Category Archives: General

macOS Adaptive Firewall

After that last post on enabling SSH back to my iMac, I realized I should do a little more research into security precautions. I stumbled onto information about the macOS Server Adaptive Firewall.

Enabling it couldn’t be much easier. It’s two commands; first to self-configure, and then to start the firewall:

sudo /Applications/ -c
sudo /Applications/ -f has a more thorough explanation of how to use the Adaptive Firewall, but I feel a little better knowing it’s running.

SSH to Mac

I’ve taken a bold step: I’ve enabled SSH back to my home computer.

Enable SSH in macOS Server -> Settings

For OPSEC, I’ve disabled all authentication methods except Public Key, with the hope that I can have a secure, reliable, SFTP connection my home machine from anywhere.

To make this change:

  1. I added my public key to ~/.ssh/authorized_keys
    • You can run this command: ssh-copy-id -i ~/
    • …or just copy ~/.ssh/ into ~/.ssh/authorized_keys/
  2. I enabled Remote Login in System Preferences
  3. To disable password-based authentication, I edited /etc/ssh/sshd_config with these changes:
    • ChallengeResponseAuthentication no
    • PasswordAuthentication no
    • UsePAM no1

That tutorial also recommends setting KbdInteractiveAuthentication no, but according to

Specified whether keyboard-interactive authentication is allowed. By default, the value of ChallengeResponseAuthentication is used.

Since it takes the value of ChallengeResponseAuthentication by default, I haven’t specified a value for KbdInteractiveAuthentication.

After making these changes, it’s important to restart ssh:

sudo launchctl stop com.openssh.sshd

If it looks like I’ve done something foolish, please let me know!

  1. This isn’t called out in that tutorial, but disabling PAM seems like the most prudent thing here. 

Farewell, 32-bit Apps

iOS 11 is the 32-bit Appocalypse. Before pulling the trigger on the update, I took a look at the apps on my phone that won’t survive the transition1:

  • Star Wars: Tiny Death Star: This was a really fun game; a Star Wars-themed re-skin of Tiny Tower. It was only supported for a year, and received its last update back in 2014. I’ll miss it, but Tiny Tower is still going strong if I want a fix.
  • Chesspuzzles: According to my iTunes Purchase History, I downloaded this on November 1, 2008. It was made by Eric Peng, but I can’t find any information about it now. It was never updated for Retina or 4” screens, let alone iOS 7. The app is filling this need for me these days.
  • Monopoly Here & Now: The World Edition: I think this was the only version of Monopoly available on iOS when I bought it back in February of 2009. Macworld gave it four mice. Someone thought to preserve the gameplay for posterity. The next time I have a Monopoly craving, I’ll spring for this version instead.
  • Super MAMC: This is still up on the store, as of this writing, but the last update it received was back in 2012. I think I first heard of this game from Brett Terpstra on his Systematic Podcast, before he jumped from 5by5. I’m glad the Apple Watch didn’t exist the last time I played this; I’d be terrified to see what it did to my heart rate. You can see the gameplay here.
  • Words HD Free: Letterpress filled the void Words With Friends left for me years ago. Good riddance.
  • UE SPL: This was a basic SPL meter. I haven’t needed a replacement yet, and I never even bothered to verify the accuracy of this one.
  • MusicConv: This was a basic Frequency to Note Name to Midi Number calculator. It was really useful for some projects years ago, but it doesn’t even seem to launch on iOS 10.
  • Canopener: This is a great standalone music player, with some simple spatialization algorithms. GoodHertz still sells an AU and AAX plugin with the same spatial processing.
  • Nord Beat 2: A MIDI step sequencer, last updated in 2014. I was mostly using it for drums, and apps like Elastic Drums had replaced it for me.
  • This service used to be the best way to see what shows and movies were on each streaming service, but JustWatch is now providing this service for me.
  • TaskPaper for iOS: Jesse Grosjean stopped supporting this app four years ago. Now I use Editorial for most of my iOS TaskPaper needs.

Thank you for your service. I’m sorry I can’t take you into the future with me; you’ll be missed.

  1. You can see this for yourself by heading to Settings ➡️ General ➡️ About ➡️ Applications. 

Stand Up

I launched a new app, Stand Up. It tries to solve a simple problem, as expressed by Joe Cieplinski:

I can read how many hours I’ve stood quite easily, even in the complications. Divide a circle in 12 pieces, and it becomes a breeze to see which number of hours you have currently fulfilled. But there’s no way to know whether one of those hours is the current hour.

