Microsoft OneDrive automatic update disables OneDrive on Catalina and Mojave. Catalina fixed but Microsoft has dropped Mojave support.

My attempt to fix Microsoft Update disables OneDrive on Catalina and Mojave (and perhaps more) is in process.

 Fix from Microsoft Answers

1. Download last working version - Install version 23.002.0102.0004.

2. Disable autoupdate for OneDrive preferably by blocking network access to g.live.com IP 20.205.115.102 Port 443 TCP. Port 443 is standard port for https traffic.

3. Remove current version, install last good version.

As of April 20 we are to watch the release notes page for a possible fix.

May 27, 2023 Update: A possible new fix for Catalina, but it's not working on Mojave.

May 29, 2023: Microsoft has decided it will not fix Mojave and has retroactively dropped Mojave support. From a support email written by a non-native English speaker.

In regard to the issue, we would like to inform you that OneDrive sync support has ended on MacOS Mojave.

It is equally sad for us to deliver such a hard message. However, we recommend you to update your operating system to MacOS 11 (Big Sur) or later. This will also help you to get a more secured Operating System with enhanced features and more security.

You may always use OneDrive on Web ( https://onedrive.live.com ) as a workaround to upload and download files from OneDrive.

It may be possible to install the last good version then block the autoupdate. Personally I'll move to using iCloud rather than OneDrive.

Home sleep monitoring with Apple Watch and Google (Nest) Home Video in adult with limited ability to describe a nocturnal health issue

This post content was moved to:

https://notes.kateva.org/2023/05/home-sleep-monitoring-with-apple-watch.html

Apologies for the error!

iOS App Update hangs without an error message in infinite download: a general approach

Apple's FairPlay DRM management is notoriously fragile. It can be confused by family sharing, Screen Time controls, payment method changes, and, heaven forfend, mixed Apple IDs on a device.

Once Apple's DRM gets confused there's often no user accessible error message (PS. This is a bug [1]). The app just hangs. So when I realized my (manual) App Store updates were not completing I was not completely surprised. Recently I had:

1. Changed payment methods. I made my Apple Card's award balance (1-2% transaction) the default payment method (so it always gets emptied)
2. Enabled Screen Time account change restrictions to mitigate the harm of Apple's biggest current security issue.

I fixed the problem in the usual way (see Apple's article on this as well):

1. [Switch to manual update if you've been using automatic]
2. Verify Apple ID payment methods look correct
3. Turn off Screen Time [Apple doesn't mention this.]
4. Restart phone (power off/on)
5. Download a new free app from App Store [An old method, still useful]
6. Verify I can now update one of the pending apps.
7. Update All
8. Turn Screen Time back on.
9. [Turn auto update back on if you like that.]

-- 

[1] Failure to generate a user notification of a failed interaction is, of course, a bug. Regardless of whether there's a bug in the interaction processing (which there is, so that's another one).

iPhone Recovery Key attack vector kills your iCloud access: Workarounds pending an Apple fix including Apple ID protection

Someone who has your iPhone passcode can lock you out of your Apple iCloud and Apple ID services -- as well as take control of your iPhone and have access to all passwords stored in Apple's Password Manager (iCloud Keychain).

This can happen when someone steals your phone and obtains your passcode by the simple measure of threatening to kill you. Or they might see you enter your passcode or surreptitiously record entry. In bars drugs can be used to facilitate the process. This is often done as part of "borrowing a phone" for an "emergency call". (Never let anyone you don't trust with your life and wealth touch your phone. If it's an emergency make the call for them but ensure they don't record your passcode and don't let go of the phone.)

Once the thief has your phone and passcode they can change the victim's Apple ID password. This prevents the victim from locking the iPhone. The victim could still do the Apple ID password recovery process, so to get more time with the phone the thief can set a Recovery Key. If a Recovery Key exists they can change it. Setting a Recovery Key this way disables Apple ID password recovery. This gives the thief an unlimited time with the phone. It also locks the user out of all their Apple ID associated services and products including video, music, personal photos, personal documents, family sharing, other Apple devices, and the like. From the thief's perspective the Apple ID lock out is merely a side-effect. They may even feel a tiny qualm of sympathy for their victim. They do it to prevent iPhone lockout.

This is an Apple design problem. They need to fix it. Basically the iPhone passcode has far too much power -- especially since it has to be tapped in far too frequently and thus relatively easy to enter. Secondarily the benefits of the Recovery Key are limited to a few people and the with this technique in common use the risks dwarf the benefits. Apple should disable creation of new Recovery Keys immediately while they come up with a better fix.

TidBITS has one of the best descriptions of the problem following a somewhat confused WSJ article. I suggest also reading TidBITs preceding article on the problems with iCloud Keychain.

