Wednesday, March 29, 2023

Apple's App Store Apple Account balance: updated due to transition to Apple Cash

Update 5/1/2023 - a few months after writing this I realized Apple is in the midst of a very poorly documented multi-year transition.

There are currently two "gift cards" - Apple Gift Card (AGC) and App Store & iTunes (ASIGC) gift card.  The AGC used to be only useful for buying things at Apple Stores (or online equivalent) but sometime in the past few years the AGC could be used to to buy apps and media. 

The ASIGC works as below. Apple's check balance advice remains incorrect; the balance displayed in the App Store UI is not updated reliably. However, I don't think the ASIGC is long for this world. Which probably explains why Apple hasn't fixed the balance display or the use of the old term "iTunes".

The AGC can be purchased through a web interface - https://www.apple.com/shop/buy-giftcard/giftcard. When I bought it for my son using his iCloud email the balance showed on his phone wallet as Apple Cash. The Apple Cash balance also shows under his Account as did the prior ASIGC balance, but in a different location inserted at the top of the screen (it doesn't show there on my iPhone!).

The Apple Cash account is also used to hold purchase rebates (1-2%) from an Apple Card. I see my Apple Card balance there. I use the payment method selection control; my first payment method is Apple Cash, the second is Apple Card. When I view my son's payment methods at appleid.apple.com I see Apple ID (that is in fact holding his Apple Cash balance) and the fallback payment is "Apple Cash", but it's MY Apple Cash not his. (In fact there's a 3rd payment method --after these two charges roll over to me via my Apple Card, but the current UI can only show two.)

Note the weirdness here. In the case of a non-organizer family member the Apple Cash balance shows up here labeled Apple ID rather than Apple Cash!

I have found charges do go first against this "Apple ID" (his Apple Cash) then against my Apple Cash (currently $41.71). Incidentally, note if you can connect to a non-child family member's appleid you can see their balance and they can see the family organizer's cash balance.

If my son were a minor I'd have more options to manage Apple Cash. As it is this is a big improvement on a few months ago (below). It's obvious that in the US at least the ASIGC is obsolete and Apple will transition to the AGC. They still have a ways to go; they have added a savings account feature to Apple Card; I wonder if they'll add one to Apple Cash.

--------- original post

Apple's "Apple Account" holds cash that can be used to purchase apps, media and subscriptions. Money is most often added to an Apple Account through App Store and  Gift Cards iTunes gift cards. Users can also directly add money to their personal Apple Account from a payment method, but there are few times that makes sense. If a user is a member of a "Family" then the money comes from the Family Organizer's payment method (usually this is a bad thing). If a Family Member purchases something it will come out of their Apple Account balance first then any residual charge will come out of the Family Organizer's payment method (not the Family Member's payment method).

Apple Accounts are poorly documented, especially when they intersect with Family Sharing. Sometimes the support documents are incorrect or incomplete. For example, the check balance article for Mac tells users to look below their name in the App Store app:

That doesn't work very well though. You can see the problem in this screenshot taken from my son's account

His account shows $150 as a balance, but that's wrong. If you click on Profile and drill down to this Accounts page (requires authentication) you will see the correct amount of $135.37. Evidently the amount displayed on the App Store screen is copied there from another system and there's a time lag. In my testing I've found that the lag is at least a day and I suspect it only updates when one checks the Apple Account (requires authentication). So, in reality, the Apple Account is the only way to know this number.

Apple doesn't mention this, but you can also get to this Accounts page (which has the accurate numbers) from iTunes/Music. You can't get to it from the web however; appleid.apple.com doesn't have this data. My guess is that Apple is still using their 20yo iTunes infrastructure for the "Apple Account" (authentication doesn't support Apple Passwords OR biometrics) and that the display in the App Store is a bit of a hack. 

The Apple Account is a legacy system that is much older than Family Sharing and doesn't support it very well. I'm guessing Apple has been trying to replace the iTunes backend for a years and that the version we see is in maintenance mode. Perhaps they will transition to the emerging Apple Pay infrastructure. For now we have to workaround the issues.

Monday, March 20, 2023

Basic bicycle kit list with some notes on flats

I put a basic bike kit together for my daughter (currently in college with her bike) including a companion shared iCloud Note. I think the note is kind of useful, so here it is for reuse:

Bicycle Kit


Lighting

(Charge these when you get home then every 2-3 weeks even if not used)

Bike Light (NiteRider)

Rear Bike Light Blinky


Repairs

Multi tool in saddle bag

Chain lube (dry)

General Lube for derailleurs, other parts

Inner tube spare

Patch kit and pressure gauge

Tire lever

Bicycle Pumps (floor and mini) 

Schrader adapter


Clothing

Wind shell

Pant ties


Other

Water bottle

Cable and kryptonite locks and keys

Helmet

Bike bag

Register bike


Before ride

Charge lights

Check pressure

Look for loose parts

Check brakes


Changing tube

  • Picture below of tire lever (remove tire), schraeder adapter (carry just in case, is small, can carry by putting on one of your valve stems) and a small pump that doesn’t work great but better than nothing.

Options before patching a flat

  1. See if bike shop nearby
  2. Call a friend to help or bring home
  3. Maybe uber?
  4. Remove tire and replace with new tube
  5. Remove tire and tube, patch and replace.


