Sunday, October 26, 2014

Migration assistant didn't seem to migrate my OS X Mail mailboxes and content

I used Migration Assistant to copy a user account from a Time Capsule backup (of a Lion machine) to a Mavericks machine. The Lion machine Mail app used the Google IMAP connection.

The behavior of surprised me. Initially it appeared empty, though mailbox folders were present. Then, overnight, messages appeared to transfer from Gmail. They didn’t appear to have been migrated from the original machine.

Curious. I couldn’t find much about this on the net, so for now I’ll share without comment.

Saturday, October 25, 2014

Adventures in using Migration Assistant to move one User from a Lion Mac to a Mavericks Mac

When my G5 iMac finally died (1995-2014) I first thought we’d need another machine - like Apple’s top-secret max value DVD containing laptop. As it turned out, we didn’t, which is probably not great news for Apple. I did have to reconfigure our existing devices and order an external display, but we ended up with a better hardware distribution than we started with.

The reconfiguration did require migrating a user from an older machine running Lion to a Mavericks machine [1]. That’s what this post is mostly about, so feel free to skip the hardware refactoring discussion.

The hardware refactoring

Before the G5 iMac (2005-2014) died our family of five (not counting Kateva) had 1 iPhone apiece, no iPads, a 2009 27” iMac [2], a 2006 MacBook Core 2 Duo (Lion) [3], a 2011 11” MacBook Air [4] and, of course the G5. (And two of the kids are getting school iPads in a few weeks.)

Each machine had its constituency. 

The SSD revitalized 2009 iMac is our family server and my personal machine — thanks to its 1TB Samsung SSD power I’d need to spend $2,800 to replace it with a better machine. The 2005 G5 iMac was used by the boys for writing and light web browsing, and it was a DVD playing / iTunes streaming entertainment center. The Air has always been sadly underutilized — it’s my laptop but I usually travel with a corporate winter thing. The 2006 MacBook (Lion) is the main homework machine and my wife’s laptop [5].

We played around with a few options, most of which involved spending about $1,600 and dealing with the pain of a new Mac [6], but we realized that we actually had everything we needed. 

So the 2009 iMac stays where it is, the 2011 Air will become Emily’s primary workstation (hence the account migration need), and the 2006 MacBook with its DVD player will get a $240 external 27” display with integrated speakers. It  will become the DVD/iTunes streaming media center and, with the new external display, a much improved homework machine [7].

All the hardware gets used, we save about $1,300 and weeks of pain (burning coals, pins in eyes, etc). 

Moving the user - quirks of Migration Assistant

I wanted to move Emily’s data from the MacBook (Lion) to the Air (Mavericks) and I remembered that Migration Assistant can move a single user account (or much more) [8]. So I hooked up the two machines with an ethernet cable and … it didn’t work. The User Accounts from the MacBook didn’t show up — only apps and config data appeared.

I did, however, see that I could move Emily’s data from the MacBook backup on Time Capsule. I hadn’t known that was possible. (Turns out this is also a way to restore User data to a new machine from the backup of a defunct device.)

Google told me the missing User option can be a permissions issue, so I did a safe boot (power up while holding shift key). That runs a number of cleanups including permissions repair and disk utility repair. 

Then I turned WiFi off - to reduce any network confusion.

This time it seemed to work — until it hung with the dreaded “Less than a minute remaining” message.

From my reading it looks like this might be related to disk issues, or file corruption, or the fact that computers hate us (it’s mutual). There are a few options:

  1. Run Disk Utility repair or Disk Warrior or equivalent, seeking the bad file. (I’d already done the safe boot, which I believe runs Disk Utility repair.)
  2. Wait overnight. Sometimes many hours later, the process may complete.
  3. Force quit Migration assistant on the sending machine.
  4. Use Time Capsule instead. (Yay!)

I decided to let it run overnight and try a force quit in the morning… but the MacBook closed its session. I noticed it was repeatedly trying to logout, and in user preferences security was set to logout after 8 minutes of inactivity. I wonder if the logout attempts were causing the problem. I ran fsck -fy in single user mode but the MacBook seemed fine.

