Saturday, December 29, 2018

Extend Aperture's lifespan with Adobe DNG Converter for Mac

Aperture on Sierra doesn’t support RAW files from my Canon EOS SL2. I don’t know if there would be any support if I upgraded to High Sierra or Mojave, but I think not. I tried using Canon’s RAW to JPG converter but it was achingly slow and it defeats the purpose of shooting RAW in the first place.

So I’ve been shooting JPEG [1]. Today, through Facebook’s Aperture User Group, I learned that Adobe DNG Converter output can be treated by Aperture in Sierra as a type of RAW format. So I downloaded the app and tried it on a CR2 file from my SL2. It was extremely fast and produced a DNG a few MBs smaller than the CR2 file. Aperture opened it a bit more slowly than I remember it processing my older Canon RAW files, but there no real issues.

Adobe DNG Converter has a truly ugly Mac UI, but I have no problems with that. I suspect DNG is only a minimal archival improvement on CR2 so I’ll mostly continue to shoot JPEG (because everything sucks [1]), but now I have the option to do CR2 when I want better results. Since I already use Image Capture to bring images off my devices rather than Aperture the extra conversion step is a modest cost.

- fn -

[1] Twenty ago I was sure we’d get one of many better lossy image formats, of which JPEG2000 is the only one I can remember now. We never did, partly due to patents and partly for reasons I don’t understand. I think cameras have gotten better at making the best use of JPEG, which itself has iterated over time. In 2018 some SLRs shoot DNG (not Nikon or Canon of course), Apple’s cameras shoot patent-encumbered HEVC (not HEIF, that’s the container damnit), and there’s lots of proprietary RAW. I suppose HEVC is an improvement over RAW, but only by a bit. HEVC is likely to lose out in the long run to AV1 and disappear — with no comment from Apple when it converts. In terms of a practical archival image format we basically have PNG and JPEG with no metadata standard and perhaps some flavor of TIFF. Basically everything sucks, which is very 2018.

Incidentally, the image formats Preview can export to in Sierra when you use the Option key trick (apple doc) — prior to Mountain Lion they were all shown. OpenEXR was from Industrial Light and Magic but it’s as dead as old JPEG-2000. (As near as I can tell Mojave has the same list and it still doesn’t include HEIF/HEVC, which seems a vote of some sort.)

PreviewExportFormats

Saturday, November 24, 2018

Did you follow Apple's two-factor authentication advice to provide a friend's phone number for SMS authentication?

I bet you didn’t do this [emphases mine]:

…You should also consider verifying an additional phone number you can access, such as a home phone, or a number used by a family member or close friend. You can use this number if you temporarily can’t access your primary number or your own devices….

… To use two-factor authentication, you need at least one trusted phone number on file where you can receive verification codes. Consider verifying an additional trusted phone number other than your own phone number. If your iPhone is your only trusted device and it is missing or damaged, you will be unable to receive verification codes required to access your account…

… If you're signing in and don’t have a trusted device handy that can display verification codes, you can have a code sent to your trusted phone number via text message or an automated phone call instead. Click Didn’t Get a Code on the sign in screen and choose to send a code to your trusted phone number…

Apple 2FA implementation has a high risk of account access loss (Google has better 2FA recovery options). Apple’s recommended mitigation is to use multiple SMS verification numbers, not just the one mandatory number. Since SMS is an essential part of Apple’s 2FA, and SMS is a poor way to do 2FA, Apple’s 2FA is fundamentally insecure (mac bloggers seem universally unaware of this incidentally).

Damned if you do and damned if you don’t. On balance, if you use 2FA, you should have at least two SMS numbers numbers associated with your (insecure) Apple ID.

PS. To Apple’s credit, you need both a password and SMS to access your iCloud account, and you can’t reset the password just using SMS. In the absence of a trusted device the password reset process is mysterious and takes a few days.

PPS. You can use a Google Voice number as a trusted number. That way you can use a web browser to retrieve the authentication code.

Remember to remove a device from your Apple ID account list if it is sold or wiped

Apple associates devices with your Apple ID. If you are using two factor authentication they get authentication requests. If you wipe or sell or dispose of a device you really want to remove it from this list.

Go to https://appleid.apple.com/account/manage, select the device, and remove it.

I don’t think the reset/wipe phone setting does this automatically.

Sunday, November 18, 2018

Printer configuration is a still a pain (AirPrint edition)

I replaced an old Brother HL-L6200DW with a new Brother HL-L6200DW. Isn’t stasis wonderful? Scanners and printers don’t change much any more.

I sort of remembered how to test these up. I got it working via ethernet, then got it on our WiFi network. That worked for my Mac, but AirPrint wasn’t happy. Same printer, same name, different Mac ID. iOS said it would let me update to the new printer, but then it failed.

I had to restart my router, rename the printer in the web GUI (I’m sure this isn’t in the manual), restart printer, restart phone. Then it found it.

I’m sure there’s an easier way. Nobody prints though, so maybe not.

PS. The printer has all kinds of web services enabled. It’s basically waving a hack-me flag. It’s a bother to figure out what I can turn off.

Monday, November 12, 2018

An almost useful Siri Shortcut: "Voice memo record"

Apple forgot to add a Siri command that would launch Voice Memo.app and start recording. You can launch it with Siri, but it won’t start recording.

They did add a Siri Shortcut though - “Record a new voice memo”. So I finally found a use for that feature, I added “Record voice memo” and “Voice memo record” as Siri shortcuts. I think the 2nd one works better.

“Record a memo” doesn’t work because Siri uses that to open Voice Memo.app without launching the recording (iOS doesn’t warn about this during shortcut creation). The behavior is also a bit buggy, sometimes the phrase launched Voice Memo.app but didn’t start recording.

I tried creating a springboard Shortcut, but even though “Record a new voice memo” is in Siri & Search settings shortcuts, it’s not available in Shortcuts.app. (btw, deleting a Shortcuts.app shortcut uses an insanely weird UI).

How to find the folder that holds an iOS app in iOS 11 and 12

This is so friggin obscure now. I had to read this Apple Discussions thread a few times. The problem is there are two types of Spotlight search in iOS, and now only one of them shows a containing folder name.

When you type an app name in Spotlight iOS does predictive search first. You don’t tap the Search button. In iOS 11-12 the predictive search result UI doesn’t show the name of the containing folder.

To see the containing folder you need to do search-search (plain old search), not predictive search. Type the portion of the app name that shows your app in predictive search, but don’t tap on the app. Instead tap on the Search (blue) button. That does proper search, and now the containing folder shows next to the app name.

