Online backup – the security problem (it’s not the encryption)

Here’s how you lose everything.

First, someone gets control of your email account. It might be a security vulnerability, or a password attack (note: “tigger”, “angel” and “soccer” are not wise choices), or a password reset, or an inside job.

They then sell your email to someone who takes a look, and finds a backup report from, say, CrashPlan. They then reset your CrashPlan password:

Please submit your email address. Afterward you will receive an email with a link that will reset your password and securely display the new password to you. The provided link will only work for one hour.

Now they have access to everything you’ve backed up.

CrashPlan talks about their 128-bit Blowfish encryption (standard) or 448-bit CrashPlan+ encryption and how robust that is. As Schneier used to point out before he was overwhelmed by the boredom of it, this is rather besides the point. Their use of the industry standard “password reset by email” process means they’ve built a solid steel door on a house made of rice paper.

It’s not just CrashPlan of course. Google is little better. This reset problem is just one aspect of how broken passwords are (don’t get me started on “security questions”. Please.)

CrashPlan also offers a “data password” that encrypts at the client side. So even if someone gets control of your online backup they can’t actually do anything with the data.

Except … Well, CrashPlan’s FAQ dodges around this, but since the encryption is client side they can’t make any changes to whatever you’ve already backed up. So if you want to add, or change, your data password you have to wipe your online backup and start over. If you change it, but don’t start over, you better keep your old and new password since data may be encrypted with one or the other. In my home a full family CrashPlan offline backup takes about 4 weeks, so this is not a trivial change.

Note that I’m using CrashPlan as my example here because they’re the best in the offline consumer backup business, and they are the only offline backup plan I’ve considered. They just have the usual problem with their password reset procedure.

How could CrashPlan make the best of a bad situation? Well, in the unlikely event that they read this, they can research higher quality reset procedures (not #$!$!$ security questions). Those reset procedures often involve two factor authentication procedures, such as the procedure myOpenID almost got right. They involve more expense, so it would be reasonable to for CrashPlan to charge extra for a higher quality security service. They really don’t need more encryption, they need better reset controls.

In the meanwhile this problem has tipped me away, for now, from using offline backup. I’ll continue to rely on physical drive rotation for offline security and I may make use of CrashPlan’s (free, unfortunately – I distrust the longevity of free things) ‘backup to friend plan.

Update 2/4/10: For more on CrashPlan.

Update 5/17/10: Matthew Dornquast of ChrashPlan replies in comments.

EXIF orientation tag bug returns in Snow Leopard - sideways pictures

Almost five years ago Image Capture would corrupt the EXIF image orientation tag on import:

Gordon's Tech: Image Capture Rotate per EXIF iPhoto 5 = Nasty problems

Image Capture has had a bug for several years -- with my Canon camera it duplicates the EXIF orientation tag when it auto-rotates on import. This confuses iPhoto 5.04 -- iPhoto re-rotates portrait images a second time (interestingly the thumb nail is upright) and so the image ends up rotated 180 degrees. I was sure this bug must have been fixed in Tiger. Wrong."

The problem went away with 10.5, but it's back in some form with Snow Leopard. The slide show shows some of my old images sideways. This didn't happen in Leopard.

--
My Google Reader Shared items (feed)

The Blogger in Draft line spacing bug - illustrated

In a kind rebuttal of my claim that Blogger is troubled, Rick Klau, a Google Product Manager, wrote:

… There is a new text editor available on www.blogger.com (available under settings) which is the default on Blogger in Draft. It significantly improves the authoring interface, addresses a number of the issues you referred to, and opens up a number of integration opportunities for us with other Google properties - we're doing QA on the next batch of integrations right now…

When I described the longstanding troubles I’ve had with the Blogger in Draft rich text editor Rick responded;

… Odd to hear about formatting problems with Draft's editor - it's pretty rock solid. Please ping me with any indications of what you're seeing - that's almost certainly a bug that we'll want to fix if it persist…

So I’m pleased to say I have a good example of the bug. I believe it’s related to the old CR/LF, CR, LF problems in DOS/Windows, MacOS and Unix – augmented by the transition to the unicode standard. (I’ve read recently that all of Google’s new tools require translation to unicode).

Here’s a recent post of mine, authored using Windows Live Writer (Windows only) as it renders in Chrome 4.0.249.78 after posting (it shows the same way in WLW):

Here’s how it looks in Blogger Classic using Chrome:

And here is how it renders in Blogger In Draft using Chrome:

Yes, the line spacing is wrecked. From past experience, this is messy to fix up. When you fix the line spacing here, it comes out double-spaced on publishing.

I’ll point Rick to this post. Hope it helps!

Update 1/29/10: Based on Rick's comment below, Google is looking into this one.

Update 2/1/2010: There's a similar bug with Safari on OS X. When you quote a block of text everything double spaces.

Update 3/10/2010: I just had blogger in draft completely screw up a post composed 100% in Chrome on XP. It's far from ready.

