tag:blogger.com,1999:blog-94692842024-03-13T11:02:34.663-04:00shards mvgfr: geekA "<i>Function</i> over FORM" production.Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.comBlogger90125tag:blogger.com,1999:blog-9469284.post-67440436967782976872021-12-31T11:56:00.003-05:002021-12-31T11:56:55.159-05:00Moving off Google<p>Please join me at my <a href="https://mvr.micro.blog/">new blog</a>.</p><p>(Why give any more to Google - home of "Do(n't) be evil".)</p>Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-11228622981539436412021-07-30T15:39:00.000-04:002021-07-30T15:39:10.364-04:00Config macOS to boot headless - with some user accounts protected by FileVault<p>I recently wrote about some challenges using <a href="https://mvgfr-geek.blogspot.com/2020/12/filevault-mac-in-headless-mode-notifies.html" target="_blank">FileVault on a headless Mac</a>.</p><p>And later experimented with a way of getting:</p><p></p><ul style="text-align: left;"><li><i>both</i> headless (including a full boot, headless)</li><li><i>and</i> <a href="https://support.apple.com/guide/mac-help/protect-your-mac-information-with-encryption-mh40593/mac" target="_blank">FileVault</a></li></ul><div>Which amounts to this:</div><ul style="text-align: left;"><li>Configure the boot volume without FileVault.</li><li>Set up a 2nd volume (<a href="https://support.apple.com/guide/disk-utility/add-erase-or-delete-apfs-volumes-dskua9e6a110/mac" target="_blank">APFS</a> makes this easy).</li><li>Encrypt the 2nd volume.</li><li>Create a new "secure" user - whose homedir is on the 2nd, encrypted, volume.</li></ul><div>Why? That new user's homedir is now better protected - if for example, the storage were removed.</div><div><br /></div><div>Notes:</div><div><ul style="text-align: left;"><li>The "secure" user, can't log in til that 2nd volume is mounted.</li><li>The encrypted volume won't auto-mount (which would kinda defeat the point).</li><li>If you want to be a bit less secure, you could config a user whose homedir is on the unencrypted volume, to use the Keychain to mount the encrypted volume when they log in - in which case, you'd still have to take that manual step (of logging in to the "primary account"), though that would immediately allow the "secure" user to login.</li></ul></div><p></p><p>Curious if anyone else is interested in doing anything like this, or if this prompts any thoughts.</p>Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-5807875708540731532021-07-24T17:30:00.002-04:002021-07-25T08:56:29.251-04:00Open app using Rosetta, via command-line, on an M1 Mac<p><span style="font-family: Menlo;"><span style="font-size: 12px;">Apple has done so many architecture transitions (amazingly well, it's worth noting) that there's an <i>old</i> utility to help with this:</span></span></p><p><span style="font-size: 12px;"><span style="font-family: courier;">arch -arch x86_64 /System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal</span></span></p><p><span style="font-family: Menlo;"><span style="font-size: 12px;">On an <a href="https://www.apple.com/newsroom/2020/11/apple-unleashes-m1/" target="_blank">M1</a> Mac, this has the same effect as clicking the "Open using <a href="https://en.wikipedia.org/wiki/Rosetta_%28software%29" target="_blank">Rosetta</a>" checkbox, in an app's "Get Info" window, except it's:</span></span></p><p></p><ul style="text-align: left;"><li><span style="font-family: Menlo;"><span style="font-size: 12px;">for this run only; you likely want to generally run Terminal <i>native</i></span></span></li><li><span style="font-family: Menlo;"><span style="font-size: 12px;">via command-line - which is why you're in Terminal anyway 😏</span></span></li></ul><p></p><p><span style="font-family: Menlo;"><span style="font-size: 12px;">Why would you want to do this? Let's say you're using <a href="https://brew.sh/" target="_blank">brew</a> and not ready to try the M1 version - this then requires doing basic things like `brew upgrade` using Rosetta.</span></span></p><p><span style="font-family: Menlo;"><span style="font-size: 12px;">(BTW: For anyone not familiar with this sort of thing, it will open a <i>second</i> </span></span><span style="font-family: Menlo; font-size: 12px;">instance</span><span style="font-family: Menlo;"><span style="font-size: 12px;"> of the app; it doesn't affect the currently-running instance.)</span></span></p>Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-15537874041621969392021-07-21T16:40:00.003-04:002021-07-21T16:42:31.314-04:00Unable to get IntelliJ to successfully use BBEdit as an External Editor?<p>Here's what I saw, after I set that up in IntelliJ:</p><p></p><blockquote><p><span style="font-family: courier;">You must allow `bbedit` to send events to the BBEdit application.</span></p><p><span style="font-family: courier;">Use `tccutil reset AppleEvents` to reset the system's permissions, and try again.</span></p><p><span style="font-family: courier;">bbedit: error: -1743</span></p><div></div></blockquote><div>I don't want to "reset the system's permissions", even if only for AppleEvents.</div><div><br /></div><div>So here's what I did instead:</div><div><ol style="text-align: left;"><li><i>Within IntelliJ</i>, open a Terminal pane / tab.</li><li>At <i>that</i> terminal prompt, paste something like this:</li><ul><li><span style="font-family: courier; font-size: x-small;">osascript -e 'tell application "BBEdit" to set position of every window to {0, 44}'</span></li><ul><li>(Yes that's ugly - it was a handy "innocuous" AppleEvent -- which did the job.)</li></ul><li>And execute it. (ex: Press Return.)</li></ul><li>Click "OK" to allow IntelliJ to send AppleEvents to BBEdit.</li></ol></div><div><br /></div><div>To see the effect this has had:</div><div><ol style="text-align: left;"><li>Open System Preferences.</li><li>Select Security & Privacy.</li><li>Scroll down & select Automation.</li><li>IntelliJ is now listed, with the permission to control the BBEdit app.</li><ul><li>Which you also have likely also allowed, for the Terminal app.</li></ul></ol><div>Background:</div></div><div><ul style="text-align: left;"><li><a href="https://www.jetbrains.com/help/idea/configuring-third-party-tools.html" target="_blank">Config External Tools in IntelliJ</a></li><li><a href="https://github.com/desktop/desktop/issues/2487" target="_blank">More detail, on using BBEdit as an external tool in IntelliJ</a></li></ul></div>Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-52760094536286677062021-07-10T11:13:00.004-04:002021-07-12T15:17:44.327-04:00Mac Bluetooth keyboard sluggish - and/or repeats?<div><span style="font-size: large;">Symptoms</span></div><div><ul style="text-align: left;"><li>Press a key – no response.</li><ul><li>Or a several-second time lag, before any output.</li></ul><li>Press a key (even briefly / lightly) and several characters are output.</li></ul></div><div><br /></div><div><span style="font-size: large;">When observed</span></div><div><ul style="text-align: left;"><li>After some time (hours to days).</li><li>Usually, when the screen is locked or asleep</li><ul><li>Which makes entering the password, functionally impossible.</li></ul></ul></div><div><br /></div><div><span style="font-size: large;">Equipment</span><div><ul style="text-align: left;"><li>MacBook Air (M1, 2020)</li><li>Apple Magic Keyboard (on Bluetooth)</li><li>macOS Big Sur (V11.4 (20F71))</li></ul></div></div><div><br /></div><div><span style="font-size: large;">Workaround</span></div><div><ol style="text-align: left;"><li>Hold Shift and Option, then <a href="https://support.apple.com/guide/mac-help/turn-bluetooth-on-or-off-blth1008/mac" target="_blank">click the Bluetooth icon in the menubar</a>.