Friday, August 14, 2020

Chrome malware: Managed by your organization

I think my son installed a "managed by your organization" chrome malware extension when he was trying to find Flash. This one showed in Chrome as "searches.network"

The obsolete Federal government website required for his US census enumerator job probably directed him to get Flash. I wouldn't be shocked if he got the malware directly from the Federal site. US government web sites are notoriously insecure. [1]

This class of malware now works by installing an unsigned profile on the user's Mac that activates Chrome's "managed by your organization" mode. It locks the home page and search page so traffic is routed through the malware's server and it prevents a Chrome reset. (It may do other things as well of course.)  For some reason it locked him into Bing, which was a dead giveaway. Smarter malware wouldn't have changed the default search engine.

Once upon a time a quick Google search would have explained how to remove the malware. This is 2020 though, so Google's search results on this topic are mostly garbage. I found one result on a garbage site, however, that must have been partly based on a real site. That clued me to the profile. Once I deleted it then I could do a full Chrome reset. Once I knew the fix I found this guide, which covered the territory. (I can't tell who manages the site, I hope they make money by malware app referrals rather than anything more ominous.)

Before I did this I followed advice from a trusted source and installed the free (but suspiciously marketed) Malwarebyte antiviral. It found nothing. I'll try running one or two more antivirals (AVG, Sophos). Malwarebyte is an easy uninstall, so points for them.

[1] I am the solo family geek, my digital-age children seem to prefer the 18th century. My theory is the latest generation has the same take on computers that, at the same age, I had on automobile engines. It should just work, and if it doesn't work an old person might understand it.

Monday, July 20, 2020

Blogger (draft) supports mobile

If you are using Blogger Draft you will find that it works fairly well in Safari.app and Chrome.app for iOS.

The new interface is responsive. 

I’d prefer a different font for writing on mobile but it’s very doable. Competitive with WordPress mobile app but expect some rough edges.

(Eons ago there was a mobile app for Blogger, but it was discontinued. I doubt it will return.)

Sunday, June 28, 2020

Carbon Copy Cloner was quietly excluding 1Password stores from backup (Corrected: app, not data stores)

This morning's heart attack:

"CCC no longer excludes 1Password by default."

What the fork were they thinking?!

-----------
Update: OK, looks like they did this briefly in 5.1.18 and, even though their language is sadly unclear, it was the the 1Password app rather than the 1Password credentials that were not being backed up. That link lists all the files not backed up, though as of today it's not been corrected for 5.1.19.

So I still have chest pain, but not a heart attack.

Wednesday, June 24, 2020

Python macOS environments for learners in 2020

My daughter is auditing Coursera's Intro to Python class. It's pretty standard stuff, but I was surprised by the development environment. For macOS there's a non-trivial Python install that requires some unix knowledge, use of the Homebrew package manager, dealing with admin vs non-admin user issues, consideration of pyenv, editing the path, and finally installing Python.

That's a long way from the ease of, say, TurboPascal circa 1983.

I figured there had to be a better way, but Google only found me some pro-level IDEs. It fell to Twitter to clue me in to the modern scene. The 4 good modern options turn out to be:
  • Google Colab: absolute easiest and least painful. I believe the Python code executes in the browser, so it's substantially slower than execution directly in macOS.
  • Microsoft Visual Studio Code for macOS: this does require the traditional Python install with Homebrew, but it's a very beginner friendly environment. The Python plugin provides Jupyter support.
  • Homebrew Jupyter: similar to Colab but like Visual Studio is part of the Homebrew/Python path.
  • Azure does Jupyter Notebooks (via @jhovland) at notebooks.azure.com.
Years ago I ran into iPython as a novice environment; turns out it morphed into Juypter.

It's a sign of the times that Google search didn't turn up a blog post with these options. (It won't find this one either, I'm way off Google's radar now.) Once I'd identified the above options however I could do a Google search to find an educational resource that did mention then:

There are many ways to write and execute Python code:

Python tutor (online, visual debugger)
Python interpreter (command line)
Visual Studio Code (editor, good debugger)
Jupyter (notebook)
Google Colab (online, collaborative)
 
During this lab we see all of them and familiarize with the exercises format. For now ignore the exercises zip and proceed reading.

That site is the University of Trento's data science lab course, updated 2019/2020.  The U of Trento was founded in 1962. Reading the wikipedia page it seems to have started out focusing on sociology (and, given the era, was likely a wee bit Left) but now seems to be very tech.

The course material is presumably translated from Italian. It's quite readable though it would benefit from a native speaker updating the GitHub content. Judging by my little test it may be one of the best resources of its kind.

