Time Machine, Time Capsule and offsite backup

Time Machine, among its other significant weaknesses, is ill suited to offsite backup – especially when it is used with Time Capsule.

If you attach an external drive to Time Capsule there is an “archive feature” that will shut down TC access and safely transfer the data to an external drive. Problem is, neither the drive nor the backup are encrypted.

Carrying around non-encrypted backups is not a good idea.

There’s a similar problem with a standard Time Machine external drive. If you swap them, you run into the same encryption problem.

The answer for an external drive is to use an encrypted disk image and mount that for TM backups. That doesn’t, however, work with standard Time Capsule archive behavior. I suspect one might be able to disconnect all clients and use the finder to copy the disk images to an encrypted disk image, but I’ve not tested that.

See also:

• Time Machine - Unable to Complete Backup bug on Time Capsule
• Freeing up Time Capsule space – and documentation for Time Machine and Time Capsule
• Time Machine- Fail first, then flaw discovered
• Time Capsule 10.5 Backup volume could not be mounted bug

Time Machine - Unable to Complete Backup bug on Time Capsule

I'm not a fan of Time Machine. I run into more TM bugs than I ever saw with cranky old Retrospect -- and I get less notification of problems.

Today I found a critical laptop hadn't been completing it's TM backup for about 2 days. It was showing a common, unhelpful, error message "time machine an error occurred while creating the backup folder".

David Alison's Blog has the answer for a standalone time machine. Turn off TM on the affected machine. Then navigate to your TM backup folders and look for something like "2010-02-01-134046.inProgress". Delete the "inProgress" file.

This doesn't work for Time Capsule though. TC won't let you delete the inProgress file. I couldn't find any report of a fix, save dragging the actual machine specific TC sparse disk image to the trash and starting over. (The official response to all similar problems, by the way, is to wipe the entire TC disk and redo ALL machine backups).

What worked for me was to turn off Time Machine on all the TC clients. Then I restarted the AirPort and then turned TM back on for the troubled machine. The backup chugged away for a while, and then it resumed.

See also:

• Freeing up Time Capsule space – and documentation for Time Machine and Time Capsule
• Fixing the Time Machine / Time Capsule 10.5 "Backup volume could not be mounted" bug

Windows 7 is OS X Warp(ed)

One of my work machines now runs Win 7. It’s the first time I’ve had to do more than play with it.

It helps to know OS X, but it also hurts. There’s a lot of stuff in Win 7 that’s a tasteless and ugly version of OS X. Take the desktop themes (please).

Hard to say if it’s really an aesthetic improvement even over XP. The XP interface feels light, sharp and clear by comparison.

Update: For example - "Program Files (x86)". Thousands of Google hits puzzling over that one. WTF were they thinking?

Update 2/4/10: OS X managed a smooth migration to 64 bit. I've had a few days of experience with the Win 7 mix of 32 and 64 bit ODBC, Oracle, Java, Microsoft Office, SQL Developer, etc. It's a train wreck. It brings back memories of early DOS experiences. This 2007 tech doc tells one part of the dreadful story.

Computing keeps getting more bizarre

At home I’ve retired my six+ year old XP machine. It lives on in a cloned Fusion VM [1] on my iMac. The dead hulk of the machine waits for anyone who might make use of it, but it’s most likely headed to recycling.

It’s a relief to be done with it. It worked well enough to the very end, but it was a flaming security hole (no antiviral software – that cure is worse than the disease) and it howled like a demented banshee.

At home the four Macs and three iPhones are quiet. So quiet I now notice the ever running fan on my G5 iMac, a fan I never heard when the XP box lived. OS X is kind to me. It all just works.

At work though, I still live with XP. Not just XP, but XP layered with monitors, automated maintenance systems, encryption software, automated backup software that isn’t useful, misguided and aborted security layers and only Satan knows what else. At work, computing is bizarre. I don’t think my workplace is atypical; I suspect this is true of many large publicly traded companies.

Consider this.

I reboot a Windows 2003 box after a failed disk cloning attempt to discover the boot disk is hosed. [2]. So I take a look at my personal backups (since the corporate backups are effectively useless) and find the disk has no files.

Nothing.

But Retrospect Professional (Windows) shows the backups have been working.

Nothing will show any files. Chkdsk reports no errors. But 325 of 350GB are in use.

