Tuesday, May 26, 2015

AT&T's international Passport program -- advice for iOS users

Android users — it’s your turn to bask in the warm glow of smug superiority. As best I can tell Android provides good tools for tracking and limiting data use.

Yeah, feel the pleasure.

We in the sad world of iOS can only dream of such advanced technology. iOS can’t cap data use, and it has limited and clumsy tools for reducing data use — not to mention the mysterious iTunes Accounts data suck. The best we can do is periodically “Reset Statistics” and track from that.

If only Apple had engineering talent …

Ahem. In any event, this isn’t much of a problem when I’m in the US. The AT&T Next Plan has worked well for Emily and I — between a recent extra GB and 1 month rollover we use half of our 3GB and our monthly cost is down by 25% [1].

It is a problem when I travel to Canada though. I used to swap SIM cards, but that was a royal pain and Canadian cellular providers are quite awful [2]. So a year ago I started using AT&T Passport [3]. Once I’m able to find the mystery link on the AT&T site I pay $30 up front for 120MB and (this is key) unlimited texting. It expires 1 month after setup — no need to cancel it on return (don’t cancel it, see below).

The problem, of course, is managing the cap when you’re stuck using iOS [4]. Do try to remember to reset your stats and track those numbers. You can also get an idea of data use by phoning *3282# (free, I think) - that gets a data use text. Problem is that the Canadian carrier takes days to get usage data to AT&T. By the time that text shows 100MB of usage you’re probably over.

The good news is that while you’re on the Passport program overage fees are “only” 0.25/MB (much lower than off-Passport rates). So going 30MB over isn’t the end of the world. (NOTE: It doesn’t make sense to pay $30 to buy an additional 120MB of Passport data — 0.25/MB * 120 = $30).

Bottom line - reset your stats if you remember, use the *3282# number and add 30%, use the limited iOS tools (esp. turn off email auto-check - I use Gmail.app when in Canada rather than Mail.app, don’t stream, turn off data roaming until you need data, etc), and expect but don’t worry too much about 30% overages.

Oh, and don’t think you need to cancel the program on return! That would mean when late fees arrive from the roaming carrier you pay full freight. You don’t get any discount for early cancelation and it will expire in 30 days.

See also

- fn -

[1] Yeah, I know about the subsidy component. It’s down even after taking that into account. At the moment I’m relatively pleased with AT&T. iOS data management deficits are more of a problem with the kids ultra-cheap low data H2O plans, but their devices are configured to minimize data use.

[2] You thought Verizon was bad? You have no idea. Think Comcast on meth.

[3] Confusingly this currently has very little to do with the oddly named “AT&T Passport app” - which has been useless for me.

[4] Now that Ive is shuffling off to England and semi-retirement maybe we’ll get less fashion, more utility?

Wednesday, May 20, 2015

How I moved my daughters iOS Notes from school to personal iCloud account

Please don’t put data into iOS Notes. Really, it’s quite horrid [1]

If you do you may find it’s stuck there. We ran into this when my daughter’s school iPad had to be wiped and we needed to rescue Notes that were only stored on her iPad (school iCloud account doesn’t support Notes, neither does school Google Apps).

I did this:

  1. Used AirDrop to move notes one at a time from her iPad to my iPhone 6 (her 4s doesn’t support AirDrop).
  2. Since my iPhone 6 is configured to use iCloud, each time a note arrived via AirDrop it went via iCloud to Notes.app on Mavericks [2]
  3. On Mavericks the notes appeared in my iCloud account. I added my daughters Google Account to my Mavericks User account. I could then select ALL notes (yay) and drag and drop them to the Google account.
  4. Then I created an OS X User account and associated it with her personal iCloud Account and added her personal Google Account. Then I did the drag and drop from her Google to her iCloud. 
I did something similar with her school Contacts. Interestingly the account drag and drop behaves differently — Notes are moved, but Contacts are copied.
 
- fn -

[1] I took a look at the folder where Apple stores Notes.app data: ~/Library/Containers/com.apple.Notes/Data/Library/Notes. (Yes, the organization is bizarre). The data is in NotesV2.storedata-wal. I inspected the binary file in Mavericks [2] and found it contains text of Notes I deleted long ago. So if you had sensitive data in Notes.app deleting it won’t remove it from your Mac. It seems the file is never purged.