So rather than try again I switched to Time Capsule using a direct ethernet connection. It took 16 min to move the data over. I ran into 1 (replicable) UI bug that’s hard to explain. If you don’t see a “continue” prompt, click somewhere else.

Then I tried email - and saw nothing. As I submit this post it appears emails are streaming in from Google - NOT from the backup. I may be running into Mavericks Gmail problems, compounded by a migration from Lion. I think that’s going to be a different post. (At least I have the original machine to work with!)

PS. The Air has an encrypted drive; Mavericks Migration Assistant does not automatically enable migrated non-admin users to unlock the drive on startup. That has to be done in security settings from an admin account.

- fn -

[1] I’m waiting a bit longer before going to Yosemite.

[2] Which, like the G5 iMac, had a troublesome youth, multiple hardware issues, and display discoloration — but has settled into a reliable middle-age. People wonder why I hate buying new Macs.

[3] Suffered from plastic case disintegration syndrome — I missed the recall notice for that one. Has had off-kilter hinges and 1 dead drive, easily replaces because it’s freakily easy to service. Yeah, I hate buying new Macs.

[4] Aside from the early demise of the power supply (replaced by Apple) this machine has been insanely trouble free. Reminds me of the remarkably reliable machines before Jobs and Ives. I can’t explain why the Air actually seems to work.

[5] She likes it, and she doesn’t like dealing with unreliable machines.

[6] Typically something between needles in the eyes and walking on hot coals.

[7] If the drive falters I can put in 250GB SSD for $120 or so and it will be supercharged. This was one of the last of the truly serviceable Macs.

[8] If an account of the same name already exists on the target machine Migration Assistant will help, but I prefer to delete the target machine account if, as is usually the case, it’s not worth keeping.

Wednesday, October 08, 2014

Wordpress spam comment hole and fix

I had comments turned off in Gordon’s Shares [1], but on a rare visit to my admin Dashboard I found 15,000 spomments in the Pending queue [2]. They looked to be all spam, there were several from today, and they were largely related to old posts.

That was a surprise. The blog has comments disabled, there’s no way in the UI to create a comment; I presume the attackers were leveraging an API bug. So in addition to confirming the Commenting was disabled, I also restricted the (disabled) commenting to registered users (which would be me). That seems to have fixed the problem.

[1] Mirrors/archives [1] my pinboard shares. Current setup is a bit different than 2012:
[2] I used the Delete All Comments plugin to clear out the 15K — it transiently tied down my database but it worked.

Update 10/9/2014

If you have unchecked Allow people to post comments on the article on the Options > Discussion panel, then you have only disabled comments on future posts.
This is the kind of thing that gives open source a bad name -- and it doesn't say much for the tech journalists who praise the WordPress organization either. Looks like a great way to do a DOS attack on a WordPress site -- fill up database storage with spomments.

Happily my workaround works perfectly.

Monday, October 06, 2014

ptel Real Paygo fatal flaw: it's a prepay plan that runs up overage fees

One of the reasons we use prepaid plans for the kids is that there should be a natural limit on overages. If Apple’s mediocre iPhone Cellular data controls break down, perhaps due to the iOS 7.1.2 cellular data bug [1], our losses are capped.

Not so with ptel Real Paygo, a service I recently compared to H2O mobile. My son’s cellular data was disabled two days ago, and when I inspected his account I found this notice:

Screen Shot 2014 10 06 at 8 56 33 PM

His did make use of that data, perhaps due to an iOS 7.1.2 bug (thanks Apple) [1]. He still shouldn’t have run up an actual overage however. ptel should have run his account to zero and then cut off service. Instead they ran up the equivalent of 3 years of his typical usage - perhaps due to problems in ptels accounting infrastructure (in which case the honorable thing would be for them to “eat” the overages they didn’t block).