Stand Up solves this through a watch complication that indicates whether or not you’ve gotten credit yet for standing in the current hour.

The app also includes a few other ways to tell if you’ve received credit for the current hour, including app icon badges and notifications. It’s free to download, with in-app ad support.

You can download it directly from the App Store:

Subscription Pricing

Michael Tsai has a great write up regarding the recent move by Day One towards subscription pricing. I completely agree with his conclusion that substantial price increases, combined with a change in the payment mode, are leading to confusion regarding the source of the backlash.

My hunch is that, for an app under ongoing development, many people would be fine paying a subscription that averages out to about the same amount they had previously been paying per year (initial purchase plus occasional upgrades). When I hear that an app is switching to a “sustainable model,” this is what I assume people mean is happening.


But that doesn’t seem to be what’s been happening. Instead, we’ve seen subscriptions combined with price increases, customers balking, and insinuations that people just don’t want to pay for anything anymore. With more than one variable changing at once, I don’t think we can conclude that people hate subscriptions.

Michael also recently summarized the 1Password backlash regarding their move towards subscription pricing.

Michael’s conclusion resonates with me because I’ve chosen not to sign up for some subscriptions exactly because of the price increases. Here’s where I stand on each of the examples he calls out:

  • Day One 2: I don’t know what I spent on this back in 2012, but I was happy to pay $50 early last year when version 2 shipped — this app is easily worth $12.50/year to me. Unfortunately, due to their sync restrictions, I didn’t migrate to version 2 until they shipped version 2.2, which included end-to-end encryption. I still feel a bit burned that I had to wait nearly 15 months for a feature they promised at launch. Even with the 50% discount they’re offering current customers, Day One Premium at $25/year is a 100% price increase over what I’ve previously spent, in exchange for “the ability to create more than ten journals” (I have one) and “access [to] all future premium features”. I’ll reconsider if there’s a compelling future feature, but for now, no thank you.
  • 1Password: I don’t know that I’ve ever paid for an update after my original Mac and iPhone purchases, but I know that I use this app dozens of times each day. When they offered their Family Day Special, I jumped onto their subscription plan. The value here is very obvious to me, and if I can make use of 1Password free to the rest of the family, that helps keep us all safe.
  • TextExpander: I’m still running version 5. I enjoy this app a lot, and especially appreciate their long-running support of Back to Work, but doubling the price was a bridge too far for me. When version 5 and the equivalent iOS app stop working for me, I plan to move my simple snippets into Apple’s native solution, and I’ll follow Dr. Drang toward Keyboard Maestro for my more complex snippets. I’ll miss some of Brett’s TextExpander Tools, though.
  • Lightroom: I thought about buying this when I finally picked up a nicer camera last year, but the value for the subscription wasn’t obvious. I’ve been making do with Apple Photos and some wonderful external editors. With native support for third-party editors returning in High Sierra, I doubt I’ll reconsider this choice.
  • Microsoft Office: Both my wife and I have licenses through our employers that allow for installation on a home machine, so we haven’t even had to think about this. If I lost access to that, I would be fine, but my wife would need to subscribe. For $70/year, I think she would get tremendous value from this subscription.

The bottom line is that I’ve fine with subscriptions when the price matches the value. Combining a price increase with the change in payment model will force me to reconsider the value, and I may or may not subscribe.

Net Neutrality

Per this Ars Technica article, I just filed my comments with the FCC regarding net neutrality. Feel free to crib from my comments to post your own:

I believe that broadband ISPs are ‘telecommunications services’, subject to Title II oversight.

I build mobile applications that rely on open access to the internet for their success, and I distribute music online. If ISPs are allowed to prioritize traffic, my uses of the internet are at risk of being substantially de-prioritized.

When I purchase broadband internet service from my ISP (Charter / Spectrum), I am paying for only that: a fast connection to the internet. While my ISP does include some free services such as an email account and security suite with my internet subscription, I do not use or want these features. I would decline to purchase them if that were an option. I pay for my own email account through, cloud storage through, web hosting at, and I manage my own security.

I believe my use of the broadband service I purchase fits the definition of “the transmission, between or among points specified by the user, of information of the user’s choosing, without change in the form or content of the information as sent and received” because I specify all of the services (points) I want to use, I choose the information to be transmitted, and I expect that the broadband service provider not to change the form or content of this information.

I have only one choice of broadband provider in my location. If the FCC waives its authority over broadband ISPs, I would be left at the whim of our provider regarding quality and price of service.