Sunday, November 11, 2018

Cisco Receiver client for Mac no longer works with Safari (NPAPI plug-ins are no longer supported by Safari)

Safari 12 “Removed support for running legacy NPAPI plug-ins other than Adobe Flash” [1]. Despite years of warning Cisco wasn’t quite ready (perhaps Apple has made a mess of the plug-in/extension migration [2])

NPAPI support is being removed from Safari 12 | Citrix Blogs (Aug 2018)

… Apple have announced they’re removing support for NPAPI from Safari 12. This will affect the user experience for users accessing Citrix Receiver for Web using Safari on Mac. We’ll address this by turning on the Citrix Receiver Launcher for Safari 12+ in future releases of Citrix StoreFront…

With Safari 12 if you click on a Citrix Receiver link a .ica file is downloaded. You have to click the .ica file to launch Receiver. Prior to 12 the /Library[3]/Internet plug-ins/CitrixICAClientPlugIn.plugin handled the .ica file, clicking a link caused CitrixICAClientPlugIn.plugin to launch Receiver. There’s a Safari 12 workaround, but I’ve not tried it.

Citrix does have new era extension support for Chrome, so you can just use Chrome until Citrix delivers a “Safari App Extension” version of the plug-in. (Which might come with their Citrix Workspace replacement for Receiver.)

- fn -

[1] The dev must have hated keeping Flash support. NPAPI is 1995 old, Chrome dropped NPAPI support in September 2015.

[2] Safari 12 also deprecated the newer-than-NPAPI “Safari Extensions” and Apple is shutting down the Extensions gallery. Instead we’re supposed to get Safari App Extensions, but, as is too often true of Apple, it’s not clear where one downloads Safari App Extensions.

[3] Installed in root Library rather than user Library.

Saturday, November 03, 2018

iOS 12.1 Files.app will open Google Drive hosted ePub directly in Books.app

iOS 12.1 Files.app will open Google Drive hosted ePub files directly in Books.app (formerly iBooks). I don’t know how new this is, but tapping on the same file in Google’s Drive.app gives an “unsupported file type” error. (You can still copy it to Books, it’s just awkward.) I’d long used Drive.app to open my ePubs, just happened to try Files.app today.

Books UI doesn’t scale well to significant number of ePubs, storing them in Google Drive or iCloud Drive works much better [1]. I treat iBooks as a temporary store, periodically I clean it out.

[1] Also iOS 12 Books.app won’t sync with Sierra iBooks, so those of us who are putting off painful updates have another reason to store in the file system. Really, though, it’s just way better than using iBooks storage. I’m a bit disappointed Apple hasn’t fully integrated iBook storage with iCloud Files, but this is nice.

iOS 12 Notes.app tables don't render in Notes.web (or Sierra Notes)

Tables have been neglected in the past 20 years of software, so I was surprised to see them in iOS 12.1 Notes.app.

Sadly, they don’t render in Notes.web (Safari or Chrome). Instead we see the same empty block that Sierra Notes uses:

Screen Shot 2018 11 03 at 11 44 48 AM

That’s disappointing. iCloud is overdue for some maintenance.

Wednesday, October 31, 2018

Tableau Public for Mac

Tableau is a popular data visualization tool with strong map features. My workplace version has an extensive list of data connections.

Tonight I downloaded the public (free) version of Tableau for Mac. The connection list is far smaller than the commercial version. It will import from Excel, CSV, JSON, PDF, “spatial file” and “statistical file” files. It can pull data in from Google Sheets, Data, “Web data connector” and “ODBC”. It only exports CSV. It occupies 1.6GB of disk space.

Storage aside, it did a great job pulling data out of a PDF table. That’s almost worth the 1.6GB by itself. Given the state of Mac data tools I think it’s worth keeping around.

Saturday, October 27, 2018

An Elgato T2 Hub and USB 3 SSD work pretty well

For 3yrs I’ve used a Samsung SSD (1TB) in a cheap Inatek IDE enclosure with UASP/USB 3 connection to an Elgato T2 dock connected to a 2015 MacBook Air by Apple T2 cable. The Elgato also connects to two Firewire 800 drives.

I realized today that it’s worked quite well for quite a while. Now that I’ve written this it will all go to pieces, but until now — good stuff. My 360GB Aperture library lives on that external SSD and I don’t have any real performance issues with it. I use Jettison to undock when I take the Air with me; I disconnect the power cable and the T2 cable.

Which reminds me of some rant I read today about how the Air is the worst machine in existence and everyone should buy a $400 Windows machine instead. I beg to disagree. The current Air is still a great machine. You may not like the non-retina screen (my eyes suck so what would I know?), but you can buy a nice external display.

The absolute best thing machine Apple could do would be to continue to sell the 2018 13” Air but swap the T2 for T3* and make the display Retina. Leave every other thing about it pretty much the same and sell it for the current price.

*Update: Actually, I’m not sure T3 is so great. Maybe just do the Retina and call it a win.

Saturday, October 20, 2018

MarsEdit - drag and drop link creation only works with Safari now

In the past it was easy to create a link to a web page within MarsEdit from Safari or Chrome.. Click in the browser URL address bar, drag to rich text editor pane, and drop. Bam — a link is created with the page title text and page URL.

That was broken in a recent MarsEdit update. Happily it was quickly fixed for Safari. As of 4.2.1 it doesn’t work for Chrome though; with Chrome we get the URL text but no link.

I think Daniel will fix this sooner or later, but if you are a MarsEdit user and you miss fast Chrome link creation please let Daniel know. I’d like to get it back!

PS. I’m so Chrome-stuck, mostly due to need for identity switching, that I now drag the link from Chrome to Safari then from Safari to MarsEdit!

Saturday, October 13, 2018

The end of Google+ will impact Blogger

Visiting Google’s official Blogger blog today I tried viewing comments on a May 2018 post (a list of things removed and a promise of future work). There are 858 comments, based on Google+. I wonder what will happen to them now that G+ is dead. (So will we get our + back in search syntax?)

At one point Google tried to integrate G+ and Blogger — particularly identity management. It didn’t go well. I suspect the divorce won’t go well either.

- fn -

[1] Suggestively most of the future work mentioned were enhancements to moving data out of Blogger.

PS. Google+ was a really dumb name.

Saturday, October 06, 2018

iOS 12 update may undo cellular data lock

There’s an iOS restriction called “cellular data changes”. If it’s enabled a user cannot change their cellular data settings.

I think the iOS 12 update defeats this lock. Settings will show “Cellular Data Changes” - “Don’t Allow” but the settings can be edited.

To reenable the restriction turn it off then turn it on again.

I’ve seen this on a couple of phones post iOS 12 update. I think it’s an old bug.

Only Apple can provide family mobile device management for iOS

Update 10/24/2018: After writing this, and only by experimentation, I’ve discovered that Apple actually provides extensive remote control options for family members with an “Apple age” under 18. It’s imperfect and there’s no browser interface, but it is comparable to Google's Family Link.

