Saturday, November 24, 2018

Did you follow Apple's two-factor authentication advice to provide a friend's phone number for SMS authentication?

I bet you didn’t do this [emphases mine]:

…You should also consider verifying an additional phone number you can access, such as a home phone, or a number used by a family member or close friend. You can use this number if you temporarily can’t access your primary number or your own devices….

… To use two-factor authentication, you need at least one trusted phone number on file where you can receive verification codes. Consider verifying an additional trusted phone number other than your own phone number. If your iPhone is your only trusted device and it is missing or damaged, you will be unable to receive verification codes required to access your account…

… If you're signing in and don’t have a trusted device handy that can display verification codes, you can have a code sent to your trusted phone number via text message or an automated phone call instead. Click Didn’t Get a Code on the sign in screen and choose to send a code to your trusted phone number…

Apple 2FA implementation has a high risk of account access loss (Google has better 2FA recovery options). Apple’s recommended mitigation is to use multiple SMS verification numbers, not just the one mandatory number. Since SMS is an essential part of Apple’s 2FA, and SMS is a poor way to do 2FA, Apple’s 2FA is fundamentally insecure (mac bloggers seem universally unaware of this incidentally).

Damned if you do and damned if you don’t. On balance, if you use 2FA, you should have at least two SMS numbers numbers associated with your (insecure) Apple ID.

PS. To Apple’s credit, you need both a password and SMS to access your iCloud account, and you can’t reset the password just using SMS. In the absence of a trusted device the password reset process is mysterious and takes a few days.

PPS. You can use a Google Voice number as a trusted number. That way you can use a web browser to retrieve the authentication code.

Remember to remove a device from your Apple ID account list if it is sold or wiped

Apple associates devices with your Apple ID. If you are using two factor authentication they get authentication requests. If you wipe or sell or dispose of a device you really want to remove it from this list.

Go to, select the device, and remove it.

I don’t think the reset/wipe phone setting does this automatically.

Sunday, November 18, 2018

Printer configuration is a still a pain (AirPrint edition)

I replaced an old Brother HL-L6200DW with a new Brother HL-L6200DW. Isn’t stasis wonderful? Scanners and printers don’t change much any more.

I sort of remembered how to test these up. I got it working via ethernet, then got it on our WiFi network. That worked for my Mac, but AirPrint wasn’t happy. Same printer, same name, different Mac ID. iOS said it would let me update to the new printer, but then it failed.

I had to restart my router, rename the printer in the web GUI (I’m sure this isn’t in the manual), restart printer, restart phone. Then it found it.

I’m sure there’s an easier way. Nobody prints though, so maybe not.

PS. The printer has all kinds of web services enabled. It’s basically waving a hack-me flag. It’s a bother to figure out what I can turn off.

Monday, November 12, 2018

An almost useful Siri Shortcut: "Voice memo record"

Apple forgot to add a Siri command that would launch Voice and start recording. You can launch it with Siri, but it won’t start recording.

They did add a Siri Shortcut though - “Record a new voice memo”. So I finally found a use for that feature, I added “Record voice memo” and “Voice memo record” as Siri shortcuts. I think the 2nd one works better.

“Record a memo” doesn’t work because Siri uses that to open Voice without launching the recording (iOS doesn’t warn about this during shortcut creation). The behavior is also a bit buggy, sometimes the phrase launched Voice but didn’t start recording.

I tried creating a springboard Shortcut, but even though “Record a new voice memo” is in Siri & Search settings shortcuts, it’s not available in (btw, deleting a shortcut uses an insanely weird UI).

How to find the folder that holds an iOS app in iOS 11 and 12

This is so friggin obscure now. I had to read this Apple Discussions thread a few times. The problem is there are two types of Spotlight search in iOS, and now only one of them shows a containing folder name.

When you type an app name in Spotlight iOS does predictive search first. You don’t tap the Search button. In iOS 11-12 the predictive search result UI doesn’t show the name of the containing folder.

To see the containing folder you need to do search-search (plain old search), not predictive search. Type the portion of the app name that shows your app in predictive search, but don’t tap on the app. Instead tap on the Search (blue) button. That does proper search, and now the containing folder shows next to the app name.

Sunday, November 11, 2018

Cisco Receiver client for Mac no longer works with Safari (NPAPI plug-ins are no longer supported by Safari)

Safari 12 “Removed support for running legacy NPAPI plug-ins other than Adobe Flash” [1]. Despite years of warning Cisco wasn’t quite ready (perhaps Apple has made a mess of the plug-in/extension migration [2])

NPAPI support is being removed from Safari 12 | Citrix Blogs (Aug 2018)

… Apple have announced they’re removing support for NPAPI from Safari 12. This will affect the user experience for users accessing Citrix Receiver for Web using Safari on Mac. We’ll address this by turning on the Citrix Receiver Launcher for Safari 12+ in future releases of Citrix StoreFront…

With Safari 12 if you click on a Citrix Receiver link a .ica file is downloaded. You have to click the .ica file to launch Receiver. Prior to 12 the /Library[3]/Internet plug-ins/CitrixICAClientPlugIn.plugin handled the .ica file, clicking a link caused CitrixICAClientPlugIn.plugin to launch Receiver. There’s a Safari 12 workaround, but I’ve not tried it.

Citrix does have new era extension support for Chrome, so you can just use Chrome until Citrix delivers a “Safari App Extension” version of the plug-in. (Which might come with their Citrix Workspace replacement for Receiver.)

- fn -

[1] The dev must have hated keeping Flash support. NPAPI is 1995 old, Chrome dropped NPAPI support in September 2015.

[2] Safari 12 also deprecated the newer-than-NPAPI “Safari Extensions” and Apple is shutting down the Extensions gallery. Instead we’re supposed to get Safari App Extensions, but, as is too often true of Apple, it’s not clear where one downloads Safari App Extensions.

[3] Installed in root Library rather than user Library.

Saturday, November 03, 2018

iOS 12.1 will open Google Drive hosted ePub directly in

iOS 12.1 will open Google Drive hosted ePub files directly in (formerly iBooks). I don’t know how new this is, but tapping on the same file in Google’s gives an “unsupported file type” error. (You can still copy it to Books, it’s just awkward.) I’d long used to open my ePubs, just happened to try today.

Books UI doesn’t scale well to significant number of ePubs, storing them in Google Drive or iCloud Drive works much better [1]. I treat iBooks as a temporary store, periodically I clean it out.

[1] Also iOS 12 won’t sync with Sierra iBooks, so those of us who are putting off painful updates have another reason to store in the file system. Really, though, it’s just way better than using iBooks storage. I’m a bit disappointed Apple hasn’t fully integrated iBook storage with iCloud Files, but this is nice.

iOS 12 tables don't render in Notes.web (or Sierra Notes)

Tables have been neglected in the past 20 years of software, so I was surprised to see them in iOS 12.1

Sadly, they don’t render in Notes.web (Safari or Chrome). Instead we see the same empty block that Sierra Notes uses:

Screen Shot 2018 11 03 at 11 44 48 AM

That’s disappointing. iCloud is overdue for some maintenance.