More — in Mavericks, it only looks like you can drag and drop notes to the desktop. It doesn’t actually work.

More — Notes can sort of hold images and rich text, in some Apple OS but not in others. Definitely not in Google IMAP.

More — Notes was implemented unsung an oddball IMAP hack. It’s like nothing else.

More — Like Contacts Notes can have Groups / Folders in OS X, but in iOS you can’t do anything with these.

There’s still more…

[2] Yeah, I’m still on Mavericks. Yosemite has … issues. I’m waiting for a fix for the crazy network problem.

Wednesday, April 15, 2015

iCloud Family Sharing: you can mix old style and new style sharing, but there's at least one bug

My family does old school iOS media sharing.

Everyone has their own Apple ID for iCloud, but we all use my App Store ID [1]. So we can all share media, apps and the like.

Modern iCloud Family Sharing has advantages though, and Apple is already making old school sharing harder

Which leads to a question.

Say I configure Family Sharing for the 5 of us. [2] Can I mix-and-match old and new family sharing? If #2’s App Store ID is set to my current App Store ID, will he still be able to do old-school sharing?

I think Apple frowns on changing App Store IDs, there may be a limit…

- fn -

[1] Which is different from my iCloud Apple ID because of “.Mac". Don’t think about it too much.

[2] Max of 6 per family, which was once not an unusually large family.

Update 4/16/15 - Reports from app.net

… You can change Apple ID's, download an app and change right back. I do this for apps that I paid for IAP’s with an old account before Family Sharing…

… we do both … although family sharing has not become relevant yet, the old way of sharing apps is more convenient…

When I setup Family Sharing I found that my personal iCloud account was the “Organizer” account, but after entering those credentials my App Store Apple ID was the default for the purchase account. So Apple keeps those two separate.

I did run into a problem — Apple doesn’t provide purchase controls for adults; they didn’t think of special needs or guardianship. Happily, if I leave my old shared credentials as iTunes and App Store old rules apply — the Family Member is asked for my pw to make a purchase. I think if I switched the iTunes and App Store credentials to the user’s iCloud credentials they’d be asked for their Password at time of purchase — but that still requires my help, the kids don’t know their Apple ID passwords yet. So this problem has a workaround…

Thus far the best part of Family Sharing is iOS 8.3 “Find My iPhone”. It now lists everyone’s devices — and several devices that are gone from this earth.

Update 4/18/15: Not working quite as expected.

To recap, the kids have their own iCloud accounts, but the App Store/iTunes credentials are my .mac credentials, which are not my iCloud credentials.

Yeah, this is problematic. We need a way to merge Apple IDs.

In this configuration when they try to buy something I need to enter the .mac credentials. Even when I do that, however, they get a notice that the transaction needs to be approved. That’s fine, but the approval request never gets generates a notification against my Organizer iCloud account. I have an OS X user account bound to the .mac credentials, but that doesn’t get a notification either. So for now I’ve disabled Ask to Buy.

Monday, April 13, 2015

iOS 8.3 took away one of my favorite parental controls

With iOS 8.3 Apple made an undocumented change that will make a few kids happy.

No, not the post-update dialog that will lead many parents to unwittingly enable 15 minute authentication lifespans for purchases. Apple documented that feature. Here’s where you undo any mistakes by they way:

Image1

The real change is that users no longer need to enter the App Store account password to reinstall any app that’s been previously purchased with that account on any device. There’s no setting to revert back to the old behavior of managing a reinstall very much like an initial installation (respect password settings as above).

Why does this matter?

Well, let’s assume you install YouTube on the KidPhone and late find some highly educational porn. In the old days you could just delete YouTube and be done — assuming your user doesn’t know the App Store account password. Now users can simply download it again.

Now imagine the problem if you do old school App Store/iTunes credential sharing like we do — we each have our own iCloud accounts, but our FairPlay DRMd material is all associated with my App Store credentials. Yeah, everything can be installed. It’s a good thing I’m not into S&M apps.

