Thursday, October 09, 2008

Apple's identity and account system is screwed up. Again.

I wrote about Apple's horked account ID system last July:
Gordon's Tech: Apple's messed up Apple ID system: what are they smoking?!

... For years, even after I gave up on .Mac, my Apple ID was jfaughnan@mac.com. That's what my iTunes account and all my iTunes purchases are tied to.

Now, however, iTunes won't let me buy anything because my "email is invalid".

Turns out, somewhere in the bowels of Apple's increasingly messed up corporation, there's a requirement that the AppleID, to which all my transactions are bound, needs to be also my valid email address.

So, should I change it? I have a bad feeling about what would happen then....

Update: I found a link to Apple's Profile service, where you can change the email associated with your Apple ID.

You can't do this from the iTunes store itself -- even though iTunes kept sending me back to the account view.

After I updated the email stored in the profile service, I returned to the Apple store, and AGAIN I got the notice about a bad email address. This time, however, the account link showed a page with a NEW field in addition to my non-editable jfaughnan@mac.com account -- one holding my updated email address. I clicked done and this time I got a notice that my Apple account had been created! Despite that ominous language my purchase history was intact, the account was not created, it was updated.

After all of that I was able to buy "Voice Record" for my iPhone...
Since that screw-up I've been able to purchase quite a few Apple Store items. Today, though, when I tried to make a purchase through my iPhone, I got the same "bad email" message.

When I visit my Apple account via iTunes I see ...

So now my Apple ID field is editable.

So if I change it, what happens to all of my music and software and Apple Store records tied to that Apple ID?

Yeah. I bet they all vanish.

Apple has an FAQ page that sort of suggests that you can have multiple email addresses/Apple IDs all tied to the same account. On the other hand they also say:
... Even after your MobileMe account expires, you can continue to sign in and purchase music using your old MobileMe account name and password. You should specify a new email address in My Info, though, so you can continue to receive your invoices from iTunes...
Right.

Long odds they have at least two systems for managing identities and purchases, and they aren't reconciled.

$%@%!%

So I try myinfo.apple.com. There I find the email address I'd entered in July is gone! The email has reverted back to jfaughnan@mac.com. There I also find I can't edit my Apple ID. Apple warns me: "You cannot change this Apple ID because it is tied to a MobileMe account
and/or an iChat ID.".

Obviously jfaughnan@mac.com isn't tied to a MobileMe account and I've never used it for iChat, so, yes, Apple is kind of messed up.

Continuing on, I'll change my email. Again. It seems to work. Again.

On a hunch, I sign out of iTunes and try signing in with my newly valid email address. That doesn't work. So what does iTunes show now?

Again two lines, and again there are "errors and omissions" -- except there aren't any on my side. Just Apple's errors and omissions.


Damn it.

Update 3/4/09: Now iTunes again has me with two identies, and I'm seeing some odd behavior with iPhone updates. Apple's screwing up again.

Wednesday, October 08, 2008

Blurred fonts in 10.5

When I updated my 10.4.11 iMac to 10.5 I noticed some AppleWorks apps were rendering with quite nasty looking fonts.

I thought that was an AppleWorks problem, but today I started up iTunes 8.01 and this is what the EULA looked like (click to see full res).

Yeck. Unfortunately I'm not a font guy, so I can't tell which font is causing the trouble. In fact, I know very little about OS X fonts.

Two knowledge base articles (yay for my custom search) helped:
Font Locations are pretty much what one would expect. There's a location for the user, for all users and for the system. I had nothing in the user folder.

In my System Fonts folder the dates of the fonts were Oct 2, 2007, Sep 28, 2007 and Sep 23, 2007.

In the Apps Fonts folder I saw the same 3 dates. So I figured anything with those dates was good.

I also found 23 fonts with dates from 2004 to 2007. I suspect some of those came with AppleWorks. Palatino was on that list, it also comes with iWork that was once installed on this machine.

