Two new discoveries in iOS Screen Time (parental controls): Age 13 and Apple ID incompatible with Screen Time

A reputable Twitter source recently wrote that “Screen Time” was "a rush job".

It feels that way. As part of a book project I’ve spent way too much time experimenting with Screen Time. It needs a top to bottom rewrite. Also needs an API so other vendors can extend what Apple offers. 

Anyway, I’ve learned two new things about Screen Time — two special ages and a hint about why one iPhone could not be enrolled in remote Screen Time.

First the ages. US Screen Time has two special ages: 13 and 18. We know about 18, but the 13 is new to me. 

If a Family Member's Apple ID birthdate means their current age is over 18 then remote screen time blocks are turned off. It’s an 18th birthday gift from Apple! This is a problem for special needs adults — chronologically 18 but very vulnerable. The workaround for a special needs adult is to set their AppleID birthdate so they are 14 (write down the birthdate you used, you may need it).

Note I wrote 14, not, say, 10. That’s because 13 is another special age. If a Family Organizer creates an Apple ID birthdate such that a family member’s age is under 13 they will see, after it’s been created, the message "Children under 13 cannot be removed from Family Sharing.” Not only can they not be removed, their birthdate cannot be changed either. You will need to call Apple Support to have changes made, and you may need to work with a supervisor.  Meanwhile any devices with that Apple ID will count against your sharing cap.

What else did I learn?

I learned that some Apple IDs won’t work with Screen Time. It’s not clear why; I assume it’s a obscure bug somewhere in Apple’s creaky identity management infrastructure. When I set up a test phone for my book project I used an old Apple ID of mine. Without going into the convoluted history, that Apple ID is descended from an old mac.com/MobileMe email account and it’s all way too complex to describe. In any case, even though I'd changed the birthdate so age was 14, remote Screen Time settings didn’t “stick”. I’d enable them, they’d flip back to off. I changed the device Apple ID to a fresh one created from my Family Organizer account (which is how I discovered the 13 yo bit) and now it works.

Since my test iPhone doesn’t have a SIM card I wondered if that was part of my remote Screen Time problem. It wasn’t — my setup worked fine. Interestingly when I set the Apple ID this way both FaceTime and iMessage also worked without a SIM card — no ‘waiting for activation’ issues.

iOS 12: "family sharing" is still for children only -- ask to buy disabled at age 18 in US

The “Share purchases on iPad with family members” chapter of my iOS 12 iPad user guide tells me Family Sharing is still limited to children, and still not suited for use with special needs adults.

The problem is that “Ask to Buy” is available only for 18 and under. Since all purchases go to the “Family Organizer” Ask to Buy is the only way for the Organizer to control what family members purchase intentionally or accidentally. Since it’s turned off at age 18 “Family Sharing” is effectively for parents (who presumably share expenses) and children (who can have Ask to Buy).

This means that Family Sharing is not helpful for special needs dependents (guardianship status).

This is unchanged from iOS 11.  I’m not surprised, Apple doesn’t want Family Sharing to be widely adopted beyond the target group.

Things old persons don't understand -- what happens to all those school Google Docs?

Two of our kids are ending their St Paul Public School careers. Both have a collection of Google Docs.

The school does not seem to provide any mechanism for mass reassignment of document ownership to a personal Google account. From what I can tell the school actually blocks ownership reassignment. (Ownership management is one of the several significant issues with Google’s document sharing infrastructure [1].)

So what do students do with all those documents [2]? Olds like me have no idea. They don’t just let them all evaporate … do they?

(I use CloudPull, one of my favorite macOS apps, to create a local repository. The download process converts Google “docs” to Office files. Of course there’s nothing like this for iOS.)

- fn -

[1] Only owners can truly delete an owned document, and ownership cannot be transferred for non-Google “docs”. I think all own/share privileges are at the document level, but documents may inherit some properties from their folder “container” — but not ownership. Yeah, I don’t understand this. Not sure anyone does :-).
[2] Due to some cognitive disabilities and temperaments my guys can’t answer this question… I guess I should ask my daughter …

Update: of course I just write this and today I get for all my CloudPull accounts: “CloudPull was unable to export your backups”. It turns out CloudPull had lost track of my backup directory. I don’t know why. I relinked in Preferences:Advanced and it worked again. It didn’t write anything to console when that happened. Support was great at helping me fix this.

Update 8/26/2018: I again ran into “CloudPull was unable to export your backups”, this time on my personal (36GB export) gDrive. I cleaned up some other non-active accounts, used Help force reindex, and booted into Recovery mode and ran 1st Aid (it fixed things). Then it worked.

The state of iOS parental mobile device management is bad

I recently reviewed Qustodio and found it unusable because the mandatory VPN is not compatible with modern encrypted connections (https).

After that I revisited MMGuardian. Things there are almost as bad. They haven’t implemented password security on their MDM profile; the vendor claims Apple doesn’t support the functions they rely on with a locked profile.

I also learned that MMGuardian’s primary app control, which is to hide all non-default apps, also deletes their folder and icon arrangements. So when they are restored they are no longer in their original locations.

MMGuardian can’t report on device usage, probably because it doesn’t have a VPN option.

Lastly, while MMGuardian can hide Safari, that’s a binary setting. It can’t schedule Safari to be active or disabled the way it can schedule other apps. 

In my 2016 review Qustodio and MMGuardian were the only candidates to meet basic requirements. As of 2018 there are no longer any useable iOS parental control applications.

So now we wait to see if Jana Partners and the California State Teachers Retirement System can push Tim Cook to add remote MDM to iCloud. I doubt they’ll succeed. Next it’s up to the EU.

