Google Apps: Configuration for a non-Google managed domain

I now have four Google App/Domain pairs and I've created a fifth Google App for Minnesota Special Hockey (at the moment the latter is down for the migration). I've also suffered through more-or-less migrating several blogs to "custom domains". Even if I ignored recent Gooflops at Gmail and Blogger my experience with Google Apps would confirm Google has way too many partially finished products. Here's some help.

If you create a Google App and register a domain (via eNom, Google isn't a registrar (!)) it's not too bad, though the documentation is scant. If you have an existing domain you want to migrate into the Google Apps suite ... well, prepare to gnaw a limb off. Unless, of course, you read this first, in which case you'll probably decide this is ridiculously complex and do something else.

Here's the secret sauce, hidden away in the help file, I found it because I knew to search help with the string "ghs.google.com".

1. Sign up for your free Google Apps. Non-profits like MN Special Hockey can start out with the regular freebie and then easily upgrade for more free support and services.
2. Now you need to validate your ownership. You can either do this with a CNAME record or you can create a file in the root of your domain that Google will look for. I prefer the file trick since CNAMEs can be treacherous. The Google page for validation will tell you what to do. (See [1] below for a bug in Google's directions.)
   
3. Change your CNAME records (these are simple redirects) to both validate your ownership (if you choose the CNAME validation) and setup your custom URLs for your content at the same time. [2]
   For example (using kateva.org, the domain that hosts this blog), create these CNAME entries all with a relationship to ghs.google.com
   news.kateva.org (for your blogger blogs, I prefer this to blog.kateva.org)
   www.kateva.org
   start.kateva.org (this is the Google Apps "desktop" page)
   calendar.kateva.org
   docs.kateva.org
   mail.kateva.org
4. Google help tells you to do use a "CNAME Lookup" service to test the CNAMEs, but when I followed their advice to "Google" for a service I found nothing. Dumb. Until you validate you can't do anything. Once you validate you can use Google App services at Google URLs.
5. Wait until you're validated, then login to your Google App (https://www.google.com/a/cpanel/kavteva.org for example) and change to the custom URLs that match the above. A bug in Google's "start" page means it always displays the non-custom URL but users can reach it via the custom URL.
6. Now go to blogger and change your blog to the custom domain of blog.kateva.org (for example)
7. If you want the email to work, you have get your ISP to change MX records: "Mail Exchange (MX) records control how incoming email is routed for your domain. Before Google can host your email, you'll need to change these MX records to point to our servers." Until then users get fairly useless generic emails.
   

[1] I attempted to validate using the old "upload file" trick, but Google's documentation of this was nonsensical. Here's exactly what they wrote (changing the secret token):

"Create a HTML verification file named googlehostedservice.html , copy the text specified below into it, and upload it to http://mnspecialhockey.org/ . googledwkgf4845250

Here's what they meant:

1. Create googlehostedservice.html
2. Put the text "googledwkgf4845250" in the file googlehostedservice.html
3. Upload googlehostedservice.html to http://mnspecialhockey.org/

[2] Some registrars let you change CNAMES yourself (yay!) others (boo, hiss) make you write them an email.

Update 7/21/07: I'm still working through this, when I'm done I'll revise this entire post. A few things to note:

1. When you're trying to integrate a pre-existing domain and hosting arrangement with Google Apps you really want direct control over you CNAME redirects. It's a pain to do this otherwise.
2. If you have a pre-existing hosting arrangement your main decision is whether to keep the original web page and file hosting or switch to Google Apps (very weak) web page designer(Google Page Creator) and file server. If the former you want to keep your domain name under the control of your host and keep a CNAME redirect of www.kateva.org (for example) to the domain name. If the latter you probably need to give up the hosting arrangement entirely and plan to recreate all web pages in Google Page Creator (impractical for any but the simplest sites). The case of mnspecialhockey.org is unusual in that we will want to move the web hosting to Google Page Creator because we need something very simple that anyone can maintain.
3. You may need to restart your router to see some of the CNAME changes. I suspect my router was caching old IP addresses, I didn't see the changes until I restarted it. Might have been coincidental.
4. There's a bug in the Google Apps "start" page. Even if you change to a custom URL and create a CNAME redirect, it still publishes to the original "partner" URL and the custom URL resolves to the "partner" URL. I thought this was a Lunarpages error, but I see the same behavior with Google/eNom managed pages.