See also:

I came back to Python for course on working with the OpenAI ChatGPT LLM. This time around I used Visual Studio Code with the Jupyter support. I use the default Python PIP package manager but I think Microsoft favors Conda. As of 2024 CoPilot is an option but it is not free.

Sunday, April 12, 2020

Facebook still has RSS (iCal) feed for Calendar Events but it is insanely obscure

I thought Facebook had removed the link we used to have to see the feed URL for a Facebook "calendar". (A Facebook calendar is the set of all Events one has responded to as "going" or "maybe".) I couldn't find it anywhere even though I was pretty sure I'd use it as recently as 6 months ago.

Facebook only documents exporting a calendar file. (In the mobile app there's a simpler way to add a single Event to a system calendar.)

I couldn't even find any mention online of the Facebook calendar feed. Just sad comments on Facebook's removal of RSS feeds about 7 years ago.

I was just about to give up when a last search found a Business Insider article from Dec 2019. Some Facebook dev has kept it alive in the most obscure location possible.

You can't find it by looking your Facebook Calendar: https://www.facebook.com/events/calendar
You can't see it by looking at your Facebook Events: https://www.facebook.com/events/

The only way to find them is to use the web UI and inspect the ... context menu for any single Event.

Beneath that you will see "Export Event":

Do not be deceived. Export Event is a form of misdirection.

In fact the resulting dialog, in addition to allowing saving of a single event, also provides the secret URL for a Calendar feed (RSS, iCal) including the Facebook UID and a "key" for access:

In Google Calendar web here's where that URL goes:

It can take hours for the feed content to appear and updates are likewise slow to show.

Sooner or later Facebook will expunge this last vestige of usefulness, but I do want to thank the dev that hid it away and let it survive for so long.

PS. I do appreciate so many Facebook page URLs are readable, persistent, and meaningful. I rely on that given the ever changing menu and navigation structures.

Monday, February 17, 2020

Canon's dSLR lens -- upgrade program for out of service lenses

The Canon EF 28-135 lens I bought in 2006 (!) for $420 died recently. The autofocus stopped working.

I can't complain too much -- I got a lot of use from it. The EF series is Canon's low end and it's not a great lens. (My Canon 50mm 1.8 is a famously cheap and great lens. With modern sensors it works very well for both portrait and for things I'd have used a 100mm zoom for. It's not image stabilized though.)

It turns out Canon doesn't service EF lenses of that generation. They will give 15% off a new similar lens (not sure what qualifies) or 10% off a refurb lens. Amazon's Canon prices are the same as Canon's list prices.

I think their modern equivalent of the old 28-135 is the Canon EF-S 18-135 (list $600, refurb $440) and EF-S 18-200 ($700). The 28-135 was a full frame lens on my 1.6 EOS body, these are S type lenses so the ranges are quite different. My old 28-125 was equivalent to a 45-200 S lens. After quick scan of review sites the 18-135 might be the better lens.

So a bit more money but a refurb with a 15% discount isn't too bad.

Would be nice if they still serviced old EF lenses. Maybe they do service old L lenses. Given the time it lasted the discount is nice (esp. on refurb) but not sure it's worth the hassle compared to an Amazon purchase. (If I buy I'll use KenRockwell.com referral link.)

Update: I did end up ordering the 18-135 EF-S as it has had a recent upgrade and sounded generally better than the 18-200 for my uses. So less zoom, but lot more wide angle. I took the 15% discount. Canon didn't want my old lens, only the serial number. They didn't have a refurb in stock.

Canon has the worst voice routing system I've used in years -- I had to keep repeating "representative" and on one attempt was booted off with a tedious and even condescending dialog. The automated system couldn't handle lenses.

Sunday, February 02, 2020

My advice for managing online credentials

I wrote this up for a book project on special needs iPhone users (Explorers), but it's also my recommendation for non-geek iPhone users. Credential management is definitely an unsolved problem ...


Every Explorer online identity involves, at the least, a “username” for the Explorer, a password and  either an iOS app name or a web address (URL). Most online identities also require an email address for communication, password resets and (alas) marketing. They may now require a mobile number and the answers to “secret questions”. All of this information makes up an online “credential”; but we often use the word “password” as a shorthand for the whole bundle

It’s hard to manage online credentials. I’m pretty technical, but I still find it a tough problem. Lots of people get locked out of their online services and need to do password resets or even start over with a new account. One day I think Apple will provide a full solution[1], but to date they’ve been reluctant to take this on. 