Update: Apple introduced a Family page and branded it as doing something in the general direction of supporting vulnerable users. That’s not a positive sign.

Qustodio parental control software for iOS is obsolete.

I did a review of Qustodio’s parental control product for iOS on my special needs blog. It wasn’t a positive review. The product routes all traffic through their VPN — and the VPN can’t handle SSL traffic. That might have been acceptable in 2010, but it won’t work today.

I’m feeling grumpy about the time I spent finding this out — not to mention the $10/month subscription I paid for. The lost time was the bigger deal though. The reviews I’d read led me to think the base product worked, so I spent time checking out other features.

Qustodio must know about the SSL issues, but they’re continuing to sell the service. That’s not nice.

H2O Wireless - getting a nano SIM for your upgraded phone - and keeping your old H2O number.

H2O Wireless is a rock bottom ultra-cheap AT&T MVNO. We use it for the 3 kids and their iPhones, with very minimal data services (Find Friends, email, Find My Phone — everything else is more locked down than even Emily and I).

 

Child #2 costs us about $40 a year - the minimum to keep his account open. He doesn’t talk or text much and is almost always on WiFi. He plays games. #1 costs about $10 a month — he does SMS, iMessage, and a few other apps. His data usage is primarily Apple’s utterly mysterious “iTunes Accounts”.

 

#3 runs through $10-20/month — she might end up on our AT&T plan. Lots of texting.

 

Our total child cellular service bill with H2O is about $25-$30/month. Hard to beat for 3 kids. In theory there are no data services with the H2O per minute plan, but we installed the H2O Profile and we get “4G” data. (Though on #2’s i5 if I enable LTE the tower boots us off the network)

 

Of course there’s a downside to the low end of the network. Although H2O’s web site has improved significantly over the past few years, service can be tricky to get. Some things are hard.

 

Things like … getting a Nano SIM so my son could go from a dying 4 to a used 5 [2].

 

The first time I called H2O Support (1-800-643-4926) I was told I could use the number transfer request screen and transfer the number from H2O to H2O, providing a fresh SIM number and an IMEI. Warning: this does not work (at least, not entirely, and not for us).

 

On a second call I was told that only H2O reps can do the transfer. You have to buy a fresh H2O Nano SIM and call them with the “ActFast” code. They will then try to activate the phone with the new SIM. Sometimes it works, but for some numbers/SIMs it doesn’t. (Life at the low end.)

 

In our case I ordered an H2O “Smart SIM” on Amazon for 0.01 [3]. I called support with the SIM in the phone; surprisingly there was no wait. The support person was able to activate the phone, interestingly he didn’t need the IMEI. The initial signal was very weak, he told me to “dial”  ##21# — that supposedly requests service from the tower. It did seem to boost the signal.

 

I’d already installed the H2O profile, but I deleted the old one and reinstalled. I found he could get “4G” data (not bad), but when I tried to enable LTE the tower cut us off. (H2O says per-minute plans get no data, so I can’t complain.)

 

After the transition the web site says #2’s balance is intact. Which is pretty good, because after years of paying for the number with minimal use he has quite a nice balance.

[1] not backed up by the way, so you need to reinstall if you do a restore

[2] I actually cut down his old Mini-SIM to nano-size and it worked, but I’ve never been able to get data on his SIM. So I wanted a fresh Nano.

[3] I’ve ordered several Amazon SIMs. The first time I did it I assumed it was a scam. It doesn’t seem to be, I think the sellers get money from H2O and the like every time a SIM is activated. They’re $15 from the H2O site.

ptel Real Paygo fatal flaw: it's a prepay plan that runs up overage fees

One of the reasons we use prepaid plans for the kids is that there should be a natural limit on overages. If Apple’s mediocre iPhone Cellular data controls break down, perhaps due to the iOS 7.1.2 cellular data bug [1], our losses are capped.

Not so with ptel Real Paygo, a service I recently compared to H2O mobile. My son’s cellular data was disabled two days ago, and when I inspected his account I found this notice:

His did make use of that data, perhaps due to an iOS 7.1.2 bug (thanks Apple) [1]. He still shouldn’t have run up an actual overage however. ptel should have run his account to zero and then cut off service. Instead they ran up the equivalent of 3 years of his typical usage - perhaps due to problems in ptels accounting infrastructure (in which case the honorable thing would be for them to “eat” the overages they didn’t block).

I haven’t bothered pursuing this with ptel — I’d been planning to switch my sone back to H2O wireless after H2O provided a profile to enable 4G data services on the AT&T network. So I abandoned the ptel number. He doesn’t get that many phone calls, so reactivating iMessage on these MVNO networks is the primary pain. I’m just glad this didn’t happen to my daughter. Changing her phone number would be a Richter 10 crisis.

I hope H2O doesn’t have the same abominable practice. Google searches didn’t turn up anything about this practice, but I might not have the right search terms.

[1] My son ran through 1.2 GB of Podcast data on his prepaid account. I have screenshot evidence that Podcasts.app was set not to use Cellular data, and when I inspected his phone changes to the cellular data controls were restricted. Nonetheless, Podcasts.app cellular data access was enabled. I’ll keep an eye out for a class action suit …

Review: Maxell AirStash WiFi media server: iTunes movies to iPhones for long car trips

The Maxell AirStash Wireless 8GB Flash Drive [1] is designed to stream movies to kid's handheld devices on long car rides [3]. It probably has other uses, such as backing up photos or serving music, but I think movies is what everyone buys it for. That's why we bought it -- so we could stream iTunes purchased FairPlay DRMd .mv4 movies and television episodes to our 3 kids devices.

