Friday, May 26, 2017

How to upload images to a specific album in Google Photos

How to upload images to a specific album in Google Photos:

  1. Create the album. You have to choose an existing photo to create it.
  2. Drag and drop the photos you want to upload onto the album you’ve created.

Despite years of customer requests you still can’t select a folder and upload it into an album.

I’ve read that if you work with full res (not reduced) images in Google Drive you can organize them in folders and turn those folders into albums in Google Photos. These count against storage costs. I have not tested this.

Saturday, May 20, 2017

Aperture crash - sad day for my iCloud Photo Share streams (shared albums)

Aperture locked up when duplicating an image. I had to force quit, when I restarted I rebuilt the database. 5,300 images showed up as recovered.

Turns out they were all thumbnails for iCloud shares, but they’d lost connection to iCloud. When I deleted them I found most of my iCloud share streams were empty.

I believe I have my images, but it is sad to lose the relationship to the shares. Aperture is no longer supported by Apple of course. I’m running El Capitan, for what that’s worth.

Backups are no help of course. Even if I could recover the relationship to photos shared in iCloud I’d lose other work.


/Users/jfaughnan/Library/Application Support/iLifeAssetManagement/assets/pub has 7.5GB of files holding 2,634 items including some photo stream temp files. It’s not clear if this can be deleted, but it may be Aperture doesn’t use it…

Sunday, May 14, 2017

There may be a fatal flaw in my backups. (actually, no)

I’m leaving this one up as a reminder of how scary the world of secure backups is, and how important it is to actually do a dry run of a disaster recovery scenario.

This is the original post. It’s wrong:

Don’t every tell me backup is a solved problem.

I have offsite backups of my data. Two offsite and two onsite Carbon Copy clones that I rotate. In addition to my onsite Time Machine backups.

All encrypted of course, because otherwise that would be terrible.

Great. All set. If the house burns down we’ll have our data (assuming we still need it).

Except those drives are whole drive encrypted with FileValue 2. So each has a unique recovery key. A recovery key that is different form each backup drive and can only be known at the time of encryption. A recovery key that is stored in a keychain on my MacBook. A device that can be lost.

I’d be better off if that recovery key were in iCloud, but I don’t think it is. Or I could follow Apple’s complex directions for managed recovery keys. Or I could have created encrypted sparse image folders for CCC, I’d know the image password then. Or maybe created bootable encrypted disk backups.

I have a bad feeling I don’t really have backups at all.

There’s a fine line between security that makes data inaccessible to bad actors and security that makes it inaccessible to everyone.

I hope I am wrong about this.

It’s wrong because FileValue 2 whole drive encryption actually behaves like the disk image encryption I’m familiar with. I was confused by the Recovery Key complexity. Doing a dry run of disaster recovery shows what happens.

I mounted one of my encrypted backups using my Voyager cradle and a USB 3 to UBS 2 cable with an old Air. I was asked for the password I’d used to encrypt the drive, not for the recovery key. I was able to mount my backups just as I would on any foreign Mac.

That password is the same for all my backup images and it’s stored in 1Password as well as printed. I’m going to add it to the Dead Man / post-mortem document I keep in Google Drive that’s shared with several trusted people.

False alarm. Need more coffee.

See also

Sunday, April 30, 2017

Touch ID security issues are less than i thought.

My Touch ID security post of a year ago didn’t get any reaction. So today, while working on a bak chapter, I decided to retest my concerns.

On my own phone, with iTunes Store Touch ID purchase enabled, I added a new fingerprint of mine. To do this I only needed my iPhone unlock code. I then purchased a song (Cheryl Crow’s Heartbeat Away fwiw).

I wondered if iOS would let me complete the purchase — in which case there would have been a risk issue. It didn’t work that way though. Despite my having Touch ID enabled for iTunes purchases iOS requested by Apple ID password — even though I used an old fingerprint. Adding the new fingerprint seems to have put my phone into a ‘enhanced risk’ category, so Apple ID credentials were required for purchase.

Once I’d entered my Apple ID the first time though I was able to use my new fingerprint for the next purchase. So entering that Apple ID password “blessed” all fingerprints.