I don’t know how this works with Family Sharing, the change is too new to see much commentary. For old-school families like ours there are 4 options based on this screen …

Image2

Your options are:

Install AppsDeleting AppsResult
Off On App Store disappears so can’t install or update. You can’t update from iTunes either, so this setting is a pain in the butt. You need to go through the restrictions dialog to do app updates. User can delete apps which is convenient.
On Off App.net@ronnie suggested this one. User can download anything, but they can’t hide contraband. So if they install forbidden apps they get banished to “Install Apps Off” which is painful for everyone.
Off Off As option 1, but can’t remove apps. I can imagine limited use cases.
On On The default.

For now I’m going with Install On and Delete Off, with the warning that forbidden fruit will lead to App Store removal.

I’d love to see a fix from Apple but it’s going to take a lot of complaining. I’m not holding my breath.

Saturday, April 11, 2015

How to upgrade to Yosemite Aperture when migrating from Mavericks

Via Macintouch:

Applications

… if you’re upgrading from Mavericks to Yosemite, the previous versions of Aperture (3.5.1) and iPhoto (9.5.1) for Mavericks won’t run at all on Yosemite, and you can no longer update them from the Updates tab of the App Store - because they've been removed from the store.

The only way to obtain the Yosemite versions of Aperture (3.6) and iPhoto (9.6.1) is to delete the old versions and then re-download the full applications from the Purchases tab of the App Store."

I guess I’d better hurry up on my Yosemite migration, but at least there’s still a way to do this.

Fortunately I think it’s fairly easy to “steal” Aperture, which, in this case, is probably legitimate.

I have Aperture on both my laptop and my desktop. I’d rather upgrade laptop to Yosemite first, but that will take Aperture there to 3.6. I suspect 3.51 (Mavericks) can’t import 3.6 Libraries. Interesting times.

Update: I tested this on a Mavericks machine I just updated to Yosemite. Even though the “Purchases” list shows Aperture with an “update” button, the update doesn’t work. You do have to delete and redownload. I wonder if this is actually a bug.

Sadly, while it’s still possible to download Aperture, there’s no way to download iPhoto for Yosemite, and iPhoto for Mavericks won’t work. Turns out you can download iPhoto the same way. Delete it then Install from purchased.

Thursday, April 09, 2015

iOS and OS X Reminders can be shared among family members

We need a way to remind #1 of certain tasks he has trouble remembering. 

Yeah, a lot of kids have trouble remembering things, but #1 has a very different mind. Some things are hard for him to hold on to.

Thinking about how to do this I dimly saw, somewhere in the cluttered and drafty attic of my memory, something about shared reminder lists in iOS.

I remembered correctly …

iCloud: Share a reminder list

You can share a reminder list with other iCloud users. You might want to do this, for example, to keep all the members of a sports team apprised of what needs to be done for the next game. As the owner of a shared list, only you can add and delete list participants.

Participants in the shared reminder list can view and edit the list (mark items as complete, add items, and delete items), and see who else is sharing the list using these apps: iCloud Reminders, Reminders on an iOS device, Reminders on a Mac, and Microsoft Outlook on a Windows computer.

Outlook? Really? I wonder if that’s true. This is old stuff.

Old enough that it works on Mavericks as well as iOS and iCloud/web. I created a shared Reminder list named after #1 that includes me, Emily, #1’s personal iCloud address and #1’s school/iPad iCloud address. Any of us can interact with reminders.

It was pretty easy to setup. Despite the reference to email in the documentation I was able to accept invitations by using Emily and #1’s iCloud/Web Reminder app. (Though, for some reason, on #1’s 8.3 4s I did have to accept the email invitation. Maybe just a sync issue.)

I suspect we’ll all get alarms, I don’t see a way to target a reminder/alarm to a specific person. 

This will be quite useful.

Saturday, March 14, 2015

Google password works on Gmail but nowhere else? Congratulations. You're enrolled in Google Advanced Security.

Ugh. File this on under #FirstMilleniumComputingRIP or #YosemiteRequired or #iOSForEveryone or #aWatchFuture.

A friend got an email a few weeks ago from Google, warning her that some had tried logging into her account from Galati Romania and somewhere in Kyrgyzstan. I didn’t see the original email, but I gather Google recommended she change her password. I don’t know if Google said anything about other consequences. The implication was that Google blocked those accesses [1], much as your credit card company routinely blocks the Moscow charges you never hear about.

By the way, if this happens to you, walk through the Gmail security checklist.

