Saturday, April 24, 2010

Social wrestling: Google Reader, Twitterfeed, Blogger and Facebook

I might be close to a use for Twitter, bringing Google Reader closer to what Buzz should have been, and distancing Facebook.

The most important of these is distancing Facebook. For the past year I've been reluctantly using Facebook. Why reluctant? It's not distrust. I trust Facebook completely. I trust Facebook to lock in my data, and to exploit any information I provide. So while I like some of the things FB gives me, I want to keep it at a good distance. I want to be able to leave at any time, and I don't want to entangle friends in FB's world.

My latest solution is to combine blogger with the misnamed twitterfeed social network routing service. Twitterfeed consumes feeds, and generates output updates to (currently) Facebook, Twitter, Ping.fm (a rival actually), Loconica/Status.net and Hellotxt (another rival). Unlike rivals I've looked at before (Ping.fm), twitterfeed understands and implements Oauth and OpenID. Twitterfeed doesn't Fail by storing my credentials.

Oauth and OpenID are imperfect, but just right for this task. Now the equivalent of my Facebook Profile page is a special purpose Blogger page. I own the blog, I own the posts -- Google Data Freedom means I can even move the blog. That's where I post stories I want to remember, and where I post about albums I've put on Picasa web albums (or anywhere else). Twitterfeed consumes the RSS (Atom, technically) freed from my blogger "Profile" page and creates posts to Facebook with a shortened URL. It could also create posts to Twitter from the same source. (I used to do similar things with the uber-geek-cool Yahoo Pipes, but they have been shut out of FB and seem to be waiting for an acquisition.)

Twitterfeed does all this with modern authentication protocols - I never gave 'em a password. I write my posts using blogger tools and the updates show up, about 30 minutes later, in Facebook (no pubsubhubbub or even ping support yet - hence the delay). They come out pretty well in FB.

In a related experiment I'm using twitterfeed and my little used twitter account to create prefix-tagged tweets from my Google Reader Shared Items. So far I'm just experimenting, but I might find something useful there. (Back when it worked, I used to share the Reader Share feed with Facebook -- see the long list of post refs below for other permutations).

This approach looks promising, but of course Facebook may break it at any time and, sooner or later, Twitterfeed will either run out of money or become part of Google or Twitter. In the meantime I continue to wait for Google to publish a GR Share API (maybe as a special case of a Buzz API, though I fear Google's tweet to Buzz feature will forestall this). Then someone is sure to make it possible to tweet to Google Reader notes.

More to come I'm sure ...


Update: The Twitter feed of shares doesn't really fly. It chops off my annotations, and the link, of course, goes to the unannotated original.

Update 10/26/10: I switch to using Feedburner to do tweet my reader shared items.


See also other stuff:
my stuff:
at 2 comments:
Labels: , , , , ,

Thursday, April 22, 2010

Typing tutorial software for OS X (Mac) – oddly confusing (and web alternative!)

[See update. This functionality has largely migrated to Flash apps on the web, like the BBC's Dance Mat Typing.]

I thought it would be easy to choose OS X based typing tutor software for our kids. The more I looked though, the weirder things got. I found a plethora of “Mavis Beacon” tutorial software from different vendors. Turns out it’s all related to the late 20th century collapse of the American empire (seriously).

The leading typing package for the past twenty years (really) is, and has been, “Mavis Beacon”. Today, on Amazon, you will find three different versions sold for OS X:

The Apple store also sells MacKiev – Mavis Bacon Teaches Typing 2009 Deluxe Edition for $40.

As far as I can tell the MacKiev product is the only Mavis Beacon version that actually works on OS X. The others just sort of flail about. The working Mavis Beacon app is, you will note, twice the cost of the current Encore version.

Amazon also sells Typing Instructor Platinum “for Mac OS X Intel” but the limited number of Mac reviews are very negative.

In the shareware side we find a few programs still being updated. Some of them have very crude UIs – probably Java apps.

