OS X Notes.app and IMAP Accounts

On a fresh install of OS X Yosemite, the notes.app was unable to see the notes stored on my IMAP server. The account was working properly in Mail, and notes.app worked fine with other accounts.

I recall having this same problem with a previous version of OS X, and that it was related to the “IMAP Path Prefix” advanced setting within the Internet Accounts system preference panel. The prefix is set correctly so I was about to give up on this as being an annoying–but–ignorable bug when the very last post in this forum discussion indicated that a cargo-cultish approach of changing the prefix, opening and closing notes, then reverting the setting had fixed it. I can confirm that this solution also worked for me. I kept Mail.app closed for the duration to prevent it being confused, and observed that simply unsetting the value is insufficient, it must temporarily be set to another value, such as “none”, to work.

Which email addresses receive spam?

One of the advantages of owning a domain name is the ability to create a limitless number of email aliases. I use this to allocate each company that requests an email address a unique one, which makes it a lot easier to spot phishing emails, and track whether a company has used it according to my expectations. A recent browse through my spam email folder showed some egregiously bad spam (obvious frauds, scams, etc) being sent to aliases assigned to companies.

  • Vision Express
  • Tumblr (the micro-blogging platform)
  • JET Photographic, Cambridge
  • Adobe — suffered a well publicised data theft
  • LinkedIn — likely someone with whom I am connected since they would then see this email and could import it into their personal address book
  • Dropbox — dropbox includes this email address when I share files and links with others via its service so again the leakage is probably from a third party

Another surprising result of my browse is that the email address I publish on this website does not get very much automated spam, although it does get the occasional offer of “sponsored posts”.

Resolving mixed content errors with WordPress

This blog has in theory been available via a secure (“https“) connection for about 2 years. I say “in theory” because some of the images were being loaded from insecure connections which meant there still ways to easily circumvent that security. After some digging it seems this is a long-standing known problem with the WordPress software that runs this blog, and despite some recent activity, still not fixed in last week’s 4.0 release.

Fortunately the discussion in the bug report does provide a one-line workaround. There was no advice on where to put that one liner, so I decided to write a plugin as it would then be easy to toggle on and off if required.

 * @package fix_ssl_attachment_url
 * @version 1.0
Plugin Name: Fix SSL Attachment URL
Plugin URI: https://core.trac.wordpress.org/ticket/15928
Description: Hacky fix for wp_get_attachment_url function not checking for https. 
Taken from the bug report referenced above.
Version: 1.0
Author URI: http://www.toobusyto.org.uk

add_filter( 'wp_get_attachment_url', 'set_url_scheme' );

The next challenge was that the instapress plugin I had been using to display my Instagram photographs in the side bar was also using insecure content. It seems that instapress is no longer supported, and although worked for me, might not continue to work for much longer so I upgraded to Simple Instagram. This was a straightforward drop-in replacement (once I had successfully made an Instagram developer account) but displayed three Instagrams per row which I found a bit small. The author appears to be very active and helpful on the forums, providing these hints on how to customise it, but initially I could not get this to work for me when I put the settings in my custom theme’s style.css. The problem is that the first CSS class is now .si_feed_list and I found I needed to mark the customisation as !important in order to override the default.

/* For use with the Simple Instagram plugin */
.si_feed_list .si_item {
  width: 50% !important;

Finally I had to disable the Simple Facebook Connect plugin. Like instapress, this was reported as being broken and discontinued by the author.

Managing cron.d with chef

I have recently been playing with the chef configuration management system. I was looking for a way to manage files in a directory such that any that were created by chef would be cleaned up again when they were no longer needed. A classic use case is the /etc/cron.d directory which may be populated by files from multiple sources. There appeared to be no established pattern for this but since chef allows the use of ruby in its recipes, I was able to construct the following. It assumes the use of the cron cookbook.

cron_d 'usercron.chef' do
  minute 0
  hour 23
  command '/bin/true'
  user 'myuser'

Dir.glob("/etc/cron.d/*.chef") do |f|
  name = f.split('/')[-1]
    t = resources("cron_d[#{name}]")
  rescue Chef::Exceptions::ResourceNotFound
    cron_d name do
      action :delete

OS X Terminal.app, bash and UK Keyboards

On an Apple UK keyboard, the # symbol is accessed by pressing ⌥-3 (pronounced option 3). Unfortunately the terminal application is only useable when option has been mapped to the UNIX meta-key, which takes precedence over “special” characters such as #. Thanks to this tumblr post, it is possible to work around this problem:

$ cat .inputrc
"\e3": "#"

Unfortunately .inputrc is a bash-specific configuration file and this does not solve the problem for terminal-based applications.