I haven’t bothered pursuing this with ptel — I’d been planning to switch my sone back to H2O wireless after H2O provided a profile to enable 4G data services on the AT&T network. So I abandoned the ptel number. He doesn’t get that many phone calls, so reactivating iMessage on these MVNO networks is the primary pain. I’m just glad this didn’t happen to my daughter. Changing her phone number would be a Richter 10 crisis.

I hope H2O doesn’t have the same abominable practice. Google searches didn’t turn up anything about this practice, but I might not have the right search terms.

[1] My son ran through 1.2 GB of Podcast data on his prepaid account. I have screenshot evidence that was set not to use Cellular data, and when I inspected his phone changes to the cellular data controls were restricted. Nonetheless, cellular data access was enabled. I’ll keep an eye out for a class action suit …

iOS 7: Apple may have broken Safari by changing iCloud sync behavior

My son’s iOS 7 Safari began loading very slowly and crashing on bookmark entry.

Disabling Safari sync in iCloud settings fixed the problem.

I assume Apple has made changes to iCloud as part of their general iOS 8 screwup, and those changes are now impacting iOS 7 users.

iOS: When enabling iMessage get directed to turn on cellular data even when it's already enabled

iOS: When enabling iMessage get directed to turn on cellular data even when it’s already enabled … You probably have Cellular data disabled for Settings. Even though it’s enabled for iMessage you need to also enable it for Settings. It’s a misguided error response, the code wasn’t updated to manage iOS 7 cellular data control.

Saturday, October 04, 2014

AirPlay is not compatible with Extend Network -- at least on my AirPort Express

After much suffering I discovered AirPlay is not compatible with "Extend Network" on my @2012 AirPort Express.

Would be helpful if Apple documented this.

When I enabled Network Extension I had frequent dropouts. Switched to Join Network and it's fine.

Maybe my location is pathological, but I bet I'm not alone.

Tuesday, September 16, 2014

Blogger's BlogThis! bookmarklet has largely disappeared from the web.

Google still hosts the BlogThis! bookmarklet at but they've removed all documentation. Google Search finds old posts, bad links, and splogs. If you drag above to your toolbar I think it will work (did for me). I am seeing new issues with Blogger's perennial line feed problem, so maybe that's part of the removal. [1]

In a similar vein the Blogger online documentation of limits doesn't mention the now 5 year old limit on search -- only the past 5000 posts are searchable within blogger.

On the one tentacle I'm surprised Blogger still works -- Google deprecated it years ago. On another, my RSS feeds are busier than ever, and Google has quietly returned to blogs for its external communications -- tacitly abandoning G+.

Interesting ride on the pseudo-IndieWeb of Blogger, one of the last remnants of pre-Evil Google. I've been using WordPress for years for my microblog posts and I'm happy to report that the migration tool continues to be updated (though last I looked it was still WP 3.5, we're on 4.0 now).

[1] One of the original sins of the personal computer was the CRLF, LF, CR division between DOS, Mac and Unix. Extra blank lines with various combinations of editing tools is the price paid for Bill Gate's CRLF blunder. He should send us all checks by way of compensation.

Friday, September 05, 2014

Tivoli Radio - spending $150 to get a 1960s radio is very 2014

Ten (ten!) years I wrote in this blog …

Gordon's Tech: Tivoli PAL (or iPAL): the iPod speaker accessory of choice?

… At $130 the price isn't bad. It's not as flash as some of the iPod speaker accesories, but it's ruggedly made and comes with a great radio. It might be interesting to pair this with an Airport Express and use it as a convenient iTunes and iPod extension….

Today, ten years later the iPal features are identical but the price has gone up by $90. Despite the price bump and complete lack of feature change the product remains popular.

Capitalism isn’t supposed to work this way. We should have been inundated by Chinese clones; but instead we are swamped by much cheaper products with inscrutable interfaces. (The latter is why we bought the Tivoli.)

In any case I didn’t buy the iPAL, i bought the battery-less Model One for $140 on Amazon. It has the layout of a $10 radio from 1960 - speaker, volume, rotary tuner, AM/FM switch. The only concession to the past 55 years is an Aux setting (I lied, it’s OFF/FM/AM/AUX).