Fixing off-screen XP windows in the big display world

This is an ancient tip, probably well known to many, but I’ve had to rediscover it a few times.

Big monitors break the display model used by XP apps. I presume this was fixed in Windows 7 and I don’t think it was ever broken in OS X, but I run into it quite a bit. The usual symptom is that I’ve moved my laptop between displays, especially big displays like my 27” i5 iMac (used with my Dell laptop as a display), and app windows are partly off-screen. In particular, the control surfaces (top bar, bottom bar) may be inaccessible, so I can’t resize or move the window.

All kinds of apps are prone to this, including Office 2007.

I’m sure there’s a utility to fix this [1], but there are two things that usually work for me:

• If the app supports multiple windows (Office 2007), then open another window. Then, right click the app name the Taskbar and choose “tile”. This brings all the windows into view. (Note that you need more than one app window before you can tile.)
• Change the display resolution transiently to 1024x768. The open windows usually move back into the screen. Resize them, then change back.

[1] Long ago there were many sources for good XP utilities like this. Now those sources seem to have been swamped by spam sites, and the security risks are very high. These utility distribution sites never had much of a business model unfortunately. It’s interesting to compare this to the Apple App Store distribution model.

The Google Voice web app on my iPhone

It's not a true substitute for the iPhone app that Apple killed at the start of the Google-Apple wars, or even for the third party GV apps we've lost, but it's a long delayed good replacement for the initial GV web app (see also):

Google Voice Blog: Google Voice for iPhone and Palm WebOS

Today we are launching a new Google Voice mobile web app for iPhone OS 3.0 and higher and Palm Web OS devices, harnessing the power of HTML5...

In addition to letting you access a streamlined version of your Google Voice inbox, the new web app also lets you display your Google Voice number as the outbound caller ID (so return calls come back to your Google Voice number), send and receive text messages for free, and place international calls at Google Voice's low rates.

To get started, visit m.google.com/voice in your mobile browser. For quick access, don't forget to create a shortcut to this URL on your home screen or Palm Launcher...

There are many limitations of this web app, such as:

1. startup lag: I hope it's less laggy than the current web app, but still can have long delays compared to a phone app.
2. authentication: The web apps don't store my google credentials. Every couple of weeks Google makes me re-enter them -- typically while I'm very busy doing something else. This sucks. My Google password is not trivial to enter.
3. I'm not sure whether displaying my GV number as outbound caller ID is a feature or a bug. I think it's a feature. The way the phone makes calls differs from the old web app.
4. no call or SMS notifications: You can't really use this for incoming calls or SMS because there's no notification function if the web app isn't running. This isn't so bad for me since I don't use GV this way, but I might use the number more if I could receive incoming calls! I'd love to use it for SMS and get rid of my SMS bill!
5. no integration with phone contacts. There's also no way I can see to edit my Google contacts information on the phone.
6. you can't specify which start screen to use
7. The configuration UI for "caller ID" is unclear whether this is for outbound or inbound calls.

The good news is

1. In many operations it feels a lot faster than the previous web app.
2. If you view a contact and save the web page shortcut to the phone screen you get a quick way to call that person, saving several screen refreshes.
3. There might be a way to use this to reduce my SMS costs. I'll report back on this.

It's enough of an improvement that I may have to go back and look again at a way to integrate my Google Contacts with iPhone/OS X Address Book.

See also:

• Calling from Montreal to St. Paul using Google Voice
• Google GrandCentral (Voice) has been saving me $80 a month
• No Google Voice for iPhone? AT&T’s deal with the Devil …
• The Apple-Google War: The Battle of Google Voice
• iPhone trouble: Apple rejects Google Latitude, possibly Google Voice
• My Google Voice experience: mobile interface a bit raw
• The (historic) Battle of Google Voice - Enter the FCC
• Project Contacts: Integration across iPhone, Google and whatever
• Project Contacts: Now mixing Outlook/Exchange, PST file, Outlook/Home, MobileMe Sync, OS X Address Book and the iPhone
• Project Contacts: iPhone 3.0 means I hack away at Google Contacts, and discover another rough spot

Update 1/26/10: Uh-oh. I'm getting SMS notifications on my phone for every SMS message sent to Google Voice -- and I pay 20 cents apiece for those!! No, it's SMS notifications for voice mails, even though I had that disabled in my Google Voice settings. It's a bug, but probably not new. There's no way to report this bug to Google, their support service problem classification doesn't include "other" and this isn't one they've classified.
--
My Google Reader Shared items (feed)

iMac G5 capacitor repairs - via Macintouch

I recently reworked our home network, and our almost- 5 yo G5 iMac is doing quite a nice job as the (yech) Parental Controlled homework/learning workstation. The transition has been educational for me as well, my kids taught me that educational videos will play quite well if one is careful to close CPU-sucking pages running (ugh) Flash animations.

During the transition I had to reset the SMU to deal with one of many causes of the G5 non-stop fan problem (CPU sure was cool though - 60 C). I also popped the case to blow massive amount of dust off the fan and vent. I love the user-serviceable plastic case design; it was a high point of Apple customer-friendliness.

