The loathesome Apple Magic Mouse and the MagicPrefs salve

I have only one dysfunctional relationship.

It's with my Apple Magic Mouse. I hate it, but I can't leave it. I don't swear, but today my son heard me drop the F bomb. Thanks to the Magic Mouse from Hell.

There are two parts to the curse of the Magic Mouse. One is that Apple, the company that's never made a decent mouse, was too clever with their latest failure. The other is that Apple, the company that hates its geeks, has steadfastly ignored our screams. All we want is an option to make scrolling require two fingers, but instead we get accidental scrolls that wipe work and lose context.

I have an order for a $35 Logitech Bluetooth mouse in my Amazon cart, but before I pull the trigger I'm trying the last refuge of Magic Mouse users -- the MagicPrefs menubar and preference pane. (Better Touch Tool is a similar product, but seems to have less recent development).

I don't like to install this kind of tool -- they're usually playing in illegal APIs. Indeed, I've seen rumor that MagicPrefs has trouble with 10.6.5. I've done it though, which shows my desperation.

So far all I've created one preset. All I've done is reduce touch sensitivity a bit, and change scrolling behavior:

• disable one finger scrolling (also disables scroll momentum - I miss it)
• two finger scrolling: vertical axis only
• three finger scrolling: horizontal access only
• four finger scrolling: disabled

I'll see how this works before I add more features or gestures. I have seem some atypical clicking and scrolling behaviors and I want to see if those settle down.

If MagicPrefs saves my Magic Mouse relationship I'll forgive it some minor system glitches.

Now if only Apple would fix its own $##% Magic Mouse Mess.

Instapaper: editor's picks and more

I've succumbed to the elegant web page reformatter and offline reader Instapaper. I was a late adopter, but I've drunk the Kook Aid now.

It's the technology, it's the service, it's the quality, it's the versatility, it's the content and it's the developer(s). Classy.

Instapaper works beautifully with over 130 iPhone apps including the best Google Reader client: Reeder.app .

You don't need an iPhone to use Instapaper (currently only the iPhone app generates revenue, that may change). It's great on the desktop too - it makes the most ad laden, Flash infested, page broken content a pleasure to read (and breaks business models too, but that's another story).

It also solves a problem that you might have too.

You know you do it. Sitting in a boring phone meeting**. Browsing web sites on your corporate box (or iPhone* or iPad). All's fine until you see something you really want to read. That's crossing the line though. I can't read something good and pay attention to a dull meeting. Worse, I might continue when the meeting is done -- when I should be doing real work. (I assume everything I do on a corporate machine is monitored of course.)

Instapaper solves the problem. I click the Read Later bookmarklet and put the browser down. I'll read the article, elegantly formatted, on my iPhone later. If you don't have an iPhone, you can read it with any web client through your free Instapaper account.

Instapaper is $5 on the app store with a fine free version if you, like me, distrust reviews.

Oh, and don't miss the Editor's Picks. I'd like to know where the #$! they come from. Great list of readings, and anyone can browse this list -- even if they never use Instapaper.

*iOS browser bookmarklet integration of Instapaper is painful. Apple needs to fix this one, the developer can't. It's simple to use the mail article feature though.

** My meetings are not boring. For one thing I get 60 minute meetings done in 15, for another I round-robin attendees for comments q5-8 minutes.

PS. Instapaper got top grades on every cloud service test I use.

iPhone silent in VoiceOver mode

My iPhone was silent in VoiceOver mode. I couldn't figure out the problem. The UI behaved as expected, and I could record and play back over the speaker, but when I tapped on a word nothing happened.

VoiceOver wasn't working.

I thought my phone was in silent mode, or that the volume was too low. It wasn't in silent mode thought, and pushing the volume up set the ringer to max. Still no VoiceOver though.

The trick was to try playing something on iPod.app. No sound came out, but in that mode I could change the play volume. That brought VoiceOver to life as well.

The volume mode VoiceOver uses is the same one iPod.app uses, but you can't set volume from VoiceOver; in that app the volume controls only change ringer volume. You can set it from iPod.app.

There must be another way to set VoiceOver volume, but even knowing the above I can't find it.

I don't see a lot of posts on this issue, so there's probably something else going on here ...

