Friday, June 17, 2011

Connecting devices to WPA Airport Extreme base station without authentication - including guests

This isn't new, but it's new to me. I ran across it in my Airport Extreme menu
AirPort Utility 5.1 Help: Adding a wireless client to your 802.11n network
... If your base station supports it, and your network is password-protected using WPA Personal or WPA/WPA2 Personal, you can provide wireless clients access to your network without requiring them to enter the network password...
... Choose Add Wireless Clients from the Base Station menu...
This is different from the "guest network" base station configuration. The most obvious use is for visitors, but I assume it can be used for WPA devices that don't support password entry (do such exist?).

It works by creating a hole in network security -- a device is allowed on the network based on its MAC address without a password. This is spoofable of course, but I imagine you'd have to know the magic MAC address. Based on the article title it's 802.11n only.

Access can be limited to 24 hours, which makes sense for most uses. Easiest configuration is first device to try gets the privilege. If you don't use the 24 hour limit access is forever, unless you edit the Airport Access Control list.

Sunday, June 12, 2011

Spotlight will index your Time Machine backup disk

I caught my MacBook's fan noise, so i looked to see what was sucking CPU.

It wasn't, surprisingly, Flash. The MacBook was trying to index the backup drive attached to my Time Capsule upstairs, even as it did its routine Time Machine backup to the remote image.

I'd seen that on other machines, so I knew the fix. I added the remote mounted backup drive to my Spotlight Preferences Privacy tab. The fan spun down a few minutes later.

It's a surprising behavior. Does Spotlight also try to index a TM backup on a physically attached drive? Obviously this kind of indexing is pointless, just a waste of bandwidth, storage, CPU and power. I'm surprised it's not been fixed.

Update 6/22/11: There are odd consequences with doing this, esp. in 10.5. This 2008 discussion is interesting -- TUAW Tip: exclude your Time Machine disk from Spotlight indexing and 10.5: Spotlight and the Time Machine disk - Mac OS X Hints

OS X Parental Controls Review - State of the art in OS X 10.5 and 10.6

Apple has recently updated their OS X Parental Controls documentation for 10.5 and 10.6. It will be interesting to see if they improve Parental Controls with 10.7(Lion).

The only good thing I can say about the current generation of OS X Parental Controls is that they're an improvement on the non-existent Parental Controls in iOS.

Below is a summary of the current controls documentation, followed by notes of my own. I appreciate the irony that, as the father of a vulnerable child, I share the same agenda as China's totalitarian Party (emphases mine) ...

Mac OS X v10.5, 10.6: About the Parental Controls Internet content filter

The Internet content filter can operate in three modes: unrestricted, automatic, and whitelist.

When "Allow unrestricted access to websites" is selected, the Internet content filter logs websites that the account visits but does not restrict Web browsing. Visited websites are still logged and can be examined in the Logs tab of Parental Controls preferences.

When "Try to limit access to adult websites automatically" is selected, the Internet content filter does its best to block websites with inappropriate content. To do this, the Internet content filter uses the same technology that the Mail application uses to identify "junk" mail. The Internet content filter can identify, with a high degree of accuracy [!], whether a Web page is safe or not by examining various properties of the website including text and structure.

Additionally, the Internet content filter will block a website if the website identifies itself as adult-oriented using RTA (http://www.rtalabel.org/) or SafeSurf (http://www.safesurf.com/ssplan.htm) rating systems, as well as forcing "safe" searches with some search engines.

In this mode, the Internet content filter logs all visited and blocked websites, and flags them as such in the Logs tab of Parental Controls preferences.

In certain situations, the automatic Internet content filter may mistakenly block a safe website or allow an adult-oriented website. For example, if the website uses an uncommon language or if there is very little text on the page. These websites can be identified in the Log tab of the Parental Controls preference pane and added to the "Always Allow" or the "Never Allow" lists. These lists can also be accessed by clicking the Customize… button in the Content tab of Parental Controls preferences. Websites that are mistakenly blocked can also be allowed by clicking the "Allow…" button on the blocked web page and authenticating as an administrator user.

https note: For websites that use SSL encryption (the URL will usually begin with https), the Internet content filter is unable to examine the encrypted content of the page. For this reason, encrypted websites must be explicitly allowed using the Always Allow list. Encrypted websites that are not on the Always Allow list will be blocked by the automatic Internet content filter.

If "Allow access to only these websites" is selected in Parental Controls, the Internet content filter blocks any website which is not on the list. When the blocking web page is presented, a list of allowed websites is also shown. If using Safari, allowed websites are displayed as bookmarks in the bookmarks bar.