I've removed those fonts for now. I'll use Onyx to clean up the font caches (safe boot only clears caches for the account used to login) then see how things go. I can then add back the fonts I removed and inspect them with Font Book.

I guess I'll learn a bit about fonts. I suspect there's a 10.5 bug somewhere in all this ...

Update: I can't find information on how to make iTunes redisplay the EULA so I switched users and opened 8.01 for the first time in a different account. It displayed properly. Then I went into the iTunes App Package and hunted down "License.rtf", then pasted the text into Nisus. The text is clear now, in Nisus it shows as Lucida Grande. So I don't know if I fixed anything, but I won't bother with Onyx for the moment.

I did check AppleWorks and many fonts still render badly in the spreadsheet. I'm thinking that one's an AppleWorks problem, maybe a really old problem.

Wikipedia has an excellent article on OS X fonts.

Feeds, IE 7 and Outlook 2007 – The Horror

I knew the XP feed reader situation was limited.

On the other hand, I’d done some lightweight feed reading with IE 7. Yeah, it’s very limited, but it didn’t seem too bad.

Then I “upgraded” my corporate environment to Office 2007.

Words fail me.

Yes, there are apparently some nice Outlook improvements, though I’m not sure how well they really work. Certainly many longstanding issues were not fixed; it looks like the Outlook team got half way through their deliverables and then moved into salvage mode.

On the other hand, I’d grown accustomed to the combination of Windows Search 4.0 (XP) and the old Outlook/MSN search toolbar. The combined result was excellent.

The toolbar doesn’t work in Outlook 2007. The built-in “instant” search (standard on Vista, requires Windows Search installation on XP) is … well … inexplicably bad. Who … how … what …

I can’t go on.

Oh, and it’s slow, very, very slow (though that may be related to next issue).

Okay. Maybe I can fix search. I’ll get used to using the deskbar shortcuts and typing complex syntax. I’ll live without the cross-PST conversation threading. I’ll rebuild my GB indices.

Let’s try the Feeds. Wow, Microsoft has a unified IE and Outlook feed service. How elegant. A systems service. Works fine with a paltry number of feeds, let’s try the 150+ feeds from my Onfolio OPML file …

My hard drive goes into blitzkrieg mode. My system grinds to a halt. The indexer starts to whine. Outlook is trying to get thousands of feed messages and cache them locally. The cache is being replicated, I think, to Exchange server. My exchange server sync error messages are piling up.

Ok. Time to bail. The Feed capability was lousy anyway. No way to aggregate into folders, no group counts, etc. Not clear I can do password protected feeds.

Oh. I can’t delete 150 Feeds all at once. I have to delete them one at a time. Three clicks per feed. 500 #$!$$%!% clicks. [9/9/08: see update, this is not entirely correct.]

There must be a better way. Here’s one tip …

Biztalk Patterns: Delete all RSS feeds from IE 7 on Vista

Annoying. If you need to delete all of the RSS feeds setup on your IE7, you will have to select each entry, right click, select delete, select OK. A quicker way is to go straight to the folder: C:\Users\awing\AppData\Local\Microsoft\Feeds and delete them from there.

On XP C:\Documents and Settings\*******\Local Settings\Application Data\Microsoft\Feeds is the right setting. I have to logout to be able to delete the feeds and cache.

Except Outlook recovers them – probably from Exchange server. So the above folder is empty, but the feeds are gone.

I discover I can alternate tapping the ‘Delete’ and ‘Y’ keys and get through the list fairly quickly.

Now I’ll discover if removing the RSS feeds will fix my performance issues, and if rebuilding the indices will make search tolerable. I might try reinstalling Windows Search 4.0.

Until now I’ve assumed Microsoft would recover from their relatively tough times. They have immense cash reserves. Vista 2.0/Windows 7 will be good enough.

Now I’m not so sure.

The rot is really deep.

