Spotlight will index your Time Machine backup disk

I caught my MacBook's fan noise, so i looked to see what was sucking CPU.

It wasn't, surprisingly, Flash. The MacBook was trying to index the backup drive attached to my Time Capsule upstairs, even as it did its routine Time Machine backup to the remote image.

I'd seen that on other machines, so I knew the fix. I added the remote mounted backup drive to my Spotlight Preferences Privacy tab. The fan spun down a few minutes later.

It's a surprising behavior. Does Spotlight also try to index a TM backup on a physically attached drive? Obviously this kind of indexing is pointless, just a waste of bandwidth, storage, CPU and power. I'm surprised it's not been fixed.

Update 6/22/11: There are odd consequences with doing this, esp. in 10.5. This 2008 discussion is interesting -- TUAW Tip: exclude your Time Machine disk from Spotlight indexing and 10.5: Spotlight and the Time Machine disk - Mac OS X Hints

OS X Parental Controls Review - State of the art in OS X 10.5 and 10.6

Apple has recently updated their OS X Parental Controls documentation for 10.5 and 10.6. It will be interesting to see if they improve Parental Controls with 10.7(Lion).

The only good thing I can say about the current generation of OS X Parental Controls is that they're an improvement on the non-existent Parental Controls in iOS.

Below is a summary of the current controls documentation, followed by notes of my own. I appreciate the irony that, as the father of a vulnerable child, I share the same agenda as China's totalitarian Party (emphases mine) ...

Mac OS X v10.5, 10.6: About the Parental Controls Internet content filter

The Internet content filter can operate in three modes: unrestricted, automatic, and whitelist.

When "Allow unrestricted access to websites" is selected, the Internet content filter logs websites that the account visits but does not restrict Web browsing. Visited websites are still logged and can be examined in the Logs tab of Parental Controls preferences.

When "Try to limit access to adult websites automatically" is selected, the Internet content filter does its best to block websites with inappropriate content. To do this, the Internet content filter uses the same technology that the Mail application uses to identify "junk" mail. The Internet content filter can identify, with a high degree of accuracy [!], whether a Web page is safe or not by examining various properties of the website including text and structure.

Additionally, the Internet content filter will block a website if the website identifies itself as adult-oriented using RTA (http://www.rtalabel.org/) or SafeSurf (http://www.safesurf.com/ssplan.htm) rating systems, as well as forcing "safe" searches with some search engines.

In this mode, the Internet content filter logs all visited and blocked websites, and flags them as such in the Logs tab of Parental Controls preferences.

In certain situations, the automatic Internet content filter may mistakenly block a safe website or allow an adult-oriented website. For example, if the website uses an uncommon language or if there is very little text on the page. These websites can be identified in the Log tab of the Parental Controls preference pane and added to the "Always Allow" or the "Never Allow" lists. These lists can also be accessed by clicking the Customize… button in the Content tab of Parental Controls preferences. Websites that are mistakenly blocked can also be allowed by clicking the "Allow…" button on the blocked web page and authenticating as an administrator user.

https note: For websites that use SSL encryption (the URL will usually begin with https), the Internet content filter is unable to examine the encrypted content of the page. For this reason, encrypted websites must be explicitly allowed using the Always Allow list. Encrypted websites that are not on the Always Allow list will be blocked by the automatic Internet content filter.

If "Allow access to only these websites" is selected in Parental Controls, the Internet content filter blocks any website which is not on the list. When the blocking web page is presented, a list of allowed websites is also shown. If using Safari, allowed websites are displayed as bookmarks in the bookmarks bar.

Note: For most websites, the Internet content filter considers the domain name and not the path. For example, if http://www.example.com is added to the list, then http://pictures.example.com will be allowed, as will http://www.example.com/movies.

In whitelist mode, visited and blocked websites are flagged in the Logs tab of Parental Controls preferences and can be added or removed from the whitelist there.