So, did it work?

Yes, but, unfortunately, not very well. I was able to stream The Avengers (iTunes SD) to two devices fairly well, but once I added a third device watching the same movie the stream became unreliable. The device is supposed to be able to stream 3 movies at once, but perhaps they mean 3 different movies. Or, more likely, it can't really stream 3 SD resolution movies at once. I suspect it can stream 1 HD movie, 2 SD movies, or 3 movies ripped to iPhone screen resolution [4].

Since we have 3 kids, this isn't a great solution. We might still consider using it, but the SanDisk Connect 64GB Wireless Media Drive Streaming is supposed to be available in the next 1-2 weeks. It is less expensive, has much higher starting capacity [2], and claims to stream a movie to up to 5 clients (so probably 3). We've processed an Amazon return on the AirStash, but we may still keep it if we can't get the SanDisk in time for our trip.

Beyond the disappointing, but not surprising, performance issues I'll quickly list a few observations:

• It's a bit bigger than it looks in the Amazon photos, it can fill a good portion of an adult hand. It fit the chargers in our van, but for some USB chargers you'll need a USB extension cable.
• Although it has an internal battery, it's clearly designed to run off a car USB charger. The manual suggests leaving it in the charger.
• It's a pain to turn on/off. I'd kill for a simple switch instead of these quirky push buttons that require a manual to use. The indicator light is worthless when the device is charging, I found I had to unplug it to know it's power state.
• It takes about 15 seconds to boot up, so be patient waiting for WiFi to appear.
• The AirStash is controlled by the (WebDav client) iOS AirStash+ app configure settings. You can use this to rename it and play media. FairPlay DRMd media is passed to Safari [5], Safari in turn passes it to iOS QuickTime player (videos.app). As long as the DRM on the movie matches the iTunes account on the iOS device then the movie will play. There are no chapter controls, you can often move through the movie timeline but not always. For a single user movies play well.
• I was able to lock up iOS AirStash+ fairly easily and had to kill and restart it several times.
• On initial use I was told a firmware update was available. The installation directions were poorly worded, and, again, it's hard to see the power/firmware update status light when the device is charging. It worked after some fiddly.
• I don't think you can stream a movie when it's connected to a computer. I'm not positive, but it didn't seem to work in my testing. It's fine when connected to a power supply.
• You can put movies directly on the FAT32 formatted SD card or plug in the AirStash and it will mount. You can use Folders to organize your media.
• It comes with a plastic cap that doesn't fit on the end of the AirStash. So it will get lost pretty quickly.
• When I typed 'airstash.net' into my desktop Safari while connected to the WiFi I did not get anything back. It's supposed to show the file system, can't say why that didn't work. I didn't pursue further since I won't use the device that way.
• I didn't test how it behaves under prolonged load, but I'd be sure to keep this near a cooling vent in the car. Heat dissipation must be a challenge and prolonged overheating destroys devices like this.
• I was able to use a 64GB SONY SD Card with the AirStash, but I had to reformat it to FAT32 on my Mac. [6]

See also:

• Using an MacBook as a car server for multi-device home sharing doesn't quite work 8/2012. I'd forgotten Charles Stross used an AirStash as his pocket NAS device.

- fn -
[1] The AirStash ships with an 8GB SD card, which is really only practical for testing. You can buy a 16GB version, but obviously that's a waste of money. Most will buy the 8GB AirStash then get a 64GB to 2TB SDXC card - but see [6].
[2] 64GB internal, plus external slot available.
[3] It is perhaps not obvious why one would want this. It's a pain to put movies on/off iPhones when traveling, this way we could take our video library with us.
[4] I suspect the ideal use case would be someone who (illegally) rents Amazon DVDs and rips them to iPhone resolution, building a compact library that is streamable with a relatively low powered device.
[5] Safari is disabled on our kids phones as a minimally effective parental control measure.
[6] SD cards above 32GB come exFAT formatted, and the AirStash won't read Microsoft's patented exFAT. Which is how I learned that whereas Windows machines won't format FAT32 above 32GB, Mountain Lion will happily do at least 64GB and the (Linux powered?) AirStash will read it.

Update: My Amazon review (A minimally edited copy of this one). I'm going to test streaming from my MacBook Air.

Update 7/27/13: Ok, forget the SanDisk: "SanDisk’s drives don’t work with video content you buy from Apple’s iTunes Store at all". So they didn't figure out the Safari workaround AirStash uses. Guess we'll try to make the AirStash work after all.

Update 8/26/2013: We used the AirStash daily for two weeks and it worked quite well. Note we ONLY have SD movies and a lot of what the kids stream is animated and uses much less processing and bandwidth. Also, it was in practice rare for all 3 to stream video at the same time. So, despite failing my 3 stream test, it worked in practice. Kids had no trouble with the necessarily awkward viewing via Safari.

The biggest problem is that the AirStash, with its protruding USB and big body, is an accident waiting to happen. One child stepped on it and partly broke the plastic body. It continued to work, only insert with a flexible USB extension cable and making a protective container from a plastic "tupperware" dish.

The biggest annoyance is the on/off switch switch. I'd love a simple on/off slider. It was often hard to tell if the device was running.

Update 3/27/2014: You can use the AirStash to move files between iOS devices - including ePub files. It shows up as an option in the iOS share list in many apps; from AirStash.app use the copy function to move to AirStash device. Firmware updates are scary; if you plug it into a Mac you need to Eject before update will commence. Really, when doing firmware updates, plug it into a plain charger.