When I popped the case I checked the capacitors. In one of the many sordid bits of Apple hardware history they shipped a bazillion iMacs with flawed capacitors. Many of those failed under warranty, but Macintouch tells us they continue to die over time. A lot of iMac buyers lost some loot there. (I wonder if the iMac's original fan/heat problems contributed to this.)

I just checked mine and I didn't see any bulging, but it's worth noting that there's now a small G5 iMac capacitor repair/replacement industry ...

Macintouch - iMac G5

... Late last year one of the other guys at work started repairing iMacs on the side, replacing the swollen caps. He gave me a full set (since I had given him the idea in the first place when mine failed, I think) and said "give it a try" with a few pointers. I replaced all the caps over a weekend and now I have a fully functional iMac G5 in my workshop to replace the 8500 and 7300 that were there... Check around locally for smaller tech shops. In South East Wisconsin, MacCetera does the repair for a flat rate of $200 + tax, including parts.

... My iMac G5 suffered a swollen-capacitor death two years ago. Once they were replaced it has been running smoothly 24/7 as a database/Web server and Skype phone.

... The owner of www.badcaps.net performs motherboard capacitor replacements on G5s. It'll run you less than $75 for a premium capacitor rework.It's worth checking out the site if you're considering getting a 3rd party to perform this repair. They also have a knowledgeable tech forum that has discussed many G5 hardware issues.

See also*:

• iMac G5 fan noise: another cause (before Apple's software fix worked)
• iMac G5: fans running more often
• Bad fan design is the bane of the iMac G5 and Silencing the G5 whine: I think this was fixed by my version - iMac G5 rev 2: a lot cooler?
• Fix for 10.4.3 fan problems: unplug and restart and resetting the SMU (PMU?)
• iMac heating problems and the curse of the Canon printer driver and (one of my most popular posts) My MacBook fan was roaring. Why? - evil OS X drivers.

* When I do these reviews of old posts, it strikes me that before the wonders of Google Custom Search I tended to discover and forget things -- and I was younger then!

Update 12/18/2011: "Cordwainer" (Karen Cotton) has written an extensive comment on the story of the capacitor failure. Worth a read. I still use that G5, and the capacitors still work.

Parental Controls - Remote Access and other tips

I've just had another go at configuring OS X "Parental Controls". I'm doing this in 10.5, but I don't think 10.6 is much better.

I sometimes wonder why OS X "Parental Controls" are so buggy, awkward, limited, and altogether miserable. They weren't so bad in MacOS 10.9 -- before Jobs returned.

I think that's the clue. I didn't used to think so, but I've come to believe that Apple is Jobs. Evidently Jobs, a notoriously rebellious teenager, believes Parental Controls are a bad idea. So he's sabotaged them.

From the latest ordeal I've three new tips:

1. On editing content - site lists

• In Safari with 10.5 it seems as though, when logged it as a managed user, you can open bookmarks (requires admin pw) and drag and drop links to the Safari Bookmark list to your hearts content. A very efficient way, one might think, to add approved sites. Except it's misleading. When you quit Safari and resume you're back to the set you approved in the Parental Controls Preference Pane. So ...
• There are only two ways to add web sites to the approved list. You can add then in the Parental Controls Preference Pane, or in the managed account, you can add them one at a time, each requiring an Admin password, to the Bookmarks Bar.
• You can drag and drop links and Location bar URLs to the Parental Controls Preference Pane and you can drag and drop to reorganize there. This is a big time saver. I guess someone slipped that one by Jobs.

2. remote monitoring and control from another computer

It's barely noted anywhere, but you can do remote monitoring and control from another computer. This is from the 10.5 Help file:

From OS X Help for 10.5:

If you have a computer on your local network that is managed by parental controls, you can change the settings in the Parental Controls preferences and monitor the user activity remotely.

The trick is to enable remote management in the gear drop down. Look hard, it's below the list of users.

Then, from your remote machine:

In the Finder, choose Go > Connect To Server, and then click Browse.

Select the other computer in from the list of computers on your network and enter the administrator name and password for the remote computer.

In the Finder, choose Apple menu > System Preferences, and click Parental Controls...

... In the Accounts list, in the Other Computers section, select the remote user account you want to change.

Enter the administrator name and password of the remote computer.

3. Adding sites - only the domain matters

I thought I could get finer grained control by adding links to subsites (ex. www.google.com/mail), but that doesn't work. Only the domain seems to matter (though I'm not totally sure about this).

See also:

• Gordon's Tech: Parental Controls - The wikipedia problem solved
• Gordon's Notes: Parental controls - not an Apple thing (2007 - 10.4)
• OS X parental controls logs still broken in 10.5.7
• Can't select Jabber or Google Talk for iChat? Parental Controls conflict
• Gordon's Notes: The software Apple can't do (2009)
• LEGO Digital Designer conflicts with Parental Controls

Update 5/15/10: If this is true, I can't blame Apple's parental control failures on Steve Jobs disinterest.