So I try a restore from Retrospect – and it works.

The files are there, but invisible to cmd.exe. (No, not marked as hidden, truly invisible).

I suspect some side-effect of an cryptic corporate attempt to secure/encrypt USB peripherals. It’s not worth trying to debug this – I don’t have enough control over the pieces.

I have to assume we’re reaching some nadir of corporate computing – that things will improve somewhat with a migration to windows 7. It is ever more clear, however, that those of us who are cognitively dependent on our computers will need to have our own computers and network access at the workplace.

Which is good news for the iPad.

[1] Which is periodically slow and awkward on my quad core 10.6 machine compared to Fusion 2 on an older MacBook. Fusion 3 on 10.6 quad core needs work.

[2] Could be a side-effect of the Acronis disk cloning, but I doubt it. I suspect it would have been hosted on any reboot – that machine hasn’t been restarted for weeks.

Online backup – the security problem (it’s not the encryption)

Here’s how you lose everything.

First, someone gets control of your email account. It might be a security vulnerability, or a password attack (note: “tigger”, “angel” and “soccer” are not wise choices), or a password reset, or an inside job.

They then sell your email to someone who takes a look, and finds a backup report from, say, CrashPlan. They then reset your CrashPlan password:

Please submit your email address. Afterward you will receive an email with a link that will reset your password and securely display the new password to you. The provided link will only work for one hour.

Now they have access to everything you’ve backed up.

CrashPlan talks about their 128-bit Blowfish encryption (standard) or 448-bit CrashPlan+ encryption and how robust that is. As Schneier used to point out before he was overwhelmed by the boredom of it, this is rather besides the point. Their use of the industry standard “password reset by email” process means they’ve built a solid steel door on a house made of rice paper.

It’s not just CrashPlan of course. Google is little better. This reset problem is just one aspect of how broken passwords are (don’t get me started on “security questions”. Please.)

CrashPlan also offers a “data password” that encrypts at the client side. So even if someone gets control of your online backup they can’t actually do anything with the data.

Except … Well, CrashPlan’s FAQ dodges around this, but since the encryption is client side they can’t make any changes to whatever you’ve already backed up. So if you want to add, or change, your data password you have to wipe your online backup and start over. If you change it, but don’t start over, you better keep your old and new password since data may be encrypted with one or the other. In my home a full family CrashPlan offline backup takes about 4 weeks, so this is not a trivial change.

Note that I’m using CrashPlan as my example here because they’re the best in the offline consumer backup business, and they are the only offline backup plan I’ve considered. They just have the usual problem with their password reset procedure.

How could CrashPlan make the best of a bad situation? Well, in the unlikely event that they read this, they can research higher quality reset procedures (not #$!$!$ security questions). Those reset procedures often involve two factor authentication procedures, such as the procedure myOpenID almost got right. They involve more expense, so it would be reasonable to for CrashPlan to charge extra for a higher quality security service. They really don’t need more encryption, they need better reset controls.

In the meanwhile this problem has tipped me away, for now, from using offline backup. I’ll continue to rely on physical drive rotation for offline security and I may make use of CrashPlan’s (free, unfortunately – I distrust the longevity of free things) ‘backup to friend plan.

Update 2/4/10: For more on CrashPlan.

Update 5/17/10: Matthew Dornquast of ChrashPlan replies in comments.

EXIF orientation tag bug returns in Snow Leopard - sideways pictures

Almost five years ago Image Capture would corrupt the EXIF image orientation tag on import:

Gordon's Tech: Image Capture Rotate per EXIF iPhoto 5 = Nasty problems

Image Capture has had a bug for several years -- with my Canon camera it duplicates the EXIF orientation tag when it auto-rotates on import. This confuses iPhoto 5.04 -- iPhoto re-rotates portrait images a second time (interestingly the thumb nail is upright) and so the image ends up rotated 180 degrees. I was sure this bug must have been fixed in Tiger. Wrong."

The problem went away with 10.5, but it's back in some form with Snow Leopard. The slide show shows some of my old images sideways. This didn't happen in Leopard.

