Saturday, February 11, 2012

Time Machine for Lion supports encrypted backups

In the midst of tweaking a Time Capsule backup, I noticed a grayed out option to encrypt my backup.

Turns out 10.7 enables Time Machine encryption on Lion - but only for directly connected drives.

Reading the MacOS X hints commentary I think they're missing the point. A good backup strategy requires offsite backup, and taking a non-encrypted backup offsite is somewhat risky. I don't take my Time Capsule backups offsite, but I do rotate my Carbon Copy Cloner images/backups -- and they are encrypted.

This is a good feature if used wisely.

Saturday, February 04, 2012

Obscure bug: Reeder share to Facebook will post to last used Page Identity

This is an oddball bug. I suspect it's not fixable.

I used iOS Reeder to share a Facebook post.

Problem was, when I last used Facebook I used it as one of the Pages I maintain. That's how Facebook Pages work; you assume the Page identity while you post to it. Then you flip back to your own identity.

So Reeder shared my personal post on my public Page. It wasn't too embarrassing, but it was clearly wrong for the Page (org).

It's a weird bug; I suspect the flaw is in Facebook's API. It probably isn't designed for this use case. I also wonder if this is a side-effect of Facebook introducing the Timeline to my personal account.

Wiki impressions: XWiki

After a disastrous SharePoint 2007 to 2010 migration [1] it was clearly time to replace my team's use of SharePoint wiki. The mangled conversion was a red-flag-and-air-raid-siren declaration that SP was going to be a longtime world of hurt.

We looked around at the wiki options, and considered TWiki, XWiki and Confluence (WikiMatrix). Atlassican Confluence is the best of breed, but for corporate users like us it's expensive. Hardware we have, platform licenses we have, networks and backups we have, and expertise we have. What we don't have is a budget.

TWiki is the easiest of the three to configure and it has the fewest technical requirements. XWiki looked like more work, but we liked the rich text editor and (limited) table support. We're now starting up on XWiki enterprise. Here are a few impressions from the process that may be of interest to other wiki searchers ...

  • We started out on a Linux server but couldn't get XWiki working. We're not Linux experts. We switched to Windows and our engineer resource had XWiki setup within a day. I wasn't impressed with the ease of installation.
  • XWiki requires a Java Servlet Container. That rules out Dreamhost and many other hosting options. (TWiki can install with Dreamhost.)
  • XWiki includes a blog service but there's no support for Blogging APIs. So you can't use MarsEdit or Windows LiveWriter to write.
  • The documentation is weak. For example, how do you delete a Space? Turns out it's easy if you have privileges, but the documentation claimed we needed an extension.
  • XWiki Enterprise is a geek platform, though much of the complexity can be hidden.
  • I like the approach to URLs and page titles. You can change a page title, but the page URL is fixed. XWiki provides an effective UI for looking up local pages during link creation. (SocialText retitling creates a redirect page with the old title/url and a link to the new title/url. Sharepoint changes the URL and title, but updates intra-liki links. Foreign links break.)
  • The rich text editor is simple but works fine for my purposes.
  • IE 9 doesn't work with the controls on gadgets, but seems ok for non-admin users.
  • XWiki has the universal wiki curse -- no ability to migrate posts between systems. I wonder if people who complain about being unable to move their medical records between providers see the similarity. OTOH, when our Linux install failed it was easy to move to Windows.

I'm reasonably optimistic that XWiki will work for us. I'm glad to be free of Sharepoint 2010.

See also:

[1] With SharePoint it's not possible to separate software issues from implementation. Maybe Microsoft provides wiki conversion tools that our IT department didn't use. I have discovered that if I copy/paste of our 500+ SP 2007 wiki created pages into Word, then remove all styles, then past back into SP 2010, I can edit them again.

Tuesday, January 24, 2012

Time Machine backups of Aperture are not reliable?!

I've restored my Aperture Library from backup twice in the past few months. Two months ago Aperture crashed when a bad block corrupted a file. I restored from Carbon Copy Cloner. A month later I figured a dying iMac drive was the root cause, and my backups weren't as robust as I expected.

After a mildly painful Apple service call i had to restore all my data from backup. I backup the server nightly to Carbon Copy Cloner and hourly to Time Capsule, so I had to pick a backup source. I decided to restore from Carbon Copy Cloner, though I did consider Time Machine. It seems to have worked.

Today I learned that I might have dodged a bullet. I was wise to choose CCC over Time Machine ...

Macintouch Backup

Derek L

...Thanks to Antonio Tejada for his note about Time Machine and Aperture. The combination remains unreliable for me, as I'd described in my comment on this topic last June: not all items in my Aperture library get included in my Time Machine backup. Although I've been able to temporarily repair it via forcing a "deep traversal", the problem recurred in fresh TM backup sets, on multiple disks, and through several point releases of Snow Leopard and Aperture 3 (I've never used any other version, and I also haven't migrated to Lion). I gave up on it and instead depend on Aperture Vaults.

Skot Nelson

... However, after having Aperture randomly lose some of my masters -- old photos from a concert that I hadn't touched in month and just happened to click on as part -- I no longer trust my Aperture library's integrity...

Richard Tench

... Seeing the warnings here about Aperture and Time Machine, I decided to do a test recovery (to my desktop). It failed due to permissions on the Time Capsule. Though one would think that's an easy problem to fix, it isn't. At the end of 2.5 hours on an AppleCare call, they were unable to help me. I was told that Aperture doesn't work well with Time Machine...

Sigh. I miss Dantz Retrospect. I'm grateful for CCC, but old Retrospect combined the reliability of CCC with the features of a true backup.