The documentation is incomplete (I gave it a rating of "2"). Some additional notes and references:

• Safari history cannot be deleted in the most restrictive mode and in that mode preference changes are limited as well. It can be deleted and preferences can be edited in other modes.
• The documentation false claims about the accuracy of content blocking, and of course images cannot be managed (emphases mine).
• A user account must be closed (user logged out) for content rule updates to be applied.
• Because of the various measures Google takes to evade censorship by authoritarian governments their services are a poor match to Parental Controls. Bing is much more dictator friendly, so I block all Google services and allow Bing.
• OS X Parental Controls settings and logs can be managed from a remote admin account (see references below).
• It is most convenient to allow and block sites while reviewing the log file records.

It's easy to find problems with OS X Parental Controls, but I don't expect much improvement -- even with all the world's dictators on my side. For example ...

1. There's no customer demand for improvements. I think most parents are quite unaware of what most adolescent males do on the web, and I think they prefer to remain unaware. This is not necessarily a bad solution for most adolescents and parents; not all children are equally vulnerable.
2. Technologies for evading monitoring, ensuring security, and protecting privacy also block Parental Controls.
3. Engineers without young children don't like Parental Controls, not least because of how the technologies can be misused. Working on Parental Controls is unlikely to be a career move at Apple.
4. These are hard problems because of the way the Internet is structured, and because content providers are actively trying to evade Parental Controls either because they want to facilitate adult access or because they are seeking vulnerable people to exploit.

See also (mostly Gordon's Tech):

• Parental Controls - The wikipedia problem solved (11/2009)
• OS X Parental Controls: The https bug and our family Google Apps services (4/2010 - I later gave up on all Google services on a parental controlled account)
• Parental Controls - Remote Access and other tips (1/2010)
• Parental controls: Apple and Google joint fail (6/2010) - Back when I was trying to get Google services to work. I later returned to Parental Controls without Google.
• Apple's Parental Controls: Never more broken than with Apple's MobileMe (7/2010) - Totally incompatible, maximally ironic. I bet iCloud will be no better.
• Gordon's Notes: Google's ad platform is a gaping hole in iOS parental controls
• LEGO Digital Designer is pure evil on OS X (protocol blocked by parental controls) - 11/2009
• Can't select Jabber or Google Talk for iChat? Here's one reason. (5/2009 - don't know if this was fixed)
• Apple's iPhone parental controls are completely broken(9/2010) - I bet iOS 5 will be no better.
• iPhone for kids: The Achilles Heel

Update 6/15: Nothing illustrates Apple's disdain for Parental Controls better than this screenshot:

The log display can extend vertically, but not horizontally. It's fixed width. So you can't actually view the URLs. The poor engineer must have taken pity on his users however, if you let your mouse rest on a URL for a while a popup will show you the full text.

This is third rate work.

Mac Mind mapping software: Inspiration, OmniOutliner and MindNode

I've used several mind mapping tools over the past few years, including, most recently, MindManager for Windows. I like the tools well enough, but it's a niche market. The leading vendors like Mindjet and NovaMind typically charge $250-$400 for their products; that feels a bit much when Aperture sells for $80 on the Mac App store.

All of the commercial products use proprietary, closed data formats -- so there's a severe data lock problem with this domain. It's tough to switch vendors. Some, like NovaMind, have quite good import/export features -- but that doesn't change the fundamental data lock issue. Many of the products, including some respected freeware apps, are Java based. That's a big negative for a Mac user.

Which is why it's nice to see that Inspiration is back. It was never actually gone -- but they stopped marketing it for adult and business use (schools only). Visiting their web site today they seem to be taking another stab at a broader market. Inspiration isn't nearly as pretty as MindManager, and it doesn't have MM/Windows deep Office integration, but it's much less expensive. I'd give it a try (it used to import MORE 3.1 documents btw!), but the trial software registration form is ridiculous. I'll wait until they get a clue on that front.

Inspiration is nice, but what I really want is for the OmniGroup to deliver a mindmapping solution. They could extend OmniOutliner, OminGraffle, OmniFocus or do a new app -- but my preference would be to extend OmniOutliner. They'd do a beautiful job, and perhaps they'd consider opening up the file format.

Update: The ever reliable "Martin" mentions MindNode in a comment. I loved this part of their web site description:

No file format lock-in. MindNode and MindNode Pro support a variety of file formats. You can import and export FreeMind and OPML files (a file format used by many outlining applications) or export the mind map as PNG image, TIFF image, PDF, RTF or HTML document.