I was aware of most of these issues, but the Recovery Key hack is new to me. Again, if an attacker has control of your iPhone they can change your Apple ID password, locking you out of your photos, documents, Apple services, Apple media you've purchased, subscriptions, software, and more. At this point you can ordinarily reset your Apple ID password [1] through a tedious series of authentication steps or with the help of a previously specified Recovery Contact [2]. However, if you have set a Recovery Key you can't use these methods. You have to know the Recovery Key. If a thief sets or changes the Apple ID Recovery Key to prevent locking of the stolen iPhone you are truly screwed. Once you set the Recovery Key yourself Apple no longer stores it [3]; they can't recover your Apple ID even if they wanted to.

Apple has to fix several things here. It's insane that a six digit iPhone passcode allows access to all of the iCloud Keychain (Apple Password Manager) and setting up a Recovery Key. The power and risk of the Recovery Key is a separate problem and creation of new Recovery Keys should be disabled until there's a better fix.

In the meantime we've taken two steps on our our iPhones:

1. Emily and I set each other up as Recovery Contacts to facilitate doing an Apple ID password reset in the absence of an Apple Device.
2. Follow the recommendation of TidBITS to use Apple's Screen Time feature to prevent Account Changes. This requires setting a separate 4 digit ScreenTime code (PIN). When you do this Apple seems to require entry of Apple ID credentials that can be used to reset the ScreenTime PIN, but if you tap "cancel" you can continue without this step. That means an attacker can't use the Apple ID credentials they've stolen to unlock the account settings; they can't change an Apple ID password and they can't set a Recovery Key. (I think this can trigger an Apple Bug with App Updates and mixed Apple ID - see this article.)

I have not yet deleted all of my iCloud Keychain entries. I will go through mine and delete a few key ones. Apple really and truly needs to secure iCloud Keychain with an optional separate credential [4].

I do NOT recommend setting a Recovery Key.  An attacker with your iPhone passcode can change it anyway, and you won't be able to use Apple's standard Apple ID password recovery method.

- fn- 

[1] One time I tried to use login with Apple on a calendar service provider (Stanza). Apple evidently decided that was a bad idea and instantly locked my Apple ID. I had to follow the password recovering steps. If I'd set a Recovery Key and did not know the Key I'd have lost access to my Apple ID content (photos, etc) for all time.

[2] Setup a recovery contact NOW.

[3] I presume that when you do a standard password reset, or a Recovery Contact does a password reset for you, that behind the scenes Apple is using the Recovery Key they keep.

Mastodon wishes: topic tags that actually work

The mastodon social network (I'm https://appdot.net/@jgordon) lets me follow people at any Mastodon community (instance). Mastodon is person-centric. Reddit, by contrast, lets me follow activity on predefined topics.

I'd like Mastodon to have better topic support; I'd like to be able to follow both people AND topics.

In theory Mastodon has support for topics through hash tags. In practice, particularly if you are on a smaller Mastodon instance, the tags are not very useful. They only "know" about posts that have been pulled into a user's home instance, most often because someone on the instance follows the post author.

I'd like to see "topic tags" that were predetermined and worked across the Mastodon part of the Fediverse. I imagine a registry of topic tags that's updated by an instance daily based on instance posts using the topic tag. There are likely better models for how to do this.

Apple's App Store Apple Account balance: updated due to transition to Apple Cash

Update 5/1/2023 - a few months after writing this I realized Apple is in the midst of a very poorly documented multi-year transition.

There are currently two "gift cards" - Apple Gift Card (AGC) and App Store & iTunes (ASIGC) gift card.  The AGC used to be only useful for buying things at Apple Stores (or online equivalent) but sometime in the past few years the AGC could be used to to buy apps and media. 

The ASIGC works as below. Apple's check balance advice remains incorrect; the balance displayed in the App Store UI is not updated reliably. However, I don't think the ASIGC is long for this world. Which probably explains why Apple hasn't fixed the balance display or the use of the old term "iTunes".

The AGC can be purchased through a web interface - https://www.apple.com/shop/buy-giftcard/giftcard. When I bought it for my son using his iCloud email the balance showed on his phone wallet as Apple Cash. The Apple Cash balance also shows under his Account as did the prior ASIGC balance, but in a different location inserted at the top of the screen (it doesn't show there on my iPhone!).

The Apple Cash account is also used to hold purchase rebates (1-2%) from an Apple Card. I see my Apple Card balance there. I use the payment method selection control; my first payment method is Apple Cash, the second is Apple Card. When I view my son's payment methods at appleid.apple.com I see Apple ID (that is in fact holding his Apple Cash balance) and the fallback payment is "Apple Cash", but it's MY Apple Cash not his. (In fact there's a 3rd payment method --after these two charges roll over to me via my Apple Card, but the current UI can only show two.)

