Saturday, May 27, 2023

Microsoft OneDrive automatic update disables OneDrive on Catalina and Mojave (and perhaps more)

My attempt to fix Microsoft Update disables OneDrive on Catalina and Mojave (and perhaps more) is in process.

 Fix from Microsoft Answers

1. Download last working version - Install version 23.002.0102.0004.

2. Disable autoupdate for OneDrive preferably by blocking network access to IP Port 443 TCP. Port 443 is standard port for https traffic.

3. Remove current version, install last good version.

As of April 20 we are to watch the release notes page for a possible fix.

Friday, April 28, 2023

iOS App Update hangs without an error message in infinite download: a general approach

Apple's FairPlay DRM management is notoriously fragile. It can be confused by family sharing, Screen Time controls, payment method changes, and, heaven forfend, mixed Apple IDs on a device.

Once Apple's DRM gets confused there's often no user accessible error message (PS. This is a bug [1]). The app just hangs. So when I realized my (manual) App Store updates were not completing I was not completely surprised. Recently I had:

  1. Changed payment methods. I made my Apple Card's award balance (1-2% transaction) the default payment method (so it always gets emptied)
  2. Enabled Screen Time account change restrictions to mitigate the harm of Apple's biggest current security issue.
I fixed the problem in the usual way (see Apple's article on this as well):
  1. [Switch to manual update if you've been using automatic]
  2. Verify Apple ID payment methods look correct
  3. Turn off Screen Time [Apple doesn't mention this.]
  4. Restart phone (power off/on)
  5. Download a new free app from App Store [An old method, still useful]
  6. Verify I can now update one of the pending apps.
  7. Update All
  8. Turn Screen Time back on.
  9. [Turn auto update back on if you like that.]
[1] Failure to generate a user notification of a failed interaction is, of course, a bug. Regardless of whether there's a bug in the interaction processing (which there is, so that's another one).

Saturday, April 22, 2023

iPhone Recovery Key attack vector kills your iCloud access: Workarounds pending an Apple fix including Apple ID protection

Someone who has your iPhone passcode can lock you out of your Apple iCloud and Apple ID services -- as well as take control of your iPhone and have access to all passwords stored in Apple's Password Manager (iCloud Keychain).

This can happen when someone steals your phone and obtains your passcode by the simple measure of threatening to kill you. Or they might see you enter your passcode or surreptitiously record entry. In bars drugs can be used to facilitate the process. This is often done as part of "borrowing a phone" for an "emergency call". (Never let anyone you don't trust with your life and wealth touch your phone. If it's an emergency make the call for them but ensure they don't record your passcode and don't let go of the phone.)

Once the thief has your phone and passcode they can change the victim's Apple ID password. This prevents the victim from locking the iPhone. The victim could still do the Apple ID password recovery process, so to get more time with the phone the thief can set a Recovery Key. If a Recovery Key exists they can change it. Setting a Recovery Key this way disables Apple ID password recovery. This gives the thief an unlimited time with the phone. It also locks the user out of all their Apple ID associated services and products including video, music, personal photos, personal documents, family sharing, other Apple devices, and the like. From the thief's perspective the Apple ID lock out is merely a side-effect. They may even feel a tiny qualm of sympathy for their victim. They do it to prevent iPhone lockout.

This is an Apple design problem. They need to fix it. Basically the iPhone passcode has far too much power -- especially since it has to be tapped in far too frequently and thus relatively easy to enter. Secondarily the benefits of the Recovery Key are limited to a few people and the with this technique in common use the risks dwarf the benefits. Apple should disable creation of new Recovery Keys immediately while they come up with a better fix.

TidBITS has one of the best descriptions of the problem following a somewhat confused WSJ article. I suggest also reading TidBITs preceding article on the problems with iCloud Keychain.