Links to directions

Using speedier lever - https://www.youtube.com/watch?v=ZbO_03rKyPk 

How to patch a flat  (REI)

Things to know

  1. This is the hardest thing most people do on a bike.
  2. Some tires are really hard to remove and getting tire back on can be hard (Usually have to do with thumbs but speedier lever can be used.  Most tools just make a hole in the tube.)
  3. It’s quite easy to trap a bit of tube under tire. I like to inflate a bit then pinch tire all around the rim trying to free any trapped tube. Then deflate, repeat pinch, then inflate.
  4. Inflation options include: floor pump (best), mini-pump, CO2 canister (meh), gas station pump with Schrader adapter below

Using the Schrader valve adapter

  1. You need to undo the top Presta valve!
  2. Put on adapter
  3. Fill in small steps, but some modern gas station pumps may be slower to fill. Don’t overfill, can blow tire off rim in some older pumps.


Wednesday, March 15, 2023

Apple Family Sharing and reviewing family member charges

Apple's family sharing is complex and problematic. Family member charges are paid first from the Apple Account balance then secondarily to the Family Organizer account. Charges for members under 18 can require pre-authorization, but this cannot be done for over 18. The user interface for viewing Apple Account balances is obviously an old hack that would never pass any true review.

The Family Organizer receives emails with family member transactions on them. There's no comprehensive historic view of all family transactions however. A support article recommends using https://reportaproblem.apple.com, but that has only a 90 day history. Each family member can see their own transaction history on their Apple device, there is no web interface I know of for this comprehensive history. Recurring subscriptions are billed to the organizer but may be viewable only from the member account.

Essentially if a Family Organizer wishes to review family charges they need to do so within 90 days and they need to use reportaproblem.apple.com. Tracking emails is a less effective approach. To review older purchases the Organizer will need to use a family member's device or macOS account.

PS. Apple managed Subscriptions appear in the iOS/macOS subscription list, but 3rd party (ex. YouTube channel) subscriptions only. show up in the User's account view. You will see the recurring charge (monthly, etc) in reportaproblem.apple.com. Subscriptions must be managed in the host app, Apple only handles the billing.

Monday, March 13, 2023

Google Apps (Workspace) email failing? How to check DKIM and update in your DNS settings if needed.

When I travel every bit of IT in our family starts to malfunction. On a recent trip this included Emily's emails, they were intermittently rejected by Gmail recipients. Once I was home I had to dig up old knowledge; I found the answers in prior blog posts (see references below). It looks like something wiped out our Dreamhost DNS DKIM records a few weeks ago [1]. 

It's hard these days to do email with anything that's not full hosted on the big three.

The refs have more detail but here's the outline of the process:
  1. In Google Workspace - Apps - Gmail - Authenticate email get the DKIM text value. You will probably have to generate a new record.
  2. In Dreamhost control panel manage websites click on DNS settings for domain and enter google._domainkey as host and the TXT record value. (DH UI makes this look like it appends a suffix to this but it really doesn't.)
  3. Once DH says the record has propagated return to the Admin console and click "start authentication"
It can take 48 hours for this to fully propagate but a few minutes after adding the key it did work when I validated as below.

To see if DKIM is working follow the process Google outlines (Usual automated testing services don't work with the way Google Apps do DKIM -- the selector won't work):
Send an email message to someone who is using Gmail or Google Workspace. (You can't verify DKIM is on by sending yourself a test message.) 
In the message header, look for Authentication-Results. Receiving services use different formats for incoming message headers, however the DKIM results should say something like DKIM=pass or DKIM=OK.

If the message header doesn't include a line about DKIM, messages sent from your domain aren't signed with DKIM.

When I looked at view original sent form Emily's account to my personal gmail account I didn't see DKIM=pass or DKIM=OK but I did see two entries starting with:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; 

More importantly when I scrolled up a bit (this is in Gmail View Original) I saw a header that's interpreting the email headers (I think this might be a newer feature):

Message ID ....

Created at: Mon, Mar 13, 2023 at 2:59 PM (Delivered after 12 seconds)

From: Emily ....

To: John ...

Subject: test DKIM content

SPF: NEUTRAL with IP ...

DKIM: 'PASS' with domain ...

You can also paste the "original message" headers into toolbox.googleapps.com/apps/messageheader/. That gave similar results.

When I tested on a second family domain that did NOT have DNS TXT entry for DKIM it showed as DKIM 'PASS" in the email header interpretation with an odd domain string -- BUT in Google Apps it showed as NOT authenticating. I cannot explain this. 

Once I updated the DNS TXT DKIM entry for that domain and allowed a few minutes for propagation it did show in the Google Apps admin console as authenticating with DKIM and the headers showed the correct domain name.

DH's note on SPF records says they cannot be updated if we are using Google Workspace. This is new since 2018 and I think that's correct.

- fn -

[1] Eons ago every Dreamhosted domain had a free option to add Google Apps (now Google Workspace). That went away and earlier this year Google said they would discontinue the legacy free Google Apps. That was a thrash but on the edge of doom Google relented. I figured a DH script wiped the records but their first tier support said they hadn't done anything and instead referred to Google automated scripts that might change their DNS records (!).

- refs -