Airport network configuration: Finding Mac address to put into Timed Access Control

I'll get my rant of out the way. AirPort Utility 6 was the start of Apple's year of drifting downhill. The good news is that Mavericks is giving us some hope that Cook has a balanced approach to managing complexity.

 

Ok, rant over. You are reading this because you want to Control access to your wireless network - maybe because a local teenager is still learning the network access rules. Open Airport Express and search for "Control when a user can access your network". You'll get something like this:

... Click Network, select Enable Access Control, and then click Timed Access Control.
Click Add (+) and enter the MAC address and description or name of the computers you’re letting access the network...

What the directions don't tell you is that if you're in bridged mode (extend network) you need do this on the AirPort device that assigns IP addresses, typically the one connected to your DSL/Cable modem.

 

The UI is very unclear, but I think you can enter EITHER the MAC address (media access control address -- every ethernet device has one, whether wifi or wired - it's one way devices get traced. No relation to Macintosh.) or the "name of the device" [1]. But how do you find the MAC address for, say, an iPhone?

 

This way:

1. Airport 5.6: wifi -Use AirPort 5.6 Advanced:Logging & Statistics:Logs & Statistics:DHCP Clients from the DHCP serving device (only device unless you have bridged network like mine). You can copy paste the MAC address.
2. AirPort Utility 6.x: Find IP, Mac, and network name for WiFi (not ethernet) devices by holding option key, then double click on the AirPort advice providing DHCP services. You will see a new 'Summary' tab, click outline icon in wireless client list to see details. The MAC address is called a "Hardware Address". You can't copy paste it (insert sound of teeth grinding).
3. AirPort Utility for iOS: (Best). Tap each device on your network that can have wifi clients. Tap "Wirless Clients" then tap name. See IP, Hardware address connection details. You can tap Hardware Address to copy it. Mail or otherwise share it to your Mac so you can set timed access; you can't configure Timed Access from an iOS device.

From the Mac address you can set timed access control.

• Airport Utility 6.0 - Mac OS X Hints: how to install Airport Utility 5.6 using Pacifist (there are some free utilities for this too, google it)
• Was AirPort Utility 6 the start of Apple's year of drifting dangerously? 6/2013. Mavericks gives me hope Cook might turn this ship around. 

- fn -

[1] For an iOS device the Name might appear in iTunes, but I think spaces get replaced with hyphens. Better to use the MAC address.

Facebook's parental monitor page - aka Activity Log

For the moment, until the next state mandated revision, Facebook has a Page I can use to track #1 son's Facebook activity with a URL of the form <https://www.facebook.com/first_name.last_name.2345/allactivity>. [3]

It's currently called the 'Activity Log', if you poke around you can currently find it under 'Privacy Shortcuts' (lock icon by user name in title bar) / "See More Settings" / "Privacy". Look under "Privacy Settings and Tools" for the wee link 'Use Activity Log' [6].

As far as I know it's not intended for this purpose [4]; it's designed for users to edit their visible timeline [1] . It does, however, list most of the account owners save pages visited. There's a long list of activities including Posts, tags, hidden posts, likes, comment, friends, games, following, and, most critically for this purpose, Search. [2]

So the Activity Log is a very valuable resource for a parent or guardian who wants to track their 13+ [4] child, either because this is an exceedingly good idea or because they are that kind of parent or both [5]. A parent might, for example, schedule a weekly review of the Activity Log...

 - fn -

[1] You can hide and delete posts and change post dates. It's also available for Pages and supports viewing scheduled posts.

[2] It doesn't, however, show pages visited by link. It is, incidentally, a nice summary of a fraction of the information Facebook uses to sell you.

[3] Activity Log came with timeline, but I was unaware of it until today. It's available on Facebook.app for iOS as well.

[4] But it may be designed for this purpose. Facebook wants to support accounts for childre under 13 and this could be a part of any future support.

[5] If you can't figure out why this might be a good idea for some children and adults you have much to learn.

[6] Yes, that's mine - but if you can see it then I have a problem :-).

See also:

• Gordon's Tech: Legal Gmail for kids under and over 13 with Dreamhost Google Apps or Google Apps for Business 2/2013

Legal Gmail for kids under and over 13 with Dreamhost Google Apps or Google Apps for Business

In the US, Google Account owners must be over 13, in the Netherlands it's 16 [1]. It's common to lie to get accounts for younger kids, but this can cause an account lockout and 30 day deletion. [2]

So how do kids under 13 get personal email? All services have similar rules.

The exception, of course, is Google Apps for Education. They provide Google services, including calendar and email for children of all ages. The trick is that this group is excluded from Google's predatory business model [3]; the services are paid for and the school district assumes liability.

Is there something similar that's available outside of Education?

Well, there are Google Apps for Business (and on-profits) of course. I was unable to find any age requirements for businesses that buy Google Apps for Business, nor any requirement that the business had to be, you know, a real business. Google isolates business data from its ads and data mining so I expect US laws on protection of children from being packaged and sold do not apply. 

At $50/user a year though, Google Apps for Business is a bit dear for a family of 5 (though the phone support is no little thing).

Unfortunately Google Apps for Nonprofits is not an option; you really do have to be a legal nonprofit.

Six years ago our family grandfathered into Google Apps through the now-defunct free option, and those users have since acquired full range of Google Services [4]. Alas, that's not an option any longer.