Update 4/17/11: Apple added a separate app/iPod volume control to a recent release of iOS 4. It's well hidden though. First get the multitasking icon list (tap home twice). Then swipe right to show the iPod controls. Then swipe right again. You will then see a volume control that is separate from the ring volume control.

Creating Google events from email and SMS

In Outlook you can drop an email onto a Calendar icon to create an event. It's one of Outlook's better features.

Toodledo customers get an email connection for task creation. Send an email and Toodeldo creates a task. There are even rules for writing subject lines to facilitate task creation.

Unsurprisingly, Google has something similar - albeit with a bug that makes it less useful than you'd think.

• Create events from the Gmail inbox
• Create an event by sending an SMS to GVENT (48368)

The SMS submission feature is poorly documented; before you can use it (US only) you must register your phone using the Calendar Settings Mobile Setup tab. It worked in my testing, I received a confirmation email that the event had been created. The SMS submission feature, and some related  SMS calendaring services,  are most useful for non-smartphone users. I think it follows the same language recognition rules as email (below):

There's no exact email analog [1] to the SMS feature, but Gmail processing comes closes. You can create an event from any email; the secret is the More Actions drop-down menu and the Create Event entry (I need to pay more attention to that menu!).

Google Calendar tries to parse the email subject line to set times and dates for the new event. I couldn't find any documentation on what phrasing works best, but I assume Google uses the same rules as the "Quick Add" entry box in Google Calendar ... (rewritten below, the page is a mess).

If you're sending an email to your Google Account to facilitate event creation you should use the following rules tge recipe for events is to enter 'what,' 'who,' 'where,' and 'when'. I can't remember that, I prefer the acronym SNAD:

• Subject (what): This can be any text; the event title is created from this.
• Name (who, optional): Anything preceded by the word "with".
• Address (where,  optional): Preceded by the word "at", use quotes if the place name could be confused with a date/time.
• Date (when): Preceded by the word at. Almost anything will work, colons in times can help reduce ambiguity and military time works.

The classic example is: "Dinner with Michael at "Friday's" at 7pm tomorrow".

So far, so good -- but there's a nasty bug/limitation. When you use the create event feature in Gmail, you can only create it on your personal calendar -- even though you may have privileges to write to many calendars. After you create the event you can move it the correct calendar.

Very annoying.

[1] Don't confuse this with what happens when you send an invitation to a Gmail account for an Outlook or similar appointment. That sends an ICS attachment and, think it automatically creates a calendar entry.

Retrospect 8.2 for OS X fails my latest review -- because it's been abandoned

I'm not happy with the state of OS X backup software. I've been hoping for a year or two that Retrospect 8, now owned by Roxio would be a real contender. In particular, I hoped it would replace my use of SuperDuper for backup. I particularly like the file version strategy, the client management, and the built-in encryption. (Encryption is required for offsite backup.)

I also use Time Capsule, but I insist on two completely different and independent backup solutions for our home data.

In my ongoing quest for a Time Capsule/Time Machine complement I recently installed and began to test Retrospect 8.2. I know the app from past OS X and current Windows versions, so the complexity wasn't a problem. I was pleased by some of the things I found, and it passed some initial tests.

Then I ran into an installation permissions bug. Only the Admin account I used to install could open the Readme and User Guide documents. It's an odd permissions bug -- I can't fix it even using TinkerTools. There are workarounds of course, but this is a worrisome sign of poor quality control.

So I visited the (still dantz.com with EMC relabeling!) forums and read this thread response from a current user who wants Retrospect to succeed (emphases mine) ...

Really Disappointed in 8.2 update - Retrospect Backup Forum - Powered by FusionBB

... I got support responses to online tickets 10 days following the opening of the tickets. I had solved two of the three tickets by then (thanks to the forum). It's been a struggle...if it takes 10 days to respond to my responses then I may have to shake some people by their lapels.

And yes, 8.2 has been pretty buggy, and no word on an incoming patch. The blog went quiet, and so is every other means of end-user communication. Hopefully Roxio will figure things out, but for such a critical piece of software this isn't good...

I can confirm that Roxio has gone silent on Retrospect. They have various communication channels, and they're all black. This is a robust indicator that Roxio isn't funding further development. Retrospect OS X is, not for the first time, abandonware.

I can happily use abandoned software when the output is in a standard format. For example, I still love Microsoft's Windows Live Writer, even though it's been abandoned. It produces blog posts other tools can work with. When it finally dies, I'll say a sad goodbye.