Over on my book project blog I recently reviewed Google’s Family Link solution for mobile device management of children and dependent devices (“parental controls”). I reflected on my experience with third party solutions for iOS devices:

… I’ve found problems with all of the solutions I’ve tested. Qustodio’s VPN can’t handle encrypted connectionsMMGuardian has several killer flaws, and their competition didn’t  even meet my minimal test standards …

I think there are four interlocking reasons that make this a “mission impossible” from anyone but Apple:

  1. Apple’s mobile device management model is very difficult to implement — even for leading corporate partners [1].
  2. It’s non-trivial development to build something like scheduled app access control on top of Apple’s suite of iOS restrictions. This isn’t something schools and business need, so it has to be supported by the family market.
  3. Very few people will pay for this service. It’s a lot of work for a niche market.
  4. Any vendor looking at the home market knows that Apple could eliminate their business at any time with no warning. That’s what Google did with Family Link.

Only Apple can do the equivalent of Google’s Family Link [2]. That may require governmental pressure. Until Apple does it parents of children and guardians of special needs adults will need physical access to iPhones to implement restrictions.

- fn -

[1] JAMF is the dominant vendor in the corporate and educational iOS MDM market. I recently took advantage of a “Daring Fireball reader” special offer for a free 3 device JAMF account. When I enrolled a test device I discovered that annual certificate renewal disconnects enrolled devices (unless you have a dedicated corporate Apple ID) and I learned that full access to Apple’s suite of iOS restrictions requires either Apple’s “PreStage purchase program” or use of Apple Configurator (I think this is in flux with iOS 11 and 12).
[2] If Apple does add MDM to iCloud, I hope they think about vulnerable adults. Google’s “age of consent” (13yo in US) opt-out and notification approach is a workable alternative to disabling use of Family MDM for adults.

Wednesday, September 19, 2018

Apple Manage Devices / Associated Devices is still kind of broken

If multiple devices share a Store Apple ID they will show up in Apple ID Devices. They will also show in iTunes (for that Store Apple ID), Apple’s current documentation states iTunes is the only way to see and manage this list. “You can have ten devices (no more than five of them computers) associated with your Apple ID and iTunes at one time."

And you thought iTunes was dead!

You have to remove devices manually from this list after you stop using them. If, like me, you use the same Store Apple ID on family devices it’s easy to hit the limit.

The interesting bit is these two lists are different and they don’t synchronize. They are presumably on two different databases.

The applied.apple.com list is current and shows 8 devices. I think if you sign out of a device you’re not using this list will be updated.

The iTunes managed list is not updated when you sign out of a device. You have to update it manually. I think it still supports iPods. It had one of our devices that was no longer active on it, but it also had an old iPhone 4 we use for music only that runs iOS7 [1]

iPod support explains why the iTunes managed list can’t be automatically updated. I don’t know what happens if you exceed the limit on one list but not the other.

- fn -

[1] The iCloud My Devices display supports “iOS 8, macOS Yosemite … or later …”

iOS 12 Family Sharing: Purchase Sharing supports changing Apple ID and UI could support future multiple Apple IDs.

One of Apple’s “original sins” is the proliferation of Apple IDs and the inability to merge or manage them. I have four that I know of with cryptic and fungible relationships between Apple ID and product ownership. (The worst bugs in the software world are data model bugs.)

In iOS 12 Family Sharing there’s now a setting for Purchase Sharing with an associated Apple ID. Mine is set to my Apple Store ID which is historically distinct from my iCloud ID (many old timers have this unfixable issue). If you tap on this Apple ID it rings up a dialog that allows this to be changed (there’s a bug here — tapping on it doesn’t always work. I had to leave the screen and return to it to enable tap). When I tapped it switched the default to my iCloud Apple ID.

I believe this is a new control. It will be interesting to see what happens when I migrate other family devices that use this iTunes Store ID for purchasing.

At the moment only one Apple ID can be used, but this UI could support multiple Apple IDs. The screen also displays a payment method that cannot be changed, it’s presumably defined by Apple ID.

This is something to watch.

PS. The ten year history of this mess is one reason I recommend Spotify over Apple Music for families.

See also:

iOS 12 Parental Controls / Restrictions / Screen Time: Parental Controls (Passcode restricted) is not always compatible with "Share Across Devices"

Experimenting with Screen Time I enabled a passcode on my personal iPad after I’d enabled “Share Across Devices” [1]. I then found I could disable it without reentering the passcode. Which kind of defeats the purpose of a parental control passcode.

Then I turned it on again, and this time I was asked something like: “Is this iPad for you or your child?” [2]. Once I chose child I could no longer remove the passcode without entering it.

“Share Across Devices” then turned itself off.

When I turned “Share Across Devices” back on then I had to reenter my Screen Time Passcode. After than Screen Time Passcode was disabled.

Maybe this isn’t exactly a bug, but it certainly is awkward. I wonder if “Share Across Devices” uses iCloud ID or iTunes/Store ID.

Screen Time for family is enabled through the “Family Sharing” screen.

- fn -

[1] I think Share Across Devices Requires Apple’s two-factor authentication, which seems to rely on SIM-hack-friendly justly scorned phone number authentication. Yay Apple.

[2] Remember when iOS was going to allow multiple accounts on a single iPad? Android did that for their now defunct tablets.

iOS 12: It's now possible to remove/change Restriction / Screen Time passcode without removing restrictions

Prior to iOS 12 if you’d set a restriction passcode the only way to change it was to remove restrictions — which deleted things like blacklists and whitelists. With iOS 12 there’s a dialog for changing or removing the passcode. My favorite iOS 12 feature so far.

Tuesday, September 18, 2018

iOS 12: "family sharing" is still for children only -- ask to buy disabled at age 18 in US

The “Share purchases on iPad with family members” chapter of my iOS 12 iPad user guide tells me Family Sharing is still limited to children, and still not suited for use with special needs adults.

The problem is that “Ask to Buy” is available only for 18 and under. Since all purchases go to the “Family Organizer” Ask to Buy is the only way for the Organizer to control what family members purchase intentionally or accidentally. Since it’s turned off at age 18 “Family Sharing” is effectively for parents (who presumably share expenses) and children (who can have Ask to Buy).

This means that Family Sharing is not helpful for special needs dependents (guardianship status).

This is unchanged from iOS 11.  I’m not surprised, Apple doesn’t want Family Sharing to be widely adopted beyond the target group.

iOS 12 Books will not sync to Sierra or High Sierra Books

I updated my iPad to iOS 12. Books gave me this notification:

Changes you make to your library on this device sync only to devices running iOS 12, macOS 10.14, or later.

I downloaded the iOS 12 manual to my iPad and, as promised, it doesn’t show on Sierra iBooks.

Took me only a few minutes to find the first problem with iOS 12.

It’s a gift!

A similar problem happened with Mavericks.

Sunday, August 26, 2018

AT&T mobile app: A bug with data usage display and an unexpected feature

We share 6GB of A&TT mobile data between four of us [1]. Normally this is enough, but this month #1 son went over his quota. He pays for the overages, so it wasn’t a big deal, except that MyAT&T.app on my iPhone wasn’t tracking the usage. “See all usage” showed we were using a total of 6GB of data even though we’d used over 8 GB:
IMG 1329
When you add the above numbers you get about 6.1 GB. Turns out there’s a bug in the app — it basically stops working when you hit your data limit. There’s a similar bug in a couple of places — “Change my plan” says I’ve used 6.00GB this month, in truth we used over 8GB.

