Showing posts with label phone. Show all posts
Showing posts with label phone. Show all posts

Saturday, April 22, 2023

iPhone Recovery Key attack vector kills your iCloud access: Workarounds pending an Apple fix including Apple ID protection

Someone who has your iPhone passcode can lock you out of your Apple iCloud and Apple ID services -- as well as take control of your iPhone and have access to all passwords stored in Apple's Password Manager (iCloud Keychain).

This can happen when someone steals your phone and obtains your passcode by the simple measure of threatening to kill you. Or they might see you enter your passcode or surreptitiously record entry. In bars drugs can be used to facilitate the process. This is often done as part of "borrowing a phone" for an "emergency call". (Never let anyone you don't trust with your life and wealth touch your phone. If it's an emergency make the call for them but ensure they don't record your passcode and don't let go of the phone.)

Once the thief has your phone and passcode they can change the victim's Apple ID password. This prevents the victim from locking the iPhone. The victim could still do the Apple ID password recovery process, so to get more time with the phone the thief can set a Recovery Key. If a Recovery Key exists they can change it. Setting a Recovery Key this way disables Apple ID password recovery. This gives the thief an unlimited time with the phone. It also locks the user out of all their Apple ID associated services and products including video, music, personal photos, personal documents, family sharing, other Apple devices, and the like. From the thief's perspective the Apple ID lock out is merely a side-effect. They may even feel a tiny qualm of sympathy for their victim. They do it to prevent iPhone lockout.

This is an Apple design problem. They need to fix it. Basically the iPhone passcode has far too much power -- especially since it has to be tapped in far too frequently and thus relatively easy to enter. Secondarily the benefits of the Recovery Key are limited to a few people and the with this technique in common use the risks dwarf the benefits. Apple should disable creation of new Recovery Keys immediately while they come up with a better fix.

TidBITS has one of the best descriptions of the problem following a somewhat confused WSJ article. I suggest also reading TidBITs preceding article on the problems with iCloud Keychain.

I was aware of most of these issues, but the Recovery Key hack is new to me. Again, if an attacker has control of your iPhone they can change your Apple ID password, locking you out of your photos, documents, Apple services, Apple media you've purchased, subscriptions, software, and more. At this point you can ordinarily reset your Apple ID password [1] through a tedious series of authentication steps or with the help of a previously specified Recovery Contact [2]. However, if you have set a Recovery Key you can't use these methods. You have to know the Recovery Key. If a thief sets or changes the Apple ID Recovery Key to prevent locking of the stolen iPhone you are truly screwed. Once you set the Recovery Key yourself Apple no longer stores it [3]; they can't recover your Apple ID even if they wanted to.

Apple has to fix several things here. It's insane that a six digit iPhone passcode allows access to all of the iCloud Keychain (Apple Password Manager) and setting up a Recovery Key. The power and risk of the Recovery Key is a separate problem and creation of new Recovery Keys should be disabled until there's a better fix.

In the meantime we've taken two steps on our our iPhones:

  1. Emily and I set each other up as Recovery Contacts to facilitate doing an Apple ID password reset in the absence of an Apple Device.
  2. Follow the recommendation of TidBITS to use Apple's Screen Time feature to prevent Account Changes. This requires setting a separate 4 digit ScreenTime code (PIN). When you do this Apple seems to require entry of Apple ID credentials that can be used to reset the ScreenTime PIN, but if you tap "cancel" you can continue without this step. That means an attacker can't use the Apple ID credentials they've stolen to unlock the account settings; they can't change an Apple ID password and they can't set a Recovery Key. (I think this can trigger an Apple Bug with App Updates and mixed Apple ID - see this article.)
I have not yet deleted all of my iCloud Keychain entries. I will go through mine and delete a few key ones. Apple really and truly needs to secure iCloud Keychain with an optional separate credential [4].

I do NOT recommend setting a Recovery Key.  An attacker with your iPhone passcode can change it anyway, and you won't be able to use Apple's standard Apple ID password recovery method.

- fn- 

[1] One time I tried to use login with Apple on a calendar service provider (Stanza). Apple evidently decided that was a bad idea and instantly locked my Apple ID. I had to follow the password recovering steps. If I'd set a Recovery Key and did not know the Key I'd have lost access to my Apple ID content (photos, etc) for all time.

[2] Setup a recovery contact NOW.

[3] I presume that when you do a standard password reset, or a Recovery Contact does a password reset for you, that behind the scenes Apple is using the Recovery Key they keep.

Sunday, February 02, 2020

My advice for managing online credentials

I wrote this up for a book project on special needs iPhone users (Explorers), but it's also my recommendation for non-geek iPhone users. Credential management is definitely an unsolved problem ...


Every Explorer online identity involves, at the least, a “username” for the Explorer, a password and  either an iOS app name or a web address (URL). Most online identities also require an email address for communication, password resets and (alas) marketing. They may now require a mobile number and the answers to “secret questions”. All of this information makes up an online “credential”; but we often use the word “password” as a shorthand for the whole bundle

It’s hard to manage online credentials. I’m pretty technical, but I still find it a tough problem. Lots of people get locked out of their online services and need to do password resets or even start over with a new account. One day I think Apple will provide a full solution[1], but to date they’ve been reluctant to take this on. 

The good news is that most Explorers can get by with maybe 10-30 credentials and they don’t need to know most of them (more on this below). The key is to use as few online services as possible. Remember, every online service is another credential to manage!

I’m going to suggest three-and-a-half ways a Guide can manage an Explorer’s credentials. Each has advantages and disadvantages. For all of them I have two strongly held recommendations about passwords:

  1. Don’t reuse passwords for these important sites. If a password is captured (happens!) it becomes part of hacker libraries and will be applied to other Explorer accounts.
  2. Don’t follow the usual advice to create long random passwords. You’ll go insane trying to tap them out on an iPhone when you can’t see the password characters. Instead combine random pronouncable words, letters and symbols that you can tap. The password should be at least 14 characters. Flip through a dictionary to pick words randomly. This is good enough. You aren’t protecting nuclear launch codes.