--
My Google Reader Shared items (feed)

The Blogger in Draft line spacing bug - illustrated

In a kind rebuttal of my claim that Blogger is troubled, Rick Klau, a Google Product Manager, wrote:

… There is a new text editor available on www.blogger.com (available under settings) which is the default on Blogger in Draft. It significantly improves the authoring interface, addresses a number of the issues you referred to, and opens up a number of integration opportunities for us with other Google properties - we're doing QA on the next batch of integrations right now…

When I described the longstanding troubles I’ve had with the Blogger in Draft rich text editor Rick responded;

… Odd to hear about formatting problems with Draft's editor - it's pretty rock solid. Please ping me with any indications of what you're seeing - that's almost certainly a bug that we'll want to fix if it persist…

So I’m pleased to say I have a good example of the bug. I believe it’s related to the old CR/LF, CR, LF problems in DOS/Windows, MacOS and Unix – augmented by the transition to the unicode standard. (I’ve read recently that all of Google’s new tools require translation to unicode).

Here’s a recent post of mine, authored using Windows Live Writer (Windows only) as it renders in Chrome 4.0.249.78 after posting (it shows the same way in WLW):

Here’s how it looks in Blogger Classic using Chrome:

And here is how it renders in Blogger In Draft using Chrome:

Yes, the line spacing is wrecked. From past experience, this is messy to fix up. When you fix the line spacing here, it comes out double-spaced on publishing.

I’ll point Rick to this post. Hope it helps!

Update 1/29/10: Based on Rick's comment below, Google is looking into this one.

Update 2/1/2010: There's a similar bug with Safari on OS X. When you quote a block of text everything double spaces.

Update 3/10/2010: I just had blogger in draft completely screw up a post composed 100% in Chrome on XP. It's far from ready.

Fixing off-screen XP windows in the big display world

This is an ancient tip, probably well known to many, but I’ve had to rediscover it a few times.

Big monitors break the display model used by XP apps. I presume this was fixed in Windows 7 and I don’t think it was ever broken in OS X, but I run into it quite a bit. The usual symptom is that I’ve moved my laptop between displays, especially big displays like my 27” i5 iMac (used with my Dell laptop as a display), and app windows are partly off-screen. In particular, the control surfaces (top bar, bottom bar) may be inaccessible, so I can’t resize or move the window.

All kinds of apps are prone to this, including Office 2007.

I’m sure there’s a utility to fix this [1], but there are two things that usually work for me:

• If the app supports multiple windows (Office 2007), then open another window. Then, right click the app name the Taskbar and choose “tile”. This brings all the windows into view. (Note that you need more than one app window before you can tile.)
• Change the display resolution transiently to 1024x768. The open windows usually move back into the screen. Resize them, then change back.

[1] Long ago there were many sources for good XP utilities like this. Now those sources seem to have been swamped by spam sites, and the security risks are very high. These utility distribution sites never had much of a business model unfortunately. It’s interesting to compare this to the Apple App Store distribution model.

The Google Voice web app on my iPhone

It's not a true substitute for the iPhone app that Apple killed at the start of the Google-Apple wars, or even for the third party GV apps we've lost, but it's a long delayed good replacement for the initial GV web app (see also):

Google Voice Blog: Google Voice for iPhone and Palm WebOS

Today we are launching a new Google Voice mobile web app for iPhone OS 3.0 and higher and Palm Web OS devices, harnessing the power of HTML5...

In addition to letting you access a streamlined version of your Google Voice inbox, the new web app also lets you display your Google Voice number as the outbound caller ID (so return calls come back to your Google Voice number), send and receive text messages for free, and place international calls at Google Voice's low rates.

To get started, visit m.google.com/voice in your mobile browser. For quick access, don't forget to create a shortcut to this URL on your home screen or Palm Launcher...

There are many limitations of this web app, such as:

1. startup lag: I hope it's less laggy than the current web app, but still can have long delays compared to a phone app.
2. authentication: The web apps don't store my google credentials. Every couple of weeks Google makes me re-enter them -- typically while I'm very busy doing something else. This sucks. My Google password is not trivial to enter.
3. I'm not sure whether displaying my GV number as outbound caller ID is a feature or a bug. I think it's a feature. The way the phone makes calls differs from the old web app.
4. no call or SMS notifications: You can't really use this for incoming calls or SMS because there's no notification function if the web app isn't running. This isn't so bad for me since I don't use GV this way, but I might use the number more if I could receive incoming calls! I'd love to use it for SMS and get rid of my SMS bill!
5. no integration with phone contacts. There's also no way I can see to edit my Google contacts information on the phone.
6. you can't specify which start screen to use
7. The configuration UI for "caller ID" is unclear whether this is for outbound or inbound calls.