To see the true state of things look down to the bottom of this screen (may need to scroll) and tap “See all my usage” (compare to “See all usage”, above). You get an embedded web page and if you scroll down you see the true current use.

Scroll further down that page and tap a link called “Manage data” (elsewhere it’s Manage my data usage”). You get some useful features I didn’t know existed …
IMG 1332
Stream saver reduces video streams to 480p, it’s on by default. This screen also lets you turn data off completely for an individual user; I didn’t know that was an option. It might be useful for working with an uncooperative dependent burning data, but it also disables Find iPhone and Find Friends. So it’s a bit of a mixed blessing.

With the data overages it’s tempting to pay $16 more (basically cost of one overage) and go to the 10GB plan, but typically we’re under the 6GB level and almost never go over 7. So it’s more economical to stay at 6 and buy overage GBs periodically. I have found everything is using more data so we might need to change in a few months.

[1] #2 son uses so little data he gets by on a @$50 a year H2O prepaid plan.

Saturday, July 07, 2018

Thoughts on replacing FileMaker Pro 11

Once upon a time database apps were priced and sold as a consumer product. Those were the days when computers were marketed as a replacement for a recipe book.

There were dozens of consumer oriented database products then, priced from under $15 shareware apps to around $100 for relatively full featured commercial products (AppleWorks, etc). Some of these products, particularly on the Mac, were astounding (though high end ones were priced as business products).

That era seems weird now. It definitively ended when Apple discontinued Bento. Shortly afterwords FileMaker was priced as a business-only product. Panorama X has followed a similar path. Tap Forms is sold at a consumer price, but it failed my basic trial tests.

The era of the affordable personal database app has passed. The only commercial remnant on any platform is Microsoft Access — somehow Microsoft can’t quite kill it. LibreOffice Base began as Microsoft Access clone and sort of runs on macOS, but parts of it still require Java.

My only current use case for FileMaker Pro is that it runs my personal password database. I could move that (yay data freedom!) to Microsoft Access in a VM, but Windows 10 is a monstrous amount of baggage to keep around just to run a personal password manager.

I could finally migrate to 1Password. Emily and I use it and I have to periodically dump data into it manually from my old password database. I wonder how long that product will last with Apple incorporating credential management into the operating system though.

Or I could adopt the lazy choice and stay on Sierra and FileMaker Pro 11 a while longer. I like the sound of that one.

Replacing Filemaker Pro 11: Tap Forms fails within minutes of testing

Filemaker 11 is not compatible with High Sierra. I checked out Tap Forms. It failed because …

1. Tap Forms Mac 5.app stores its database files in ~/Library/Containers/com.tapforms.mac/Data/Documents. I prefer not to use apps that store data in unorthodox places, it makes backup and restore too difficult. It’s much to easy to lose track of files and uninstall is more complex. This is, however, an Apple design practice — MarsEdit does the same thing.

2. I choose a csv file to import and I renamed the fields in the import dialog as below.

.Bug

After import the fields had the original names.

I found two significant problems in 5 minutes of testing. The first is a design choice I dislike for this type of app. The second is a bug - an obvious bug found on the very first thing I tested.

Tap Forms is not a viable choice for me.

Also, uninstalling is the usual pain — but that’s a longstanding Apple issue.

Google Voice: "We could not complete your call - Please try again."

I’ve been using Google Voice for eons — starting before Google acquired GrandCentral. It saved me thousands on my daily mobile calls to my mother in Canada.

GV must be a real money loser for Google though — the interconnect fees to landlines are a real cost [1]. So it’s not surprising that it’s a bit of a mess — between GV legacy, GV current, Hangouts [2] and heaven knows what else.

Today I tried a GV call from my iPhone and got “We could not complete your call - Please try again.” In my case this is a bug that happened because the GV number associated with the Google ID I was using did not have an associated mobile phone (I’d moved that phone to a different GV account). I think Google Voice.app for iOS used to permit that, but it doesn’t now. To use Google Voice.app now you need to have an associated verified mobile phone with the active GV account.

So I moved my two mobile numbers to the two GV accounts I wanted them on. Now if I try to use Google Voice.app with an account that doesn’t have a verified mobile number it gives me a more appropriate error message (that’s why this was a bug — wrong error message).

I’d be happy if GV would figure a way to make money from me, it is a great service.

- fn -

[1] Funny thing and cautionary tale: In the early 90s we were sure that by the year 2000 voice calls would be so cheap they wouldn’t be worth metering. That was only sort of true. Never underestimate the power of discontinuities.

[2] GV sort-of migrated to Hangouts, but that seems to have stalled and perhaps reversed. Hangouts seems to be dying, caught up in Google’s flailing messaging strategy.

Sunday, June 24, 2018

IOT: Switching a Chamberlain MyQ WiFi garage door opener WiFi network

When our garage door opener died our service guy installed a LiftMaster Contractor Series Garage Door Opener. I think it’s an 8155W, 8164W or 8165W.

You can enable smartphone app access to monitor and control the garage door — assuming your home WiFi extends that far. Yeah, it’s Internet of Things (IOT) device.

There are obvious problems with doing enabling wifi access:

  • Chamberlain security is probably fairly typical. As in … lousy. Assume whatever credentials you use to setup this account are now public. Also assume that the garage door is accessible by anyone who wants in badly enough.
  • Even if there are no known exploits in the device OS (hah-hah) it will never get updated. So there will be exploits eventually.
  • It’s made in China. Presumably it comes with a backdoor.
  • The standard setup is to connect it to your home network. Which means you are, basically, toast.

On the other hand an additional remote is $50 and you can set alarms if the garage door is open after, say, 10pm.

Our garage is not connected to our home, but our Apple AirPort Extreme does reach it. So, despite the risks, I did an initial experimental connection and installed the LiftMaster.app.

It worked ok, so I enabled the Guest network on my AirPort and decided to switch it over. I couldn’t find documentation on how to switch to this network though.

The web page of an error message did give one way to force it to connect:

MyQ Wi-Fi Garage Door Opener: press and release the round yellow Learn button three times on the opener's motor unit. The motor unit's blue LED will be blinking on and off and the opener will beep once.

It turns out there is documentation in the product manual (available online), it just doesn’t contain the keyword “reset”. Instead it uses “erase”. To erase/reset the WiFi network you need to use the controls on the opener, not the remote. There’s an “up arrow” called an “adjustment button”. Press and hold it until 3 beeps are heard. Then start over with the WiFi. (I ran into some issue and Chrome seemed to work around it, so if Safari doesn’t work for you …)

The garage opener is on my Guest network now, so theoretically isolated from my home network.