I was aware of most of these issues, but the Recovery Key hack is new to me. Again, if an attacker has control of your iPhone they can change your Apple ID password, locking you out of your photos, documents, Apple services, Apple media you've purchased, subscriptions, software, and more. At this point you can ordinarily reset your Apple ID password [1] through a tedious series of authentication steps or with the help of a previously specified Recovery Contact [2]. However, if you have set a Recovery Key you can't use these methods. You have to know the Recovery Key. If a thief sets or changes the Apple ID Recovery Key to prevent locking of the stolen iPhone you are truly screwed. Once you set the Recovery Key yourself Apple no longer stores it [3]; they can't recover your Apple ID even if they wanted to.

Apple has to fix several things here. It's insane that a six digit iPhone passcode allows access to all of the iCloud Keychain (Apple Password Manager) and setting up a Recovery Key. The power and risk of the Recovery Key is a separate problem and creation of new Recovery Keys should be disabled until there's a better fix.

In the meantime we've taken two steps on our our iPhones:

  1. Emily and I set each other up as Recovery Contacts to facilitate doing an Apple ID password reset in the absence of an Apple Device.
  2. Follow the recommendation of TidBITS to use Apple's Screen Time feature to prevent Account Changes. This requires setting a separate 4 digit ScreenTime code (PIN). When you do this Apple seems to require entry of Apple ID credentials that can be used to reset the ScreenTime PIN, but if you tap "cancel" you can continue without this step. That means an attacker can't use the Apple ID credentials they've stolen to unlock the account settings; they can't change an Apple ID password and they can't set a Recovery Key. (I think this can trigger an Apple Bug with App Updates and mixed Apple ID - see this article.)
I have not yet deleted all of my iCloud Keychain entries. I will go through mine and delete a few key ones. Apple really and truly needs to secure iCloud Keychain with an optional separate credential [4].

I do NOT recommend setting a Recovery Key.  An attacker with your iPhone passcode can change it anyway, and you won't be able to use Apple's standard Apple ID password recovery method.

- fn- 

[1] One time I tried to use login with Apple on a calendar service provider (Stanza). Apple evidently decided that was a bad idea and instantly locked my Apple ID. I had to follow the password recovering steps. If I'd set a Recovery Key and did not know the Key I'd have lost access to my Apple ID content (photos, etc) for all time.

[2] Setup a recovery contact NOW.

[3] I presume that when you do a standard password reset, or a Recovery Contact does a password reset for you, that behind the scenes Apple is using the Recovery Key they keep.

Sunday, April 02, 2023

Mastodon wishes: topic tags that actually work

The mastodon social network (I'm lets me follow people at any Mastodon community (instance). Mastodon is person-centric. Reddit, by contrast, lets me follow activity on predefined topics.

I'd like Mastodon to have better topic support; I'd like to be able to follow both people AND topics.

In theory Mastodon has support for topics through hash tags. In practice, particularly if you are on a smaller Mastodon instance, the tags are not very useful. They only "know" about posts that have been pulled into a user's home instance, most often because someone on the instance follows the post author.

I'd like to see "topic tags" that were predetermined and worked across the Mastodon part of the Fediverse. I imagine a registry of topic tags that's updated by an instance daily based on instance posts using the topic tag. There are likely better models for how to do this.

Thursday, March 30, 2023

Converting from Aperture to Apple Photos: Personal results

I've begun early experiments in converting from Aperture to Apple photos. I've not found any good user descriptions of the process. This post will be updated as I do experiments or use the results of experiments to refine my searches.

Trial 1/9/2022

For my first trial I created a new project from a single JPG image and one version using Aperture under Mojave. I copied it to an Intel Air running Monterey 12.1 and opened it in Photos.

Photos said it could not open the Aperture library. It did not say why.

I then regenerated full sized previews per Apple's directions and I tried again. This time the import proceeded. I could see the Version of my original photo but not the original. I then chose Revert to Original and Photos displayed the original image. Then I tried "Undo Revert" but that did nothing. My Version was lost.