It's been noted that in 2012 Apple OS X development is the equivalent of Siberian exile. Time Machine work must be reserved for unwanted interns.

See also:

Monday, January 23, 2012

SharePoint 2010: migration of a SP 2007 wiki

My business group has maintained a large SharePoint 2007 wiki.

Recently we had to migrate to SP 2010. The wiki went along for the ride.

I've seen some bad outcomes in software over the past 20 years. I mean -- really bad products.

I've never seen anything like this.

Wiki pages that look like they were edited by intoxicated baboons. Pages that can't be edited in IE 9, but can be edited in Chrome. Pages that can't be edited in Chrome but can be edited in IE 9. Pages that can't be edited anywhere, save as HTML.

SharePoint Designer is an option. I tried it. I shed tears for the lost spirit of FrontPage and Vermeer.

I despair, sometimes, when I see what Apple's interns are doing to iPhoto or OS X. Even they, even they, have never done anything like this.

This is the worst.

Microsoft, astonishingly, is truly finished. We really are in the twilight of the personal computer. 

Sunday, January 22, 2012

My MacBook fan was roaring. Again. Time Capsule edition.

My MacBook fan was roaring. Again.

This time, however, activity monitor didn't show much going on. It wasn't a Flash ad running in another user account. I didn't have a print job stuck in the bowels of Apple's dysfunctional printing framework.

It had been doing it for weeks. Sluggish performance, slow fan pinup, then continuous running. Something was draining performance and making heat -- and it wasn't showing up in Activity Monitor.

Or, at least, it wasn't obvious in Activity Monitor. I did see something called fsck_hfs using up 10% or so CPU.

To make a long story short - the problem was a defective Time Capsule backup. My MacBook was running fsck_hfs, a utility that "verifies and repairs standard HFS and HFS+ file systems". When I saw this I thought there was something wrong with my system drive - but it tested out fine.

A SuperUser tip clued me in. My MacBook was trying to verify the integrity of my 150GB backup -- over a WiFi connection. This is a singularly ineffective strategy, it would have taken days to complete. The laptop never ran continuously for that long; and there is something about this process that makes a MacBook run hot [3]

If I'd known what to look [1] for I'd have seen something like this:

Screen shot 2012 01 21 at 10 53 54 PM

Except it would have shown 2-4%. It only got to 92% when I connected the laptop to my TC via wired ethernet. It got to 92% then stuck there. The backup was toast.

I then disconnected all users and tried deleting the .img file for my MacBook from TC. That failed because the Finder can't handle TB scale image files [2]. I then used AirPort Utility's very confusing Time Capsule UI to erase the entire drive and started the slow, painful, recreation of my backups.

My MacBook is quiet and responsive again, and fsck_hfs free.

That was painful.

Backup is an unsolved problem.

See also:

[1] I wasn't so direct, instead I wandered about searching Console error messages. There I found:
search console for com.apple.backupd (all messages)
Attempting to mount network destination using URL: afp://;AUTH=No%20User%20Authent@Molly.local/Molly_Internal
Backup failed with error: 21
Error writing Time Machine Information file: /Volumes/Molly_Internal/Stanford_MacBook_0017f2f04828.sparsebundle/com.apple.TimeMachine.MachineID.plist
Error writing to backup log. NSFileHandleOperationException:*** -[NSConcreteFileHandle writeData:]: Input/output error
Event store UUIDs don't match for volume: Escanaba
While plumbing Console I discovered an unrelated error that distracted me for a while - a pile of errors like this:
Jul 20 18:27:55 localhost com.apple.launchd[1] (com.apple.SystemStarter): Failed to count the number of files in "/System/Library/StartupItems": No such file or directory
Googling on this one I discovered this is an old OS X bug, one some systems a routine update deleted this folder. I recreated it using terminal:
cd /System/Library
sudo mkdir StartupItems
That cleared up a bunch of Console error messages, but it didn't fix my real problem.
[2] Kind of amazing, but there you go. Apparently they can be deleted via terminal, but erasing through TC is safer. You can only erase the internal drive, if you want to erase a TC mounted external drive you need to move it to a Mac and erase it there.
[3] The MacBook runs hot whenever it does an 802.11n TC backup. I wonder how much of this is heat output from the WiFi/encryption systems.

Organizing kid school accounts with OS X: Chrome to the rescue

In the twilight of the general purpose computer, I struggle to balance OS X and Apple tech, Google services, parental obligations, and getting work done.

Our iOS  and OS X devices are parental controlled -- at least as far as they can be. Among other things, that means Google services are unavailable on child accounts. [1].

Schools, however, make increasing use of Google Apps [2]. This is how I reconcile that use case with our general approach to home computing:

  1. You need the username and password for the school Google Apps account. Example: kid_name@school.mn.us.
  2. Create a single non-controlled "homework" account on the primary homework machine.
  3. Use Google Chrome, not Safari, for this account.
  4. In Chrome create a user account for each child. For each account, from Chrome Preferences, choose to sync Google. You will be asked for the school user name and password.
  5. Add gmail, docs and so on to the toolbar.

Each child uses this single OS X account with their own Chrome identity. Use of this account requires direct parental supervision. It is used only for homework. On personal OS X accounts our kids don't directly access our Family Google Apps domain, they use OS X Mail.app, for example, to get email. They don't know their Family Google Apps passwords.

[1] Partly by design and partly due to market disinterest, Google services are not compatible with OS Parental Controls.
[2] Alas, this transition occurred even as Google's Hyde crushed its Jeckyl.