Sunday, August 06, 2017
Sunday, June 25, 2017
It’s almost time for me to move to macOS Sierra, now that the usual post-release beta testing is drawing to a close.
This is what I am doing to test my Aperture Library on Sierra:
- Export a small Project as a Library.
- Open the small Project and delete its contents. Now it’s an empty shell with my settings in it.
- Import my existing Library into it. So everything is written with the latest version of Aperture.
- Test with #3.
Apple Discussions have lots of fix and workaround suggestions for early Sierra, but I’m told they are no longer necessary. The things broken in El Capitan and broken in Sierra, but nothing new.
First, invent a time machine.
Second, go back in time and force Apple to add account removal.
For now - you can’t.
You can remove your Google account. You can remove your Facebook account. You can’t remove your iCloud account and your Apple ID. They are eternal.
I’ve run into this little oddness before, but I was reminded of it when cleaning up my deceased father’s online presence.
A 2013 Apple forum post says: “Access can be stopped by Apple if they are provided with your Death Certificate.” I bet you have to fly the certificate to Cupertino. Even then it’s not clear if any data is deleted. I wonder if anyone has ever done this.
Apple gets away with a lot.
PS. I did set his email to forward to me.
Tuesday, June 13, 2017
Sierra is almost ready for release now, so I’m preparing to install.
Interesting to compare installer sizes from the download era:
Sierra isn’t much bigger than Mountain Lion.
Sunday, June 11, 2017
Apple has broken me. I’ve left iCloud Photo Stream shares for Google Photos.
First I lost the ability to share from Aperture to Facebook. I think that was probably a Facebook change, but of course Aperture isn’t getting updates any more.
That was annoying.
Losing Apple Photo Stream was much worse. Photo stream wasn’t great, but it was simple for my daughter, sister, and other users to subscribe to. For a time I could use iCloud Photo Library on Photos.app alongside iCloud Photo Streams on Aperture .
Then Aperture retched and I lost my shared photo streams (but not, happily, the originals). I played around with restoring iLifeAssetManagement from backup but, despite early promise, I couldn’t defeat Apple’s black box sync infrastructure .
That’s it. I’m toast. I surrender. Google’s inexplicable aversion to album creation on upload is the lesser evil now.
I’ve installed Google Photos on my iPhone and enabled backup and sync. I’ll use that to cull and play with photos before I transfer them to Aperture.
I’ve freed up 14GB from my Air’s SSD by deleting iLifeAssetManagement and I’ve installed Google Photos Uploader.app. I pointed that to a folder on an external drive, when I want to share from Aperture I export there for upload. I do my post-upload organization and sharing through the web UI.
Since Google nicely migrated images when it closed Picasa Web Albums my new shares are reunited with my old Picasa web albums. I’ve come home again. Though I’m still puzzled by Google’s weird album aversion.
It’s far from ideal, but Apple has burned me yet again. They seem to despise my data.
 Though I gave up on iCloud Photo Library when I realized it was more or less incompatible with importing images from iPhone photo roll to Aperture.
 Apple is famous for sync that disallows any kind of troubleshooting.
Something went wrong. It always does.
I had thousands of images distributed across over 60 shared photo streams. One day I rebuilt Aperture’s database and all the iCloud images were in one recovery folder. I deleted them and then most of my iCloud shared albums vanished.
This is a quick summary of how I recovered most of them from backups. I don’t know how this truly works, but it seems that this folder in my user account was a source of truth for iCloud photo streams:
/Users/[my user name]/Library/Application Support/iLifeAssetManagement
I copied what was there to an external drive then deleted it, logged out (necessary to close open databases) then logged in. With Wifi on when I launched Aperture it showed no images at first then downloaded what was in iCloud. So there was some kind of sync.
Next I did the same thing (closed Aperture, deleted, etc) but this time copied a backup of iLifeAssetManagement from prior to the bad event. I then turned off wifi.
On relaunch Aperture showed about 6100 images in “Shared:iCloud”. It rebuilt thumbnails for them. Then I turned on Wifi. Next I saw the count rise briefly as albums I’d shared previously came down from iCloud. Alas, the count started falling again, stabilizing at 5600.
I had most of my streams back — though one stream was much smaller than it used to be. Still, about 80% recovery and I didn’t lose a few I’d done post-disaster.
Better than nothing.
Sync without controls is truly hell (and Apple never provides enough control).
Update: Aperture shows 56 single owner photo streams (one is empty) and 5 shared. iOS Photos.app shows 20. At least one of the iCloud albums not seen in iOS photos.app cannot be found at its public link. The iCloud library and the Aperture iCloud library are not in sync. So I’d call this a failure.
