Sunday, April 22, 2018

Two possible bugs in iOS 11.3 to watch out for: enable purchases by Touch ID, change iTunes & App Store account

Our kids' phones were setup to use my Store Apple ID (it’s an old practice — see a blog post about undoing this). The phones were set to require the Store Apple ID password prior to purchase. When our kids wanted to buy we’d enter the Store Apple ID password for them. Touch ID was not enabled for purchases. 

After the 11.3 update two of the phones had Touch ID enabled for purchases. Normally you need to enter the Apple Store ID to enable this. One child (special needs) ran up a $10 bill which he paid for. (He gleefully shared his new power with us.). On one affected phone I turned it off again, when I turned it on the Store Apple ID was requested as expected. (Another phone I migrated to using its own Store ID, a third device wasn’t affected.)

On 1 of the 3 phones the Store Apple ID was changed to the user’s iCloud Apple ID. The problem was recognized when my daughter was unable to view movies not on her phone — it took me a few minutes to figure out what happened.

It’s interesting how much behaviors varied between the 3 devices.

Saturday, April 21, 2018

Why you should change your router DNS to Cloudflare and Quad9

I wrote this one for Facebook friends - reposting here. The TidBITS review is excellent.

This is roughly how things work ...

  1. Someone in your home visits a certain web site.
  2. Your home internet provider (ex: Comcast) associates that site with the identity of the Comcast account holder. They sell that information to the universe. Facebook buys it.
  3. Facebook shows the Comcast account holder ads based on the visited site.

This happens because your internet provider is your default internet directory service (DNS provider) - Comcast knows all the sites you visit and (as best we can tell) they sell that information.

It's basically an internet design flaw.

If you're a bit geeky you can change the DNS settings in your home router to someone more trustworthy than Comcast (which would be anyone else, really). In our home that's an Apple Airport. I have our settings below but your settings will vary.


We use:

Cloudflare: (their address doesn't work with some ISPs)
Quad9: (as backup)

For more information see an excellent TidBITS review. If you truly want privacy, particularly on iOS where DNS settings are a pain, you need to use a trustworthy VPN (see below).

PS. It’s easy in macOS Location settings to experiment with different settings. This is particularly important for a laptop that moves between locations. On my standard macOS Location I use Cloudflare, then Quad9, then Google. Sadly iOS DNS settings are a mess (per TIDBits):

In iOS, DNS server settings tend not to work the way most people would want them, which is as in macOS: setting the details once and having them work on every network to which you connect. The settings have to be set for each network. Worse, we’ve found in our testing that after changing DNS values, the settings revert to Automatic and the server IP addresses we entered are tossed. There’s also no way to set DNS servers for cellular connections.

In iOS you need to use trusted (not free!) VPN provider. I use TunnelBear’s free GB option, I wish I could buy blocks of data from them rather than yet another subscription. If you use a limited data capacity VPN on a Mac you should use TripMode to reduce background data use.

Update 4/22/2018: A Gizmodo article reminded me why this DNS control is more important now ….

“The FCC under Chairman Pai changed the rules in the United States for ISPs allowing ISPs to start selling your browsing history to target advertising against you,” Prince said…

They mention two popular VPNs - ProtonVPN and Private Internet Access. Curiously PIA claims TunnelBear does not protect me — which makes me a bit suspicious of PIA. 

Wednesday, April 18, 2018

Converting from shared store ID to Family Sharing

Maybe this worked. 

Our five family members have long shared one store Apple ID. We’ve done this before there was Family Sharing. I put off switching to Family Sharing as I figured it would take Apple 3-4 years to get it working.

With iOS 11.3 Apple broke a longstanding purchase behavior. My son’s iPhone no longer required a password for purchases, only his fingerprint. There might be a fix, but I decided instead to move him to Family Sharing.