My current conclusion is that that you should either buy Mavis Beacon/MacKiev for $40 or try out some of the < $14 shareware options (free is good too).

[1] The product description is confusing, but you can see the product name on the pictured box.

[2] MacKiev has a real web site. This Ukrainian company now sells Print Shop, World Book and Kid Pix. I wonder if they’re buying up old decrepit Mac titles and refurbishing them. If so, that’s an interesting business model.

Update: I looked at the lower cost and shareware apps and decided they wouldn't work for our needs. I'll probably buy Mavis Beacon the next time I have an Amazon order or I drop by an Apple store. There's an update on the MacKiev site you should install.

Update 4/25/2010: If you can live with Flash the BBC has an app for teaching typing (thanks Andrew). In retrospect I erred in my searches by searching on "OS X" and "typing tutor". It should have occurred to me that this type of service is a natural for migration to the web. A search on "typing tutor web" finds a lot of solutions, including "typingweb". Strangely, the BBC's Dance Mat typing doesn't show up until the bottom of page 4 in Google -- which in search terms is the nether world. There's some evil search optimization going on here.

Update 4/30/2010: The BBC app isn't bad for free, but I want my kids to learn. That Flash app pales next to a well done desktop product. So we bought the $40 MacKiev Mavis Beacon product.

at 4 comments:
Labels: ,

Wednesday, April 21, 2010

Google sites: assign a public page to the www.domainname.com url

Once upon a time our eNom managed family domain Google Apps included an html wysiwyg editor called "Page Creator". Page Creator was bare bones, but flexible. Later, after many fits and starts and delays and bugs and a presumably painful acquisition, Google retired Pages and substituted "Sites".

Pages were forcibly migrated into the Sites framework, often appearing within a new "www" "subsite". The transition scrambled some web sites. It was a good lesson in how far one can trust the Cloud.

That was months ago, and I thought I was done with the migration, but I ran into some delayed fallout today. Here's how I sorted it out.

To begin with, I wanted www.faughnanlagace.com to point to the original Page Creator "start" page that was now a sites page. This is intended to be a public page that orients my "clients" (Emily, kids, etc) to the domain services. It replaces the awful "start" page Google provides.

I managed this in 3 steps:

  1. First I logged into the domain dashboard and via 'Advanced DNS Settings' I signed into the DNS console and reviewed the eNom domain settings. As expected the www CNAME directs to ghs.google.com. I left that alone.
  2. I then reviewed the Dashboard Sites controls. I didn't want the Sites view to own "www" so I changed the sites URL to sites.faughnanlagace.com. (There ought to be a standard way to make a subsite "landing" page the default page for all sites, but I couldn't find this in Google's awkward Sites options. I did see where you can specify which subsite page should be the landing page for the subsite.)
  3. Lastly I went to the Dashboard Sites control web address mapping. That's where I found the Pages migration bug. The www.faughnanlagace.com "location" was mapped to my old, nonexistent, Page Creator URL. I removed that. Then I mapped the name of the subsite I was interested in to www.faughnanlagace.com. (Confusingly the subsite I wanted to use is titled "www". That is a Pages to Sites migration artifact, it could have been anything.)
It takes an hour or so for Google DNS to recognize these changes, but OpenDNS picked it up in about a half hour.

Note that there's a glitch that can be very confusing. When you use "www" as the "Sites URL", you can't map it to one of your subsites (and thus to the default "landing" page for that subsite). That makes sense; but there's a bug. Even if change the "Sites URL" back to the sites.faughnanlagace.com you will still see a warning on the web address mapping page saying your can't use www.faughnanlagace.com as the URL. This is incorrect; you can. Eventually that warning goes away.
at No comments:
Labels: ,

Google multi-calendar CalDAV - did it change recently?

There are two ways to sync an iPhone calendar to Google calendar.

The best method is using ActiveSync (exchange server standard). This lets you edit appointments with invitations and it lets you add invitations. You can sync multiple calendars, but you need to configure this through a fairly obscure mobile-only web page (there's support for both Google standard and Google Apps calendars).