MindNodePro is sold on the App Store for $20 and by direct download. MindNode is quite limited by free. There's an iOS version that currently has its own file format, but the developer promises it will migrate to the MindNode format.

MindNode is a small OS X and iOS developer product ...

... MindNode and MindNode Pro are applications designed and developed by Markus Müller. Based in Vienna, Austria, Markus is an independent software developer whose focus lies on designing intuitive and useful software for the Mac and iPhone platform...

This on is my todo (Toodledo/Todo.app) list to try.

Update 6/4/11: There's a free trial version of MindNode Pro - limited to 20 nodes. That's what I'm experimenting with. It's simple, but elegant. If you drag and drop a file to MindNode it creates a resizable icon shortcut (default size is too big). I like how it works. If you want to create documents, you create then externally and relate them using MindNode. For example, I could related a set of SimpleNote text notes. The documentation is unclear, but i can confirm node names are indexed by Spotlight.

See also:

• Mind map - Wikipedia
• List of concept mapping and mind mapping software - Wikipedia
• Gordon's Notes: XMind: Software made in China for OS X and Windows
• Which is the best mindmapping software? - WikIT
• Inspiration (store)
• ThinkBuzan - Official Mind Mapping software by Tony Buzan
• FreeMind - Wikipedia and Alternatives to FreeMind
• Freeplane - Wikipedia
• MindNode
• MindManager - Wikipedia: the prettiest product - corporate favorite strong Outlook/Office integration on Windows
• Simplemind (iOS, OS X, sold via App Store)

Why is my iPhone 4 crashing so often?

It started when Reeder, a previously stable app, began crashing frequently. I assumed the app wasn't keeping up with OS updates.

Now several apps are less stable. (Of course I've been shutting down, restarting, etc.)

It could be one app that is having a systemic impact, but my hunch is this is hardware related.

Google tells me this is not a terribly common problem but it does happen. The best explanation so far is How-To: Fix Crashing Apps on Your iPhone and iPad.

The only fixable hardware related cause I can imagine is bad "sectors"  on the iPhone's Flash memory -- flash memory defects the OS can't fix on the fly. Memory wear is normal for Flash storage and I expect my phone has a higher than average rate of read/write cycles.

So my next measure is to wipe the phone and reinstall from a backup. During a refresh the OS may have more options for managing bad

This will take some time, so I'll update after I get around to it.

After that, I'll have to bring it in. That's a scary thought!

Personally sad changes to Google search

Google has changed the way it indexes my blogs (notes.kateva.org, tech.kateva.org). Until recently search results were individual posts. Now search results are increasingly archive pages that include significant numbers of posts.

This may reflect Google's declining opinion of my worth, or simply a declining interest in blogs, but whatever the cause the new behavior is far less useful.

I tried Bing, but it's much weaker.

Unexpected benefits of removing dated OS X fonts

There are a two things I miss about Windows. I miss Windows Remote Desktop Services, it crushes OS X remote desktop. I also miss Windows fonts, especially Windows antialiasing.

OS X fonts have been a particularly annoying problem. Some applications, like my 5 yo copy of FileMaker Pro 8, show persistently garbled fonts. On the other hand, my new copy of Numbers.app defaults to a poorly rendered 9 point Helvetica Neue.

I've lived with these bugs for years, but tonight, in the process of investigating a hung app, I sorted them out.

In Library/Fonts (see Mac OS X: Font Locations and Their Purposes) I found a folder of Microsoft Fonts left over when I deleted Office 2008, and I found a good number of old style fonts dating back to 2006 [2]. After cross checking with the excellent font lists in the extensive article Font Management in OS X I removed those fonts. This had the unexpected benefit of fixing FileMaker Pro 8 - the fonts there now display nicely.

For the Numbers font problem I experimented with control of OS X antialiasing. In OS X Preferences:Appearance I set "turn off text smoothing for font sizes" to 8 and smaller (it was initially 10 and smaller). [1] I'm not sure that made any difference. What did help was creating a new template with all cells set to Helvetica 12, then saving that as a template and making it the default spreadsheet to use on startup. (Currently there's no other way to change the default font in Numbers.app.)