Opening the package I could see a file in the originals folder named with a GUID and a .jpeg extension. It had a size of 2.3MB which is the size of the Aperture original.

I tried to repeat the process but Photos declared that "the content of the Aperture library ... has already been migrated to Photos". The famous léonie of Apple forums explained - the conversion process changes the extension to "migratedphotolibrary", I renamed the extension to .photolibrary and I was able to repeat the import process.

On repeating I saw my Version image. I then tried to edit it and got this message:

"Cannot Start Editing Photos cannot edit this image because it uses an unsupported format"

I explored the new Photos library (Package Contents) and could not find any JPG other than my original. I am puzzled as to how Photos generated the version I could see.

There does not appear to be any way to see the original image other than by reverting to original -- which cannot be undone. There also doesn't seen to be any indication that an original exists! (This appears to be a global Photos problem however).

If one wanted to see both a Version and the Original one would need to export from the Version rendering then open that in Preview, revert to Original, then compare.

Update 3/31/2023

I finally resolved the stacks Aperture created when I migrated from iPhotos (original image and iPhoto edited).  The trick was to find all photos with keyword iPhoto Externally Edited (or similar) then save them to an album then in that album remove any that weren't stacked then unstack, delete externally edited, and re-edit originals (non-destructive).

Then I did "Reprocess Originals" for about 8000 raw images; about 6,000 were reprocessed and about 2,000 didn't need it. That leads Aperture to slowly regenerate previous/thumbnails. It's been about 24h and that is mostly done, I find that I have to periodically pause the task then restart Aperture (or my laptop) and resume. If I really need to regenerate all full sized previews that processing may take a week or so.

The Generate / Update Previews mystery

Apple's Published Recommendation (for Mojave)

Choose Aperture > Preferences, click the Previews tab, then change the Photo Preview setting to Don't Limit. Close the preferences window.

From the list of projects in the Library inspector, select all of your projects. For example, click the first project listed, then press and hold the Shift key while clicking the last project.

Click the Browser layout button in the toolbar, so that all photos are shown as thumbnails.

Choose Edit > Select All to select all of your photos.

Press and hold the Option key, then choose Photos > Generate Previews.

Aperture now generates full-size previews for every photo in your library. To follow its progress, choose Window > Show Activity from the menu bar. Quit Aperture when processing is complete.

Open the Photos app, then choose your Aperture library when prompted, as pictured above. If you aren't prompted to choose a library, press and hold the Option key while opening Photos. If your Aperture library isn’t listed, click Other Library, then locate and choose your library.

In my testing "Generate Previews" goes very quickly through JPEG originals. DNG images take longer. RAW images may take longer but I think previews were done when "reprocess originals" was run.

I'm going to partition my images by types (including other) to better understand this step. I think unstacking all photos is also wise.

UPDATE 4/8/2023

In testing I found (Monterey) only needs Aperture previews for edited images. I've already created previews for all RAW images. Plan is:

  1. Remove previews for all images without adjustments including RAW.
  2. Regenerate high res images for all images that have had adjustments (I already did RAW so don't need to redo those). I think quick view requires previews so I may be able to use that feature to confirm which have previews and which don't.


Wednesday, March 29, 2023

Apple's App Store Apple Account balance: updated due to transition to Apple Cash

Update 5/1/2023 - a few months after writing this I realized Apple is in the midst of a very poorly documented multi-year transition.

There are currently two "gift cards" - Apple Gift Card (AGC) and App Store & iTunes (ASIGC) gift card.  The AGC used to be only useful for buying things at Apple Stores (or online equivalent) but sometime in the past few years the AGC could be used to to buy apps and media. 

The ASIGC works as below. Apple's check balance advice remains incorrect; the balance displayed in the App Store UI is not updated reliably. However, I don't think the ASIGC is long for this world. Which probably explains why Apple hasn't fixed the balance display or the use of the old term "iTunes".

