Sunday, September 11, 2011

Services manager for OS X

MacOSX : Services Manager: Apple's top secret utility for managing OS X services.

at No comments:

Saturday, September 10, 2011

Toodledo: How you can give me the search I need with your current architecture

I've been a Toodledo web app customer for years. I use their web task management service with Appigo's ToDo.app.

It's an old relationship born of historic necessity. Toodledo and Todo don't approach tasks and projects the same way, there's the usual awkwardness of dueling data structures. These days most people would want to use Toodledo's cloud service with Toodledo's iPhone app or Appigo's Todo.app with their Todo online.

I've lived with the two for a while though. I appreciate Appigo's elegant iOS client, and it rarely fails me. That reliability means a lot. I know what works with Toodledo and what doesn't; I only use what works. On the other hand, I admire Toodledo's wide range of task integration and data liberation policies, especially the ability to mail myself a task. That's huge.

On the other hand, I need Todo's full text search. I've been pestering Toodledo to provide full text search of my tasks for (literally) years. They won't do it. So I have full text search of tasks on my iPhone but not on the web. On the web I can only search within a field (default is the task title).

Frustrating. I'm ready to leave both of them for something better. Still, I'll make one last try to persuade Toodledo that they can give me 80% of what I want without abandoning their current infrastructure.

Toodledo, here's the search I want built using your save search function, where "term" is the string I want to search on.

Screen shot 2011 09 10 at 10 12 03 AM

See, it's not so hard. You can do this with your current infrastructure by

1. Let me save this search with a name.

2. Let me make the named search my default search.

3. Provide a checkbox that means "search all fields with this string". Check it and gray out two of the fields leaving me one to type in (there are more elegant UIs obviously, this one has the fewest changes).

Thanks for considering this!

Update: Even simpler. Just let us save this as the standard search.

Update 9/12/11: This time Toodledo had a different response to my inquiry: "This is on our to-do list, but it is our policy to not comment on our roadmap or delivery dates for future feature improvements or bug fixes.". Joy!

at No comments:
Labels: ,

Friday, September 09, 2011

iPhone calendar bug: list view one day off

Odd bug! My iPhone's calendar list view was one day off. The day view was fine.

Fix was to turn off google calendar sync to remove those calendars. Then turn it back on.

New one!
at No comments:

Thursday, September 08, 2011

Making the most of Google's alternative "2-step" verification model

It's been almost five months since I implemented what I then called Google's two factor authentication. My original enthusiasmwaned significantly as I better understood what Google had done, and how they'd stalled.

Now I'm in a more or less grumpy but stable relationship with Google's "1.4 factor" security model. I wouldn't call it "enhanced" so much as "alternative". If you're not careful, you may end up less secure than when you started. It is definitely not for everyone -- indeed, it's for hardly anyone who uses anything but Google's web UI to access Google services.

I'll share here how I currently live with what Google calls 2-step verification. First, I need to explain what it really is. Disregard Google's labels and descriptions; they're dangerously misleading.

To begin with, consider two kinds of access to Google Services (mail, calendar, documents, etc):

  1. Browser based access to Google's services (Ex: Google Docs, Gmail, Google account, Plus, etc)
  2. App based access to Google's services (Ex: IMAP/Mail.app, G+/Google Plus.app, Calendar/Calendar.app)

When you sign up for "2-step" you get two kinds of authentication for browser based access to Google services and one kind of authentication for App based access (including many of Google's iOS apps, such as the brand new blogger.app [1]).

Yeah, it's a mess.

There are two kinds of password/token access to Google's browser based services, including the ultimate service -- your Google account security controls:

  1. Combination of a standard user-defined password and a token (app created or SMS messaged)
  2. "Break the glass" emergency one-time use verification codes for when a token is lost

For App based access you use your Google Account to create one or more long (high entropy, secure if not captured) passwords. Contrary to Google's descriptions, these are not application specific. They're just alternative passwords for non-web services. You can create one and use it for fifty apps (iOS, OS X, XP, multiple machines, etc, etc) or you can create fifty. You can revoke these, but good luck figuring out which to revoke. In practice, if you think you've been compromised, you have to revoke them all. (It's possible that if Google thinks you've been compromised it would revoke only the password used. I'd still revoke them all.)

These Google-generated passwords are powerful. You can't use them for browser access, and  you especially can't use them to get to Google Accounts, but you can use them for API access to all mail, all calendar, iOS access to Docs, etc. The more you create, the harder it is to keep track of all all of them, and the more vulnerable you are. Most of us, however, need these. Often.