It’s so retro it’s fashionable. My 12 yo wants one bad.

The back ports do show it’s bit more serious than a 1950 knock-off. Here’s a pro picture from Amazon that obscure’s the “made in China” letters and hides some screw heads ..

Screen Shot 2014 09 05 at 8 09 13 PM

and here’s the real thing, which doesn’t look nearly so pretty …


The radio comes with an (undocumented and easy to miss) coax connector with a 3 foot long external antenna wire. If you plug it in, do switch from internal to external. (In my photo you’ll see it’s set to internal even though an external antenna is connected. I only noticed the switch as I was editing the photo!).

There’s a (stereo) headphone jack, a 12V connector (not sure for what), a record out (!) separate from the headphone jack, and an aux in. The power cable, by the way, is very long and comes with a hefty ferrite core which may or may not help with power line hum.

The aux-in on my device is for the AirPort Express AirPlay output - just as I wrote 10 years ago. Unfortunately, it’s not working very well in our kitchen. I’m getting periodic drop outs, and the microwave completely kills any wifi. As best I can tell it should be working — but the Airport Express I’m using is at least 5-6 years old. I’m going to order a modern Airport Extreme to free up a 2-3 yo Airport Express and try that instead.  (I am annoyed that AirPlay/WiFi is not working as advertised, but I’m not surprised. We Apple veterans don’t really expect our Apple gear to work. Apple is only better than all the alternatives.)

If newer AirPort Express still fails I’ll return the Extreme (yay Amazon) and buy a Bluetooth dongle instead.

Tivoli does make a BT version of this devices for $100 more, but the Amazon reviews are damning, particularly this one

After the Tivoli was initially paired with my mom's iPod, it would autoconnect with it every time she wanted to use the bluetooth function. However, when I paired it with my iPhone as well, that autoconnect feature fell by the wayside and every time the bluetooth function was used, you had to re-connect the device manually. Not really a big deal, but it was pretty cool when the Tivoli connected automatically. Just to be sure, I got in touch with Tivoli and they said that once the unit is paired with more than one device, it loses its autoconnect capabilities. They also said there was no way to reset it to factory settings.

This review is a few years old, so maybe Tivoli has fixed their BT problem, but they’re clearly technically incompetent. I decided to go for the simple device they seem to know how to make with AirPlay then, if that fails, an external bluetooth dongle.

The sound and tuner are both fine. So if it keeps working we’re happy — though it’s weird that we have to spend so much to buy something simple:


Capitalism is not working as expected.

Tuesday, September 02, 2014

iOS 7.1.2 update broke cellular data controls

ARGH. I’d come to suspect something like this:

Michael Tsai - Blog - “Use Cellular Data For” Switch Doesn’t Work

… Unfortunately, this feature seems to have stopped working with iOS 7.1.2. I went over my 200 MB bandwidth limit in both July and August—having never done so before. Apps such as OmniFocus and Overcast, which I’ve always set to not use cellular data, used tens of MB of data.

Omni seems to have received other reports of this problem and explained how I could turn off automatic syncing in OmniFocus. I think this helped, but the app has still used 5 MB of data in the last four days, when it shouldn’t have used any at all.

Emily and I have been much closer to our 2GB/month limit than ever before, the kids are running through their prepaid data, and a friend of mine noticed a big leap in AT&T data use.

If there’s a class action suit to get Apple to pay our overages I’m in. They must know about this bug…

In a probably related bug, I’ve noticed that the total cellular data usage is routinely greater than the sum of each apps cellular data usage (so usage is not being recorded at the app level, but is recorded at the OS level). In an unrelated defect, nobody really knows what iTunes Accounts is and why it uses so much data.

See also:

Saturday, August 30, 2014

How to save your iPhone cables from your kids

We’ve gone through about $100 of iPhone cables with our 3 kids over the past six months. They end up looking like this:

IMG 4654

It’s annoying — particularly because I can’t easily order quality replacements from Amazon. They have far too many counterfeit cables (which is unreported, but so it goes). That means ordering from Apple, which is a nuisance (shipping + taxes, I have no time to go to a store).

