My attempt to fix Microsoft Update disables OneDrive on Catalina and Mojave (and perhaps more) is in process.
Fix from Microsoft Answers
1. Download last working version - Install version 23.002.0102.0004.
2. Disable autoupdate for OneDrive preferably by blocking network access to g.live.com IP 20.205.115.102 Port 443 TCP. Port 443 is standard port for https traffic.
3. Remove current version, install last good version.
As of April 20 we are to watch the release notes page for a possible fix.
This post content was moved to:
https://notes.kateva.org/2023/05/home-sleep-monitoring-with-apple-watch.html
Apologies for the error!
Apple's FairPlay DRM management is notoriously fragile. It can be confused by family sharing, Screen Time controls, payment method changes, and, heaven forfend, mixed Apple IDs on a device.
Once Apple's DRM gets confused there's often no user accessible error message (PS. This is a bug [1]). The app just hangs. So when I realized my (manual) App Store updates were not completing I was not completely surprised. Recently I had:
Someone who has your iPhone passcode can lock you out of your Apple iCloud and Apple ID services -- as well as take control of your iPhone and have access to all passwords stored in Apple's Password Manager (iCloud Keychain).
This can happen when someone steals your phone and obtains your passcode by the simple measure of threatening to kill you. Or they might see you enter your passcode or surreptitiously record entry. In bars drugs can be used to facilitate the process. This is often done as part of "borrowing a phone" for an "emergency call". (Never let anyone you don't trust with your life and wealth touch your phone. If it's an emergency make the call for them but ensure they don't record your passcode and don't let go of the phone.)
Once the thief has your phone and passcode they can change the victim's Apple ID password. This prevents the victim from locking the iPhone. The victim could still do the Apple ID password recovery process, so to get more time with the phone the thief can set a Recovery Key. If a Recovery Key exists they can change it. Setting a Recovery Key this way disables Apple ID password recovery. This gives the thief an unlimited time with the phone. It also locks the user out of all their Apple ID associated services and products including video, music, personal photos, personal documents, family sharing, other Apple devices, and the like. From the thief's perspective the Apple ID lock out is merely a side-effect. They may even feel a tiny qualm of sympathy for their victim. They do it to prevent iPhone lockout.
This is an Apple design problem. They need to fix it. Basically the iPhone passcode has far too much power -- especially since it has to be tapped in far too frequently and thus relatively easy to enter. Secondarily the benefits of the Recovery Key are limited to a few people and the with this technique in common use the risks dwarf the benefits. Apple should disable creation of new Recovery Keys immediately while they come up with a better fix.
TidBITS has one of the best descriptions of the problem following a somewhat confused WSJ article. I suggest also reading TidBITs preceding article on the problems with iCloud Keychain.
I was aware of most of these issues, but the Recovery Key hack is new to me. Again, if an attacker has control of your iPhone they can change your Apple ID password, locking you out of your photos, documents, Apple services, Apple media you've purchased, subscriptions, software, and more. At this point you can ordinarily reset your Apple ID password [1] through a tedious series of authentication steps or with the help of a previously specified Recovery Contact [2]. However, if you have set a Recovery Key you can't use these methods. You have to know the Recovery Key. If a thief sets or changes the Apple ID Recovery Key to prevent locking of the stolen iPhone you are truly screwed. Once you set the Recovery Key yourself Apple no longer stores it [3]; they can't recover your Apple ID even if they wanted to.
Apple has to fix several things here. It's insane that a six digit iPhone passcode allows access to all of the iCloud Keychain (Apple Password Manager) and setting up a Recovery Key. The power and risk of the Recovery Key is a separate problem and creation of new Recovery Keys should be disabled until there's a better fix.
In the meantime we've taken two steps on our our iPhones:
I do NOT recommend setting a Recovery Key. An attacker with your iPhone passcode can change it anyway, and you won't be able to use Apple's standard Apple ID password recovery method.
- fn-
[1] One time I tried to use login with Apple on a calendar service provider (Stanza). Apple evidently decided that was a bad idea and instantly locked my Apple ID. I had to follow the password recovering steps. If I'd set a Recovery Key and did not know the Key I'd have lost access to my Apple ID content (photos, etc) for all time.
