Friday, May 26, 2017

How to upload images to a specific album in Google Photos

How to upload images to a specific album in Google Photos:

  1. Create the album. You have to choose an existing photo to create it.
  2. Drag and drop the photos you want to upload onto the album you’ve created.

Despite years of customer requests you still can’t select a folder and upload it into an album.

I’ve read that if you work with full res (not reduced) images in Google Drive you can organize them in folders and turn those folders into albums in Google Photos. These count against storage costs. I have not tested this.

Saturday, May 20, 2017

Aperture crash - sad day for my iCloud Photo Share streams (shared albums)

Aperture locked up when duplicating an image. I had to force quit, when I restarted I rebuilt the database. 5,300 images showed up as recovered.

Turns out they were all thumbnails for iCloud shares, but they’d lost connection to iCloud. When I deleted them I found most of my iCloud share streams were empty.

I believe I have my images, but it is sad to lose the relationship to the shares. Aperture is no longer supported by Apple of course. I’m running El Capitan, for what that’s worth.

Backups are no help of course. Even if I could recover the relationship to photos shared in iCloud I’d lose other work.

Update

/Users/jfaughnan/Library/Application Support/iLifeAssetManagement/assets/pub has 7.5GB of files holding 2,634 items including some photo stream temp files. It’s not clear if this can be deleted, but it may be Aperture doesn’t use it…

Sunday, May 14, 2017

There may be a fatal flaw in my backups. (actually, no)

I’m leaving this one up as a reminder of how scary the world of secure backups is, and how important it is to actually do a dry run of a disaster recovery scenario.

This is the original post. It’s wrong:

Don’t every tell me backup is a solved problem.

I have offsite backups of my data. Two offsite and two onsite Carbon Copy clones that I rotate. In addition to my onsite Time Machine backups.

All encrypted of course, because otherwise that would be terrible.

Great. All set. If the house burns down we’ll have our data (assuming we still need it).

Except those drives are whole drive encrypted with FileValue 2. So each has a unique recovery key. A recovery key that is different form each backup drive and can only be known at the time of encryption. A recovery key that is stored in a keychain on my MacBook. A device that can be lost.

I’d be better off if that recovery key were in iCloud, but I don’t think it is. Or I could follow Apple’s complex directions for managed recovery keys. Or I could have created encrypted sparse image folders for CCC, I’d know the image password then. Or maybe created bootable encrypted disk backups.

I have a bad feeling I don’t really have backups at all.

There’s a fine line between security that makes data inaccessible to bad actors and security that makes it inaccessible to everyone.

I hope I am wrong about this.

It’s wrong because FileValue 2 whole drive encryption actually behaves like the disk image encryption I’m familiar with. I was confused by the Recovery Key complexity. Doing a dry run of disaster recovery shows what happens.

I mounted one of my encrypted backups using my Voyager cradle and a USB 3 to UBS 2 cable with an old Air. I was asked for the password I’d used to encrypt the drive, not for the recovery key. I was able to mount my backups just as I would on any foreign Mac.

That password is the same for all my backup images and it’s stored in 1Password as well as printed. I’m going to add it to the Dead Man / post-mortem document I keep in Google Drive that’s shared with several trusted people.

False alarm. Need more coffee.

See also

Sunday, April 30, 2017

Touch ID security issues are less than i thought.

My Touch ID security post of a year ago didn’t get any reaction. So today, while working on a bak chapter, I decided to retest my concerns.

On my own phone, with iTunes Store Touch ID purchase enabled, I added a new fingerprint of mine. To do this I only needed my iPhone unlock code. I then purchased a song (Cheryl Crow’s Heartbeat Away fwiw).

I wondered if iOS would let me complete the purchase — in which case there would have been a risk issue. It didn’t work that way though. Despite my having Touch ID enabled for iTunes purchases iOS requested by Apple ID password — even though I used an old fingerprint. Adding the new fingerprint seems to have put my phone into a ‘enhanced risk’ category, so Apple ID credentials were required for purchase.