Note: For most websites, the Internet content filter considers the domain name and not the path. For example, if http://www.example.com is added to the list, then http://pictures.example.com will be allowed, as will http://www.example.com/movies.

In whitelist mode, visited and blocked websites are flagged in the Logs tab of Parental Controls preferences and can be added or removed from the whitelist there.

The documentation is incomplete (I gave it a rating of "2"). Some additional notes and references:

  • Safari history cannot be deleted in the most restrictive mode and in that mode preference changes are limited as well. It can be deleted and preferences can be edited in other modes.
  • The documentation false claims about the accuracy of content blocking, and of course images cannot be managed (emphases mine).
  • A user account must be closed (user logged out) for content rule updates to be applied.
  • Because of the various measures Google takes to evade censorship by authoritarian governments their services are a poor match to Parental Controls. Bing is much more dictator friendly, so I block all Google services and allow Bing.
  • OS X Parental Controls settings and logs can be managed from a remote admin account (see references below).
  • It is most convenient to allow and block sites while reviewing the log file records.

It's easy to find problems with OS X Parental Controls, but I don't expect much improvement -- even with all the world's dictators on my side. For example ...

  1. There's no customer demand for improvements. I think most parents are quite unaware of what most adolescent males do on the web, and I think they prefer to remain unaware. This is not necessarily a bad solution for most adolescents and parents; not all children are equally vulnerable.
  2. Technologies for evading monitoring, ensuring security, and protecting privacy also block Parental Controls.
  3. Engineers without young children don't like Parental Controls, not least because of how the technologies can be misused. Working on Parental Controls is unlikely to be a career move at Apple.
  4. These are hard problems because of the way the Internet is structured, and because content providers are actively trying to evade Parental Controls either because they want to facilitate adult access or because they are seeking vulnerable people to exploit.

See also (mostly Gordon's Tech):

Update 6/15: Nothing illustrates Apple's disdain for Parental Controls better than this screenshot:

Screen shot 2011 06 15 at 8 25 16 PM

The log display can extend vertically, but not horizontally. It's fixed width. So you can't actually view the URLs. The poor engineer must have taken pity on his users however, if you let your mouse rest on a URL for a while a popup will show you the full text.

This is third rate work.

Wednesday, June 01, 2011

Mac Mind mapping software: Inspiration, OmniOutliner and MindNode

I've used several mind mapping tools over the past few years, including, most recently, MindManager for Windows. I like the tools well enough, but it's a niche market. The leading vendors like Mindjet and NovaMind typically charge $250-$400 for their products; that feels a bit much when Aperture sells for $80 on the Mac App store.

All of the commercial products use proprietary, closed data formats -- so there's a severe data lock problem with this domain. It's tough to switch vendors. Some, like NovaMind, have quite good import/export features -- but that doesn't change the fundamental data lock issue. Many of the products, including some respected freeware apps, are Java based. That's a big negative for a Mac user.

Which is why it's nice to see that Inspiration is back. It was never actually gone -- but they stopped marketing it for adult and business use (schools only). Visiting their web site today they seem to be taking another stab at a broader market. Inspiration isn't nearly as pretty as MindManager, and it doesn't have MM/Windows deep Office integration, but it's much less expensive. I'd give it a try (it used to import MORE 3.1 documents btw!), but the trial software registration form is ridiculous. I'll wait until they get a clue on that front.

Inspiration is nice, but what I really want is for the OmniGroup to deliver a mindmapping solution. They could extend OmniOutliner, OminGraffle, OmniFocus or do a new app -- but my preference would be to extend OmniOutliner. They'd do a beautiful job, and perhaps they'd consider opening up the file format.

Update: The ever reliable "Martin" mentions MindNode in a comment. I loved this part of their web site description:

No file format lock-in. MindNode and MindNode Pro support a variety of file formats. You can import and export FreeMind and OPML files (a file format used by many outlining applications) or export the mind map as PNG image, TIFF image, PDF, RTF or HTML document.

MindNodePro is sold on the App Store for $20 and by direct download. MindNode is quite limited by free. There's an iOS version that currently has its own file format, but the developer promises it will migrate to the MindNode format.

MindNode is a small OS X and iOS developer product ...

... MindNode and MindNode Pro are applications designed and developed by Markus Müller. Based in Vienna, Austria, Markus is an independent software developer whose focus lies on designing intuitive and useful software for the Mac and iPhone platform...

This on is my todo (Toodledo/Todo.app) list to try.

