Saturday, March 14, 2015

Google password works on Gmail but nowhere else? Congratulations. You're enrolled in Google Advanced Security.

Ugh. File this on under #FirstMilleniumComputingRIP or #YosemiteRequired or #iOSForEveryone or #aWatchFuture.

A friend got an email a few weeks ago from Google, warning her that some had tried logging into her account from Galati Romania and somewhere in Kyrgyzstan. I didn’t see the original email, but I gather Google recommended she change her password. I don’t know if Google said anything about other consequences. The implication was that Google blocked those accesses [1], much as your credit card company routinely blocks the Moscow charges you never hear about.

By the way, if this happens to you, walk through the Gmail security checklist.

I don’t know if Google mentioned anything in the email about additional security measures, but what she noticed was that she couldn’t use Gmail on her home computer. It said “password incorrect” though she was using the right password.

It took me 30-40 minutes to figure out what was going on. I created a new user account to confirm it wasn’t anything on her Mac running OS X Lion [2]. Then, guessing that Google had enrolled her in some new enhanced security program, I went looking around Google’s security settings and I found an “Access for less secure apps” setting [4]


I also found this notice …


and I could see where our legitimate logons had been blocked (but marking those as legitimate did nothing) …


I can’t find Access to Less Secure Apps controls on my own Google accounts [3]; I think it’s automatically enabled after an account hack or if you click the “Secure your account” link in “Notifications and Alerts” or in the “Devices & activity” above. (Maybe this was mentioned in the email from Google? That would be nice.)

If Access for less secure apps is on, then this article applies:

Allowing less secure apps to access your account - Accounts Help

Google may block sign in attempts from some apps or devices that do not use modern security standards. Since these apps and devices are easier to break into, blocking them helps keep your account safer.

Some examples of apps that do not support the latest security standards include:

The Mail app on your iPhone or iPad with iOS 6 or below
The Mail app on your Windows phone preceding the 8.1 release
Some Desktop mail clients like Microsoft Outlook and Mozilla Thunderbird …


To help keep your account secure, we may block these less secure apps from accessing your account, and you’ll see a “Password incorrect” error when trying to sign in. If this is the case, you have two options:

Upgrade to a more secure app that uses the most up to date security measures. All Google products, like Gmail, use the latest security measures.

Go to Allow less secure apps and choose “Allow” to let less secure apps access your Google account. We don’t recommend this option because it may make it easier for someone to gain access to your account…

Yeah, all you get is a “password incorrect” error. Which is wrong of course, your password is fine. Problem is, for OS X isn’t designed to say “Google doesn’t like me”. It tries to connect, gets rejected, and renders this as “password incorrect”.

Once I figured out the problem I found Google’s April 2014 security blog announcement:

Google Online Security Blog: New Security Measures Will Affect Older (non-OAuth 2.0) Applications

… beginning in the second half of 2014, we’ll start gradually increasing the security checks performed when users log in to Google. These additional checks will ensure that only the intended user has access to their account, whether through a browser, device or application. These changes will affect any application that sends a username and/or password to Google.

To better protect your users, we recommend you upgrade all of your applications to OAuth 2.0. If you choose not to do so, your users will be required to take extra steps in order to keep accessing your applications.

You do know what version of OAuth OS X uses, don’t you? Oh, wait, does even use OAuth?! It appears so as of 10.0.3 (Yosemite); I suspect Google considers any OS X app (Mail, Calendar, Contacts) prior to Yosemite to be less secure.

There’s a bit more useful information in this April 2014 article. I’m sure you read that one regularly to keep your Google services working smoothly! As noted in the article, you can enable Access for less secure apps [5]. That took care of my friend’s problem.


My friend asked me what regular people do. My answers was, unfortunately, they don’t/can’t. The writing has been on the wall for a few years — civilians should not own “computers”. They should a single iOS device [6] and do everything through Apple [7]. This kind of thing is only going to get worse.

- fn -

[1] But what about the accesses Google might not have blocked? Google Account security now lets you see what devices have signed in from where over the past 28 days as well as review your security notifications. Between those and reviewing your Account Permissions you can get a rough idea if an unsophisticated attacker got by Google’s secondary defenses.

[2] I also have a Lion machine the kids use a bit. It’s no longer being updated of course, and I should probably retire it.

[3] I checked both my 2FA and non-2FA Google Apps/Google accounts and didn’t see it on any of them.

[4] First I went through her access history and authorized a number of them. Turns out that’s pointless, Google just provides that to keep us confused. 