So I started paying attention to how the kids are using the cables — and today I spotted one killer. #2 uses his aging iPhone 4 as a game console; the old battery means he needs a power supply. So he’s been plugging into the short iPhone cable attached to our USB hub, and tugging on it as he games. Bad for the cable, not so good for the phone.

Here’s the fix …

IMG 4653

Years ago I bought a 30 pin adapter for a micro/mini USB cable. I’ve never tried using it for data, but it’s been fine for charging (quality on these low end adapters is extremely variable). We have about a dozen mini-USB cables and chargers, and they’re all fare more rugged than any standard 30 pin cable. They’re also long enough that #2 doesn’t need to pull them to full length. One problem solved.

Apple doesn’t sell a 30 pin adapter in the US (I thought they did once but I think this Amazon one is counterfeit) but they do sell a micro-USB lightning adapter (alas, we don’t have a plethora of micro-USB cables):

Screen Shot 2014 08 30 at 8 52 52 PM

#2 is getting Emily’s iPhone 5 soon, so we may need to buy this and a few cheap micro-USB cables.

This Belkin adapter is probably a better bet than the ultra-cheap one I purchased, but ti’s also Micro USB.

 Screen Shot 2014 08 30 at 8 54 53 PM

Another approach to this problem is to use a standard cable with a USB extender, but in this case I had an old BlackBerry USB charger at hand so the adapter worked well.

MarsEdit feature request: backlink to a social network share ...

Red Sweater’s MarsEdit (Mac) owns the world of WordPress, Tumbler and Blogger personal publishing. It’s a small world — the major publishers have their own ‘content management’ systems, and the small number of persistent independent bloggers often use native editing tools.

It’s a small world, and it is effectively a Mac only world. Eons ago Windows Live Writer was a fabulous tool by Onfolio purchased by Microsoft then severely neglected and eventually all but broken. You can still download it, but it is known to very few and is a shadow of its former self. So, in its small niche, MarsEdit rules completely. 

MarsEdit is a fine piece of software, but it’s still not the equal of Ontolio Writer. Image handling is particularly weak. On the other hand, it’s not like the (non-existent) competition is any better.

There are many features I’d like to see in MarsEdit, but there’s one odd feature that I’d particularly love to have. It’s a bit weird, but here goes. I’d like MarsEdit to create one or more social media shares at the time of publication, then embed a link to the shares in the post footer. The sequence would probably go like this:

  1. Submit post to Blog to get post URL.
  2. With post URL submit tweet or or microblog post based on title of blog post. Get those URLs.
  3. Update blog post with links in footer like
    1. Comment on … my_app_net links.
The idea is someone reading the post could easily go to Twitter or to respond in a defined stream.

Ok, that’s weird and kludgy and probably inexplicable. I don’t really think of this as a reasonable MarsEdit feature. I’m not sure how else something like this could be implemented though, and I do think we need this sort of thing as a better approach to comments.

Facebook: The differences between Pages and Groups

This is short, but it took me a while to figure out and I’ve not seen it elsewhere.

Facebook offers both Pages and Groups for use by businesses, organizations, sports teams and the like.

Pages are like a multi-author blog. Authorized members can post as the Page (Facebook now shows the actual author name as well, that’s a good improvement) and all followers will see this — though unless you pay per post it may get buried deep in follower feeds.

Comments are associated with a Page Post. Non-Page posts are shunted to a somewhat hidden area and are NOT shared with all followers.

Groups are egalitarian. All posts by all members go to all followers. There are no RSS feeds for Groups. 

You can use IFTTT to create a Page or Group entry.

Pages, like blogs, are public facing. Pages can be configured to be accessible to non-Facebook audience (though they will be nagged to join Facebook), and, as noted above, they have RSS feeds. Groups are only accessible to members and members have to be approved by admins.

