 Einen ausgeliehenen Film wiedergeben 1 Tippen Sie im Home-Bildschirm auf „Videos“ > „Ausgeliehen“. 2 Tippen Sie im angezeigten Fenster auf „OK“. Nach dem Starten der Wiedergabe können Sie einen ausgeliehenen Film 24 Stunden lang ansehen. Wenn Sie nicht glauben, dass Sie den Film in den nächsten 24 Stunden ansehen können, tippen Sie auf „Abbrechen“. Sie können die Filmwiedergabe stoppen und später fortsetzen. Die verbleibende Zeit der Ausleihfrist wird unter dem Filmtitel im Menü „Videos“ angezeigt. 3 Tippen Sie auf „Fertig“, wenn Sie den Film angesehen haben. 4 Streichen Sie nach unten und tippen Sie oben im Bildschirm auf „Bearbeiten“. 5 Tippen Sie auf neben dem Filmtitel im Menü „Ausgeliehen“ und dann auf „Löschen“. Bei Filmen mit Untertiteln oder erweiterten Untertiteln legen Sie die Sprache in iTunes fest. Weitere Informationen hierzu finden Sie in der iTunes-Hilfe.6 32 Sie können auf dem iPod nano FM-Radiosendungen anhören und Ihre Lieblings-Radiosender einstellen, sodass sie schnell finden können. Mit der Funktion „Live-Pause“ können Sie Live- Übertragungen von Sendungen anhalten und nach bis zu 15 Minuten fortsetzen. Mithilfe der Live-Pause-Bedienelemente können Sie in angehaltenen Inhalten vor- und zurückspulen und die gewünschte Stelle finden. Bei Radiosendern, die diese Funktion unterstützen, können Sie Musiktitel kennzeichnen und im iTunes Store dann eine Hörprobe abspielen und die Titel kaufen. ACHTUNG: Wichtige Informationen zum Vermeiden von Hörschäden finden Sie unter Kapitel 14, Sicherheit und Handhabung, auf Seite 68. Anhören von FM-Radiosendungen Der iPod nano verwendet das Ohrhörer- oder Kopfhörerkabel als Antenne. Daher müssen Sie EarPods oder Kopfhörer an den iPod nano anschließen, um ein Radiosignal empfangen zu können. Achten Sie für einen besseren Empfang darauf, dass das Kabel nicht verknotet oder abgeknickt ist. Wichtig: Die in diesem Kapitel angegebenen Funkfrequenzen dienen nur zur Veranschaulichung und sind nur in bestimmten Regionen verfügbar. Live-Pause-Bedienelement Radio-Tuner Bedienelemente für die Wiedergabe Zum Einblenden der Live-Pause-Bedienelemente auf Bildschirm tippen Radio hören 1 Schließen Sie EarPods oder Kopfhörer an den iPod nano an. 2 Tippen Sie im Home-Bildschirm auf „Radio“ und dann auf . Unterstützt der Sender RDS (Radio Data System), werden auf dem Bildschirm Informationen zu Titel, Interpret und Sender angezeigt. FM-RadiosendungenKapitel 6 FM-Radiosendungen 33 Verwendungsmöglichkeiten der Bedienelemente für das Radio: Stoppen und Fortsetzen von Live-Radiosendungen Drücken Sie die Start/Pause-Taste (zwischen den Lautstärketasten). Wenn Sie die taste erneut drü- cken, wird die Wiedergabe an der Stelle fortgesetzt, an der sie unterbrochen wurde. Tippen Sie auf den Bildschirm „Sie hören“, um die Live-PauseBedienelemente und weitere Optionen einzublenden und die Live-Sendung fortzusetzen (vgl. Anhalten von Live-Radiosendungen auf Seite 33). Manuelles Auswählen eines FM-Radiosenders Streichen Sie über den Radio-Tuner. Wechseln zum nächsten einstellbaren FM-Radiosender Tippen Sie auf oder drücken Sie die Start/ Pause-Taste (zwischen den Lautstärketasten) zweimal. Suchen nach FM-Radiosendern Legen Sie den Finger auf oder , bis auf dem Bildschirm „Sendersuche“ angezeigt wird. Tippen Sie auf den Bildschirm, um die Sendersuche zu stoppen. Sichern von FM-Radiosendern als Favoriten Stellen Sie den Sender ein und tippen Sie auf . Das Symbol ändert sich in . Als Favorit gesicherte Sender werden im Radio-Tuner mit einem gelben Dreieck markiert. Entfernen eines FM-Radiosenders aus den Favoriten Stellen Sie den Sender ein und tippen Sie auf . Kennzeichnen eines Titels im Radio Tippen Sie auf im Bildschirm „Sie hören“. Das Kennzeichnen ist nur bei Radiosendern verfügbar, die diese Funktion unterstützen. Ausschalten des Radios Tippen Sie auf oder trennen Sie die Verbindung zu den EarPods bzw. Kopfhörern. Anhalten von Live-Radiosendungen Sie können eine Radiosendung anhalten und innerhalb von 15 Minuten weiter abspielen. Wenn Live-Pause in den Einstellungen aktiviert ist (das ist standardmäßig der Fall), können Sie eine Live-Sendung bis zu 15 Minuten lang anhalten. Wenn die maximale Pausendauer von 15 Minuten erreicht ist, wird die Sendung fortgesetzt und die Inhalte, die älter als 15 Minuten sind, werden gelöscht. Eine gestoppte Radiosendung wird gelöscht, wenn eine der folgenden Situationen eintritt: • Sie wählen einen anderen Sender. • Sie schalten den iPod nano aus. • Sie spielen andere Inhalte ab oder zeichnen ein Sprachmemo auf. • Die Batterieladung ist sehr niedrig und die Batterie muss geladen werden. • Sie setzen die Wiedergabe der Sendung nach einer Pause von 15 Minuten nicht fort. Die Live-Pause-Bedienelemente bieten mehr Möglichkeiten, angehaltene Sendungen fortzusetzen und auf das Menü „Radio“ zuzugreifen. Anzeigen der Live-Pause-Bedienelemente m Tippen Sie während der Wiedergabe auf den Radiobildschirm. Ein Bedienelement zeigt an, wo die Sendung gestoppt wurde. Der Statusbalken bewegt sich und zeigt an, wie viel Zeit seit dem Stopp vergangen ist.Kapitel 6 FM-Radiosendungen 34 Steuerungsmöglichkeiten für die Wiedergabe angehaltener Radiosendungen: Starten der Wiedergabe an an der Stelle, an der sie unterbrochen wurde Tippen Sie auf oder drücken Sie die Start/PauseTaste (zwischen den Lautstärketasten). Die Wiedergabe in 30-Sekunden-Schritten zurückspulen