[2] Setup a recovery contact NOW.
[3] I presume that when you do a standard password reset, or a Recovery Contact does a password reset for you, that behind the scenes Apple is using the Recovery Key they keep.
The mastodon social network (I'm https://appdot.net/@jgordon) lets me follow people at any Mastodon community (instance). Mastodon is person-centric. Reddit, by contrast, lets me follow activity on predefined topics.
I'd like Mastodon to have better topic support; I'd like to be able to follow both people AND topics.
In theory Mastodon has support for topics through hash tags. In practice, particularly if you are on a smaller Mastodon instance, the tags are not very useful. They only "know" about posts that have been pulled into a user's home instance, most often because someone on the instance follows the post author.
I'd like to see "topic tags" that were predetermined and worked across the Mastodon part of the Fediverse. I imagine a registry of topic tags that's updated by an instance daily based on instance posts using the topic tag. There are likely better models for how to do this.
I've begun early experiments in converting from Aperture to Apple photos. I've not found any good user descriptions of the process. This post will be updated as I do experiments or use the results of experiments to refine my searches.
Trial 1/9/2022
For my first trial I created a new project from a single JPG image and one version using Aperture under Mojave. I copied it to an Intel Air running Monterey 12.1 and opened it in Photos.
Photos said it could not open the Aperture library. It did not say why.
I then regenerated full sized previews per Apple's directions and I tried again. This time the import proceeded. I could see the Version of my original photo but not the original. I then chose Revert to Original and Photos displayed the original image. Then I tried "Undo Revert" but that did nothing. My Version was lost.
Opening the package I could see a file in the originals folder named with a GUID and a .jpeg extension. It had a size of 2.3MB which is the size of the Aperture original.
I tried to repeat the process but Photos declared that "the content of the Aperture library ... has already been migrated to Photos". The famous léonie of Apple forums explained - the conversion process changes the extension to "migratedphotolibrary", I renamed the extension to .photolibrary and I was able to repeat the import process.
On repeating I saw my Version image. I then tried to edit it and got this message:
"Cannot Start Editing Photos cannot edit this image because it uses an unsupported format"
I explored the new Photos library (Package Contents) and could not find any JPG other than my original. I am puzzled as to how Photos generated the version I could see.
There does not appear to be any way to see the original image other than by reverting to original -- which cannot be undone. There also doesn't seen to be any indication that an original exists! (This appears to be a global Photos problem however).
If one wanted to see both a Version and the Original one would need to export from the Version rendering then open that in Preview, revert to Original, then compare.
Update 3/31/2023
I finally resolved the stacks Aperture created when I migrated from iPhotos (original image and iPhoto edited). The trick was to find all photos with keyword iPhoto Externally Edited (or similar) then save them to an album then in that album remove any that weren't stacked then unstack, delete externally edited, and re-edit originals (non-destructive).
Then I did "Reprocess Originals" for about 8000 raw images; about 6,000 were reprocessed and about 2,000 didn't need it. That leads Aperture to slowly regenerate previous/thumbnails. It's been about 24h and that is mostly done, I find that I have to periodically pause the task then restart Aperture (or my laptop) and resume. If I really need to regenerate all full sized previews that processing may take a week or so.
The Generate / Update Previews mystery
Apple's Published Recommendation (for Mojave)
Choose Aperture > Preferences, click the Previews tab, then change the Photo Preview setting to Don't Limit. Close the preferences window.
From the list of projects in the Library inspector, select all of your projects. For example, click the first project listed, then press and hold the Shift key while clicking the last project.
Click the Browser layout button in the toolbar, so that all photos are shown as thumbnails.
Choose Edit > Select All to select all of your photos.
Press and hold the Option key, then choose Photos > Generate Previews.
Aperture now generates full-size previews for every photo in your library. To follow its progress, choose Window > Show Activity from the menu bar. Quit Aperture when processing is complete.
Open the Photos app, then choose your Aperture library when prompted, as pictured above. If you aren't prompted to choose a library, press and hold the Option key while opening Photos. If your Aperture library isn’t listed, click Other Library, then locate and choose your library.