Option One: Pencil and Paper

You may remember being told not to write down credentials on paper. That’s like the old advice to treat back pain with bed rest. We were wrong when we said that. Writing credentials on paper and saving them with your home paperwork is super secure. That’s what hard core security geeks do.

This does require good handwriting, but it works for a small number of credentials assuming you follow my password advice. If you need the credentials when you travel you can take a photo and keep it with your personal iPhone photos (be careful not to share it though!).

You do need a backup! You could copy by hand and mail the copy to a trusted friend. In theory public photocopiers are not secure, so I’d say just take a photo and keep it in your iCloud photos (not shared).

Option Two: Use an iCloud Secure Note on a Guide’s iPhone

I recommend this for the passwords my Explorers manage for themselves. An iCloud Secure Note  is protected by both your iPhone’s unlock passcode and by a special Secure Note password. The iOS User Guide explains how to create a Secure Note.

An iCloud Secure Note is automatically backed up and you can review old versions of the note. It can also be shared with an Explorer who is able to manage their own credentials.

This method is less secure than paper and pencil but is also less work — and you can copy/paste passwords from the Note rather than type them on iPhone, Mac, or a web browser[2].

The main risk of this method is accidentally deleting your credentials! Be sure to print out the Note periodically and store the paper copy at home. You can also restore a prior version but this is less reliable. Just print.

Option Three: Use 1Password or another reputable password manager

This is what most computer experts recommend, but true security experts are more cautious. When you use a password manager you are placing a great amount of trust in the vendor. There are so many ways a password manager vendor could steal credentials. Even if a vendor is honest and technically skilled, their products can be acquired by someone less scrupulous.

Of all password managers 1Password is most often recommended for the iPhone. It’s what I use, though I don’t use their Cloud service[3]. The Cloud service is obligatory for most people though, and it costs about $40 a year.

If you’re just managing a few Explorer credentials Paper and Pencil is simpler than a password manager and definitely more secure. If you use a password manager for your own credentials then it may be a good place to store an Explorer’s credentials.

Option Three and a half: Use Apple’s semi-secret password manager

Apple would take over credential management for their customers. It hasn’t happened yet, but they have partial solutions. You can part of Apple’s solution it you have enabled Keychain in Settings:Apple ID:iCloud and you’ve accepted Safari’s offer to save web site passwords. Just say “Hey, Siri, show me my passwords”. You can also go to Settings:Passwords & Accounts: and tap on “Website & App Passwords”.

Another part of Apple’s solution is “Sign in with Apple”. Apple wants iOS apps to support this and there’s a way for web sites to use it as well. This method never shows a password, it works with Face ID or Touch ID[4].

Both of these solutions are a work in progress. We will know Apple is serious if they create a separate App for managing credentials instead of hiding things away in Settings. Not all iOS apps store credentials in the keychain and “Sign in with Apple” is just beginning.

They are convenient for web sites and apps that aren’t important enough to be properly tracked. Just let the iPhone suggest a password and then forget about it. The iPhone will manage the password and if something goes wrong nothing much is lost.

These three-and-a-half options cover Guide management of Explorer credentials. In my next section I’ll go over which an Explorer will need to manage themselves and how to transition from Guide management to independent management.


[1] Apple has a partial solution for web sites but nothing for passwords entered in apps and elsewhere. Their longterm solution is called “Sign In with Apple” but it’s unclear if it will succeed or how serious Apple is about this.

[2] Browsers are not very secure though, so viewing readable passwords in a web browser is not ideal.

[3] 1Password still supports an old local storage method. It requires a very technical user to setup, it’s not well supported any more, and it’s not super reliable.

[4] Since Apple doesn’t support a guest/parent/Guide Face ID this could block Guide support for an app or site. More on this in the final chapter on political action!

Saturday, January 12, 2019

Simplenote web (beta) version has much improved notes export

The beta version of Simplenote’s web client will export notes as text files and will use the note title as the name of the text file. When I’d previously exported from my Simplenote library the text files names were all GUIDs. 

This is obviously much better. It means, as long as you don’t mine plaintext, you can get your data out of Simplenote in a portable and useable form.

To use the beta version of the Simplenote web client use the URL simplenote.com/new.

I’ve been using nvALT to enable data freedom for Simplenote [1], but it’s good to have a second option. (nvALT works on Mojave, but had issues with High Sierra. I’m planning to skip from Sierra to Mojave.)

PS. Recently Simplenote added plaintext note import, though needs Electron version for Mac.

- fn-

[1] It took years longer than it should have, but Automattic fixed search in the Mac client.

See also

Saturday, November 25, 2017

Podcasts.app - sync Stations between iTunes and iPhone via iCloud, not via iTunes sync

Apple removed playlists from iOS 11 podcasts.app. I loved playlists. They were a beautiful user friendly query building tool.

Instead we have Stations, which are more limited. I created some in iTunes and some on my iPhone. They didn’t sync even though I transfer podcasts from iTunes to iPhone via WiFi/Lightning cable.

It turns out Stations do sync — but only via iCloud even though files may travel via local sync.

Once I enabled podcast sync in both iTunes and iOS my stations appeared in both. 

This is good, because one advantage of stations is that podcasts play consecutively. At least I think that’s why mine started playing consecutively instead of stopping after each podcast as they did earlier in iOS 11.

There are lots of weirdnesses in iTunes when it tries to combine sync via iCloud/Store with local file based sync from iTunes. It will be interesting to see if Podcasts does better at this than Movies does.

Apple is clearly heading towards the world where we have all have 2TB iCloud Drives, a 256GB local machine store for frequently used data, and special folders in iCloud for personally owned files that sync separately from Store files (ex: personal images, ringtones, podcasts, PDF, etc). There’s no resisting this one.

Update: It is a mess. Of course. Stations need a setting to only show downloaded episodes. One problem with Stations is that while they can filter out Played stations, they only know a station is Played as long as the file is around. If the file is removed and the show is in the Cloud then it is treated as unPlayed.