The AGC can be purchased through a web interface - When I bought it for my son using his iCloud email the balance showed on his phone wallet as Apple Cash. The Apple Cash balance also shows under his Account as did the prior ASIGC balance, but in a different location inserted at the top of the screen (it doesn't show there on my iPhone!).

The Apple Cash account is also used to hold purchase rebates (1-2%) from an Apple Card. I see my Apple Card balance there. I use the payment method selection control; my first payment method is Apple Cash, the second is Apple Card. When I view my son's payment methods at I see Apple ID (that is in fact holding his Apple Cash balance) and the fallback payment is "Apple Cash", but it's MY Apple Cash not his. (In fact there's a 3rd payment method --after these two charges roll over to me via my Apple Card, but the current UI can only show two.)

Note the weirdness here. In the case of a non-organizer family member the Apple Cash balance shows up here labeled Apple ID rather than Apple Cash!

I have found charges do go first against this "Apple ID" (his Apple Cash) then against my Apple Cash (currently $41.71). Incidentally, note if you can connect to a non-child family member's appleid you can see their balance and they can see the family organizer's cash balance.

If my son were a minor I'd have more options to manage Apple Cash. As it is this is a big improvement on a few months ago (below). It's obvious that in the US at least the ASIGC is obsolete and Apple will transition to the AGC. They still have a ways to go; they have added a savings account feature to Apple Card; I wonder if they'll add one to Apple Cash.

--------- original post

Apple's "Apple Account" holds cash that can be used to purchase apps, media and subscriptions. Money is most often added to an Apple Account through App Store and  Gift Cards iTunes gift cards. Users can also directly add money to their personal Apple Account from a payment method, but there are few times that makes sense. If a user is a member of a "Family" then the money comes from the Family Organizer's payment method (usually this is a bad thing). If a Family Member purchases something it will come out of their Apple Account balance first then any residual charge will come out of the Family Organizer's payment method (not the Family Member's payment method).

Apple Accounts are poorly documented, especially when they intersect with Family Sharing. Sometimes the support documents are incorrect or incomplete. For example, the check balance article for Mac tells users to look below their name in the App Store app:

That doesn't work very well though. You can see the problem in this screenshot taken from my son's account

His account shows $150 as a balance, but that's wrong. If you click on Profile and drill down to this Accounts page (requires authentication) you will see the correct amount of $135.37. Evidently the amount displayed on the App Store screen is copied there from another system and there's a time lag. In my testing I've found that the lag is at least a day and I suspect it only updates when one checks the Apple Account (requires authentication). So, in reality, the Apple Account is the only way to know this number.

Apple doesn't mention this, but you can also get to this Accounts page (which has the accurate numbers) from iTunes/Music. You can't get to it from the web however; doesn't have this data. My guess is that Apple is still using their 20yo iTunes infrastructure for the "Apple Account" (authentication doesn't support Apple Passwords OR biometrics) and that the display in the App Store is a bit of a hack. 

The Apple Account is a legacy system that is much older than Family Sharing and doesn't support it very well. I'm guessing Apple has been trying to replace the iTunes backend for a years and that the version we see is in maintenance mode. Perhaps they will transition to the emerging Apple Pay infrastructure. For now we have to workaround the issues.

Monday, March 20, 2023

Basic bicycle kit list with some notes on flats

I put a basic bike kit together for my daughter (currently in college with her bike) including a companion shared iCloud Note. I think the note is kind of useful, so here it is for reuse:

Bicycle Kit


(Charge these when you get home then every 2-3 weeks even if not used)

Bike Light (NiteRider)

Rear Bike Light Blinky


Multi tool in saddle bag

Chain lube (dry)

General Lube for derailleurs, other parts

Inner tube spare

Patch kit and pressure gauge

Tire lever

Bicycle Pumps (floor and mini) 

Schrader adapter


Wind shell

Pant ties


Water bottle

Cable and kryptonite locks and keys


Bike bag

Register bike

Before ride

Charge lights

Check pressure

Look for loose parts

Check brakes

Changing tube

  • Picture below of tire lever (remove tire), schraeder adapter (carry just in case, is small, can carry by putting on one of your valve stems) and a small pump that doesn’t work great but better than nothing.