Once I’d entered my Apple ID the first time though I was able to use my new fingerprint for the next purchase. So entering that Apple ID password “blessed” all fingerprints.

So there’s still a way to “sneak” a fingerprint into the cue that might be exploited for unauthorized purchases, but it’s a smaller window than I thought. I tried “gifting” an app to see if I could exploit that, but abruptly my iPhone stopped being able to gift at all. So I couldn’t test. (Bug?).

Saturday, April 22, 2017

Something wrong with Google's Device Activity page?

Google’s device activity page used to let me remove devices that I no longer used:

https://myaccount.google.com/device-activity

Today it lists 3 iPhones for me. I think they are all actually one device, showing up with two different names — none of them current.

There used to be away to remove these devices, but today I can’t. I am able to Remove Account Access, but not the devices.

I removed access to all devices, then reentered credentials on my phone. So now I know that ‘iPhone” is my phone (phone name is John6s).

I think something is broken somewhere….

DreamHost remixer - a brief trail

I tried DreamHost’s remixer web site dev tool. I was able to create a page with it. Reminds me a bit of Apple’s old iWeb. 

It doesn’t output static files though. It is mapped to a folder on my DreamHost site, but there’s some redirection behind the scenes.

That means it’s transient. When Remixer dies, so will all the content in it. It’s not portable either, I can’t move my Remixer work anywhere else.

Might be a good app for something transient, but the little I do on the web today I like to keep portable. WordPress is as far as I’m willing to go into things I can’t readily move and backup.

Tuesday, April 18, 2017

Why is Apple's mysterious two factor authentication better than a strong password?

What would I do if my home burned down and Emily and the kids get out alive but I’m dead?

That’s what I think about when I read about Apple’s “two-factor” authentication (vs. the now obsolete but similar “two-step verification” they used to have). Particularly the scary procedure you need to follow if you’ve lost your authentication devices …

Two-factor authentication for Apple ID - Apple Support

…. If you can’t sign in, reset your password, or receive verification codes, you can request account recovery to regain access to your account. Account recovery is an automatic process designed to get you back in to your account as quickly as possible while denying access to anyone who might be pretending to be you. It might take a few days—or longer—depending on what specific account information you can provide to verify your identity…

… With two-factor authentication, you don't need to choose or remember any security questions. Your identity is verified exclusively using your password and verification codes sent to your devices and trusted phone numbers.

 and

Regain access to your Apple ID with two-factor authentication account recovery - Apple Support

… You might be asked to verify other account information to help shorten your recovery period. After you verify your phone number, you’ll see a confirmation that your request has been received and you’ll be contacted when your account is ready for recovery...

… We’ll also send an email to your Apple ID or notification email address to make sure you’re the person who made the request. You can click Confirm Account Recovery in the email to help us shorten the account recovery period. …

Scary indeed. It’s vague as hell. Even control of a confirmed email account (presumably different from the iCloud account) only “shortens” the recovery period. There’s nothing in Apple’s process comparable to Google’s inactive account manager. There’s no secret recovery key I can store in an encrypted repository on an offsite drive with a password known to 3 family members.

Apple’s 2FA either makes my data too hard to recover or too easy for someone to steal … or both.

I don’t see the advantage, yet, over a strong password used only on a secure device. Google does this better — and even Google 2FA is too complex for me to manage for multiple family members.

I’m staying with a strong iCloud password for now — until Apple forces me to change. (The way they’re forcing 2FA with the 10.3.1 update makes me wonder if iCloud really was thoroughly hacked.)

PS. As best I can tell if you use Apple’s new 2FA when you change your iCloud password on one device you change it on every authenticated device. Better be sure you have them all.

PPS. At least they got rid of the secret questions … but only to replace them with some mysterious, fully automated, no humans involved, identity validation process.

PPPS. Ok, we’re traveling. Both our iPhones are lost. What do we do? hmm. I think Charlie Stross had something about this in a story … accelerando?

See also