</li><ul><li>Yes; challenging when having KB trouble. 😕</li><ul><li>Though at least possible, since these are keys meant to be held down.</li><li>If even this doesn't work, hopefully you have a wired KB handy…</li></ul></ul><li>Select "Reset the Bluetooth module".</li><ul><li>Hmm; maybe this is possible to trigger with no KB use…</li></ul><li>There is no step three 😏</li></ol><div>Shoutout to the good folks at <a href="https://osxdaily.com/2015/12/15/reset-bluetooth-hardware-module-mac-osx/" target="_blank">OSXDaily</a>.</div></div>Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-34258005197493065192021-05-05T15:39:00.005-04:002021-05-05T17:18:39.298-04:00I just dismissed the screensaver - why is every keypress ignored?<p>You just authenticated to your Mac, and the screensaver cleared, to put you right back to where you were - <i>almost</i>.</p><p>This is why every keypress is ignored - aside from beeping at you.</p><p>Look more closely… Why are the window controls grayed out, as if it's not the active window?</p><p>Yeah; it's not <i>exactly</i> right back where you left off - the keyboard focus has not returned to your window; apparently, a side effect of the screensaver. </p><p>Solution: Click where you want the focus (your document, terminal window, whatever), and off you go.</p><p>Note: This also affects at least some global key equivalents (I recently whipped up something to <a href="https://mvgfr-geek.blogspot.com/2021/04/music-was-itunes-and-skipped-vs-played.html" target="_blank"><i>really</i> Skip a track in iTunes</a>) - and in such cases the solution is the same: Click somewhere, and they'll work.</p><p>Weird.</p>Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-90156086090566919502021-04-17T14:15:00.001-04:002021-04-17T14:23:23.721-04:00Music (was iTunes) and Skipped vs Played - ish<p>Turns out, Apple's macOS <a href="https://support.apple.com/en-us/HT204951" target="_blank">Music</a> app, uses some <a href="https://apple.stackexchange.com/questions/128286/what-does-itunes-count-as-a-skip" target="_blank">arcane rules</a> to determine if and when a track is logged as a Skip, or Played.</p><p style="font-family: "Helvetica Neue"; font-size: 14px; font-stretch: normal; line-height: normal; margin: 0px 0px 2px;">Which doesn't much matter - unless you want to use that info in a <a href="https://support.apple.com/guide/music/create-edit-and-delete-smart-playlists-mus1712973f4/mac" target="_blank">Smart Playlist</a>. 😕</p><p style="font-family: "Helvetica Neue"; font-size: 14px; font-stretch: normal; line-height: normal; margin: 0px 0px 2px;"><br /></p><p style="font-family: "Helvetica Neue"; font-size: 14px; font-stretch: normal; line-height: normal; margin: 0px 0px 2px;">I want to listen to something different, so I use that metadata, to filter out tracks either recently listened to, or recently skipped - which shakes things up nicely.</p><p style="font-family: "Helvetica Neue"; font-size: 14px; font-stretch: normal; line-height: normal; margin: 0px 0px 2px;"><br /></p><p style="font-family: "Helvetica Neue"; font-size: 14px; font-stretch: normal; line-height: normal; margin: 0px 0px 2px;">For awhile now, it's been nagging at me, that I seemed to be hearing tracks I should't - a bit of research led to the link above. I frequently hit the FF button within the first few seconds, so those don't count as Skips. 😕</p><p style="font-family: "Helvetica Neue"; font-size: 14px; font-stretch: normal; line-height: normal; margin: 0px 0px 2px;"><br /></p><p style="font-family: "Helvetica Neue"; font-size: 14px; font-stretch: normal; line-height: normal; margin: 0px 0px 2px;">I wrote a quick <a href="https://macosxautomation.com/applescript/firsttutorial/index.html" target="_blank">AppleScript</a> to use, instead of the default FF button, and <i>force</i> a Skip (by first moving playback to the 6s mark); I use it on a <a href="https://qsapp.com" target="_blank">Quicksilver</a> Trigger (see p. 34 of the <a href="https://qsapp.com/docs/Quicksilver.pdf" target="_blank">Quicksilver manual</a>) - though you can use this code however you like:</p><p style="font-family: "Helvetica Neue"; font-size: 14px; font-stretch: normal; line-height: normal; margin: 0px 0px 2px;"><br /></p><p style="font-family: Verdana; font-size: 12px; font-stretch: normal; line-height: normal; margin: 0px 0px 0px 41.6px; text-indent: -41.6px;"><span style="font-variant-ligatures: no-common-ligatures;"><b>tell</b> </span><span style="color: blue; font-variant-ligatures: no-common-ligatures;"><i>application</i></span><span style="font-variant-ligatures: no-common-ligatures;"> "Music"</span></p><p style="color: #6c05d3; font-family: Verdana; font-size: 12px; font-stretch: normal; line-height: normal; margin: 0px 0px 0px 83.2px; text-indent: -83.2px;"><span style="color: black; font-variant-ligatures: no-common-ligatures;"><span class="Apple-tab-span" style="white-space: pre;"> </span><b>if</b> </span><span style="font-variant-ligatures: no-common-ligatures;">player state</span><span style="color: black; font-variant-ligatures: no-common-ligatures;"> <b>is</b> </span><span style="font-variant-ligatures: no-common-ligatures;"><i>playing</i></span><span style="color: black; font-variant-ligatures: no-common-ligatures;"> <b>then</b></span></p><p style="color: #6c05d3; font-family: Verdana; font-size: 12px; font-stretch: normal; line-height: normal; margin: 0px 0px 0px 124.8px; text-indent: -124.9px;"><span style="color: black; font-variant-ligatures: no-common-ligatures;"><span class="Apple-tab-span" style="white-space: pre;"> </span><b>set</b> </span><span style="font-variant-ligatures: no-common-ligatures;">player position</span><span style="color: black; font-variant-ligatures: no-common-ligatures;"> <b>to</b> 6</span></p><p style="color: blue; font-family: Verdana; font-size: 12px; font-stretch: normal; line-height: normal; margin: 0px 0px 0px 124.8px; text-indent: -124.9px;"><span style="color: black; font-variant-ligatures: no-common-ligatures;"><span class="Apple-tab-span" style="white-space: pre;"> </span></span><span style="font-variant-ligatures: no-common-ligatures;"><b>next track</b></span></p><p style="font-family: Verdana; font-size: 12px; font-stretch: normal; line-height: normal; margin: 0px 0px 0px 83.2px; text-indent: -83.2px;"><span style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-tab-span" style="white-space: pre;"> </span><b>end</b> <b>if</b></span></p><p style="font-family: Verdana; font-size: 12px; font-stretch: normal; line-height: normal; margin: 0px 0px 0px 41.6px; text-indent: -41.6px;"><span style="font-variant-ligatures: no-common-ligatures;"><b>end</b> <b>tell</b></span></p><p style="font-family: "Helvetica Neue"; font-size: 14px; font-stretch: normal; line-height: normal; margin: 0px 0px 2px;"><br /></p><p style="font-family: "Helvetica Neue"; font-size: 14px; font-stretch: normal; line-height: normal; margin: 0px 0px 2px;">I'm no expert at Quicksilver Triggers, however here's how I set it up:</p><p style="font-family: "Helvetica Neue"; font-size: 14px; font-stretch: normal; line-height: normal; margin: 0px 0px 2px;"></p><ul style="text-align: left;"><li>Open Quicksilver and navigate to Triggers (icon in top menu).</li><li>Press dot (period), in the top pane, to be able to paste text.</li><li>Paste the code above (newlines and all).</li><li>The 2nd pane may already be set to the proper kind of code execution: "Run as AppleScript".</li><li>If not, set that.</li><li>If it's not available, you may have to enable that Action.</li><li>Click "Save".</li><li>Click into the "Trigger" column (right), to assign a hotkey.