Google Maps and iOS Background App Refresh

I am posting this to the web in case it helps anyone else trying to troubleshoot a similar problem.

Recently I noticed my iPhone’s battery was ending each day significantly lower than usual, causing me to have to charge it every night instead of every couple of days. At first I suspected the extra consumption was caused by communicating to my Pebble smart watch but quickly eliminated that possibility when turning the Pebble off for a day had no effect.

After some experimentation, the change that restored my battery usage to its previous norm was disabling background apps refresh for Google Maps. This was an application I had recently installed because it works very, very, nicely with the Pebble, sending turn-by-turn navigation directions to your wrist as you walk. This completely removes the need to take the phone out of its pocket every few minutes to double check that the road you just passed was not the one you were supposed to turn down! However I do not use it frequently enough to justify doubling my daily power consumption…

Wearable Tech: Pebble

I have a new gadget, a pebble smartwatch. The “smart” moniker seems appropriate because it does something in addition to its primary function (telling the time), and as a platform it has a lot of potential, but like the first few generations of smartphones were merely OK phones, this is only a good digital watch rather than a great one.

Why would I want a mini-computer on my wrist when I already have one in my pocket/bag?

It seems to me that large screen phones are popular for a reason: they make better computers. Conversely as the screen size increases they lose all the properties that made smartphones attractive in the first place—easily carried always with-you devices. All the major mobile phone makers have launched voice-based interfaces but not only are they slow and error prone, in many cases the desired responses are fundamentally visual. Hence, the idea is a second screen for the phone that can then safely remain zipped away in a secure location.

What is it for?

For the moment, notifications. There is some rudimentary fitness tracking if you are into that sort of thing, but even being able to read notifications without getting my phone out of my pocket has turned out to be quite useful. For a start, I often fail to notice calls and texts when walking but the pebble makes them much more prominent. I can also see, with one glance and without taking off a glove, whether it is something urgent, or whether it can be dealt with later. People in the habit of leaving their phone in another part of the house will also find it useful since the bluetooth range easily stretches across a couple of floors.

While the pebble can run apps, currently these are mostly of novelty value rather than actually useful. The forthcoming 2.0 API looks a lot more capable and has proof of concept apps for things like displaying the last train departures from the nearest tube station. Notably the pebble does not have any built in speaker, microphone or camera which places it a long way from the significantly more expensive Galaxy Gear.

How good a watch is it?

Functional. Its e-paper screen means the time is always displayed (if you want it to be) and there is a cool motion sensor activated backlight. I did struggle to find a nice watch face that matched the functionality of my Timex Ironman digital watch, but since many watch faces are open sourced it would have been possible to modify one to my purposes had I not found one. Since the platform is very immature, sifting the good watch faces from the gimmicky was also part of the problem: it is currently not possible to search for something as specific as “digital 24 hours with seconds date and day of week”.1 The lack of built-in applications for what I would consider standard watch functionality is probably the biggest weakness right now. For example my Timex digital watch comes with chronograph, countdown timer and multi-timezone functions by default; for the pebble I had to search for an app and then try different ones out until I found one that worked well.

I find many normal watches too bulky for my slim wrists but as you can see from the photo, the pebble fits just about OK—I certainly would not want it any larger. The strap is a standard fitting so can easily be replaced and the battery is claimed to last 5-7 days between charges, which seems accurate based on my usage so far.


The pebble is fun and I already find it a useful addition to my every day life. It is by no means essential—yet, that will require several more iterations of both hardware and software—but the pebble proves the concept has utility in the world outside of Silicon Valley’s reality distortion field.

  1. Currently very few faces display seconds at all, it is not clear whether this is an unfilled gap in the market or because it drains the battery 59 times faster. [back]

Buddy online notification in Messages (OS X Mavericks)

In the days when OS X’s instant messenger program was called iChat, I think it was possible to setup a notification when a particular buddy came online. Mostly not very useful to non-stalker-types, especially as some services logged people in and out fairly continuously, but I would occasionally turn it on when trying to get in touch with an elusive friend or family member in a timezone that offers very little overlap with my own. It appears that is no longer an option in the main interface in Mavericks, but Apple do provide the ability to run an AppleScript whenever an event is triggered.

Continue reading


The HTC One V Android phone was recently added to the list of devices I am called upon to provide technical support for, and this weekend I had the chance to have a good play with it (i.e. its owner found it to be acting up and I had to help).