In the course of the above I found:

1. When I opened up Font Book.app several of my fonts showed a duplicate font message. When I ran verify some reported bugs. I chose the inactivate duplicates option, but I later discovered OS had inactivated the "good" version of the font. After I removed my old fonts I had to re-activate the "duplicates".
2. The Font Book app can be used to verify all fonts. I recommend that quick test for everyone who's run OS X for a while.
3. It's convenient to use Font Book to create a collection of the handful of fonts I actually use. Note the Windows Office Compatible and "Web-safe" built-in collections.
4. My copy of OS X includes two SchoolHouse fonts - cursive and printed. I wish I'd had these when I was teaching writing to my first child! I don't know where they came from, I don't think they're part of the regular OS X font installation.

[1] The options in 10.6.7 are different from the options in 10.6 in Aug 2009.
[2] The accounts on my 27" iMac have migrated across many machines, probably going back to 10.1. They've picked up some cruft along the way.

See also:

• List of typefaces included with Mac OS X - Wikipedia, the free encyclopedia

Update 5/28/11: I should have tested FileMaker Pro 8 a bit more. It looked good at first, but when I searched later all my records seemed blank! A reinstall, surprisingly, didn't fix anything and didn't seem to add new fonts. I had switched to Verdana, and tried old Georgia instead. That worked well.

Update 5/30/11: When I tried to empty the trash I learned that Arial and Times were still in use! They were in the Microsoft Fonts folder, and they were my bad-boy fonts. I had to restart then empty the trash.

Messages I delete in OS X Mail.app being archived in Gmail

I prefer Gmail's non-standard method of handling email, but it's a very poor fit to legacy IMAP clients.

Recently I realized that email I was deleting in OS X Mail.app (10.6) was being archived in Gmail. This is not what I wanted. I feel like this is a relatively new behavior -- at one time one had to jump through some hoops to map Mail.app's delete button to the Gmail archive behavior.

I've had more success with setting OS X to move deleted messages to the Trash mailbox (no change) AND Store deleted messages on the server (this I changed).

OS X Application Switcher - more than you knew

It's going to take me a while to add these to my usual workflow. Some I know, the interesting new ones are bold. Read the article for details ...

Six unexpected uses for the Application Switcher | Business Center | Working Mac | Macworld: ""

You’ve probably got the basics of the Application Switcher down pat by now: press Command-Tab to see a bar full of running-application icons and keep Command down as you tap the Tab key to quickly switch to the application of your choice.

2. Open a new window [good for dealing with minimized windows]

... Command-Tab to the program in question and, before you release the Command key, press Option. Release the Command key first, and then the Option key... If the target program’s windows are all minimized, the most recently minimized one returns to duty. If no windows at all are available, a new one is created.

3. Open a document in a different program

When you want to open a document in something other than its default application—a Word file in Pages, say—you can use variations of the Finder’s Open With command. But if the target application is already open (and can handle the document), you can also just drag the file from the Finder onto the Application Switcher bar. The trick is to start the drag operation, and pause it with the mouse button held down, before you press Command-Tab; keep Command down so the bar stays on the screen, and drag the document onto an application’s icon.

4. Bypass the Clipboard

You select a swath of text from a Word document to transfer to a document in InDesign, and realize you can’t Copy and Paste because you’ll lose what’s already on the Clipboard. You can transfer the selection using the Application Switcher instead.

Drag-and-drop a piece of selected text to another application using the Application Switcher.

Start dragging the selection in the Word document (move it a little bit and then stop). With the mouse button still down, press Command-Tab. Holding Command down to keep the Switcher open, drag the selection into the InDesign icon. You’ll be switched to InDesign, where you’ll see the usual “ghost” of a dragged selection, just as if you were dragging it within the InDesign document itself. Drag it into position and let go of the mouse button.

The target window isn’t frontmost in the destination? Hang on to the selection by keeping the mouse button down, and press Command-~ (tilde) to cycle to the correct window. You can also use Command-N to create a new window as a drop target.