So here is what I now do

  1. On my work machine, which is not a trusted machine, I use only web access and I require Google to ask for a token at all times. (There's a bug though. Unpredictably Google will decide to trust the machine for a month. As I mentioned, Google seems to have lost interest in 2-step! Even on a "trusted" machine, however, you need a token to mess with security settings.
  2. On trusted machines, including my OS X personal machines and my iOS devices, I use the same Google generated password for all apps. I create it once and store it in my encrypted 1Password database. (In the past, before I realized how this worked, I created many "app-specific" passwords. I'm gradually removing those to improve security and simplify revocation.)

See also:

-- fn --

[1] Wrong! It actually follows a newer practice. It uses a web UI for login. When you try a generated password it requests the browser password then redirects to a (crude) web UI for token entry.

at 2 comments:
Labels: , ,

Wednesday, September 07, 2011

Converting Email from Eudora OS X to a modern format - the TidBITS review

My Eudora archive is in PC format. So converting to OS X is even more of a pain.

A pain I'll have to face sometime. As Eudora fades away conversion options narrow. So sometime soon ...

Today Adam Engst published the comprehensive conversion guide based on his experience with a million message archive. It's not pretty (emphases mine) ...

TidBITS Networking: Converting Email from Eudora: Why I No Longer Live at the P.O.

... Before you get started converting your Eudora mail, there are two cleanup tasks I recommend taking first (and another that I discuss in the Eudora Mailbox Cleaner section below). ... Before you convert your mail, you should compress your mailboxes, to make sure that any deleted messages that haven’t yet been removed from the actual mailbox file are not exported with the rest...

Second, if your Eudora Folder is anywhere near as old as mine, it dates to the classic Mac OS, where the / character was perfectly legitimate in filenames. If, like me, you used / in some mailbox names, you’re going to want to rename those mailboxes before converting them, since some utilities will see the / and create a new mail folder, thinking it’s a Unix directory...

... Apple Mail features a built-in Eudora importer that provides the most obvious approach for importing your Eudora archive. If it were the only option, it might be acceptable, but in my testing, it missed converting at least some very old mailboxes. In those it did import, it failed to bring in attachments, messages status, and labels. Worse, in many mailboxes, it appeared to duplicate messages...

... Apple Mail can also import Unix mailbox files, so the question becomes, how do you convert Eudora mailbox files into Unix mailbox files (the two formats are similar, but not identical)? There are a number of options here, including the standalone program Emailchemy and a utility called EudoraExport that’s embedded in Eudora OSE. I had good luck with Unix mailbox files created by EudoraExport...

... now that I have my entire Eudora archive in Apple Mail, I think I’m going to leave it there as well, in case I ever want to move it somewhere else. I’ll stick with either the version of my Eudora archive created by Eudora Mailbox Cleaner (which maintained some message status, along with attachments) or Eudora OSE’s EudoraExport (which didn’t maintain message status, but did bring in attachments and which seemingly found about 120,000 more messages). I’m not a fan of Apple Mail, but its future is guaranteed and I don’t need to use it for anything but access to this email archive...

I'm surprised Apple Mail can handle an archive this large, though Adam tells us search is very slow.

See also:

at No comments:
Labels: ,

Tuesday, September 06, 2011

Usenet 2: StackExchange and apple.stackexchange.com

A few years back two geek gods, Atwood and Spolsky, put Stack Overflow together. They were responding to the sploggish network of tooth grinding programming support sites of the day.

From that grew StackExchange. For geeks of a certain age, the current 61 sites feel like the 2nd coming of Usenet. (Once Usenet was great. Yes, I know that's hard to imagine, especially since you don't know what usenet is/was).

Among the 61 is the best Apple Q&A site on the web. It's where I look to learn and contribute. It's turbocharged my Google Custom Search engine for OS X search.

Here are a few others that personally interest me ...
Sure sounds like usenet. For example: Science Fiction and Fantasy.

I wish I knew how Jeff & Joel were going to get rich from all of this, but I suspect they have ideas.

at No comments:
Labels: , ,

My MacBook Air case is a Ziploc baggie

I bought the 11" Air instead of the 13" because I wanted portability above all. It's a tough call, but Lion's 'full screen' integration with Mission Control makes that small display usable. For real work, of course, I add an external display.

So I didn't want to sacrifice portability by adding on a $30+ neoprene sleeve. The Air itself feels pretty study. It is, however, not waterproof. So I've been looking for a tight fitting 'case' that would provide water protection with a bit of surface protection.