This is not meant to be a full review but rather a couple of observations, and a record of some “features” that lacked adequate documentation. Overall I found it to be a nicely put together piece of hardware with good ergonomics. On the software side the “pattern swipe unlock” requires less brain power to use than PIN, and gestures to switch between tabs in the web browser made multitasking on the web as easy as multitasking between apps.

On the negative side, the keyboard was awful. I have written entire blog posts on my iPhone keyboard of similar dimensions, yet could not enter a simple web search correctly first time on this one. A few Android users have recommend installing Swype, but that’s not available from the official App Store. It also turns out to be completely unnecessary as the HTC One comes with a built-in “trace keyboard” hidden away behind Settings -> Language and Keyboard -> HTC Sense Input -> Trace Keyboard which, in just a few minutes of testing, seemed much more useable.

General impressions aside, the reason I was called upon was because events added to the calendar application were not being synchronised to Google calendar on the web. This seemed odd, since synchronisation to Google’s services is supposed to be Android’s forte. The problem was that all new events were defaulting to a calendar called PC Sync, that was not synchronised anywhere, and no where did it seem possible to either change that default, or remove that calendar from the phone. Searching the web revealed only other people complaining of the same problem, and no solution—the cause though appears to be that HTC have replaced the default calendar application with one of their own that has this inexplicable and inexcusable “feature”. Fortunately there is now a workaround available—download the official Google calendar app from the App Store!

Making money from photographs on the Internet

This week Internet photo sharing site Instagram made headlines for an apparent change in its terms and conditions that would, it was claimed, allow the site to sell users’ uploaded photographs without further compensation. A few days later it made an apparent u-turn.

In the midst of the storm of dis-proportionate rage and indignation, Never Mrgan makes the point that even if Instagram did claim the right to resell a photograph without compensating the owner1, properly licensed high quality professional photographs are better and of more certain provenance. I think broadly this is true, but online photography fora are also full of stories of traditional media outlets ripping off photographs from websites such as flickr (where copyright licence terms are clearly asserted) and then claiming ignorance of copyright law and/or offering only negligible compensation when challenged by the owner.

Since many people just click through terms and conditions without reading or understanding them, any publicity that increases public understanding as to how online services work and make money has to be a good thing. For many people finding themselves to have taken a highly sought after photograph, perhaps of some rare or newsworthy event, the fame brought by being properly credited as the owner will be sufficient. But the clear message here is that if you ever think you might be in possession of a photograph or video more valuable than five minutes of fame, be very careful where you post it.

Perhaps this week’s outrage is also a symptom of the division in Internet photograph sharing between those photographers who prefer niche sites such as flickr and 500px, and everyone else who uses Facebook. The first group know that Facebook’s ability to disseminate content through its social graph is far greater than the dissemination available on their preferred platforms and they had hoped Instagram would bridge that gap, providing the features they wanted with the distribution potential of a social network.

This was also a potential missed opportunity for Instagram. The aforementioned copyright thefts by large media companies happen because a copyright holder has pursue each infraction individually, usually against corporate legal departments. If Instagram were to start selling sub-licences to photographs but promised to return a portion of the money over some large threshold to the photographer2 then Instagram would be the platform of choice.

  1. and it is possible it always has [back]
  2. similar to YouTube’s partner programme [back]

Encrypting filesystems with OS X Lion

Sadly some manufacturers1 of portable USB hard drives have yet to realise that there are operating systems other than Windows™ and include non-OS specific hardware encryption. OS X Lion supports software encrypted filesystems but the graphical Disk Utility application can only create new encrypted partitions. Fortunately the command line version of the same program can encrypt an existing partition without loss of data.

The drive must have a GUID partition scheme and the partition must have a HFS Journaled filesystem. You can view the partition information by typing diskutil list in a Terminal. The final column of output shows the IDENTIFIER you must use in the next command (disk1s2 in my case).

Encrypt the partition using the command:
diskutil cs convert disk1s2 -passphrase

You will them be prompted for a passphrase (do not lose or forget this, there is no way to recover the data if you do!). The drive will then be converted to a special corestorage volume and encrypted. Converting and encrypting a 1TB drive (with 500GB of data) took nearly 24 hours for me. You can monitor the process using the command diskutil cs list (the cs stands for core storage).

  1. Western Digital being one for which this is not true, their My Passport drive has been an excellent Mac citizen. [back]

HP DeskJet 3050A — The Missing Manual

Printers used to be a simple peripheral: connect it to your computer and hope that it will automatically configure the correct driver. If your printer was newer than your OS you accepted that you had no choice but to insert the supplied CD and install the driver along with whatever useless software the manufacturer decided would “enrich your experience”.