Options before patching a flat

  1. See if bike shop nearby
  2. Call a friend to help or bring home
  3. Maybe uber?
  4. Remove tire and replace with new tube
  5. Remove tire and tube, patch and replace.

Links to directions

Using speedier lever - 

How to patch a flat  (REI)

Things to know

  1. This is the hardest thing most people do on a bike.
  2. Some tires are really hard to remove and getting tire back on can be hard (Usually have to do with thumbs but speedier lever can be used.  Most tools just make a hole in the tube.)
  3. It’s quite easy to trap a bit of tube under tire. I like to inflate a bit then pinch tire all around the rim trying to free any trapped tube. Then deflate, repeat pinch, then inflate.
  4. Inflation options include: floor pump (best), mini-pump, CO2 canister (meh), gas station pump with Schrader adapter below

Using the Schrader valve adapter

  1. You need to undo the top Presta valve!
  2. Put on adapter
  3. Fill in small steps, but some modern gas station pumps may be slower to fill. Don’t overfill, can blow tire off rim in some older pumps.

Wednesday, March 15, 2023

Apple Family Sharing and reviewing family member charges

Apple's family sharing is complex and problematic. Family member charges are paid first from the Apple Account balance then secondarily to the Family Organizer account. Charges for members under 18 can require pre-authorization, but this cannot be done for over 18. The user interface for viewing Apple Account balances is obviously an old hack that would never pass any true review.

The Family Organizer receives emails with family member transactions on them. There's no comprehensive historic view of all family transactions however. A support article recommends using, but that has only a 90 day history. Each family member can see their own transaction history on their Apple device, there is no web interface I know of for this comprehensive history. Recurring subscriptions are billed to the organizer but may be viewable only from the member account.

Essentially if a Family Organizer wishes to review family charges they need to do so within 90 days and they need to use Tracking emails is a less effective approach. To review older purchases the Organizer will need to use a family member's device or macOS account.

PS. Apple managed Subscriptions appear in the iOS/macOS subscription list, but 3rd party (ex. YouTube channel) subscriptions only. show up in the User's account view. You will see the recurring charge (monthly, etc) in Subscriptions must be managed in the host app, Apple only handles the billing.

Monday, March 13, 2023

Google Apps (Workspace) email failing? How to check DKIM and update in your DNS settings if needed.

When I travel every bit of IT in our family starts to malfunction. On a recent trip this included Emily's emails, they were intermittently rejected by Gmail recipients. Once I was home I had to dig up old knowledge; I found the answers in prior blog posts (see references below). It looks like something wiped out our Dreamhost DNS DKIM records a few weeks ago [1]. 

It's hard these days to do email with anything that's not full hosted on the big three.

The refs have more detail but here's the outline of the process:
  1. In Google Workspace - Apps - Gmail - Authenticate email get the DKIM text value. You will probably have to generate a new record.
  2. In Dreamhost control panel manage websites click on DNS settings for domain and enter google._domainkey as host and the TXT record value. (DH UI makes this look like it appends a suffix to this but it really doesn't.)
  3. Once DH says the record has propagated return to the Admin console and click "start authentication"
It can take 48 hours for this to fully propagate but a few minutes after adding the key it did work when I validated as below.

To see if DKIM is working follow the process Google outlines (Usual automated testing services don't work with the way Google Apps do DKIM -- the selector won't work):
Send an email message to someone who is using Gmail or Google Workspace. (You can't verify DKIM is on by sending yourself a test message.) 
In the message header, look for Authentication-Results. Receiving services use different formats for incoming message headers, however the DKIM results should say something like DKIM=pass or DKIM=OK.