I’m not sure whether Pages or Groups get precedence in follower news feeds. I suspect Groups get higher rankings than Pages that don’t pay to play, but I’ve not done any testing.

it’s hard to say whether Pages or Groups are better for non-profit organizations. The big advantage of Pages is that they are available to non-Facebook members, but the nags are very annoying. I lean towards Groups for most, but Pages have promotion advantages. For business Pages are clearly better; they’re really designed for business use.

Saturday, August 23, 2014

ptel Real Paygo vs. H2O with data

[WARNING: See Update 10/6/14 for Ptel’s fatal flaw.] 

We’ve had the kids on H20 Wireless, an AT&T MVNO, for two years. The only change over that time has been H2O extending the post-recharge expiration time from 60 days to 90 days — so we’ve been paying $40 a year for the boys minimal voice and text use (no data). Our daughter costs a bit more, maybe $60-$70 a year.

H2O worked well for us, despite the minimalist customer service. Recently, however, we had need of limited data services for our #1 son (primarily for Find Friends). With iOS 7’s awkward cellular data control settings we think we might be able to make 100MB/month work. I couldn’t get data working on H2O and got the impression (was told?) that they only did date for the postpaid plans - so I looked into ptel, a T-mobile MVNO (below).

I ended up switching #1 to ptel and I’ve summarized what I learned below. In the meantime, however, H2O now allows data use for iPhones [1]. I believe this is new, I learned of it via chat support as a last step check prior to migrating our daughter to Ptel [2]. The data service requires installing a new carrier profile from an ominous looking and quite mysterious web site:

I installed that carrier profile on an AT&T/H2O iPhone 4s and an AT&T/H2O iPhone 4. After the profile update the 4s gets 4G data and the 4 gets 3G. This is rather nice, since my #2 son has built up an $100+ credit over the past two years (it used to cost more than $40/year and he rarely texts and never phones). H2O Wireless rates are 5c/min, 5c/text, 10c/MB — but the real beauty is the 90 day expiration rates for even a $10 purchase. That’s the longest low cost expiration I’ve seen.

As I mentioned, I found this out after moving #1 son to ptel (he used to be on H2O). Enabling data on H2O stopped the migration for the other kids, but I’ll share what I’ve learned about Ptel. They’re a t-mobile MVNO, which means AT&T phones get lower data rates — 3G or E rather than 4G [4]. They also don’t support Google Voice voicemail on their PAYGO (prepaid) plan and they say “you will be able to send MMS from your iPhone, however, receiving MMS may require additional programming, which can be found through a simple search on the Internet.” [3]. On the other hand ptel is cheaper than H2O wireless for text — 2c/text rather than 5c/text. The MB rate of 10c/MB looks the same as H2O, but ptel says they “do not round up your data usage”. 

Both ptel and H2O have domestic long distance included in standard rate, but our kids only talk on phone when we call them because they didn’t answer a text.

Overall ptel is quite competitive with H2O for an AT&T iPhone — probably less expensive data and half the cost of text. On the other hand ptel gives you only 60 days of service for a $10 “Cash Top-up”, so the minimum yearly spend is $60 rather than $40. Ptel also has lower speed data and the MMS and Google Voice issues.

At the moment, now that I have data on H2O wireless, I’m keeping #2 and #3 child on H2O. On the other hand I’d already moved #1 to ptel and I’ll stay with that for the moment. Here’s are some of the things I’ve learned about ptel prepay:

  • I paid 0.00 on Amazon for a ptel SIM card. Yes, free. I think retail cost is $5.00. Comes in a nifty dual-size mode that fits 3GS or 4S.
  • We do a  “Cash Top-up” with any refill amount between $10 and $150. 
  • Unused balance from $10, $20, $30, $40 and $50 carries over for 365 days from date it was originally loaded onto the account. Unused balance from $100 carries over until depleted. To maintain your Real Paygo service, a new PIN must be loaded on/before service days expire.
  • You can turn off voice mail by working with chat operator. Our kids have no use for voice mail; they never check and it runs up fees.
  • Call 611 for support (usual)
  • #BAL# or #225# to check balance or send SMS with word BAL to 7801.
  • The web site is pretty decent, you can configure email balance alerts
  • ptel’s website says tethering is disallowed. I think it works, but it’s not economical.
  • Despite advice for CDN the iPhone 4s seemed to auto-program