So there’s still a way to “sneak” a fingerprint into the cue that might be exploited for unauthorized purchases, but it’s a smaller window than I thought. I tried “gifting” an app to see if I could exploit that, but abruptly my iPhone stopped being able to gift at all. So I couldn’t test. (Bug?).

Saturday, April 22, 2017

Something wrong with Google's Device Activity page?

Google’s device activity page used to let me remove devices that I no longer used:

Today it lists 3 iPhones for me. I think they are all actually one device, showing up with two different names — none of them current.

There used to be away to remove these devices, but today I can’t. I am able to Remove Account Access, but not the devices.

I removed access to all devices, then reentered credentials on my phone. So now I know that ‘iPhone” is my phone (phone name is John6s).

I think something is broken somewhere….

DreamHost remixer - a brief trail

I tried DreamHost’s remixer web site dev tool. I was able to create a page with it. Reminds me a bit of Apple’s old iWeb. 

It doesn’t output static files though. It is mapped to a folder on my DreamHost site, but there’s some redirection behind the scenes.

That means it’s transient. When Remixer dies, so will all the content in it. It’s not portable either, I can’t move my Remixer work anywhere else.

Might be a good app for something transient, but the little I do on the web today I like to keep portable. WordPress is as far as I’m willing to go into things I can’t readily move and backup.

Tuesday, April 18, 2017

Why is Apple's mysterious two factor authentication better than a strong password?

What would I do if my home burned down and Emily and the kids get out alive but I’m dead?

That’s what I think about when I read about Apple’s “two-factor” authentication (vs. the now obsolete but similar “two-step verification” they used to have). Particularly the scary procedure you need to follow if you’ve lost your authentication devices …

Two-factor authentication for Apple ID - Apple Support

…. If you can’t sign in, reset your password, or receive verification codes, you can request account recovery to regain access to your account. Account recovery is an automatic process designed to get you back in to your account as quickly as possible while denying access to anyone who might be pretending to be you. It might take a few days—or longer—depending on what specific account information you can provide to verify your identity…

… With two-factor authentication, you don't need to choose or remember any security questions. Your identity is verified exclusively using your password and verification codes sent to your devices and trusted phone numbers.


Regain access to your Apple ID with two-factor authentication account recovery - Apple Support

… You might be asked to verify other account information to help shorten your recovery period. After you verify your phone number, you’ll see a confirmation that your request has been received and you’ll be contacted when your account is ready for recovery...

… We’ll also send an email to your Apple ID or notification email address to make sure you’re the person who made the request. You can click Confirm Account Recovery in the email to help us shorten the account recovery period. …

Scary indeed. It’s vague as hell. Even control of a confirmed email account (presumably different from the iCloud account) only “shortens” the recovery period. There’s nothing in Apple’s process comparable to Google’s inactive account manager. There’s no secret recovery key I can store in an encrypted repository on an offsite drive with a password known to 3 family members.

Apple’s 2FA either makes my data too hard to recover or too easy for someone to steal … or both.

I don’t see the advantage, yet, over a strong password used only on a secure device. Google does this better — and even Google 2FA is too complex for me to manage for multiple family members.

I’m staying with a strong iCloud password for now — until Apple forces me to change. (The way they’re forcing 2FA with the 10.3.1 update makes me wonder if iCloud really was thoroughly hacked.)

PS. As best I can tell if you use Apple’s new 2FA when you change your iCloud password on one device you change it on every authenticated device. Better be sure you have them all.

PPS. At least they got rid of the secret questions … but only to replace them with some mysterious, fully automated, no humans involved, identity validation process.

PPPS. Ok, we’re traveling. Both our iPhones are lost. What do we do? hmm. I think Charlie Stross had something about this in a story … accelerando?

See also

Wednesday, April 05, 2017

Migrate Contacts from Outlook/Exchange server to OS X Contacts

I last wrote about migrating contacts from Outlook/Exchange server to OS X in 2011.

Back then one of the issues with migration then was that Exchange uses X400 format email addresses. One way to make Outlook convert to internet is to drag contacts into an email — that produces .vcf files (undocumented) with internet email addresses. In 2011 I wrote that dragging into a local PST did the same thing. Not sure that still works.

