Friday, April 22, 2016

Apple Touch ID is dangerous.

Many iOS apps, including Apple secure Notes and banking apps and 1Password.app and Apple Pay provide an option to use Touch ID for authentication. Apple makes much of the security advantages of Touch ID.

Sometimes Touch ID fails to recognize your finger. That’s no problem, you can repeat that finger recording, or you can add another one. All you need to know is your iPhone’s unlock code.

All anyone needs to know is your iPhone’s unlock code. With it can add their own finger, and unlock anything that was Touch ID enabled. In my testing on Apple’s secure Notes a fingerprint added after a Note was created opens the Note.

So Touch ID is only as secure as your iPhone’s unlock code. Which, even with Touch ID enabled, you have to enter too often. So you probably make it short and tappable so you can do that.

Yeah, once you enable Touch ID on your bank account, you’ve basically changed its password to your iPhone’s conveniently short and tappable unlock code.

Touch ID is dangerous.

Monday, April 18, 2016

Force Mac Chrome to open for a specific user profile - as of April 2016

I’ve been trying to get Chrome to open in one of my 15 user profiles since at least 2012. I have visited an open SuperUser question on this topic for four years. Today I added a method that work — for this moment:

As of April 2016 on Yosemite I was able to locate Google Apps for all of my 15 Google Profiles (yes, 15). Some were in ~/Applications/Chrome Apps, though we have been told these are going away [1].

To find all of them however I had to do this:

Go to ~/Library/Application Support/Google/Chrome.
In Spotlight search on kind:app
Find 300kb "Applications" with names like Gmail (username).
Copy the ones you want and rename them, then put in your Applications folder of choice.

All victory is transient, but Sisyphus is ahead most of the time.

Scrivener - the book compiler. Review.

I'm using Scrivener to write Smartphones for All - Using iPhone and Android to build independence for atypical minds.

It’s brilliant software. On my Mac it uses the same text editing engine as TextEdit, including the same RTF format. So, like the Nisus Writer I once used, my writing is indexable by Spotlight and almost as future-proof as plaintext. (I thought RTF was dead. Guess not.)

Apple’s text engine has its share of bugs and limitations, but for basic text work it’s good enough. The primary weakness is table layout, but so far I’ve worked around that.  Scrivener manages the tasks TextEdit can’t do, like page references, footnotes, internal links, document structure and the like.

The real brilliance though is how Scrivener merges concepts of software code management with the traditional word processor. It treats text blocks as though they were blocks of code, including simple version management and “compiling” to multiple output formats (PDF, EPUB, etc). Rather than use some horrid database store, Scrivener leverages native Mac file structures to manage its data. Extra brilliance points for that.

On this compile framework Scrivener layers a rich set of power user features. The latter, I admit, can be overwhelming. I recommend learning the basics from the initial tutorial, then start writing and learn additional features over time.

All software dies. One day Scrivener will die too. But with the ability to complete to multiple formats, and the use of native file system semantics and RTF data, Scrivener is as future proof as any power tool can be [1].

[1] Scrivener’s design is a guide to how photo management software should be built. Please, someone do this.

Thursday, April 14, 2016

The new and old and obsolete and confusing ways Mac OS X starts code running.

Windows added uninstallers at least 15 years ago. MacClassic OS didn’t need them, but Mac OS X sadly does. Indeed, it needs them more as MacOS gets more complex and less well documented:

… The difference between an agent and a daemon is that an agent can display GUI if it wants to, while a daemon can’t. The difference between an agent and a regular application is that an agent typically displays no GUI (or a very limited GUI).

… Agents run in a user context; daemons are userless and purely background, without any access to a window server or other user state. That’s why the daemon vs agent distinction in the Library folder names …

… once comprehensive daemon/agent doc was last updated in 10.5 after initial authoring for 10.4

Without an uninstaller we end up doing a hunting expedition when weird things happen. Code that starts automatically is particularly hard to track down. I wrote this post as a reference for me, drawing from a few Super User and other posts:

 This list of places to look comes from the above, some of these are extremely obscure and some may not longer be used.

