MobileMe vs. DropBox

I've been tempted by DropBox, but I signed up for MobileMe (Family!) so I could sync my OS X Address Book with my iPhone via MobileMe. (If you use Exchange Server with the current iPhone you can't do direct sync to a desktop -- I hope that will change with iPhoneOS 4.

Today I ran into a MobileMe file sync problem. The most current version of a file was "stuck" on my MacBook. I couldn't get it to sync to the server. I got a cryptic sync error message, but nothing else.

Eventually MobileMe put up the dialog I was expecting, asking me to resolve a sync conflict.

I'm not impressed. I haven't asked much of MobileMe, but it's already failed me.

I'm going to give DropBox a try -- and keep looking for some other way to manage my address book. I'm hoping I'll be able to drop MobileMe after this year is up.

See also:

• Gordon's Tech: MobileMe: Perspective of a crusty Palm veteran (2008)
• Gordon's Tech: The MobileMe Massacre begins (2010)

My 10.6 iMac is crashing - a debugging exercise

I hate when this happens. It's been a while fortunately.

My now flicker-free fairly new 27" quad core iMac is crashing.

There are two common failure modes. One is that it locks up when displaying photos in the screensaver. The clue is that the same images display repeatedly. The second mode is that iTunes becomes unresponsive, and then the Finder as well. I get the SBOD/SPOD/spinning beachball of death.

If I kill both I can restart iTunes, but not the Finder. I've tried several fixes. First I ran Safe Boot (shift restart). Then I installed the latest version of Onyx and ran the usual clean, check, maintenance, etc. Everything passed but the problems have persisted.

So I've begun uninstalling anything invasive. First I removed CrashPlan, and today I uninstalled 1Password (a quite involved uninstall, see OS X defect: The missing uninstaller).

I've been suspicious of 1Password for a while. I'm also monitoring Console.app, which is full of "missing bundle identifier" Office 2008 related messages. I've found mention of this problem in association with kernel panics last November, with a more recent responses. For example:

... 2/27/10 8:10:35 PM [0x0-0x28028].com.vmware.fusionDaemon[296] 2010-02-27 20:10:35.581 pkgutil[299:60f] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_brazilian.pkg...

Soo why the heck does vmware Fusion put this message out? (com.apple.backupd also complains, but that make sense). VMWare Fusion is doing quite a bit on startup, even though it's "not running".

 Tonight I'll run the Apple hardware test that came with my machine in loop mode. (I think you need to attach a physical kb to get this to work -- holding 'D' on my bluetooth kb didn't seem to do anything.) If the problem persists, VMWare will be the next to go (For example). I want it to run my XP VM, but if need be I can move that VM to a MacBook running 10.5 and Fusion 2. If I figure this one out, I'll update this post.

PS. Bundle Identifier via Apple Dev:

The bundle identifier string identifies your application to the system. This string must be a uniform type identifier (UTI) that contains only alphanumeric (A-Z,a-z,0-9), hyphen (-), and period (.) characters. The string should also be in reverse-DNS format. For example, if your company’s domain is Ajax.com and you create an application named Hello, you could assign the string com.Ajax.Hello as your application’s bundle identifier.

Update:

• I moved the suspicious Office 2008 .pkg files to another drive. I'll see if I can reduce the Console messages.
• I realized that when I drag things to the trash they're being deleted immediately, rather than put in the trash. I found an old article on this that's being cited by 10.6 users recently. Naturally it's a permissions problem. I wonder if it's related to the odd way my account was created when I used migration assistant (long story). I'll try some of those fixes.

Update b: Getting somewhere.

Ok, this is interesting. As described by the X Lab document I was getting the "will be deleted immediately" trash message because I had lost read/write privileges to my home directory. On inspection my User directory folders all refer to an user "_unknown". I think this was a side-effect of how I set up my account, which was:

1. I setup an account called "jfaughnan" on my new machine.
2. After a while I deleted it an migrated the "jfaughnan" account from my old machine.
3. The new account was given the home folder name "jfaughnan 1". On inspection I found that deleting the user "jfaughnan" failed to remove the original home directory.

I'll keep working this one. I also would wonder about VMware messing up my privileges and about migration assistant inheriting known permissions problems from my old machine.