[5] Or enable 2FA. Google 2FA is less of a PITA than it once was, but it’s not ready for civilian use. Too many ways to go wrong, especially when a device is stolen.

[6] I don’t think Android is a good choice. Sorry. The single best choice for most is probably an iPhone 6+. There’s an unmet need for an flip-phone-like compact device that provides simple phone services to a companion iPad. Maybe Apple Watch version 3 will do that.

[7] if Apple doesn’t do it, then give up.


Tuesday, March 10, 2015

H2O Wireless - getting a nano SIM for your upgraded phone - and keeping your old H2O number.

H2O Wireless is a rock bottom ultra-cheap AT&T MVNO. We use it for the 3 kids and their iPhones, with very minimal data services (Find Friends, email, Find My Phone — everything else is more locked down than even Emily and I).
Child #2 costs us about $40 a year - the minimum to keep his account open. He doesn’t talk or text much and is almost always on WiFi. He plays games. #1 costs about $10 a month — he does SMS, iMessage, and a few other apps. His data usage is primarily Apple’s utterly mysterious “iTunes Accounts”.
#3 runs through $10-20/month — she might end up on our AT&T plan. Lots of texting.
Our total child cellular service bill with H2O is about $25-$30/month. Hard to beat for 3 kids. In theory there are no data services with the H2O per minute plan, but we installed the H2O Profile and we get “4G” data. (Though on #2’s i5 if I enable LTE the tower boots us off the network)
Of course there’s a downside to the low end of the network. Although H2O’s web site has improved significantly over the past few years, service can be tricky to get. Some things are hard.
Things like … getting a Nano SIM so my son could go from a dying 4 to a used 5 [2].
The first time I called H2O Support (1-800-643-4926) I was told I could use the number transfer request screen and transfer the number from H2O to H2O, providing a fresh SIM number and an IMEI. Warning: this does not work (at least, not entirely, and not for us).
On a second call I was told that only H2O reps can do the transfer. You have to buy a fresh H2O Nano SIM and call them with the “ActFast” code. They will then try to activate the phone with the new SIM. Sometimes it works, but for some numbers/SIMs it doesn’t. (Life at the low end.)
In our case I ordered an H2O “Smart SIM” on Amazon for 0.01 [3]. I called support with the SIM in the phone; surprisingly there was no wait. The support person was able to activate the phone, interestingly he didn’t need the IMEI. The initial signal was very weak, he told me to “dial”  ##21# — that supposedly requests service from the tower. It did seem to boost the signal.
I’d already installed the H2O profile, but I deleted the old one and reinstalled. I found he could get “4G” data (not bad), but when I tried to enable LTE the tower cut us off. (H2O says per-minute plans get no data, so I can’t complain.)
After the transition the web site says #2’s balance is intact. Which is pretty good, because after years of paying for the number with minimal use he has quite a nice balance.

[1] not backed up by the way, so you need to reinstall if you do a restore

[2] I actually cut down his old Mini-SIM to nano-size and it worked, but I’ve never been able to get data on his SIM. So I wanted a fresh Nano.

[3] I’ve ordered several Amazon SIMs. The first time I did it I assumed it was a scam. It doesn’t seem to be, I think the sellers get money from H2O and the like every time a SIM is activated. They’re $15 from the H2O site.

Saturday, March 07, 2015

Transferring eNom domain with associated Google Apps services to Dreamhost: 2015 Edition

It’s hard to imagine now, but once upon a time Google gave big stuff away. Until Dec 2012 anyone could get extended family Google Apps services and a companion domain for a pittance — $10 a year.  Today I still have most of the features of Google’s $50/user/year ’Apps for Work’, but I only pay for domain registration. [4]

Naturally I acquired quite a few Google Apps services, either directly from Google or through Dreamhost (referral link) [1]. Today I still have 10 Google Apps suites. 

The ones I got directly through Google were registered with eNom. This worked reasonably well until Google ended their first generation payment systems, so each eNom account had its own payment data and was completely independent from all others. Since then I’ve been slowly migrating accounts from eNom to Google.

Very slowly! I last moved a Google Apps associated eNom domain in 2009. Yeah, six years ago. [2] Over the past few weeks I’ve moved two more, enough that I’m getting the hang of it. The process is similar to what I wrote about years ago, but there are some added security steps.