Thursday, June 07, 2018

Things old persons don't understand -- what happens to all those school Google Docs?

Two of our kids are ending their St Paul Public School careers. Both have a collection of Google Docs.

The school does not seem to provide any mechanism for mass reassignment of document ownership to a personal Google account. From what I can tell the school actually blocks ownership reassignment. (Ownership management is one of the several significant issues with Google’s document sharing infrastructure [1].)

So what do students do with all those documents [2]? Olds like me have no idea. They don’t just let them all evaporate … do they?

(I use CloudPull, one of my favorite macOS apps, to create a local repository. The download process converts Google “docs” to Office files. Of course there’s nothing like this for iOS.)

- fn -

[1] Only owners can truly delete an owned document, and ownership cannot be transferred for non-Google “docs”. I think all own/share privileges are at the document level, but documents may inherit some properties from their folder “container” — but not ownership. Yeah, I don’t understand this. Not sure anyone does :-).
[2] Due to some cognitive disabilities and temperaments my guys can’t answer this question… I guess I should ask my daughter …

Update: of course I just write this and today I get for all my CloudPull accounts: “CloudPull was unable to export your backups”. It turns out CloudPull had lost track of my backup directory. I don’t know why. I relinked in Preferences:Advanced and it worked again. It didn’t write anything to console when that happened. Support was great at helping me fix this.

Update 8/26/2018: I again ran into “CloudPull was unable to export your backups”, this time on my personal (36GB export) gDrive. I cleaned up some other non-active accounts, used Help force reindex, and booted into Recovery mode and ran 1st Aid (it fixed things). Then it worked.

Sunday, May 13, 2018

Enabling SPF on Dreamhost accounts

Dreamhost writes about SPF:

SPF overview – DreamHost

… Mail servers that receive an email for delivery can check SPF by comparing the sending server’s IP address against the email's envelope sender's SPF DNS record. If the email was sent from a server that is not included in that SPF record, the email is more likely to be spoofed or untrustworthy. The receiving mail server may handle the email differently because of the SPF failure, such as marking the email as spam or rejecting the email…

and

What SPF records do I use? – DreamHost

If you’re hosting your email at DreamHost, no changes need to be made to your SPF records. DreamHost’s SPF records are generated automatically and should work without any issues or additional changes.

IP's in DreamHost’s SPF records include mail servers and the relay machine IP addresses.

Except this isn’t true. When I was investigating my family’s Google email Hell I found that emails sent from DH Webmail didn’t have SFP records in the header. I tested using mxtoolbox.com, Kitterman, and by inspecting emails in Gmail using the ‘view original’ option. I also directly inspected my DNS settings. No SFP.

When I asked DH tech support admitted their documentation was wrong and responded (emphases mine):

If it were, you'd see the SPF setup on the 'Manage Domains' > 'DNS' pageby default for every domain hosting mail with us along with the DKIM
 that's already there, but SPF is NOT set by default (at this time).

… we should start setting it by default, so that info above may be accurate in the future. We’re doing a lot with emails right now, which is still mostly in the discussion phase, so this is likely something that’ll come up as well what with various hosts starting to strengthen their incoming filters to help stop spam.”

For the domain in question, I’ve added the record for you through the 'Manage Domains' > 'DNS' page as a TXT record:

… We have now added the TXT record for .faughnan.com with value v=spf1 include:netblocks.dreamhost.com. Our DNS servers will start serving this
record within a couple of minutes.

My DNS records now show an SFP TXT record:

v=spf1 include:netblocks.dreamhost.com

Unfortunately adding the SPF didn’t help with Google treating my DH redirects as spam. I have a hunch those come from DH’s own SMTP service (homiemail) and that service might have a reputational issue with Google, but I don’t really know what’s going on. I don’t think anyone does any more.

What about DKIM?

DH claims DKIM is set automatically and I can confirm that works, at least for a domain that was relatively recently added to DH. On the other hand when I examine that domain’s DNS settings I see several records not in my older domain. I wonder if DH has never updated DNS settings for older domains, such that they are now obsolete. OTOH, even for a new domain there were no SPF records.

And then there’s Google domain verification (postmaster services). I turned those on my adding their key to a TXT field, but a few days later it wasn’t there any more. I assume DH removed it. I’m kind of losing confidence in Dreamhost.

Saturday, May 12, 2018

Google sent my family into email Hell. This is how we climbed out.

… we’re living in a time when algorithmic software is just good enough to eat the world and still bad enough to be endlessly frustrating. (Daniel Genser, via Twitter)

A few days ago I sent an email to Emily and a few seconds later this came back:

Mail Delivery System <MAILER-DAEMON@homiemail-mx1.g.dreamhost.com>
Tue, May 8, 9:52 PM (4 days ago)

This is the mail system at host homiemail-mx1.g.dreamhost.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

                DreamHost Email Support

   <emily@googleappdomain.com> (expanded from <emily@redirectemail.com>): host
    ASPMX.L.GOOGLE.com[173.194.202 .27] said: 550-5.7.1 [208.97.132.209      12]
    Our system has detected that this message is 550-5.7.1 likely unsolicited
    mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message
    has been blocked. Please visit 550-5.7.1
    https://support.google.com/mai l/?p=UnsolicitedMessageError 550 5.7.1  for
    more information. q3-v6si11849599pgn.272 - gsmtp (in reply to end of DATA
    command)

Google had sent me to email Hell. Everything I sent to Emily was rejected. It was the same story with emails sent to my children. Whatever I sent, Google rejected.

I think the problem, as far as Google was concerned, was that I was using redirects. This is old net tech. If you own a domain, say “kateva.org”, your hosting service will usually let you define as many redirect “email addresses” in the domain as you might want. They aren’t real email addresses though, they’re redirects. You have to define a true email recipient for each one.

Google didn’t see the email I sent Emily as coming from my personal gmail account, it saw it as coming from the SMTP service that works with my domain (which I’ll call “kateva.org"); in this case homiemail-mx1.g.dreamhost.com. It appears either my domain, or that sending service, had bad Google-karma [1]. Google sent the rejection to “homiemail” (I think!) and homiemail sent it to me.

We were in trouble. It was likely that email sent to our family members was going to be bouncing back in a very confusing way.

I tested sending from various email addresses and using various software (web client vs. iOS Mail, etc) to see which was rejected and which accepted:

Sender Redirect Result
GSuite (web client) Yes Success
Yahoo (web client) Yes Success
Gmail (web client) Yes Success
GSuite (macOS mail, iOS mail)  Yes Success
Gmail (macOS mail, iOS mail)  Yes FAIL
Gmail (macOS mail, iOS mail)  NO Success

It turned out my mail was only hitting Google’s spam threshold when I sent it from my personal Gmail (not GSuite email) using iOS or macOS Mail. Everything else worked, including using my personal Gmail by web interface.