Update 2/28/2010: Went through 18 loops without a problem, so hardware seems good. I'll keep hitting on the software issues - esp. VMWare.

Update 3/2/2010: I thought I was getting somewhere, but today it was unresponsive with a faint glowing blue screen. I tried putting it to sleep by pressing the power button, but nothing happened. Then, on a hunch, I turned off an attached firewire 400 drive. The system responded, then went to sleep. It woke up normally.

On resumption there was an iTunes complaint about loss of Apple Store connectivity. Meanwhile my console showed many instances of this message:

3/2/10 3:45:14 PM com.apple.launchd.peruser.502[155] (com.apple.AddressBook.abd[13839]) Exited with exit code: 1

Now I'm suspicious that 10.6.2 has a problem with sleeping firewire 400 drives. Spanning Sync and MobileMe get frownies too because of the Address Book message, and Time Machine because my last TM backup concluded just before the lockup.


Update 3/11/10: It's still locking up, sometimes with awake from sleep and sometimes with switching users. It might be less frequent - maybe once a week. I'm suspicious of VMWare 3.02 on 10.6.2. I don't see any useful Console messages. I will try restarting the machine every few days as a prophylactic measure. Maybe 10.6.3 will help, it should be out soon.

Update 3/12/10: Got the faint blue screen, and again turning off the external drive did the trick. The screensaver slideshow uses that Firewire 400 drive. I ran Disk Utility and cleaned up permissions on the drive. It's set to ignore ownership. Looks like yet another OS/firewire problem.

Update 3/13/10: Found iTunes was not responding. Time Machine backup not working. When I tried to add a share got spinning beachball (noted, however, a share reference to a user account that was deleted - bug there). Console said slide show found a corrupted jpeg. Unable to shutdown -- until I turned off external firewire drive. I think 10.6 and new iMacs have serious problems with Firewire 400 enclosures. Errors seem to cause the OS to blow up - perhaps some kind of memory overow issue.

Update 3/13/10b: Huge discussion thread on firewire issues in 10.6. I think I found my problem.

Update 3/13/10c: Apple just truncated the massive firewire complaint thread. Really, it didn't have anything to do with me. I guess they took care of that problem. I've switched to USB for now, I'll try firewire again with 10.6.3.

Update 3/29/2010: Same crash - locked up screen saver - but this time I was using a USB drive. Turning the drive off then on again cleared the problem. So this isn't a firewire problem after all! It's a screensaver and external drive bug. The console is showing "corrupt JPEG data", but that might just be from power cycling the drive.


Update 5/12/2010: I think this was fixed by 10.6.3. I haven't seen it since. I only have a USB drive attached however, so I can't rule out a Firewire bug. The "corrupt JPEG" console message was a red herring caused by loss of the drive when trying to display in the screensaver.

Update 10/27/2010: Things have been pretty stable since 10.6.3.

OS X 10.6 bug: persistent reconnection

I don't recall running into this problem with 10.5.

I want to connect to a network share using my remote machine user name and password. Snow Leopard, however, insists on connection using my MobileMe user name. If I disconnect, it simply reconnects.

I've yet to find a workaround.

--
My Google Reader Shared items (feed)

Facebook Lite blank page - no fix

Today is my day for tech roadblocks.

I can't figure out how to get Outlook 2007 notes to be exported as text files for use with notational velocity/simplenote, and I can't fix my mother's blank lite.facebook.com page.

I'd set my mother's FB account to always start "lite". It's a cleaner, simpler, faster UI. Unfortunately, it doesn't get a lot of FB love. There's a bug where the page loads empty. There's no way to convince FB to ignore the default "always lite" settings.

I found a hack that will get me to account settings - use this URL: "https://login.facebook.com/login.php?login_attempt=1".

I didn't have to actually enter my password with this hack, but it did bring me to normal settings. From there I can see her Profile view. Unfortunately, standard settings don't include the facebook lite control -- that's only available from lite.facebook.com.

I was able to fight my way to a report form, but I don't hold out much hope. I'll try from XP at work and see if things are any better.

Once I do get into her lite.facebook.com account I'll turn off the "always lite" setting. That's clearly a bad idea!

