Wednesday, March 02, 2011

Time Capsule - using an external disk for network Time Machine backup

Time Machine and Time Capsule show Apple at its best and its worst.

Best, because only Apple has produced a backup solution that regular people can and will use. Apple pushes Time Machine (or Time Capsule) use -- for the benefit of Appel customers.

Worst because TM and TC are virtually undocumented, they are ill-suited for geek use (no encrypted offsite option), and they are somewhat unreliable [1].

Today I ran into examples of both, and learned two things:

  1. If you attach an external drive to a Time Capsule, then Time Machine will treat it much like an internal TC drive. This is not documented, and at least in 2008 TM backup to an AirPort Extreme drive was not reliable and not supported.
  2. You can't do a TM backup to USB attached drive, then move the drive to a Time Capsule and continue the backup over WiFi. This sucks.

I learned these things because the 500GB drive on my Time Capsule ran out of free space. I'd already excluded significant bits of my machines from TM backup [2] and reclaimed space so I had to try a different approach. I noticed that the barely used 2TB USB drive attached to my TC displays to TM as an acceptable backup option. Despite past issues, I decided to try using the external drive for my server/iMac and keep the internal drive for my our other Macs. [3]

First I brought the drive to my iMac, erased it with Disk Utility, and connected it as a regular TM managed drive. I then took it upstairs, connected it to the TC, and tried to resume the backup. That didn't work. It turns out TM handles a local disk differently from a TC hosted disk:

  • Local disk: TM writes directly to the disk.
  • Time Capsule disk (internal or external): TM first creates a sparse disk image, then writes to it.

So when I moved the disk to the TC, my iMac Time Machine.app just started a new (350GB) backup. One that would take days to complete, leaving with only one working backup method instead of my usual redundant backups [2].

The plus side of the sparse disk image approach is that I can use that TC mounted external drive as a file server as well as a TM backup, which is rather handy. That doesn't make up for the relocation hassle.

So now I have two options:

  1. Allow TM to start the backup over WiFi. Then bring the disk downstairs. Mount the disk image locally, and see if TM will continue that backup.
  2. Bring the TC with external drive to my iMac and backup via GB ethernet. That will compete in a single night, but it will mean we'll be without WiFi until I can put things back.

I'll update the post with which of these two work. I know the 2nd one will work ...

Update: Option 1 doesn't work. I don't have permissions to access the disk image. I could change permissions, but in my OS X experience this is a very risky thing. I could go with the ethernet option, but that's a PITA to move about. I'll try letting my backups chug along for a week or so. I'll start by excluding everything but the Users folder, then let TC gradually fill out the rest over time. If it's too slow, I'll do the ethernet thing.

Update 3/3/11: After about 30 hours TM backed up about 350GB to the WiFi via 802.11n. I never bothered with gB ethernet. The sparse bundle file was set originally at 600GB, even though I only backed up 300GB. I think the initial setting was based on ALL the data on my iMac drive rather; it didn't account for my initially excluding some folders. Later, when I included all data in the backup, it didn't take up any additional storage.

- fn -

[1] Of course I've never used a backup solution that was truly reliable. Even in its glory days Retrospect took some care and feeding.
[2] I also use SuperDuper to clone my primary machine/server nightly to an encrypted disk image and clone my MacBook every month or so. Two SD clones rotate offsite. So I use two completely different backup methods with my data including an offsite option. If Retrospect were to be miraculously resurrected I'd use that instead of SuperDuper. I've evaluated many other popular OS X backup options and failed them all.
[3] I left the TC disk image holding my iMac backup in place. I'll delete it later if all goes well.

See also:

Sunday, February 27, 2011

Facebook changes - Pages and identity shifts, Groups going

The people I read don't write about Facebook, so I have to figure it out on my own. Since FB doesn't communicate very well (irony overflows) that can be challenging.

A few things I've noticed lately ...

