Saturday, April 02, 2016

iOS 9 secure notes with Touch ID are no more secure than your device passcode

If you enable Touch ID access to an iOS 9.3 Note.app Secure Note, the password on the note doesn’t matter. The note is no more secure than your device passcode.

Because if you know the device passcode, you can just add a new fingerprint to Touch ID. That will unlock the secure note.

So if you want to truly secure a Note with a strong password you can’t enable Touch ID access. Otherwise you might as well leave the note unsecured. You are better off using a strong password for your phone and using Touch ID for fast phone access.

Sunday, March 27, 2016

Bandwidth use over 5 min video call: FaceTime << Facebook Messenger < Skype

As part of my Father longterm care iPad videoconferencing project I compared cellular data use during an approximately 5 minute videoconferencing call made from my iPhone (LTE) to an iPad Air 2 (WiFi). To measure data use I “reset statistics” for Cellular data before, then refreshed the view after concluding the call. I turned microphones off.

The results were:

FaceTime: 7.5MB (repeated, this is correct)s

Messenger: 32MB

Skype: 46MB

FaceTime gave the best image quality. The data use with FaceTime was so low I repeated the measurement with a similar results. Data use can vary with image activity by up to 25%.

I was very surprised by my results. FaceTime had excellent image quality despite exceptional compression. Skype is a real data hog.

The user interfaces were quite similar; names on the left, a details pane on the right. I liked Messengers easy messaging integration, but FaceTime was a 1 touch call from the left side.

My sister and I can do FaceTime, but my brother has an Android phone. I’ll suggest he try Facebook Messenger as he uses Facebook and the data usage was less than Skype.

Saturday, March 26, 2016

Can I send an iTunes gift card to someone in another country? How about buy an app through iTunes?

No.

At least not as far as I can tell between the US and Canada. Unless you have both an Apple ID and a credit card and a billing address in the other country.

In my case I’m trying to buy Picmatic.app, a $2 app, for my father’s (Canadian Apple Store) iPad. I think the only way to do this from the US is to have someone in Canada buy an iTunes gift card (contrary to Apple’s weirdly dated online documentation this works for apps too) and send me the card number. Then I can enter the information.

I don’t think I can buy an iTunes Gift Card in the US and use that; cards are country store specific and Apple IDs are country specific (changing countries is a royal pain — yeah, DRM sucks).

Anyone know differently?

Father longterm care iPad videoconferencing project: Securing the iPad

My father has been doing well in a Quebec long term care facility for veterans (in Canada that has historically meant WW II, he’s in his 90s). Things are getting tougher though — the facility is shifting from federal to provincial control. Great staff are leaving and programs will be stressed.

I see him every 3-4 months, but in between I was surprised how well Skype worked with him. He does much better speaking when he can see me than he does on the phone. It seems to be related to knowing when to try speaking and when to listen. He also seems to hear Skype sound better than mobile phone sound. (It’s likely much higher quality.)

Even with the old regime though the Skype conferences often failed. Tech complexity and organizational issues forced us to discontinue them.

So now I’m going to try bringing him an LTE iPad Air 2. I’ll get a Rogers SIM card when I visit in a few weeks and we’ll see if it works from his room. If all goes well it will cost him an extra $10-$15/month — and the iPad cost [1].

Dad’s lost a few wallets from his room. I think most longterm care facilities see this kind of problem. Visitors can have issues. So we need to secure his iPad. Other than photo display I think he’ll only be using it for conferencing. So it needs to be secure [2], continuously powered up, stored somewhere he can sit, and not take up much room. The secure device needs to leave speakers and camera clear.

After some thought I ordered the $33 CTA Digital Universal Anti-Theft Security Grip with POS Stand for Tablets - iPad Air 2, iPad mini 4, Galaxy Tab, Note 10.1, 7-10-inch Tablets (PAD-UATGS) (grip and stand). It seems solid enough, it will keep the iPad off his desk, and there are screw holes (but no screws included). It may screw into his (antique) desk, but, even though it’s not shown in the picture, the lock comes with a cable. So I might be able to secure it to his desk in a less damaging and harder to remove way.

Of course the iPad Air 2 is way too thin for this device. It flops around. There’s supposed to be an included adapter strip, but mine was missing. I don’t think it would have worked — this home made setup seems a lot better. I had some TrueValue gripping pads (549104, TV23148) lying around…

IPadSecure3

I put those inside the corner retainers:

IPadSecure1

and it works pretty well:

IPadSecure2

So the first step is complete. Next step will be to test some of the conferencing options for data use and usability with various iPad accessibility features enabled: Skype vs. FaceTime vs. Facebook Messenger (Hangout is not very useable.)

I don’t expect Dad will use it by himself, we’re hoping a friend who helps with him will get things set up. I want it to be useable for them though.

- fn -

[1] (Rant) Incidentally, the iPad Air reminds me what a mixed bag Apple is these days. Nice device in many ways, but when I brought my mother an iPad six years ago one of the features she loved most was it could be used as a high quality digital photo frame. It was easy to launch from the lock screen. She loved that.

So, of course, Apple pulled it from the lock screen around iOS 7 and then ditched the replacement with iOS 9. There’s exactly one half-decent alternative, an app called Picmatic. Not to be confused with spammy copycat apps of the same name in the kinda broken App Store.

I don’t know if Apple is merely senile, or if the app had to be reworked for iOS 9 and it got ditched in a last minute panic to get that half-baked release out the door. Either way, the good news is that now that Ive has retired there’s only Cook to launch.

[2] Would it have killed Apple to incorporate some sort of secure lock feature in the iPad? Ok, yes, it would have.