Tuesday, August 02, 2016

Simplenote is not dead -- and the joy of nvAlt backup

Simplenote.app, an Automattic product I use a zillion times a day, is less dead than I thought. They just released a version for Android, I installed on my ultra-cheap Moto e and in the blink of an eye my notes are there.

Before I did that experiment though, I made a backup.

I launched nvAlt and my local Mac folder of Simplenote RTF files was instantly updated. I then zipped up that folder — maybe 2MB. Stuck the zip in a folder of things like that. A record of the state of my extended memory on this day.

Only a geek can understand the warm glow I get from that special level of backup. The age old problem of Cloud backup (how do you recover a single mis-edited note from a month ago?) solved. (But will nvAlt work on Sierra? Brett Terpstra’s long delayed nvAlt replacement drops Simplenote support.)

Now if only Automatic would fix the #$!%%! broken search on (only) the Mac version. I confirmed search works on the new Android version.

See also

Sunday, January 04, 2015

Google Voice for the home - Obihai SIP/VOIP devices and porting landline number to Obihai/Google Voice.

Obihai Technology is marketing Google Voice use with their Obi VOIP-landline bridge products (SIP & OBiTALK VoIP services, $40 on Amazon).

Unfortunately there’s no way to port a landline number directly to an Obi device. Instead you have to use the T-mobile hack - port to T-Mobile then port to Google Voice (best documentation of this hack I’ve seen by the way). Once you’ve made this irksome port however, you do get to use GV’s great features from a home landline and VOIP. (Compare, however, to mix of GV, Bluetooth, Mobile, landline.)

Alas, the future of Google Voice is problematic — we know it’s going to be replaced by Hangout, but we don’t know what Google Voice features will survive. 

Still, it’s amazing to watch the twisty-turny evolution of voice communication. This is NOT what we expected back in 1994; then we expected voice communication to become essentially “free” by 1998. Remember that the next time someone predicts the evolution of the marketplace based on technological innovation. The market is very good at fighting back - for example. (Use a fax machine lately?)

See also

Saturday, January 03, 2015

Wanted - a way to make an old style landline work over a cellular connection.

My 93 yo father is a resident of a Canadian Veterans long term care facility. He’s doing pretty well there, but it’s a bugger to reach him. Their landline costs are very high, and installation seems to take eons. Vets who can use a cell phone are fine, but that’s hard for him.

What I need is a cell phone that looks and acts like this phone:

1

I’m sure they make these for the China market, they’ve turned everything into a cell phone.

The closest I can find in the US market is the Panasonic Link2Cell Phone (note, however, complex compatibility grid.pdf - 3GS is borderline).

Screen Shot 2015 01 03 at 8 22 52 PM

I could put an old iPhone in his room, leave it permanently plugged in and maybe this would work. It’s pretty complicated though he has used similar devices. (I think these are sold to people who  get rid of their landline and transfer the landline number to a cheap cell, but want to share a home phone.)

I fear what I really want is only sold in China  It’s either mobile that looks just like old red except that it has a plug rather than a phone cable, or it’s a bluetooth device that fools an old style phone into thinking it’s on a phone line.

Update: I found a few other options…

2

Thursday, December 25, 2014

Using TruFon to create a local Canada number that forwards to US Google Voice

My 93yo father is a resident of a long term care facility in Montreal. It’s been working well for him, but it’s not easy to reach him. He hasn’t wanted a phone in his room, their landline phones are ridiculously expensive anyway, and he can’t manage a cell phone.

This wasn’t a terrible problem until yesterday. For most of the past few months he’s used a local-only phone to call my my mother. When she died last week we were all local, so it was easy to reach Dad. Now, however, the 3 kids are all back home.

That’s when I realized there was no way to reach him, and no way, short of an emergency, for him to reach us. Too bad I was back in Minnesota when this occurred to me. Not to mention it’s, you know, Christmas.

Obviously he needs to get a phone in his room (like it or not, alas) - but that would still be expensive to use long distance and it will take weeks to install. So I went looking for a local number he could use. 

Not surprisingly, given the Comcast-like state of all Canadian telecoms, you can’t get a Skype number in Canada. You can, however, use any one of about a dozen VOIP / DID Service Providers (DIDSP) to create a local Montreal number that forwards to a US Skype account or to any phone.

After a quick scan I divided the Canadian DIDSP market into short lifespan bottom feeders ($2-3/month), business market vendors ($20-$40/mo) and a few in the middle. Based largely on the plausible pricing, cancellation policy [1], and web site quality I chose VirtuFon and signed up for a $11/month Montreal number with 1,000 metered minutes and a 10 day “trial period” (can cancel without fee). [2]

I had to provide a credit card number, so I used my AMEX card — largely because of their fraud tracking and customer support. With most online vendors one has to assume credentials will be stolen — I doubt VirtuFon can withstand a modern hack.

It took only a few minutes to create a local Montreal number that forwards to my Minnesota Google Voice number. The number was immediately active with quite decent sound quality and latency. I was able to pass it on the nursing station at my father’s facility; about two hours later my cell rang. His call went from my Montreal VirtuFon DIDSP number to my Minneapolis Google Voice number to my Saint Paul iPhone.

It was a good conversation.

- fn -

[1] "Service is provided on a month-to-month basis. You are not obligated to a multi-month contract. To cancel service, simply click on the [Add / Cancel Services] link in the account management area of this website.” 

[2] VirtuFon’s marketing emphasizes using them as a gateway to Skype, which costs only $6/m. For various reasons I wanted to use my GV number instead.

Wednesday, December 24, 2014

Canadian mobile for Americans: A primer. (Koodo, Google Voice/Hangout)

It is hard for Americans to understand how awful Canada’s mobile and Internet options are. Imagine that your only option for cell and net access was the equivalent of Comcast. That gets  you half way there. Now double the cost.

Canada’s lousy net/mobile situation probably explains part of why, when I travel to Quebec, the web experience feels more like 1998 than 2014 (language requirements don’t help).