Update 6/4/11: There's a free trial version of MindNode Pro - limited to 20 nodes. That's what I'm experimenting with. It's simple, but elegant. If you drag and drop a file to MindNode it creates a resizable icon shortcut (default size is too big). I like how it works. If you want to create documents, you create then externally and relate them using MindNode. For example, I could related a set of SimpleNote text notes. The documentation is unclear, but i can confirm node names are indexed by Spotlight.

See also:

Tuesday, May 31, 2011

Why is my iPhone 4 crashing so often?

It started when Reeder, a previously stable app, began crashing frequently. I assumed the app wasn't keeping up with OS updates.

Now several apps are less stable. (Of course I've been shutting down, restarting, etc.)

It could be one app that is having a systemic impact, but my hunch is this is hardware related.

Google tells me this is not a terribly common problem but it does happen. The best explanation so far is How-To: Fix Crashing Apps on Your iPhone and iPad.

The only fixable hardware related cause I can imagine is bad "sectors"  on the iPhone's Flash memory -- flash memory defects the OS can't fix on the fly. Memory wear is normal for Flash storage and I expect my phone has a higher than average rate of read/write cycles.

So my next measure is to wipe the phone and reinstall from a backup. During a refresh the OS may have more options for managing bad

This will take some time, so I'll update after I get around to it.

After that, I'll have to bring it in. That's a scary thought!

Sunday, May 29, 2011

Personally sad changes to Google search

Google has changed the way it indexes my blogs (notes.kateva.org, tech.kateva.org). Until recently search results were individual posts. Now search results are increasingly archive pages that include significant numbers of posts.

This may reflect Google's declining opinion of my worth, or simply a declining interest in blogs, but whatever the cause the new behavior is far less useful.

I tried Bing, but it's much weaker.

Friday, May 27, 2011

Unexpected benefits of removing dated OS X fonts

There are a two things I miss about Windows. I miss Windows Remote Desktop Services, it crushes OS X remote desktop. I also miss Windows fonts, especially Windows antialiasing.

OS X fonts have been a particularly annoying problem. Some applications, like my 5 yo copy of FileMaker Pro 8, show persistently garbled fonts. On the other hand, my new copy of Numbers.app defaults to a poorly rendered 9 point Helvetica Neue.

I've lived with these bugs for years, but tonight, in the process of investigating a hung app, I sorted them out.

In Library/Fonts (see Mac OS X: Font Locations and Their Purposes) I found a folder of Microsoft Fonts left over when I deleted Office 2008, and I found a good number of old style fonts dating back to 2006 [2]. After cross checking with the excellent font lists in the extensive article Font Management in OS X I removed those fonts. This had the unexpected benefit of fixing FileMaker Pro 8 - the fonts there now display nicely.

For the Numbers font problem I experimented with control of OS X antialiasing. In OS X Preferences:Appearance I set "turn off text smoothing for font sizes" to 8 and smaller (it was initially 10 and smaller). [1] I'm not sure that made any difference. What did help was creating a new template with all cells set to Helvetica 12, then saving that as a template and making it the default spreadsheet to use on startup. (Currently there's no other way to change the default font in Numbers.app.)

In the course of the above I found:

  1. When I opened up Font Book.app several of my fonts showed a duplicate font message. When I ran verify some reported bugs. I chose the inactivate duplicates option, but I later discovered OS had inactivated the "good" version of the font. After I removed my old fonts I had to re-activate the "duplicates".
  2. The Font Book app can be used to verify all fonts. I recommend that quick test for everyone who's run OS X for a while.
  3. It's convenient to use Font Book to create a collection of the handful of fonts I actually use. Note the Windows Office Compatible and "Web-safe" built-in collections.
  4. My copy of OS X includes two SchoolHouse fonts - cursive and printed. I wish I'd had these when I was teaching writing to my first child! I don't know where they came from, I don't think they're part of the regular OS X font installation.

[1] The options in 10.6.7 are different from the options in 10.6 in Aug 2009.
[2] The accounts on my 27" iMac have migrated across many machines, probably going back to 10.1. They've picked up some cruft along the way.

See also:

Update 5/28/11: I should have tested FileMaker Pro 8 a bit more. It looked good at first, but when I searched later all my records seemed blank! A reinstall, surprisingly, didn't fix anything and didn't seem to add new fonts. I had switched to Verdana, and tried old Georgia instead. That worked well.

Update 5/30/11: When I tried to empty the trash I learned that Arial and Times were still in use! They were in the Microsoft Fonts folder, and they were my bad-boy fonts. I had to restart then empty the trash.