That's not an option for backup software. The cost features and functions doesn't matter -- I can't use backup software that's not being actively supported. Even if Retrospect 8.2 were bug free today, even Roxio sold it for a buck, I couldn't use it.

Retrospect has failed. Again.

Now I'll see if the undocumented installer (in the Retrospect folder in Applications) actually works. (Correction: Installation is documented in the readme PDF. The installer does work. Both would have been strong points in my evaluation -- if I'd been able to justify continuing it.

Firesheep, sidejacking, and SSH Tunneling with DreamHost

In the endless spy vs spy game of net security there have been two recent setbacks for the good buys.

One is the rise of the keystroke logger. That's how I suspect my Google account was hacked from an insecure machine - a corporate laptop running XP. The best response to the keystroke logger is either to carry the 11" MacBook Air -- or to establish disposable network services for use on untrusted devices.

The other setback is the very recent emergence of trivial sidejacking.

Sidejacking is the theft of network credentials, and particularly cookies, by intercepting unencrypted WiFi network traffic. It's been a commonly recognized and widely ignored problem for about three years, but now a security researcher has decided to make ignorance impossible. He's released Firesheep (my 11yo says it should be called "Firerat") to make Sidejacking a trivial task bored kids (emphases mine. He's yelling at Facebook here.)...

... When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.

It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.

This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.

Today at Toorcon 12 I announced the release of Firesheep, a Firefox extension designed to demonstrate just how serious this problem is.

Sigh. I was hoping to ignore this problem, but now I can't. TUAW has an excellent review of our options: How to guard yourself and your Mac from Firesheep and Wi-Fi snooping. I summarize it as 3 options:

1. Witopia VPN ($40/year for good-enough PPTP). I used them for twoyears, after I first worried about sidejacking in 2007, and they provided good service. I'm cheap though, and didn't need them that often, so I decided to wait until the sidejacking problem got worse.
2. Various solutions that get you into your home network and let you use those presumably secure resources. Too much trouble for me, and too likely to be flaky.
3. SSH tunneling - aka the poor man's VPN. This forces all traffic through an "SSH tunnel".

I tried Witopia VPN before and I'd recommend them (though I did have technical problems)  - but I'm feeling cheap these days. I decided to try SSH tunneling because I already pay for full service hosting through DreamHost; so I have what SSH needs.

(BTW, I love DreamHost. If you sign up with my promo code of KATEVA I get a $50 kickback and you get $50 off your 1st year fee. Today, however, they're offering $110 off -- a full year of service for $9.25. To put it mildly, this is unbeatable.)

This is how the DH wiki describes their SSH tunneling SSH Tunneling

Your Dreamhost account can be used to create a secure tunnel to circumvent firewalls that prevent access to particular websites. This isn't recommended as a replacement for a VPN or similar service, but if you need the occasional ability to reach sites that would otherwise be unreachable *or* need secure access because you are using an unsecured access point, this might be an appropriate solution for you.

SOCKS is the name of the protocol used. SSH is the name of the software used to create the tunnel. There are a number of GUI options available for Windows, Mac OS X, and *nix, but using SSH usually demands a command-line environment. This article will assume that it is installed and configured appropriately. Practically speaking, this information is not that important. You just need to know the magic incantations.

Note: This is a great temporary solution if you need to view something your ISP has blocked for unknown reasons. It should be considered a temporary solution, as it will definitely use bandwidth on your account. When you are on a shared server, it's nice not to abuse the system.

The wiki page provides some Windows instructions using Bitvise (Free!) Tunnelier, but Mac users can get by with the command line (though I will also test OS X Meerkat separately). Here's what I did at DreamHost to get the SSH tunnel working on my 10.6 machine:

1. Using DreamHost Control Panel:Users:Manage Users confirm account has a user setup with a shell account.
2. IN OS X Terminal type:  ssh -D 9999 jgordon@trafficante.dreamhost.com 
   
   • jgordon is not my true username, it's just an example
   • trafficante is my DreamHost server. Yours may be different.
   • 9999 is the port number
   • -D turns on compression
   • Some documentation says to use the N switch for non-interactive, so it would be ssh -ND 9999 jgordon@trafficante.dreamhost.com
3. Enter this user's pw on request
4. You now have an SSH connection.