  • User Login Items (~/Library/Preferences/com.apple.loginitems.plist)
  • ~/Library/LaunchDaemons
  • ~/Library/LaunchAgents
  • ~/.bash_profile
  • /Library/LaunchDaemons
  • /Library/LaunchAgents
  • /Library/StartupItems
  • /System/Library/LaunchDaemons/
  • /System/Library/LaunchAgents
  • /System/Library/StartupItems
  • /Library/Preferences/loginwindow.plist can have Login Items that apply to all users
  • /etc/profile
  • /etc/mach_init.d/
  • /etc/rc/ and /etc/rc.local - totally unsupported, and not created by default (but probably still work)
  • Network/Library/LaunchDaemons, but I don’t know)?
  • /etc/mach_init_per_login_session.d/ and /etc/mach_init_per_user.d/
  • cron launched @reboot items (yes, cron is still there), this might even work for everyone’s crontabs
  • /Library/Security/SecurityAgentPlugins that have been loaded by being listed in the proper spots in /etc/authorization
  • /private/var/root/Library/Preferences/com.apple.loginwindow.plist, in the LoginHook key (runs as root, passed the username)MCX (WorkgroupManager) login hooks (runs as root, but passed the username) note: below this network home directories are more reliably available, as is a connection to the WindowsServer
  • MenuBar items from ~/Library/Preferences/com.apple.systemuiserver.plist and /Library/Preferences/com.apple.systemuiserver.plist (+MXC added items)
  • /Library/Preferences/loginwindow.plist, in the key (array of paths) AutoLaunchedApplicationDictionary (everyone gets this launched at login, runs as user) (+MXC added items)
  • LoginItems (generally GUI items) ~/Library/Preferences/com.apple.loginitems.plist and possibly /Library/Preferences/com.apple.loginitems.plist (have not tried) (+MXC added items)

Some terminal commands can help figure out what’s running:

launchctl list

2BUA8C4S2C.com.agilebits.onepassword4-helper
ch.tripmode.TripMode.169864
com.bombich.cccuseragent.132660
com.google.Chrome.44620
com.google.GoogleDrive.49732
com.google.keystone.system.agent
com.red-sweater.crashreporter.63648
com.red-sweater.marsedit.6280
com.synology.CloudStation
com.synology.CloudStationDrive
org.openbsd.ssh-agent
ws.agile.1PasswordAgent

When I edited my ~/Library/Preferences/com.apple.loginitems.plist I found references to 4 3 apps and a server, including one I removed 7-8 years and 3 machines ago:

  • LaunchBar.app
  • /Volumes/Molly_Internal
  • /Applications/Dropbox.app
  • MagicPrefs.app

I doubt they did anything, but I edited them out anyway.

Software ages like people, with increasing mutations and unhelpful complexity. OS X is late middle age, it’s been through many handoffs, each taking its toll …

See also

Wednesday, April 13, 2016

Mac thunderbolt 2 drive dropping -- remember ScanSnap AOUMonitor and don't touch Amazon Cloud Drive.

After months of reliable use my Elgato Thunderbolt 2 hub is dropping my USB3 external SSD; just like the OWC T2 hub did in my initial testing.

We know Yosemite (and El Capitan) have issues with Thunderbolt hubs; there’s something frail in Apple’s infrastructure [1]. But it had been working… So after power cycling everything [3] it’s time to look for things that have changed recently.

The first place to look is my Login items. I find something called “Mountain”. It’s missing though. Weird. Part of something I’d tried then removed. Deleted that.

I also find AOUMonitor. That would be related to my recent ScanSnap update. Sounds familiar, so I use my Google Custom Search for everything I’ve published. I find Managing unwanted Mac startup apps: ScanSnap’s AOUMonitor and Citrix Receiver. Bang. AOUMonitor is a known bad actor. Delete it.

Next is Google Drive. It’s known to cause problems, but I’m still hooked on it and it’s an old-timer. Despite Google’s decreasing interest in iOS and OS X [2] I have to leave it.

But where’s Amazon Cloud Drive? It’s a newbie that’s also launching automatically. The fact that it’s absent from Login Items tells me it’s poorly written. Over to LaunchDaemons.