Update 7/23/07: I've got most of the configuration working, and now I'm implementing workarounds for the one residual intractable problem -- there's no simple way to have mnspecialhockey.org redirect to www.mnspecialhockey.org. It always directs to the lunarpages "subdomain" IP address. I can redirect from index.html on that machine of course, but that doesn't help with other page requests.

Lunarpages recommended URL rewriting using my /public_html/mnspecialhockey/.htaccess file:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^mnspecialhockey.org [NC]
RewriteRule ^(.*)$ http://www.mnspecialhockey.org/$1 [L,R=301]

I'm not positive Google approves of url rewriting, but this example is fairly benign. I reviewed Matt Cutts writings on the topic and I didn't see an obvious red flag.

Update 7/24/07: The URL rewrite seems to work, though the original one I was sent had an error in it (above is corrected). Lunarpages, to their credit, quickly adjusted the MX records so the email now works.

Update 8/31/08: Things were far simpler when I switched from Lunarpages to DreamHost in August 2008. I also have a more detailed explanation of how things work.

Skype on a Mac - the authoritative review

The best I've seen: TidBITS: Choosing Mac-Compatible Skype Hardware

iPhone without the cellphone plan costs: Activate by prepaid card

A thorough analysis: iPhone + Disposable Cellphone + Prepaid Cards + New Activation Tool = Holy Cow - The Unofficial Apple Weblog (TUAW). Phone hackers are working overtime on the iPhone, and achieving some nice results. 

How to insure your iPhone and/or laptop - use your home insurance company

Great research from TUAW:

Insure your iPhone, because AT&T won't - The Unofficial Apple Weblog (TUAW)

... I decided to call a few insurance companies in the Colorado area to see if they could cover it. What many people might not know is that these companies typically cover electronics like mobile phones and even notebook computers, often at prices far cheaper than extended warranty plans from manufacturers and retail stores. While I'm not entirely familiar with how fast actin' or comprehensive this kind of coverage is from every provider, I do know that mine - State Farm - will cover both hardware failure and accidental damage (though accidental damage will cause my premiums to increase, while an incident like theft will not).

Back to getting coverage for your shiny new phone, however, the summarized rundown I got from calling three of the big general insurance providers (Allstate, Geico and State Farm) is that attaching a clause to a renter or homeowner insurance policy specifically for covering an iPhone would add only $5-20/year to a policy. Keep in mind these were estimates based on a $600 iPhone, and it appears that you can't simply ask these guys to insure a phone; you need to have some kind of a primary policy with them first, then attach this specific clause. Surprisingly, every representative I spoke with knew exactly what an iPhone was, and a couple of them asked me whether I was happy with mine.

I admit, I've been lax. I haven't been insuring my laptop with my homeowners insurance. I need to do that, and if/when I get my iPod do that too. Thanks TUAW.

Resurrect a MacTel killed by a firmware update ...

Once upon a time I was carefully updating the firmware on a peripheral of some sort. As the update proceeded I impulsively moved to recheck the power connector ...

Brick.

Firmware updates can be lethal. Nowadays many devices have a firmware backup that will, at the very least, restore to the original firmware if an update goes bad. Alas, MacBook Pro's don't, and a recent firmware update that improved the optical drive behavior has bricked quite a few laptops. I thought a restore required a trip to Apple service, but it turns out there's a restore CD for the MacTel firmware and Apple has, not coincidentally, just updated it ... 

Apple - Support - Downloads - Firmware Restoration CD 1.3

The Firmware Restoration CD can restore the firmware of an Intel-based Macintosh computer... You can only use this to restore the firmware after an interrupted or failed update... This CD can be created on both PowerPC- and Intel-based Macintosh computers.

It won't revert an update, just fix a broken machine. Most of us just need to know this exists, if we brick our machines we can hunt it down then ... I don't know if there's a similar CD for PPC Macs, maybe they have an onboard backup.

Gmail spam filter is running amok again

Gmail's spam filter is running amok again. I just fished some important notices from the spam pile. It used to be if you added an address as a contact the sender was whitelisted, but that's not working any more.