If the message header doesn't include a line about DKIM, messages sent from your domain aren't signed with DKIM.

When I looked at view original sent form Emily's account to my personal gmail account I didn't see DKIM=pass or DKIM=OK but I did see two entries starting with:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; 

More importantly when I scrolled up a bit (this is in Gmail View Original) I saw a header that's interpreting the email headers (I think this might be a newer feature):

Message ID ....

Created at: Mon, Mar 13, 2023 at 2:59 PM (Delivered after 12 seconds)

From: Emily ....

To: John ...

Subject: test DKIM content

SPF: NEUTRAL with IP ...

DKIM: 'PASS' with domain ...

You can also paste the "original message" headers into That gave similar results.

When I tested on a second family domain that did NOT have DNS TXT entry for DKIM it showed as DKIM 'PASS" in the email header interpretation with an odd domain string -- BUT in Google Apps it showed as NOT authenticating. I cannot explain this. 

Once I updated the DNS TXT DKIM entry for that domain and allowed a few minutes for propagation it did show in the Google Apps admin console as authenticating with DKIM and the headers showed the correct domain name.

DH's note on SPF records says they cannot be updated if we are using Google Workspace. This is new since 2018 and I think that's correct.

- fn -

[1] Eons ago every Dreamhosted domain had a free option to add Google Apps (now Google Workspace). That went away and earlier this year Google said they would discontinue the legacy free Google Apps. That was a thrash but on the edge of doom Google relented. I figured a DH script wiped the records but their first tier support said they hadn't done anything and instead referred to Google automated scripts that might change their DNS records (!).

- refs -

Monday, February 27, 2023

Managing sync issues in the Apple Notes app - what I do

I use Apple's Notes app fairly often. It's come a long way from early days but it has its share of bugs. The two I run into most often are formatting bugs and especially sync failures.

Formatting bugs seem to be related to frequent edits to a note using Notes app styles and character formats. Sometimes editing stops working in odd ways. I have to create a new Note and select all/paste into the new Note.

Sync bugs are more common and more serious. There are two kinds of sync bugs - global application sync failure and note specific failure.

Global sync means no notes are synchronizing and perhaps no iCloud content. I've seen that with iCloud password changes. I recommend never changing an iCloud password, Apple really doesn't want it to change. I had to recently because trying to use the Stanza calendar on the Saint Paul Saints web site with Apple integration triggered an instant Apple account lockout and mandated password reset (be afraid).

If iCloud sync doesn't work after a password change and iCloud seems to be properly authenticated first try restarting your iPhone or Mac. Then, on an iPhone, try sending an iCloud email. That last may require you to YET AGAIN enter your iCloud password. With luck the credential problem may resolve for all iCloud functions.

Single note sync failure may be something I see because I'm using Notes across the latest version of iOS and Mojave. I suspect it's actually fairly common even on Monterey/iOS though.

If it's just one note that won't sync between two devices you can check out Apple's web client view of Notes. That will tell you which device is off but it doesn't help with the fix. As far as I can tell there's no sync failure resolution built into Apple Notes. If Apple's sluggish iCloud sync means you have edited one note on two devices when they weren't in full sync then that particular note will no longer sync. No error messages, no offer to sort things out, no creation of two versions, it just quietly sits in isolation.

The workaround is to create a new note and confirm that syncs. Then on each separate device move the content from the now isolated notes into the new syncing note. Then delete the notes that didn't sync on each device.

Synchronization is a problem some seem to have solved (Simplenote for example), but Apple is not among this elite group.

Saturday, February 18, 2023

Apple Watch Sleep App: Reinstallation and setup

My son has an Apple Watch SE running watchOS 9.3.1 (current). I'd never touched an Apple Watch but we wanted to get some data on sleep issues so I dug into it a bit. It turns out that the Sleep app is a frequent topic of Apple Discussion posts. I'll summarize what I learned here in case Google miraculously works and it's helpful to someone else.