  • If you own "Pages" you can now switch Identities between being the "Page Owner" and your own identity. The right side identity item has a drop down. I think this may only work for new Pages at the moment.
  • "Groups" are only a shadow of their former selves. There is still support for legacy groups, but you can't create new ones of that style. The new "Groups" are the equivalent of mailing lists limited to personal friends.
  • It's easier to create a Page. There's much less emphasis on proving ownership of an entity or organization -- which is interesting. It's now buried away in a TOS dialog.
  • You can now set FB to use https.
  • There's an occult account setting to disable use of your name in ads targeted at your "Friends".

Friday, February 25, 2011

FaceTime: AutoAnswer, URL, desktop 1 click call

FaceTime for Mac ($1) has an undocumented AutoAnswer feature ...

10.6: Enable AutoAnswer in FaceTime for the Mac - Mac OS X Hints

... defaults write com.apple.FaceTime AutoAcceptInvitesFrom -array-add +15205551212

... defaults write com.apple.FaceTime AutoAcceptInvitesFrom -array-add email@email.com ...

... defaults delete com.apple.FaceTime AutoAcceptInvitesFrom ...

The author used the "strings" command to uncover these options.

I've been looking for this for years [1] (die iChat die!), so, even though I generally avoid undocumented terminal entered preferences, I immediately set this up on my home iMac. I set it to AutoAnswer calls from my iPhone. Then I started up FaceTime and turned my screensaver on (screen is then locked) and placed a call.

With FaceTime on, a green light showed next to my iMac's "iSight".

The screensaver didn't change, but my desktop answered. My phone displayed the video input from the desktop and audio worked.

A few things to keep in mind as you test this ...

  • Preferences are user specific. On a multi-user machine you have to enable it separately on each account.
  • If FaceTime isn't running nothing happens.
  • If the FaceTime window is showing the user gets a brief opportunity to cancel the call.
  • If the FaceTime window is hidden it will answer, but there's no UI indication that a video chat is working.
  • You can configure FaceTime to run on startup.

I'll be testing this out over the next few weeks, then I have to see if I can persuade my elderly parents that this is something worth enabling on their Mac. It would require an upgrade to 10.6, I think I'd left their machine on 10.5.

For an elderly user, or for anyone who wants a very simple way to create call you can create clickable desktop shortcuts or links in a web page ...

In Safari's address bar, type in one of the following URLs:

  • facetime:// appleid
  • facetime://email@address
  • facetime://phone#

... select that URL in the address bar and drag it to the desktop.

When you do this you get a very dull file. Use IMG2ICNS (Free) to turn a photograph of the person you want to call into the file icon. I did this for my mother then put the icon with my picture on her desktop.

[1] Google could never come up with a decent control UI for Google Video Chat.

See also:

PS. When reviewing some of these old links, I was struck by how many years we've been trying to get useable 1:1 videoconferencing on the net. We're talking at least 13 years of repeated failure, with only modest recent success with Skype and Google Video Chat. Apple has failed repeatedly. I wonder if this time they'll push it through, but I've thought we were close before.

Wednesday, February 16, 2011

My MagSafe adapter light goes out periodically

My T-Connector style MagSafe LED (green light) goes off periodically. Disconnecting and reconnecting the T connector will turn it back on.

This Apple support note was written for people like me...

Apple Portables: Troubleshooting MagSafe adapters

...Whether your product is in or out-of-warranty, you can take your adapter to an Apple-Authorized Service Provider or Apple Retail Store for evaluation and replacement if necessary. You may be eligible for a replacement adapter free of charge provided there are no signs of accidental damage...

I've inspected and cleaned the connector. For now I live with it, but if it gets worse I'll have it replaced. Sounds like an understated semi-recall ...

Update 3/6/11: It seems to be fixed, or at least a lot better. I guess it just needed to be cleaned.

The black YouTube screen problem and the HTML 5 workaround

My 11yo got a "black rectangle" for all YouTube videos today. This is popularly known as the YouTube "black screen" problem, and Google's own engineers say ...

why do Youtube videos no longer load on Firefox? - YouTube Help

... Our engineering team has been working on this for a while. We haven't been able to identify the source of the problem yet, but the details you've provided have really helped...

It's a Flash problem, but it's not Firefox specific. It can strike any Flash-based browser. What a surprise that Flash should have a bug that even Google can't fix ... :-).