See also: disable-facebook-lite-switch-to-normal-facebook

Update 2/26/2010: The next day, from work using IE 8, I was able to get a non-blank page. I then switched her to regular facebook. A DNS issue? I use GoogleDNS and/or OpenDNS at home.
--
My Google Reader Shared items (feed)

Weird 1Password related bug with account migration

I've used 1Password for a while, but I've always been uneasy about the hacks used to get access to browsers. As best I can tell 1Password has stopped using evil input managers, but it has had a shady past.

So when I switched to a transiently flickering 27" i5 iMac I didn't install 1Password right away. I figured I'd get around to it, but I forgot (I mostly use it on my iPhone).

Recently I was having odd lockups with 10.6, so I uninstalled CrashPlan because of some suspicious behaviors. The problem persisted, so I checked my Console.app. It was full of messages about missing bundle bits with 1Password. All I can guess is that bits of 1Password migrated when I used Migration Assistant to move my old account (but no apps).

I downloaded and installed 1Password 3 (Snow Leopard compliant) and the Console messages are gone.

Weird.

Now we'll see if my lockup problems resolve ...

--
My Google Reader Shared items (feed)

Series of 10.6 bugs related to erasing (formatting) an external drive

OS X Grab is a pretty simple utility, so I was quite surprised when it hung with a spinning pizza of death (SPOD, SBOD) on saving a screen capture.

Deleting preferences didn't help. I switched to the Admin account to test there, and it hung with a blue screen.

What the heck was going on?

The source of this and several other bugs, including a lockup the night before, was I was performing a 7 layer erase and FAT format on an external drive being recycled for donation.

It appears than several Finder/File system related operations in 10.6 will hang when an external drive is being erased.

I've been using 10.6 for a few months on my newest machine. It's not bad, but it's still not as stable as 10.5.

Google Buzz, Chat and Reader - together at last. Farewell Twitter.

Buzz is up, though at the moment it's sluggish and it looks like Googel IM/SMS may have cratered along with it. Probably being hammered.

The Buzz site says it's being rolled out gradually, but I clicked the sign up button there and it seemed to add it to my Gmail. It looks like my Buzz followers include my Google Reader shared item followers (I'm following 43 people and 22 people are following me) plus my Chat correspondents.

The Buzz shared items are the sum of Chat status messages, Google reader shared items and Picasa image shares:

Your Google Reader shared items, Picasa Web public albums, and Google Chat status messages will automatically appear as posts in Buzz. To edit your connected sites or change privacy settings, view connected sites.

"Connected sites" create posts in Buzz. Mine started out with Picasa public albums and Google Reader shared items. It's not, however, showing my Chat status messages as a "connected site" so there's something funny there. Those should really show as "connected sites". [I don't think Chat updates are doing anything at the moment].

I think that Buzz is the gathering point and Buzz posts don't go to Google Reader shared items or to Chat status, but really it's hard to tell. The site is semi-stable at the moment.

I've never had much use for Twitter, and it looks like I'll have even less use in the future - especially if Google ties this into SMS.

PS. Viewing the people I follow, I see that my "leonine" OS X 10.6 user account icon has now metastasized to be attached in Gmail's Buzz follower view to my corporate email. Where will it go next?

Update: I reviewed how these display in my Google Profile, and I decided it was a bit too much information to have publicly available there. My Google Profile is very discoverable, hence corporate. So I removed the connectivity to Reader Shared items. I'll explore this over time.

Update 2: I wonder if Google will even try to submit an iPhone Buzz app, given that Apple would almost certainly reject it.

See also:

• Gordon's Notes: The Buzz profile problem: I am Legion

--
My Google Reader Shared items (feed)

OS X Address Book: How do you show all groups for a Contact?

Once upon a time, an early version of OS X Address Book allowed one to see all the Groups to which an address belonged:

InformIT: Mac OS X Unleashed - Address Book: "the group setup window should appear,"

I don't believe there's a group setup window any more. It's easy to add an address to a group, but I don't think there's away to inspect or interact with an address and find out which groups it belongs to.

I often want to do this, particularly when I deal with duplicate address book entries.

Sigh.

I doubt Apple will fix this. If they ever do crack the hood on Address Book, maybe they could also fix the "Find Duplicates" function - such as provide a "show duplicates" option. Or at least document what the merge behavior really is!