Why is it so bad and why don’t Canadians scream more? Geography always factors into Canadian economics - a country that’s 5,000 miles wide, 100 miles high, thinly populated, and sitting atop a monster, is always gonna have weird markets. There’s also culture — Canadians don’t whine enough. (We Americans lead the world in whining, wailing, and complaining. Gotta be good at something.) And maybe a bit of a Blackberry hangover. [2]

It’s so bad now even Canadians are getting fed up. There are rumblings about turning net/mobile access into a regulated utility — some of my relatives think Rogers and Shaw are getting nervous. We’ll see. Canadians can tolerate a lot of abuse.

This is on my mind now because I’m trying to figure out the best options for my sister.

I currently have her on an American AT&T iPhone 4 [1] and a $17/mo Virgin Mobile prepaid plan (Virgin is a Rogers MVNO). On her plan voice costs 0.40/min (!) and she gets 100MB a month of data (iMessage, Facebook, email). This plan costs about 4 times my kids H2O wireless plan and delivers less value [3]. It’s not great and she needs voice services [4]. 

Koodo, a Telus MVNO, seems to be the value choice (the dread CDMA acronym appears). The IMEI for my sister’s AT&T 4 passed the Koodo compatibility test, so it’s possible her current/future AT&T 4/4s would work with their SIM.

Looking at the options, and starting with these assumptions…

  1. 500+ min of talk
  2. No home internet service (so tethering [7], which is supported, is the only way to use, say, an old 32bit Mac Mini running Snow Leopard [5])
I end up with, tentatively [9], two Koodo options [6]. One caveat — Koodo, weirdly, does not support Canada’s Interac system for making payment [9].
  1. Postpaid: $60-$70 month (1-2GB) + fees
  2. Prepaid:  $90 (at time of purchase a 13% HST is typically paid)
    1. $35: text and unlimited incoming calls
    2. $30: data (1 GB)
    3. $25: 500 anytime minutes

Which brings me to Google Hangout/Voice. Having GV on her phone would provide some nice cost-saving options. Alas, even though Google has .ca domain documentation on Google Voice, neither GV nor Hangout are available in Canada (nor Skype!). One workaround uses a US Skype number to full Google, but of course that would give her a US number — not terribly useful actually [8]. Sigh.

So I think it’s going to be Koodo — either postpaid or prepaid depending on hidden fees with postpaid.

 - fn -

[1] The 4 (soon to be 4s) has been compatible with Rogers/Virgin frequency. I recently tried my unlocked AT&T 5s with a Virgin SIM however and the data service failed completely — I don’t know if this was due to Virgin’s fragile infrastructure or a frequency problem with the 5s chips.

[2] More culture. Canadians love BlackBerry, the little company that could. It’s dead now, but Canadians are a loyal bunch. So their expectations of mobile are kind of 2005.

[3] One twist — in Canada some cell plans don’t use minutes for incoming calls. Some do. Koodo does on some plans at some times. Complex, but if you know the rules you can text and ask someone to call and thus talk for free. Koodo’s old crappy website has an “unlimited incoming call” add-on for about $10/mo - but it’s unclickable on a modern browser. By the way, the website offers the same add-on for unlimited minute plans — where it adds no value. I wonder how many are paying an extra $10/mo to Koodo.

[4] If we cancel her home phone she needs 500+ minutes of talk a week.

[5] The best desktop device/OS combination Apple ever made — before the mediocrity hit. You can’t buy something as good today though there are obvious security issues with such an old OS.

[6] In US postpaid plans there are many hidden fees and taxes. I don’t know if that’s true in Canada, but in some provinces taxes add 25% to costs. I know the Virgin prepaid plan has no additional taxes, I assume that’s true of Koodo too. Makes prepaid/postpaid comparison harder.

[7] Desktop OS are not made for tethering — they randomly suck volumes of data. Modern “cloud” devices are big offenders, so a pre-iCloud Mac has an advantage. Still, it’s a worry esp. for a postpaid account. I don’t know how Koodo handles overages on a prepaid account; in the US H2O seems to just cut coverage but Ptel (Tmobile) will burn the number with a huge overage cost.

[8] The site also recommended “tellfi.com", but if you try to visit that site Google warns that the cert expired 270 days ago. Don’t go there unless you want your computer to serve Russia.

[9] Koodo’s website is broken — the add-ons can’t be selected using Chrome or Safari. There may be more options if the add ons features worked. I think the broken web site/funding situation may also explain their lack of Interac support.

Friday, October 12, 2012

Review: Snapfon ezONE-C Senior mobile phone (GSM, unlocked)

I bought my 83 yo mother the unlocked GSM Snapfon ezONE-C Senior Cell Phone with Big Buttons for about $80 (it's $60 now) along with its car charger (forgetting she doesn't drive any more!). I then carried it to her home in Montreal and activated on a Roger's 40 cent/min (but 0$/day) PayGo plan.

My mother likes her Mac Mini and iPad, but she's largely blind, quite arthritic, and has peripheral neuropathy reducing her sense of touch. So most phones won't work for her. This was the only phone we could find that she might be able to use. She needs, for example, to be able to call for help when Montreal's sometimes unreliable wheelchair transport service fails to show up - leaving her stuck in her wheelchair as snow swirls, water freezes, and hungry wolves approach over the ice.

It is impressive how few devices are made for people like my mother.  I assume the demand isn't there. Certainly if she were younger she might do well with a VoiceOver iPhone, but the combination of age and diminished touch make VoiceOver hard for her. In any case that was my best guess, but the next best choice to this $60 phone is probably a $700 iPhone 5.

Based on limited use, here are my impressions of the device. I'll also add a modified version of this review to Amazon.com. I'll start with the bad, then the good. Bottom line: I think it will work, but I'd rather buy a better version for $100 than the current phone for $60.