I’m going to try to document what I did here — as much for me as for anyone else. Don’t trust what I write though — read Google’s documentation as well, they include registrar specific advice as well:

Key Concepts 

If you understand these concepts things are a lot simpler:

  1. There are 3 independent services involved in this process:
    1. Google Apps services
    2. DNS services (primarily CNAME and MX, the latter is email specific and is particularly old and crotchety).
    3. Registrar services (ex: management of, including pointing to DNS services for wherever they might be.)
  2. One business could provide all 3 services [3] or each service could be with a different service. Throughout the process below Google provided Google Services, but I started out with eNom providing both DNS and Registrar services. Then I moved DNS services to Dreamhost. Seven days later Registrar services completed their move to Dreamhost.
  3. The things that connect a Domain to Google Apps are…
    1. Google stores the name of the domain in its records
    2. DNS entries that point to When you enter a URL the Domain Name Server sends the request to, it looks up the domain name and handles it. (Similar magic for MX records).

Steps to follow

This assumes you’re paying for full featured Dreamhost hosting [1]. Quick steps here, more notes below.

  1. Go to eNOM domain settings on Google Apps. Confirm contact information email works. Don’t use contact email that belongs to the domain you’re moving.
  2. Go to Dreamhost, add the domain you’re going to move per DreamHost CNAME record instructions as a fully hosted domain under your Dreamhost username. Yes, you can and should do this before you actually move the domain. You’re setting up DNS services at Dreamhost and soon you’ll tell eNom to use those instead of eNom’s native services.
    1. Go to Manage Domains and “Add Hosting” choose Fully Hosted. I put everything under my one username.
    2. Click the box for Google Apps. Dreamhost will configure standard CNAMEs and especially MX records.
    3. Add additional CNAMEs as needed: calendar, docs, drive, blog based on what you see in your eNom records. Don’t need to repeat DomainKey entry used to verify with Google (?). The A record that Dreamhost creates is used to redirect the naked domain to ‘www’.
  3. Go to eNom settings and change eNOM DNS information to use Dreamhost. (, etc) Once you do this eNom is now only your registrar.
  4. Confirm DNS still works and can send email to address in domain. I’m not sure how long this takes, 
  5. NOW, Request unlock of the eNom domain by email (see example below. Yes, by email and include your eNom password!). Once this is processed you’ll get two emails from Google, one with authorization key (EPP key).
  6. Go to Dreamhost Reg Transfer, request transfer, and complete form. Pay for transfer. Initiate transfer. You’ll see a notice that a 7 day countdown has begun.
  7. About 30-40 min later you’ll get an email from Dreamhost at your official domain email contact that you verified above. Click the link. Go to approval page. Agree. See “your response has been recorded”
  8. Receive notice from Google in 1-2 hr (no action required unless wish to cancel)

    DOMAIN NAME TRANSFER - Confirmation of Registrar Transfer Request

  9. Receive notice after 7 days that is complete. Now go to Dreamhost. Lock the domain. Enable auto-renewal. Test email and google services. (Fees used to be $9, then $10, now $12)
  10. LAST: Google tries to renew registration, fails, sends note domain moved. However, Google never fixes up its Domain settings on the legacy account, they always show “enom” (sic) as registrar.

Sample of eNom letter

Please unlock this domain, disable Google ID Protect, and send authorization code. Thank you!

Domain :
Password : u5yhtt5p965965 (your eNom pw, not your Google pw. Get this from Google Apps Domain Settings.
Customer service PIN : (if you know it, optional)

This is what eNom sends if you ask how to proceed.

 Greetings ,

To transfer your domain, you're going to need the domain to be unlocked and the authorization code for the domain. I can assist you with both of those if you can give me the domain password that Google supplied you. (Note: this is NOT your Google Apps login password.)

When you registered the domain, Google set up a privacy protect service and I will disable that in order for the transfer to be successful.

Also, please be aware that in order to transfer the domain, it needs to be 60 days after registration. This isn't an eNom-specific rule - this is a rule for all registrars set by ICANN.

Please e-mail me back with the domain name and password and I can get started on getting you the information you need.

If you don't know your domain password, follow these steps to find it:

Enter your domain name at the access login screen (, with AAA as the password, then copy the verification code. Click "Log In" to submit the information.

Put the name in again and then click on the "forgot password" link and it will be emailed to you at the address on file with Google for your domain name.