Update 2/26/2010: Per Comment by Kate: "Simple. Select the address card you want to find groups for. Press the option key. The groups the address belongs to will be highlighted." Knowing the answer I searched on this, and found only one reference in an old version of Pogue's "Mac OX X" Missing manual series. How did Kate know this?

Update 2/27/2010: It's in the "manual" (online help). Of course. It's not even hard to find. I searched on "show groups" and found:

Select a contact in the Name column.

Hold down the Option key.

Address Book highlights the groups the contact belongs to in the Groups column. If you have a lot of groups, scroll the list to see all of the highlighted groups.

Total humiliation, total fail.

Sync heck: CalDAV vs Exchange Server - a Google Apple review

Two years after writing "Synchronization is Hell" I'm pleased to report it's been only a bit heckish of late for my iPhone and our family Calendar.

Three months ago I switched my iPhone sync to

• CalDAV to multiple Google Calendars, including my wife's family calendar, my personal calendar, and various school and sport and social calendars all shared via Google. (iCal also subscribes to these. It's useful when I want to see the most data, but it's not essential.)
• MobileMe for Personal Contacts. MobileMe manages Contacts sync for me across multiple OS X machines.
• Microsoft's "Exchange" (ActiveSync) for my corporate Contacts, Calendar and email.
• Gmail for my personal mail.

Yes, it's rather complicated. Life would be easier if the iPhone could handle multiple ActiveSync accounts - then I could also sync to Google using ActiveSync. I lost access to my Google Contacts when I switched my single iPhone ActiveSync client to the corporate server. I think I'm now ready to retry Spanning Sync, which I gave up on about a year ago and take another stab and "Project Contacts".

Despite the Contacts loss and some quirks, it's been a miracle to finally have work and personal and other calendars all in one place. I have a fairly full and complicated life, and being able to coordinate calendars this way has been genuine progress.

There are a few limitations with this I never see mentioned elsewhere -- so here's the exclusive list:

1. On my iPhone I can't move an appointment between calendars after I've created it
2. Exception handling is quirky. I can set an appointment in Google to workweek only, but it may not stay that way on my iPhone.
3. I can't invite people to appointments created on the iPhone CalDAV account, even though Google supports invitations. I can do invites with the ActiveSync account.

See also:

• iPhone sync to Google contacts - 3 methods and work/home implications
• Project Contacts: Now mixing Outlook/Exchange, PST file, Outlook/Home, MobileMe Sync, OS X Address Book and the iPhone.
• Using OS X 10.5 iCal with Google CalDAV - cleaning up import disasters
• Address book sharing with OS X and MobileMe
• Project Contacts: Integration across iPhone, Google and whatever
• Work home contact integration: Outlook to Google to OS X Address Book
• MobileMe: Integrating Work and Personal Contacts

Update 4/14/2010: Currently my iPhone can't edit CalDAV synced appointments that have invitations. Really annoying. iPhone OS 4 will support multiple Exchange connections so I'll try using ActiveSync instead when that's out. I don't know if this is a CalDAV, Apple or Google issue.

Access denied: VMWare Shared Folders on Windows 7

Between Dell machines shipping with motherboard disconnected SATA cables, a Clampi Trojan on my Windows 2003 server, a mysteriously vanished backup [1], Windows 2003 blue screening on a new Dell workstation, a failed Acronis disk image and the horror of 64 bit Windows 7 it's been another fun week in tech.

Today was a bit better. I installed VMWare Player on a 64bit Windows machine and created a 32 bit Windows 2003 VM - giving it all four cores and 3GB of memory. After VMWare tools installed and I enabled hardware graphics acceleration it felt faster than on the prior 3 yo workstation lost to the wretched corporate refresh cycle.

Mostly easy, until I dealt with the second drive in the box. Even after I used shared folders to map to drive E:, and the ancient DOS subst command to assign a drive letter to the shared folder, I still couldn't write to the new shared folder. I could read, but I couldn't delete anything. If I tried, I got an "access denied" message.

Worse, it seemed I could write to the drive, but the data wasn't there. VMWare showed files as having been copied, but in Win 7 they weren't there. On restart the VM didn't see them either.