The Bad

  • It doesn't get its time settings off the mobile network. Very weird.
  • I fear it doesn't  persistently store its configuration. I don't want to test this, but I think prolonged removal of the battery will wipe all setup - and setup is a bit painful. File this under "suspicion" not proven. Settings do survive a quick battery swap. (Maybe it's storing some data on the SIM card, in which case I might have been confused by a SIM swap.)
  • This is a very Chinese product -- feels like it was built for the Chinese or Japanese market. That is, it has a number of weird add-on features like an FM radio and a flashlight that mostly add complexity and seem weird for the US market. On the other hand, I think my mother might actually use the FM radio. It uses the ear set as an antenna. In my testing it worked well with an iPhone ear set and with iPod ear buds despite the manual saying only Nokia and SNAPFON earphones work.)
  • It has too many features that can simply cause confusion and will never be used, like 'conference call' and 'call waiting'. Even SMS is of dubious value. The radio introduces many options.
  • The power connector is small and hard for my mother to find. I stuck a rubber matt near it so she could find it. It is easily confused with the headphone jack.
  • It feels fragile and unreliable. We're not talking iPhone 5 build. I'd happily pay $40 more for better build quality.
  • Display is small and text layout is a bit off. I suspect it was designed to show characters, not Roman letters.
  • Buttons take some push -- they are cheap!
  • It comes with "PureTalk"; it's probably not the best PayGo solution but it's not entirely bad. For the US market I'd suggest H2O Wireless instead.

The Good

  • Big buttons!
  • Ringer is LOUD and voice loud even at intermediate settings.
  • The instruction manual is large type.
  • I could get a camera lanyard into the lanyard hoop with a bit of fiddling (essential accessory, should be bundled with phone).
  • It speaks numbers as they are entered. Great feature!
  • Seems to have very long battery life.
  • The quick dial numbers will work well I think, even though we decided not to enable the SOS feature for now.
  • Yes, the flashlight and radio are quirky, but my mother might actually come to like them.

I created a large print 1 page handout for my mother that included a simplified version of usage directions and the numbers I programmed in for her.

Friday, July 27, 2012

An AppleScript to prevent the iCloud CRLF bug - normalize line endings

Yesterday I wrote perhaps the fifth AppleScript of my life, and I purged an iCloud paralyzing cloud of "Groups" created as a side-effect of iCloud's CRLF bug.

In the course of writing that brief AppleScript, I benefited from the extraordinary community built known as MacScripter. As I basked in my small victory against the uncaring forces of Appledom, I thought once again of fixing my Address Book's mixed CRLF/LF line terminations with AppleScript. I joined MacScripter and asked for advice.

In response,  Nigel Garvey wrote me a script. I suppose for him it was easier to write the solution than to try to explain it!

I ran it on my Snow Leopard primary address book (of course I made an archive backup). After a few seconds it returned "missing value". I've seen that when scripts complete, though it doesn't seem to be an ideal response.

In any case, I didn't see any evidence of windows style CRLF line terminators. When I exported test addresses as vCard they didn't show unexpected numbers of \n characters; though I continue to have some extra line feeds at the end of notes (but they seem to have LF terminations, not CRLF).

I took an exported archive and imported it into my Mountain Lion machine, then sent it to iCloud. I then viewed on my Lion machine. On all devices I see 1824 contacts and no duplicated notes. The only problem I came across were the extra LF at the end of notes, but they did not appear to be replicating. I think they are benign LF life feeds, not dangerous CRLF pairs.

I believe Mr Garvey's script worked. If you are one of the very few people who ever used MobilMe to sync Windows/Outlook and OS X/Address Book you should back up your Address Book, run this AppleScript, then confirm. Then consider migrating to the Cloud.

Wednesday, November 30, 2011

iMessage use on an AT&T iPhone without a SIM card (iPod Touch mode)

iMessage is a very intriguing product. It's available as part of iOS 5 for iPod Touch, iPad and iPhone 3Gs, 4 or 4S.

On non-phone iOS devices iMessage provides non-SMS (iMessage) texting services to other iMessage users over either WiFi or, if supported, 3G services. That's like WhatsApp.app, but WhatsApp only works on a iPhone with an active voice service!

On iPhones iMessage has two modes.

In standard mode it supports SMS/MMS messaging as well as iMessage texting. iMessaging is the default when it's supported by the receiving device; you can see what will be used before you compose a message.

In an optional mode you can disable SMS/MMS messaging and go purely iMessage. You may want to do this, for example, if you choose not to pay for AT&T's extortionary "unlimited" plans. You will still receive SMS messages (20 cents each, including spam text), but at least you won't send any. (You can tell AT&T to turn off all but 'administrative texting' if you want to avoid spam SMS and spam SMS fees.)

In a world where SMS fees exceed AT&T's mandatory minimal $15/month 200MB/mo data plans, iMessage is subversive [1]. For our family, discontinuing our $30 month texting plan and using a combination of iMessage, Facebook Messenger and Google Voice/Text more than pays for my son's data plan and old 3GS.

Siri is nice (more on that in Gordon's Notes, soon), but iMessage is the biggest thing in iOS 5. I would love to know what AT&T thinks of it, and whether those thoughts are printable in a family blog.

Alas, not everything is quite perfect in iMessage and iOS 5.01. Apple's Discussion groups have many complaints about "waiting for activation". For example:

iMessage waiting for activation: Apple Support Communities

... To update on my iPhone-off contract, even though it says iMessage is waiting for activation, I can still iMessage my friend in Australia (and I am in the USA) So I don't know how it's working, but it's working great!   Also, another one of my USA friends has an iPod touch with iMessage. It is working flawlessly..

We had no trouble at all with 3 iPhones with functional SIMs. In an SIM-free iPhone 4 in use as an iPod Touch, however, we got stuck at "waiting for activation".

The first time I used the device I think it sent messages, despite the notice. The next day, however, it could not send. I tried various tricks to no avail, including:

  • reboot phone
  • remove and restore my son's iCloud credentials and account.
  • play with location and time zone settings
  • create a contact card in iCloud with his migrated iCloud ID (@me.com) and specify that in iMessage

Nothing worked. A day later, however, his phone could again send and receive messages -- despite showing "waiting for activation".

I don't know how long it will keep working. Apple doesn't truly support use of a SIM-less iPhone as an iPod Touch, which further reduces the (suprisingly) low value of a used iPhone. I'm somewhat optimistic, however, that the current flaky behavior is a bug or a reflection of overloaded systems. I'll update this post as I learn more.