The story went something like this [1]:

  • I have an iCloud Apple ID ( and a different Store Apple ID ( — because I’m old. He has an iCloud Apple ID ( and my store Apple ID.
  • In my iCloud Apple ID he is a family member. 
  • I removed my Store Apple ID from his phone and added his iCloud Apple ID.
  • I sent $15 to his iCloud Apple ID from my App Store account.

So far he still can access our movies and apps. Now he will make his own purchases that will be associated with his Apple ID. When he runs through his $15 he’ll give me cash and I’ll send more money. Eventually I do need to get a debit or managed credit card on his phone but we’ll start with cash.

After the change I checked the (this is broken) two places Apple currently tracks devices associated with an Apple ID

  • showed 7 devices including an old iPhone my son used to have that I’d previously removed. This also showed on his iPhone Apple ID view. I removed it from both places and it has not returned.
  • iTunes Manage Devices showed 8 devices, but not my son’s current iPhone. This, in contrast to past testing, is correct while the list is incomplete. It’s interesting that moving my son’s phone to Family Sharing means I’m no longer at my 10 item device limit (if that rule still applies!)

- fn -

[1] He is, incidentally, a special needs adult. I’d have liked to be able to use Apple Ask to Buy for him but that’s not available for an adult. (I wish Apple considered special needs as a disability — they have great support for visual and auditory needs, but not for cognitive.)

Update 4/19:

  • Seeing purchase histories is really clunky. You can see what apps a family member has purchased by launching App, logging out and then logging in as the family member. To see both tunes and apps you go to Apps & iTunes in Settings (yeah, this is crazy). You have to log in as the family member — I got the ancient iOS 1.0 un/pw dialog that shows up when you get to a part of iOS that desperately needs a replacement. It did work, but seriously ugly.

Update 4/20:

  • Subscriptions aren’t Family shareable. So that’s a significant bummer; several of his apps are subscription based. All is not lost though, At presented my Store Apple ID username and accepted the password.

Saturday, March 24, 2018

"This item was not added to your iCloud Music Library because an error occurred"

This is why Apple Stores are overloaded. I have 254 items like this. No explanation, no hints on fixing it.

Screen Shot 2018 03 24 at 11 27 16 AM

Low quality is expensive.

PS. In this particular case it looks like iTunes and iPhone supported .mp4 audio, but iCloud does not. Long ago I ripped these and the software did .mp4.

I found the on drive files and used quicktime player to export as .m4a — a lossless transform that strips out the some of the .mp4 wrapper. Then I deleted originals in iTunes and added these back in.

Saturday, March 17, 2018

iPhone aggravation: apps don't appear in Settings:Cellular until they actually use cellular data

Apple could have displayed all iPhone apps in settings:cellular whether or not the app uses any data. Then we could disable cellular data access without having to first use data.

They didn’t. Apps only show up there after they use cellular data.

This is really annoying when trying to stay under the data cap of #2’s $40/year mobile plan. It also confuses the heck out of customers.

I don’t think this will get fixed those. Apple’s technical debt fix list is deeper than Valles Marineris.

Apple has a new problem with DRM and device management

Today one of the family iPhones died. I went to remove it from our quota of devices (you can have a maximum of 10 devices associated with a family account) in iTunes Mange Devices.

I couldn’t. 

There’s a 90 day time limit to change associations, which I don’t recall being enforced for removal, but here you go…

Screen Shot 2018 03 17 at 4 46 09 PM

Except it’s not 90 days, because the grayed out non-removable devices were associated as long ago as May 2016.

Things are broken in two ways.

1. What does Apple want us to do with a wiped or lost or broken device?

2. The items I can’t remove are years old.

PS. Yeah, I hate Apple too. But really, everybody does.

Update: I reviewed Apple’s support document. If you have a working device you can remove the device from the DRM control list — but only through one very obscure screen. Logging out of iTunes doesn’t do it. Otherwise device removal requires iTunes, which, for me yesterday, showed this error.

Today I rechecked, and all the devices with “1 day remaining” are still “1 day remaining”. It’s broken.