I think the cheapest legal option is to sign up with a hosting service that provides Google Apps for your registered domain. I can personally recommend Dreamhost for this, based on my 6+ years of experience and the (unusual) fact that they handle Domain registration for their customers [5].

At approximately $100/year ($50 for first year or $97 for two years if you use my code [7]) Dreamhost's Google Apps service for a family of five is less than half the cost of Google Apps for Business -- albeit without phone support. On the other hand, Dreamhost also provides other web services including web hosting, Wordpress (ex. kateva.org/sh), web apps, etc [6].

There are other hosting services that provide Google Apps for potential family use, but Dreamhost is the one I know.

 - fn -

[1] YouTube has an 18+ requirement for some videos, and Google Wallet is 18+. I don't believe either one is practically enforcable on most devices; maybe on Android or Chromebook depending on parental controls.

[2] It is noteworthy that Google's requirements for reversing account lockout are much more robust than their account recovery options. This says something about the power of laws and what Google could do to manage identity if they were forced to. The effective workaround is that a parent authorizes a credit card transaction on their own account, thereby technically committing fraud and assuming liability. The liability assumption is what matters.

[3] It's not that Google is particularly evil, this outcome is an inevitable outcome of their business model. They can no more resist this outcome than a species can resist Natural Selection.

[4] Not G+ though. It was once 18+ and is now 13+ regardless of Google Apps.

[5] Most hosting services have another party handle domain registration, and many of those deliver poor service.

[6] Admittedly more of a specialized interest these days.

[7] Just enter KATEVA when asked for a registration code. I set it up so users get the maximal $50/97 discount; I get a kickback but I set my kickback to maximize the user discount. Dreamhost supports Google's mutlifactor authentication framework, so I authenticate using Authenticator.app on my iPhone.

How should I transcode my home analog video?

Twelve years ago I was keen to digitize my home video tapes - on a 400 MHz Celeron system.

Eight years ago I wrote "The thought of losing the kids' taped videos is not comforting. I need to do this sooner rather than later.". At that time I experiment with transcoding through a Canon digital camera using iMovie and a G3 iMac. I figured my G5 would do the job in 2005, maybe with its capacious 40GB drive and a stack of DVDs.

Now I have a slightly aged 2.7GHz i5, 8GB RAM, and several TB drives -- and my analog tapes are 8 years older. Maybe I'll do it this year, even though I hate digital video [1].

I'm trying to warm to the idea. The big difference over 8 years ago isn't processing power [2], it's cost/MB and the gradual emergence of H.264/MPEG-4 Part 10 (AVC) as a relatively standard format for video. The National Archives recognizes there's no real AV standard, but their list of formats they work with includes MPEG4.

If I do finally walk though this, I don't want to bother with DVDs. My current plan is:

• Purchase two 1TB drives. Digitize everything we have to one of the drives as MPEG4 video and MPEG4 audio.
• Clone that drive and keep one drive on site and one drive offsite, repeat every few years.[3]
• Use my old Canon digital camera with passthrough to digitize my analog tapes, then compress on my iMac and store with a file naming convention to reflect date and time information. (I'll consider the Canopus though.)
• Convert my collection of digital tapes (DV) to H.264 as well

I don't know what software I'll need. Can I do what I need to do with iMovie/QuickTime Pro, or should I buy Final Cut Pro X? I'm not planning to edit, but if I were I'm pretty sure the current fork of iMovie won't do the job.

Update: Apple offers a free download for FCP/X. So I will probably try it out.

See also:

• Good advice on digitizing video (Tidbits) 12/2004
• Home Video Editing started 6/2000! (Pass through with a Canon ZR 60 in 2003)
• Digitizing Video: Tapes - extensive Macintouch archives
• BYTE Media Lab 2004 Imaging Awards: Analog to Digital Converters 4/2004
• Why I hate video: Format, codecs, DRM and m4v vs mp4 7/2011
• Amazon.com: Canopus 77010150100 ADVC110 Converter: Electronics (old tech, good reviews, $218) 2/2012
• REC.VIDEO Google groups/usenet posting: Video degradation with S-Video analog transfer vs. A/V mini-jack connection 3/2005

[1] In Jan of 2010 I discovered a 12 yo WMV formatted video was unplayable; I was able to use Windows Movie Maker to convert the 23MB WMV file to a 311MB DV AVI file. Digital image formats are a friggin' mess, but video is at least ten times worse. No metadata standards, crazy patents, non-standard containers, audio codecs, video codecs - yech.

[2] Yeah, the machines are a hundred times faster. But compression can run overnight.

[3] By 2020 I assume we'll have 100TB main system and backup drives, so storing my old video with my routine data will be trivial. By then a single snapshot will be a GB.

Update 12/14/2012: Emily picked this project for her Valentine gift, so we're off. I found a 300GB drive and LaCie firewire enclosure I'd forgotten about. So far video capture seems to be proceeding well from a 12 yo Hi8 analog tape; there's a thin sliver of artifact at base; I think capture frame is bit taller than the image frame. Setup at the moment:

• SONY Hi-8 TRV65 with S-video and RCA audio out to ...
• Canon Optura 50 with firewire out via secondary port on LaCie to ...
• iMac i5 2.7GHz, 8GB RAM
• Final Cut Pro X (trial version. There's no more academic pricing for Apple products distributed through app store. I expect I'll buy full version. So far this is the big expense) saving project to ...
• External firewire LaCie drive (300GB)

Both cameras are on external power. I needed my old manuals, had the SONY and found the Optura online. Getting passthrough working was balky, FCPX only gave me about 10 seconds to start then it turned off import due to lack of a signal. It can't operate the Optura 50 in pass-through mode, I haven't tried yet with a tape installed. Once I hit the play button fast enough I was ok.

I'll have data on file size tomorrow. FCPX imports using its default Apple ProRes format.

Operating the old SONY feels primeval. It's 15 years old, feels 50. It is weird to see the kid video. Plan is to put a library of MP4 versions (no editing really) on iTunes on a an old G5 with a largely unused drive. We can browse, play from iTunes.

Update 2/15/2012: Not so good. Nothing captured! Looks like I need to read the manual, or perhaps FCPX won't work at all. It certainly showed the video, but it didn't save the event. It also didn't stop recording when the input ended.

Update 2/15/2012b: QuickTime Pro is not an option. I was able to create a @2 hour 25GB .dv file using iMovie 11, but then iMovie 11 got stuck 'generating thumbnails'. I think that bug, however, was triggered by connecting an iPhone to my iMovie machine. Disconnecting the iPhone did not clear iMovie, I had to kill it. On restart my video appears to have been captured and iMovie seems to have stopped input about 2 minutes after the end of tape. Thumbnails are fine - all 1.5GB of them. More on the results and process in a follow-up post. I'd like to take a look at Adobe Premiere Elements.

Update 2/16/2012: Gordon's Tech: iMovie 11 and analog to digital videotape conversion by passthrough.

Update 2/17/2012: I experimented with QT 10 movie capture. The trick with passthrough conversion is to first start the video stream, the click record. Otherwise QT exits. I captured 30 min of video at 9 GB; QT Inspector says the codec inside the saved .mov file is dv.

I've read that this will import into FCPX, so I may try that again. My next experiment will be to see if I can record over 10 GB (1 hour of video). There are many reports of QT recording stopping with a 'size limit' message at varying file sizes, in my case that's what displayed after I stopped the video stream.

Organizing kid school accounts with OS X: Chrome to the rescue

In the twilight of the general purpose computer, I struggle to balance OS X and Apple tech, Google services, parental obligations, and getting work done.

Our iOS  and OS X devices are parental controlled -- at least as far as they can be. Among other things, that means Google services are unavailable on child accounts. [1].

Schools, however, make increasing use of Google Apps [2]. This is how I reconcile that use case with our general approach to home computing:

1. You need the username and password for the school Google Apps account. Example: kid_name@school.mn.us.
2. Create a single non-controlled "homework" account on the primary homework machine.
3. Use Google Chrome, not Safari, for this account.
4. In Chrome create a user account for each child. For each account, from Chrome Preferences, choose to sync Google. You will be asked for the school user name and password.
5. Add gmail, docs and so on to the toolbar.

Each child uses this single OS X account with their own Chrome identity. Use of this account requires direct parental supervision. It is used only for homework. On personal OS X accounts our kids don't directly access our Family Google Apps domain, they use OS X Mail.app, for example, to get email. They don't know their Family Google Apps passwords.

[1] Partly by design and partly due to market disinterest, Google services are not compatible with OS Parental Controls.
[2] Alas, this transition occurred even as Google's Hyde crushed its Jeckyl.

NYT's Tedeschi misses the iOS Porn story

Sadly, Bob Tedeschi, who should know better, missed the big story in his NYT article on Porn and iOS parental controls.

When he wrote that it was "an hour's work" to secure an iOS device I almost snorted coffee out my nose.

This is the article I wrote him:

re: Safeguarding a Child’s Mobile Device From Pornography

Bob, I'm surprised you missed the truck-sized loophole in Apple's iOS Parental Controls. Alas, by missing it you came to precisely the wrong conclusion.

It is not 1 hour's work to secure an iOS device. It is almost impossible.

The loophole is embedded WebKit. Disabling Safari does not disable WebKit.

Almost all free Apps, and many commercial apps, include links that will, when clicked, bring up an embedded WebKit browser. From that browser it is often only a few clicks to anything.

For example, my 15yo showed me how he could use the links on this travel app to bring up wikipedia, and from there Google.

Almost all iAds, and all Google platform ads, use Webkit.

This problem is common in apps that are rated for children.

The solution is simple. Apple should provide an option to block Webkit use as well as Safari use. They haven't done this because they aren't feeling any pressure, and their ad platform is already doing poorly.

I am sorry you missed a golden opportunity to put some pressure on Apple, but I hope in a follow-up article you might mention this.

You can write him too.

Update: I was amazed and impressed to get a personal response to my email - on a Sunday night! He's verified the issue and is now researching it. Wow. I am a fan.

Parental Controls on iOS and OS X: what we do now

A year or two ago I wrote about how Google and Apple have both failed Parental controls. Since then things have not gottenmuch better.

In response to a comment on an old post, this is the compromise I use for the children's accounts on iOS and OS X.

1. Google is blocked. I find Bing searches easier to track and control because it doesn't use https.
2. Children get our family Google Apps domain email through mail.app IMAP, not through Gmail.
3. Children access our family Calendars from their iPhones, not from the desktop. (I could use iCal on the desktop, but iCal is one of the worst pieces of software garbage ever produced.)
4. A 'Family and Learning' account can be accessed at any time. It has very limited net access, has WorldBook, has apps, iTunes, etc.
5. Each child has their own account. Parental control is set to 'automatic'  with a few domains specifically allowed. I was never able to get domain specific filtering to work. After they are on the computer I review their browser history with them. They could of course delete specific browser pages, but I don't believe they have (the computer is very visible and public). I stopped reviewing log files because Apple's log file review UI is almost as crappy as iCal.
6. Because iOS apps have so many back doors to webkit, particularly via ads, we don't use any 'free' apps. Safari is disabled. For now we allow iTunes despite the content it provides -- the boys are getting older.