5. Hide and show background applications

You’re in Pages. You can see only Finder windows in the background, and you want to refer to a Stickies note. You don’t have move to background applications to rearrange windows or to hide them as you leave. Instead, press Command-Tab to open the Application Switcher, tab to highlight the Finder, and, with Command still down, press H to hide the Finder's windows. When you release the Command key, you’ll still be in Pages.

Unhiding a background application is a little tricky because if you repeat this procedure (in this case, tabbing over to the Finder and pressing H), the background windows will reappear, but you’ll also be switched into that application when you release Command. To make the windows reappear while keeping your Mac’s focus in the current application, you need to press Command-Tab, tab to the application icon, press H to unhide its background windows, and then press Esc while the Command key is still down. Release the Command key and you’ll still be in the original application.

6. Jump to an alphabetical Exposé

You can quickly trigger Exposé when the Application Switcher is on the screen by pressing the Up or Down arrow; you’ll see the windows for whichever application was highlighted in the Switcher bar.

If you know the trick for arranging Exposé windows alphabetically—pressing Command-1, you’ll be pleased to know you can jump right to this alphabetical arrangement from the Application Switcher. Instead of using the Up or Down arrow key to open Exposé, highlight the application you want and press the 1 key (you're already holding down the Command key). Hold it down for a couple of seconds. What’s happening is that Exposé is triggered, and then it notices that Command-1 is being pressed and so offers the alphabetical arrangement—you’ll see the windows swap into correct positions.

I didn't even know the Cmd-1 trick. It's neat! Sheesh.

Google Calendar assigning wrong times on CSV import? Here's one fix for the time zone bug.

I can get pretty disgusted with Google Calendar, but then I make myself remember how bad Apple's iCal is. By comparison, gCal is a ruddy gem.

I had to remind myself of that today, because gCal was particularly disgusting.

It started when I tried importing my son's baseball team schedule into a public calendar using my old (best on the web!) import directions ...

Gordon's Tech: Import Calendar data into Google Calendar via CSV files

Here's the header and first row of the CSV file that I was finally able to import. It looks like you need the bloody seconds in the date. I worked with Excel for Mac, used the convert functions to turn text into numbers, then chose the precise format, then exported. Subject,Start Date,Start Time,End Date,End Time,All Day Event,Description,Location,Private Edgumbe Peewee Hockey,10/24/09,2:10:00 PM,10/24/09,3:10:00 PM,FALSE,Practice, Highland North,FALSE

This time I did necessary concatenations of strings and type transforms using Apple's excellent (and under-appreciated) and inexpensive Numbers.app spreadsheet.

The good news is that gCal no longer requires "seconds" in the time fields, and, although I don't think it's documented, it will even work with "military" time (14:20 instead of 2:20 PM).

The bad news is that time zone support is flaky. After I imported all of my calendar entries were off by about 3 hours, even though my time zone (general calendar settings) and the calendar's time zone were both CST.

I made several tries at fixing it, but this is what worked.

1. Switch to Calender Settings:General
2. Change your time zone to something different.
3. Save.
4. Change it back to the correct setting.
5. Save.

After I did that my next import worked.

Fortunately I know to always do imports into a unique calendar; there's no way to undo an import and repetitively deleting 50 bad calendar items is a good source of Google hate [1]. I created and deleted test calendars until I figured a workaround for the bug. (If you do get bit by a bad import sync to the (abominable) OS X iCal and repair there.)

See also:

• Using OS X 10.5 iCal with Google CalDAV - cleaning up import disasters
• Adding events to Google Calendar: generating quick add statements
• Import Calendar data into Google Calendar via CSV files

[1] Why are calendar apps so awful? My theory is that they are quite hard to do well, but management doesn't value them. So they never receive sufficient investment.

Blogger's "Links to this Post" is working?

I was reviewing an old post when I came across "LINKS TO THIS POST" at the bottom of the post.

That's not surprising. Blogger featured this long ago. I thought I'd turned it off though -- it's never shown anything.

Today it does. So has Blogger restored the long lost backlink function? That would be a big memory management boost.

Doodle:schedule a group activity

Doodle isn't yet another calendaring service. That's good, because it would take a crowbar to get my family off Google Calendar.