The next best option is to use CalDAV. With iPhone OS 3 you need to do this if you use ActiveSync for another account (such as your corporate calendar). CalDAV works pretty well, but you can't edit items that have guests (this hurts, might be a Google bug) and you can't invite people.

Here's where it gets weird. I feel I used to be able to select which CalDAV calendars to use from my iPhone. Maybe that was in an alternate universe, because it doesn't work now. You have to use another obscure web page, but at least this one is not mobile specific.

Incidentally, there's yet another way to configure iPhone CalDAV support -- use Apple's iPhone Configuration Utility. It apparently works at home as well as in a corporate settings.

--
My Google Reader Shared items (feed)
at No comments:
Labels: , , ,

Sunday, April 18, 2010

Joys of a modern router

[In a dysfunctional cognitive state I originally titled this "Joys of an all mac network". See comments for my mea culpa]

It's been a while since I've run Gibson Research's free security testing tool ...
GRC ShieldsUP! — Internet Vulnerability Profiling

... Shields UP! is now attempting to contact the Hidden Internet Server within your PC...

Preliminary Internet connection refused!

This is extremely favorable for your system's overall Windows File and Printer Sharing security. Most Windows systems, with the Network Neighborhood installed, hold the NetBIOS port 139 wide open to solicit connections from all passing traffic. Either this system has closed this usually-open port, or some equipment or software such as a 'firewall' is preventing external connection and has firmly closed the dangerous port 139 to all passersby.

Unable to connect with NetBIOS to your computer.

All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet...
It's a nice service, but with most modern routers the default configuration is pretty secure. In my case I have two - a Qwest DSL modem/router and an Airport.
at 2 comments:
Labels:

OS X Parental Controls: The https bug and our family Google Apps services

OS X has a longstanding bug with parental controls and https connections. In my home with a 10.5 machine I need to use https for Parental Controlled Wikipedia, but other times it doesn't work.

Even things that do work can stop. My son has open access to a tightly locked account. I wanted that access to include his email (hosted on our family domain Google App services - now managed via Dreamhost) so I put our family domain on the allowed list. About two weeks ago it stopped working; I got the inane Apple "couldn’t establish a secure connection to the server" error message.

I'd run into Apple Parental Control's notorious https minefield. Consider this discussion thread that began in 2005 and is still alive in 2010!
Apple - Support - Discussions - Secure Connections and Parental Controls ...

... I have Parental Controls turned on....

The problem that I'm experiencing is that when I try to connect to some secure sites, sometimes Safari complains:

Safari can’t open the page '...' because it couldn’t establish a secure connection to the server “...”."
In 2009 "Mango Buzz" commented ...
... I finally got a fix that seems to work, however, it may be cumbersome. It involves finding the IP address of the websites you are wanting to add...

... I added both the web address with the prefix http and https for both the domain name and the ip address. So far this has worked.
Matt Wagner had some interesting background in 5/09, though he's wrong about the fix. Adding https sites to the allowed list doesn't always work ...
According to http://support.apple.com/kb/HT2900 , the problem that we have been experiencing is by design. Secured connections are encrypted (obviously). This means that the contents of the website are unreadable by the content filter. Because of this, Apple decided to block all connections to secured connections. Just like zuciello explained above, the only way around this problem is to add secured sites that you do not want blocked to the list of allowed sites.
In Aug 2009 biovizier suggested something odd enough to be credible ...
.."I've got a user that is managed, but allowed unrestricted access to web and applications.[...]If access is unrestricted, the parental controls should not interfere with web communication at all."...

When "parental controls" are enabled, whether web restrictions are in place or not, it somewhat stupidly by default enables logging for internet traffic, passing requests through an internal proxy server to do so. It is at this stage that secure connections are being interfered with.

In your situation, since you don't appear to be interested in restricting web use, just turn the logging off as a workaround, eg.