This works for us, but Apple's Parental Control support is lazy and incompetent. They simply don't care.

Android/Google, as best I can tell, are worse. Note that Google Gmail explicitly states all US users must be 14 or over (COPPA partly, but really this is a Google copout). i don't think Android OS includes any default parental controls.

I don't know how Windows 7 does. I suspect it's a bit better. I can't find anything about parental controls in Metro/Windows Mobile.

See also:

• Back to the future: OS X Parental Controls, DVD Encyclopedias, and MacKiev 9/2011
• Steve Jobs hates me: Viewing Mac OS X Lion Parental Control logs 8/2011
• OS X Parental Controls Review - State of the art in OS X 10.5 and 10.6 6/2011
• Parental controls: Apple and Google joint fail 6/2010

iPhone on a budget: The AT&T GoPhone PayGo Option

AT&T is facing the end of their SMS lifeline. They're responding with innovations -- of a sort. For my family, their latest move is adding $35 a month to our bill.

So we're innovating too - by migrating away from SMS based texting sooner rather than later.

We're also looking at Paygo alternatives; moving the kids' iPhones off of our family plan. My friend Gordon F explained how it works, but see also a TUAW article of 8/11.

Here's the short version of Gordon's scheme:

1. Move your old number to Google Voice ($20 to Google) if you want to keep it.
2. Start with an AT&T GoPhone plan. You'll need any old AT&T dumbphone, borrow one or dig something out of the closet.
   • Pay As You Go Online
   • AT&T GoPhone - Prepaid Cell Phones
3. At the AT&T store get a GoPhone SIM in your dumbphone paying the minimal fee for the 10 cents/min voice plan.
4. Buy a $100 airtime card. This card has a 1 year expiration time.
5. If you want data, buy a $25 500 MB data package. This normally expires in 1 month, but then each month buy a 10MB $5/month on an automatic purchase plan. This causes the data package to rollover. Over two years total cost is $145 for 740MB.
6. If you want texting pay $5/month for 200 messages.

I've yet to way the costs of this plan against keeping the kids on our family plan and dumping SMS in favor of data messaging. I think the total costs will be close.

Update 111111: Must be in the air. Lifehacker did a story on this a couple of days after my post. I found some mistakes there and nothing new, but it's clear there's demand for data-free iPhones.

Back to the future: OS X Parental Controls, DVD Encyclopedias, and MacKiev

I was born into a world of progress. Things were supposed to get better, the old would fade away.

That was then. Now we live in a whitewater world. One year we get the iPhone, another year movie viewing fails. Bits and pieces of solutions come together then fall apart again. Cloud services come and go with bewildering speed (fear the cloud).

In this world all-but-forgotten DVD Encyclopedias are making a return to our home. That's weird.

They're coming back because OS X Parental Controls have failed me [1]. Lion's PC "bug fix" was the last straw.

Sure, I blame Apple -- but it's not their fault alone. For reasons both good (bypass tyrants) and bad (involuntary marketing) the web fights controls. I can't win this fight.

So, in addition to the child accounts we monitor by log tracking (%$$# OS X Log Viewer), I've created a completely open account on one of our machines. That account can be open ... because it has no net access. None at all.

This account has old-school local apps like iTunes (access to our media server, App Store and Ping disabled) and AppleWorks. The machine is old enough to also include a 6+ yo copy of World Book encyclopedia.

That old encyclopedia could do with a tune up. So I took a look at what's available in DVD land. Amazon has the 2011 copy of EB (Mac/Win) for $23. That's a good end-of-year deal, but I'm skeptical about the quality of their OS X software.

On the other hand, MacKiev, a Ukranian OS X dev shop that did a great job resuscitating Mavis Beacon Teaches Typing produces the Mac version of World Book Encyclopedia. It runs on both legacy and Intel machines all the way from 10.3.9 (!) to Lion. It's more money ($40) but I'll give it a try once the 2012 edition comes out.

I've really got to hold onto my old software going forward.

[1] Incredibly, iOS is even worse.

How information leaks on Facebook: a semi-private URL vs. Picasa web albums

This is mundane, but worth noting.

For years we kept some shared family material private by not sharing the URL. It worked, the site was never indexed -- until recently.

I'd shared one of the album URLs on Facebook. That did it. Even though my page contents are shared only with friends, I suspect Facebook indexes any URLs it comes across. Probably most of my friend's Pages are not themselves public, so their view of my post was probably shared.

It's not a surprise that the URL leaked, but it's noteworthy that it remained private through tend years of Google. It only broke when I started using Facebook.

I renamed the URL, so it's secret again. I won't publish the new URL to Facebook, I'll return to sharing by email.

So what about Picasa Web Albums? They are also commonly shared by exchanging a "secret" URL, and I've shared some on Facebook. Interestingly these aren't indexed in Google, perhaps because Google doesn't index non-shared albums.

iPhone for kids: The Achilles Heel

For one brief shining moment I thought Apple had a good kid platform ....

Gordon's Tech: The kid's iPhone - configuration and AT&T

...As a computer, his iPhone has one large advantage over his desktop accounts. On the desktop Apple and Google together have totally broken OS X Parental Controls (MobileMe is the worst). On the iPhone, once you remove Safari and YouTube, you have Wikipanion and and Wolfram Alpha and Google Earth and Public Radio.app and New York Times.app...

That was before my intrepid 13 year old tutored me.