Doodle augments calendaring systems. It helps with negotiating a common meeting time between multiple participants on diverse platforms. Our local HIMSS chapter has used it for a year or more and it's been working well.

Doodle solves a problem I have, and it has a track record. So it's worth my time to test Doodle against Gordon's Laws for software and service use.

First I'll start with the fundamentals. Doodle is a Swiss company (Zurich) and revenue is a mixture of ads (yech) and premium services:

• solo - mobile support (web site), calendar connect (but this comes with free service too), ad free: $30/year
• business: solo + branding and encryption + 20 users: $350/year
• enterprise: negotiable

That's encouraging -- they have a plausible way to make money that doesn't require them selling me out. On the other hand, I don't see a lot of value to the 'solo' account since Calendar Connect comes with a free account.

Next I'll look at account setup and revocation. It's not obvious, but if you look at the login at the top of Doodle pages the Doodle icon is a drop down. Click it and you'll see how to link Doodle to your (two-factor protected) Google account using OpenID. That, of course, can be revoked from Google. I'm willing to give them my Gmail address -- it's hardly secret and already gets vast amounts of (largely filtered out) spam.

Next I tried the Google Calendar integration. I don't like that they want my Google Contacts. So that's a negative; I decided not to provide that access for now. I may give them access to one of my Google Apps accounts that has no significant Contacts exposure.

Overall Doodle gets a B+. No data lock, easy exit, plausible business model, good credentials handling. They miss the A because they insist on access to my Google Contacts rather than Calendar alone.

I'll give them a try.

PS. Extra points for having a $3 iPhone app and an Android app. Non-free is a very good sign for an iPhone app. Almost takes them to A-.

Update: As per comments, Doodle allows one to drop access to Contacts after an initial privileges grant. So they do get an A- which is pretty good. Best would be if Content access was always optional.

In practice Calendar access isn't very useful for me -- very few events of mine show up on my personal gmail calendar. They show up on calendars I subscribe to, such as my corporate calendar, the family calendar, my wife and kids calendars, etc. (Dog does not have her own calendar yet.)

So to know my true free/busy time Doodle would need access to an API that doesn't exist yet. On the other hand, subscribing to the Doodle calendar feed lets me visualize Doodle controlled appointments within my Google Calendar. That's useful now.

Contacts access would be useful within Doodle, but as noted above I'm cautious about allowing that.

Facetime connections to elderly parents - a Logitech webcam problem

I mentioned a few weeks ago that I was testing a Facetime videolink to my mother. It's not my first attempt. I'd tried Google Video Chat two years ago, but after months of struggle I gave up; it had, and still has, dismal usability. iChat was even worse. In all cases I've been using the excellent Logitech QuickCAm Vision Pro for Mac. (Still the best webcam ever sold, though I fear it's going away without a true replacement.)

After a few weeks of testing I can report that Facetime is a big usability improvement over Google Video Chat. I configured my mother's machine to auto-answer my calls; I can call from my phone or desktop and her machine will pick up. Facetime doesn't need to be running, OS X 10.6.x will launch it.

There's only one problem.

After I close the call at my end Facetime continues to run on her machine. It doesn't auto-exit (and, at this time, she can't see well enough to reliably quit the app) [1]. This means her webcam stays powered on [3]. Under some conditions, perhaps mostly time, the embedded OS that manages in-camera focus and exposure control crashes. The Webcam still works, but it focuses to infinity and the light levels are very low. If you pull the USB cable, wait a few seconds, then plug it in again, the camera will reset.

I'm considering a few workarounds. Firstly, it would be great if Apple officially supported auto-answer, so FT could then auto-exit on close. Alternatively I could

• Run a cron job to restart her machine once a night - thereby quitting FT and turning off her camera (see update - there's an easier fix - just set this in "Energy Saver"
• Run AppleScript to quit Facetime.app nightly. Unfortunately FT is not scriptable [2], but this article suggests options: How To Create a Security Cam with FaceTime for Mac and AppleScript | Mac|Life
• Resign myself to getting remote control of her computer working again (Windows has a big advantage here, RDP is light years ahead of Apple's VNC technology).

