Saturday, April 21, 2018

Why you should change your router DNS to Cloudflare and Quad9

I wrote this one for Facebook friends - reposting here. The TidBITS review is excellent.

This is roughly how things work ...

  1. Someone in your home visits a certain web site.
  2. Your home internet provider (ex: Comcast) associates that site with the identity of the Comcast account holder. They sell that information to the universe. Facebook buys it.
  3. Facebook shows the Comcast account holder ads based on the visited site.

This happens because your internet provider is your default internet directory service (DNS provider) - Comcast knows all the sites you visit and (as best we can tell) they sell that information.

It's basically an internet design flaw.

If you're a bit geeky you can change the DNS settings in your home router to someone more trustworthy than Comcast (which would be anyone else, really). In our home that's an Apple Airport. I have our settings below but your settings will vary.

DNSConfig


We use:

Cloudflare: 1.0.0.1 (their 1.1.1.1 address doesn't work with some ISPs)
Quad9: 9.9.9.9 (as backup)

For more information see an excellent TidBITS review. If you truly want privacy, particularly on iOS where DNS settings are a pain, you need to use a trustworthy VPN (see below).

PS. It’s easy in macOS Location settings to experiment with different settings. This is particularly important for a laptop that moves between locations. On my standard macOS Location I use Cloudflare, then Quad9, then Google. Sadly iOS DNS settings are a mess (per TIDBits):

In iOS, DNS server settings tend not to work the way most people would want them, which is as in macOS: setting the details once and having them work on every network to which you connect. The settings have to be set for each network. Worse, we’ve found in our testing that after changing DNS values, the settings revert to Automatic and the server IP addresses we entered are tossed. There’s also no way to set DNS servers for cellular connections.

In iOS you need to use trusted (not free!) VPN provider. I use TunnelBear’s free GB option, I wish I could buy blocks of data from them rather than yet another subscription. If you use a limited data capacity VPN on a Mac you should use TripMode to reduce background data use.

Update 4/22/2018: A Gizmodo article reminded me why this DNS control is more important now ….

“The FCC under Chairman Pai changed the rules in the United States for ISPs allowing ISPs to start selling your browsing history to target advertising against you,” Prince said…

They mention two popular VPNs - ProtonVPN and Private Internet Access. Curiously PIA claims TunnelBear does not protect me — which makes me a bit suspicious of PIA. 

Wednesday, April 18, 2018

Converting from shared store ID to Family Sharing - and what didn't work

Maybe this worked. Or not. See update.

Our five family members have long shared one store Apple ID. We’ve done this before there was Family Sharing. I put off switching to Family Sharing as I figured it would take Apple 3-4 years to get it working.

With iOS 11.3 Apple broke a longstanding purchase behavior. My son’s iPhone no longer required a password for purchases, only his fingerprint. There might be a fix, but I decided instead to move him to Family Sharing. (There is a fix, see below.)

The story went something like this [1]:

  • I have an iCloud Apple ID (john.___@icloud.com) and a different Store Apple ID (j____@mac.com) — because I’m old. He has an iCloud Apple ID (sam.___@icloud.com) and my store Apple ID.
  • In my iCloud Apple ID he is a family member. 
  • I removed my Store Apple ID from his phone and added his iCloud Apple ID.
  • I sent $15 to his iCloud Apple ID from my App Store account.

So far he still can access our movies and apps. Now he will make his own purchases that will be associated with his Apple ID. When he runs through his $15 he’ll give me cash and I’ll send more money. Eventually I do need to get a debit or managed credit card on his phone but we’ll start with cash. Alas, it doesn’t work that way. See update.

After the change I checked the (this is broken) two places Apple currently tracks devices associated with an Apple ID

  • appleid.apple.com/account/manage: showed 7 devices including an old iPhone my son used to have that I’d previously removed. This also showed on his iPhone Apple ID view. I removed it from both places and it has not returned.
  • iTunes Manage Devices showed 8 devices, but not my son’s current iPhone. This, in contrast to past testing, is correct while the appleid.apple.com list is incomplete. It’s interesting that moving my son’s phone to Family Sharing means I’m no longer at my 10 item device limit (if that rule still applies!)

- fn -

[1] He is, incidentally, a special needs adult. I’d have liked to be able to use Apple Ask to Buy for him but that’s not available for an adult. (I wish Apple considered special needs as a disability — they have great support for visual and auditory needs, but not for cognitive.)

Update 4/19/2018

  • Seeing purchase histories is really clunky. You can see what apps a family member has purchased by launching App Store.app, logging out and then logging in as the family member. To see both tunes and apps you go to Apps & iTunes in Settings (yeah, this is crazy). You have to log in as the family member — I got the ancient iOS 1.0 un/pw dialog that shows up when you get to a part of iOS that desperately needs a replacement. It did work, but seriously ugly.

Update 4/20/2018

  • Subscriptions aren’t Family shareable. So that’s a significant bummer; several of his apps are subscription based. All is not lost though, At Bat.app presented my Store Apple ID username and accepted the password. In-App purchases aren’t Family shareable either — which is bad news for Omni Group. Apple has a list of what’s not shared.

Update 4/28/2018 - what I wish I’d known

My son ran up a $70 bill on a $15 credit — all on my account — because “Any time a family member makes a new purchase, it’s billed directly to the family organizer’s account”. It doesn’t work the way I thought it did. If a family member is under 18 you can activate Ask to Buy, but not for someone over 18.

Family sharing is clearly designed to only work for children. It’s a poor match for a couple that wants to keep separate finances and it’s unsuited to adult children.

I found that the 11.3 update bug didn’t truly break the ability to require an iCloud password for purchases. It only bypassed the requirement to enter the iCloud password to enable Touch ID. I went into Touch ID & Passcode and turned off “USE TOUCH ID FOR … iTunes & App Store”. 

He doesn’t know his iCloud password (so he can’t lose it in a phishing attack!), so this meant he again needed us to enter a password into his iPhone to make purchases. Obviously, Ask to Buy would be far better. If Apple wanted to support users with cognitive disabilities …well, this blog accepts comments. I’d be glad to advise.

We didn’t want to have to memorize another password, so I changed his iCloud password to match my App Store & iTunes password.

Saturday, March 24, 2018

"This item was not added to your iCloud Music Library because an error occurred"

This is why Apple Stores are overloaded. I have 254 items like this. No explanation, no hints on fixing it.

Screen Shot 2018 03 24 at 11 27 16 AM

Low quality is expensive.

PS. In this particular case it looks like iTunes and iPhone supported .mp4 audio, but iCloud does not. Long ago I ripped these and the software did .mp4.

I found the on drive files and used quicktime player to export as .m4a — a lossless transform that strips out the some of the .mp4 wrapper. Then I deleted originals in iTunes and added these back in.

Saturday, March 17, 2018

iPhone aggravation: apps don't appear in Settings:Cellular until they actually use cellular data

Apple could have displayed all iPhone apps in settings:cellular whether or not the app uses any data. Then we could disable cellular data access without having to first use data.

They didn’t. Apps only show up there after they use cellular data.

This is really annoying when trying to stay under the data cap of #2’s $40/year mobile plan. It also confuses the heck out of customers.

I don’t think this will get fixed those. Apple’s technical debt fix list is deeper than Valles Marineris.

Apple has a new problem with DRM and device management

Today one of the family iPhones died. I went to remove it from our quota of devices (you can have a maximum of 10 devices associated with a family account) in iTunes Mange Devices.

I couldn’t. 

There’s a 90 day time limit to change associations, which I don’t recall being enforced for removal, but here you go…

Screen Shot 2018 03 17 at 4 46 09 PM

Except it’s not 90 days, because the grayed out non-removable devices were associated as long ago as May 2016.

Things are broken in two ways.

1. What does Apple want us to do with a wiped or lost or broken device?

2. The items I can’t remove are years old.

PS. Yeah, I hate Apple too. But really, everybody does.

Update: I reviewed Apple’s support document. If you have a working device you can remove the device from the DRM control list — but only through one very obscure screen. Logging out of iTunes doesn’t do it. Otherwise device removal requires iTunes, which, for me yesterday, showed this error.

Today I rechecked, and all the devices with “1 day remaining” are still “1 day remaining”. It’s broken.

Once this type of blunder would have been a bit of a deal, but now we’re so numbed by Apple’s quality collapse even I can’t put much energy into it. All the money in the world can’t replace culture, and Apple’s culture is broken.

Update: Added to Apple Discussions, asked @AppleSupport on Twitter.

Update 3/23/2018. On my second Apple Support call the “Senior Advisor” and I found a fix. We think iTunes, or the database it accesses, is broken/deprecated. From my Apple Discussion post:

We have a fix. On my second try with Support I called iCloud support and was escalated to the "Senior Advisor" level. Andrew and I worked the problem and found that you now need to work with https://appleid.apple.com/account/manage. There's now a section called Devices that lists devices signed into. In my case it listed all 10 devices that use the same iTunes Apple ID, so by "signed in" it means "signed in with Apple ID for iTunes/DRM".

Click on device and you get a remove option.  If the device is in use and signed in then it may reappear. You can restore a device that you have removed by signing out of the iTunes Apple ID, then signing back in again.

The iTunes Manage Devices (Account:View My Account:iTunes in the Cloud:Manage Devices) screen did not update after doing this, it still showed the device I removed. I think it’s mostly broken. (Mostly, because I was able from there to sign my iPhone 8 out of iTunes and that reenabled the Remove button, albeit with the broken ‘1 day remaining’ screen, and after signing it back in the Remove button is still active.)

PS. It’s not clear if Apple is still using the 90 day limit for switching Apple IDs. It doesn’t show up in the new iCloud UI.

PPS. Maybe iTunes in the Cloud is using a different database than iCloud to manage DRM, and that the two databases are supposed to synchronize. The iTunes database may be on the way out, so it didn’t get updated when it needed to be…

Sunday, March 11, 2018

You can drag and drop some links into a Google Doc and create a hyperlink text

This is one heck of a time saver. Didn’t realize Google Docs allowed this.

Error in Dreamhost WordPress one-click installs - missing code in .htaccess causes 404 errors

I’m far from a WordPress expert. I’m not even a WordPress fan — it’s too complex and powerful for what I do. That complexity means it is also very vulnerable to attack.

So take what I write here with some doubt.

As best I can tell the default Dreamhost One-Click installation of WordPress has an error. At least it did for me. My hpmtb.org site was giving 404 errors. I installed the Redirection plugin and it wasn’t doing anything.

A blog post had a fix that worked for me. I used Transmit for macOS to open the install folders .htaccess file and added this code:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

The 404 error is gone now and I suspect the Redirection plugin will work if I need it. I have a hunch that using “pretty permalinks” (not the default of “id=“) might also fix this file — based on some documentation here

WordPress uses this file to manipulate how Apache serves files from its root directory, and subdirectories thereof. Most notably, WP modifies this file to be able to handle pretty permalinks.

This page may be used to restore a corrupted .htaccess file (e.g. a misbehaving plugin).

Did I mention that WordPress is too complicated?