The problem is that a lot of iPhone apps use WebKit, and blocking Safari doesn't block WebKit.

So Google Earth has a Wikipedia layer. Click on the W icons, and it launches WebKit. Click around a while, and eventually you get to places I don't want my kid to go.

Scratch Google Earth.

AppBox Pro has lots of little tools he might like -- but it also includes iGoogle. (Why? Don't ask me.)

Scratch AppBox.

Wolfram Alpha looked good. Math, research, but no web. Oops. Except for the "Search the web" link at the bottom of every page that opens an embedded WebKit page.

Scratch Wolfram Alpha.

Houston, we have a problem.

Update 10/4/10: Google's AdMob ads give YouTube access from Pandora.

Configuring iTunes to reference apps from a shared folder

9/25/10: With the latest release of iTunes it doesn't work any more anyway, you no longer get the prompt to find all your missing apps at once. So never was safe, and now doesn't work at all. Retained for historical purposes, plus it has some interesting links and a FairPlay discussion.
---
Oops. Don't do this, it causes iTunes to put every app on every phone synchronized with the share. Evidently iTunes writes metadata into the app file! I wonder if it's an extended attribute on OS X. A terrible design!
----

Sharing DRMd (FairPlay) material, such as videos and iPhone Apps, in a family is fraught. It's technically complex, and it's commercially complex. Rights holders, for example, probably want a BrainLock implant for every customer, so only one person can ever hear an iTunes song.

Given the commercial issues, Apple's FairPlay licensing is surprisingly generous. Wikipedia has the best (only?) summary, though since they're describing music it's obviously dated (Apple store music is rarely DRMd now) ...

• The track may be copied to any number of iPod portable music players (including the iPhone).^[2] (However, each iPod/iPhone can only have tracks from a maximum of five different iTunes accounts)
• The track may be played on up to five (originally three) authorized computers simultaneously.^[2]
• A particular playlist within iTunes containing a FairPlay-encrypted track can be copied to a CD only up to seven times (originally ten times) before the playlist must be changed.^[3]

Fraser Spiers' iPad educational project shows how this works for apps. He configured five authorized computers and one master iTunes account, so all the apps could be distributed to a large number of iPads. (I assume Fraser compensated the App developers somehow as this is a bit outside the usual scope of distribution.)

FairPlay may be generous, but iTunes really expects a single user. Even if every user on a computer shares a single iTunes account (ex: Dad's account), each has its own content collection. With iTunes 9 Apple enabled a sort of sharing, but it requires physically copying files.  Even in the days of TB drivers this can be wasteful.

When it comes to Mobile Applications (.app) this is particularly annoying. Each user's apps get updated separately for example [1]. So if Emily and I share the 1.5GB NAVIGON.app we each have a copy, and each copy is updated separately.

On the other hand, if you have every device sync to a single iTunes, users can't sync to their individual iCal or Address Book and content ratings and Smart Playlists become a bit of a struggle (ex: "last played" rules assume only one listener!). So in the old days many of us geeks gave each iPhone user in the family their own account. We used tricks like iTunes music 'include by reference' feature and its amazingly versatile drag-and-drop media behavior to sort of work around these limitations.

Now that most of sync to Google Apps via Active Sync rather than directly to our desktop accounts it really makes most sense to sync every device to one account (screw ratings). I'm doing that for the kids, but Emily still has her own account. Thanks to the 'include by reference and media drag and drop' technique we do ok with media, but Mobile Apps don't support include by reference. You have to copy them. So I've been using Apple's Family Sharing for apps only; it monitors additions to the master iTunes Library and copies the apps to her iTunes Library.

This had an annoying side-effect that all of our App updates had to be done twice, but when I bought the 1.5GB NAVIGON turn-by-turn GPS app things got really annoying. For geeks of my generation, 1.5GB is a lot of storage to waste (including backup of course).

I tried various tricks to get her iTunes to reference Mobile Apps stored on a Public Share on the computer that holds both our accounts. I tried Aliases and a I tried Symbolic Links to both apps and to the Mobile Application folder. Nothing worked ... until ... by chance ... I stumbled on what did work.

This is what I do now.

First I install apps to her account normally. Since we have Family Sharing setup anything I add to my account will be added to her account.

Then I did something like this (To be honest, I need to play with this a bit more, but if you're a geek this is all the hints you need. My apps are stored in a shared folder for which she has read/write privileges. If you're not a geek you shouldn't be reading this.):

1. In her account, move her .app files OUT of her iTunes Music:Mobile Applications folder.
2. Start iTunes for her, and right click on any of her App icons in the App view. I choose 'Get Info'. The App gets an exclamation mark next to it and ITunes asks if I want to locate the file. (Maybe I double clicked on the exclamation point?)
3. Choose Show In Finder (or ?). iTunes asked me where the file was. I navigated to the file in the shared folder on MY account and it accepted it. iTunes then asked me if I wanted to use the same path to update all other missing apps

That did it. Emily's iTunes now includes my Apps by reference instead of copying them. I only do one set of updates, and NAVIGON.app appears only once. Please note I'm not getting any extra privileges from doing this, I'm just saving disk space and update time.

All I need to do is periodically clean up her Library, update mine, and repeat this trick.

See also

• Sync iTunes Libraries Between Two Macs
• Working around iTunes lack of multi-user support
• The flaw in iTunes: 2 users, 2 iPods - and our brain locked future
• Tunes and the multi-iPhone family - two approaches

[1] Now that some App updates are iOS 4 specific, this ability to choose when to update may be a feature, but not I'm really getting complicated.