The good news is

1. In many operations it feels a lot faster than the previous web app.
2. If you view a contact and save the web page shortcut to the phone screen you get a quick way to call that person, saving several screen refreshes.
3. There might be a way to use this to reduce my SMS costs. I'll report back on this.

It's enough of an improvement that I may have to go back and look again at a way to integrate my Google Contacts with iPhone/OS X Address Book.

See also:

• Calling from Montreal to St. Paul using Google Voice
• Google GrandCentral (Voice) has been saving me $80 a month
• No Google Voice for iPhone? AT&T’s deal with the Devil …
• The Apple-Google War: The Battle of Google Voice
• iPhone trouble: Apple rejects Google Latitude, possibly Google Voice
• My Google Voice experience: mobile interface a bit raw
• The (historic) Battle of Google Voice - Enter the FCC
• Project Contacts: Integration across iPhone, Google and whatever
• Project Contacts: Now mixing Outlook/Exchange, PST file, Outlook/Home, MobileMe Sync, OS X Address Book and the iPhone
• Project Contacts: iPhone 3.0 means I hack away at Google Contacts, and discover another rough spot

Update 1/26/10: Uh-oh. I'm getting SMS notifications on my phone for every SMS message sent to Google Voice -- and I pay 20 cents apiece for those!! No, it's SMS notifications for voice mails, even though I had that disabled in my Google Voice settings. It's a bug, but probably not new. There's no way to report this bug to Google, their support service problem classification doesn't include "other" and this isn't one they've classified.
--
My Google Reader Shared items (feed)

iMac G5 capacitor repairs - via Macintouch

I recently reworked our home network, and our almost- 5 yo G5 iMac is doing quite a nice job as the (yech) Parental Controlled homework/learning workstation. The transition has been educational for me as well, my kids taught me that educational videos will play quite well if one is careful to close CPU-sucking pages running (ugh) Flash animations.

During the transition I had to reset the SMU to deal with one of many causes of the G5 non-stop fan problem (CPU sure was cool though - 60 C). I also popped the case to blow massive amount of dust off the fan and vent. I love the user-serviceable plastic case design; it was a high point of Apple customer-friendliness.

When I popped the case I checked the capacitors. In one of the many sordid bits of Apple hardware history they shipped a bazillion iMacs with flawed capacitors. Many of those failed under warranty, but Macintouch tells us they continue to die over time. A lot of iMac buyers lost some loot there. (I wonder if the iMac's original fan/heat problems contributed to this.)

I just checked mine and I didn't see any bulging, but it's worth noting that there's now a small G5 iMac capacitor repair/replacement industry ...

Macintouch - iMac G5

... Late last year one of the other guys at work started repairing iMacs on the side, replacing the swollen caps. He gave me a full set (since I had given him the idea in the first place when mine failed, I think) and said "give it a try" with a few pointers. I replaced all the caps over a weekend and now I have a fully functional iMac G5 in my workshop to replace the 8500 and 7300 that were there... Check around locally for smaller tech shops. In South East Wisconsin, MacCetera does the repair for a flat rate of $200 + tax, including parts.

... My iMac G5 suffered a swollen-capacitor death two years ago. Once they were replaced it has been running smoothly 24/7 as a database/Web server and Skype phone.

... The owner of www.badcaps.net performs motherboard capacitor replacements on G5s. It'll run you less than $75 for a premium capacitor rework.It's worth checking out the site if you're considering getting a 3rd party to perform this repair. They also have a knowledgeable tech forum that has discussed many G5 hardware issues.

See also*:

• iMac G5 fan noise: another cause (before Apple's software fix worked)
• iMac G5: fans running more often
• Bad fan design is the bane of the iMac G5 and Silencing the G5 whine: I think this was fixed by my version - iMac G5 rev 2: a lot cooler?
• Fix for 10.4.3 fan problems: unplug and restart and resetting the SMU (PMU?)
• iMac heating problems and the curse of the Canon printer driver and (one of my most popular posts) My MacBook fan was roaring. Why? - evil OS X drivers.