I'm leaning to the nightly restart as the simplest fix, but I should also try remote control -- again!

[1] As her macular degeneration has progressed we've been focusing on her iPad use.
[2] Apple needs to kill AppleScript, but I fear there'd be not replacement. 
[3] The webcam then stays in active mode, so it appears like it's always sharing an image.

See also:

• Gordon's Tech: FaceTime: AutoAnswer, URL, desktop 1 click call

Update:

When a Google search doesn't return much, it's often because the function one is seeking is now a part of the OS.

OS X Energy Saver allows one to schedule a restart. I'll schedule my mothers machine to reboot at 2am daily, that should clear out any dangling FT sessions.

Incidentally, there's a longstanding, perhaps ancient, UI flaw with OS X Energy Save scheduling. Look at this:

It looks like the first option is available for selection, but the second (schedule restart) is unselectable -- it's "grayed out".

Look carefully (it took me a while). The select box (drop down) on the first row is also grayed out. This is standard behavior. The reason the 2nd row is so confusing is that it starts with a drop down -- there's no preceding text to display in normal font. Despite appearances this row is available for selection. Just click the check box.

I deleted a prefs file and did a number of Google searches before I realized what was going on. I found others who made the same mistake ...

Google's two factor: Three weeks later

I implemented Google's two factor authentication about three weeks ago. It's mostly working, but there are a few issues:

1. Application-specific passwords are risky.
2. You can't de-authorize a computer from Google Accounts.
3. Authentication isn't working quite right with Google.app on the iPhone.
4. I've had to create more application-specific passwords than I'd expected

The big positive is that with two-factor and https I'm now willing to connect with an untrusted machine. By untrusted I machine a machine that has a reasonable chance of hosting a keystroke logger. That means any machine running XP and any machine I don't control. My work laptop, for example, is doubly untrusted.

A second bonus is that I'm now more comfortable with using my Google account as an OpenID/OAuth server.

The biggest problem is application-specific passwords. They behave like regular passwords, so if a keystroke logger captures the password one it can be used to, say, get access to your email from OS X Mail.app.

You really, really, really do not want to use an application-specific password on an untrusted machine. Google should provide more warning about their use. I use them on my iPhone and and my home Mac.

Use of application-specific passwords on an iPhone is a PITA. You can't generate these from an iPhone and they're a nuisance to type in. I've stored one in the encrypted 1Password database I use on my iPhone for reuse only on that device. (I'm taking this risk since if my iPhone is stolen and the 1Password database is hacked I'm in a world of pain anyway.)

Having this password on my iPhone is particularly important because Google.app's current behavior is obnoxious. In my case I entered a application-specific password and authenticated. Subsequently other iPhone Google App references (example desktop shortcut to Google Reader) requested a Google account password, not an Authenticator password and not an application-specific password. Every two weeks or so, however, Google.app makes me enter a NEW application-specific password.

The second shortcoming is that there doesn't seem to be a way to easily de-authorize a computer. When you first connect to a Google account from a new machine you're asked to enter your Google password [1]. Then, if you're using Authenticator.app, you're asked to enter your Authenticator token. At that point, if the machine authenticates, there's an option to authorize it for a month.

There should be a way to reverse that decision from your Google account. For example - what if the machine is lost? What if, as in my case, you make that choice from an untrusted machine and decide it was a bad idea? (In theory deleting cookies will undo this, but, perhaps due to user error, that didn't work for me. Of course that also requires physical control of the machine.) For now, be careful to only "authorize" your primary, secured, non-portable, home machine.

Lastly I've found I needed around 8-14 application-specific passwords, even when I reuse one - such as for IMAP and SMTP authentication from OS X Mail.app. There's no way around this one -- I use a lot of Google services from many devices and accounts.

Overall I'm pleased with Google's two factor authentication. They've given it a lot of thought, and I love that they've open sourced key parts of the infrastructure. We needed this years ago, but I'm grateful to have it at all.

[1] At that point, on a keystroke logger infected machine, your Google password is public knowledge. That's why I was willing to simplify my Google password. I now assume it is public, though I obviously haven't made it public.