***IMPORTANT: Remember log into your domain manager at to ensure your Registrant and Administrative contact information is valid BEFORE transferring the domain name***

Alternately, IF YOU DID NOT CHANGE THE PASSWORD, you may also recover your Google domain password using the following steps:

To access your Advanced DNS settings, please follow these steps:

Log in to your account at
Click on the Domains icon on your Admin console dashboard. You may need to click on More controls at the bottom of the screen to find the Domains icon.
Click on the Advanced DNS settings link associated with your Primary Domain.
To make changes to your DNS settings, sign into your DNS console with the login information provided on this page.
When you access Advanced DNS settings, you'll be directed away from Google, and to the domain registration partner that registered your domain name. This is currently available in English only.


Google Advanced Domain Support

Provided by eNom, Inc.

and this is what you get from eNom after you unlock:

Thank you for proper verification of domain ownership by supplying the domain password.

The domain has been unlocked, ID Protect has been disabled for transfer and your authorization code has been sent to the following email address in a separate e-mail. Please check your spam folder or filters as this is often captured.

***IMPORTANT: Remember log into your domain manager at to ensure your Registrant and Administrative contact information is valid BEFORE transferring the domain name***


If the above email address is invalid, please log into the access control panel ( and update the contact information. Once the email address has been updated please reply back at your earliest convenience so that we may resend the EPP/ Authorization code.

Your domain is ready for transfer.

As a note: the transfer process does take 5-7 days for the domain to arrive at the gaining registrar. Once started by you, there is nothing you need to contact us about again. You can however ask us to confirm if the domain is pending transfer should you need to check.

DNS Result after setting up in Dreamhost as fully hosted with Google Apps services

Screen Shot 2015 03 10 at 8 34 37 PM

Additional Custom CNAME (copied from eNom) that I added (some, like ‘sl’ are really exotic. Don’t worry about it.)

Custom cname

Miscellaneous artifacts

Dreamhost shows this after you initiate the transfer

 Screen Shot 2015 03 10 at 9 11 24 PM

Some sample email excerpts:


We have requested your to be transferred to DreamHost! First, your admin contact will receive an email with a link to approve the transfer from us. They will then receive another email from the current registrar with instructions on how to approve the transfer from their side. Typically, transfers take about 7-10 days to go through. You will receive an email from us when we've learned if the transfer has been approved or denied. Note: If you'd like to also host with us, please visit "Manage Domains" now.


Domains must be "unlocked" at their current registrar or the transfer will fail. Domains may not be transferred within 60 days of their initial registration or their most recent transfer! You should do any name server changes (e.g. to, etc) before transferring! You must make sure you have access to the admin contact email currently listed for your domain! You will receive an email from with instructions on how to complete the transfer to DreamHost. If you do not receive it in a few hours, please check your spam filter. The entire process may take 7-10 days or longer before it is complete!

- fn -

[1] Dreamhost has worked well for me for many years. I you sign up and use my PROMO code of KATEVA you get $50 off the 1st  year (I get $47.)

[2] That freaks me out a bit, I vaguely remember when 6 years was more than yesterday. 

[3] Recently Google began providing domain services itself, but i don’t know much about it.

[4] Ok, so you can still get Google Voice (thought it’s a bit trickier than it once was). That service has saved me thousands of dollars on mobile phone calls to Canada.

Fixing Google Chrome Mac Update Error: 12 - success after years of failure.

I’ve been waging a desultory war on a Google Chrome Mac Update Error 12 bug for years. I can’t remember when Chrome updated itself correctly on my Mac, but I didn’t really dig into the bug. I figured Google would fix it sooner or later, in the meantime I’ve been manually downloading Chrome installers every few months (not a great idea obviously).

Today I gave up on Google and started work on the bug. The key to finding the answer was logging into my admin account, starting Console, clearing the log, then watching what showed up as I started Chrome and opened the About screen while Chrome tried to update and generated the usual error: 12 message. I saw something like this:

 …. CODE SIGNING: cs_invalid_page(0x1000): p=809[GoogleSoftwareUp] clearing CS_VALID …

Searching on that string I found an old AskDifferent post on a related topic. That pointed to 


where, like Daniel Azuelos, I found these file dates. 

Screen Shot 2015 03 07 at 11 35 16 AM

Yeah, 2012.

The fix is to quite Chrome, delete  /Library/Google/GoogleSoftwareUpdate (root Library, not User), reinstall Google Software Update Installer and restart. Then you get something like this:

Screen Shot 2015 03 07 at 12 02 44 PM

Yeah, 2014. A bit better.