References that were actually helpful:

Key discoveries

  1. It's not obvious which Apple Watches support the Sleep app. It seems to work on any device that can run the latest OS. His SE qualified.
  2. It's possible to delete the Sleep app from Apple Watch. His didn't have it; he may have accidentally deleted the app. App Store search is utterly broken so it's hard to find it to reinstall. Reddit had directions (see above) that worked.
  3. Once you have the Sleep app reinstalled you need to follow the directions on Apple Track Sleep with Apple Watch and iPhone carefully including this part: "If you paired your Apple Watch after completing Sleep setup, you can still turn on Track Sleep with Apple Watch. In the Watch app on your iPhone, tap the My Watch tab, then tap Sleep. Then tap Track Sleep with Apple Watch to turn on this setting."
  4. The reports are well done but they are only viewable on the iPhone or Apple Watch. There's no export or print function [1]. Third party apps may have more capabilities, but the App Store is a sewer so I didn't want to wade into it.  Instead I did a bunch of screenshots from his iPhone and used Picsew to stitch them together and Preview to create a PDF with the reports.
- fn -
 [1] You can export all heath data as XML. This produced a 180MB file that BBEdit was able to open. It's not helpful.

Sunday, February 05, 2023

Family member not getting family storage plan - "Manage Account Storage" and "Use Family Storage"

A family member was seeing only the default 5GB of storage. I prepared to the usual fixes like restart phone, upgrade iOS, leave and restore iCloud and, finally, remove from family and add back in.

Turned out the fix was much simpler as of iOS 16.3.

Settings:Apple ID: iCloud: Manage Account Storage: Use Family Storage.

After I selected this option they got access to our 2TB and the "Use Family Storage" option went away. Instead they had "Change Storage Plan". Tapping that gave the option to leave Family Storage.

Apple's docs mention something about an iMessage going to family members to give them the option to use Family Storage. I suspect that didn't get attention.

Once I'd fixed the problem I used the new keywords to search for Apple documentation. Google found nothing (though it's really bad now) on the Apple site except a post from 2 days ago. So this might be newish.

Wednesday, January 25, 2023

Using IFTTT Webhook to post RSS feed data to Mastodon

Eleven years ago I wrote about using the IFTTT service to create tweets from the RSS feed of my Pinboard shares (which are written for myself and for Emily; there are now over 49,000 entries).  

Back then I was continuing a kind of sharing I started with Google Reader Social (details) and continued with after Social died.

Now Twitter is dying, but, incredibly, Maciej Ceglowski's Pinboard endures. I've migrated to Mastodon (on an instance for veterans of!) so now I use IFTTT (still free for my use) to create mastodon posts tagged #jgshare from that old Pinboard RSS.

I'm writing now to share a bit of how that works. I started with a recipe first published in 2017 and updated in 2022 by KelsonV. That recipe uses IFTTT web hooks: I tweaked it a bit to get the output I wanted:

    Descriptive Title



The recipe is a bit hard to follow but the key steps are:

  1. In Mastodon Profile Preferences Development create an "application" with website "" and Scope of write:statuses. After it's created copy the access token.
  2. In IFTTT create a rule based on the RSS feed of your source (in my case Pinboard shares with a particular tag). My rule starts with IF "New Feed Item"
  3. The action part of the rule is a web request"
    1. URL:
    2. Method: POST
    3. Content type: application/x-www-form-urlencoded
    4. Authorization: Bearer 1234567890 (replace 1234... with your Mastodon access token)
    5. Body as below.
KelsonV's post has additional details and screenshots.

The trick in the body was to get line spaces between Title, URL and Commentary. This worked:
status = 
When I first ran this I'd get errors in my IFTTT log but the rule worked successfully. The errors went away.