Update 10/9/08

  • Microsoft is aware of lots of performance issues with Outlook 2007
  • RSS integration is a known, big, performance issues. Here's how to disable it.
  • There's a way to remove and maintain feeds in Outlook, it's buried away in the Email options tab. See the latter half of this article. Even after removing the feeds, however, you must manually delete the saved articles.
  • There might be a way to safely configure feeds in Outlook. I'm experimenting with storing the feeds in a separate PST that's not indexed. I'm finding bugs though.
  • Even after I'd moved all the bad feeds to the trash (Delted Items) I couldn't empty the deleted items folder. I got this error message: "Are you sure you want to permanently delete all the items and subfolders in the "Deleted Items" folder?" I dropped the folders one inside the other to group then, then deleted the groups. For 100 items. The hectic grouping went fairly quickly. I finally got down to a single feed folder that wouldn't delete. Now Outlook said "Cannot delete this folder ... click Properties to check your permissions ... Outlook is synchronizing local changes ...". Finally, deep within, I found a folder called "Sync Issues" that I couldn't delete. I think that was the cause all along, unrelated to the feed issues. Life with Microsoft is tough. I put "Sync Issues" back in the root, Outlook needs it.
I think the only safe way to configure RSS feeds is to move the feed storage to a PST file and, perhaps, turn off indexing until it's all settled. Microsoft's documentation on this is pathetic, but this page is great:
... You can modify the RSS feed in Tools, Account Settings by using the Change Folder button on the RSS Feeds tab, but this action changes the folder location only for new items; all existing items stay in the old folder. Also, with this method if you want to move items to a different folder that has the name of the feed, you have to create that folder first. The solution to this problem is to use Outlook's Move folder command. Right-click the folder you want to move and select Move . This method not only moves the folder and all items in it, but also preserves the RSS feed link. If you rename the folder with Outlook's Rename command, RSS feeds will recognize the new name and still deliver to the correct location.

If you don’t want to use the default delivery location for your RSS feeds, you can change the location through the registry so that all new RSS feeds are stored in a PST called RSS Feeds. To change the default delivery location for RSS items, you create a DWORD called DisableRoaming with a value of 1 under HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Options\RSS.

If the RSS subkey doesn't exist, you can create it under Options by right clicking and selecting New, Key. The PST file is created and added to your Outlook profile as soon as Outlook detects the registry change so that all new RSS feed subscriptions are added to the RSS Feeds PST. The benefits of storing your RSS feeds in a separate PST are that you'll use less space in your Exchange mailbox and you can manage the RSS feeds separately from mailbox items such as your email and calendar.

If you do choose to use a PST for your RSS feeds, you should be aware that Outlook doesn't show flagged PST items on the To-Do bar automatically, but you can configure it to do so. On the General tab of your PST’s properties, select the Display reminders and tasks from this folder in the To-Do Bar check box. Here's another tip:

You can keep Windows Desktop Search—and, consequently, Outlook's search, because they use the same index—from searching the RSS Feeds PST by clicking the down arrow next to All Mail Items in Outlook's Mail pane and clearing the RSS Feed check box.

RSS folder management can be tricky in Outlook 2007. Next month I plan to write about the Common Feed List (CFL) in Outlook 2007 as well as about some additional features—and limitations—of Outlook 2007's RSS implementation.

Synchronization is Hell.

In the past few days I've run into cryptic synchronization errors from Sharepoint, Outlook, Exchange server, and Spanning Sync. Messages like
Task 'SharePoint' reported error (0x80004005) : '"****- PTO" starting on Monday, November 24, 2008, at 12:00 AM (server time) was not copied because Outlook does not support skipping over a later occurrence of the same recurring appointment...
Funny, I saw a similar Spanning Sync warning about deleting the first instance of a recurring appointment in gCal.

Synchronization between apps with identical data models is Heck. That's what Palm Desktop and Palm OS did in the good old days, and what Toodledo iPhone does with ToodleDo web today.

Synchronization between different data models, such as iCal with gCal, or Todo.app with ToodleDo web service, is HELL.