No, I don’t understand what’s happening here. I can speculate that Google rates sending services roughly as follows: GSuite_web > Gmail_web, Yahoo_web > GSuite_client > Gmail_client. The combination of Gmail_client (macOS Mail) and the redirect dropped my email score below Google’s internal cutoff.

There’s not much to do about this. It’s not like Google is going to help. I was on my own and we were in trouble.

The first thing I did was change the redirects to send all the mail to an old school Dreamhost local webmail box. That stopped the bouncing. I could forward from that box to my gmail and reroute important emails manually to other addresses for Emily and the kids.

Next I discovered, contrary to their documentation, that Dreamhost had not enabled DKIM or SFP on my domain. I fixed that (separate post pending) to see if it would improve the reputation score for my domain but it had no effect. I suspect the reputation that mattered was that of homiemail-mx1.g.dreamhost.com.

That left me with these options …

  1. Setup Dreamhost mailboxes for each person and create redirects to them.
    1. Set up a forward from the DH mailbox to another of our family GSuite emails (I picked several Google Apps/GSuite things when they were free)
    2. Have our family GSuite emails do POP retrieval from the DH mailbox.

Dreamhost recommended the 1.2 (second). But I had a third option…

… even though I’d not used it, the problem domain (“kateva.org”) had an old legacy GSuite. I went into that GSuite, defined an account for Emily and kids, and then switched Dreamhost MX to use the GSuite email rather than DH email [2]. I had lost some faith in DreamHost by that point and I figured that since Google rules the net I was better off inside their castle.

And that’s where we are at the moment.

One more weird thing. For 2-3 family members I received a notice that a non-apps Gmail account already existed for them. I didn’t create those accounts but maybe my kids did? (It’s complicated, but somehow when I did Google Voice for them it did … something … brain shutting down ….) Apparently Google lets one do this! They wouldn’t have received email though, DNS records were using DreamHost MX redirects. If you own a domain, and create Google Apps account that matches the existing address, it gets renamed to something like “username%domainname@gtempaccount.com” email. Wow. [3]

It’s Google’s world, we just play in it.

Oh — and don’t use redirects. Google doesn’t approve.

- fn -

[1] Dreamhost denies that they’re in any kind of trouble with Google — but really, how would anyone know. Maybe it was my domain that Google didn’t like — we get a lot of spam and in this setup all that spam would seem to be coming from my domain.

[2] This wipes out all the past redirects. GSuite supported aliases so I moved them into there. Fortunately I’d saved the redirect records before making the MX switch.

[3] Google has an article on conflicting accounts, here is how they are resolved. I think Google Voice was the primary route for creating conflicting accounts — an artifact of how Google switched Voice credential systems post acquisition. 

Friday, April 27, 2018

Appigo Todo Cloud.app - don't forget to unsubscribe when you leave

Even since iOS 11 editing in Appigo’s Todo Cloud.app has been buggy for me on iPad and iPhone alike. Just aggravating. Feels like they failed to revamp something. I wasn’t delighted with their sync technology, but I could live with that. The editing bugs finally broke me.

So I decided to exit. Somehow I remembered Todo Cloud is a subscription service. I found my way to the somewhat hidden account settings and disabled premium. Turns out that turns off auto-renewal. 

Screen Shot 2018 04 27 at 2 53 24 PM

Hope it really works.

Appigo is a textbook example of how subscription solutions can disappoint. They never provided a good export strategy, so there’s a strong data lock. Then they failed to do minimal maintenance but continued to collect subscription revenue and sell the app.

So what will the replacement be? I’d like a product that

  1. Did what Appigo ToDo Cloud did but actually worked
  2. Had a web client as well as Mac, iPad and iPhone client
  3. Supported family sharing
  4. Had good data export (exit strategy).

I evaluated Things.app and OmniFocus. Things got #1 and 3. OmniFocus got #1 and 4. Neither got #2.

Hmm.

On the other hand, Reminders.app for iOS got #2 and #3 and it’s free. So it’s weirdly in contention.

For now I’m using Reminders.app for tasks and Trello for projects. I manually copying over tasks that had dates, it’s not too bad. The backlog of ‘someday’ tasks I’ll gradually slog away at.

If Things gets some data export I’ll probably buy it, but it’s expensive since it’s not a universal app. If OmniFocus gets family sharing I might buy it. Meanwhile I’ll see what I can make Reminders do.

I think this is my first significant iOS functional regression.

Update 5/22/2018

I just discovered I wrote about this in 2011 …

There are no great task managers for the iPhone - but there's hope for 2011

… Neither Things, nor Appigo’s ToDo.app (which I have used incessantly since 2008), nor OmniFocus, nor Remember the Milk.app nor Toodledo.app are a great solution. They all fall short…

Seven years later and ToDo.app is moribund (I’ve been using it for 10 years!) and both OmniFocus and Things are still flawed.

Since I first wrote this I’ve run into issues with Reminders.app — including sync bugs and even text editor bugs. On the other hand, OmniFocus is promising a web client. I’m going to transiently switch back to ToDo.app and see if WWDC providers some kind of family sharing for subscriptions. That would make OmniFocus pricing less extreme.

MarsEdit - don't enable all post sync if you have a very large number of posts

MarsEdit 4 added a new feature — the ability to sync all posts. It didn’t work for my Blogger posts, somewhere around post 3,000-4,000 Google Blogger dies. It looks like a Google bug.

It did work for kateva.org/sh though — that has over 30,000 posts (it mirrors my pinboard shares and twitter tweets). Unfortunately that slowed MarsEdit launch severely — it took up to 3-4 minutes to start. Turns out MarsEdit loads all posts into memory and it doesn’t scale to that size.

I reset the kateva.org/sh sync to ‘last 50’ and startup is ok now.

Sunday, April 22, 2018

Two possible bugs in iOS 11.3 to watch out for: enable purchases by Touch ID, change iTunes & App Store account

Our kids' phones were setup to use my Store Apple ID (it’s an old practice — see a blog post about undoing this). The phones were set to require the Store Apple ID password prior to purchase. When our kids wanted to buy we’d enter the Store Apple ID password for them. Touch ID was not enabled for purchases. 

After the 11.3 update two of the phones had Touch ID enabled for purchases. Normally you need to enter the Apple Store ID to enable this. One child (special needs) ran up a $10 bill which he paid for. (He gleefully shared his new power with us.). On one affected phone I turned it off again, when I turned it on the Store Apple ID was requested as expected. (Another phone I migrated to using its own Store ID, a third device wasn’t affected.)

On 1 of the 3 phones the Store Apple ID was changed to the user’s iCloud Apple ID. The problem was recognized when my daughter was unable to view movies not on her phone — it took me a few minutes to figure out what happened.

It’s interesting how much behaviors varied between the 3 devices.

Saturday, April 21, 2018

Why you should change your router DNS to Cloudflare and Quad9

I wrote this one for Facebook friends - reposting here. The TidBITS review is excellent.

This is roughly how things work ...