The fix was to right click the drive letter in Windows 7, choose properties then security, and allow "EVERYONE" full control of the E: Drive. Then Windows 2003 in the VM could read and write.

I suspect there's a less severe fix. After I left work it occurred to me that I should study the read/write permissions on the C: drive. I suspect the vmware_user (__vmware_user__) group has special privileges on that drive, I just need to study them and replicate them for the E: and F: drives.

I'll update this post with what I find.

PS. It's unnerving that my Google searches really didn't turn up anything useful on this topic!

[1] Retrospect Pro backup on external drive. It vanished! Dir *.* and Attrib *.* showed nothing with 325 GB used. Retrospect could find the files though -- it restored from the backup drive.

--
My Google Reader Shared items (feed)

Time Machine, Time Capsule and offsite backup

Time Machine, among its other significant weaknesses, is ill suited to offsite backup – especially when it is used with Time Capsule.

If you attach an external drive to Time Capsule there is an “archive feature” that will shut down TC access and safely transfer the data to an external drive. Problem is, neither the drive nor the backup are encrypted.

Carrying around non-encrypted backups is not a good idea.

There’s a similar problem with a standard Time Machine external drive. If you swap them, you run into the same encryption problem.

The answer for an external drive is to use an encrypted disk image and mount that for TM backups. That doesn’t, however, work with standard Time Capsule archive behavior. I suspect one might be able to disconnect all clients and use the finder to copy the disk images to an encrypted disk image, but I’ve not tested that.

See also:

• Time Machine - Unable to Complete Backup bug on Time Capsule
• Freeing up Time Capsule space – and documentation for Time Machine and Time Capsule
• Time Machine- Fail first, then flaw discovered
• Time Capsule 10.5 Backup volume could not be mounted bug

Time Machine - Unable to Complete Backup bug on Time Capsule

I'm not a fan of Time Machine. I run into more TM bugs than I ever saw with cranky old Retrospect -- and I get less notification of problems.

Today I found a critical laptop hadn't been completing it's TM backup for about 2 days. It was showing a common, unhelpful, error message "time machine an error occurred while creating the backup folder".

David Alison's Blog has the answer for a standalone time machine. Turn off TM on the affected machine. Then navigate to your TM backup folders and look for something like "2010-02-01-134046.inProgress". Delete the "inProgress" file.

This doesn't work for Time Capsule though. TC won't let you delete the inProgress file. I couldn't find any report of a fix, save dragging the actual machine specific TC sparse disk image to the trash and starting over. (The official response to all similar problems, by the way, is to wipe the entire TC disk and redo ALL machine backups).

What worked for me was to turn off Time Machine on all the TC clients. Then I restarted the AirPort and then turned TM back on for the troubled machine. The backup chugged away for a while, and then it resumed.

See also:

• Freeing up Time Capsule space – and documentation for Time Machine and Time Capsule
• Fixing the Time Machine / Time Capsule 10.5 "Backup volume could not be mounted" bug

Windows 7 is OS X Warp(ed)

One of my work machines now runs Win 7. It’s the first time I’ve had to do more than play with it.

It helps to know OS X, but it also hurts. There’s a lot of stuff in Win 7 that’s a tasteless and ugly version of OS X. Take the desktop themes (please).

Hard to say if it’s really an aesthetic improvement even over XP. The XP interface feels light, sharp and clear by comparison.

Update: For example - "Program Files (x86)". Thousands of Google hits puzzling over that one. WTF were they thinking?

Update 2/4/10: OS X managed a smooth migration to 64 bit. I've had a few days of experience with the Win 7 mix of 32 and 64 bit ODBC, Oracle, Java, Microsoft Office, SQL Developer, etc. It's a train wreck. It brings back memories of early DOS experiences. This 2007 tech doc tells one part of the dreadful story.

Computing keeps getting more bizarre

At home I’ve retired my six+ year old XP machine. It lives on in a cloned Fusion VM [1] on my iMac. The dead hulk of the machine waits for anyone who might make use of it, but it’s most likely headed to recycling.

It’s a relief to be done with it. It worked well enough to the very end, but it was a flaming security hole (no antiviral software – that cure is worse than the disease) and it howled like a demented banshee.