I don’t know if Google mentioned anything in the email about additional security measures, but what she noticed was that she couldn’t use Gmail on her home computer. It said “password incorrect” though she was using the right password.

It took me 30-40 minutes to figure out what was going on. I created a new user account to confirm it wasn’t anything on her Mac running OS X Lion [2]. Then, guessing that Google had enrolled her in some new enhanced security program, I went looking around Google’s security settings and I found an “Access for less secure apps” setting [4]

6

I also found this notice …

4

and I could see where our legitimate logons had been blocked (but marking those as legitimate did nothing) …

5

I can’t find Access to Less Secure Apps controls on my own Google accounts [3]; I think it’s automatically enabled after an account hack or if you click the “Secure your account” link in “Notifications and Alerts” or in the “Devices & activity” above. (Maybe this was mentioned in the email from Google? That would be nice.)

If Access for less secure apps is on, then this article applies:

Allowing less secure apps to access your account - Accounts Help

Google may block sign in attempts from some apps or devices that do not use modern security standards. Since these apps and devices are easier to break into, blocking them helps keep your account safer.

Some examples of apps that do not support the latest security standards include:

The Mail app on your iPhone or iPad with iOS 6 or below
The Mail app on your Windows phone preceding the 8.1 release
Some Desktop mail clients like Microsoft Outlook and Mozilla Thunderbird …

… 

To help keep your account secure, we may block these less secure apps from accessing your account, and you’ll see a “Password incorrect” error when trying to sign in. If this is the case, you have two options:

Upgrade to a more secure app that uses the most up to date security measures. All Google products, like Gmail, use the latest security measures.

Go to Allow less secure apps and choose “Allow” to let less secure apps access your Google account. We don’t recommend this option because it may make it easier for someone to gain access to your account…

Yeah, all you get is a “password incorrect” error. Which is wrong of course, your password is fine. Problem is, Mail.app for OS X isn’t designed to say “Google doesn’t like me”. It tries to connect, gets rejected, and renders this as “password incorrect”.

Once I figured out the problem I found Google’s April 2014 security blog announcement:

Google Online Security Blog: New Security Measures Will Affect Older (non-OAuth 2.0) Applications

… beginning in the second half of 2014, we’ll start gradually increasing the security checks performed when users log in to Google. These additional checks will ensure that only the intended user has access to their account, whether through a browser, device or application. These changes will affect any application that sends a username and/or password to Google.

To better protect your users, we recommend you upgrade all of your applications to OAuth 2.0. If you choose not to do so, your users will be required to take extra steps in order to keep accessing your applications.

You do know what version of OAuth OS X Mail.app uses, don’t you? Oh, wait, does Mail.app even use OAuth?! It appears so as of 10.0.3 (Yosemite); I suspect Google considers any OS X app (Mail, Calendar, Contacts) prior to Yosemite to be less secure.

There’s a bit more useful information in this April 2014 ghacks.net article. I’m sure you read that one regularly to keep your Google services working smoothly! As noted in the article, you can enable Access for less secure apps [5]. That took care of my friend’s problem.

Sigh.

My friend asked me what regular people do. My answers was, unfortunately, they don’t/can’t. The writing has been on the wall for a few years — civilians should not own “computers”. They should a single iOS device [6] and do everything through Apple [7]. This kind of thing is only going to get worse.

- fn -

[1] But what about the accesses Google might not have blocked? Google Account security now lets you see what devices have signed in from where over the past 28 days as well as review your security notifications. Between those and reviewing your Account Permissions you can get a rough idea if an unsophisticated attacker got by Google’s secondary defenses.

[2] I also have a Lion machine the kids use a bit. It’s no longer being updated of course, and I should probably retire it.

[3] I checked both my 2FA and non-2FA Google Apps/Google accounts and didn’t see it on any of them.

[4] First I went through her access history and authorized a number of them. Turns out that’s pointless, Google just provides that to keep us confused. 

[5] Or enable 2FA. Google 2FA is less of a PITA than it once was, but it’s not ready for civilian use. Too many ways to go wrong, especially when a device is stolen.

[6] I don’t think Android is a good choice. Sorry. The single best choice for most is probably an iPhone 6+. There’s an unmet need for an flip-phone-like compact device that provides simple phone services to a companion iPad. Maybe Apple Watch version 3 will do that.

[7] if Apple doesn’t do it, then give up.