Then, still from my Admin Account, I ran Chrome and stepped through several versions of the Chrome About screen:

 Screen Shot 2015 03 07 at 11 35 50 AM


Screen Shot 2015 03 07 at 11 37 41 AM

Do the relaunch, then ..

Screen Shot 2015 03 07 at 11 37 57 AM

Setup up Automatic Updates for All Users (I’ll be impressed if this actually works!):

Screen Shot 2015 03 07 at 11 38 08 AM

First automatic update in my memory.

I suspect this problem arose from years of several intersecting bugs — some belong to Apple’s famously buggy permissions infrastructure, some related to how Google interacts with people who run OS X as non-admin users, some related to how Google Chrome/Updater manages install errors, some related to how Google mangled OS X Library structures over the years.

Once I’d fixed the problem I read Google’s tech support note more carefully (with Mavericks/Mountain Lion their sudo instructions only work if you run as admin, they kind of left that out). This is the relevant bit:

Run the following command. Be careful to enter the command exactly as written:

~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/ --uninstall. It may result in a "No such file error"; the next command will address that.

Now run this following command. Again, carefully enter the command exactly as written:

sudo /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/ --uninstall

The first command runs against the User account library. Google acts like there’s ONE user account on the machine, instead of say, an Admin account and many user accounts. Anyway, I didn’t have anything like that in either my Admin or Non-Admin account.

The second is closer to the real fix, but look back at 2012 files. There’s no file there. The answer was to delete parent folder in /Library, not to try to run a non-existent installer.

PS. MarsEdit image upload really needs a lot of work. Hope the new competition from Blogo will help. Also, this is relevant.

Thursday, March 05, 2015

Work around for the Lion Connect As bug

There’s a bug in Lion that causes all network connections to Connect As the current user. You can’t Disconnect and then get a username/password prompt; if you click Disconnect you’ll briefly see the “Connect As” button flash by. Then you’re back as the current machine account.

I think the bug hits when the username on the Lion machine matches the user name on the remote machine.

There are several workarounds, but this is the easiest for me.

Go to Finder:Go:Connect to Server. Look for something like: 


Now put the username you want to use on the remote server in there:


Now you’ll be asked the password.

(Yeah, still have a Lion machine. Old dual USB MacBook with a swapped drive. Won’t die.)

Sunday, March 01, 2015

How to find the damned MAC address for an Airport client so you can configure access times

There is such a thing as too few features. 

Apple stripped a lot out of Airport Utility between v5 and various v6 iterations. Among other things they made it much harder to find the MAC address for a connected device. You need this address to control access times.

The trick is to Option-double-click the base station to get the Summary tab, from which you can see the MAC address. You can’t copy paste that address however. To do that run the terminal command [arp -a]. Look up the IP and MAC address, that you can copy paste.

Of course you may find copy-paste isn’t all that useful. I tried a copy-paste operation into the MAC address field of Airport Utility 6.3.2 and the “Save” button stayed unclickable. I had to type the MAC address in character by character to enable the Save button.

Dumb. Really.

Thursday, February 26, 2015

iTunes Cloud videos not showing up? Maybe you're over the device limit Apple is now enforcing.

Recently Apple revised their US family sharing policy … "… up to 10 devices per account, only five of which can be computers … Not all products, including In-App Purchases … eligible for Family Sharing. “

Recently I think I ran into the policy limits. All of our family devices use a single iTunes account, but I’ve not run into trouble before. I think Apple has changed more than the Family Sharing policy. I think the new limit applies to wise old timers who’ve always used a single iTunes ID for the entire family (though everyone has their own iCloud account).

There’s no error message, instead my son’s iPhone 5 simply failed to show our Cloud video resources (TV/Movies). It would only show what was on the phone.

This happened after we introduced an i6 to the family. Emily doesn’t want anything bigger than a 5, so she got my 5s. Most importantly #2 finally got rid of his dying 4 in favor of a fairly fresh 5. 

Except the 5 wouldn’t show his Cloud video. They simply weren’t there. Signing in and out of the store did nothing.

So I pulled his old 4 out of the reserve bin and logged out of iTunes there. A few minutes later the videos showed up on his 5.

Looks like we went over the (new) limit. Turns out it’s not simply for Family Sharing, it’s for devices associated with an iTunes account.

In our case we have 6 active iPhones, 1 Apple TV and 3 Apple computers. We seem to be right at the 10 device limit, so #2’s old 4 pushed us over the limit.

It’s not documented but the iTunes App Store account information now provides some info. According to Account info we had 4 authorized computers and 10 devices. The device detail list provides some policy information:

Screen Shot 2015 02 26 at 10 45 36 PM

There’s no additional information on the 4 authorized computers. I know of 3 and an Apple TV. I could reauthorize them all and reauthorize but that’s a bit of a pain.

Interestingly the 10 devices includes 2 computers (should be 3) and doesn’t include the Apple TV or my own phone! It does, however, include several devices no longer in use. I removed all of those, but I needed to figure out why my new iPhone 6 wasn’t on the list.

Poking around with Apple ID on my own phone I saw this: “Enabling Automatic Downloads … or downloading a previous purchase … will associated this device with your Apple ID for use with iTunes in the Cloud”. So I launched a video and updated an app on my iPhone 6 Sure enough, I now show up on the list.

So we are again under the limit — for the moment. Buy some iPads though, and we’ll be in trouble. I think we’re done buying iOS devices for a while. We need to stay under the limit. The limit is likely to fall; the RetinaLock [1] screws are tightening…

… patent pending 2040) RetinaLock™ (Palladium Inside!™). The RetinaLock™ prevents any access to DRMd material by control of visual inputs. BrainLock does the same for auditory, tactile, and olfactory inputs. BrainLock Enhanced™ (mandatory upgrade 2045) makes it impossible to consider any action that would circumvent the workings of the BrainLock™ (thereby ending the trickle of death sentences related to violations of the DMCA amendment of 2043). 

[1] Incidentally, Google couldn’t find that 2005 blog post. Duck Duck Go had it #2 on the list.

Update 2/27/2015: I wonder now if the syncproblems I saw four months ago were related to bugs with Apple’s implementation of this device cap.

Wednesday, February 25, 2015

Aperture 3.5.1 empty project bug - a workaround

Maybe this is fixed in 3.5.2 — but I doubt it. This bug has been around for years.

Periodically Aperture will show a project as empty on opening — event though an image count is displayed and images scroll if you mouse over the project. It’s a dangerous bug, with some configurations it would be easy to accidentally delete an image filled project.

The usual fix is to restart Aperture.

The only other fix I’ve found is to create a truly empty project, then drag the apparently empty project into it. All the images reappear.

Saturday, February 21, 2015

Clearing thousands of Star tags from Gmail - two techniques and notes on Star support in OS X, iOS and Airmail.

Remember Inbox Zero?

Perhaps you’re there. Maybe, by dint of filters, of carefully constructed responses, of terror induced in potential correspondents, you’ve finally achieved productive nirvana.

You’re feeling good about it. Proud perhaps.

I’m here to ruin that. Because beyond Inbox Zero lies Sentbox zero.

In Outlook Sentbox zero means the “Sent” folder has no emails in it save those awaiting a response. They may have a flag that goes red 2 days after initial send. All other Sent emails have been deleted or (most often) dropped into the “keep” bin [2].

In Gmail things work differently. I don’t have/use folders; I make sparing use of a handful of tags. So I need a different way to tag sent emails that are awaiting a response.

There are several ways to “tag” such emails. I could use a Gmail tag/label, or a star, or a priority flag. The Star option is quick and synchronizes well across Google Gmail desktop, on OS X, and on iOS and OS X (alas, Airmail doesn’t quite work [1]). So I went with the Star.

The problem was that I had 4,500 stared emails in Gmail - largely from 2007 and prior. Maybe in those days I used the star? Maybe Google automatically set it? Long ago, but I needed to clear them out.

My web searches for a quick way to clear 4,500 flags failed. using an undocumented? Gmail keyboard shortcuts (edited here):

If you use desktop web UI with shortcuts, search is:starred or whatever and then *a to select all. Gmail then provides a link/offer to select all results, not just those on page. 

Once you’ve selected hitting ’s’ will toggle starred status.

I couldn’t test however, because I’d already used OS X to clear the Stars. In Mavericks maps the Star to a “red” (Default) flag — so I elected all of those and cleared the flag. then updated and cleared the Gmail flags.

No that my Flags are cleared, I can create and clear flags on my Sent emails that are awaiting a response. So now I can implement Sentbox zero-equivalent on Gmail.

- fn - 

[1] My copy of Airmail did not have a STARRED folder mapped to Gmail Star status. I had to create one using an obscure method. Pick any email and “star” it. Assuming preferences has Automap enabled, a new starred folder is created. On restart Starred now shows in the Folders section of the app title bar. Unfortunately it does’t work correctly, items starred in Gmail web app don’t appear in Starred folder — updates are one way from Airmail to Gmail. Fail.

