Thursday, November 26, 2015

Old pet peeve: Blogger uses <BR> tags instead of <P> tags to demarcate paragraphs

I wrote about Blogger’s mad formatting 4 years ago and five years ago. I guess it’s time again. This time I’ll include some screenshots.

My recent ebook DRM post as it appears in MarsEdit:

Screen Shot 2015 11 26 at 11 51 12 AM

The MarsEdit HTML view, each paragraph wrapped in <p>:

Screen Shot 2015 11 26 at 11 52 08 AM

How it looks when viewed as Blogger page:

Screen Shot 2015 11 26 at 11 53 37 AM

Now view source (amazing how much cruft there is in the source):

Screen Shot 2015 11 26 at 11 54 44 AM

Yes, still wrapped in <p>. Now let’s try to edit it using Blogger’s rich text editor. Suddenly the paragraphs are gone

Screen Shot 2015 11 26 at 11 56 14 AM

Blogger HTML view shows all the <p> tags have been replaced by a single <br /> tag:

Screen Shot 2015 11 26 at 11 57 30 AM

This is a very old problem. I think this was configurable in pre-2010 blogger, but it doesn’t seem to be now. I doubt Blogger will ever fix this, I wonder they do this to be consistent with languages that don’t use paragraphs [1].

 There are two things MarsEdit could do to help since Blogger is never going to change:

  1. Provide an option to follow Blogger’s convention and use two <BR> tags instead of one <P> tag when publishing. Do same conversion when bringing back an old post to edit.
  2. Make it easier to edit an old post in MarsEdit — which is probably only possible if there’s some way to send Blogger a current URL and get back a post identifier that the API can work with. Otherwise I assume MarsEdit would need a post identifier like … blogID=5710205 … postID=1945754734324659424

[1] Update: I’m being too kind to Blogger, this really is a bug. If Blogger is replacing <p> tags on an English language blog they should be writing two <br> tags, not one.

The curse of DRM - can't read new book because Adobe E_ACT_NOT_READY

This is why we should all loathe Digital Rights Management in books. I download the EPUB version of a Google Play book I bought and I got this when I launched the .acsm file

Screen Shot 2015 11 26 at 9 49 49 AM

The E_ACT_NOT_READY error message is a longstanding Adobe Digital Reader problem. It can have many causes, from a server outage to authorization problems. In this case I attempted to deauthorize my account and I got an error message that deauthorization failed.

The next step is to quite Adobe Digital Editions and “Navigate to /Users//Library/Application Support/Adobe/Digital Editions and drag the activation.dat file to the trash.” You then have to attempt to download again — by launching the .ascm file. This worked for me.

In my case I think the bug is related to restoring to a new machine from backup. The Adobe authorization is machine specific. Adobe forgot the use case of doing a restore from backup, so their code hangs and produces a default error message. The app should simply request authorization for the new machine. I suspect I deauthorization failed because, of course, I wasn’t using the original machine. So I suspect I have a ghost machine authorization in my Adobe account — another ubiquitous but subtle DRM problem (most often seen with iTunes authorizations) that occurs in iOS as well as OS X and Windows. It’s a fundamental problem with DRM tied to a specific device that is not immortal.

I checked my Adobe ID Profile, and there is no way to view authorized devices or deactivate them. I bet some users run into an activation limit.

I still think the slow/stalled adoption of eBooks is because of Apple/Adobe/Amazon DRM. In Emily’s words “English majors buy books. English majors don’t tolerate stupid software.”

We should be doing watermarking DRM instead and it should be a part of the EPUB specification.

Saturday, November 21, 2015

Sledging the drives

Obsolete and dead hard drives have been piling up for 7 years in a wardrobe I want to empty. Here they are ready for execution; one had to be dug out of a Time Capsule:

IMG 9055

The ones that I know held sensitive data (unencrypted backups mostly) I wiped via cradle mount.

Then it was sledgehammer time. The lawn was a bad idea — even by my neglectful standards it made a mess.

The best results came from angling drives on concrete, and using short strikes to fold the drive:

IMG 9056

A one pass wipe and a sledgehammer might not stop the NSA, but it should suffice for Best Buy recycling.

Thursday, November 05, 2015

Thunderbolt Dock: Eject all disks prior to undock

My new Elgato TB2 dock comes with an installer for an undock utility, but it also installs a kernel extension for some other function. I need a kernel extension like I need a meth habit.

So I was looking at 3rd party Mac App Store solutions like Mountain.app when @clackgoble on app.net said to just do AppleScript. Google found one then I added Clark’s eject line. I saved it as “Undock.app” and I launch by Spotlight (Cmd-spacebar “und”).