Synology Time Machine backups: How to increase a user quota

After my Synology NAS updated itself to version 6 one of my Time Machine backups stopped working. It might have been coincidental. Time Machine claimed I only had 350GB free and it needed 1TB, but Synology claimed I had enough free space.

Whatever.

The fix was to increase the quota size for the user who owned the Time Machine disk image belonging to my MacBook Air.

Except I couldn’t do it. I could edit the user easily, but the quota information couldn’t be edited. Clicking on the row did nothing. 

Click-click.

Google helped. It’s a UI issue. There’s nothing in Synology’s UI to tell you to click specifically on the quota number. If you do that you can edit it.

It’s probably a good idea to turn Time Machine backup off while you’re doing this. In any case it’s fixed my problem.

How to update Synology Cloud Station Server Clients (Cloud Station Drive) after Synology NAS 6.0 update

Looking back, 2009 was kind of a bad year. Somewhere around then we were in the tail end of the Great Recession, Google had turned Evil, and, in retrospect, Apple’s glory days were behind it.

I miss the old Apple. It wasn’t perfect, but it shielded me from a lot of hassles. Like dealing with the complexity of my Synology NAS.

I bought the NAS because Apple’s Time Capsule is broken. Next I started using it as a post-server replacement for Apple’s perennially broken network shares. That’s all I bothered with. I didn’t want to bother my NAS, and I didn’t want it to bother me.

Then, inevitably, there was an update. It took me a while to figure out that Control Panel:System:Info showed the version number: DSM 6.0-7321

Oh, great. A complete version update. I #$@$#!# never install those. I’d turn off auto-update, but at this point the damage is done. I’m going to need the big bug fixes; I’ll turn it off in a month or two.

Meanwhile both Time Machine and my Client-Server NAS file sync are broken. I’ll fix Time Machine next, this is about fixing the file sync.

Notice I’m not naming the file sync? That’s because Synology, a Chinese company, uses English words inconsistently. They add and remove “Cloud” to everything and seem to move software names between products on a whim. I think I’ve seen File Sync, Cloud Station Drive, Cloud Station Sync, Cloud Station Server and Cloud Station Client used to refer to similar or identical things.

What I wanted was to update “Cloud Station Drive” running on my Mac, which is actually Cloud Station Server Client, to a version compatible with “Cloud Station Server” running on my Synology NAS. Notice neither of these actually have anything to do with a “Cloud”, they’re both LAN specific.

This document helped: Sync files between NAS and computer Network Attached Storage (NAS)

 Here’s what I did:

  1. Quit outdated client on my Mac.
  2. Start Synology Assistant to locate FLNAS (IP Address), open it.
  3. Go to Package Center, All, find Cloud Station Server, click Open (alt: click the four-square-icon next to question mark to see running apps)
  4. Click Overview (sometimes this is empty, quit and start over again)
  5. Download Cloud Station Drive
  6. Install

It seems to be working. I’ll use the DMG to update my other machines.

Next up: Fix Time Machine. It and Synology are disagreeing about how much space is free in the user-quota for my MacBook Air …

Update 8/23/2016: Synology Cloud Station Server / Cloud Drive is broken again. I think it’s worse in El Capitan than Yosemite. I’ve given up on it.

Tuesday, March 22, 2016

Using iOS 9.3 Notes.app to safely store passwords and other credentials

I wrote this as part of a book project aimed at caregivers for special needs teens and adults, but the recommendations work for most non-geek users. The trick is printing copies of the Note; it’s too easy for an errant edit to delete credentials. Of course one could also store PDF copies on an appropriately secure encrypted drive or drive image, but that’s way outside the scope of these recommendations …

Managing Explorer credentials with iOS 9.3 Notes.app and Android alternatives

Guides need to create “strong” passwords for Explorer email accounts, bank accounts, Amazon accounts and the like. One way to create a strong password is to combine two randomly selected words form a dictionary, capitalize one or two letters, and mix in some numbers and a symbol like $#&:;. Avoid letters and numbers that can be confused with one another, like l and I or O and 0.

There’s no way any of us can keep secure credential information in in our heads. We have to write it down, and, because you really don’t want to lose password information, you need to have two copies.

The two copies also need to be in different places. Why two places? Well, imagine that you’re storing your passwords on your phone. One day you need to unlock your phone, but you don’t remember the phone password. If the passwords are only on your phone you won’t be able to get to them. Even if your phone is backed up the backup won’t help you, because you won’t be able to restore it without the phone password.

…1Password is too complex for most Guides and Explorers though. What about just keeping credentials in a Note on your smartphone?

If a Guide is using and Android smartphone this can be a risky option. As of early 2015 many lower cost Android smartphones are not truly secure. Google’s Note application, Keep.app, doesn’t support Note encryption. So on an Android device I’d recommend using 1Password.app or one of its competitors — unless you are confident the Android device uses strong encryption and it is secured with a strong password.

If a Guide is using an iPhone with iOS 9.3 or later Apple’s Notes.app is a good, simple way to store an Explorer’s credentials. The iPhone itself has quite good security, and you can create an additional Notes.app password and use it to lock one or more individual Notes. iPhones that support TouchID (fingerprint unlock) make it easy to access locked notes. Just be sure to add the Notes.app password to your document and to print out the Note when it changes.

This approach is simple and secure, and it’s safe as long as a Guide keeps printed copies. It’s easy to accidentally delete critical information when editing a Note, and of course phones get lost and broken. Paper backups are reliable.

There’s an additional important advantage of printed backups. When someone becomes disabled or dead their family will really appreciate the printed copy.