The good news is that most Explorers can get by with maybe 10-30 credentials and they don’t need to know most of them (more on this below). The key is to use as few online services as possible. Remember, every online service is another credential to manage!

I’m going to suggest three-and-a-half ways a Guide can manage an Explorer’s credentials. Each has advantages and disadvantages. For all of them I have two strongly held recommendations about passwords:

  1. Don’t reuse passwords for these important sites. If a password is captured (happens!) it becomes part of hacker libraries and will be applied to other Explorer accounts.
  2. Don’t follow the usual advice to create long random passwords. You’ll go insane trying to tap them out on an iPhone when you can’t see the password characters. Instead combine random pronouncable words, letters and symbols that you can tap. The password should be at least 14 characters. Flip through a dictionary to pick words randomly. This is good enough. You aren’t protecting nuclear launch codes.

Option One: Pencil and Paper

You may remember being told not to write down credentials on paper. That’s like the old advice to treat back pain with bed rest. We were wrong when we said that. Writing credentials on paper and saving them with your home paperwork is super secure. That’s what hard core security geeks do.

This does require good handwriting, but it works for a small number of credentials assuming you follow my password advice. If you need the credentials when you travel you can take a photo and keep it with your personal iPhone photos (be careful not to share it though!).

You do need a backup! You could copy by hand and mail the copy to a trusted friend. In theory public photocopiers are not secure, so I’d say just take a photo and keep it in your iCloud photos (not shared).

Option Two: Use an iCloud Secure Note on a Guide’s iPhone

I recommend this for the passwords my Explorers manage for themselves. An iCloud Secure Note  is protected by both your iPhone’s unlock passcode and by a special Secure Note password. The iOS User Guide explains how to create a Secure Note.

An iCloud Secure Note is automatically backed up and you can review old versions of the note. It can also be shared with an Explorer who is able to manage their own credentials.

This method is less secure than paper and pencil but is also less work — and you can copy/paste passwords from the Note rather than type them on iPhone, Mac, or a web browser[2].

The main risk of this method is accidentally deleting your credentials! Be sure to print out the Note periodically and store the paper copy at home. You can also restore a prior version but this is less reliable. Just print.

Option Three: Use 1Password or another reputable password manager

This is what most computer experts recommend, but true security experts are more cautious. When you use a password manager you are placing a great amount of trust in the vendor. There are so many ways a password manager vendor could steal credentials. Even if a vendor is honest and technically skilled, their products can be acquired by someone less scrupulous.

Of all password managers 1Password is most often recommended for the iPhone. It’s what I use, though I don’t use their Cloud service[3]. The Cloud service is obligatory for most people though, and it costs about $40 a year.

If you’re just managing a few Explorer credentials Paper and Pencil is simpler than a password manager and definitely more secure. If you use a password manager for your own credentials then it may be a good place to store an Explorer’s credentials.

Option Three and a half: Use Apple’s semi-secret password manager

Apple would take over credential management for their customers. It hasn’t happened yet, but they have partial solutions. You can part of Apple’s solution it you have enabled Keychain in Settings:Apple ID:iCloud and you’ve accepted Safari’s offer to save web site passwords. Just say “Hey, Siri, show me my passwords”. You can also go to Settings:Passwords & Accounts: and tap on “Website & App Passwords”.

Another part of Apple’s solution is “Sign in with Apple”. Apple wants iOS apps to support this and there’s a way for web sites to use it as well. This method never shows a password, it works with Face ID or Touch ID[4].

Both of these solutions are a work in progress. We will know Apple is serious if they create a separate App for managing credentials instead of hiding things away in Settings. Not all iOS apps store credentials in the keychain and “Sign in with Apple” is just beginning.

They are convenient for web sites and apps that aren’t important enough to be properly tracked. Just let the iPhone suggest a password and then forget about it. The iPhone will manage the password and if something goes wrong nothing much is lost.

These three-and-a-half options cover Guide management of Explorer credentials. In my next section I’ll go over which an Explorer will need to manage themselves and how to transition from Guide management to independent management.


[1] Apple has a partial solution for web sites but nothing for passwords entered in apps and elsewhere. Their longterm solution is called “Sign In with Apple” but it’s unclear if it will succeed or how serious Apple is about this.

[2] Browsers are not very secure though, so viewing readable passwords in a web browser is not ideal.

[3] 1Password still supports an old local storage method. It requires a very technical user to setup, it’s not well supported any more, and it’s not super reliable.

[4] Since Apple doesn’t support a guest/parent/Guide Face ID this could block Guide support for an app or site. More on this in the final chapter on political action!