System Library\LaunchDaemons looks all Apple — as it should be.

Users\Library\LaunchDaemons has CCC (ok), Office (licensing and update, ugh), Skype (huh? - deleted!), Google keystone (old, part of their update infrastructure I think), TripMode (? delete for now), Barebones (trustworthy).

Users\me\Library is a bit odd.  Instead of LaunchDaemons we have LaunchAgents (really Apple?) [4] and no Startup Items. In LaunchAgents I find simple plists for Synology CloudStation (yeah, I’m suspicious of that one, but need it for now), 1Password (need it), Safari (ok I guess) and com.imobiesilentcleanserver.plist. The last was probably left over from testing imobie’s iOS cache cleaner (didn’t work), so I deleted it.

Alas, I still can’t figure out how Amazon Cloud Drive is starting up. Now I really want to kill it. Google is no help (which is another bad sign). Looking at Log files it looks like ACD is using some .NET infrastructure and it’s generated about 15 Console crash logs. 

Amazon Cloud Drive is a bugger to purge. EasyFind finds a folder in .local/share — yeah, a hidden directory. There’s app.com.amazon.clouddrive.mac.installer.playlist in friggin’ /private/var/db/BootCaches/2B1FD298-BBE8-4207-B1B0-ED420A2DAD74. There’s crap in Application Scripts, Application Support, and too many to mention. Try searching on “Amazon Cloud Drive”, “amazon.clouddrive” and so on. Take your time. 

Really, don’t touch Amazon Cloud Drive. Now I’m getting DOS TSR flashbacks in addition to my SCSI flashbacks.

Lastly, a safe boot to clear caches and then a restart. Now we’ll see what happens. I never did find what was launching Amazon Cloud Drive, but my Console isn’t showing any “Amazon” messages.

- fn -

[1] I’m getting PTSD flashbacks to MacOS Classic and SCSI chains.
[2] Apple is not doing well. 
[3] I’m going to start routinely power cycling my peripherals — they can go weeks without cycling whereas my Air gets cycled every week or two. 
[4] Update: jws explained -  "The difference between an agent and a daemon is that an agent can display GUI if it wants to, while a daemon can't. The difference between an agent and a regular application is that an agent typically displays no GUI (or a very limited GUI)… Agents run in a user context; daemons are userless and purely background, without any access to a window server or other user state. That’s why the daemon vs agent distinction in the Library folder names…

Tuesday, April 05, 2016

iOS 9.x spotlight bug explained: It's the RAM.

Spotlight has been failing for me since I updated to iOS 9 - no results appear. It got much worse with 9.3. Force-quitting background apps, especially Reeder.app,  helps. It acts like a limited RAM bug, but I think there are ways Spotlight may fail.

From Apple Discussions it doesn’t hit devices with 2GB of RAM, it’s a problem for 1GB devices with lots of indexed content and/or memory hogging apps.

Jason Heiser has figured out what’s wrong (emphases mine). It’s a capacity/RAM problem:

Apple discussions April 5, 2016

My iPhone 6 updated to iOS 9.3.1 an hour ago and Spotlight Search is still broken for me.

I downloaded iOS Console and looked at the console output when trying to perform a Spotlight Search. Here is what I saw:

Apr 5 15:42:18 jPhone searchd[286] : (Error) IndexGeneral in si_playBackMobileRecords:2343: played back 0 records
Apr 5 15:42:19 jPhone searchd[286] : (Error) IndexGeneral in si_playBackMobileRecords:2343: played back 0 records
Apr 5 15:42:19 jPhone diagnosticd[83] : unable to find offset 0x81448aac in shared cache for arch 'arm64'
Apr 5 15:42:19 jPhone diagnosticd[83] : unable to find offset 0x814467cc in shared cache for arch 'arm64'
Apr 5 15:42:19 jPhone diagnosticd[83] : unable to find offset 0x81649da8 in shared cache for arch 'arm64'
Apr 5 15:42:19 jPhone diagnosticd[83] : Invalid offset 2170854824 into shared cache for arch 'arm64'
Apr 5 15:42:19 jPhone ReportCrash[288] : platform_task_update_threads failed 1
Apr 5 15:42:19 jPhone ReportCrash[288] : Formulating report for process[286] searchd
Apr 5 15:42:19 jPhone ReportCrash[288] : report not saved because it is non-actionable
Apr 5 15:42:21 jPhone UserEventAgent[26] : jetsam: kernel termination snapshot being created
Apr 5 15:42:21 jPhone ReportCrash[289] : Saved type '298(298)' report (2 of max 25) at /var/mobile/Library/Logs/CrashReporter/JetsamEvent-2016-04-05-154221.ips