/usr/bin/sudo /usr/bin/dscl . -mcxset /users/username com.apple.familycontrols.logging web always -bool false

Enter the command using "/Applications" > "Utilities" > "Terminal.app" while logged in to an "admin" account, substituting the managed users "short name" where it says "username".
In March of 2010 Sidney San Martin contributed a monster post ...
We ran into this problem, and a wonderfully helpful Apple technician dug up a solution brought down from engineering ... The problem is that https, by design, keeps the hostname you're trying to access (apple.com, mail.google.com, etc.) secret. The computer can't determine directly whether the connection should be allowed. It does know the IP address, and performs a reverse lookup on that IP address get the hostname it checks against your list of allowed sites.

So, the solution is to add as an allowed site the hostname associated with the IP address. It's not too difficult, but does require that you dive into the Terminal.

As an example, let's try to allow access to the Apple store. Start with the hostname you know: store.apple.com. Head into Terminal, and type:

host store.apple.com

You should get back something like this:

store.apple.com is an alias for store.apple.com.akadns.net.
store.apple.com.akadns.net has address 17.251.201.32
store.x.com.akadns.net mail is handled by 10 cbox-ember01.apple.com.
store.apple.com.akadns.net mail is handled by 10 cbox-ember02.apple.com.
store.apple.com.akadns.net mail is handled by 10 cbox-ember03.apple.com.

You can ignore everything except the address line. Now we know that the Apple Store's IP address is 17.251.201.32. Let's use host again:

host 17.251.201.32

Which returns

32.201.251.17.in-addr.arpa domain name pointer cup-store.apple.com.

Which is the information that we're looking for. The reverse DNS name of the Apple Store's only IP address is cup-store.apple.com. You can add this to allowed sites, or just add apple.com.

Head back over to the store page, reload, and see if everything's loading. You can use the Activity window (in the Window menu) to see what is and isn't loading successfully on the page. In some cases, you may find content that's not loaded from the same domain — in this case, static content like images is coming from a248.e.akamai.net. You can follow the same steps to find the reverse DNS names of these other domains.

If a domain resolves to multiple IP addresses, check a few of them. If you're lucky, they'll all point to the same or similar domains, and you can just add the second level domain to allowed sites. If you're not, they may not have reverse DNS records at all, and you'll get a response like this:

Host 153.234.138.207.in-addr.arpa. not found: 3(NXDOMAIN)

In this case, you may have to add all of the IP addresses individually to allowed sites.

If you're having trouble with this method of finding reverse DNS, try to load a problematic site and check the Parental Controls logs. The site should show up under Websites Blocked. Open one of the history entries in a browser. It should just show up as a hostname or IP address, with nothing after the slash. That's the address you need to add

Finally, if you just want to allow access to GMail, I did the work for you: most of Google's IP addresses resolve to a .1e100.net address. If you add google.com and 1e100.net to allowed sites (Google has lots of IPs, it's not worth trying to add them individually), you should be all set.
I tried several of the above fixes (but not disabling logging - I need logging) and more, but I had no luck [1]. Note that I wasn't trying to provide access to google.com or gmail.com -- just family domain Google Apps.

I did finally get something working. I had to ...
  1. Switch from OpenDNS to Google DNS.
  2. As per San Martin add google.com and 1e100.net to the list of approved sites.
  3. Instead of using the URL "mail.myfamilydomain.com" I had to use https://mail.google.com/a/myfamilydomain/#inbox .
I would have preferred not to enable access on this account to www.google.com, but I really did need to have google.com as an authorized site.

I didn't used to have to do all this, so it feels like Google and/or OpenDNS or both of them changes something about two weeks ago.

[1] It's so incredibly tedious. You have to log out of the account, make changes from an admin account, log in again, etc. It saves a bit of time if you remotely manage the parental control prefs rather than use a local admin account. If you look at blocked sites in the logs you can get a clue what's going on and you can right click on blocked sites to enable them. When doing remote admin you need to force a write of your changes by switching tabs - I keep forgetting to do that.

