iPhone silent in VoiceOver mode

My iPhone was silent in VoiceOver mode. I couldn't figure out the problem. The UI behaved as expected, and I could record and play back over the speaker, but when I tapped on a word nothing happened.

VoiceOver wasn't working.

I thought my phone was in silent mode, or that the volume was too low. It wasn't in silent mode thought, and pushing the volume up set the ringer to max. Still no VoiceOver though.

The trick was to try playing something on iPod.app. No sound came out, but in that mode I could change the play volume. That brought VoiceOver to life as well.

The volume mode VoiceOver uses is the same one iPod.app uses, but you can't set volume from VoiceOver; in that app the volume controls only change ringer volume. You can set it from iPod.app.

There must be another way to set VoiceOver volume, but even knowing the above I can't find it.

I don't see a lot of posts on this issue, so there's probably something else going on here ...

Update 4/17/11: Apple added a separate app/iPod volume control to a recent release of iOS 4. It's well hidden though. First get the multitasking icon list (tap home twice). Then swipe right to show the iPod controls. Then swipe right again. You will then see a volume control that is separate from the ring volume control.

Creating Google events from email and SMS

In Outlook you can drop an email onto a Calendar icon to create an event. It's one of Outlook's better features.

Toodledo customers get an email connection for task creation. Send an email and Toodeldo creates a task. There are even rules for writing subject lines to facilitate task creation.

Unsurprisingly, Google has something similar - albeit with a bug that makes it less useful than you'd think.

• Create events from the Gmail inbox
• Create an event by sending an SMS to GVENT (48368)

The SMS submission feature is poorly documented; before you can use it (US only) you must register your phone using the Calendar Settings Mobile Setup tab. It worked in my testing, I received a confirmation email that the event had been created. The SMS submission feature, and some related  SMS calendaring services,  are most useful for non-smartphone users. I think it follows the same language recognition rules as email (below):

There's no exact email analog [1] to the SMS feature, but Gmail processing comes closes. You can create an event from any email; the secret is the More Actions drop-down menu and the Create Event entry (I need to pay more attention to that menu!).

Google Calendar tries to parse the email subject line to set times and dates for the new event. I couldn't find any documentation on what phrasing works best, but I assume Google uses the same rules as the "Quick Add" entry box in Google Calendar ... (rewritten below, the page is a mess).

If you're sending an email to your Google Account to facilitate event creation you should use the following rules tge recipe for events is to enter 'what,' 'who,' 'where,' and 'when'. I can't remember that, I prefer the acronym SNAD:

• Subject (what): This can be any text; the event title is created from this.
• Name (who, optional): Anything preceded by the word "with".
• Address (where,  optional): Preceded by the word "at", use quotes if the place name could be confused with a date/time.
• Date (when): Preceded by the word at. Almost anything will work, colons in times can help reduce ambiguity and military time works.

The classic example is: "Dinner with Michael at "Friday's" at 7pm tomorrow".

So far, so good -- but there's a nasty bug/limitation. When you use the create event feature in Gmail, you can only create it on your personal calendar -- even though you may have privileges to write to many calendars. After you create the event you can move it the correct calendar.

Very annoying.

[1] Don't confuse this with what happens when you send an invitation to a Gmail account for an Outlook or similar appointment. That sends an ICS attachment and, think it automatically creates a calendar entry.

Retrospect 8.2 for OS X fails my latest review -- because it's been abandoned

I'm not happy with the state of OS X backup software. I've been hoping for a year or two that Retrospect 8, now owned by Roxio would be a real contender. In particular, I hoped it would replace my use of SuperDuper for backup. I particularly like the file version strategy, the client management, and the built-in encryption. (Encryption is required for offsite backup.)

I also use Time Capsule, but I insist on two completely different and independent backup solutions for our home data.

In my ongoing quest for a Time Capsule/Time Machine complement I recently installed and began to test Retrospect 8.2. I know the app from past OS X and current Windows versions, so the complexity wasn't a problem. I was pleased by some of the things I found, and it passed some initial tests.

Then I ran into an installation permissions bug. Only the Admin account I used to install could open the Readme and User Guide documents. It's an odd permissions bug -- I can't fix it even using TinkerTools. There are workarounds of course, but this is a worrisome sign of poor quality control.