[2] Not filed of course. Subject line is precisely correct and has key words used by search, retrieval will be by metadata search.

Tuesday, February 10, 2015

You can delete Facebook ID and Google ID, but Apple IDs are eternal (also iCloud).

My mother died on Dec 14, 2014. She was fortunate to live in Quebec, which manages the dying process far better than anywhere in the US. It went about as well as it could, and, thanks to all that socialism stuff, she left her family the estate she was determined to pass on. Points for a stubborn woman.

Dying is a complicated business, and I’m only now getting around to cleaning up her online accounts. They are a bit simpler than mine — I had only 3 identities to remove - Facebook, Google and Apple.

Facebook and Google were simple.

Apple — not so much. There is no way to remove an Apple ID, or to remove the associated iCloud data. Apple IDs are eternal.

Sigh. Oh Apple, you get away with so much.

The best I could do was to change her password to something awesomely strong by today’s standards and hope it doesn’t get hacked around 2040 or so.

Wednesday, February 04, 2015

Restoring iOS deleted Contacts: the iTunes method and OS X method

Clark Goble has a solid iOS 9 wish list addressing longstanding half-implemented oddities like Contact Groups. It omits one longstanding product gap though.

There’s no iOS backup feature.

Yeah, I hear your scoff, but iCloud Backup is not Backup. It’s a system clone. If you delete Contacts accidentally, you can’t readily restore Contacts of, say, 3 days before. When my sister accidentally deleted most of her contacts she had no way to restore them from iCloud.

If she’d been synchronizing with iTunes she could have used a remarkably complicated hack: Recovering iCloud contacts, calendars, and bookmarks from an iTunes backup of an iOS device. Honestly, Apple, that’s just embarrassing.

In this case I had a Mavericks account for her on my primary machine that’s linked to her iCloud account (even though she’s never used it). I took the machine off the network and launched her account. Most of her Contacts were there. I created a local Contacts archive backup, did some cleanup, and put the network cable back in. I didn’t need to use my archive backup though — when sync was done she had a complete set again (which is weird, actually, but that’s iCloud).

I’ve read rumors of some sort of Time Machine/Time Capsule support in 8.x for true iOS backup, but that would still require a desktop machine. IOS needs more than system clone backup, it needs real backup.

Sunday, January 25, 2015

Aperture: How can I tell my videos from my stills?

Is that a blurry still to delete or is it a precious video?

Aperture can store both video in addition to still images, but there’s only one way to tell the difference in the usual Project/Album views.

You need to have Badges enabled in your metadata configuration (see official docs or below):

Screen Shot 2015 01 25 at 6 00 55 PM

and in Customize …

Screen Shot 2015 01 25 at 6 01 31 PM

Badges are likely enabled by default, but I wasn’t showing them — perhaps because the UI is so wasteful. Unlike other metadata elements the Badge occupies an entire row of the UI, empty except for the Badge.

If you do enable Badges you’ll want to review the symbols; I don’t see any mouseover tooltip. In addition to Video look for Badges that indicate:

  • Location assigned
  • Referenced image
  • Album pick
  • Stack (number)
  • Keywords applied
  • Adjustment applied (1 or >1)

Friday, January 23, 2015

Make Gmail less painful for obsessives: set Promotions to "Read" status.

You know who you are. When you see a number badge you gotta clear it. When you open Gmail and see “5 updates” in Promotions you have to get rid of ‘em.

Yeah, we need drugs.

But I’ve got something even better. A Gmail filter that sets all email of type “Promotions” to a status of Read. Brief version:

Create gmail filter so promotions auto-read. | Gordon's shares:

enter the value “label:^smartlabel_promo” in the “Has the words” field, then mark as read. Ignore warning. No promotions are easy to ignore, delete at leisure.

For the full story see Stack Exchange. The Stack Exchange article is about recreating the Promotions filter after deleting it, but you can use the same filter logic to set status to Read:

  1. Create a new filter and enter the value "label:^smartlabel_promo" in the "Has the words" field. When you do a sample filter search, that value becomes "category:promotions" automatically
  2. Set action to  “Mark as Read”

When you do this you have to click through a warning message:

Screen Shot 2015 01 23 at 7 42 47 PM

Yeah, Google doesn’t want you to do this. When you’re done you get:

Screen Shot 2015 01 23 at 7 42 07 PM

You could also send all Promotions to the trash of course. I may yet do that, but for now I ignore them until I get the urge to select all and delete.