Here’s what I did recently …

  1. Drag and drop from Outlook/Exchange into email (undocumented export)
  2. From email save to desktop.
  3. Drag and drop the .vcf files into OS X Contacts (undocumented import.

From OS X contacts they can go to iCloud as usual.

Incidentally, i couldn’t see any way to readily import a set of single contact .vcf files into Outlook 2016. It only wanted to import them one a time. Drag and drop of the files into Outlook resulted simply in Outlook opening each one until Windows 10 die.

Friday, March 31, 2017

Exporting multiple emails from macOS OS X on 10.11 (El Cap): only PDF works.

An email search retrieved 100+ emails. I wanted to copy them to a separate folder for archival purposes. I know one can drag and drop a message and create a net standard ‘.msg’ format but when I tried that only worked for 1 message at a time.

Save As allegedly worked at one time, but when I tested both rich text and .mbox export they produced one large file that wasn’t very readable.

What worked was File:Export as PDF. That worked.

Saturday, March 18, 2017 - an heir

There are several heirs to — I know of, and Manton Reece’s kickstarter.

Each of these efforts is a largely one person project. All good people.’s creator is  33mhz/Robert. I believe the API is based on the API, which means the many apps created for can have a second life. I’m using for iOS and the web client to access I’ve been told the client may reappear. has an interesting approach to social networking …

Our community network is a small, sustainable hobby. We are tied closely to our users and developers through their Patreon pledges and small opt-in features. When you invite someone, they are associated with you in the user tree and you may be responsible for them if they abuse the network.

 I made a Patreon pledge at the $5/month level but anyone can use it for free. The spam protection is the user tree. It will be interesting to see how well that works.

If you know me from days or elsewhere and need an invitation send a note to me at Best to mention how you know me.



Sunday, March 12, 2017

Escape from Outlook Notes - export as text files, import into NvAlt or other

Back in 2010 I wrote Gordon’s Tech: Escape from Outlook Notes - ResophNotes, Simplenote for iPhone and Notational Velocity.

Seven years later ResophNotes, Notation Velocity (I now use nvAlt), and Simplenote are still around — despite lack of a revenue stream for any of ‘em. Not only are they still around, but it’s still possible to keep notes in plain text or RTF — which is as future proof as computing gets.

They are still around — but not in great health. ResophNotes was last updated in 2012 or so and it is donation ware (always was). Simplenote was purchased by Automattic (WordPress) and is now open source and apparently run as some kind of charity operation [1]. nvAlt is ancient but Brett Terpstra recently updated it to run on Sierra (a notoriously buggy version of macOS).

These apps are old and kind of worn — but so am I. So we’re a good fit. 

Recently I had another set of Microsoft Outlook Notes files to move to Simplenote. Talk about old and kind of worn! Outlook Notes is old, odd, and useful. It’s a winner in a category of one. Functionally it’s a lot like Simplenote — though you can’t print from Outlook [2].

The problem with Notes isn’t that it’s old and odd, it’s that everyone has given up on it. Microsoft tries to make it invisible. Apple dropped support for Notes sync via iTunes/iCloud — though I think Exchange sync may still work. Google ignores them too.

Which is why I needed to again move a data set of out Outlook Notes. I think export to Outlook CSV them import to ResophNotes is still the best bet. From there to Simplenote and from Simplenote to nvAlt, etc.

There’s another way to go though. You can use VB to script export from Outlook to c:\notes:

Sub NotesToText()
Set myNote = Application.GetNamespace("MAPI").PickFolder
For cnt = 1 To myNote.Items.Count
noteName = Replace(Replace(Replace(myNote.Items(cnt).Subject, "/", "-"), "\", "-"), ":", "-")
myNote.Items(cnt).SaveAs "c:\notes\" & noteName & ".txt", OlSaveAsType.olTXT
End Sub

The key thing is this script creates file names with the note title. It’s not a perfect result because the top of each file looks like this:

Modified: Thu 1/12/2017 2:36 PM

accidents and injuries

In this case ‘accidents and injuries’ becomes both the file name and the third line of the note. The “Modified: …” bit is just annoying. I suppose it could be removed using regex and a text editor that can iterate over a set of files … or script the removal.

I imported the plain text notes into nvAlt where they got the title from the file name so it looks something like this:

accidents and injuries

Modified: Thu 1/12/2017 2:36 PM

accidents and injuries

A bit of redundancy in there, and, of course, the Modified string is still around.

Overall this doesn’t work quite as well as the ResophNotes method, but it’s helpful to have options.

- fn -

[1] Automattic recently released a redo of the macOS Simplenote client. I haven’t tried it, but I hope it fixes the perennially broken search of the current client. In any case, Simplenote is not dead yet.

[2] Outlook 2013 broke Notes by essentially removing the list view — I think this might have been fixed in Office 365.

Update 3/13/2017

Speaking of ResophNotes, the current version has an impressive set of import options. Outlook CSV, Toodledo Notes CSV, text files, single file with note separator …


I donated years ago, time to send another donation.

Saturday, February 25, 2017

Things I learned connecting my upgraded Comcast modem (Arris TG1682G)

Comcast sent me an email offering a modem upgrade that would enable higher speeds. I figured I’d have to do it sooner or later so I accepted the offer. Higher speeds would fit with Comcast’s “pay to play” network non-neutrality strategy [1].

I got things working, but it was a bit of a cluster. Comcast tried to make this self-serve, but they didn’t quite hit the mark.

I’ll skip the boring details of things that didn’t work and chat advice that was misguided and just list the useful bits I wish I’d known:

  1. I replaced a simple, compact wall mounted ARRIS CM820A/CT (no wifi, coax in, ethernet out) with a much larger standing ARRIS TG1682G (download manual from link. Has 4 ethernet, VOIP phone, wifi, xfinity hotspot).
  2. You can disable the WiFi and the xfinity hot spot and you can run it as bridge or router. See below.
  3. XFINITY support can remotely configure changes, but they can take hours to be implemented. I’m guessing there’s some sort of slow queue.
  4. The TG1682G ships with two high quality coax connector cables. My original Comcast installer had trouble with excessive signal strength on the original device and installed an inline damper (resistor?). I reused that cable.
  5. You have to activate it before you use it. Even after all lights are green and it seems to be on the Net it’s really not. It’s locked out by Comcast until you connect to the device (wifi or ethernet) and navigate to (if that fails, try You should see an activation prompt. The ’text code’ method didn’t work (message arrived much later) and the login method failed too. I entered my account number and address. You have to accept a new web services agreement. I don’t want to know what I agreed to. 
  6. Once it’s activated go to to configure the device using credentials of un=admin and pw=password (yes, “password”). You will be prompted to change your password. I suspect 99% of users don’t because the standard setup skips this step.
  7. From the web interface you can disable wifi (I do wifi via Airport Extreme), adjust firewall, and go to bridge mode. For now I let it in router mode (so I have two firewalls - Airport Extreme and Arris). I don’t use P2P so I upped the firewall to standard security
  8. To disable the XFINITY “hotspot” service (used to provide roaming wifi services to their customers) you can use the xfinity app on your iPhone or go to
I pay $80/month for Performance 25 Internet with Blast Pro; allegedly 200 down and 10 up. To test I connected by Gb ethernet directly to the router and gave me 238 down and 12 up. Which is what I pay for, but not faster. Maybe the higher speeds are coming?
- fn -
[1] Shortly after the start of Crisis-T Comcast capped our network capacity at 1TB/month. The timing might have been coincidence, but maybe they were waiting for the end of net neutrality.  Carriers do bandwidth caps so they can extort funds from media partners (ex: Netflix) who pay to be excluded from the cap. Higher speeds make economics sense then, because they enable more media consumption.
Update 3/12/2017
A few weeks after I’d installed the Arris a comcast technician came by my home with a new inline filter. According to this gentleman the new Arris modems chat with each other and this was somehow unwanted.
Knowing Comcast this all sounds ominous. On the other hand, I don’t see how a dumb filter would block a typical digital signal even over analog cable wiring.
After installing this additional filter I had no net service. I had to power cycle the modem and wait about twenty minutes to restore service.