</li></ul><p></p>Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-71675553143821645162021-03-07T16:00:00.001-05:002021-03-07T18:25:11.743-05:00iCloud Drive: some files refuse to upload<p>I recently moved a large group of files (many directories) to <a href="https://support.apple.com/en-us/HT204025" target="_blank">iCloud Drive</a> - so they'd be available on my other devices - and watched as they all uploaded...</p><p>Then did some testing to confirm - only to find that many files never did upload. (I tested over the course of _weeks_; this was not an issue of bandwidth.)</p><p>I compared (using <a href="https://ss64.com/osx/diff.html" target="_blank">diff</a>) the state of the Mac on which the files were first moved into iCloud, versus the files on another Mac which was freshly set up with iCloud, so got them only via iCloud sync. (I also spot-checked, using the <a href="https://www.icloud.com/iclouddrive/" target="_blank">web interface for iCloud Drive</a>.)</p><p>So I started trying to determine why. It's a somewhat lively source of discussion - among those who've actually noticed the problem -- which is almost entirely invisible, unless you go looking for it. :/</p><p>Much of the discussion was the expected (unfortunately) reflexive "<a href="https://www.youtube.com/watch?v=cVQs3n6ebMI" target="_blank">have you tried turning it off and on again?</a>" - about killing processes, deleting various files (ex: <span style="font-family: courier;">~/Library/Application Support/CloudDocs</span>) and rebooting - and, as expected, none of that helped.</p><p>However, the clue I needed was in this <a href="https://apple.stackexchange.com/" target="_blank">Ask Different</a> post: <a href="https://apple.stackexchange.com/questions/342338/icloud-drive-stuck-on-waiting-to-upload" target="_blank">iCloud Drive stuck on “Waiting to upload”</a></p><p>(BTW: The only way to see that "Waiting to upload" message, is to first already know that there's a file in that state; then hover over the tiny dotted line cloud icon next to it, in Finder. Nearly-invisible errors are a terrible thing. And, unfortunately, info about <a href="https://support.apple.com/en-am/guide/mac-help/mchlp1774/mac" target="_blank">iCloud Drive status icons</a> is hard to find, and somewhat limited. Note also: Contrary to the info in the above link, the icons are for iCloud Drive, regardless whether the sub-feature of <a href="https://support.apple.com/en-us/HT206985" target="_blank">Desktop and Documents</a> is specifically enabled - in my case, that's disabled.)</p><p>With the info gained above, I see that in all the cases that I'm dealing with - of a file stuck in "Waiting to upload" - each of them has an extended attribute <span style="font-family: courier;">com.apple.metadata:kMDItemWhereFroms</span> which is _very large_.</p><p>It does not contain, as expected, a URL of where the document came from - but it actually apparently contains another copy of the full document. :/</p><p>This metadata is also apparently unexpected / dysfunctional, since even though it shows via <a href="https://ss64.com/osx/ls.html" target="_blank">ls</a> or <a href="https://ss64.com/osx/xattr.html" target="_blank">xattr</a>, the <a href="https://ss64.com/osx/mdls.html" target="_blank">mdls</a> command ignores it.</p><p>So now I'm even more sure, that this extended attribute is disposable. One last question: Does removing it, update the "modified" timestamp (which is useful info that I want to preserve)? Thankfully, some testing shows that the timestamp is unchanged.</p><p>So what I did (standard disclaimers apply - use at your own risk) to find and fix all such files in my iCloud Drive directory, was something like this:</p><div style="text-align: left;"><span style="font-family: courier; font-size: x-small;">find ~/Library/Mobile\ Documents/com\~apple\~CloudDocs \<br /></span><span style="font-family: courier; font-size: x-small;"> -type f \<br /></span><span style="font-family: courier; font-size: x-small;"> -xattrname com.apple.metadata:kMDItemWhereFroms \<br /></span><span style="font-family: courier; font-size: x-small;"> -print | while read -r thePath; do<br /></span><span style="font-family: courier; font-size: x-small;"> testVal=$(xattr -lp com.apple.metadata:kMDItemWhereFroms "$thePath" 2>/dev/null | \<br /></span><span style="font-family: courier; font-size: x-small;"> head -5 | tail -4 | sed 's/^.* |//;s/|$//' | tr -d '\n')<br /></span><span style="font-family: courier; font-size: x-small;"> if [ $(echo "$testVal" | grep -E -c 'data:(application|attachment)') -gt 0 ] ; then<br /></span><span style="font-family: courier; font-size: x-small;"> echo 'BEFORE:'<br /></span><span style="font-family: courier; font-size: x-small;"> ls -l@ "$thePath"<br /></span><span style="font-family: courier; font-size: x-small;"> xattr -d com.apple.metadata:kMDItemWhereFroms "$thePath"<br /></span><span style="font-family: courier; font-size: x-small;"> echo 'AFTER:'<br /></span><span style="font-family: courier; font-size: x-small;"> ls -l@ "$thePath"<br /></span><span style="font-family: courier; font-size: x-small;"> fi<br /></span><span style="font-family: courier; font-size: x-small;"> done</span></div><div style="text-align: left;"><br /></div><div style="text-align: left;">Quite soon after doing the above, <a href="https://www.unix.com/man-page/mojave/8/bird/" target="_blank">bird</a> noticed and sync'ed them all. Nice.</div><div><br /></div><div>(BTW: Check out <a href="https://www.unix.com/man-page/mojave/1/brctl/" target="_blank">brctl</a> - fun to watch that _really_ verbose log - though didn't seem help in my case.)</div>Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-73043020397676318502021-02-03T12:13:00.003-05:002021-02-03T12:29:10.145-05:00macos term file "could not be opened because it is corrupt"<p style="text-align: left;">A ".term" file is a useful way to wrap up some command-line stuff, in a neat little package which requires no command-line knowledge, no luck in typing it perfectly, etc. - for some discussion, see these old Hints articles: <a href="http://hints.macworld.com/article.php?story=20010702041812535" target="_blank">Run shell scripts from GUI</a> and <a href="http://hints.macworld.com/article.php?story=20030523103916663" target="_blank">Use partial .term files for quick…</a> (note that the <span style="font-family: courier;">ExecutionString</span> attribute can be anything you want…).</p><p>I was working on a new .term file, having started by duplicating a perfectly usable one - but getting this unhelpful error:</p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p></p></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;">The file “test.term” could not be opened because it is corrupt.<br /><p style="text-align: left;">It may have been incompletely copied from another machine.</p></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p></p></blockquote><p>And then _finally_ remembered that the file is XML, and ampersands have literal meaning, so must be "escaped", as in HTML, like so:</p><p><span style="font-family: courier;"></span></p><blockquote><span style="font-family: courier;">&amp;</span></blockquote><p></p><p>Hopefully, noting that here, saves someone (like myself) a bit of hair-tearing next time.</p>Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-50642412791037534392020-12-17T15:32:00.001-05:002020-12-19T11:11:01.210-05:00FileVault Mac, in headless mode, notifies on boot<p>Oh; fun!</p><p>I'm lucky enough to be experimenting with a new <a href="https://www.apple.com/mac/m1/" target="_blank">M1</a> <a href="https://www.apple.com/mac-mini/" target="_blank">Mac mini</a>, and followed through the prompts (on a kinda autopilot, from setting up my own MacBook) to set it up with <a href="https://support.apple.com/en-us/HT204837" target="_blank">FileVault 2</a> "full-disk encryption", even though this will be a server.