Monday, January 09, 2023

Switching from Comcast to Century Link - including how to return Xfinity equipment

Seven years ago we switched from CenturyLink to Comcast/Xfinity. At the time I thought CenturyLink was kaput. Today we switched back; I'm sharing some notes on what to expect.

We had good service from Xfinity, but over the past year we've been hitting their 1.2TB data cap. I'm sure I could call Xfinity, threaten to leave, and negotiate transition to their 'unlimited' tier and get a price reduction as well.  I could do that, but the process irritates me.

Happily Century Link has survived, we are in their fiber area, and their fiberoptic GB no-cap service is apparently about what Xfinity charges us. I say apparently because we live in the surprise-fee era. You don't know what you pay until you get the bill. [Update: Century Link quoted me $70 and I'm honestly stunned to discover that is exactly the bill.]

CenturyLink customer service seems as abysmal as ever but local reports tell me the fiber is far more reliable than their old tech.

So we switched. A few notes on the process:

  1. I began by turning off Xfinity automatic bill payment. I called and confirmed we had month-to-month no-contract and that final bill would be prorated.
  2. CenturyLink signup was simple but their process is weak. They insisted on contacting us by phone;  it's a miracle we were able to catch the call and respond. A snow storm delayed installation; they didn't tell us the install was canceled and they appeared the next day unannounced. I'm retired so I was able to make that work. The web site does supposedly allow formal rescheduling but overall that's a C- performance. The tech did a nice job on the install, it was a direct shot from the pole to where our Comcast modem was. Since we have an Eero network he just had to swap a cable and we were on the new service.
  3. After 3 days of use I called 800-266-2278 to cancel Xfinity/Comcast. Cancelation didn't take too long, I had to say "representative" a couple of times to bypass the vmail menu. The Comcast rep sounded depressed but typed on and on trying to complete the exit process. They were unsure how to return the hardware by UPS but I found the Comcast support article (which is flawed, more below)
  4. Xfinity prorates the final bill. It's not clear if they ever actually charged me for the one time we went over their 1.2TB data cap.
  5. Century Link charged me on 12/27/22 though service didn't start until 1/6/2023 (December 27, 2022 - January 26, 2023). On Jan 4 there was a 0$ bill for equipment and installation. My next bill is due 2/4 so the amounts do even out. The default setup is autopay to my credit card. I'll see if that generates an extra fee.
  6. It's not obvious on the web site how one sees a bill. The bill date is a hyperlink. Shockingly the bill appears to be exactly the $70 they claimed; that's what appears on my credit card. Xfinity charged me $91 so I'm unexpectedly saving money.

The Xfinity requirement return is done through -- but the directions are buggy. The easiest option is to bring the hardware to a comcast/xfinity store but I opted to drop off at UPS. Follow the prompts to create a mailing label but be ready to conclude without, you know, the mailing label. To print the label go to and you'll see how to print. Box up the xfinity hardware in anything, put label inside and outside box and drop off at a UPS store.

The CenturyLink model is a C4000XG; that site has an online user guide. I couldn't find a manual for it on the CenturyLink site but I did find one online. worked to get to the admin screen, you need the CenturyLink sticker with the Admin password. You will certainly want to change the passwords to something tappable. The device web server doesn't render properly in (old) Mojave Safari so I used Chrome.

I'll update this post if I find any other surprises in the process.

Update 2/5/2023

I dropped the xfinity router off at the UPS store with the return label and a week later I got an xfinity email saying they had the router.

After we discontinued service my Xfinity login stopped working. There was no error message, it would let me enter my password but then request my password again. I wondered how I'd pay my last bill but a paper statement came in the mail with a credit on it. We pay in advance so there's credit for the unused part of the month. It does appear they never dinged me for my data overage. The statement said that in 30 days they would send me a check for whatever is left in the account, but in fact they credited part of my last payment back to the credit card I used.