Sunday, June 04, 2017
MarsEdit is a great app — but I wish it were a rental product. Then I’d pay every year and Daniel Jalkut would be incented to add support for image resizing and table editing.
In the meantime I’ve discovered I can get good results by creating a table in TextEdit then pasting it into MarsEdit rich text editor.
Tuesday, May 30, 2017
iTunes on my Mac shows 138 movies of which 135 have purchase dates. Those 135 were purchases from Apple starting in March 2009.
If I visit those 135 in iTunes some allow me to download, some invite me to purchase again. One old SD movie allowed me to download and that worked on my iPad and showed in the Purchased list after download.
My iPhone seems to show about the same number (though it doesn’t count for me).
My new iPad shows only 24 movies as purchased. Both devices have the same iTunes account. When I view my devices in iTunes (we’re at the 10 device limit) both my iPad and iPhone show up under the same Apple Store Apple ID.
One possibility is that the purchased list on my iPad is only showing HD movies. I can’t tell from iTunes which are HD and which are SD; we almost always buy SD when it is available. Some 3+ GB files are probably HD and they don’t show up.
Something is broken in Apple DRM land. I have a private message into Apple Twitter support and an Apple Discussion post …
Update: The “something that is broken” thing is the user interface. Apple Twitter support pointed me in the right direction.
When I view Movies in TV.app on my iPad there’s a subtle top left drop down called “Library” that on tap shows a hidden filter that defaults to Recently Added.
When I change that to Movies I see them all.
I was fooled by the "See All" link to the right of "Purchased Movies" that displays when the hidden Recently Added filter is active. The “Purchased Movies” heading should really be “Recently Purchased Movies” when viewed in this mode. It shows 4 recently purchased movies, and “See All” shows all recently purchased movies.
Friday, May 26, 2017
How to upload images to a specific album in Google Photos:
- Create the album. You have to choose an existing photo to create it.
- Drag and drop the photos you want to upload onto the album you’ve created.
Despite years of customer requests you still can’t select a folder and upload it into an album.
I’ve read that if you work with full res (not reduced) images in Google Drive you can organize them in folders and turn those folders into albums in Google Photos. These count against storage costs. I have not tested this.
Saturday, May 20, 2017
Aperture locked up when duplicating an image. I had to force quit, when I restarted I rebuilt the database. 5,300 images showed up as recovered.
Turns out they were all thumbnails for iCloud shares, but they’d lost connection to iCloud. When I deleted them I found most of my iCloud share streams were empty.
I believe I have my images, but it is sad to lose the relationship to the shares. Aperture is no longer supported by Apple of course. I’m running El Capitan, for what that’s worth.
Backups are no help of course. Even if I could recover the relationship to photos shared in iCloud I’d lose other work.
/Users/jfaughnan/Library/Application Support/iLifeAssetManagement/assets/pub has 7.5GB of files holding 2,634 items including some photo stream temp files. It’s not clear if this can be deleted, but it may be Aperture doesn’t use it…
Sunday, May 14, 2017
I’m leaving this one up as a reminder of how scary the world of secure backups is, and how important it is to actually do a dry run of a disaster recovery scenario.
This is the original post. It’s wrong:
Don’t every tell me backup is a solved problem.
I have offsite backups of my data. Two offsite and two onsite Carbon Copy clones that I rotate. In addition to my onsite Time Machine backups.
All encrypted of course, because otherwise that would be terrible.
Great. All set. If the house burns down we’ll have our data (assuming we still need it).
Except those drives are whole drive encrypted with FileValue 2. So each has a unique recovery key. A recovery key that is different form each backup drive and can only be known at the time of encryption. A recovery key that is stored in a keychain on my MacBook. A device that can be lost.
I’d be better off if that recovery key were in iCloud, but I don’t think it is. Or I could follow Apple’s complex directions for managed recovery keys. Or I could have created encrypted sparse image folders for CCC, I’d know the image password then. Or maybe created bootable encrypted disk backups.
I have a bad feeling I don’t really have backups at all.
There’s a fine line between security that makes data inaccessible to bad actors and security that makes it inaccessible to everyone.
I hope I am wrong about this.
It’s wrong because FileValue 2 whole drive encryption actually behaves like the disk image encryption I’m familiar with. I was confused by the Recovery Key complexity. Doing a dry run of disaster recovery shows what happens.
I mounted one of my encrypted backups using my Voyager cradle and a USB 3 to UBS 2 cable with an old Air. I was asked for the password I’d used to encrypt the drive, not for the recovery key. I was able to mount my backups just as I would on any foreign Mac.
That password is the same for all my backup images and it’s stored in 1Password as well as printed. I’m going to add it to the Dead Man / post-mortem document I keep in Google Drive that’s shared with several trusted people.