</p><p>So I found out the hard way, that this then requires (purposely; for security) entering a password _very_ early in the boot process - before it even gets an IP address.</p><p>Which also means no remote connection; not via Screen Sharing, or ssh - no headless.</p><p>(Note: There is a <a href="https://derflounder.wordpress.com/2012/09/22/fdesetup-authrestart-filevault-2s-one-time-encryption-bypass-feature/">way to avoid this - for a single boot</a>.)</p><p>But; back to the cool part; I rebooted (to apply a software update) before I remembered the above, and a few moments later, while I was trying to debug why I couldn't reach it, the mini (which was indeed headless), started playing the "Find My..." sound effect - that is a nice touch!</p>Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-20791026366520368512020-11-14T14:34:00.001-05:002020-11-14T14:34:15.395-05:00Touch ID becomes an annoyance, when using a MacBook in clamshell modeFor instance: It's a very cool feature, to store an auth token, which allows decryption of passcode-encrypted iWorks docs, via Touch ID.<div><br /></div><div><i>Except</i> if you've switched to using your MacBook in clamshell mode (i.e.: using an external display, with the lid closed) - in which case, the apps will prompt for the decryption passcode (which, optimally, would be different for each doc) -- even though, in the days before Touch ID, it would store a token accessible via KeyChain.</div><div><br /></div><div>So, to make the switch back, to using KeyChain instead of Touch ID:</div><div><br /></div><div>Delete all fingerprints from the Touch ID preference pane, in System Preferences. (Which, since you've switched to clamshell mode, you're rarely using anyway - if ever.)</div><div><br /></div><div>In retrospect, kinda obvious - though this annoyance has been on my To Do list for awhile. Hopefully this tip saves someone else some trouble.</div>Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-3992338956357110302020-10-08T16:59:00.004-04:002020-10-08T17:03:34.558-04:00can't unlock Mac with Apple Watch anymore?<p>Problems with "Use your Apple Watch to unlock apps and your Mac" function of macOS?</p><p> (In the "Security & Privacy" section of System Preferences.)</p><p><br /></p><p>Seeing an error message like "Your Mac was unable to communicate with your Apple Watch"?</p><p><br /></p><p>Maybe it was working before, and suddenly isn't?</p><p><br /></p><p>Maybe you recently reset you Apple Watch? (That was the precipitating event for me.)</p><p><br /></p><p>It took me some digging to find, so hopefully these extra breadcrumbs here, help more folks to this signal boost, for the good folks at macrumors.com, who <a href="macrumors.com" target="_blank">solved the problem</a>.</p>Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-76302665644351967432020-02-16T16:09:00.000-05:002020-02-17T12:10:05.392-05:00Quicksilver, Spotlight and indexing contentI've noticed that the info I care about (messages, tasks, notes, code, whatever), is spreading to quite a few documents, apps and systems - both local to the device I'm using, and remote. (Maybe in a web system - which may or may not be sync'd / cached on my local device.)<br />
<br />
And it's increasingly common, when I'm looking for something, that I can't immediately recall <i>which system it's in</i>, so where to start looking.<br />
<br />
Which of course means I now have to put aside what I was trying to do, to focus instead, on how to find the info. And then remember what I was trying to do in the first place, to resume that task - hopefully…<br />
<br />
This kind of context-switching sometimes does result in losing the primary task. It's certainly a waste of time and energy.<br />
<br />
So, since I use <a href="https://qsapp.com/" target="_blank">Quicksilver</a> extensively, I started to see this new issue, as a nail, for my Quicksilver hammer…<br />
<br />
In the back of my head, I had a recollection that, while I'd always found Spotlight limited and cumbersome, it did a great job indexing the <i>content</i> of apps like Notes and Reminders - two of the systems I wanted to be able to reach into.<br />
<br />
People who use Spotlight, may be inclined to observe how well it works for them, and how mystified they are, that some of us don't use it. It's possible, that those of us not using it, have a good reason - there may also be some inertia…<br />
<br />
Thinking of Spotlight prompted another memory, that Quicksilver might… yes; it does have a <a href="https://qsapp.com/manual/plugins/spotlight/" target="_blank">Spotlight plugin</a> - however I got confusing results: It was not showing content (which I knew was there) from Notes or Reminders… It seems to be limited to showing results in a Finder window (vs. the main Spotlight window) - which apparently does <i>not</i> show "Other" content such as Notes or Reminders. :/<br />
<br />
I do virtually all searches (including across the web) from Quicksilver. And while I'd prefer to avoid the cognitive cost of deciding how/where to search, then launching a separate search system, and only then specifying what I wanted to find (this is backwards, for most humans) Spotlight does appear to be a better tool, for finding <i>content</i>.<br />
<br />
Quicksilver is oriented more to files - and performing actions - than finding content. (Perhaps someone will point out that this too is a misunderstanding. :) )<br />
<br />
Another plus for Spotlight: It's available (by default) on iOS as well as macOS, so as I move among those devices, Spotlight is right there.<br />
<br />
Time to at least <i>consider</i>, that there are different kinds of nails, and different <a href="https://en.wikipedia.org/wiki/Law_of_the_instrument" target="_blank">hammers</a> - some of which, we <i>thought</i> we knew.<br />
<br />
<br />Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-52734249832101640922020-01-04T09:24:00.000-05:002020-01-04T09:24:02.539-05:00hdiutil Error 110: image not recognizedA script to keep a disk image (AKA dmg) mounted, was suddenly failing - silently.<br />
<br />
(Why create such a script? In this use-case, the image / volume should only be mounted when the app using it, is frontmost and might need it; otherwise it should be dismounted - so that it may be safely mounted by another Mac. Since there's no file-locking in this scenario, mounting it on multiple Macs simultaneously, can result in conflicts. Since this is a <span style="font-family: "courier new" , "courier" , monospace;">sparsebundle</span>, conflicts result in multiple <span style="font-family: "courier new" , "courier" , monospace;">bands</span>, which is usually (somewhat) straightforward to sort out - but manually, and who wants that?)<br />
<br />
I ran the script in a debug / trace mode (<span style="font-family: "courier new" , "courier" , monospace;">bash -x</span>) and saw nothing interesting - except then I noticed:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">hdiutil attach -quiet -noautoopen /path/here</span><br />
<br />
Ah yes; after debugging the previous issue, I'd set <span style="font-family: "courier new" , "courier" , monospace;">-quiet</span>, to make the output cleaner.<br />
<br />
(BTW: The <span style="font-family: "courier new", courier, monospace;">-noautoopen</span> option is handy, since without it, the Finder otherwise can open a window for the top level of the volume - right in front of whatever it was you were working on.)<br />
<br />