* When I do these reviews of old posts, it strikes me that before the wonders of Google Custom Search I tended to discover and forget things -- and I was younger then!

Update 12/18/2011: "Cordwainer" (Karen Cotton) has written an extensive comment on the story of the capacitor failure. Worth a read. I still use that G5, and the capacitors still work.

Parental Controls - Remote Access and other tips

I've just had another go at configuring OS X "Parental Controls". I'm doing this in 10.5, but I don't think 10.6 is much better.

I sometimes wonder why OS X "Parental Controls" are so buggy, awkward, limited, and altogether miserable. They weren't so bad in MacOS 10.9 -- before Jobs returned.

I think that's the clue. I didn't used to think so, but I've come to believe that Apple is Jobs. Evidently Jobs, a notoriously rebellious teenager, believes Parental Controls are a bad idea. So he's sabotaged them.

From the latest ordeal I've three new tips:

1. On editing content - site lists

• In Safari with 10.5 it seems as though, when logged it as a managed user, you can open bookmarks (requires admin pw) and drag and drop links to the Safari Bookmark list to your hearts content. A very efficient way, one might think, to add approved sites. Except it's misleading. When you quit Safari and resume you're back to the set you approved in the Parental Controls Preference Pane. So ...
• There are only two ways to add web sites to the approved list. You can add then in the Parental Controls Preference Pane, or in the managed account, you can add them one at a time, each requiring an Admin password, to the Bookmarks Bar.
• You can drag and drop links and Location bar URLs to the Parental Controls Preference Pane and you can drag and drop to reorganize there. This is a big time saver. I guess someone slipped that one by Jobs.

2. remote monitoring and control from another computer

It's barely noted anywhere, but you can do remote monitoring and control from another computer. This is from the 10.5 Help file:

From OS X Help for 10.5:

If you have a computer on your local network that is managed by parental controls, you can change the settings in the Parental Controls preferences and monitor the user activity remotely.

The trick is to enable remote management in the gear drop down. Look hard, it's below the list of users.

Then, from your remote machine:

In the Finder, choose Go > Connect To Server, and then click Browse.

Select the other computer in from the list of computers on your network and enter the administrator name and password for the remote computer.

In the Finder, choose Apple menu > System Preferences, and click Parental Controls...

... In the Accounts list, in the Other Computers section, select the remote user account you want to change.

Enter the administrator name and password of the remote computer.

3. Adding sites - only the domain matters

I thought I could get finer grained control by adding links to subsites (ex. www.google.com/mail), but that doesn't work. Only the domain seems to matter (though I'm not totally sure about this).

See also:

• Gordon's Tech: Parental Controls - The wikipedia problem solved
• Gordon's Notes: Parental controls - not an Apple thing (2007 - 10.4)
• OS X parental controls logs still broken in 10.5.7
• Can't select Jabber or Google Talk for iChat? Parental Controls conflict
• Gordon's Notes: The software Apple can't do (2009)
• LEGO Digital Designer conflicts with Parental Controls

Update 5/15/10: If this is true, I can't blame Apple's parental control failures on Steve Jobs disinterest.

YouTube: The HTML5 Flash-Free announcement

The official announcement: YouTube Blog: Introducing YouTube HTML5 Supported Videos.

Flash is miserable on OS X, especially on G5 machines. It's not much better on Windows and, of course, it doesn't work on the iPhone. Adobe's incompetence has earned them a lot of geek loathing.

To use this beta you must be logged in to YouTube and opt in to the trial (this page also lets you opt out). If you're using a supported browser (Chrome, Safari) you get H.264 HTML 5 video rather than Flash. You can't do full screen and videos with ads, etc will still be served via Flash.

I'll report back on my own experiences.

Fixing the Time Machine / Time Capsule 10.5 "Backup volume could not be mounted" bug

After some network revisions and machine migrations It was time to clear out some Time Capsule backups. Alas, there's no documentation on how one can do this. Even the excellent Take Control of OS X Backups eBook has no advice on removal of an entire machine backup. [Update: Joe Kissell, the author, responded almost instantly to an email. I've updated my post on freeing up TC storage with his response (that post also summarizes TC documentation).]

The best advice I could find is to erase the Time Capsule disk. I have other backups, so I went ahead. That part went well.

My 10.6 machine resumed its Time Machine backups with no problems. My 10.5 machines, however, complained that the "Backup volume could not be mounted".