Saturday, February 04, 2017

Samsung sells a security cam DVR, but not a TV DVR.

I’m old enough to remember when it was inexpensive and convenient to time shift football games. In the US and Canada that died with the analog to digital conversion. In some other countries there’s push-button record to USB from every TV, but not in the US. (I blame a VW-diesel class conspiracy, we now know those can happen.)

Periodically I look to see what’s sold without a monthly fee. Today Amazon pointed me to a $140 Samsung security cam DVR. There’s no tuner of course, so it can’t be used to record OTA TV.

The time-shifting story seems a small thing, but it convinced me markets don’t work the way people imagine they work. And the world doesn’t work the way I once thought it worked.

Saturday, January 28, 2017

My cheap Roku TV records up to 90 minutes of OTA TV

My new $160 32” 2015 720p Roku TCL TV records up to 90 minutes of OTA TV. This “Live TV Pause” was added to Roku OS in Nov 2016 — just 3 months ago.

With a 16GB+ USB storage device you can pause OTA TV for up to 90 minutes. I used a USB thumb drive I wasn’t making much use of — easy setup and it works well.

Of course what I really want is the lost ability to time-shift OTA TV without paying a monthly fee. Like we used to do routinely in the 1980s [1]. If Roku added that in a future OS update they’d make me a crazed fan boy.

For now they recommend Tablo (requires $5/m guide?) along with the Roku Tablo Channel.

A few other notes on this ultra-cheap TV:

  • Given its size and viewing distance the 720p resolution seems to satisfy my undiscriminating family. (I rarely watch TV myself.)
  • When Roku dies it will probably die too. It needs Roku and a Roku account for initial configuration. It claims a credit card number is required (#$$%!) but it lies, you can skip entry. Which I did.
  • Until it’s configured, which requires Wifi and a computing device of some kind, it’s useless.
  • The channels include Spotify. I have an analog jack from the headphone out to my 32y+ stereo and my playlist sounds great. Really unexpected benefit.
  • It has RCA inputs so I can use my old DVD player (otherwise I suppose I’d use the XBOX and HDMI input).
  • It’s surprisingly easy to configure and the menus are well designed
  • It has the simplest remote in the industry
  • There’s an iPhone app that you can use instead of the remote.
  • Wirecutter liked it (why I bought it really) even before they added the Live TV Pause.
Like the WSJ review said, it’s an interesting combination of software elegance and ultra-cheap Chinese consumer goods.

[1] The lack of consumer resistance to the end of convenient low cost OTA TV time-shifting now seems an early warning of Trump susceptibility.

Thursday, January 26, 2017

Upgrading Office 365 from Personal to Home - it could be easier

I like Office 365 Personal. The Mac version has bugs of course, but it seems to improve with each incremental release. For $70 a year I have a version running on my Mac and a version running in a Windows 10 VM (in theory it only installs one either 1 Mac or 1 Windows machine, but in practice it seems to allow both at once). The cost seems entirely reasonable to me. There’s little data lock because so many apps read and write (more or less) Office files. It’s the kind of subscription software I love.

So I didn’t mind when I had to get another license to cover my son. I figured I’d just upgrade to Home. 

Except it’s quite unclear how you do that. This 2015 article suggests there’s a bit of an underhanded trick to it: How I upgraded Office 365 Personal to Office 365 Home for $10. That’s sort of how it works except it’s as designed, it’s not a bug or trick.

I had a month left on my Personal (1 machine) subscription. I bought Home (5 machine) for $10/month (renewable). MSFT switched my remaining month from Personal to Home. Then a month from now, it was to start charging me $10 a month. In MSFT parlance the subscriptions “stack”.

I suppose the trick deal is to buy a year of Personal, then immediately get a $10/month subscription to Home. Then you’d get a year of Home at the Personal price.

In my case it took a call to support for me to understand what had happened. Microsoft could improve this process. Once I figured it out I switched from $10/month to $99 a year. That switch was easy — and MSFT threw in a free month (standard behavior).