Really. Try hard to avoid jobs that involve message passing between different data models, or take 'em but ask for a lot of money.

Update 10/21/08: Exhibit #43145515 from Outlook 2007 subscription to a gCal ICS feed:
Task 'Internet Calendar Subscriptions' reported error (0x000710D2) : 'The VEVENT, "Baseball ", defined near line 2061, contains a recurrence pattern that has no instances.'
Update 11/9/08: Synchronization Hell destroys the folder/category relations of hundreds of my iPhone Notes and Tasks. Also, time zone problems between Outlook 2007, gSyncIt and Google Calendar when one views a gCal from a time zone different than the time zone for which the sync occurred, or when the Outlook even has a time zone other than default. Since time zones are Hell, and Synchronization is Hell, what do we call synchronization involving time zones?

Update 1/22/09: Many months after the multiple sync hells associate with migrating my Outlook/Palm Calendar to my iPhone I find out many birthday events were duplicated or prematurely terminated -- so I'm late with my father's card.

Update 2/7/09: Two more examples -- OS X vs. Gmail Contact data models and NuevaSync and "bad" Google Contacts.

Update 2/14/09: An oldie but goodie.

Update 3/18/09: Both Google Outlook Sync to Calendar (gCal) and Google's iPhone Exchange Sync service get messed up, leading to a massive debugging exercise.

Update 4/27/09: Google Calendar Sync disaster returns. This time, the monster is even stronger.

Update 5/15/09: I beat back the Google Calendar Sync monster, then take a huge, complex, but maybe successful run at the horrors of Project Contact.




Tuesday, October 07, 2008

WebDAV, Microsoft, DreamHost and the insane slash and pound hack

You know you're a geek when this kind of thing just drains your spirits.

It's the sheer stupidity of it -- on so many levels.

Mostly it's Microsoft's stupidity, but DreamHost deserves a whack as well.

For weeks I've been unable to connect to one of my DreamHost WebDav servers from XP machines. Works from OS X, not XP.

When I try from XP I get a windows SMB-style authentication dialog. I enter the un and password and get another version of the same dialog, but this one has a domain-authentication style username -- like ww.faughnan.com/username (yes, ww, not www).

The un/pw won't work, I just keep returning to the same dialog.

Finally, today, I worked my way through DreamHost's exceedingly annoying wiki documentation and found this little clause buried away:
WebDAV How-To Access - DreamHost

... Make this very 'important adjustment' to the file path: add the slash/ and pound# to the end of your path 'without quotes' like this: ' /# ' ...
Doesn't that just drain the life from ya? Buried away in the wiki? So incredibly obscure -- an obvious hack ...

So it works. When I enter my webdav address as http://www.faughnan.com/sillyservername/# the authentication succeeds.

So where the hell does this come from? You can't do a Google search on "/#" so I tried "slash pound XP webdav" and found this kind guidance (the old document refers to XP Home as though only it had this problem, but I use XP Pro):
You cannot access a WebDAV Web folder from a Windows XP-based client computer
WebDAV and the Troubled "Microsoft Way" of Implementation

... Misleading "feature" 298353: Add Network Place Wizard Saves the Location http:// as \\ in a Network Shortcut

... Workaround: use a port number after the domain, or use a trailing /. or a /# on any URL to use WebDAV properly in the setup wizard.
+ e.g.: http://www.atarex.com:80
+ e.g.: http://www.atarex.com/.
+ e.g.: https://www.atarex.com/#

... Explanation: the :port number on the domain name, the trailing slash dot "/.", or slash pound "/#" at the end of the URL prevents the bug which interprets the resource as a M$ network drive/SMB server
So this isn't the whole story but it's a hint.

More recently, there's this kb article which basically says "yeah, we know it's broken. Tough bunnies":
... This problem occurs when your users try to connect to a Web site whose address is something other than the root of the site....

... Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section of this article...
That led me back to this hidden 2004 DreamHost article from an old archive (I said DH deserved blame here). Turns out the problem is XP SP2 disabled BasicAuth (maybe for good reasons);
... After installing Service Pack 2 for Windows XP, you will no longer be able to connect to your account using WebDAV.

DreamHost uses BasicAuth (basic authentication) to verify your username and password when you connect to your account via WebDAV. Service Pack 2 for Windows XP disables support for BasicAuth.

You can enable BasicAuth in SP2 by adding the following registry key and setting it to a non-zero value:

HKEY_LOCAL_MACHINE\SYSTEM \CurrentControlSet\Services\WebClient\Parameters\UseBasicAuth (DWORD)

Reboot your machine, and WebDAV will begin working properly.

We are currently evaluating using options other than BasicAuth to resolve this issue. In the meantime, the workaround posted above will get the job done.

... comment: It is important to note that Microsoft disabled BasicAuth for a good reason. BasicAuth sends the username/password to the server in the clear, i.e. if someone is sniffing packets, they will be able to grab the password...
Ok, so this was disabled in 2004 for good reasons, but DreamHost still hasn't come up with a good solution?! They don't have a better authentication model?!

I'll report here whatever I get back from DreamHost -- including nothing.

Update: My DH support inquiry is tracking number: 2718630.

Update 10/10/08:
DreamHost replied. It was an honest reply. Basically ...
  • The support person admits the situation is not good, they'll push it up to the admin level.
  • They liked the idea of a link from the webdav page to the supporting documentation
  • WebDav hasn't been popular, so they haven't invested in it. (Of course that may be related to it not working as well.)
  • Vista has the same problem.

Monday, October 06, 2008

iPhone is RAM constrained

I'd forgotten how RAM constrained the iPhone is:
Daring Fireball: In the Background

... The iPhone (and iPod Touch) only have 128 MB of RAM, and WebKit can use a lot of memory. When memory gets tight, the system sends low memory warnings to running applications, telling them to purge what they can. Eventually, the system will start forcing apps to quit in order to free more memory. That’s why sometimes when you relaunch Safari, it remembers the URLs, but has to reload the content for all of your open web pages — that’s what happens when Safari is asked to quit while it’s running in the background....
I hope the next iteration gives us at least 256MB of RAM. It seems Safari always has to reload my pages. I don't know why...

Saturday, October 04, 2008

Reconsidering Google: life without customer service

We have a lot of our personal data invested in Google.

Gigabytes of email. Gigabytes of photos. Thousands of blog postings. Six Google Apps domains, including our family domain and Minnesota Special Hockey. Maps. Googe group posts. Google Notebook items. The Family Calendar. Contacts.

A lot of stuff. Stuff tied to a single user name and password.

With no customer service ..
Digital Domain - Can’t Open Your E-Mailbox? Good Luck - NYTimes.com

... If you’re a Gmail user, what you’ll want to do after a few more unsuccessful, increasingly frantic attempts is to speak with a Google customer support representative, post haste. But that’s not an option. Google doesn’t offer a toll-free number and a live person to resolve the ordinary user’s problems.

Discussion forums abound with tales of woe from Gmail customers who have found themselves locked out of their account for days or even weeks. They were innocent victims of security measures, which automatically suspend access if someone tries unsuccessfully to log on repeatedly to an account. The customers express frustration that they can’t speak with anyone at Google after filling out the company’s online forms and waiting in vain for Google to restore access to their accounts.

Tom Lynch, a software entrepreneur who lives near Austin, Tex., discovered early last month that he had been locked out of both Gmail accounts he used; he had no idea why. He received boilerplate instructions for recovering his accounts that did not apply to his particular circumstances, which included his failing to maintain a non-Gmail e-mail account as a back-up. He said it took him four weeks, including the use of a business directory and talking with anyone he could find at Google, before he succeeded in having service restored....

... Google does provide phone support to Gmail customers who subscribe to Google Apps Premier Edition, which costs $50 annually and includes larger storage quotas and other benefits. Customers who use the advertising-supported version of Gmail, however, must rely solely on what Google calls “self-service online support.”...