So I ran that command with <span style="font-family: Courier New, Courier, monospace;">-verbose</span> instead - and got this error message:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">Error 110 (image not recognized).</span><br />
<div>
<br /></div>
<div>
Which didn't get me far; I couldn't find any references that helped, especially since the image mounted OK from the GUI - at which point I realized the problem:</div>
<div>
<br /></div>
<div>
It worked in the GUI, because <span style="font-family: "courier new", courier, monospace;">/path/here</span> was an <span style="font-family: Courier New, Courier, monospace;">alias</span> - however the script did not know how to resolve an <span style="font-family: inherit;">alias</span>; it needed a <span style="font-family: Courier New, Courier, monospace;">symlink</span> instead - which the GUI happily also recognizes. A symlink just isn't be able to auto-update, as an alias can, if the target is moved. (Side note: symlinks can be _much_ smaller; handy on a small filesystem.)</div>
Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-56869414660233016882019-11-26T10:22:00.000-05:002019-11-26T10:22:00.425-05:00Moving tabs between windows, in macOS SafariGreat feature; drag a tab from one window to another - works like a charm!<br />
<br />
(No tabs showing, to drag? Create a new tab - at which point, you'll see a tab, for your original, to drag.)<br />
<br />
Drag not working? You always end up with a separate window? Likely because (interestingly): It's disallowed to drag tags between a "private" window, and a normal window - looks like the private-ness is per-window.Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-56073074134121388372019-11-22T22:03:00.000-05:002019-11-22T22:03:02.824-05:00Recover lost Safari windowsYou know how macOS Safari has that great feature (I believe credit goes to other browsers, for getting it earlier), where when you quit the app (or restart or it crashes), and when you start it up again, all your windows are right back where they were? And what a huge weight off your mind that is?<br />
<br />
My Mac just had a Kernel Panic, and when I restarted, all the windows were gone - what a feeling of letdown and loss.<br />
<br />
Luckily, I remembered another feature - which is apparently built on the same saved data:<br />
<br />
History -> Reopen Last Closed Window<br />
<br />
(If you like command-key shortcuts: shift - command - T)<br />
<br />
And - faith restored: It saves a _bunch_ of them; just keep hitting it, to open the N last closed windows.<br />
<br />
I don't know what the max of N is, but I did about 30, no sweat.<br />
<br />
Phew!Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-54906946282710867892019-02-07T08:02:00.002-05:002019-02-07T08:02:35.264-05:00more about delight in the Apple Human InterfaceCool; I just used the "Back" function in Apple's Safari web browser - and happened to be paying attention enough, to see that what it actually did, was what I _wanted_, rather than what I asked for:<br />
<br />
I happened to be in a tab created by a command-click of a URL in the previous tab; there was no "back" in this case - so it did _exactly_ the right thing - it closed the tab and returned me to the previous tab.<br />
<br />
This is precisely the thoughtful design that Apple is known for:<br />
<br />
<ul>
<li>Some of us (developers) know it directly, and know how much work it takes.</li>
<li>And the rest of us who use a Mac, iPhone, iPad, etc., know it simply because, when the interface surprises us, it's usually a pleasant surprise.</li>
</ul>
<br />
A delight if you will - which is actually an explicit part of the official Apple <a href="https://developer.apple.com/design/human-interface-guidelines/ios/overview/themes/" target="_blank">Human Interface Guidelines</a>.<br />
<br />
That's a lot of hard work, which is usually (by design!) unnoticed - the point is not the device, but what _you_ want to do with it.<br />
<br />
Although, every once in awhile, it's nice to appreciate - thanks, folks!Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-14232087820547495622019-01-03T09:15:00.000-05:002019-01-10T11:05:31.983-05:00Delving Into Outlook / Exchange Server-Side RulesGot a lot of rules?<br />
<br />
Tired of paging through the GUI, trying to find just which rule is (mis)handling those emails?<br />
<br />
Here's how to get the "code" for the rules, as text:
<br />
<br />
<h4>
<span style="font-weight: normal;">
Use <a href="https://docs.microsoft.com/en-us/exchange/outlook-web-app-exchange-2013-help" target="_blank">OWA</a> - something like this, modified for your realm:</span></h4>
<a href="https://outlook.office.com/owa/?realm=YOUR-REALM-HERE&path=/options/inboxrules">https://outlook.office.com/owa/?realm=YOUR-REALM-HERE&path=/options/inboxrules</a><br />
<br />
Manual navigation (if the above URL doesn't work):
<br />
<ul>
<li>InBox Rules (under Options > Mail > Automatic Processing - or use Help)</li>
<li>At page bottom: "click here to generate a diagnostic report"</li>
</ul>
The resulting email contain your rules - now you can at least grep / search through them!<br />
<br />
The file most people will be interested in, is "InBoxRules.txt"; here are some highlights from one:
<br />
<ul>
<li>Name="the name you gave your rule"</li>
<li>ExecutionSequence="101" <-- important; rules are executed in order</li>
<li>StateFlags="Enabled, ExitAfterExecution" <-- no further rules will be used</li>
<li><Restriction</li>
<ul>
<li>SubType="RecipientRestriction" <-- this rule is based on recipient</li>
</ul>
<li><Action…</li>
<ul>
<li>Type="OP_MOVE"</li>
</ul>
<li>FolderName="Deleted Items" <-- and the action is to delete the msg</li>
</ul>
<br />
Notes:
<br />
<ul>
<li>An XML browser helps a lot; I use <a href="http://www.barebones.com/products/bbedit/">BBEdit</a>.</li>
<li>Yes; this is read-only - you do have to go back to the GUI to make any changes.</li>
<li>Since this web UI shows the contents of rules as text, it may be enough to use it directly (ex: using the browser's "Find" function) - with the added benefit of being able to make any desired changes directly. It is however, necessary to click through each rule, to see the full definition...</li>
<li>My previous post may also be helpful: <a href="https://mvgfr-geek.blogspot.com/2018/12/how-to-recover-export-outlook-for-mac.html" target="_blank">How-To recover / export Outlook for Mac "Smart Folder" AKA "Saved Search" configs</a></li>
</ul>
Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-13062239518868706302018-12-10T13:43:00.002-05:002019-01-10T10:44:33.339-05:00How-To recover / export Outlook for Mac "Smart Folder" AKA "Saved Search" configsApparently there's no way to export this part of the Outlook config directly. :/
<br />
<br />
However there are some strings to pull on, which can help:<br />
<br />
There are "links" to the config data, in a sqlite DB, which can be seen like so:<br />
<code>sqlite3 ~/'Library/Group Containers/UBF8T346G9.Office/Outlook/Outlook 15 Profiles/Main Profile/Data/Outlook.sqlite' 'select * from SavedSpotlightSearch'</code>
<br />
(The "UBF8T346G9" above, may vary?)<br />
<br />
<br />
Even better, the "Smart Folder" configs (including, apparently, those that have been deleted?) are stored in this directory (for recent versions of Outlook for Mac):<br />
<code>~/'Library/Group Containers/UBF8T346G9.Office/Outlook/Outlook 15 Profiles/Main Profile/Data/Saved Searches/'</code>
<br />
<code><br /></code>
As a cheap hack, here's what I did, to recover the searches from one Mac, and implement on another:
<br />
<br />
<ol>