Once this type of blunder would have been a bit of a deal, but now we’re so numbed by Apple’s quality collapse even I can’t put much energy into it. All the money in the world can’t replace culture, and Apple’s culture is broken.

Update: Added to Apple Discussions, asked @AppleSupport on Twitter.

Update 3/23/2018. On my second Apple Support call the “Senior Advisor” and I found a fix. We think iTunes, or the database it accesses, is broken/deprecated. From my Apple Discussion post:

We have a fix. On my second try with Support I called iCloud support and was escalated to the "Senior Advisor" level. Andrew and I worked the problem and found that you now need to work with There's now a section called Devices that lists devices signed into. In my case it listed all 10 devices that use the same iTunes Apple ID, so by "signed in" it means "signed in with Apple ID for iTunes/DRM".

Click on device and you get a remove option.  If the device is in use and signed in then it may reappear. You can restore a device that you have removed by signing out of the iTunes Apple ID, then signing back in again.

The iTunes Manage Devices (Account:View My Account:iTunes in the Cloud:Manage Devices) screen did not update after doing this, it still showed the device I removed. I think it’s mostly broken. (Mostly, because I was able from there to sign my iPhone 8 out of iTunes and that reenabled the Remove button, albeit with the broken ‘1 day remaining’ screen, and after signing it back in the Remove button is still active.)

PS. It’s not clear if Apple is still using the 90 day limit for switching Apple IDs. It doesn’t show up in the new iCloud UI.

PPS. Maybe iTunes in the Cloud is using a different database than iCloud to manage DRM, and that the two databases are supposed to synchronize. The iTunes database may be on the way out, so it didn’t get updated when it needed to be…

Sunday, March 11, 2018

You can drag and drop some links into a Google Doc and create a hyperlink text

This is one heck of a time saver. Didn’t realize Google Docs allowed this.

Error in Dreamhost WordPress one-click installs - missing code in .htaccess causes 404 errors

I’m far from a WordPress expert. I’m not even a WordPress fan — it’s too complex and powerful for what I do. That complexity means it is also very vulnerable to attack.

So take what I write here with some doubt.

As best I can tell the default Dreamhost One-Click installation of WordPress has an error. At least it did for me. My site was giving 404 errors. I installed the Redirection plugin and it wasn’t doing anything.

A blog post had a fix that worked for me. I used Transmit for macOS to open the install folders .htaccess file and added this code:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

The 404 error is gone now and I suspect the Redirection plugin will work if I need it. I have a hunch that using “pretty permalinks” (not the default of “id=“) might also fix this file — based on some documentation here

WordPress uses this file to manipulate how Apache serves files from its root directory, and subdirectories thereof. Most notably, WP modifies this file to be able to handle pretty permalinks.

This page may be used to restore a corrupted .htaccess file (e.g. a misbehaving plugin).

Did I mention that WordPress is too complicated?

Wednesday, February 14, 2018

The state of iOS parental mobile device management is bad

I recently reviewed Qustodio and found it unusable because the mandatory VPN is not compatible with modern encrypted connections (https).

After that I revisited MMGuardian. Things there are almost as bad. They haven’t implemented password security on their MDM profile; the vendor claims Apple doesn’t support the functions they rely on with a locked profile.

I also learned that MMGuardian’s primary app control, which is to hide all non-default apps, also deletes their folder and icon arrangements. So when they are restored they are no longer in their original locations.

MMGuardian can’t report on device usage, probably because it doesn’t have a VPN option.

Lastly, while MMGuardian can hide Safari, that’s a binary setting. It can’t schedule Safari to be active or disabled the way it can schedule other apps. 

In my 2016 review Qustodio and MMGuardian were the only candidates to meet basic requirements. As of 2018 there are no longer any useable iOS parental control applications.

So now we wait to see if Jana Partners and the California State Teachers Retirement System can push Tim Cook to add remote MDM to iCloud. I doubt they’ll succeed. Next it’s up to the EU.