So I visited the (still dantz.com with EMC relabeling!) forums and read this thread response from a current user who wants Retrospect to succeed (emphases mine) ...

Really Disappointed in 8.2 update - Retrospect Backup Forum - Powered by FusionBB

... I got support responses to online tickets 10 days following the opening of the tickets. I had solved two of the three tickets by then (thanks to the forum). It's been a struggle...if it takes 10 days to respond to my responses then I may have to shake some people by their lapels.

And yes, 8.2 has been pretty buggy, and no word on an incoming patch. The blog went quiet, and so is every other means of end-user communication. Hopefully Roxio will figure things out, but for such a critical piece of software this isn't good...

I can confirm that Roxio has gone silent on Retrospect. They have various communication channels, and they're all black. This is a robust indicator that Roxio isn't funding further development. Retrospect OS X is, not for the first time, abandonware.

I can happily use abandoned software when the output is in a standard format. For example, I still love Microsoft's Windows Live Writer, even though it's been abandoned. It produces blog posts other tools can work with. When it finally dies, I'll say a sad goodbye.

That's not an option for backup software. The cost features and functions doesn't matter -- I can't use backup software that's not being actively supported. Even if Retrospect 8.2 were bug free today, even Roxio sold it for a buck, I couldn't use it.

Retrospect has failed. Again.

Now I'll see if the undocumented installer (in the Retrospect folder in Applications) actually works. (Correction: Installation is documented in the readme PDF. The installer does work. Both would have been strong points in my evaluation -- if I'd been able to justify continuing it.

Firesheep, sidejacking, and SSH Tunneling with DreamHost

In the endless spy vs spy game of net security there have been two recent setbacks for the good buys.

One is the rise of the keystroke logger. That's how I suspect my Google account was hacked from an insecure machine - a corporate laptop running XP. The best response to the keystroke logger is either to carry the 11" MacBook Air -- or to establish disposable network services for use on untrusted devices.

The other setback is the very recent emergence of trivial sidejacking.

Sidejacking is the theft of network credentials, and particularly cookies, by intercepting unencrypted WiFi network traffic. It's been a commonly recognized and widely ignored problem for about three years, but now a security researcher has decided to make ignorance impossible. He's released Firesheep (my 11yo says it should be called "Firerat") to make Sidejacking a trivial task bored kids (emphases mine. He's yelling at Facebook here.)...

... When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.

It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.

This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.

Today at Toorcon 12 I announced the release of Firesheep, a Firefox extension designed to demonstrate just how serious this problem is.

Sigh. I was hoping to ignore this problem, but now I can't. TUAW has an excellent review of our options: How to guard yourself and your Mac from Firesheep and Wi-Fi snooping. I summarize it as 3 options:

1. Witopia VPN ($40/year for good-enough PPTP). I used them for twoyears, after I first worried about sidejacking in 2007, and they provided good service. I'm cheap though, and didn't need them that often, so I decided to wait until the sidejacking problem got worse.
2. Various solutions that get you into your home network and let you use those presumably secure resources. Too much trouble for me, and too likely to be flaky.
3. SSH tunneling - aka the poor man's VPN. This forces all traffic through an "SSH tunnel".

I tried Witopia VPN before and I'd recommend them (though I did have technical problems)  - but I'm feeling cheap these days. I decided to try SSH tunneling because I already pay for full service hosting through DreamHost; so I have what SSH needs.

(BTW, I love DreamHost. If you sign up with my promo code of KATEVA I get a $50 kickback and you get $50 off your 1st year fee. Today, however, they're offering $110 off -- a full year of service for $9.25. To put it mildly, this is unbeatable.)

This is how the DH wiki describes their SSH tunneling SSH Tunneling

Your Dreamhost account can be used to create a secure tunnel to circumvent firewalls that prevent access to particular websites. This isn't recommended as a replacement for a VPN or similar service, but if you need the occasional ability to reach sites that would otherwise be unreachable *or* need secure access because you are using an unsecured access point, this might be an appropriate solution for you.

SOCKS is the name of the protocol used. SSH is the name of the software used to create the tunnel. There are a number of GUI options available for Windows, Mac OS X, and *nix, but using SSH usually demands a command-line environment. This article will assume that it is installed and configured appropriately. Practically speaking, this information is not that important. You just need to know the magic incantations.