[1] If Apple integrates it with iChat on OS X, and provides a Windows 7 client ... hmm.

See also:

Friday, November 11, 2011

iPhone alternatives to AT&T's texting fees

AT&T is facing the end of SMS. So it is mandating data plans for even unlocked smartphones while raising SMS costs.

In our case, our unlimited texting fees are equal our family's two new and unwanted 200MB/month data plans. So we're looking for SMS alternatives. If you can't beat 'em, join 'em.

I revised reviewed Facebook Messenger last week, but it's really more of an IM app than a texting replacement. Fortunately, SMS alternatives are a popular topic these days. Lifehacker did a review for iOS and another for Android recently; in fact both reviews are of interest to iOS users. Here are some of the services they listed and others I know of. I don't like ads, so I'm listing ad-free costs where applicable.

  • Google Voice: free (for now). Emily and the 3 kids all have GV numbers, though currently only i use the service regularly (I have two GV accounts).
  • Textfree: The web site is virtually content free. The iPhone app is TextFree with Voice, a year of ad-free texting is an in app purchase for $6. Phone numbers are also purchased in app. Facebook chat.
  • HeyWire: ad supported. iPhone app has ad-free in app purchase ($5/year) and option for "premium number" ($1). Facebook chat support.
  • textPlus: $3 to remove ads, $1 for premium number, credits cost money (for what?).

I gather the ads in these products are not necessarily child-safe.

Plugging these strings into Google turns up some related products (most can't receive SMS, some can send)...

  • Kik Messenger: No SMS, this is an IM app like Facebook Messenger
  • Yahoo Messenger
  • AOL Messenger

If an app doesn't come with a number though, it's not what we're looking for. We need to be able to receive SMS messages.

Lastly I came across some useful articles in my research:

From Dudley I learn that services with a phone number are called NUVOs (Network Unaffiliated Virtual Operators) and OTT (Over-The-Top) service providers, and that in the telecomm industry Sprint's decision to integrate Google Voice into their Android phones was a really big deal (giving up on SMS early). I also see why Apple's iMessenger is much more acceptable to AT&T than, say, Google Voice.

For our family I think we'll begin with Google Voice, even though it's not nearly as elegant a solution on the iPhone as it is on Android. My next choice is probably HeyWire, simply because two friends use it.

Update 11/13/11: I checked out iTunes reviews on PingChat!, Kik, and WhatsApp.

PingChat! and Kik seem to have high ratings, but the majority of the reviews are "13 yo girl seeking chat" (hopefully an FBI agent seeking pedophiles, probably a con man). WhatsApp costs $1, that seems to be enough to eliminate the "personals" reviews. WhatsApp is a Silicon Valley telephony app. I think I'll give that one a try first.

We may also create FB accounts for <13 yo children (COPPA violation) so they can use FB Messenger, but not give them the account passwords.

More on WhatsApp

I like the look and feel of the app, but it has one killer bug. The point of using this app is to eliminate SMS use, but it uses a text message to verify accounts. (Correction: if you don't have texting it will time out and confirm by voice call. It does require a phone number however, which is a definite drawback.)

Thursday, July 21, 2011

Contact Sync and Database.sqlite3 corruption bring Mail.app and my fast iMac to its knees

Sometime over the past two weeks my relatively new iMac seemed to lose steam. It was slow to respond, lots of beachballs. Felt like it was occupied, but Activity Monitor didn't show anything obvious.

I think OS X was caught in a sync loop involving Spanning Sync, OS X iSync and MobileMe sync all synchronizing between OS X Address Book, my iPhone, MobileMe Address Book, and a subsection of Google Contacts. That setup has worked well for about a year, but it's fallen apart now.

Looking at the Spanning Sync logs a few contacts were being updated constantly. Nothing special about them I can see.

I'm afraid my Contacts Unification program has died. With MobileMe on the way out, and with Google frantically tweaking Contacts for their social/G+ initiatives, and Apple doing its own Lion and iCloud contact management I don't think this is going to come back. I'll need another approach.

For the moment I've set MobileMe sync to manual and disabled Spanning Sync. I may do a manual sync every few days. My iMac is working again.

Synchronization is Hell.

Update 7/22/11: This morning I received a warning from Carbon Copy Cloner about a physical read error with Library/PubSub/Database/Database.sqlite3. Interesting ...

07/22 08:25:58 rsync: read errors mapping "/Users/jfaughnan 1/Library/PubSub/Database/Database.sqlite3": Input/output error (5)

07/22 08:26:22 ERROR: Users/jfaughnan 1/Library/PubSub/Database/Database.sqlite3 failed verification -- update discarded. (51)

Disk Utility didn't find any physical errors, so I assume Database.sqlite3 has been corrupted.

I put Database.sqlite3 in the trash, logged out and back in, then deleted it. Mail.app recreated it, went from 7MB to 2MB. Safari and Mail.app both felt much faster. I then downloaded the most recent version of Onyx, restarted as Admin, then ran all the cleanup and automation scripts. At the moment the machine feels about 10 times faster.

Even though sqlite3 is a core part of OS X Data Management, but it's hard to find much about how it's actually used in most apps. I found one page that listed apps that use SQLite databases, but those apps are listed as storing data in different locations. I found a couple of references [1] that suggest this is where Mail.app and Safari store their RSS feeds.

One article mentioned using this command to fix this sqlite database:

/usr/bin/sqlite3 ~/Library/PubSub/Database/Database.sqlite3 vacuum

Using that search string brought up more interesting articles:

The second link is from 2009, and it sounds very much like what has been happening to me in OS X 10.6 ...

I am syncing, on several Macs and several user accounts, information such as Calender, Mail Rules, Bookmarks, etc. After recently updating to Safari 4.01 and OS X 10.5.7, all of a sudden I had all very bad Safari performance -- including constant freeze situations. After being ready to delete the impacted user, I realized that there were some issues with the database.sqlite3 file in the Library » PubSub » Database folder. The PubSub folder is used for tracking RSS feeds, and it seems my problem resided there.