See also:

• Implementing Google's two factor authentication
• Google's two factor authentication and why you need four OpenID accounts
• Firesheep, sidejacking, and SSH Tunneling with DreamHost
• Google's flawed security checklist -- and the right fix from Facebook

Bing and Parental Controls - worse than Google

Google's parental controls are pretty feeble, though there's a roundabout way to lock filtering to the most severe setting.

What about Microsoft's Bing? Bing starts out with one significant advantage -- the connections are not https encrypted so OS X domain filtering actually works.

Alas Bing's controls seem even weaker (emphases mine) ...

Block explicit websites

... Ensure that SafeSearch is always on when your kids search on Bing, choose what they see online, set time limits and game restrictions, and more. Windows users can install the free download, Windows Live Family Safety....

Ensure SafeSearch is on, I presume, by standing over your favorite teen! [3]

Interestingly in 2009 Microsoft had a better approach to parental controls ...

Bing Modified To Enable Porn Filtering - CBS News

... , "explicit images and video content will now be coming from a separate single domain, explicit.bing.net...

... Almost all third-party filtering tools can be configured to block specific domains or sites, as can the parental controls in Microsoft Vista and Mac OS X...

After this 2009 press release however, Microsoft removed all references to explicit.bing.net [1]. I wasn't able to find any explanation of what happened to it. [2]

My own tests suggest Microsoft really did abandon this scheme. The domain 'explicit.bing.net' brings up the usual bing interface, so the domain still exists, but there's no longer any redirecting to this domain. For example, a search on "Hot Babes" with OS X Parental Controls blocking explicit.bing.net brought up an impressive array of high resolution images.

Without the ability to lock Bing's parental control settings, and with the inexplicable demise of explicit.bing.net, Bing manages to come in 2nd behind Google's parental controls. The one advantage of Bing is that the lack of https encryption makes it easier to track pages visited.

[1] Either that or their feeble Blog search doesn't work with Safari. Microsoft is falling apart almost as fast as it grew to power.
[2] I wonder if corporate lawyers advise against attempting to do parental controls. Microsoft probably has less liability if they do nothing than if they provide an imperfect solution. 
[3] Though it doesn't help OS X users like me, Windows Live Family Safety sounds relatively useful.

Stuck in Apple's photo management Limbo

I suspect there aren't many of us stuck in Apple's photo management Limbo. Maybe a few hundred geeks. Perhaps we should develop a secret handshake?

We are early iPhoto adopters who have our images distributed across several Libraries. Sometimes we did this deliberately because iPhoto was pretty wimpy in the old days; it couldn't handle large numbers of images. At other times Library multiplication was the result of travel or partnerships (ex: marriage).

We, the Lost, would like to put all the images together in one place. Once upon a time we thought Apple would add Library import to iPhoto, but about four years ago we realized that wasn't going to happen. Since then some of us have used iPhoto Library Manager to merge iPhoto Libraries but others are too chicken.

For years we thought we might join libraries in Aperture, or that Apple would create an 'iPhoto Pro' with Library management. By this time price had become irrelevant, but instead Aperture languished.

More recently Apple reinvested in Aperture, and dropped the price dramatically ($80 via App Store). It is clearly intended to be iPhoto Pro. iPhoto itself is becoming simpler and losing features.

The problem is, Aperture 3 doesn't really import iPhoto Libraries. Yes, I know it claims to do it. I know many people say it works. Wrong both times. The import process has not only been buggy in the worst possible way (indetectable loss of very valued data), it can't work correctly. Aperture 3.x doesn't even have a place to store some of iPhoto's metadata, such as comments on events. In other cases Aperture 3 does have a place to store iPhoto metadata but, astoundingly, the import process ignores this.

So we're in Limbo. Even if Apple tries to fix Aperture, it might be years before they succeed. I have a bad feeling they won't bother -- there aren't enough geeks like me. Most of us own Aperture anyway.

I'm guessing I'll have to stay with iPhoto and use IPLM's merge feature. I'll be approaching that with the same enthusiasm as juggling antimatter. Merging iPhoto's monstrous data structure would be a hard problem even if Apple tried to help ...