Something like a .... baggie (I know what you were thinking).

For the moment I'm using the Ziploc 2 gallon Heavy Duty freezer bag: 13" x 15.6". The horizontal (13") dimension is a good fit, but it's far too long. I would prefer a 13" x 8" baggie. So I'm still looking, but for the moment the current bags are fine. Those I don't use up on the Air I use in the kitchen. The price is certainly right.

at 1 comment:
Labels:

Sunday, September 04, 2011

Back to the future: OS X Parental Controls, DVD Encyclopedias, and MacKiev

I was born into a world of progress. Things were supposed to get better, the old would fade away.

That was then. Now we live in a whitewater world. One year we get the iPhone, another year movie viewing fails. Bits and pieces of solutions come together then fall apart again. Cloud services come and go with bewildering speed (fear the cloud).

In this world all-but-forgotten DVD Encyclopedias are making a return to our home. That's weird.

They're coming back because OS X Parental Controls have failed me [1]. Lion's PC "bug fix" was the last straw.

Sure, I blame Apple -- but it's not their fault alone. For reasons both good (bypass tyrants) and bad (involuntary marketing) the web fights controls. I can't win this fight.

So, in addition to the child accounts we monitor by log tracking (%$$# OS X Log Viewer), I've created a completely open account on one of our machines. That account can be open ... because it has no net access. None at all.

This account has old-school local apps like iTunes (access to our media server, App Store and Ping disabled) and AppleWorks. The machine is old enough to also include a 6+ yo copy of World Book encyclopedia.

That old encyclopedia could do with a tune up. So I took a look at what's available in DVD land. Amazon has the 2011 copy of EB (Mac/Win) for $23. That's a good end-of-year deal, but I'm skeptical about the quality of their OS X software.

On the other hand, MacKiev, a Ukranian OS X dev shop that did a great job resuscitating Mavis Beacon Teaches Typing produces the Mac version of World Book Encyclopedia. It runs on both legacy and Intel machines all the way from 10.3.9 (!) to Lion. It's more money ($40) but I'll give it a try once the 2012 edition comes out.

I've really got to hold onto my old software going forward.

[1] Incredibly, iOS is even worse.

at No comments:
Labels: , , ,

Friday, September 02, 2011

Migration of metadata from Aperture to iPhoto and Google's Picasa web albums

There can't be more than one person in a million who cares about this.

This post is for you. Please comment so I know I'm not alone. (Just joking, I know I'm alone.)

I've been curious about how metadata (title, comment, etc) passes between Aperture 3 and iPhoto 8.1.2 [8]

I ran an experiment today to find out. I started with a RAW image. I exported a JPEG version to the desktop then dropped it into iPhoto. I also, for the heck of it, used iPhoto's Aperture browser and dropped an image in that way. [5]

Here's what I found (see [6] below for a note on the table).

  • n/d means not displayed
  • e- means it can be seen in the EXIF details on Picasa Web album
Aperture Attribute Name
 iPhoto Name
 Picasa [4]

File
 Media browser
 File
Version Name
 n/d [3]
 title
 n/d
Caption
 description
 [2]
 n/d
Rating
 none
 n/d
 n/d
Keywords
 keyword
 n/d Tags, e-keyword
Title
 title
 n/d
 Caption, e-object name
Event Name
 n/d n/d n/d
Image Location (text)
 n/d n/d e-location
State/Province (text)
 n/d n/d e-state
Image Location using Places
 n/d [1]
 n/d
 yes [1]

So if you, for some strange reason [7], edit in Aperture but store in iPhoto, don't bother rating photos. You can, however, use the following attributes and see useful information in iPhoto 8:

  • aperture.Title -> iPhoto.title
  • aperture.Caption -> iPhoto.description
  • aperture.Keyword -> iPhoto.keyword
  • aperture.Version Name -> file name if specified during export
  • aperture.Places -> not rendering for me in iPhoto 8, but it's stored correctly and Picasa Web Albums can use it.

When exporting from iPhoto to Picasa only iPhoto.title and iPhoto.keyword are used.

Based on this experiment, I crated a custom Aperture metadata set that included Title, Caption and Keywords. I also customized my Grid View - Expanded metadata (cmd-J) to include Title, Caption, Keywords and Version Name.

Update 9/7/11: It appears that the Aperture Project Name is written to JPEG EXIF during export and read by iPhoto during import. Most surprising.