False alarm. Need more coffee.
Sunday, April 30, 2017
My Touch ID security post of a year ago didn’t get any reaction. So today, while working on a bak chapter, I decided to retest my concerns.
On my own phone, with iTunes Store Touch ID purchase enabled, I added a new fingerprint of mine. To do this I only needed my iPhone unlock code. I then purchased a song (Cheryl Crow’s Heartbeat Away fwiw).
I wondered if iOS would let me complete the purchase — in which case there would have been a risk issue. It didn’t work that way though. Despite my having Touch ID enabled for iTunes purchases iOS requested by Apple ID password — even though I used an old fingerprint. Adding the new fingerprint seems to have put my phone into a ‘enhanced risk’ category, so Apple ID credentials were required for purchase.
Once I’d entered my Apple ID the first time though I was able to use my new fingerprint for the next purchase. So entering that Apple ID password “blessed” all fingerprints.
So there’s still a way to “sneak” a fingerprint into the cue that might be exploited for unauthorized purchases, but it’s a smaller window than I thought. I tried “gifting” an app to see if I could exploit that, but abruptly my iPhone stopped being able to gift at all. So I couldn’t test. (Bug?).
Saturday, April 22, 2017
Google’s device activity page used to let me remove devices that I no longer used:
Today it lists 3 iPhones for me. I think they are all actually one device, showing up with two different names — none of them current.
There used to be away to remove these devices, but today I can’t. I am able to Remove Account Access, but not the devices.
I removed access to all devices, then reentered credentials on my phone. So now I know that ‘iPhone” is my phone (phone name is John6s).
I think something is broken somewhere….
I tried DreamHost’s remixer web site dev tool. I was able to create a page with it. Reminds me a bit of Apple’s old iWeb.
It doesn’t output static files though. It is mapped to a folder on my DreamHost site, but there’s some redirection behind the scenes.
That means it’s transient. When Remixer dies, so will all the content in it. It’s not portable either, I can’t move my Remixer work anywhere else.
Might be a good app for something transient, but the little I do on the web today I like to keep portable. WordPress is as far as I’m willing to go into things I can’t readily move and backup.
Tuesday, April 18, 2017
What would I do if my home burned down and Emily and the kids get out alive but I’m dead?
That’s what I think about when I read about Apple’s “two-factor” authentication (vs. the now obsolete but similar “two-step verification” they used to have). Particularly the scary procedure you need to follow if you’ve lost your authentication devices …
…. If you can’t sign in, reset your password, or receive verification codes, you can request account recovery to regain access to your account. Account recovery is an automatic process designed to get you back in to your account as quickly as possible while denying access to anyone who might be pretending to be you. It might take a few days—or longer—depending on what specific account information you can provide to verify your identity…
… With two-factor authentication, you don't need to choose or remember any security questions. Your identity is verified exclusively using your password and verification codes sent to your devices and trusted phone numbers.
… You might be asked to verify other account information to help shorten your recovery period. After you verify your phone number, you’ll see a confirmation that your request has been received and you’ll be contacted when your account is ready for recovery...
… We’ll also send an email to your Apple ID or notification email address to make sure you’re the person who made the request. You can click Confirm Account Recovery in the email to help us shorten the account recovery period. …
Scary indeed. It’s vague as hell. Even control of a confirmed email account (presumably different from the iCloud account) only “shortens” the recovery period. There’s nothing in Apple’s process comparable to Google’s inactive account manager. There’s no secret recovery key I can store in an encrypted repository on an offsite drive with a password known to 3 family members.
Apple’s 2FA either makes my data too hard to recover or too easy for someone to steal … or both.
I don’t see the advantage, yet, over a strong password used only on a secure device. Google does this better — and even Google 2FA is too complex for me to manage for multiple family members.
I’m staying with a strong iCloud password for now — until Apple forces me to change. (The way they’re forcing 2FA with the 10.3.1 update makes me wonder if iCloud really was thoroughly hacked.)
PS. As best I can tell if you use Apple’s new 2FA when you change your iCloud password on one device you change it on every authenticated device. Better be sure you have them all.
PPS. At least they got rid of the secret questions … but only to replace them with some mysterious, fully automated, no humans involved, identity validation process.
PPPS. Ok, we’re traveling. Both our iPhones are lost. What do we do? hmm. I think Charlie Stross had something about this in a story … accelerando?
- Gordon’s Notes: Preparing for the inevitable - Google Docs for the “Not available” letter 2/16/2013. There are certain passwords in this document that useful to people who have physical access to one of my backup drives. I have a task that triggers a reminder 3 times a year to my trusted persons that this exists.
- Gordon’s Notes: Inherit the Cloud: Who gets your Google Docs when you die? 2/17/2013