Update: Apple introduced a Family page and branded it as doing something in the general direction of supporting vulnerable users. That’s not a positive sign.

Sunday, February 11, 2018

Qustodio parental control software for iOS is obsolete.

I did a review of Qustodio’s parental control product for iOS on my special needs blog. It wasn’t a positive review. The product routes all traffic through their VPN — and the VPN can’t handle SSL traffic. That might have been acceptable in 2010, but it won’t work today.

I’m feeling grumpy about the time I spent finding this out — not to mention the $10/month subscription I paid for. The lost time was the bigger deal though. The reviews I’d read led me to think the base product worked, so I spent time checking out other features.

Qustodio must know about the SSL issues, but they’re continuing to sell the service. That’s not nice.

Tuesday, January 02, 2018

Salvaging the wreck of iOS

iOS 11 isn’t as broken as iTunes mediated iPad photo transfer or the US government, but it’s not far behind. The current version is not intended to be used with iTunes. It is designed for people who listen to Podcasts they way we used to listen to radio. Pick a podcast or collection of podcasts (a “station”) and stream it over always-on cellular.

That’s not how I listen to Podcasts. I select a topic of interest and learn from it. I used to use iTunes to organize my subscriptions and local stores; smart and manual playlists queued up my programs. In iOS 11 Apple broke all that.

Here’s what I do now. 

I disabled iCloud sync in both iTunes and iOS.

In iTunes I select about 10-20 episodes from my queue. I push them to my iPhone from iTunes. In I enable the ‘Downloaded’ episodes menu. That’s all I use now. I pick episodes off that queue. One at a time, because play-next doesn’t work any more. iOS deletes an episode after I listen. Every week or so I add another 10-20.

It’s very simple, it’s very stupid, it’s Apple 2017.

Saturday, December 30, 2017

Mac to iPad photo download is broken now

I had a longish holiday break this year, so naturally I spent part of it fighting with another technology regression

This regression was about getting photos from my Mac to my iPad; I use the iPad as a digital photo frame randomly displaying my Aperture (running on Sierra) images tagged as “slideshow” (this drains the battery fairly quickly, so I usually have the iPad charging). Years ago this was painless, but over the last few months I’ve found that only a fraction of my tagged photos make it over to the iPad. Often the process seems to die.

This go round I tried an old Aperture tip to delete the iPod Photo Cache (Apple approved) [1]. That had one effect — image transfer died completely! Instead of telling iTunes to transfer all my Slideshow tagged images (9,019) I had to select year-specific smart album slideshows one at a time (incremental add):


That generally worked, though the ghostly counts shown above in the iTunes 12.7 UI came and went inexplicably. Sometimes a mouseover seemed to trigger an appearance. If they didn’t show up that was a clue that something had gone wrong with the sync. (Infamously iTunes does not log errors to Console. Perhaps because they’d overwhelm console?)

Some part of the OS (or Aperture?) has to regenerate the .ithmb files [2] that are shared, that seems to be a slow process. I think the build process might make use of some data Aperture saves on exiting; that data is also used by the old OS X media browser (itself related to Apple’s old iLife code) [3]. I’m pretty sure some of the .ithmb creation is by an OS thread thought, and that seems to have a low priority. Maybe part of what causes a complete failure with large numbers of files is that iTunes has an arbitrary timeout placed to work around some other iTunes bug [4].

Once I broke down my slideshow into smaller bits and added them incrementally I seemed to have some success. The count (erratically) displayed in iTunes matched what showed on the iPad album counts and the Aperture smart album counts. Then things went south. The numbers transferred started to be a fraction of the Aperture counts. When things settled out I seemed to be stuck at 7,811 on the iPad (same count in iTunes if I mouseover the iTunes content type distribution bar) out of 9,109 in Aperture [5].