After deleting the database.sqlite file, and resetting the Mobile Me information, the freezes and crashes stopped...

Deleting this file did not actually remove the feeds from Mail.app and Safari.

Looking at my feeds I see I've been tracking my Google Reader shared item feed. That is an enormous feed; I think I've been pushing the limits of what Mail.app RSS subscription can handle. I deleted all of my Feed subscriptions from Safari and Mail.app, then I delted all the data in ~/Library/PubSub/Feeds and I deleted Database.sqlite3 (again). On logout/login it was recreated with a size of 74kb (empty). Mail.app is now blindingly fast and my system is healthy again.

I won't be using Mail.app's feed reader features any more. They don't scale. I use Google Reader, but to archive some of my feeds I'm going to buy a dedicated standalone feed reader.

Update 7/24/11: I created an archive of my Address Book, cleared the iSync database then restarted MobileMe. It told me it was going to add 843 records. Coincidentally, that's how many I have. I went ahead anyway, since it's surprisingly easy to save and restore Address Book archives (I have about fifty versions saved). In fact I ended up with 843 that look correct on spot check. Curiously, both MobileMe and my laptop say I have 842 contacts. So there's something broken somewhere in iSync. It's easy to see why Apple dropped iSync (so far) from Lion. Synchronization is, honestly, and truly, Hell. This has underappreciated implications for health care interoperability incidentally.

Tuesday, July 05, 2011

Review: Seattle Sports Dry Doc Waterproof Digi Case for my iPhone

Jen Wieczner told a story of a friend lost, perhaps but for the sake of a waterproof phone case ...

When Technology Can't Save You - Jen Wieczner - Technology - The Atlantic

... four others, including my friend Tyler Lorenzi, 23, treaded water while the river swept them downstream. Around the same time their fellow sailors were pleading at the door of a strange residence, a tugboat found their overturned vessel and called authorities. Near a ship graveyard known as the Ghost Fleet, Tyler was eventually pulled unconscious from the James; he passed away in the hospital. Another sailor, Alexander Brown, 24, drowned. Tyler, a graduate of Northwestern University, worked as a research engineer for the National Institute of Aerospace, a division of NASA; Alex was earning a doctorate in engineering there.

I didn't know Alex, but Tyler was generous, selfless and warm, and gave hugs without hesitation ... He was dashingly handsome, strong in the way of someone who got that way by going about his regular business, with perpetually tan skin and flushed cheeks, the kind that mark someone who is comfortable outdoors and spends much of his time there...

... According to the Virginia Marine Resources Commission, which investigated the accident, none of the boaters were carrying cell phones on the fatal night, or at least none that still worked. After Tyler's death, I wondered about what went through the boaters' minds -- tech-savvy young people who worked and studied at NASA programs -- when they fell into the water: Did they immediately realize the gravity of the situation? Dependent on their technology on land, did they reach automatically for their phone before reality settled in? What must it have been like to realize that their means of communication - and hopes of rescue -- were quite literally dead in the water?

... Motorola calls its Defy SmartPhone "life-proof," because it's water- and dust-resistant; its new Brute flip phone is designed to meet military standards for "extreme elements," including "blowing rain," "salt fog" and liquid immersion. RIM, which manufactures Blackberry devices, says, "While it is possible that BlackBerry could work after being submerged in water, RIM does not recommend doing it," and adds that in a recent Yahoo News water test, BlackBerry did just fine.

Needless to say, iPhones are not water resistant. They are notoriously water sensitive [1].

You can, however, buy pouches for $10-$25 that will keep the phone working underwater. You can even use the phone in the pouch.

I tested a cheap one at home. Here's my Amazon review ...

Amazon.com: John Faughnan "John G Faughnan"'s review of Seattle Sports Dry Doc Waterproof Digi 02 ...: ""

I purchased and tested the Seattle Sports Dry Doc Digi Case. The Digi Case 02 appears to be the same case with different attachment device.

I filled the case with a paper towel and then submerged it for 30 minutes in 1 foot of water. The end of the paper towel was slightly moist when I recovered. Most phones, even an iPhone, would probably still be ok at that point.

It looks to me like a new Digi Case, carefully sealed, would protect against a quick dunk. This one is fine for keeping my phone in a non-waterproof bike bag or for insurance on a hiking trip that could involve a stream crossing. I would want something more robust (and more costly) if I were going on a canoe trip.

An iPhone is useable through the case -- the touch controls work.

For an iPhone 4 to fit best, it's probably worth removing any other case. Larger pouches work with a case on the phone.

[1] We inherited a friend's iPhone 1 after it visited a white porcelain bowl. It worked well as an iTouch for my son, save for the lack of a speaker. One day, after about 1-2 years of use, the external speaker started working. I do not understand this.

Thursday, October 14, 2010

MobileMe vs. Google Calendars

MobileMe Calendar now supports public read-only sharing using the webcal (.ics) format. There's no public display as an HTML page.

MobileMe users can be invited to view and edit a calendar.

There is no support for subscribing to a non-MobileMe calendar. There is a mechanism for importing from Outlook or (bizarrely) iCal. It's not documented, but I believe Outlook import requires installing some Apple software (iTunes?) and I am pretty sure it won't work with an Exchange based calendar.

It seems users can't share on both MobileMe and publicly! If you make a calendar public you lose the miniscule sharing icon to the right of the calendar name. Weird.

There's some iCal integration, but, judging from a flurry of tech notes, there are lots of bugs. I suspect Apple wants pre-10.7 users to use the web UI and forget iCal. I assume MobileMe Calendar has good iOS calendar integration, but there's no iOS support for editing calendar-associated tasks.

Overall, I'd give Apple a C+ for this effort. If they were to add subscription they'd graduate to B-. The significant advantage over Google Calendars is simplicity and, of course, a far more pleasant UI. The disadvantages are substantial -- no subscription, no web publication, no embedding, etc etc.

Update 10/16: See comments for additional drawbacks. There have also been recent posts from vendors that used to be able to synchronize transactions with MobileMe calendars -- Apple has removed functionality they relied on ...