FWIW:

-- http://irwinkwan.com/2013/06/27/eject-all-mac-os-x-disks-with-a-script/

try

tell application "Finder"

-- Original: eject the disks

-- Clark Goble version:

eject (every disk whose ejectable is true and local volume is true and free space is not equal to 0)

display dialog "Successfully ejected disks." buttons {"Close"} default button "Close"

end tell

on error

display dialog "Unable to eject all disks." buttons {"Close"} default button "Close"

end try

Update 7/23/2016

The above version may not be reliable in El Capitan (presumably an OS bug). I’m told this works:

tell application "Finder" to eject (every disk whose ejectable is true and local volume is true)

Comcast's xfinity wifi and XFINITY.mobileconfig

The coffee shop’s WiFi was flailing. Periodically my MacBook popped up an xfinity wifi option. I vaguely remembered reading of this when I signed up with Comcast (the Devil we know), so in a fit of recklessness I connected. 

It required my comcast credentials, which I don’t use for anything else. I balked when the install asked for admin privileges but it turned out I didn’t need the install — my connection worked anyway.

So what the heck was going on? And what was a I recklessly installing? Why did I get a connection anyway? (Note I had no proof I was truly dealing with a Comcast site. The less crazy thing to do is to go to Comcast’s web site from a secure network and do any installs from there.)

The install, it turns out, creates a configuration file for Mac OS X Profiles called XFINITY.mobileconfig. It’s a binary file that contains your Comcast credentials in plaintext. (Yep. Delete after use.) The admin privilege escalation is needed to update OS X preferences. (If you run as admin you won’t see this; you really shouldn’t run OS X as an admin user IMHO.)

Oh, you’ve never heard of OS X Profiles? You’ve only heard of iOS Profiles? Profiles is a hidden Preference Pane introduced with Lion and only visible when you install a Profile (rather like iOS actually). "Configuration profiles can be created with the Profile Manager feature of Lion Server. They can configure accounts, policies and restrictions on iOS and Lion clients. The APN settings are iOS only.”

System Preferences will display the profile information (note it’s “verified”, this is via Yosemite):

Screen Shot 2015 11 05 at 12 26 00 PM

After installation my Preferences have a new Apple pane, i can delete from there.

Screen Shot 2015 11 05 at 12 27 56 PM

So what does this profile do? I was hoping it might enable VPN support, but of course it’s not that useful.  It’s actually configuring my machine to auto-join XFINITY WIFI even if it’s not even WPA encrypted. I hope I’m wrong about that, but this is Comcast we’re talking about.

Their FAQ doesn’t explain what’s happening, but this page suggests that the profile is needed to connect to the “XFINITY” SSID networks. (I was able to connect without using the profile because I was using a “xfinitywifi" SSD.). That makes sense because the profile contains an Enterprise Profile ID. (See iOS directions here.)

Which leaves the question of what’s evil about XFINITY WiFi, because, you know, Comcast. I mean, besides the auto join non-encrypted networks.

Don’t worry, it’s evil. Comcast turns customer’s routers into WiFi hotspots by enabling a kind of “guest network” (my Comcast modem doesn’t have WiFi. Smart I am.) Comcast assures customers Homeland Security will knock politely when visiting for tea to chat about your network use by local ISIS affiliates.

Comcast also enables XFINITY WiFi for business customers, who might be well informed and fine with this. I don’t think there’s any way to tell what you’re connecting to though. Can a provider tap the data stream? This is Comcast, so I would assume so. I also assume Comcast monitors the data stream and sells whatever it learns to various businesses and criminals. Lastly, with auto-join unencrypted networks seemingly enabled, I figure Comcast is getting kickbacks from the honeypot industry.

Caveat emptor.

Saturday, October 31, 2015

Time Capsule & Time Machine: "Browse Other Backup Disks" doesn't let you access backups from a different device

One day your iMac dies. It’s old, but not old-old. Sucks. Good thing you are paranoid about backups. You have onsite backups. You have offsite backups. You have Time Capsule backups. You have Synology NAS backups. You have Carbon Copy Cloner “Backups” (clones). You have …

Ok. I’ve made my point. Anyone this paranoid ought to feel good. Problem is, they’re paranoid for a reason. Data just wants to die.

The “you” is “me” and I’m here to tell you that one small bit of my data almost didn’t make it. One folder full of almost-deleted images got lost, I had to pick it up from a last minute copy of the iMac’s user folder. 

I had to do that because when I tried Time Machine’s “Browse Other Backup Disks…” feature (option key)  …

Screen Shot 2015 10 31 at 11 50 45 AM

… it didn’t actually work. That is, I got the right list of disks ...

Screen Shot 2015 10 31 at 11 36 11 AM

but when I selected one of them Time Machine showed me only data from my current Device’s current state — and no past data.

I did this first using a Synology NAS backup replacement for my died-young Time Capsule. I thought I’d run into a Synology limit, but I got the same results from older Time Capsule backups. It turns out that “Browse Other Backup Disks” really means “Browse Other Backup Disks … for the current device”…

 Yeah, I hate Time Machine too. OS X Help has some entries on Time Machine, but there’s no real documentation. There’s nothing on “browse other backup disks”.

So, if you don’t have access to your original mac, you are sort of doomed. That’s what happened to me.