I did some half-hearted testing to try to figure out if this was related to filename characters or the like, but I haven’t gotten very far. I did confirm that RAW files don’t have an obvious problem.

The great news is that I learned today that I’m not alone and it’s not an Aperture specific problem! There’s a Macintouch thread on this by riley (quotes others, emphases mine):

So here's an update on the issue with syncing large Photos databases between iOS devices and iTunes.

After posting a number of followups to my Apple bug report, the response I got back from Engineering was that this is a known limitation in iOS, and "we are working to improve this in a future iOS release."

Their suggestion was to sync by starting with just a few albums, and then repeatedly re-sync, adding a few more albums each time. "On subsequent syncs, iOS will not add additional photos unless the sync preferences in iTunes are different from the previous sync, which is why it is necessary to keep adding selected albums each sync, instead of all at once."

… There is a huge discussion of this over on the Apple forums (see “Photos app on iPhone not syncing in iOS 11 ").

Various people have been told various things. Some have been told it is an iOS issue, some an iTunes issue. Personally, I think there are issues in both that are interacting, which are preventing reliable syncs with large photo albums over USB between iTunes and iOS devices.

Two years ago, our then ~40k photo library in Photos would sync the selected items (maybe around 30k photos in various albums) without problem. Perhaps around the time of iOS 10, the syncs needed to be restarted to complete, but eventually it would work. Since iOS 11, some sync, but many do not, and the sync just cancels with a variety of error messages at various points. Sometimes it is a device error, sometimes nothing. Sometimes many of the photos will be on there, but the albums they should be associated with are empty…

… The last update I heard from the person who was helping me was that it was an iTunes issue (at minimum, perhaps iOS too). She said that the Apple engineering team is aware of the issue and working on finding the problem so it can be fixed.

… I also see that since the latest tvOS update and the latest iOS 11 update, many albums are no longer being shared with the Apple TVs.

Hmm. This suggests to force updates one should add or remove some album with every sync. That did not work quite as expected. After I tried using the Media Finder code [3] and the ‘add new album’ trick iTunes said it was synchronizing another 1000+ files (that’s good!) but then the counts in iTunes and iPad dropped from 7,811 to 7303. So that’s just great.[6]

Since I now know this is not just an (abandoned) Aperture problem I added an iTunes feedback comment about the problem. Rumor is Apple processes these, presumably doing some algorithmic text extraction based on volume. So add your voice if you’re interested.

- fn -

[1] It took hours to empty the trash after deleting iPod Photo Cache — despite files being on an SSD.
[2] I changed extension of a copy to .jpg and it rendered as expected. They are fairly high res images, in a small sample I examined one was a 3MB jpg. 
[3] In Sierra’s Open dialog the Media Finder still shows in the left nav pane! Maybe invoking it might trigger some updates? Worth a try to open it and let it run for a while.
[4] It’s widely assumed that iTunes source code is an impenetrable mess with bits left over from pre-Apple days. 
[5] Incidentally “Stacks” are a problem. One of the many bad things Apple did in bridging iPhoto and Aperture was to treat an old iPhoto Edit as an Aperture Stack. This threw away key information — that one image was the new version of another. There are lots of downstream implications. Years later I’m recreating thousands of iPhoto edits in Aperture. One of the problem is that when you tag an image as “slideshow” then transfer to iPad both versions go. I think this can cause the iPad count to be higher than the Aperture count, but of course the problem I haves is in the other direction.
[6] I removed the extra album and then the count went UP to 7,811 again! That album did reference photos that were in other albums, so maybe part of the bug has to do with photos that are in more than one album. I do think there are multiple bugs here though.

Update 12/31/2017 I

There are some JPEG images in my older files that do not show up in either OS X Media Browser (old iLife code) or Sierra’s Screen Saver Library browser and do not transfer to the iPad via iTunes. However, if I export the original and drop it back in again then the image appears normally — this doesn’t appear to be problem with the JPEG. They also render normally in several different apps and EXIF viewers.