According to this, the searchd crash log is not being saved because it is "non-actionable." However, a log for "JetsamEvent" is being created at roughly the same time. I looked at this file on my iPhone and JetsamEvents appear to be a low-memory (RAM) issue. Here is the top portion of the crash report.


{"timestamp":"2016-04-05 15:42:21.21 -0500","bug_type":"298","os_version":"iPhone OS 9.3.1 (13E238)"}
{
"crashReporterKey" : "88540025a9600afa364c269a2c5bc8a91370b1ca",
"kernel" : "Darwin Kernel Version 15.4.0: Fri Feb 19 13:54:49 PST 2016; root:xnu-3248.41.4~28\/RELEASE_ARM64_T7000",
"product" : "iPhone7,2",
"incident" : "D0ED493F-7687-49D9-AFB9-BEE80BD93082",
"date" : "2016-04-05 15:42:21.21 -0500",
"build" : "iPhone OS 9.3.1 (13E238)",
"timeDelta" : 95,
"memoryStatus" : {
"compressorSize" : 50489,
"pageSize" : 4096,
"compressions" : 824422,
"memoryPages" : {
"active" : 101577,
"throttled" : 0,
"fileBacked" : 37711,
"wired" : 49311,
"anonymous" : 114469,
"purgeable" : 0,
"inactive" : 48272,
"free" : 2459,
"speculative" : 2331
},
"uncompressed" : 172172,
"decompressions" : 362924
},
"largestProcess" : "searchd",


According to this, the "largestProcess" was searchd when the crash report was generated. Further down in the crash report is searchd's information:


{
"rpages" : 129777,
"states" : [
"daemon"
],
"name" : "searchd",
"pid" : 286,
"reason" : "highwater",
"fds" : 100,
"uuid" : "7b301993-286d-3da5-a497-b729984d3229",
"purgeable" : 0,
"cpuTime" : 2.481274,
"lifetimeMax" : 84765
},

Apparently the maximum for searchd is "84,765" but it reached "129,777." The reason is "highwater" which I assume means searchd exceeded its RAM allotment. So maybe my Spotlight index is too large. Too many iMessages, too many songs, too many emails... Who knows.

The "report not saved because it is non-actionable" for searchd's crash report is worrisome. I fear this bug is nowhere on Apple's radar. We might be marginal outliers without recourse for a long time.

There are two workarounds for the bug:

  1. Force-quit background apps — may help free RAM. Try again.
  2. Siri works for launching apps even when spotlight fails.

I think setting all Spotlight indexing option to On helps — I have a feeling there’s a bug with rendering results that is worse if the rendering process has to manage exclusions. Restarting your phone daily probably helps too.

Saturday, April 02, 2016

iOS 9 secure notes with Touch ID are no more secure than your device passcode

If you enable Touch ID access to an iOS 9.3 Note.app Secure Note, the password on the note doesn’t matter. The note is no more secure than your device passcode.

Because if you know the device passcode, you can just add a new fingerprint to Touch ID. That will unlock the secure note.

So if you want to truly secure a Note with a strong password you can’t enable Touch ID access. Otherwise you might as well leave the note unsecured. You are better off using a strong password for your phone and using Touch ID for fast phone access.

Sunday, March 27, 2016

Bandwidth use over 5 min video call: FaceTime << Facebook Messenger < Skype

As part of my Father longterm care iPad videoconferencing project I compared cellular data use during an approximately 5 minute videoconferencing call made from my iPhone (LTE) to an iPad Air 2 (WiFi). To measure data use I “reset statistics” for Cellular data before, then refreshed the view after concluding the call. I turned microphones off.