Note the weirdness here. In the case of a non-organizer family member the Apple Cash balance shows up here labeled Apple ID rather than Apple Cash!

I have found charges do go first against this "Apple ID" (his Apple Cash) then against my Apple Cash (currently $41.71). Incidentally, note if you can connect to a non-child family member's appleid you can see their balance and they can see the family organizer's cash balance.

If my son were a minor I'd have more options to manage Apple Cash. As it is this is a big improvement on a few months ago (below). It's obvious that in the US at least the ASIGC is obsolete and Apple will transition to the AGC. They still have a ways to go; they have added a savings account feature to Apple Card; I wonder if they'll add one to Apple Cash.

--------- original post

Apple's "Apple Account" holds cash that can be used to purchase apps, media and subscriptions. Money is most often added to an Apple Account through App Store and  Gift Cards iTunes gift cards. Users can also directly add money to their personal Apple Account from a payment method, but there are few times that makes sense. If a user is a member of a "Family" then the money comes from the Family Organizer's payment method (usually this is a bad thing). If a Family Member purchases something it will come out of their Apple Account balance first then any residual charge will come out of the Family Organizer's payment method (not the Family Member's payment method).

Apple Accounts are poorly documented, especially when they intersect with Family Sharing. Sometimes the support documents are incorrect or incomplete. For example, the check balance article for Mac tells users to look below their name in the App Store app:

That doesn't work very well though. You can see the problem in this screenshot taken from my son's account

His account shows $150 as a balance, but that's wrong. If you click on Profile and drill down to this Accounts page (requires authentication) you will see the correct amount of $135.37. Evidently the amount displayed on the App Store screen is copied there from another system and there's a time lag. In my testing I've found that the lag is at least a day and I suspect it only updates when one checks the Apple Account (requires authentication). So, in reality, the Apple Account is the only way to know this number.

Apple doesn't mention this, but you can also get to this Accounts page (which has the accurate numbers) from iTunes/Music. You can't get to it from the web however; appleid.apple.com doesn't have this data. My guess is that Apple is still using their 20yo iTunes infrastructure for the "Apple Account" (authentication doesn't support Apple Passwords OR biometrics) and that the display in the App Store is a bit of a hack. 

The Apple Account is a legacy system that is much older than Family Sharing and doesn't support it very well. I'm guessing Apple has been trying to replace the iTunes backend for a years and that the version we see is in maintenance mode. Perhaps they will transition to the emerging Apple Pay infrastructure. For now we have to workaround the issues.

Basic bicycle kit list with some notes on flats

I put a basic bike kit together for my daughter (currently in college with her bike) including a companion shared iCloud Note. I think the note is kind of useful, so here it is for reuse:

Bicycle Kit

Lighting

(Charge these when you get home then every 2-3 weeks even if not used)

Bike Light (NiteRider)

Rear Bike Light Blinky

Repairs

Multi tool in saddle bag

Chain lube (dry)

General Lube for derailleurs, other parts

Inner tube spare

Patch kit and pressure gauge

Tire lever

Bicycle Pumps (floor and mini) 

Schrader adapter

Clothing

Wind shell

Pant ties

Other

Water bottle

Cable and kryptonite locks and keys

Helmet

Bike bag

Register bike

Before ride

Charge lights

Check pressure

Look for loose parts

Check brakes

Changing tube

• Picture below of tire lever (remove tire), schraeder adapter (carry just in case, is small, can carry by putting on one of your valve stems) and a small pump that doesn’t work great but better than nothing.

Options before patching a flat

1. See if bike shop nearby
2. Call a friend to help or bring home
3. Maybe uber?
4. Remove tire and replace with new tube
5. Remove tire and tube, patch and replace.

Links to directions

Using speedier lever - https://www.youtube.com/watch?v=ZbO_03rKyPk 

How to patch a flat  (REI)

• https://www.rei.com/learn/expert-advice/flat-tire.html
• https://www.youtube.com/watch?v=Jo8M0jX_2K4 

Things to know

1. This is the hardest thing most people do on a bike.
2. Some tires are really hard to remove and getting tire back on can be hard (Usually have to do with thumbs but speedier lever can be used.  Most tools just make a hole in the tube.)
3. It’s quite easy to trap a bit of tube under tire. I like to inflate a bit then pinch tire all around the rim trying to free any trapped tube. Then deflate, repeat pinch, then inflate.
4. Inflation options include: floor pump (best), mini-pump, CO2 canister (meh), gas station pump with Schrader adapter below

Using the Schrader valve adapter

1. You need to undo the top Presta valve!
2. Put on adapter
3. Fill in small steps, but some modern gas station pumps may be slower to fill. Don’t overfill, can blow tire off rim in some older pumps.