Rebuilding the Aperture database does not make a difference.

So this is curious, and potentially an important clue, but to go further I need to understand how Media Browser works.  In my case the bug doesn’t only impact image transfer to my iPhone; it impacts Media Browser as well. I’m now poking around at ~/Library/Application Support/iLifeAssetManagement and ~/Library/Application Support/iLifeMediaBrowser, especially ~/Library/Application Support/iLifeAssetManagement/state/albumshare/Daemon.sqlite.

Update 12/31/2017 II

Finding more “invisibles” but no clear pattern to what’s omitted. Some are quite small - from the days when 100K was a good image size. It’s not size alone though; of a pair of similar old images a 64kb one made it across and a 70k one didn’t.

Update 1/1/2018

Same sync, same everything — but now iPad acts as though it’s been syncing to a different computer. All images removed! It took several tries to get one album to sync, but after it started working I could do about  @1,200 at a time. Now have about 7,700 on iPad out of 9,100 on Mac. I won’t sync iPad to iTunes again until there’s word of a bug fix. Just stick with what’s on there now.

Wednesday, December 27, 2017

How to maybe stop Sierra from preferentially auto-connecting to XFINITY WiFi.

My Mac insists on connecting to my neighbors Comcast/XFINITY WiFi rather than my home wifi. The usual recommendations didn’t work. (Note, if you don’t run as admin, and want to play with WiFi settings, you need to first click the unlock icon on the Network Preference Pane before you click “Advanced”. Bad UI.)

Despite deleting XFINITY from preferred networks I could still immediately join my neighbors network. Sierra didn’t seem to honor the order of WiFi networks I’d set. I searched Keychain but couldn’t find Comcast or XFINITY left anywhere.

The new trick to look to see if you have a Profiles PreferencePane. There, if you’re like me, you’ll find a “User Profile” called XFINITY WiFi. (I dimly recall installing per XFINITY directions, but now they advise us to use an app — I think the app may allow one to prioritize a local WiFi).

My XFINITY WiFi Profile description said “Automatically connect to XFINITY WiFi hotspots”. It had an Enterprise Profile ID and I suspect MacOS is prioritizing it. So I deleted it.

And … I still connect to the XFINITY WiFI without specifying a password. It appears to need no credentials (or the Profile is still lurking around). When I toggle WiFi on/off I don’t auto-connect to XFINITY though, so maybe removing the cert deprioritized it.

I think this is more a MacOS bug that a Comcast bug.

Can't remove last "App" from the App Bar in iOS 11.2.1 Turn screen to landscape mode.

On my iPhone 8 with iOS 11.2.1 I was unable to toggle off the last App (YouTube by alpha sort) in my plug-in list (what I mean). I turned phone to landscape mode and my touch was recognized. It’s not a screen touch bug because after doing this I could turn back to portrait mode and toggle it on/off at will. I suspect an array count or layout bug.

Tuesday, December 26, 2017

My Instagram account was hacked -- the follow-up is interesting

I signed up for Instagram before Facebook bought them. Back then it was a curiosity of low value and I used my throwaway password. That’s the password I’ve used for over 20 years for things I don’t care about, usually things that don’t even make it into my 1,867 item password database (ok, so only 488 are likely useful).  It’s an 8 character alphanumeric — not bad by the standards of 1997 but obviously insecure now. It’s also certainly been added to many dictionaries as various services have been hacked.

After Facebook acquired instagram I think I authenticated through my Facebook account. I forgot about the old password.

Today when I launched I was notified of a login from Rio de Janeiro. When I answered that was not me I was sent to a password change screen. Evidently, like Google, Facebook/Instagram considers a valid password only a modest marker of identity (it might help that I never use the Instagram password and, in particular, I never login with the email address associated with that account, only with a username).

So no harm there — but it means someone is testing the throwaway password together with my gmail address against a range of accounts. I checked my database and there may be a few low value accounts I should clean up. Very few though …