  • Daylite: ... In the process of moving to the new calendar, Apple migrates your existing calendar and deletes the old calendar. In the process of deleting the old calendar, sync services propagates the delete to all sync services clients. Daylite obeys these delete commands (as it should) and moves your calendar data to the trash (lucky we have a trash).

    We've communicated with Apple during the MobileMe Calendar beta and we are looking into possible solutions.
  • Spanning Sync and the New MobileMe Calendars (Spanning Sync Blog): ... Spanning Sync can sync the new MobileMe calendars to Google, but changes made in Google won't show up on your MobileMe calendars. Unfortunately, Apple specifically disallows syncing of the new calendar format (called CalDAV) using its Sync Services architecture, which Spanning Sync is based on. Spanning Sync can read from MobileMe calendars so "one-way sync" is possible, but making changes to them is currently impossible... we're hopeful that Google will enhance Google Calendar so that it can sync directly with MobileMe without any intervening software. Google is tracking the request for this feature here ...
I imagine Daylite couldn't warn customers due to their beta agreement, but since Apple ignored their concerns their customers have been screwed. Spanning Sync suggests customers revert to the old format.

Apple is not a "nice" partner or vendor, but we already knew that. They are not the best of all worlds, only the best of our world.

I grumpily added my bit to the Google feature request list, though, in truth, I don't use MobileMe because I know Apple won't deliver what I need. I'm not their customer.

The only upside to this story is that MobileMe is using CalDAV, so there's a potential for a better future. I bet OS X desktop support will require 10.7 though, and that OS won't be safe for my use until early 2012.

There's been rumor of a rapprochement between Google and Apple. I hope that's true, because for geeks like me the best solution is combine the best bits of Google with the best bits of Apple (not including MobileMe).

Tuesday, September 21, 2010

OS X 10.6: Synchronizing Address Book to Google Contacts

The Help file for OS X 10.6.4 (Snow Leopard) Address Book sync to Google Contacts links to this oddly named Google page: Where can I find information about Contact Sync? - Contact Sync Help.

This is what we get.

I'm working up to trying this. Currently I sync my iPhone contacts like this:
  1. Corporate: to and from Exchange 2007 [1].
  2. iPhone Personal <-> MobileMe Contacts
There are two additional syncs
  1. MobileMe <-> OS X Address Book <-> Google Contacts (My Contacts)
The last of these is mediated by Spanning Sync.

Both MobileMe and Spanning Sync cost money. I could easily live without MobileMe Contacts.

So I'm considering either  ...
  1. iPhone Personal <-> OS X Address Book <-> Google Contacts
  2. iPhone Personal <-> Google Contacts <-> OS X Address Book
Either way the Google Contacts to OS X Address Book would be mediated by Contact Sync.

Remember how easy this all way with the Palm III?

[1] This means my employer can wipe my iPhone at any time. This might or might not delete photos. Everything else is either synchronized or backed up, but a remote wipe would be a pain. Know your risks.

Tuesday, July 27, 2010

Escape from Outlook Notes - ResophNotes, SimpleNote for iPhone and Notational Velocity

I had despaired of rescuing my notes from Outlook 2007.

I'd written hundreds over time. In the old days I used Palm products that would sync with Outlook, so I could carry them with me. Now my iPhone, after years of struggle, gives me good Outlook sync with Contacts and Calendars. Notes and Tasks, however, have been orphaned. There's no real hope of an Outlook Notes to iPhone sync solution; although a few people use Outlook Tasks almost nobody uses Outlook Notes.

I've learned to live without corporate Outlook Tasks (I schedule my time on a 3 week plan basis), but I wanted those notes. I decided they needed to live within either ToodleDo Notes/Appigo Notebook, iPhone Notes (unlikely), or the Simplenote / NotationalVelocity universe (for various reasons I've given up on Evernote).

Today I discovered ResophNotes, a Windows app that syncs with the Simplenote cloud data store. The Simplenote cloud data store, of course, also syncs with Notational velocity (open source, OS X Spotlight indexed), OS X Tinderbox, OS X Yojimbe (3rd party sync), and there's a Chrome extension for editing notes.

I exported my Outlook 2007 notes to Outlook's odd CSV format (includes line feeds!), then I imported into ResophNotes and synchronized with Simplenote's cloud store. Then on my iPhone I viewed them in the Simplenote iPhone client.

It worked better than I'd expected.

Now I can move my old (originally Palm III Notes, now ToodleDo/Appigo Notebook) personal notes to the same cloud store. I'll sign up for the $10/year premium Simplenote service. (Currently I have free version.) If Simplenote belly up the rich ecosystem and open source Notational Velocity desktop solution provides the insurance I need.

A good day.

See also:
Update 7/31/10: The author of ResophNotes tells me he's preparing a new version that will import CSV files -- like the ones ToodleDo Notes export creates. Incidentally, I discovered that FileMaker Pro 8 does a great job opening Outlook's CSV files with embedded line feeds. I never imagined ...

Sunday, July 25, 2010

AT&T will data block a phone - but this disables MMS messaging

In the process of picking up my new iPhone [1] I asked (again) about blocking a user's data services. Today the store AT&T rep more or less confirmed this anonymous comment on a June post:
Gordon's Notes: AT&T’s secret Nov 2009 mobile contract change – Elegant Evil

... you can have AT&T put a data block on any phone. I have one on one of my blackberries. And it's something they do routinely, in fact on my bill it's explicitly called out as a line item. Call them again, and tell them to put a data block on, and they should do it ....
The catch (you knew there was one?) is that the data service block also disables MMS messaging -- even if that is covered by an unlimited texting plan. It does not impact SMS messaging.

I also asked again about AT&T's policies on adding data plans to "smart phones" connected to AT&T's network. I've asked about this previously and gotten conflicting responses:
This time I got yet another response - a very bad one.

I'm going to put up yet another post on this topic, including some AT&T policy language that's not publicly available. I'll update this post with a link when the new material is out.

[1] I can kill bars by touching any part of the antenna. I used to tune TVs by waving my hands; I think it's a sign of alien possession. I suspect a lot of the antenna problems are actually user-specific.