<li>Dump the data; ex: <br /><pre>find ~/'Library/Group Containers/UBF8T346G9.Office/Outlook/Outlook 15 Profiles/Main Profile/Data/Saved Searches' -type f | while read -r thePath; do echo; echo; ls -ld "$thePath"; cat "$thePath" | tr -d '\000' | tr -cs "[:print:]" '\n' | egrep -v '^[[:blank:]]*$' | sed 's/\([^ (]\)(/\1\'$'\n(''/g' | sed 's/)\([^ )]\)/)\'$'\n''\1/g'; done</pre>
(Removes NULLs; translates non-printing chars to LFs; removes extraneous LFs; puts "sections" on separate lines - a bit hacky, since there's no docs that I can find, for this file format.)</li>
<li>Interpret the needed bits; more info below.</li>
</ol>
Some tips, on decoding the data:
<br />
<ul>
<li>The data is apparently in two-byte characters - the above is a cheap hack which works in ASCII anyway. :/</li>
<li>Near the top, is some definitory info, like the <code>com_microsoft_outlook_folderID</code> to search in. (You may be able to deduce the correct folders, without having to figure out <a href="http://blog.stevex.net/2011/03/outlook-2011-smart-folder-with-raw-query/" target="_blank">how to determine which folder corresponds to which ID</a>.)</li>
<li>Then the "Smart Folder" name.</li>
<li>Then, finally, the search / query itself - there's a bit "encoding" here too, so not quite "cut and paste". :/</li>
</ul>
<div>
And since (on a Mac) these are stored in the "Raw Query" format, which uses the underlying Spotlight metadata, here's the official Apple doc on the <a href="https://developer.apple.com/library/archive/documentation/Carbon/Conceptual/SpotlightQuery/Concepts/QueryFormat.html" target="_blank">File Metadata Query Expression Syntax</a>.</div>
<div>
<br /></div>
Interesting note: This exposes the "Raw Query" syntax (leveraging Spotlight / mdfind), which can be a learning opportunity, for creating more interesting searches (since <a href="https://answers.microsoft.com/en-us/search/search?SearchTerm=raw+query&IsSuggestedTerm=false&tab=&isFilterExpanded=false&searchFormBtn=&CurrentScope.ForumName=msoffice&CurrentScope.Filter=mso_mac&ContentTypeScope=#/msoffice/mso_mac//1" target="_blank">Raw Query docs are a wee bit sparse</a>).<br />
<br />
Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-25832648445388471452018-10-26T08:10:00.002-04:002020-09-24T12:58:43.515-04:00git-crypt works smoothly - until it doesn't<h2>
</h2>
<h2>
Some repos use git-crypt to encrypt secrets; they are committed in encrypted form, and decrypted locally, auto-magically, using GPG keys.</h2>
This magic is, shall we say, simple until it's not -- in "interesting" ways.<br />
<br />
This is written from the point-of-view of someone inheriting an existing config - which broke, due to multiple keys.<br />
<br />
In the hope of saving someone else their sanity, here are a few learnings.<br />
(Which are hopefully even correct.)<br />
<br />
We'll start with the easy stuff; then, well, <em>Buckle up...</em><br />
<em><br /></em>
<br />
<h2>
How to get started as a new collaborator:</h2>
<ul>
<li><span style="font-family: "courier new" , "courier" , monospace;">brew install git-crypt</span></li>
<li>install the "<a href="https://gpgtools.org/" target="_blank">GPG Suite</a>"</li>
<li>generate a key pair</li>
<li>upload your new <em>public</em> key to the interwebs</li>
<li>give public key to an existing collaborator, who must:
<ul>
<li>add the new user to their GPG keychain</li>
<li><em>sign the new user's key</em></li>
<li><code>git-crypt add-gpg-user --trusted USER_ID</code>
<ul>
<li>Use '--trusted' to avoid dependency of public "Web of Trust"</li>
<ul>
<li>(Yes; this is potentially less secure.)</li>
</ul>
<li>The USER_ID above is usually the email address that the user configured their GPG keypair with</li>
<li><span style="font-family: "courier new" , "courier" , monospace;">add-gpg-user</span> should result in output like this:</li>
</ul>
</li>
</ul>
</li>
</ul>
<pre><code>[master 30babf07] Add 1 git-crypt collaborator
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 .git-crypt/keys/default/0/72E278AE2FB3...8F90BB21B36FD67.gpg
</code></pre>
<pre><code>
</code></pre>
<h2>
How was git-crypt set up in the first place?</h2>
(See above for a bit more detail on some of these steps, such as expected output.)<br />
<ul>
<li><span style="font-family: "courier new" , "courier" , monospace;">brew install git-crypt</span></li>
<li>navigate to the repo you want to use git-crypt with</li>
<li><code>git-crypt init</code>
<ul>
<li>Note: This creates a symmetric key.</li>
</ul>
</li>
<li>add the first GPG user: <code>git-crypt add-gpg-user --trusted ADMIN-USER_ID</code>
<ul>
<li>This user must exit already in GPG.</li>
<li>You might consider this the "admin" user; they'll be the only one to be able to decrypt secrets, add more users, etc. - until other users are added.</li>
<ul>
<li>Why yes; it would be a good idea to add more people - say, if this person leaves the organization.</li>
</ul>
</ul>
</li>
<li>unlock, using new GPG key (will prompt for that key's passphrase): <code>git-crypt unlock</code></li>
<li>config a <code>.gitattributes</code> file with contents like <code>secretfile* filter=git-crypt diff=git-crypt</code>
<ul>
<li>the <code>.gitattributes</code> file defines which files are to be encrypted</li>
<ul>
<li>And <em>must</em> be in place BEFORE adding a file that must be encrypted.</li>
</ul>
</ul>
</li>
<li><code>git add .gitattributes</code></li>
<li>commit and push: <code>git commit -m 'your comment here'; git push</code></li>
</ul>
<div>
<span style="font-family: monospace;"><br /></span></div>
<h3>
A few notes:</h3>
<ul style="text-align: left;">
<li>what causes the encryption to actually take place?
<ul>
<li>See the notes on the <code>.gitattributes</code> file, above.</li>
</ul>
</li>
<li>check encryption status (for <code><span face="-webkit-standard">encrypted files, </span>GITCRYPT</code> shows at the top):</li>
<ul>
<li><code>git-crypt status -e | awk '{print $2}' | while read thePath; do echo $thePath\: $(cat $thePath | xxd -l 9); done</code></li>
<li>Warning: You could push the change and confirm it's encrypted in the web UI - except if it's not, that secret is now forever* ensconced in your repo. (*<a href="http://stackoverflow.com/questions/872565/ddg" target="_blank">How to remove secrets from a repo - AKA: It's too late</a>.)</li>
</ul>
<li>GPG items in MacOS keychain, are not named with "GPG", but with "GnuPG"</li>
<li>we're using GPG here (not PGP); it makes little difference to the procedure (ex: a GPG fingerprint is not for GPG only)</li>
<li>if freshly cloned, need to <code>git-crypt unlock</code> again (default state is locked)</li>
<li>who's got access?</li>
<ul>
<li><code>ls -l .git-crypt/keys</code></li>
<li>each filename contains a user's fingerprint (look that up, on a keyserver)</li>
</ul>
<li>Trouble getting file to actually encrypt?
<ul>
<li><code>git-crypt status -f</code></li>
<li><code>git-crypt lock --force</code></li>
<li>"<a href="https://github.com/AGWA/git-crypt/issues/52" target="_blank">Touching the file and re-committing it forces git-crypt to re-encrypt it</a>"</li>
</ul>
</li>
<li>Seeing errs like: "<code>still unencrypted even after staging</code>" OR "<code>encrypted file has been tampered with</code>" OR "<code>Warning: one or more files is marked for encryption via .gitattributes but was staged and/or committed before the .gitattributes file was in effect</code>" ?
<ul>
<li>unstage (ex: <code>git reset HEAD secrets.yml</code>)</li>
<li>redo the dance with <code>git-crypt status -f</code> and <code>git-crypt lock --force</code></li>
<li>maybe start from a fresh clone - <em>and save aside, any files that are unencrypted</em></li>
<li>be <em>certain</em> the file is really encrypted <em>before</em> using <code>git add filename</code></li>
</ul>
</li>
<li>But <code>git-crypt status -e</code> says the files are encrypted!
</li>
<ul>
<li><em>NO</em>; it's only saying that those files are <em>configured</em> to be encrypted</li>
<li>check the <em>contents</em> to confirm if it's <em>actually</em> encrypted (see "check encryption status" above)</li></ul><li></li><li>getting an err like <span style="font-family: "courier new", courier, monospace;">ERROR! Unexpected Exception: 'utf8' codec can't decode byte 0xd0 in position 11: invalid continuation byte </span>?</li><ul><li>Check your git-crypt config; if that's OK, reclone the repo (the git-crypt status may be hosed.)</li></ul><ul>
</ul>
</ul>
<div>
<br /></div>
<h3>
How to reset the encryption on a repo:</h3>
<em>Here be dragons; this should be avoided, but if you have to...</em><br />
<ul>
<li>list files that have been encrypted: <code>git-crypt status -e | awk '{print $2}' > encrypted-files</code></li>
<li>make sure repo is in UNlocked state: <code>git-crypt unlock</code></li>
<li>save decrypted copies of all encrypted files; ex: <code>git-crypt unlock; tar czf ../saved.tgz ./</code></li>
<ul>
<li>if you don't have unencrypted copies anymore?</li>
<li>get them from another collaborator, old unlocked copy of the repo, ...</li>
<li>there is no known way to recover them otherwise</li>
</ul>
<li>remove all encrypted files; ex: <code>cat encrypted-files | xargs -t -n1 rm</code></li>
<li>remove all git-crypt files: <code>rm -rf .git-crypt .git/git-crypt</code></li>
<li>? may be necessary to save & remove the <code>.gitattributes</code> file too? (doubtful)</li>
<li>commit: <code>git commit -a -m 'your comment here'</code></li>
<li>re-config git-crypt: <code>git-crypt init</code>
<ul>
<li>Note that this creates a new symmetric key, stranding files encrypted with any other key.</li>
</ul>
</li>
<li>add the first AKA "admin" user: <code>git-crypt add-gpg-user --trusted ADMIN-USER_ID</code></li>
<li>unlock, using new GPG key: <code>git-crypt unlock</code></li>
<li>add any addtl users: <code>git-crypt add-gpg-user --trusted ONCE-PER-ADDTL-USER_ID</code></li>
<li>if you removed the <code>.gitattributes</code> file above, copy it (or its contents) back
<ul>
<li>the <code>.gitattributes</code> file <em>must</em> be in place BEFORE adding a file that must be encrypted.</li>
</ul>
</li>
<li>copy decrypted files back in</li>
<li>confirm files are decrypted: <code>git-crypt status -e | awk '{print $2}' | while read thePath; do echo $thePath\: $(cat $thePath | xxd -l 9); done</code>
<ul>
<li>It <em>may</em> be helpful to make the files different (ex: add a comment) to help force encryption with new key...</li>
</ul>
</li>
<li>some extra git-crypt magic: <code>git-crypt status -f</code></li>
<li>make sure repo is in UNlocked state: <code>git-crypt unlock</code></li>
<li>force encryption: <code>git-crypt lock --force</code></li>
<li>CONFIRM FILES ARE ENCRYPTED (they'll show <code>GITCRYPT</code>):</li>
<ul>
<li><code>git-crypt status -e | awk '{print $2}' | while read thePath; do echo $thePath\: $(cat $thePath | xxd -l 9); done</code></li>
</ul>
<li>if not, see notes above - <i>it will be messy</i> if you add (or worse commit) unencrypted info</li>
<li><code>for <span face="-webkit-standard">each of the encrypted files: </span>git add ...</code></li>
<li>commit & push: <code>git commit -a -m 'your comment here'; git push</code></li>
<li>you probably want to unlock again: <code>git-crypt unlock</code></li>
<li>after keys are reset, a possible solution to: checkout (ex: of a branch) fails with "encrypted file has been tampered with":
<ul>
<li>make a fresh clone of the repo</li>
<li><em>leave it locked</em></li>
<li>checkout branch (ex: keys were reset on master, but old keys are left on your branch)</li>
<li>cherry-pick the commits for the new keys & newly-encrypted files (in chron order?)</li>
<li><em>then</em> unlock</li>
</ul>
</li>
<li><em>a fresh clone is best</em>; otherwise, something like this <em>might</em> help: <code>git-crypt lock --force; git stash; git pull</code></li>
</ul>
<div>
<span style="font-family: monospace;"><br /></span></div>
<h3>
WHY would you ever want to reset the encryption on a repo??</h3>
<ul>
<li>You somehow got secrets committed, with multiple symmetric keys (ex: ran <code>git crypt init</code> more than once).</li>
<li>You want to be safe, after a collaborator has left the project.</li>
</ul>
<div>
<br /></div>
<h3>
References:</h3>
<ul>
<li>a nice <a href="https://guyrking.com/2018/09/22/encrypt-files-with-git-crypt.html" rel="" target="_blank">git-crypt tutorial</a></li>
<li><a href="https://github.com/AGWA/git-crypt/issues/47" target="_blank">deleting / removing GPG users from a git-crypt config</a></li>
<li><a href="https://github.com/AGWA/git-crypt/blob/master/README" rel="" target="_blank">git-crypt repo</a></li>
<li><a href="https://www.agwa.name/projects/git-crypt/" rel="" target="_blank">git-crypt project</a></li>
</ul>
Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-73353079024148984102018-03-02T13:34:00.004-05:002018-03-12T09:04:43.516-04:00is your Mac waking on its own, draining battery and then just plain powering down?I've twiddled every setting I can find, and this still happens:<br />
<br />
<ul>
<li>I close the lid of my MacBook,</li>
<li>Carefully listen for the fan to stop...</li>
<li>(Wish they'd kept the pulsing LED; that was an excellent design.)</li>
<li>And only _<i>then</i>_ do I put it in my bag.</li>
<li>Some time later, I pull it out - to find it hot and/or powered off. Yuck. :(</li>
</ul>
<div>
(Kudos to Apple for constructing macOS so solidly, that even when it powers down unexpectedly (still sub-optimal), it actually does come back quickly - even with <i>unsaved</i> work, ready to pick up where you left off. Nice.)</div>
<div>
<br /></div>
<div>
Recently, I've been watching this strange sleep behavior even more closely, and several times have witnessed this sequence:</div>
<div>
<ul>
<li>Close lid & listen for fan to stop...</li>
<li>Keep listening; after a few more moments, the fan starts again!</li>
<li>This sequence repeats</li>
</ul>
<div>
This seems to be new-<i>ish</i> behavior; as of the last few releases of macOS.</div>
<div>
<br /></div>
<div>
I've done everything I can find (details below), to get it to _<i>stay</i>_ asleep, but to no avail.</div>
<div>
<br /></div>
<div>
However I just found something new; from the man page of the <span style="font-family: "courier new" , "courier" , monospace;"><b>pmset</b></span> command:</div>
<div>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace;">ttyskeepawake - prevent idle system sleep when any tty (e.g. remote login session) is 'active'. A tty is 'inactive' only when its idle time exceeds the system sleep timer.</span></blockquote>
</div>
<div>
<br /></div>
<div>
Yes; if I've got an ssh connection open to a remote host, for a command-line, I do indeed not want it to sleep - _<i>except</i>_ here's the new (to me) part:</div>
<div>
<br /></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">ttyskeepawake</span> is apparently for _<i>any</i>_ TTY - _<i>not</i>_ just those open via Terminal, as one might think; see the output, as a result of turning <span style="font-family: "courier new" , "courier" , monospace;">ttyskeepawake</span> off:</div>
</div>
<br />
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace;">Warning: This option disables TCP Keep Alive mechanism when sytem is sleeping. This will result in some critical features like 'Find My Mac' not to function properly.</span></blockquote>
<div>
Example command to turn it off (for all power sources):</div>
<div>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace;"><b>pmset -a tcpkeepalive 0</b></span></blockquote>
</div>
<div>
<br /></div>
<div>
I'll try this over some time, to see if my MacBook finally does stay asleep, safely...</div>
<div>
<br /></div>
<div>
Feedback / suggestions welcome!<br />
<br />
3/12 update: Apparently the "<b style="font-family: "courier new", courier, monospace;"><span style="font-size: x-small;">sudo pmset -a standbydelay 259200</span></b>" setting must be performed <i>_while on battery_</i>; if done while on AC / wall power, the on-battery setting is not affected. :/</div>
<div>
<br /></div>
<div>
- - - </div>
<div>
<br /></div>
<div>
Other settings I use (each on a single line), to try to make it sleep quickly, _<i>and_</i> stay asleep:</div>
<div>
<br /></div>
<div>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><b>sudo pmset -a hibernatemode 0</b> # do NOT use Safe Sleep; saving time to sleep (and save disk space), by not writing /var/vm/sleepimage</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><b>sudo pmset -a standbydelay 259200</b> # 3 days of sleep, before moving from sleep to hibernate - MUST BE DONE WHILE ON BATTERY</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><b>sudo nvram boot-args="darkwake=0"</b> # disable "Dark Wake" (requires reboot)</span></blockquote>