  1. Someone in your home visits a certain web site.
  2. Your home internet provider (ex: Comcast) associates that site with the identity of the Comcast account holder. They sell that information to the universe. Facebook buys it.
  3. Facebook shows the Comcast account holder ads based on the visited site.

This happens because your internet provider is your default internet directory service (DNS provider) - Comcast knows all the sites you visit and (as best we can tell) they sell that information.

It's basically an internet design flaw.

If you're a bit geeky you can change the DNS settings in your home router to someone more trustworthy than Comcast (which would be anyone else, really). In our home that's an Apple Airport. I have our settings below but your settings will vary.

DNSConfig


We use:

Cloudflare: 1.0.0.1 (their 1.1.1.1 address doesn't work with some ISPs)
Quad9: 9.9.9.9 (as backup)

For more information see an excellent TidBITS review. If you truly want privacy, particularly on iOS where DNS settings are a pain, you need to use a trustworthy VPN (see below).

PS. It’s easy in macOS Location settings to experiment with different settings. This is particularly important for a laptop that moves between locations. On my standard macOS Location I use Cloudflare, then Quad9, then Google. Sadly iOS DNS settings are a mess (per TIDBits):

In iOS, DNS server settings tend not to work the way most people would want them, which is as in macOS: setting the details once and having them work on every network to which you connect. The settings have to be set for each network. Worse, we’ve found in our testing that after changing DNS values, the settings revert to Automatic and the server IP addresses we entered are tossed. There’s also no way to set DNS servers for cellular connections.

In iOS you need to use trusted (not free!) VPN provider. I use TunnelBear’s free GB option, I wish I could buy blocks of data from them rather than yet another subscription. If you use a limited data capacity VPN on a Mac you should use TripMode to reduce background data use.

Update 4/22/2018: A Gizmodo article reminded me why this DNS control is more important now ….

“The FCC under Chairman Pai changed the rules in the United States for ISPs allowing ISPs to start selling your browsing history to target advertising against you,” Prince said…

They mention two popular VPNs - ProtonVPN and Private Internet Access. Curiously PIA claims TunnelBear does not protect me — which makes me a bit suspicious of PIA. 

Wednesday, April 18, 2018

Converting from shared store ID to Family Sharing - and what didn't work

Maybe this worked. Or not. See update.

Our five family members have long shared one store Apple ID. We’ve done this before there was Family Sharing. I put off switching to Family Sharing as I figured it would take Apple 3-4 years to get it working.

With iOS 11.3 Apple broke a longstanding purchase behavior. My son’s iPhone no longer required a password for purchases, only his fingerprint. There might be a fix, but I decided instead to move him to Family Sharing. (There is a fix, see below.)

The story went something like this [1]:

  • I have an iCloud Apple ID (john.___@icloud.com) and a different Store Apple ID (j____@mac.com) — because I’m old. He has an iCloud Apple ID (sam.___@icloud.com) and my store Apple ID.
  • In my iCloud Apple ID he is a family member. 
  • I removed my Store Apple ID from his phone and added his iCloud Apple ID.
  • I sent $15 to his iCloud Apple ID from my App Store account.

So far he still can access our movies and apps. Now he will make his own purchases that will be associated with his Apple ID. When he runs through his $15 he’ll give me cash and I’ll send more money. Eventually I do need to get a debit or managed credit card on his phone but we’ll start with cash. Alas, it doesn’t work that way. See update.

After the change I checked the (this is broken) two places Apple currently tracks devices associated with an Apple ID

  • appleid.apple.com/account/manage: showed 7 devices including an old iPhone my son used to have that I’d previously removed. This also showed on his iPhone Apple ID view. I removed it from both places and it has not returned.
  • iTunes Manage Devices showed 8 devices, but not my son’s current iPhone. This, in contrast to past testing, is correct while the appleid.apple.com list is incomplete. It’s interesting that moving my son’s phone to Family Sharing means I’m no longer at my 10 item device limit (if that rule still applies!)

- fn -

[1] He is, incidentally, a special needs adult. I’d have liked to be able to use Apple Ask to Buy for him but that’s not available for an adult. (I wish Apple considered special needs as a disability — they have great support for visual and auditory needs, but not for cognitive.)

Update 4/19/2018

  • Seeing purchase histories is really clunky. You can see what apps a family member has purchased by launching App Store.app, logging out and then logging in as the family member. To see both tunes and apps you go to Apps & iTunes in Settings (yeah, this is crazy). You have to log in as the family member — I got the ancient iOS 1.0 un/pw dialog that shows up when you get to a part of iOS that desperately needs a replacement. It did work, but seriously ugly.

Update 4/20/2018

  • Subscriptions aren’t Family shareable. So that’s a significant bummer; several of his apps are subscription based. All is not lost though, At Bat.app presented my Store Apple ID username and accepted the password. In-App purchases aren’t Family shareable either — which is bad news for Omni Group. Apple has a list of what’s not shared.

Update 4/28/2018 - what I wish I’d known

My son ran up a $70 bill on a $15 credit — all on my account — because “Any time a family member makes a new purchase, it’s billed directly to the family organizer’s account”. It doesn’t work the way I thought it did. If a family member is under 18 you can activate Ask to Buy, but not for someone over 18.

Family sharing is clearly designed to only work for children. It’s a poor match for a couple that wants to keep separate finances and it’s unsuited to adult children.

I found that the 11.3 update bug didn’t truly break the ability to require an iCloud password for purchases. It only bypassed the requirement to enter the iCloud password to enable Touch ID. I went into Touch ID & Passcode and turned off “USE TOUCH ID FOR … iTunes & App Store”. 

He doesn’t know his iCloud password (so he can’t lose it in a phishing attack!), so this meant he again needed us to enter a password into his iPhone to make purchases. Obviously, Ask to Buy would be far better. If Apple wanted to support users with cognitive disabilities …well, this blog accepts comments. I’d be glad to advise.

We didn’t want to have to memorize another password, so I changed his iCloud password to match my App Store & iTunes password.

Saturday, March 24, 2018

"This item was not added to your iCloud Music Library because an error occurred"

This is why Apple Stores are overloaded. I have 254 items like this. No explanation, no hints on fixing it.

Screen Shot 2018 03 24 at 11 27 16 AM

Low quality is expensive.

PS. In this particular case it looks like iTunes and iPhone supported .mp4 audio, but iCloud does not. Long ago I ripped these and the software did .mp4.

I found the on drive files and used quicktime player to export as .m4a — a lossless transform that strips out the some of the .mp4 wrapper. Then I deleted originals in iTunes and added these back in.

Saturday, March 17, 2018

iPhone aggravation: apps don't appear in Settings:Cellular until they actually use cellular data

Apple could have displayed all iPhone apps in settings:cellular whether or not the app uses any data. Then we could disable cellular data access without having to first use data.

They didn’t. Apps only show up there after they use cellular data.

This is really annoying when trying to stay under the data cap of #2’s $40/year mobile plan. It also confuses the heck out of customers.