Note: This is a great temporary solution if you need to view something your ISP has blocked for unknown reasons. It should be considered a temporary solution, as it will definitely use bandwidth on your account. When you are on a shared server, it's nice not to abuse the system.

The wiki page provides some Windows instructions using Bitvise (Free!) Tunnelier, but Mac users can get by with the command line (though I will also test OS X Meerkat separately). Here's what I did at DreamHost to get the SSH tunnel working on my 10.6 machine:

1. Using DreamHost Control Panel:Users:Manage Users confirm account has a user setup with a shell account.
2. IN OS X Terminal type:  ssh -D 9999 jgordon@trafficante.dreamhost.com 
   
   • jgordon is not my true username, it's just an example
   • trafficante is my DreamHost server. Yours may be different.
   • 9999 is the port number
   • -D turns on compression
   • Some documentation says to use the N switch for non-interactive, so it would be ssh -ND 9999 jgordon@trafficante.dreamhost.com
3. Enter this user's pw on request
4. You now have an SSH connection.

To use this SSH connection you have to configure a proxy in OS X from the Network Preference Panel like this:

Of course you don't want to keep having to turn SOCKS on and off in Network Preferences depending on your settings, and you don't want to use SOCKS unnecessarily. That burdens DreamHost, and it slows your network traffic. I created a new OS X network "Location" that has the SOCKS Proxy turned on.

Also, when your done with your connection, please type "exit" in terminal to close it. That's just politeness.

Here's how you can test if the configuration is working:

1. Change your "Location" to the one you setup with a SOCKS proxy (I call it Google DNS SOCKS).
2. Try to open a web page. Nothing should come up, you'll get an error message.
3. Now run the SSH command to create a connection.
4. Retry your browser - now it should work.

I wonder if I should use a different DNS provider when I do this, currently I'm using Google DNS. For now however that seems to work.

Update: I tested Meerkat. It's a very powerful networking tool; it's not designed primarily for this problem. I can just barely follow the very sparse documentation. Really, a commercial product deserves a bit more documentation.

I think it's easier to just type the ssh command and change Location settings! If you want to try Meerkat as a sidejacking prophylactice, start with this vendor blog post. Note that in this example Meerkat uses 6666 for a proxy.

I'm going to stick with the command line and using OS X native Location settings.

See also:

• WiTopia personalVPN (review 10/29/2007)
• WiTopia personalVPN - need custom DNS configuration (4/2008)
• Geek to Live: Encrypt your web browsing session (with an SSH SOCKS proxy - 2007. Firefox has Foxy Proxy. Mentions configuration so proxy server resolves DNS requests
• Announcing Tunneler 0.9 - An SSH Tunnel for your Mac OS X menu bar (2007) - I don't think this application got much more attention. There have been a few like this, but I think most OS X SSH users just type the command line and switch to their "Location" to one setup for proxy use.

Google: The Quick, the Sick and the Dead - 4th edition

It's been 4 months since the 3rd edition of Google: The Quick, the Sick and the Dead, so this edition is about two months early. It's time though -- because Google is changing fairly quickly.

Changing quickly, but not improving. In the list below I put in parens the prior QSD rating for each item and I've added a section for the official dead. I've decided to stick with only those Google products I personally use, so I've omitted Android.

Comments below.

The Quick (Q)

• Google Scholar (Q)
• Gmail (Q)
• Chrome browser (Q)
• Picasa Web Albums (Q)
• Calendar (Q)
• Maps and Earth (Q)
• News (Q)
• Google Docs (Q)
• Google Voice (S)

The Sick (S)

• Google Search (Q)
• Google Reader (Q)
• Google’s Data Liberation Front (Q)
• Translate (Q)
• Custom search engines (Q)
• Books  (Q)
• YouTube (Q)
• Google Apps (Q)
• Google Profile (S)
• Google Contacts (S)
• Google Mobile Sync (S)
• Google Video Chat (S)
• Google Checkout (S)
• Orkut (S)
• iGoogle (S)
• Gmail Tasks (D)

The Walking Dead (D)

• Chrome OS (S)
• Buzz (S)
• Blogger (D)
• Google Groups (D)
• Google Sites (D)
• Google Base (D)
• Knol (D)
• Firefox/IE toolbars (D)
• Google Talk (D)
• Google Parental Controls (D)

The Officially Dead - since last edition

• Google Desktop (D)
• Google Wave (D)

Since the last edition there have been three escapes from Walking Dead. Two products are now officially dead and Gmail Tasks has been promoted to merely Sick (still uninteresting). There's been one promotion from Sick to Quick - Google Voice.