Now if only I didn’t have to do shift-click on edit subject then shift click to get Compose Window floating for every ding-dang email reply.

Sunday, January 18, 2015

AVI video files in 2014 on the Mac -- you should probably convert them while you can.

In the process of slogging through an unexpected iMovie migration, I came across some old AVI files that iMovie 2013 basically swallows and hides. 

I dug them out of the Package and started searching for AVI conversion tools (bear with me, I’m out of video practice). Google returned pages of spammy looking hits marketing suspiciously “free” third party tools. 

That’s a clue folks. It typically means a market segment has died because Apple has made it part of OS X. Sure enough, FaceTime in Mavericks and later now converts most AVI files (AVI is a container, the real problem is the funky video compression standards inside the container) to .mov.

I experimented with one old AVI file — the original (low res) 40MB camera clip becomes a 64MB quicktime .mov file with H.264 compression and Microsoft ADPCM audio (I wonder if that was unchanged from the AVI file). The 50% growth is typical of migrating from one lossy format to another lossy format — it would be quite bad news if .mov file were the same size as the AVI file. That would indicate too aggressive compression.

I played the converted file back in QuickTime (Mavericks) and the original in QuickTime 7 and they didn’t look too different. Not bad. (As noted below I actually have Quicktime Pro 7. I’m not sure AVI files play in QT7 without the now defunct Perian plugin).

You can’t control the codec or parameters QuickTime Mavericks/Yosemite uses for conversion, for that you can try QuickTime 7 Pro ($30, I suspect part of that is for licensing codecs). Yes, it’s on the App store! First you download the Snow Leopard installer (works on Mavericks/Yosemite) then you pay. I was about to buy it, but then I thought I should check I didn’t already own it. I bought it in 2008 (!). I really should use it a bit more often.

You can also use Handbrake to convert AVI files, or VLC to view them.

I really need to convert those old files; conversion is only going to get harder. However, it’s weirdly good that QT Pro from Snow Leopard still works and is still sold on the Apple store. So we have a bit of time.

See also

General refs on AVI  

Older posts of mine on the horrors of video codecs and compression — there’s been limited progress since 2008

I migrate from iMovie whatever to iMovie 10/2013 whatever and of course it hurts

Screen Shot 2015 01 18 at 9 12 46 PM

Dilbert, 4/14/94

In retrospect, things started to go wrong for Apple 9 years ago. Back then Apple’s iPhoto, iMovie and iTunes were all running pretty well on Leopard. Then Apple jumped from iMovie HD 6 to “iMovie ’08”, a complete reboot and major regression. Since then we’ve lived through a series of half-baked regression-heavy reboots all too reminiscent of SONY’s Spiderman. There’ve been reboots of FinalCut, iWork/Pages, iPhoto and now Aperture/…

Oops. I forgot iTunes. It gets randomly rebooted yearly.

Three years after iMovie ’08 Apple recovered most of the lost ground with iMovie ’11. Which was then followed by iMovie 10, another reboot with feature regressions.

Yeah, Apple went from “’08” to “’11” to “10”, sometimes called “2013”.

I picked up iMovie 10 as an automatic update — I don’t use iMovie all that much (it’s been a discouraging ride) and I didn’t realize the product had had yet another reboot. So when I launched it yesterday to work on my daughters dance performance it took me a while to realize I was in a world of hurt. iMovie 10 has a new file structure and Apple cut a few corners on the migration tools - particularly for Libraries located on external drives.

The conversion and recovery process was too painful to recount here, but here are a few of things that might help if you’re trying to figure this out:

For my conversion I did the “Update Projects and Events” twice. I first did it for the Projects and Events in my iMovie folder. Then I moved my external (large capacity) files to the root of an external drive and repeated it. Once the new Library Package is created you can move it wherever you want.

I then compared what I had in the old Projects and Events folders to what I saw inside the new Packages. When I was convinced those lined up I tested viewing each movie/video. I found a number of problems that I was able to fix with iMovie by changing metadata and creating events.

I also ran into a curious problem where one Project seemed to have pieces in two Libraries. The fix for that included creating a new empty Library and moving events one at a time into it from a damaged Library. There doesn’t seem to be any Library rebuild/repair function.

There’s a native menu option for moving Events between Libraries, so one can theoretically move them from an SSD to an external drive and vice-versa.

Good luck!