I don’t think this will get fixed those. Apple’s technical debt fix list is deeper than Valles Marineris.

Apple has a new problem with DRM and device management

Today one of the family iPhones died. I went to remove it from our quota of devices (you can have a maximum of 10 devices associated with a family account) in iTunes Mange Devices.

I couldn’t. 

There’s a 90 day time limit to change associations, which I don’t recall being enforced for removal, but here you go…

Screen Shot 2018 03 17 at 4 46 09 PM

Except it’s not 90 days, because the grayed out non-removable devices were associated as long ago as May 2016.

Things are broken in two ways.

1. What does Apple want us to do with a wiped or lost or broken device?

2. The items I can’t remove are years old.

PS. Yeah, I hate Apple too. But really, everybody does.

Update: I reviewed Apple’s support document. If you have a working device you can remove the device from the DRM control list — but only through one very obscure screen. Logging out of iTunes doesn’t do it. Otherwise device removal requires iTunes, which, for me yesterday, showed this error.

Today I rechecked, and all the devices with “1 day remaining” are still “1 day remaining”. It’s broken.

Once this type of blunder would have been a bit of a deal, but now we’re so numbed by Apple’s quality collapse even I can’t put much energy into it. All the money in the world can’t replace culture, and Apple’s culture is broken.

Update: Added to Apple Discussions, asked @AppleSupport on Twitter.

Update 3/23/2018. On my second Apple Support call the “Senior Advisor” and I found a fix. We think iTunes, or the database it accesses, is broken/deprecated. From my Apple Discussion post:

We have a fix. On my second try with Support I called iCloud support and was escalated to the "Senior Advisor" level. Andrew and I worked the problem and found that you now need to work with https://appleid.apple.com/account/manage. There's now a section called Devices that lists devices signed into. In my case it listed all 10 devices that use the same iTunes Apple ID, so by "signed in" it means "signed in with Apple ID for iTunes/DRM".

Click on device and you get a remove option.  If the device is in use and signed in then it may reappear. You can restore a device that you have removed by signing out of the iTunes Apple ID, then signing back in again.

The iTunes Manage Devices (Account:View My Account:iTunes in the Cloud:Manage Devices) screen did not update after doing this, it still showed the device I removed. I think it’s mostly broken. (Mostly, because I was able from there to sign my iPhone 8 out of iTunes and that reenabled the Remove button, albeit with the broken ‘1 day remaining’ screen, and after signing it back in the Remove button is still active.)

PS. It’s not clear if Apple is still using the 90 day limit for switching Apple IDs. It doesn’t show up in the new iCloud UI.

PPS. Maybe iTunes in the Cloud is using a different database than iCloud to manage DRM, and that the two databases are supposed to synchronize. The iTunes database may be on the way out, so it didn’t get updated when it needed to be…

Sunday, March 11, 2018

You can drag and drop some links into a Google Doc and create a hyperlink text

This is one heck of a time saver. Didn’t realize Google Docs allowed this.

Error in Dreamhost WordPress one-click installs - missing code in .htaccess causes 404 errors

I’m far from a WordPress expert. I’m not even a WordPress fan — it’s too complex and powerful for what I do. That complexity means it is also very vulnerable to attack.

So take what I write here with some doubt.

As best I can tell the default Dreamhost One-Click installation of WordPress has an error. At least it did for me. My hpmtb.org site was giving 404 errors. I installed the Redirection plugin and it wasn’t doing anything.

A blog post had a fix that worked for me. I used Transmit for macOS to open the install folders .htaccess file and added this code:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

The 404 error is gone now and I suspect the Redirection plugin will work if I need it. I have a hunch that using “pretty permalinks” (not the default of “id=“) might also fix this file — based on some documentation here

WordPress uses this file to manipulate how Apache serves files from its root directory, and subdirectories thereof. Most notably, WP modifies this file to be able to handle pretty permalinks.

This page may be used to restore a corrupted .htaccess file (e.g. a misbehaving plugin).

Did I mention that WordPress is too complicated?

Wednesday, February 14, 2018

The state of iOS parental mobile device management is bad

I recently reviewed Qustodio and found it unusable because the mandatory VPN is not compatible with modern encrypted connections (https).

After that I revisited MMGuardian. Things there are almost as bad. They haven’t implemented password security on their MDM profile; the vendor claims Apple doesn’t support the functions they rely on with a locked profile.

I also learned that MMGuardian’s primary app control, which is to hide all non-default apps, also deletes their folder and icon arrangements. So when they are restored they are no longer in their original locations.

MMGuardian can’t report on device usage, probably because it doesn’t have a VPN option.

Lastly, while MMGuardian can hide Safari, that’s a binary setting. It can’t schedule Safari to be active or disabled the way it can schedule other apps. 

In my 2016 review Qustodio and MMGuardian were the only candidates to meet basic requirements. As of 2018 there are no longer any useable iOS parental control applications.

So now we wait to see if Jana Partners and the California State Teachers Retirement System can push Tim Cook to add remote MDM to iCloud. I doubt they’ll succeed. Next it’s up to the EU.

Update: Apple introduced a Family page and branded it as doing something in the general direction of supporting vulnerable users. That’s not a positive sign.

Sunday, February 11, 2018

Qustodio parental control software for iOS is obsolete.

I did a review of Qustodio’s parental control product for iOS on my special needs blog. It wasn’t a positive review. The product routes all traffic through their VPN — and the VPN can’t handle SSL traffic. That might have been acceptable in 2010, but it won’t work today.

I’m feeling grumpy about the time I spent finding this out — not to mention the $10/month subscription I paid for. The lost time was the bigger deal though. The reviews I’d read led me to think the base product worked, so I spent time checking out other features.

Qustodio must know about the SSL issues, but they’re continuing to sell the service. That’s not nice.

Tuesday, January 02, 2018

Salvaging the wreck of iOS Podcasts.app

iOS 11 Podcasts.app isn’t as broken as iTunes mediated iPad photo transfer or the US government, but it’s not far behind. The current version is not intended to be used with iTunes. It is designed for people who listen to Podcasts they way we used to listen to radio. Pick a podcast or collection of podcasts (a “station”) and stream it over always-on cellular.

That’s not how I listen to Podcasts. I select a topic of interest and learn from it. I used to use iTunes to organize my subscriptions and local stores; smart and manual playlists queued up my programs. In iOS 11 Apple broke all that.

Here’s what I do now. 

I disabled iCloud sync in both iTunes and iOS.

In iTunes I select about 10-20 episodes from my queue. I push them to my iPhone from iTunes. In Podcasts.app I enable the ‘Downloaded’ episodes menu. That’s all I use now. I pick episodes off that queue. One at a time, because play-next doesn’t work any more. iOS Podcasts.app deletes an episode after I listen. Every week or so I add another 10-20.

It’s very simple, it’s very stupid, it’s Apple 2017.