Seven products have moved from Quick to Sick - including Search. That's a big one. Google suggest is fun, but Google is losing the splog wars. Too many of the results I get back are splog noise. I love Reader, but the Notes/Comments silliness has to mark it as Sick. I also love the Data Liberation Front, but they're not getting traction any more. I suspect they've lost funding. Translate hasn't made progress on the non-Euro languages, so it's increasingly irrelevant.

Overall, this is a grim time to be a hard core Google user. Of course I don't use Android, and Android gets a lot of press. I wonder, however, given the rest of Google's recent record, how solid Android really is.

I wonder if this performance is ever going to show up in Google's  share price.

See also:

• Google Quick, Sick and Dead #1 (1/09)
• Google Quick, Sick and Dead #2 (11/09)
• Google Quick, Sick and Dead #3 (6/10)

The iPhoto 11 (v9.0) data loss bug: permissions again

The killer data loss bug in iPhoto 11 is ... wait for it ... Permissions related:

iPhoto 11: Avoid possible data loss - Mac OS X Hints

A possible bug in the upgrade process by iLife 11 causes a loss in one's library. Even more, some of the 'successful' upgraders are not even aware that they might too have lost some files!

The root of the problem lies in faulty permissions within the iPhoto Library. The solution is to fix the permissions. Repairing permissions in Disk Utility won't help because that doesn't affect user files, only installed programs with Receipts.

... Install BatChmod and run it...
Drag and Drop your iPhoto Library (usually located in your ~/Pictures folder) into the open BatChmod window. 

Change the Letters R, W and X under the Owner, Group and Everyone to a check mark. 

Also select the check mark for the following boxes: Change ownership and privileges, Clear ACLs, unlock box and Apply to enclosed folders and files.
Click Apply...

Have I mentioned I hate the OS X Permissions based security model? It's a botched implementation, and probably the worst part of using OS X. Adding the 10.6 ACL layer seems to have made a bad scene worse.

This bug is yet another example of why I never rush to install Apple products. Apple is a design company, not a quality company. They do this sort of thing routinely.

It's appalling that the installer doesn't check for permissions issues prior to installation. iPhoto has had lots of permissions related bugs in the past, and I've personally run into about a dozen permission related bugs in other parts of OS X. Apple should have tested for problems.

It's too bad there's no legal resort to pursue for these kinds of egregious quality problems.

See also:

• Is there a club for people who hate OS X permissions?
• Gordon's Tech: Permissions bug in OS X 10.5 - unable to update applications
• Gordon's Tech: Resetting permissions from the OS X 10.5 and 10.6 Installation DVD
• Gordon's Tech: How to fix permissions in an OS X Package and how deal with VMWare Fusion Insufficient Permission problems
• Gordon's Tech: OS X Leopard 10.5: The unknown user and group bugs
• Gordon's Tech: Take Control of Permissions in Snow Leopard
• Gordon's Tech: Permissions bug in OS X 10.5 - unable to update applications
• Gordon's Tech: Why you shouldn't use OS X ACLs

PS. Google's blogger removed the paragraph spacing in more than half of the above articles. I hand edited each one. Blogger is proof that Google is made up of flawed humans.

Update: Apple has released the 9.01 fix.

OS X - the Dropbox, Drop Box and Public inversion mystery solved

Something weird was going on.

My 10.6 account had the old "Public" folder containing the familiar "Drop Box".

It also, however, had a "Drop Box" folder containing a Public folder! The Public folder had a document I'd never seen before ...

You can get a public link for any file in your Dropbox's Public folder.

Simply right click (or control click) on a file, click the Dropbox submenu,

and then click 'Copy public link.'

How strange. I don't remember that feature of OS X.

New feature? Inverted Public to Drop Box relationship? What's going on?

OS X hasn't really changed. There's still a "Public" folder containing a "Drop Box". The "new" folder wasn't actually another "Drop Box" -- I'd misread it. It is a "Dropbox" folder -- all one word. It was created by when I installed a cloud based file service known as Dropbox.

I'd stopped using it, and forgotten the double meaning. The folder was simply leftover. I deleted "Dropbox".

It is rather confusing ...