I say “sort of” because there are weak options. You can open the disk image and navigate Time Machine’s base storage. You don’t have access to the File System Event Store or hard links though, so things are hard to locate. EasyFind.app might help. Or you can use Migration Assistant, the official solution, and move large pieces of the backup to a local store (only most current versions of course). Maybe OS X Server has some special options …

You can also try Backup Loupe ($10). It doesn’t replace Time Machine’s time-slice views of data, but it does let you browse snapshots and search for file instances. I’m not sure it’s a big improvement on EasyFind, but I bought a copy for emergency use.

The bottom line? Time Machine is a sucky backup solution — just good enough to eliminate strong alternatives. But you knew that. If you don’t have a machine (Device) that “owns” a backup you can use Migration Assistant to copy the latest state of a large amount of data, or if you know a file name you can use EasyFind or Backup Loupe to browse.

Sure, Apple should fix this. They should fix a lot of things.

"Unable to contact iMessage server": try restoring from iCloud instead of iTunes

I picked up Emily’s SIM-Free [1] 64GB silver 6s from the Mall of America Apple store Friday night. I’d used Apple’s reservation system so that, in theory, I’d be in and out. Alas, Friday night at the Apple Store is a zoo — it still took 30 minutes. The staff were so stressed they didn’t try to up-sell AppleCare or setup a contract — just dropped the box in my hand and ran.

There’s an AT&T store in the MOA and it’s not incredibly busy, so we did our SIM swaps there [2]. My son was going from a 4s to Emily’s 5s, so he needed a new SIM.

I restored both phones from iTunes backups. Emily’s worked, though it was a bit choppy. I had to unlock the phone 1-2 times as it went from 9.0.x to 9.1. 

My son’s restore didn’t work. I completely erased the 5s before starting, but there was still an odd feeling about the way the restore proceeded, perhaps because the 5s was still on 8.x (I didn’t realize it had never been updated).  Yes “odd feeling” isn’t very helpful, but I wasn’t paying that much attention. I’ve been down this road a few times.

Prior to the backup I’d removed iCloud, iMessage and FaceTime from his account, planning to put them on post-restore. I had some trouble restoring iCloud — the phone hung on credential entry. I restarted and it seemed to work — but then iMessage and FaceTime weren’t activated. When I enabled them I got a very cramped non-iOS 9 dialog for entering username and password.

I’ve seen that dialog before. It’s something very old — I suspect it’s hard coded for non-retina screens and dates back to the dawn of the iPhone, pre-iCloud. It’s a bad sign, it exposes Apple’s still broken iOS credential management problems [3]. When I did enter my son’s credentials the dialog hung, waiting for a response. I could kill settings; iOS wasn’t frozen. I let it sit for 15 minutes and it eventually responded with something like “Unable to contact iMessage server”. I don’t think there’s a problem with the iMessage server, I think that’s a misleading error message meaning “something went wrong”.

I called AT&T phone support to confirm the IMEI/ICCID relationship was correct at their end. I’ve had my issues with AT&T, but they must give their support staff very good coffee. They are remarkably pleasant and helpful. AT&T’s configuration looked good.

So either the phone was having hardware issues or something had gone wrong with updating one or more of Apple’s configuration systems. There’s lots of evidence that Apple wants iTunes to “die in a hole”, so I decided to try it Apple’s way. I did an iCloud backup, wiped the phone, and restarted with an iCloud restore.

That went smoothly. During the restore I had my son’s Mac account open for Keychain share confirmation, and I got the usual “FaceTime is using..” dialogs. I didn’t have to enter any extra credentials. iMessage and FaceTime activated immediately.

I suspect the combination of iTunes and iOS 8 to 9 and my removing FaceTime/iMessage/iCloud prior to backup exposed a nasty bug in Apple’s frail authentication systems. The real lesson though is that iTunes backup is seriously deprecated. I’d been moving to all iCloud backup and just doing a manual backup to iTunes every few weeks; that’s obviously the way to go.

- fn -

[1] We are currently AT&T customers, and there’s a case to be made that an unlocked AT&T 6s has the best set of antennae and band coverage for AT&T and even international use. You can’t, however, buy an unlocked AT&T iPhone directly, you have to buy it on plan then pay the plan cost to unlock it. Our AMEX purchase protection and extended warranty only work when the full purchase price is on the card. Hence SIM-Free.

[2] In theory you can move a compatible AT&T SIM from phone to phone yourself, but in practice I’ve seen some odd things. AT&T reps tell me their systems don’t update the ICCID (SIM)/IMEI relationships automatically, or at least not immediately. I think this causes some iMessage/Facetime activation delays.

[3] There are separate credential stores for iMessage, FaceTime, iCloud and the App Store — and perhaps for 1-2 other items. If you migrated from me.com to iCloud.com some of these systems require two sets of credentials. Apple tries to hide this from users, but any number of bugs will expose it.

[4] To fit into the iCloud 5GB limit I routinely delete obsolete backups of old phones and I move Photos.app data to our local machines. I see that with 9.1 there are now more controls on what’s part of an iCloud backup, though they are a bit hard to find.