The results were:

FaceTime: 7.5MB (repeated, this is correct)s

Messenger: 32MB

Skype: 46MB

FaceTime gave the best image quality. The data use with FaceTime was so low I repeated the measurement with a similar results. Data use can vary with image activity by up to 25%.

I was very surprised by my results. FaceTime had excellent image quality despite exceptional compression. Skype is a real data hog.

The user interfaces were quite similar; names on the left, a details pane on the right. I liked Messengers easy messaging integration, but FaceTime was a 1 touch call from the left side.

My sister and I can do FaceTime, but my brother has an Android phone. I’ll suggest he try Facebook Messenger as he uses Facebook and the data usage was less than Skype.

Saturday, March 26, 2016

Can I send an iTunes gift card to someone in another country? How about buy an app through iTunes?

No.

At least not as far as I can tell between the US and Canada. Unless you have both an Apple ID and a credit card and a billing address in the other country.

In my case I’m trying to buy Picmatic.app, a $2 app, for my father’s (Canadian Apple Store) iPad. I think the only way to do this from the US is to have someone in Canada buy an iTunes gift card (contrary to Apple’s weirdly dated online documentation this works for apps too) and send me the card number. Then I can enter the information.

I don’t think I can buy an iTunes Gift Card in the US and use that; cards are country store specific and Apple IDs are country specific (changing countries is a royal pain — yeah, DRM sucks).

Anyone know differently?

Father longterm care iPad videoconferencing project: Securing the iPad

My father has been doing well in a Quebec long term care facility for veterans (in Canada that has historically meant WW II, he’s in his 90s). Things are getting tougher though — the facility is shifting from federal to provincial control. Great staff are leaving and programs will be stressed.

I see him every 3-4 months, but in between I was surprised how well Skype worked with him. He does much better speaking when he can see me than he does on the phone. It seems to be related to knowing when to try speaking and when to listen. He also seems to hear Skype sound better than mobile phone sound. (It’s likely much higher quality.)

Even with the old regime though the Skype conferences often failed. Tech complexity and organizational issues forced us to discontinue them.

So now I’m going to try bringing him an LTE iPad Air 2. I’ll get a Rogers SIM card when I visit in a few weeks and we’ll see if it works from his room. If all goes well it will cost him an extra $10-$15/month — and the iPad cost [1].

Dad’s lost a few wallets from his room. I think most longterm care facilities see this kind of problem. Visitors can have issues. So we need to secure his iPad. Other than photo display I think he’ll only be using it for conferencing. So it needs to be secure [2], continuously powered up, stored somewhere he can sit, and not take up much room. The secure device needs to leave speakers and camera clear.

After some thought I ordered the $33 CTA Digital Universal Anti-Theft Security Grip with POS Stand for Tablets - iPad Air 2, iPad mini 4, Galaxy Tab, Note 10.1, 7-10-inch Tablets (PAD-UATGS) (grip and stand). It seems solid enough, it will keep the iPad off his desk, and there are screw holes (but no screws included). It may screw into his (antique) desk, but, even though it’s not shown in the picture, the lock comes with a cable. So I might be able to secure it to his desk in a less damaging and harder to remove way.

Of course the iPad Air 2 is way too thin for this device. It flops around. There’s supposed to be an included adapter strip, but mine was missing. I don’t think it would have worked — this home made setup seems a lot better. I had some TrueValue gripping pads (549104, TV23148) lying around…

IPadSecure3

I put those inside the corner retainers:

IPadSecure1

and it works pretty well:

IPadSecure2

So the first step is complete. Next step will be to test some of the conferencing options for data use and usability with various iPad accessibility features enabled: Skype vs. FaceTime vs. Facebook Messenger (Hangout is not very useable.)

I don’t expect Dad will use it by himself, we’re hoping a friend who helps with him will get things set up. I want it to be useable for them though.

- fn -

[1] (Rant) Incidentally, the iPad Air reminds me what a mixed bag Apple is these days. Nice device in many ways, but when I brought my mother an iPad six years ago one of the features she loved most was it could be used as a high quality digital photo frame. It was easy to launch from the lock screen. She loved that.