... Last month, with cases like Mr. Lynch’s in mind, I contacted Google to see what the company had to say about my suggestion that it add phone support for its customers with account-related problems. The company returned with a debate team of three to argue the negative position: Matthew Glotzbach, who works with Google’s business customers; Roy Gilbert, who handles consumers; and Greg Badros, who is an engineering director.

Mr. Glotzbach began by saying that “one-to-one support isn’t always the best answer” because it would take Google too long to collect lots of data about a problem that is affecting many users simultaneously.

For systemic problems, data collection is important. But not for other categories. Account recovery could be slow for a locked-out customer who doesn’t have a backup e-mail account, and who declined to provide a security question and answer because of concerns that someone else could use it to get in (which is what someone did to Gov. Sarah Palin’s Yahoo Mail account).

Mr. Badros argued that Google asks so little personal information of a new Gmail customer that it’s hard to determine identity when the genuine user and the impostor both present themselves to claim the account, and neither can produce the verification. He said more information could be asked of users when they sign up, but the inconvenience would dissuade them from trying the service.

Mr. Gilbert added that proving identity with only minimal information is a problem, whatever form of communication is used to reach customer support. He said, “Even if they were standing right in front of us, it wouldn’t help.”

THIS makes sorting out competing claims seem permanently hopeless, when, of course, this is not the case; it simply means that standard security questions will not suffice. But if Google were to use real people to sort out identity problems over the phone, the only remaining consideration would be the one that Google’s panel of experts didn’t mention in our talk: cost.

Google says it has “tens of millions” of Gmail customers. (It declines to be more specific.) If it’s willing to consider phone support for account-access emergencies, it can take heart in the example of Netflix, which last year adopted phone support with enthusiasm, replacing online support completely. For all customers. For all problems. And without resorting to an offshore call center.

It turns out that a staff of 375 customer service representatives are enough to handle calls from Netflix’s 8.4 million customers, answering most calls within a minute. Netflix says with justifiable pride that it has received the top ratings in online retail customer satisfaction by both Nielsen Online and ForeSee Results....
I pay Google for extra storage for my Gmail and Picasa Web Album accounts, but that still doesn't get me any customer service.

As noted above there is customer service associated with upgraded Google App accounts, but the price is $50/user/year. So $200 for our family. The commercial Google Apps accounts are really aimed at corporations; they aren't a reasonable solution for families.

We do get free Google Apps Educational/Non-Profit service for our Minnesota Special Hockey site (free upgrade for non-profits). I can confirm the email response is very fast. You get corporate-grade support.

I don't believe the line in the article about "no falsely recovered accounts". The world doesn't work that way. There are no perfect tests. If Google really hasn't had any "falsely recovered accounts" that means they have shut out thousands of legitimate account owners.

On the other hand, kudos to this journalist for noting that anyone who fears losing their account won't use Google's obscenely inane security question, but if you don't answer the question then you have no hope of account recovery. (I've gone to my Gmail account and answered the question with a password-like string I now store with in my backed-up password database.)

Google should offer a support service with enhanced user authentication procedures for a fee of $25 a year, and bundle it with an extra 5-10GB of storage.

If they don't do that, I'm going to have to reevaluate my Google relationship.

Update: I reviewed https://www.google.com/accounts/EditUserInfo after reading this story.

Google has added a lot of new features to the Google Account information since I created my account years ago. I changed the security question to "what is your secondary google password?" and gave it a 50 character grc.com generated random hex string.

I then added additional email addresses that I control through my DreamHost domain and completed all the "optional" identity related questions. These email addresses are distinct from whatever extra email addresses may have been defined in Gmail settings. These addresses are associated directly with the Google account. They may act like a kind of merged identity.

I use unique passwords on the two external services. One is outside of Google completely, the other is in a distinct Google Apps account. So for now I feel a bit better. I appreciate the warning!