To use this SSH connection you have to configure a proxy in OS X from the Network Preference Panel like this:

Of course you don't want to keep having to turn SOCKS on and off in Network Preferences depending on your settings, and you don't want to use SOCKS unnecessarily. That burdens DreamHost, and it slows your network traffic. I created a new OS X network "Location" that has the SOCKS Proxy turned on.

Also, when your done with your connection, please type "exit" in terminal to close it. That's just politeness.

Here's how you can test if the configuration is working:

1. Change your "Location" to the one you setup with a SOCKS proxy (I call it Google DNS SOCKS).
2. Try to open a web page. Nothing should come up, you'll get an error message.
3. Now run the SSH command to create a connection.
4. Retry your browser - now it should work.

I wonder if I should use a different DNS provider when I do this, currently I'm using Google DNS. For now however that seems to work.

Update: I tested Meerkat. It's a very powerful networking tool; it's not designed primarily for this problem. I can just barely follow the very sparse documentation. Really, a commercial product deserves a bit more documentation.

I think it's easier to just type the ssh command and change Location settings! If you want to try Meerkat as a sidejacking prophylactice, start with this vendor blog post. Note that in this example Meerkat uses 6666 for a proxy.

I'm going to stick with the command line and using OS X native Location settings.

See also:

• WiTopia personalVPN (review 10/29/2007)
• WiTopia personalVPN - need custom DNS configuration (4/2008)
• Geek to Live: Encrypt your web browsing session (with an SSH SOCKS proxy - 2007. Firefox has Foxy Proxy. Mentions configuration so proxy server resolves DNS requests
• Announcing Tunneler 0.9 - An SSH Tunnel for your Mac OS X menu bar (2007) - I don't think this application got much more attention. There have been a few like this, but I think most OS X SSH users just type the command line and switch to their "Location" to one setup for proxy use.

Google: The Quick, the Sick and the Dead - 4th edition

It's been 4 months since the 3rd edition of Google: The Quick, the Sick and the Dead, so this edition is about two months early. It's time though -- because Google is changing fairly quickly.

Changing quickly, but not improving. In the list below I put in parens the prior QSD rating for each item and I've added a section for the official dead. I've decided to stick with only those Google products I personally use, so I've omitted Android.

Comments below.

The Quick (Q)

• Google Scholar (Q)
• Gmail (Q)
• Chrome browser (Q)
• Picasa Web Albums (Q)
• Calendar (Q)
• Maps and Earth (Q)
• News (Q)
• Google Docs (Q)
• Google Voice (S)

The Sick (S)

• Google Search (Q)
• Google Reader (Q)
• Google’s Data Liberation Front (Q)
• Translate (Q)
• Custom search engines (Q)
• Books  (Q)
• YouTube (Q)
• Google Apps (Q)
• Google Profile (S)
• Google Contacts (S)
• Google Mobile Sync (S)
• Google Video Chat (S)
• Google Checkout (S)
• Orkut (S)
• iGoogle (S)
• Gmail Tasks (D)

The Walking Dead (D)

• Chrome OS (S)
• Buzz (S)
• Blogger (D)
• Google Groups (D)
• Google Sites (D)
• Google Base (D)
• Knol (D)
• Firefox/IE toolbars (D)
• Google Talk (D)
• Google Parental Controls (D)

The Officially Dead - since last edition

• Google Desktop (D)
• Google Wave (D)

Since the last edition there have been three escapes from Walking Dead. Two products are now officially dead and Gmail Tasks has been promoted to merely Sick (still uninteresting). There's been one promotion from Sick to Quick - Google Voice.

Seven products have moved from Quick to Sick - including Search. That's a big one. Google suggest is fun, but Google is losing the splog wars. Too many of the results I get back are splog noise. I love Reader, but the Notes/Comments silliness has to mark it as Sick. I also love the Data Liberation Front, but they're not getting traction any more. I suspect they've lost funding. Translate hasn't made progress on the non-Euro languages, so it's increasingly irrelevant.

Overall, this is a grim time to be a hard core Google user. Of course I don't use Android, and Android gets a lot of press. I wonder, however, given the rest of Google's recent record, how solid Android really is.

I wonder if this performance is ever going to show up in Google's  share price.

See also:

• Google Quick, Sick and Dead #1 (1/09)
• Google Quick, Sick and Dead #2 (11/09)
• Google Quick, Sick and Dead #3 (6/10)