So, of course, Apple pulled it from the lock screen around iOS 7 and then ditched the replacement with iOS 9. There’s exactly one half-decent alternative, an app called Picmatic. Not to be confused with spammy copycat apps of the same name in the kinda broken App Store.

I don’t know if Apple is merely senile, or if the app had to be reworked for iOS 9 and it got ditched in a last minute panic to get that half-baked release out the door. Either way, the good news is that now that Ive has retired there’s only Cook to launch.

[2] Would it have killed Apple to incorporate some sort of secure lock feature in the iPad? Ok, yes, it would have.

Synology Time Machine backups: How to increase a user quota

After my Synology NAS updated itself to version 6 one of my Time Machine backups stopped working. It might have been coincidental. Time Machine claimed I only had 350GB free and it needed 1TB, but Synology claimed I had enough free space.

Whatever.

The fix was to increase the quota size for the user who owned the Time Machine disk image belonging to my MacBook Air.

Except I couldn’t do it. I could edit the user easily, but the quota information couldn’t be edited. Clicking on the row did nothing. 

Click-click.

Google helped. It’s a UI issue. There’s nothing in Synology’s UI to tell you to click specifically on the quota number. If you do that you can edit it.

It’s probably a good idea to turn Time Machine backup off while you’re doing this. In any case it’s fixed my problem.

How to update Synology Cloud Station Server Clients (Cloud Station Drive) after Synology NAS 6.0 update

Looking back, 2009 was kind of a bad year. Somewhere around then we were in the tail end of the Great Recession, Google had turned Evil, and, in retrospect, Apple’s glory days were behind it.

I miss the old Apple. It wasn’t perfect, but it shielded me from a lot of hassles. Like dealing with the complexity of my Synology NAS.

I bought the NAS because Apple’s Time Capsule is broken. Next I started using it as a post-server replacement for Apple’s perennially broken network shares. That’s all I bothered with. I didn’t want to bother my NAS, and I didn’t want it to bother me.

Then, inevitably, there was an update. It took me a while to figure out that Control Panel:System:Info showed the version number: DSM 6.0-7321

Oh, great. A complete version update. I #$@$#!# never install those. I’d turn off auto-update, but at this point the damage is done. I’m going to need the big bug fixes; I’ll turn it off in a month or two.

Meanwhile both Time Machine and my Client-Server NAS file sync are broken. I’ll fix Time Machine next, this is about fixing the file sync.

Notice I’m not naming the file sync? That’s because Synology, a Chinese company, uses English words inconsistently. They add and remove “Cloud” to everything and seem to move software names between products on a whim. I think I’ve seen File Sync, Cloud Station Drive, Cloud Station Sync, Cloud Station Server and Cloud Station Client used to refer to similar or identical things.

What I wanted was to update “Cloud Station Drive” running on my Mac, which is actually Cloud Station Server Client, to a version compatible with “Cloud Station Server” running on my Synology NAS. Notice neither of these actually have anything to do with a “Cloud”, they’re both LAN specific.

This document helped: Sync files between NAS and computer Network Attached Storage (NAS)

 Here’s what I did:

  1. Quit outdated client on my Mac.
  2. Start Synology Assistant to locate FLNAS (IP Address), open it.
  3. Go to Package Center, All, find Cloud Station Server, click Open (alt: click the four-square-icon next to question mark to see running apps)
  4. Click Overview (sometimes this is empty, quit and start over again)
  5. Download Cloud Station Drive
  6. Install

It seems to be working. I’ll use the DMG to update my other machines.

Next up: Fix Time Machine. It and Synology are disagreeing about how much space is free in the user-quota for my MacBook Air …

Tuesday, March 22, 2016

Using iOS 9.3 Notes.app to safely store passwords and other credentials

I wrote this as part of a book project aimed at caregivers for special needs teens and adults, but the recommendations work for most non-geek users. The trick is printing copies of the Note; it’s too easy for an errant edit to delete credentials. Of course one could also store PDF copies on an appropriately secure encrypted drive or drive image, but that’s way outside the scope of these recommendations …

Managing Explorer credentials with iOS 9.3 Notes.app and Android alternatives

Guides need to create “strong” passwords for Explorer email accounts, bank accounts, Amazon accounts and the like. One way to create a strong password is to combine two randomly selected words form a dictionary, capitalize one or two letters, and mix in some numbers and a symbol like $#&:;. Avoid letters and numbers that can be confused with one another, like l and I or O and 0.