-fn-

[1] This really surprised me. In the past this metadata had been preserved. I wonder if an Aperture update made it incompatible with my older version of iPhoto. Although iPhoto 8 couldn't read the location metadata, it was in the EXIF header because Picasa could read it.
[2] Something odd happened here. I'd assigned a Caption on Import and that's what showed up in iPhoto. I suspect it was IPTC metada from the RAW image.
[3] This can become part of the file name on export from Aperture. The iPhoto.title attribute can be set equal to the file name by batch update. So there's a way to pass this to iPhoto if desired.
[4] Exporting from Google to Picasa Web Albums using Google export
[5] This isn't something you'd normally do. It just saves a @500K JPEG Aperture uses as a preview images. Still, it's interesting to see what happens with the metadata. 
[6] When I tried to create this table I again mourned the passing of FrontPage, Windows Live Writer (all but gone) and the great wysiwyg editors of old. Neither MarsEdit (this tool) nor iWeb do tables. So I downloaded SeaMonkey (88MB - once that was a lot). Since I remembered Netscape Composer I had a major flashback with fascinating visuals.
[7] I'm stuck in iPhoto until Apple changes Aperture's iPhoto import to include more metadata. Also, I don't trust RAW for archival storage. I save JPEG and discard RAW.
[8] I haven't updated to iPhoto 9, the dead fish smell has been offputting.

at No comments:
Labels: , ,

Tuesday, August 30, 2011

Migrating Contacts from Outlook/Exchange server to OS X Address Book via MobileMe

For the past year I've had one set of Contacts in Outlook/Exchange server and another set in OS X Address Book/MobileMe. My iPhone pulled in both sets, so they met there. (I'll omit the added complexity of how I sync to Google.)

This worked quite well, but now I need to bring all my Contacts into OS X Address Book. There are several ways to do this [1], but in the midst of some quick Google searches I remembered I'd written about this. I like my approach best, as detailed in two 2009 posts (neither of which rank highly on Google fwiw [2]):

The value of this approach is it uses Apple's own software to manage the Outlook to Address Book translation. The problem is that it requires MobileMe, which is no longer publicly available. I'm hoping Apple will do something similar with iCloud -- assuming they don't shut Windows out entirely.

The software I use is the Contact Sync tool built into MobileMe for Windows. These are the components:

  1. MobileMe (alas, closed to new users ... maybe iCloud will work one day?)
  2. Outlook 2007 running on XP (in my case, in a VM)
  3. MobileMe Control Panel for Windows (no support for Outlook/Exchange, only Outlook standalone)
  4. OS Address Book.

The first step is to get a copy of my Contacts into Outlook 2007 at home.

  1. Clean out all Contacts from Outlook 2007.
  2. Using MobileMe control panel and "sync reset" I sync everything from MobileMe into Outlook 2007.

Second step is to copy my Contacts from Exchange Server to a PST file. This has the added benefit of transforming X400 style email addresses to standard format.

Third step is ...

  1. Back up OS X Address Book contacts.
  2. Add the PST file as a data file and drag and drop Contacts into a subfolder of Contacts (see above articles for details, this is how Apple's sync software treats OS X Address Book Groups -- as Contacts subfolders).
  3. Sync again to get them all to MobileMe and inspect MobileMe.
  4. In OS X sync to get them all to Address Book.

I'm reminded of something I'd forgotten -- how vastly better Outlook is for managing contacts than OS X Address Book -- especially since Microsoft Access can manipulate Outlook contacts. It's reason alone to have my VM keep synchronizing with MobileMe.

[1] CSV export doesn't work very well. There are some utilities that probably work; one reader of mine had success using Plaxo.
[2] A splog that had stolen a post of mine ranked higher than my stuff. Maybe I should start taking Google's ads?

at No comments:
Labels: , , , , , , ,

Lost and found: putting contact info on iOS and OS X login screens

Most people are reasonably honest, and for some integrity is a point of pride.

So if you lose your iOS or OS X device there's a good chance it will be found by an honest person. Alas, at that point they're stuck. They have no way to know who to return the device to, especially if it's encrypted (as it should be).

It's easy to remedy this for an iOS device. You can make any image the background for the iOS login screen. I typed my contact info into an iOS Note, saved it as a screenshot, then made it my login background. For good measure I taped a business card into the back of my Speck iPhone case.

Things aren't as easy for OS X, including Lion. There's no tool for changing the login screen background, you have to hack it. On an Air, you can't even tape a business card or write contact info on the battery. (Yes, you could try a Sharpie on the back. That takes a Vulcan dedication to logic!).

For my Air I put my contact info into the password "hint" box. If someone clicks on the question mark next to my name on the login screen they'll see it. This is subtle though, so I'll probably hack the login screen too, and use a pixel editor to put my contact info there too. I did something like this once with a digital camera.