At home the four Macs and three iPhones are quiet. So quiet I now notice the ever running fan on my G5 iMac, a fan I never heard when the XP box lived. OS X is kind to me. It all just works.

At work though, I still live with XP. Not just XP, but XP layered with monitors, automated maintenance systems, encryption software, automated backup software that isn’t useful, misguided and aborted security layers and only Satan knows what else. At work, computing is bizarre. I don’t think my workplace is atypical; I suspect this is true of many large publicly traded companies.

Consider this.

I reboot a Windows 2003 box after a failed disk cloning attempt to discover the boot disk is hosed. [2]. So I take a look at my personal backups (since the corporate backups are effectively useless) and find the disk has no files.

Nothing.

But Retrospect Professional (Windows) shows the backups have been working.

Nothing will show any files. Chkdsk reports no errors. But 325 of 350GB are in use.

So I try a restore from Retrospect – and it works.

The files are there, but invisible to cmd.exe. (No, not marked as hidden, truly invisible).

I suspect some side-effect of an cryptic corporate attempt to secure/encrypt USB peripherals. It’s not worth trying to debug this – I don’t have enough control over the pieces.

I have to assume we’re reaching some nadir of corporate computing – that things will improve somewhat with a migration to windows 7. It is ever more clear, however, that those of us who are cognitively dependent on our computers will need to have our own computers and network access at the workplace.

Which is good news for the iPad.

[1] Which is periodically slow and awkward on my quad core 10.6 machine compared to Fusion 2 on an older MacBook. Fusion 3 on 10.6 quad core needs work.

[2] Could be a side-effect of the Acronis disk cloning, but I doubt it. I suspect it would have been hosted on any reboot – that machine hasn’t been restarted for weeks.

Online backup – the security problem (it’s not the encryption)

Here’s how you lose everything.

First, someone gets control of your email account. It might be a security vulnerability, or a password attack (note: “tigger”, “angel” and “soccer” are not wise choices), or a password reset, or an inside job.

They then sell your email to someone who takes a look, and finds a backup report from, say, CrashPlan. They then reset your CrashPlan password:

Please submit your email address. Afterward you will receive an email with a link that will reset your password and securely display the new password to you. The provided link will only work for one hour.

Now they have access to everything you’ve backed up.

CrashPlan talks about their 128-bit Blowfish encryption (standard) or 448-bit CrashPlan+ encryption and how robust that is. As Schneier used to point out before he was overwhelmed by the boredom of it, this is rather besides the point. Their use of the industry standard “password reset by email” process means they’ve built a solid steel door on a house made of rice paper.

It’s not just CrashPlan of course. Google is little better. This reset problem is just one aspect of how broken passwords are (don’t get me started on “security questions”. Please.)

CrashPlan also offers a “data password” that encrypts at the client side. So even if someone gets control of your online backup they can’t actually do anything with the data.

Except … Well, CrashPlan’s FAQ dodges around this, but since the encryption is client side they can’t make any changes to whatever you’ve already backed up. So if you want to add, or change, your data password you have to wipe your online backup and start over. If you change it, but don’t start over, you better keep your old and new password since data may be encrypted with one or the other. In my home a full family CrashPlan offline backup takes about 4 weeks, so this is not a trivial change.

Note that I’m using CrashPlan as my example here because they’re the best in the offline consumer backup business, and they are the only offline backup plan I’ve considered. They just have the usual problem with their password reset procedure.

How could CrashPlan make the best of a bad situation? Well, in the unlikely event that they read this, they can research higher quality reset procedures (not #$!$!$ security questions). Those reset procedures often involve two factor authentication procedures, such as the procedure myOpenID almost got right. They involve more expense, so it would be reasonable to for CrashPlan to charge extra for a higher quality security service. They really don’t need more encryption, they need better reset controls.

In the meanwhile this problem has tipped me away, for now, from using offline backup. I’ll continue to rely on physical drive rotation for offline security and I may make use of CrashPlan’s (free, unfortunately – I distrust the longevity of free things) ‘backup to friend plan.

Update 2/4/10: For more on CrashPlan.

Update 5/17/10: Matthew Dornquast of ChrashPlan replies in comments.