In an ideal world a networked printer would be similarly simple: connect it to your network and proceed as before but without the USB cable. Entering a non-trivial wireless password into device with just 6 buttons would be a tedious but infrequent task. Sadly not that simple.
Continue reading

Au Revoir, Internet Café

On previous trips, publishing a blog post or keeping in touch with home meant allocating some time to locate a reasonably priced Internet café and writing while watching a ticking timer. For this trip however I have been able to write at leisure in spare moments on my phone thanks to the availability of pre-pay GSM sim cards with data allowances.

In Australia, amaysim have been particularly good value although I only discovered their existence after considerable Internet research. A $10 purchase in-store sim card purchase gave us 1GB of data valid for 30 days plus $10 of pre-pay phone credit (90 day expiry). The network is provided by Optus, in common with most of the cheap prepaid sim offerings. There were a couple of issues though which I document here for future travellers.

  • We bought the sim card in a Seven-Eleven. The website claims you can buy them in post offices but the one we tried did not stock it so the availability might not be great. The same pack contains a sim that may be used with either the normal or micro sim formats.
  • Online activation claimed to work but actually failed because of my non-Australian address and credit card. You must call them to get your $10 purchase converted to a data plan. I have not tried to top up the credit yet but it makes me think that credit card top ups might be difficult. Buying vouchers works around this, but see the note above on availability.
  • The sim we bought has been used in multiple devices. I can report that despite rumours to the contrary, a sync with iTunes is not required to change the provider on an iPhone (at least on iOS5). However some devices could not access the Internet until the APN had been set manually to “Internet”, others just worked, for reasons I have yet to figure out.

Using the Terminal to restore from a Time Machine backup

I recently had to restore some Application Data from a Time Machine backup and since Finder in OS X 10.7 (Lion) now hides the Library folder in your home directory I thought it easiest to just cp the files from the mounted volume to the right place. It turned out that this it was not as straightforward as that because the restored files retained the read only permissions that prevent you from modifying a backup.

The ACL does not appear in the Finder, but can be seen using ls -le:

0: group:everyone deny write,delete,append,writeattr,writeextattr,chown

and also metadata: com.apple.metadata:_kTimeMachineNewestSnapshot 50

The ACL can be removed using chmod -a #n filename where n is replaced by the number at the front of the ACL description (0 in this case). Applying it recursively is possible but potentially dangerous1 unless you know this is the only ACL applied to the files in the directory. The metadata can be removed using xattr, like this:
xattr -d com.apple.metadata filename

  1. and consequently left as an exercise to the reader [back]

Postfix and SMTP AUTH on OS X Lion

The standard instructions for configuring postfix to use authenticated SMTP to use authentication when forwarding to a relay host did not work for me on OS X Lion. For future searchers here is how I made it work.

  1. Create the file /etc/postfix/sasl_passwd as described in the standard docs, i.e. at least one line containing:
    server username:password
    and set the permissions using sudo chmod 600 /etc/postfix/sasl_passwd.
  2. Make the db version used by postfix: sudo postmap /etc/postfix/sasl_passwd (the new file will inherit the permissions of the original file).
  3. If you have upgraded from a previous version of OS X, particularly if you modified your postfix configs, follow the advice in the section below before continuing.
  4. To tell postfix to use authenticated SMTP, add the following lines to /etc/postfix/main.cf:

    mydomain = <<your.mail.domain>>
    mydomain_fallback = localhost
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

    If your domain’s MX records do not specify your relayhost then you must also set the relayhost line.
  5. postfix on OS X runs “on demand” so there is no need to instruct it to reload its configuration. The log file is in the standard UNIX location, /var/log/mail.log.

Upgrading from Snow Leopard

I had previously had this postfix setup working under Snow Leopard, and the upgrade process appeared to have preserved my configuration settings so I was surprised to see that after upgrading to Lion, my smarthost was not accepting mail.

Examining the files in /etc/postfix I noticed that in addition to my customised main.cf there was also a file called main.cf.default which was modified the date I had upgraded to Lion. Comparing the two files showed a number of subtle differences but after being unable to determine why postfix was not authenticating to my upstream server, I decided to copy it over my customised main.cf and re-apply my changes.

Having done this, the mailq command gave me the following error:
postfix[17922]: fatal: bad string length 0 < 1: setgid_group =
Setting setgid_group = _postdrop in main.cf fixed that but then I hit another error:
fatal: file /etc/postfix/main.cf: parameter mail_owner: user postfix has same user ID as _postfix
Resolving this required me to change the value of mail_owner from postfix to _postfix but I don’t know if this is a bug in Apple’s supplied main.cf or an artefact of my user and group information evolving from a 10.6 install to 10.7.