Service day expiration for ptel:

  • $10 Top-Up: 60 days 
  • $20 Top-Up: 90 days 
  • $30 Top-Up: 120 days 
  • $40 Top-Up: 150 days 
  • $50 Top-Up: 180 days 
  • $100 Top-Up: 1 year

I believe when you add a Top-Up to money in the account the expiration date is actually based on the new balance starting from the time added, but I’m not sure about this. (IF you have $50 in account with 90 days left, and you add $10, does expiration date really drop to 60 days?! I am guessing it’s the balance.)

[1] AT&T iPhones can be used on H2O without unlocking — but that’s less relevant now that it’s easy to unlock a post-contract AT&T iPhone.

[2] It may not be new, I didn’t want data for them until very recently. The H2O web site used to be quite awful and support was nonexistent; they’ve recently improved the site and chat support is actually useful.

[3] Found through simple search? WTF?

[4] "You may not get 3G data speeds in all markets. Since the iPhone does not support the 1700MHz band, which we use to provide 3G, there are some markets in which the iPhone will have EDGE data speeds.” 

See also

Update 8/30/14: In my real world testing I’ve found Ptel data to be much less reliable than H2O data on an iPhone 4S. So I’m moving #1 back to H2O.

Update 10/6/14: One of the kids stayed on Ptel, which is how we discovered their fatal flaw. Ptel will allow data use to continue well beyond what the prepaid balance. At some point their accounting system will cut off service, but they will not restart service until the deficit is paid. This rather defeats the purpose of a prepaid account. In my son’s case use slipped past Apple’s flawed cellular use controls. As shown on screenshot from 7/14/14 I had Podcast cellular use disabled; but as of today it was enabled — despite cellular data use being locked. This may be related to a 7.1.2 bug.

Sunday, August 17, 2014

Security is hard - where I realize my clone backups are browsable

I rotate my backups offsite, so I encrypt the drives using 10.9’s quite good drive encryption.

Which works fine — until I realized that every user on my machine can browse those drives. OS X provides drive access on startup, and it doesn’t have a concept of user-specific access for encrypted removable drives. So, again, every user can browse them.

So that means my if my kids login to my primary machine they can browse the Carbon Copy Cloner backups [1] on that encrypted drive. Which is not good, since the backups contain the holy grail — our credentials database (Still in FIleMaker, because I like the simplicity and flexibility.)

Happily the credentials database lives on a separately encrypted disk image. In my testing the child accounts cannot view that image, even when it is mounted from my account (because the physical image lives in a folder the kids don’t have access too). They can’t view the file in the backups either — because it’s not mounted from there.

Anyway, I decided to try double-encryption. I encrypt the CCC disk images as well as the drive. In my testing the kids can browse those only if they’re mounted, which is controlled from my user account. So that’s not too bad.

Damn, but security is hard.

[1] I use Time Capsule as well — backup should always be automatic, at least daily, and involve two completely different methods. The CCC clones are backups insofar as I rotate them every week or so, and because CCC puts changed or remove files into an archive.

Update 8/18/14: This wasn’t hard to fix. I just had to change the default settings on my encrypted external drives:

Original: Ownership was ignored and everyone had read privileges

Screen Shot 2014 08 18 at 8 20 37 PM

Revised: Enabled ownership, gave everyone no access but parents and admin read & write (System/wheel/staff stuff just happened, blame weird OS X permission behavior)

Screen Shot 2014 08 18 at 8 25 35 PM

With this configuration I can do backups and restores but the kids can’t open the drive — and they can’t see drives mounted from images on the backup drive. What about if I need to do a restore to a new drive? I believe anyone with admin privileges can change permissions or ignore ownership on an attached drive.