Please uphold the 2015 determination that broadband ISPs are ‘telecommunications services’ subject to greater oversight under Title II.

AT&T - Social Engineering

Justin Williams was the victim of an AT&T social engineering attack:

I instantly called AT&T’s customer service line to explain what is happening. I give them my name, my phone number, and my security passcode (this is key). The man on the phone reads through the notes and explains that yes, someone has been dialing the AT&T call center all day trying to get into my phone but was repeatedly rejected because they didn’t know my passcode, until someone broke protocol and didn’t require the passcode.

One of my co-workers reported this happening to him about three weeks ago (although he didn’t have any money stolen, to my knowledge). This is terrifying, and AT&T needs to address this.

Justin adds:

I’ve been told this is being escalated internally, but I haven’t heard anything from corporate channels, so I remain skeptical until I see or hear something.

I share his skepticism. This hole has existed for years, and AT&T has failed to patch it. I feel terrible for the situation Justin has ended up in, and I’m equally upset by the sense that I don’t have a way to protect myself from an attack like this.

Extra Security

I’ve had Extra Security enabled on my account for a long time, but it doesn’t seem like that would have helped me in this situation at all. From this page, the AT&T documentation says:

Benefits of extra security Without extra security, you or someone you authorize may need your wireless security passcode only in these situations:

  • Calling AT&T Customer Care.
  • Changing the passcode.
  • Managing your account in some retail stores.

When you add extra security to your wireless account, you or someone you authorize may need your wireless security passcode in these additional situations:

  • Managing your wireless account online.
  • Gaining secondary online access to the wireless account.
  • Managing your account in any retail store.

Extra Security doesn’t seem to change any of the requirements when calling in for support.

Additionally, every time I log in to their website, there’s a checkbox below the textfield for the passcode. On a site with normal 2-factor support, that checkbox says something like “Don’t require 2-factor on this machine for 24 hours”. On AT&T’s site, it says “Disable Extra Security”. I almost check this box every damn time, and have disabled it a few times.

Master for iTunes Droplet - Fixed!

In what may be a first for me, Apple just resolved the bug report I filed back in January regarding a problem with the Master for iTunes Droplet.

The root of the problem was that the OS version was being compared to a regular string of 10.6, instead of being compared as a numeric string. The result was that 10.10 was returning false when checked with is less than "10.6" then.

The bug report I filed included my suggested fix, so I was curious to see what they implemented. Here’s the relevant section of code:

set systemVersion to system version of (get system info)
considering numeric strings
    if systemVersion is less than "10.6" then
        log ("ITUNESMASTERINGDROPLET: incompatible system version")
        display alert SYSTEM_CHECK_ERROR_TITLE message SYSTEM_CHECK_ERROR_MESSAGE as warning buttons {CANCEL_BUTTON_TITLE} default button 1
        log ("ITUNESMASTERINGDROPLET: shutting down")
        error number -128
    end if
end considering

Their fix is slightly more elegant than what I suggested, but it’s fundamentally the same. They also addressed the problem with Gatekeeper rejecting the droplet.

The updated droplet is available for download now.

macOS Notification Center Scripts

After listening to a recent Mac Power Users episode on notifications, I decided it was finally time to reduce the flood of notifications I get on my Mac. I realized that the biggest obstacle for me with notifications on the Mac is the inconsistent behavior when I two-finger-edge-swipe to open the notification center: sometimes I get the Today view, and sometimes I get the Notifications view, depending on what I was last looking at it.

There doesn’t seem to be a keyboard shortcut you can use to toggle between the Today and Notifications tabs, so I decided to script it. As a starting point, I found this Stack Overflow answer, but the Applescript didn’t work on Sierra. This answer provided the information I needed to debug the first script; it turns out that the "Notification Center" item moved from menu bar 2 to menu bar 1 with an OS update.

This is the script I ended up with to show the Today tab:

tell application "System Events" to tell process "SystemUIServer"
    click menu bar item "Notification Center" of menu bar 1
end tell

tell application "System Events" to tell process "NotificationCenter"
    click radio button "Today" of radio group 1 of window "NotificationTableWindow"
end tell

And this is the script for the Notifications tab:

tell application "System Events" to tell process "SystemUIServer"
    click menu bar item "Notification Center" of menu bar 1
end tell

tell application "System Events" to tell process "NotificationCenter"
    click radio button "Notifications" of radio group 1 of window "NotificationTableWindow"
end tell

I’ve tied these gestures in Better Touch Tool, and I can also fire them off from LaunchBar.