<blockquote>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><b>sudo pmset -a womp 0</b> # disable "Wake On Magic Packet" (AKA "Wake-on-LAN", AKA "Wake for Wi-Fi Network Access" on recent MacBooks; also seen in the Energy Saver pane in System Preferences)</span><span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span></blockquote>
</div>
<div>
Also: A command line that I use, to see what the <span style="font-family: "courier new" , "courier" , monospace;">pmset</span> log has, since the most recent sleep event:</div>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><b>telltale='Entering Sleep state'; lastSleep=$(pmset -g log | fgrep -i -e "$telltale" | tail -1 | sed "s/${telltale}.*/$telltale/"); if [ "$lastSleep" ] ; then pmset -g log | sed -n "/$lastSleep/,\$p"; else echo '[WARN: Did not find a Sleep event]'; fi</b></span></blockquote>
Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-56607239546995636772017-11-13T11:45:00.002-05:002017-11-13T13:14:05.974-05:00Why did Skype hijack my phone?I installed "Skype for Business" recently (required by my org) and everything seemed fine.<br />
<br />
Some time later, I clicked on a phone number and selected "Call 888-555-1212 <number>using iPhone" from the contextual popup as usual - and Skype came up. Yuck.</number><br />
<number><br /></number>
<number>After a _great_ deal of searching, I found that reverting to the default behavior (of actually calling with my iPhone...) is as simple as:</number><br />
<ul>
<li>Open the FaceTime app.</li>
<li>Open its Preferences.</li>
<li>Look for the "Default for calls" popup, at the bottom.</li>
<li>Select "FaceTime".</li>
</ul>
Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-155474889375998912017-06-23T09:58:00.002-04:002017-07-11T11:53:21.153-04:00Stale NFS mounts<div style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 15px; padding: 0px; word-wrap: break-word;">
Think you've got a stale NFS mount, gumming up the works?</div>
<div style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 15px; padding: 0px; word-wrap: break-word;">
Maybe several mounts, you're not sure which is the problem, and your usual tools are not working (ex: they just hang)?</div>
<div style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 15px; padding: 0px; word-wrap: break-word;">
<br data-mce-bogus="1" /></div>
<div style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 15px; padding: 0px; word-wrap: break-word;">
Try this one-liner (sudo / root is required for "lsof"):</div>
<div style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 15px; padding: 0px; word-wrap: break-word;">
<br data-mce-bogus="1" /></div>
<textarea wrap="soft" data-settings="dblclick" readonly rows="10" cols="60">
sudo bash -c 'while read _ _ mount _; do read -t3 < <(stat -t "$mount") || echo "$mount mount timed out; with ("$(/usr/sbin/lsof -b 2>/dev/null | fgrep -c "$mount")") open files (via lsof) and mtab line (if any): "$(fgrep "$mount" /etc/mtab); done < <(mount -t nfs)'</textarea>
<div style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 15px; padding: 0px; word-wrap: break-word;">
<br _moz_dirty="" type="_moz" /></div>
<div style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 15px; padding: 0px; word-wrap: break-word;">
Which should ID the culprit, and give you some info to help determine how to handle.</div>
<div style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 15px; padding: 0px; word-wrap: break-word;">
<br data-mce-bogus="1" /></div>
<div style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 15px; padding: 0px; word-wrap: break-word;">
Notes:</div>
<ul style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 15px; margin: 0px; padding: 0px 0px 0px 30px;">
<li style="margin: 0.2em 0px; padding: 0px; word-wrap: break-word;">This unfortunately cannot simply be single-quoted, and executed via ansible. There's probably a way to add another level of quoting to address that, however I simply dropped the code in a file in my homedir, then ansible'd that.</li>
<li style="margin: 0.2em 0px; padding: 0px; word-wrap: break-word;">The "-b" option to "lsof" is essential, since it avoids blocking, which is almost certain in this circumstance.</li>
<li style="margin: 0.2em 0px; padding: 0px; word-wrap: break-word;">The "lsof" gives a simple count; if there are any, you may wish to repeat the "lsof" to actually show the open files.</li>
<li style="margin: 0.2em 0px; padding: 0px; word-wrap: break-word;">The mount's line from /etc/mtab should show some useful info, such as the IP address where the mount at least <i>was</i>, when it was made.</li>
</ul>
<div style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 15px; padding: 0px; word-wrap: break-word;">
<br data-mce-bogus="1" /></div>
<div style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 15px; padding: 0px; word-wrap: break-word;">
Inspired by: <a alt="linux - Is there a good way to detect a stale NFS mount - Stack Overflow" class="link-titled" data-mce-href="https://stackoverflow.com/questions/1643347/is-there-a-good-way-to-detect-a-stale-nfs-mount#7179628" href="https://stackoverflow.com/questions/1643347/is-there-a-good-way-to-detect-a-stale-nfs-mount#7179628" style="color: #2989c5; text-decoration: none;" title="https://stackoverflow.com/questions/1643347/is-there-a-good-way-to-detect-a-stale-nfs-mount#7179628">linux - Is there a good way to detect a stale NFS mount - Stack Overflow</a> </div>Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-40846755714346444892016-10-12T10:51:00.003-04:002016-10-12T10:51:57.743-04:00Mac windows moved mostly off-screen when switching displaysStrange new behavior (to me anyway) since upgrading to macOS Sierra (10.12):<br />
<br />
When I move between using my MacBook with a Thunderbolt display (only), and using it on with only the built-in display, it frequently leaves windows almost entirely off the side of the display. :/<br />
<br />
(If it matters, this is with a sleep, between mode switches - like when moving between home and office.)<br />
<br />
At no time was I using an extended desktop (multiple displays at once) - though it looks as if it somehow thinks it's in that mode. Though a trip to the Displays preference pane, shows that it is indeed using only only display.<br />
<br />
(More than once, I've also seen this: Upon wake, I see the Desktop - but no menubar. Perhaps another indication that it's confused and thinks there's another display - which has the menubar.)<br />
<br />
I found some interesting suggestions on <a href="http://superuser.com/questions/55341/move-an-off-screen-window-back-on-screen-on-mac-os-x">this SuperUser thread</a> though none of those worked for me, and I just created a new account there (coulda sworn I had one, but whatever), so couldn't post there yet :/ - hopefully this link helps.<br />
<br />
What _did_ work for me: Simply "Hide" (in the app menu, just to the right of the Apple menu) any app with windows off-screen; when the app was shown again, the windows were moved back onto the current (only) screen.<br />
<br />
In the process I also discovered the missing "Detect Displays" button, which was removed from the Displays preference pane at some point - press (and hold) the Option key. It had no effect on this issue, though maybe handy to know.<br />
<br />
(I have heard of folks seeing this issue on other releases like "El Capitan" (10.11) - hope this helps!)Marcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0tag:blogger.com,1999:blog-9469284.post-81534646950016147422015-04-08T06:44:00.000-04:002015-04-08T06:44:28.557-04:00SEO (search engine optimization) musingsi just did a web search for a topic where i don't have very much context to judge how relevant / reliable the results are<br />
<br />
of course i reflexively ignored the paid results<br />
<br />
for the "organic" results, if it's a topic i am familiar with, i may glance briefly at the top results - mostly for entertainment value, at the ridiculous junk that manipulated its way to the top<br />
<br />
however, with something unfamiliar, i hovered briefly over the top "organic" result, wondering if it was worth the effort to click through to see how useful it might be<br />
<br />
given the rampant manipulation behind high ranking, i wonder how many of us also reflexively ignore the top N organic resultsMarcantonio Rendinohttp://www.blogger.com/profile/13178010039917256804noreply@blogger.com0