Update:
  • A series of Google discussions in 10/2009 suggested adding the Google.com IP address to the permitted site list: https://74.125.45.100. I believe this is the "secret sauce".
  • Another user was dealing with "try to block adult content automatically" problem of all https being blocked. They used a pattern template in permitted sites: [https://*.*.gmail.*.*]. I am skeptical that this adds anything.
Update 5/5/10:
  • From a google help forum Jawl's Dad wrote: I opened a terminal ... and typed the command host mail.google.com. The first four addresses [see San Martin, above] I added to the 'Allowed sites' with https://a.b.c.d and it works fine now....
Ahh, yes. The Host file. Slowly the memories return. I used to edit host files back when we had to make our own electricity. I'd forgotten about using it to block domains, but that method goes back to the very dawn of the net. It was once used to block advertisers, but I think they got around that. Note that editing the Host file impacts ALL users on a machine, and you may need to worry about permission related side effects.

Searching on Parental Controls and "Host file" brought me a few references.
Update 6/9/10: After a bitter battle, and a review of 3rd party parental control solutions that suggested this was a dying market, I again restored https access to google. So I had to walk through the above post.

I can't say it's the only thing one has to do, but the addition of https://74.125.45.100 to the Parental Controls whitelist did the trick. It resolves, by the way, to a beta trial of encrypted search services. I need to enable this google.com access even when my son is using our Google Apps site -- the authentication step requires an https Google.com connection.

Update 2/7/11: I gave up on using Google web tools. Not at all family friendly. Did come across a tip to add to this thread ...

One more step is required: after adding https://74.125.45.100  which actually only took me to the google home page (though Parental Controls still restrict any browsing from there) THEN ALSO ADD https://mail.google.com/mail - so the combination of the two additions in the allowed websites does the trick - then when attempting to access Gmail go to gmail.com and the Gmail homepage opens
See also:
--
My Google Reader Shared items (feed)
at 7 comments:
Labels: , , , , ,

Sunday, April 11, 2010

Integrating game consoles, computers: go RCA cable

I love the 70 year old RCA connector.

It was the perfect invention, but the internet does not know who the inventor was. Those were the days when "RCA" was as Apple is now, but companies got credit rather than people. (RCA died in 1986, the name is just a trademark now.)

I renewed my RCA connector appreciation when I decided to move the kids Wii console from the basement to the family room. Downstairs we plugged the Wii into my 1986 stereo receiver, but upstairs we didn't have anything. Somewhat impulsively [1], I bought a Logitech z313 computer stereo to share between the iMac and the Wii.

Since my sound system knowledge ended in 1976 this "sharing" took a bit of figuring. There's no "receiver" to manage the different audio sources; the amplifier function is built into the computer speakers. There's also some mystery about how to connect things; my iMac and the z313 use 3.5 mm stereo connectors, the Wii uses RCA.

The answer is to covert the 3.5 mm connections to RCA, then use a simple RCA A/V switch. Instead of pushing buttons on a complex receiver you need to use a much simpler analog AV switch (I'm not sure this is progress actually).

A prior post reviews the cable connections. You use some mixture of "Y" RCA stereo cables with either male or female 3.5 mm plugs (and an optional 3.5 mm plug join) to convert the 3.5 mm stuff to a nice RCA connector standard.

For a switch you can use something like the RCA VH911 Video Switch Box or the SONY Game and Video Selector (#1 in "selector boxes" - see[2]).

Once you know the above, the rest is easy.

See alo:
[1] I violated Gordon's Laws of acquisition. I could have made this work with a battery powered speaker I already own. I did penance by reorganizing the computer area, donating several items, and tossing more things out. The Logitech sounds much better than I'd expected; for this result I should have paid more to get something that might last longer. It's much better sound that what my old stereo produces at reasonable volumes.

[2] Amazon doesn't have a consistent classification (ontology) for these devices. If you start with this list the "what do customers buy" section should provide good coverage:
at No comments:
Labels:
Subscribe to: Posts (Atom)