In my testing "Generate Previews" goes very quickly through JPEG originals. DNG images take longer. RAW images may take longer but I think previews were done when "reprocess originals" was run.
I'm going to partition my images by types (including other) to better understand this step. I think unstacking all photos is also wise.
UPDATE 4/8/2023
In testing I found Photos.app (Monterey) only needs Aperture previews for edited images. I've already created previews for all RAW images. Plan is:
Update 5/1/2023 - a few months after writing this I realized Apple is in the midst of a very poorly documented multi-year transition.
There are currently two "gift cards" - Apple Gift Card (AGC) and App Store & iTunes (ASIGC) gift card. The AGC used to be only useful for buying things at Apple Stores (or online equivalent) but sometime in the past few years the AGC could be used to to buy apps and media.
The ASIGC works as below. Apple's check balance advice remains incorrect; the balance displayed in the App Store UI is not updated reliably. However, I don't think the ASIGC is long for this world. Which probably explains why Apple hasn't fixed the balance display or the use of the old term "iTunes".
The AGC can be purchased through a web interface - https://www.apple.com/shop/buy-giftcard/giftcard. When I bought it for my son using his iCloud email the balance showed on his phone wallet as Apple Cash. The Apple Cash balance also shows under his Account as did the prior ASIGC balance, but in a different location inserted at the top of the screen (it doesn't show there on my iPhone!).
The Apple Cash account is also used to hold purchase rebates (1-2%) from an Apple Card. I see my Apple Card balance there. I use the payment method selection control; my first payment method is Apple Cash, the second is Apple Card. When I view my son's payment methods at appleid.apple.com I see Apple ID (that is in fact holding his Apple Cash balance) and the fallback payment is "Apple Cash", but it's MY Apple Cash not his. (In fact there's a 3rd payment method --after these two charges roll over to me via my Apple Card, but the current UI can only show two.)
Note the weirdness here. In the case of a non-organizer family member the Apple Cash balance shows up here labeled Apple ID rather than Apple Cash!
--------- original post
Apple's "Apple Account" holds cash that can be used to purchase apps, media and subscriptions. Money is most often added to an Apple Account through App Store and Gift Cards iTunes gift cards. Users can also directly add money to their personal Apple Account from a payment method, but there are few times that makes sense. If a user is a member of a "Family" then the money comes from the Family Organizer's payment method (usually this is a bad thing). If a Family Member purchases something it will come out of their Apple Account balance first then any residual charge will come out of the Family Organizer's payment method (not the Family Member's payment method).
Apple Accounts are poorly documented, especially when they intersect with Family Sharing. Sometimes the support documents are incorrect or incomplete. For example, the check balance article for Mac tells users to look below their name in the App Store app:
I put a basic bike kit together for my daughter (currently in college with her bike) including a companion shared iCloud Note. I think the note is kind of useful, so here it is for reuse:
Bicycle Kit
Lighting
(Charge these when you get home then every 2-3 weeks even if not used)
Bike Light (NiteRider)
Rear Bike Light Blinky
Repairs
Multi tool in saddle bag
Chain lube (dry)
General Lube for derailleurs, other parts
Inner tube spare
Patch kit and pressure gauge
Tire lever
Bicycle Pumps (floor and mini)
Schrader adapter
Clothing
Wind shell
Pant ties
Other
Water bottle
Cable and kryptonite locks and keys
Helmet
Bike bag
Register bike
Before ride
Charge lights
Check pressure
Look for loose parts
Check brakes
Changing tube
Options before patching a flat
Links to directions
Using speedier lever - https://www.youtube.com/watch?v=ZbO_03rKyPk
How to patch a flat (REI)
Things to know
Using the Schrader valve adapter
Apple's family sharing is complex and problematic. Family member charges are paid first from the Apple Account balance then secondarily to the Family Organizer account. Charges for members under 18 can require pre-authorization, but this cannot be done for over 18. The user interface for viewing Apple Account balances is obviously an old hack that would never pass any true review.
The Family Organizer receives emails with family member transactions on them. There's no comprehensive historic view of all family transactions however. A support article recommends using https://reportaproblem.apple.com, but that has only a 90 day history. Each family member can see their own transaction history on their Apple device, there is no web interface I know of for this comprehensive history. Recurring subscriptions are billed to the organizer but may be viewable only from the member account.