Apple should make it easier for honest people to help us out ...

Update: Yay! There's an official way to do this in Lion. KimH had the tip in comments. I'm starting to like Lion a bit more ...
at 1 comment:
Labels: , ,

Gmail and Google Contact Groups: At last, simple paste of a list of email addresses

I've not seen mention of this, but for me it's the biggest improvement to Gmail/Google Contacts in months. Heck, it may be the most valuable thing Google has done for me in 2011.

Years ago, when Gmail was definitely beta, we could create email "lists" (Groups) by pasting a list of email addresses into a text field. Gmail would digest the list and create a Group. Google removed this functionality, perhaps to reduce abuse by spammers. Instead we had to create Groups one member at a time. This was a serious PITA for the various sports teams and organizations I work with.

I gave up hope that Google would ever restore this functionality, but today I discovered they have -- probably in the past few weeks.

It's subtle, but the UI for creating a Group, or adding email addresses to a group, is now an expandable multi-line text box. If you paste in a list of email addresses Google will match them to existing Contacts and add the Contacts to the Group. Failed matches become new email-address-only members.
at No comments:
Labels: ,

Tuesday, August 16, 2011

My Lion bugs - collection

I'll be using this post to collect the Lion (OS X 10.7) bugs I run into, and track which are fixed. I think Lion will ready for general use by summer 2012.
  1. Not a new bug -- but Lion Parental Control log display, like all prior versions of OS X, truncates the visited or blocked site descriptions.
  2. You can't create a guest account on a FileVault 2 encrypted disk. The option to do this is grayed out. If you are careful you can rest a mouse pointer on the checkbox and get an explanatory text. This makes sense, but the bug is a failure to notify the user; the UI doesn't work.
  3. There are problems with security and privilege escalation when users do administrative tasks from non-admin account. I think these will take a while to fix. They probably play a role with these bugs; I use a non-admin account most of the time.
    1. Printers shared by 10.6 machine are not visible to Lion machines. I was able to get the printer to show up by applying a pending 10.6 update and restarting both the print server and my Lion (Air) client. I have a hunch this is somehow related to the 'download from internet' bug (see below) and at root it's a security bug.
    2. Lion does not remember 'download from internet' 'do you want to open' choices. It can persist is asking them.
File these under criminally negligent design rather than mere bugs ...
  1. iCal
  2. Address Book
at 2 comments:
Labels: ,

Friday, August 12, 2011

OS X: Firewire 400 networking faster than Gb ethernet

I've idly wondered about this and today I had a real world test.

I am copying a 64GB VM image between machines.

I knew it wouldn't work, but for fun I tried 802.11n. That was estimated to take days.

Then I tried Gb ethernet. OS X estimated 6 hours.

Then I tried firewire 400. It's little known, but 10.6 and earlier supported networking using Firewire (probably using Bonjour/Rendezvous discovery). Both machines assigned the one another an IP address and they connected (there was a little pizza spinning because I forgot to dismount a network share first).

The transfer was initially estimated to take 5 hours. Now it looks like it will complete in 30 minutes.

So it appears that OS X Firewire networking is much faster than Gb ethernet, which one wouldn't guess from the specs (Gb > 400 Mb). On the other hand, the firewire estimate started out as 5 hours and then suddenly sped up, so there's something quirky here.

Incidentally, doing firewire networking makes the laptop run hot. It's working ...

at 1 comment:
Labels: ,

Shrinking a pre-allocated Mac VMWare Fusion virtual machine image

My "pre-allocated" VMWare image was taking up 120 GB on my drive for about 40GB of data. I found many references on how to shrink these images (.vmdsk), but they were largely obsolete and misleading. It takes a while, and the steps are weird, but it's fully supported by VMWare 3.

At a high level, here are the steps. Alas, I'm short of time so no details.

  1. Close down the guest OS.
  2. Using VMWare settings for 'hard drive' you can change the image from pre-allocated to the default. This takes hours but it works.
  3. Open the guest OS and run XP defrag.
  4. In the guest OS update VMWare tools.
  5. In the guest OS Run VMWare tools "shrink". Takes hours.
  6. In the guest OS Defrag again as a nice-to-do.
  7. Shut down and restart to make it all nice and clean.

My image now consumes about 45 GB of drive space. It's not pre-allocated, so it will get host OS fragmented as it grows but I can live with that.

at No comments:
Labels: , ,
Subscribe to: Posts (Atom)