Ironically, Google/Blogger's blog publication notices are particularly prone to be miscategorized as spam.

They were doing pretty well for several months but not any more ...

Retrospect Pro 7.5: It's better than it was

Retrospect is an old name in Macintosh software. It was the "enterprise" backup solution for many educational institutions and some businesses in the early days of the Mac.

When the Mac was dying, sometime after OS 7, Retrospect went into decline. Towards the end time Dantz, who owned it then, created a Windows SOHO product called "Retrospect Pro" that ran on a Windows machine and backed up both Macs and PCs. I wrote about my use of it many years ago. Most of what I wrote there is still true, so if you want to get my opinion of the overall app take a look at that old page.

Dantz foundered, earning a reputation for miserly customer support and increasingly buggy products. They never really adjusted to OS X; the code base was probably too old to fix and they'd deferred a rewrite for too long.

EMC bought Retrospect, and I figured that was the end. It was indeed the end for the Macintosh product line, it's not been updated in years and it's hard to believe it will be sold after 10.5 is released. I've discovered, however, that they have invested in EMC® Retrospect® Pro 7.5 for Windows.

I found this out because Retrospect Pro 6.5, which I've been reluctantly losing because there is still no alternative for automated backup of a mixed Windows/Mac LAN had become very unstable. It was failing with cryptic error messages, it's a few years old, and I was using it in an unsupported fashion (with clients released for newer server versions) -- there was no sense trying to fix it. I had to either upgrade or switch to individual machine backup - a thought too painful to consider.

I'd held off upgrading for years because Dantz releases were so buggy an "upgrade" only introduced new issues - and left the old issues unchanged. EMC looked worse at first -- no user forums, no trials, nothing. In the past six months or so, however, EMC reinstated user forums and, above all, provided 30 day trial versions of all their products. They'd done enough to deserve a look, they'd dropped the price (buy on Amazon), the upgrade price was reasonable, and I was desperate.

So I tried -- without first uninstalling Retrospect Pro 6.5 (mistake!). The first thing I got were error messages and log entries like this one:

OS: Windows XP version 5.1 (build 2600), Service Pack 2, (32 bit)
Application: C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe,
Exception occurred on 6/22/2007 at 10:56:33 AM
Exception code: c0000005 ACCESS_VIOLATION
Fault address: 004093c3 0001:000083c3 (null)

and like this:

• retrospect elem.cpp-993

I fumbled around a bit, thinking 7.5 was choking on my complex scripts, but I couldn't fix the problem. The fix was:

• uninstall Retrospect Pro 6.5
• reboot (because Retrospect does ugly things to low levels of the host OS)
• uninstall Retrospect Pro 7.5
• reboot
• heck, reboot again
• install Retrospect Pro 7.5
• reboot
• look for updates
• update and reboot

The 30 day trial then worked. I ran the backups for a week and did a few random file restores and there have been no errors, though I admit that the only Mac I backup now is a PPC Mac running OS X 10.4. I'll soon be adding in the Intel laptop and I'm reasonably sure I'll have problems -- I don't think EMC has many Mac resources left. I run the Windows software on an old XP machine I'll run until it dies and is replaced by a new Intel iMac and an XP VM.

So I bought the upgrade from Amazon, thinking I should get the physical media. The price was cheaper too I think. What you get is a CD - nothing else. No documentation of course, but I know this immensely complex and completely unfriendly software very well. (They've introduced "wizards" to try to make it friendlier, but I disabled those. I've no idea if they help.) The upgrade process is a bit odd, but despite hanging for a bit at one point it completed. What you get with the CD is an "activation code". You enter that on the right page, your old registration code, and your address information to get a new code, which you'd better not lose (it is emailed to you as well as shown online).

In summary, Retrospect Pro is still a very unfriendly and complex hunk of software, and the clients probably don't work properly with a modern Mac, but it's an improvement on recent versions and if you want to backup a mixed LAN affordably and automatically there are no other choices.

BTW, don't expect to be able to do a "bare metal" restore on OS X. That might be theoretically possible, but I've never heard of anyone doing it using Retrospect. This is all about backing up your personal data.