Essentially if a Family Organizer wishes to review family charges they need to do so within 90 days and they need to use reportaproblem.apple.com. Tracking emails is a less effective approach. To review older purchases the Organizer will need to use a family member's device or macOS account.
PS. Apple managed Subscriptions appear in the iOS/macOS subscription list, but 3rd party (ex. YouTube channel) subscriptions only. show up in the User's account view. You will see the recurring charge (monthly, etc) in reportaproblem.apple.com. Subscriptions must be managed in the host app, Apple only handles the billing.
Send an email message to someone who is using Gmail or Google Workspace. (You can't verify DKIM is on by sending yourself a test message.)
In the message header, look for Authentication-Results. Receiving services use different formats for incoming message headers, however the DKIM results should say something like DKIM=pass or DKIM=OK.If the message header doesn't include a line about DKIM, messages sent from your domain aren't signed with DKIM.
When I looked at view original sent form Emily's account to my personal gmail account I didn't see DKIM=pass or DKIM=OK but I did see two entries starting with:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
More importantly when I scrolled up a bit (this is in Gmail View Original) I saw a header that's interpreting the email headers (I think this might be a newer feature):
Message ID ....
Created at: Mon, Mar 13, 2023 at 2:59 PM (Delivered after 12 seconds)
From: Emily ....
To: John ...
Subject: test DKIM content
SPF: NEUTRAL with IP ...
DKIM: 'PASS' with domain ...
You can also paste the "original message" headers into toolbox.googleapps.com/apps/messageheader/. That gave similar results.
When I tested on a second family domain that did NOT have DNS TXT entry for DKIM it showed as DKIM 'PASS" in the email header interpretation with an odd domain string -- BUT in Google Apps it showed as NOT authenticating. I cannot explain this.
Once I updated the DNS TXT DKIM entry for that domain and allowed a few minutes for propagation it did show in the Google Apps admin console as authenticating with DKIM and the headers showed the correct domain name.
DH's note on SPF records says they cannot be updated if we are using Google Workspace. This is new since 2018 and I think that's correct.
I use Apple's Notes app fairly often. It's come a long way from early days but it has its share of bugs. The two I run into most often are formatting bugs and especially sync failures.
Formatting bugs seem to be related to frequent edits to a note using Notes app styles and character formats. Sometimes editing stops working in odd ways. I have to create a new Note and select all/paste into the new Note.
Sync bugs are more common and more serious. There are two kinds of sync bugs - global application sync failure and note specific failure.
Global sync means no notes are synchronizing and perhaps no iCloud content. I've seen that with iCloud password changes. I recommend never changing an iCloud password, Apple really doesn't want it to change. I had to recently because trying to use the Stanza calendar on the Saint Paul Saints web site with Apple integration triggered an instant Apple account lockout and mandated password reset (be afraid).
If iCloud sync doesn't work after a password change and iCloud seems to be properly authenticated first try restarting your iPhone or Mac. Then, on an iPhone, try sending an iCloud email. That last may require you to YET AGAIN enter your iCloud password. With luck the credential problem may resolve for all iCloud functions.
Single note sync failure may be something I see because I'm using Notes across the latest version of iOS and Mojave. I suspect it's actually fairly common even on Monterey/iOS though.
If it's just one note that won't sync between two devices you can check out Apple's web client view of Notes. That will tell you which device is off but it doesn't help with the fix. As far as I can tell there's no sync failure resolution built into Apple Notes. If Apple's sluggish iCloud sync means you have edited one note on two devices when they weren't in full sync then that particular note will no longer sync. No error messages, no offer to sort things out, no creation of two versions, it just quietly sits in isolation.
The workaround is to create a new note and confirm that syncs. Then on each separate device move the content from the now isolated notes into the new syncing note. Then delete the notes that didn't sync on each device.
Synchronization is a problem some seem to have solved (Simplenote for example), but Apple is not among this elite group.
My son has an Apple Watch SE running watchOS 9.3.1 (current). I'd never touched an Apple Watch but we wanted to get some data on sleep issues so I dug into it a bit. It turns out that the Sleep app is a frequent topic of Apple Discussion posts. I'll summarize what I learned here in case Google miraculously works and it's helpful to someone else.
References that were actually helpful:
Key discoveries
A family member was seeing only the default 5GB of storage. I prepared to the usual fixes like restart phone, upgrade iOS, leave and restore iCloud and, finally, remove from family and add back in.
Turned out the fix was much simpler as of iOS 16.3.
Settings:Apple ID: iCloud: Manage Account Storage: Use Family Storage.
After I selected this option they got access to our 2TB and the "Use Family Storage" option went away. Instead they had "Change Storage Plan". Tapping that gave the option to leave Family Storage.
Apple's docs mention something about an iMessage going to family members to give them the option to use Family Storage. I suspect that didn't get attention.
Once I'd fixed the problem I used the new keywords to search for Apple documentation. Google found nothing (though it's really bad now) on the Apple site except a post from 2 days ago. So this might be newish.
Eleven years ago I wrote about using the IFTTT service to create tweets from the RSS feed of my Pinboard shares (which are written for myself and for Emily; there are now over 49,000 entries).
Back then I was continuing a kind of sharing I started with Google Reader Social (details) and continued with App.net after Social died.
Now Twitter is dying, but, incredibly, Maciej Ceglowski's Pinboard endures. I've migrated to Mastodon (on an instance for veterans of App.net!) so now I use IFTTT (still free for my use) to create mastodon posts tagged #jgshare from that old Pinboard RSS.
I'm writing now to share a bit of how that works. I started with a recipe first published in 2017 and updated in 2022 by KelsonV. That recipe uses IFTTT web hooks: I tweaked it a bit to get the output I wanted:
Descriptive Title
URL
Commentary
The recipe is a bit hard to follow but the key steps are:
status =<<<{{EntryTitle}}>>><<<{{EntryUrl}}>>><<<{{EntryContent}}>>>#jgshare
Seven years ago we switched from CenturyLink to Comcast/Xfinity. At the time I thought CenturyLink was kaput. Today we switched back; I'm sharing some notes on what to expect.
We had good service from Xfinity, but over the past year we've been hitting their 1.2TB data cap. I'm sure I could call Xfinity, threaten to leave, and negotiate transition to their 'unlimited' tier and get a price reduction as well. I could do that, but the process irritates me.
Happily Century Link has survived, we are in their fiber area, and their fiberoptic GB no-cap service is apparently about what Xfinity charges us. I say apparently because we live in the surprise-fee era. You don't know what you pay until you get the bill. [Update: Century Link quoted me $70 and I'm honestly stunned to discover that is exactly the bill.]
CenturyLink customer service seems as abysmal as ever but local reports tell me the fiber is far more reliable than their old tech.
So we switched. A few notes on the process:
The Xfinity requirement return is done through xfinity.com/returns -- but the directions are buggy. The easiest option is to bring the hardware to a comcast/xfinity store but I opted to drop off at UPS. Follow the prompts to create a mailing label but be ready to conclude without, you know, the mailing label. To print the label go to customer.xfinity.com/devices/returns/status and you'll see how to print. Box up the xfinity hardware in anything, put label inside and outside box and drop off at a UPS store.
The CenturyLink model is a C4000XG; that site has an online user guide. I couldn't find a manual for it on the CenturyLink site but I did find one online. https://192.168.0.1 worked to get to the admin screen, you need the CenturyLink sticker with the Admin password. You will certainly want to change the passwords to something tappable. The device web server doesn't render properly in (old) Mojave Safari so I used Chrome.
I'll update this post if I find any other surprises in the process.
Update 2/5/2023
I dropped the xfinity router off at the UPS store with the return label and a week later I got an xfinity email saying they had the router.
After we discontinued service my Xfinity login stopped working. There was no error message, it would let me enter my password but then request my password again. I wondered how I'd pay my last bill but a paper statement came in the mail with a credit on it. We pay in advance so there's credit for the unused part of the month. It does appear they never dinged me for my data overage. The statement said that in 30 days they would send me a check for whatever is left in the account, but in fact they credited part of my last payment back to the credit card I used.