There are many Google hits on this problem, but of course there's no fix. The problem comes and goes.

I found that if I took the "embed" URL and opened it in Safari that the video would play. So it's related to YouTube's default video presentation. Upgrading to Flash 10.2 didn't help.

What helped was forcing Safari to load the HTML 5 version of the video. There are several ways to do this

I ended up doing the last one, and I set the options to default to 720p. It works.

My next step would have been to install Chrome, which has both WebM and a Google-authored Flash player.

PS. Ben says it "looks cooler" now.

Update 2/20: See comments for other ways to work around this. Windows 7 is also affected. I'm seeing Flash 10.2 problems on many sites, I suspect there are hardware acceleration problems with older hardware configurations.

Friday, February 11, 2011

Managing spam text messages on the AT&T iPhone

AT&T doesn't provide a way to block spam text messages. They suggest signing up for a $120/year service that enables number blocking.

Yeah, mobile phone companies are pure Satan.

AT&T does provide a reporting service:

Answer Center | AT&T - What should I do if I receive spam text messages on my wireless phone? ...

To report spam text messages to AT&T: When you receive text spam, forward the whole message to short code 'SPAM' (7726) from your wireless device. There is no charge to report mobile spam. Messages forwarded to 7726 do not count toward your data usage or voice package.

To this on the iPhone you

1) view the SMS text message conversation

2) tap EDIT at the top of the screen

3) check off the message(s) you'd like to forward

4) tap FORWARD at the bottom right of the screen

Problem is, this only forwards the message, not the sender number. When you submit AT&T replies with a request for the sender number. I had to inspect my incoming message list to find that, and I couldn't copy paste. I had to do the old memory/pencil thing.

Thursday, February 10, 2011

RIP Password - Google's two factor authentication

Google is rolling out comprehensive mobile phone based two factor authentication to regular Google accounts ...

Official Google Blog: Advanced sign-in security for your Google account

... If you like, you can always choose a 'Remember verification for this computer for 30 days' option, and you won't need to re-enter a code for another 30 days. You can also set up one-time application-specific passwords to sign in to your account from non-browser based applications that are designed to only ask for a password, and cannot prompt for the code....

Some notes from the help page (emphases mine, square parens my comments)

... Soon after you turn on 2-step verification, non-browser applications and devices that use your Google Account (such as Gmail on your phone or Outlook), will stop working. You'll then have to sign in using your username and a special password you generate for this application...

... If you have an iPhone, iPod or iPad, [3G or later, needs iOS 4] we recommend you use the Google Authenticator application to generate verification codes. The application doesn't require an Internet connection or mobile service to generate verification codes. If you would prefer to receive your verification codes by text message or phone call, follow the directions for Text or voice message below....

... Adding a backup number ensures you can receive a verification code to sign in even if your primary phone isn't available or working. ...

... After you set up your phone to receive verification codes, you will be given 10 backup codes. These backup codes can each be used once each to substitute for a verification code. These could be useful whenever you don’t have access to your phone (for example, while you are traveling)...

... If you've lost access to your phones, you can always sign in using one of your printed backup codes [and then turn off two factor authentication?], which you generated when you first turned on 2-step verification. If you've lost your phones and don't have your backup codes, you'll need to fill out an account recovery form...

... An application-specific password [revocable] is similar to a verification code in that you don't have to memorize it. However, application-specific passwords are longer than verification codes and you do not enter them into web browsers. In addition, you do not get application-specific passwords from your phone -- instead, to generate an application-specific password...

Visit the Authorizing applications & sites page (pictured below) under your Google Account settings...

Soon it will be safe to use my Google services on untrusted (keystroke logger possible) machines -- like my office XP box. I'll configure my trusted machines to remember verification. My iPhone will run an RSA-token like authentication code generator. I will keep at least one backup code in my wallet - albeit in a permuted form.

Of course I will wait several weeks before I switch over. I'm no fool. I'll let the brave and inexperienced take the arrows of early adoption.

The traditional password isn't quite dead yet, but it has one (rotted) foot in the grave.

Thanks Google. Special credit for making Google-authenticator open source and standards based ...

The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth).

These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm currently in draft.

See also: