Saturday, February 09, 2019

Synology NAS and security risks of enabling notifications

I use a Synology NAS to backup our two MacBooks. I’ve been ignoring it for 4 years, but a recent hardware failure made me look into it.

I found a number of packages installed and/or running that I’d not updated and mostly didn’t need. So I removed all those and I created a reminder to check the NAS quarterly. I also realized I hadn’t gotten monthly status reports for a long time — for years really (if ever)

To enable Synology email status reports you have to configure Notifications. Old-school SMTP is rarely available now, so I experimented with the Gmail option. I got this:

Synologygmail

Oookaaay … that’s an interesting range of permissions. Synology is a Chinese corporation, so this effectively gives Xi the ability to harvest my email. Instead I created a synology user on one of my domain based Google Suites and enabled access there then forwarded to my email.

Interestingly my old settings suggested I had gone down the Gmail road at one point. I wonder what I was thinking, in my 2015 post I commented “Synology is a very Chinese product — including off-key English syntax. I wouldn’t install it in a US government facility.” Maybe I started the setup and then stopped?

MacBook Air shutdowns - it was the battery

My 2015 Air shut down suddenly two weeks ago. The battery was at about 80%. When I got it home and plugged it in it showed classic bad SMC behavior — the power diode didn’t light. 

I did an SMC reset and it worked, but a week later it did the same thing. I did an SMC reset again, but without checking if it was necessary.

It happened yet again. This time it worked fine as a soon as I plugged it in. That gave me hope that it was a battery issue, even though system info showed only 80 or so cycles. It’s an old battery.

After doing the usual 3 backups-to-current-state-prior-to-repair (one update to my Carbon Copy non-bootable clone backup, one fresh full bootable clone, and one Time Machine backup) I brought it in. It failed the diagnostic test with a big red dead battery note.

So $140 when the part comes in, which is a nice relief. If it had been the motherboard that would be $340 and I’d have a machine with a 4yo battery and a 4yo SSD. Might be better to just buy new.

Saturday, January 12, 2019

Simplenote web (beta) version has much improved notes export

The beta version of Simplenote’s web client will export notes as text files and will use the note title as the name of the text file. When I’d previously exported from my Simplenote library the text files names were all GUIDs. 

This is obviously much better. It means, as long as you don’t mine plaintext, you can get your data out of Simplenote in a portable and useable form.

To use the beta version of the Simplenote web client use the URL simplenote.com/new.

I’ve been using nvALT to enable data freedom for Simplenote [1], but it’s good to have a second option. (nvALT works on Mojave, but had issues with High Sierra. I’m planning to skip from Sierra to Mojave.)

PS. Recently Simplenote added plaintext note import, though needs Electron version for Mac.

- fn-

[1] It took years longer than it should have, but Automattic fixed search in the Mac client.

See also

Saturday, December 29, 2018

Extend Aperture's lifespan with Adobe DNG Converter for Mac

Aperture on Sierra doesn’t support RAW files from my Canon EOS SL2. I don’t know if there would be any support if I upgraded to High Sierra or Mojave, but I think not. I tried using Canon’s RAW to JPG converter but it was achingly slow and it defeats the purpose of shooting RAW in the first place.

So I’ve been shooting JPEG [1]. Today, through Facebook’s Aperture User Group, I learned that Adobe DNG Converter output can be treated by Aperture in Sierra as a type of RAW format. So I downloaded the app and tried it on a CR2 file from my SL2. It was extremely fast and produced a DNG a few MBs smaller than the CR2 file. Aperture opened it a bit more slowly than I remember it processing my older Canon RAW files, but there no real issues.

Adobe DNG Converter has a truly ugly Mac UI, but I have no problems with that. I suspect DNG is only a minimal archival improvement on CR2 so I’ll mostly continue to shoot JPEG (because everything sucks [1]), but now I have the option to do CR2 when I want better results. Since I already use Image Capture to bring images off my devices rather than Aperture the extra conversion step is a modest cost.

- fn -

[1] Twenty ago I was sure we’d get one of many better lossy image formats, of which JPEG2000 is the only one I can remember now. We never did, partly due to patents and partly for reasons I don’t understand. I think cameras have gotten better at making the best use of JPEG, which itself has iterated over time. In 2018 some SLRs shoot DNG (not Nikon or Canon of course), Apple’s cameras shoot patent-encumbered HEVC (not HEIF, that’s the container damnit), and there’s lots of proprietary RAW. I suppose HEVC is an improvement over RAW, but only by a bit. HEVC is likely to lose out in the long run to AV1 and disappear — with no comment from Apple when it converts. In terms of a practical archival image format we basically have PNG and JPEG with no metadata standard and perhaps some flavor of TIFF. Basically everything sucks, which is very 2018.

Incidentally, the image formats Preview can export to in Sierra when you use the Option key trick (apple doc) — prior to Mountain Lion they were all shown. OpenEXR was from Industrial Light and Magic but it’s as dead as old JPEG-2000. (As near as I can tell Mojave has the same list and it still doesn’t include HEIF/HEVC, which seems a vote of some sort.)

PreviewExportFormats

Saturday, November 24, 2018

Did you follow Apple's two-factor authentication advice to provide a friend's phone number for SMS authentication?

I bet you didn’t do this [emphases mine]:

…You should also consider verifying an additional phone number you can access, such as a home phone, or a number used by a family member or close friend. You can use this number if you temporarily can’t access your primary number or your own devices….

… To use two-factor authentication, you need at least one trusted phone number on file where you can receive verification codes. Consider verifying an additional trusted phone number other than your own phone number. If your iPhone is your only trusted device and it is missing or damaged, you will be unable to receive verification codes required to access your account…

… If you're signing in and don’t have a trusted device handy that can display verification codes, you can have a code sent to your trusted phone number via text message or an automated phone call instead. Click Didn’t Get a Code on the sign in screen and choose to send a code to your trusted phone number…

Apple 2FA implementation has a high risk of account access loss (Google has better 2FA recovery options). Apple’s recommended mitigation is to use multiple SMS verification numbers, not just the one mandatory number. Since SMS is an essential part of Apple’s 2FA, and SMS is a poor way to do 2FA, Apple’s 2FA is fundamentally insecure (mac bloggers seem universally unaware of this incidentally).

Damned if you do and damned if you don’t. On balance, if you use 2FA, you should have at least two SMS numbers numbers associated with your (insecure) Apple ID.

PS. To Apple’s credit, you need both a password and SMS to access your iCloud account, and you can’t reset the password just using SMS. In the absence of a trusted device the password reset process is mysterious and takes a few days.

PPS. You can use a Google Voice number as a trusted number. That way you can use a web browser to retrieve the authentication code.

Remember to remove a device from your Apple ID account list if it is sold or wiped

Apple associates devices with your Apple ID. If you are using two factor authentication they get authentication requests. If you wipe or sell or dispose of a device you really want to remove it from this list.

Go to https://appleid.apple.com/account/manage, select the device, and remove it.

I don’t think the reset/wipe phone setting does this automatically.

Sunday, November 18, 2018

Printer configuration is a still a pain (AirPrint edition)

I replaced an old Brother HL-L6200DW with a new Brother HL-L6200DW. Isn’t stasis wonderful? Scanners and printers don’t change much any more.

I sort of remembered how to test these up. I got it working via ethernet, then got it on our WiFi network. That worked for my Mac, but AirPrint wasn’t happy. Same printer, same name, different Mac ID. iOS said it would let me update to the new printer, but then it failed.

I had to restart my router, rename the printer in the web GUI (I’m sure this isn’t in the manual), restart printer, restart phone. Then it found it.

I’m sure there’s an easier way. Nobody prints though, so maybe not.

PS. The printer has all kinds of web services enabled. It’s basically waving a hack-me flag. It’s a bother to figure out what I can turn off.