There’s no way any of us can keep secure credential information in in our heads. We have to write it down, and, because you really don’t want to lose password information, you need to have two copies.

The two copies also need to be in different places. Why two places? Well, imagine that you’re storing your passwords on your phone. One day you need to unlock your phone, but you don’t remember the phone password. If the passwords are only on your phone you won’t be able to get to them. Even if your phone is backed up the backup won’t help you, because you won’t be able to restore it without the phone password.

…1Password is too complex for most Guides and Explorers though. What about just keeping credentials in a Note on your smartphone?

If a Guide is using and Android smartphone this can be a risky option. As of early 2015 many lower cost Android smartphones are not truly secure. Google’s Note application, Keep.app, doesn’t support Note encryption. So on an Android device I’d recommend using 1Password.app or one of its competitors — unless you are confident the Android device uses strong encryption and it is secured with a strong password.

If a Guide is using an iPhone with iOS 9.3 or later Apple’s Notes.app is a good, simple way to store an Explorer’s credentials. The iPhone itself has quite good security, and you can create an additional Notes.app password and use it to lock one or more individual Notes. iPhones that support TouchID (fingerprint unlock) make it easy to access locked notes. Just be sure to add the Notes.app password to your document and to print out the Note when it changes.

This approach is simple and secure, and it’s safe as long as a Guide keeps printed copies. It’s easy to accidentally delete critical information when editing a Note, and of course phones get lost and broken. Paper backups are reliable.

There’s an additional important advantage of printed backups. When someone becomes disabled or dead their family will really appreciate the printed copy.

Friday, March 11, 2016

Airport Utility: How to load an external configuration file for a brand new AirPort Extreme

The AirPort Utility tries too hard to be friendly. It wants to do some fancy migration from an older device that’s running, but I’d already exported that configuration file and removed it. Everything was connected, I just wanted to import the configuration file.

I couldn’t!

The trick, of course, is the option key. Cancel out and look for “Other Wi-Fi Devices”. Option-click the new one. You get a ‘power user’ interface (same one with option clicking any device in AirPort Utility). Now you can import the .baseconfig file you exported previously.

It came up perfectly, except it had some odd default password initially. I changed it to my admin password and updated.

Wednesday, March 09, 2016

My 2014 AirPort Extreme just died.

I liked the ME918LL/A AirPort Extreme for 17 months. It covered most of our house with a single device and it was pretty reliable. Around 17 months it started to spontaneously power down. I suspect an issue with the power supply, Apple has a long history of wonky power supply problems.

I wouldn't be surprised if there's eventually a recall program. I purchased it with an AMEX card, so I’ll now see how good their extended warranty program is. (It used to be quite good, but AMEX has outsourced the program. If it fails me on this one I’ll deprecate my AMEX card.)

In the meanwhile, sadly, I’ve ordered another Airport Extreme. (Sigh.) I really couldn’t find a better option — Eero is quite expensive, unproven, and it comes from a startup that’s got a 20% chance of surviving. Google's hardware is outsourced and of unproven quality.

Apple’s Airport Express has a great reputation of reliability. If you can make do with the Express I’d recommend it over the Extreme. If you live in a country that mandates 2 year warranties then the Extreme is a good buy. If you live in the US either use an extended warranty credit cards or pay extra for Apple Care. Once you add the Apple Care costs the Extreme is more expensive than Google’s router.

Yes, WiFi services suck. They really shouldn’t. I need an electrical engineer to explain to me why so many of my WiFi solutions last 1-2 years. (I have a 6+ yo Airport Express still running …)

PS. Interesting that Amazon no longer sells the Airport Extreme or the Express. I had to buy direct from Apple.