Turns out this is a known 10.5 bug -- an unfixed10.5.3 bug.

• Mac OS X 10.5.3 or later: Time Machine - "Backup volume could not be mounted" after changing network volume's password
• Time Capsule: Time Machine backups do not mount
• Mac OS X 10.5: Time Machine - "The backup volume could not be found" alert

I had success with

• Open Time Machine preferences
• Click "Select Disk"
• Reselect the Time Capsule disk.

I was then asked to enter a user name and password -- but dialog showed only a password (bug). I think user name in this context is really the machine name. I'd enabled guest access so I clicked "guest" and the backup resumed.

Note that since Apple fixed this in 10.6 but not 10.5, it's an example of a bug that can drive new machine purchases (older machines can't run 10.6). Bundling backup with the OS wipes out the alternatives, and since backup is essential unfixed bugs can be very profitable for Apple. This one, at least, is relatively easy to work around.

See also:

• Time Machine: Fail first, then flaw discovered - a more obscure bug in 10.6
• Freeing up Time Capsule space – and documentation for Time Machine and Time Capsule
• Time Machine: Troubleshooting backup issues

iPhone text message chiming in silent mode

Midway through my UMN lecture on computerized physician order entry my 3G iPhone started pinging. My 12 yo was texting me.

Thing was, the phone was in silent mode (red dot on the ring/silent switch). It's not supposed to chime. It wasn't ringing when I tested however, so I knew the switch was working.

I shut down and restarted the phone and changed the text message sound. Of course power cycling makes sense, but the I had a reason to change the text message sound too. That comes from my OS X experience; sometimes changing settings will fix a corruption problem.

That worked. The phone no longer chimes when in silent mode.

VMWare Fusion 3: Migration, PowerPoint and Shrink Disk

I've used VMWare 2 with Windows 2000 and Office 2003 on my MacBook for almost a year. I hardly ever use it, but it's compact and fast.

I wasn't sure I'd bother installing VMWare on my i5 iMac, but then I discovered how lousy PowerPoint 2008 really is (an especially bitter discovery since my first impressions were very positive).

So I downloaded the 30 day trial version of VMWare 3, installed VMWare Converter on my creaky XP box, and created an XP image on my iMac including Office 2003. I'm pleased to report that PowerPoint 2003/Win in the Fusion VM is at least ten times faster than PowerPoint 2008 for OS X.

Here are some discoveries of note:

• VMWare on the iMac had trouble connecting to VMWare Converter. I had to restart the XP box to make it work. I think a pending install created a problem.
• The conversion took an hour or two.
• On VM startup it looked at first that only one account had been created -- the XP box had had 3 accounts. I restarted the VM and it showed all 3.
• I couldn't get VMWare Tools to install. I had to login and connect to the share then run setup. This took a couple of tries I think, and a restart or two. It wasn't as smooth as VMWare 2, but my previous efforts didn't involve migration.
• I had to re-authenticate the VM XP box with Microsoft. That took a few minutes. I'm still running the old box so I unplug the network cable when the VM is running. I'll be putting the old box out to pasture soon. (It's amazing how silent the office is when only the iMac is running.)
• The VM migration created about 50 2.5 GB files in an OS X Package (executable folder). This can be changed in settings. It's done to get around FAT max file sizes; I wonder if it might help with backup. (If you create a 100GB single file VM, each time you open it you'll create a 100GB file that needs backup.)
• I didn't remember than I had two drives in the XP box. The VM had both drives; one held an old redundant backup. I deleted that drive (Settings:Hard Disks) but the VM didn't shrink. I used the "Clean Up Disk" function and that shrank it to a nice 50GB.

See also:

• Experiment with VMWare -- for free
• Parallels to VMware - my experience (Win2K install)
• VMware academic discounts: Fusion and Windows Workstation
• Why I'm downloading Windows 7 RC tonight ... (It runs on my MacBook)
• VMWare Converter - turn your XP box into a VM platform
• How to fix permissions in an OS X Package and how deal with VMWare Fusion Insufficient Permission problems

Update 3/11/2010: It's been performing excruciatingly slowly. I haven't been able to find any explanation. Startup times of about 3-5 minutes, intermittent very slow operations. It behaves like it has no working memory.

Update 10/26/10: I finally get around to speeding it up.