Category Archives: Tech

Using your keychain with ssh-add on macOS Sierra

You might have noticed that macOS Sierra doesn’t offer to store private key passphrases for SSH in your user keychain anymore. It doesn’t automatically add SSH identities from your keychain, either.

Result: you need to enter the passphrase for each of your SSH keys at least once per session, where previously you could enter it once and never type it again.

Given the security implications of making it too easy to open an SSH session without authenticating yourself, I can’t fault Apple for this. But if you’re a heavy SSH user, you might agree that it’s more painful to work with now.

Thankfully, there is a workaround. I’ve just added this to my ~/.profile file:

if [ "$USER" != "root" ]; then

    if ! ssh-add -l | grep -q 'id_rsa.lkrms'; then

        ssh-add -A

        if ! ssh-add -l | grep -q 'id_rsa.lkrms'; then

            ssh-add -K "$HOME/.ssh/Keys/id_rsa.lkrms"

        fi

    fi

fi

Now, every time I open a terminal, ssh-add -l is grepped for id_rsa.lkrms. If it’s missing, ssh-add -A is called to add SSH identities from my keychain. If id_rsa.lkrms still hasn’t appeared, I will be prompted for my passphrase, and it will be stored in my keychain for future use.

No more HTTP: implementing Let’s Encrypt certificates

Once upon a time, SSL certificates were expensive, and getting them required multiple days of lead time.

Signing authorities have improved in both areas (i.e. cost and turnaround), but Let’s Encrypt has taken it to a whole new level. Their free certificate service moved out of beta earlier this year, and with my one-and-only SSL certificate coming due for renewal, I thought I’d take it for a spin.

Let’s Encrypt issue 90-day certificates (commercial authorities typically offer 12-24 month certs), so their service is designed to be consumed by automatic certificate management software rather than end-users. This means there’s no user-facing front-end – another departure from traditional CAs.

You’d be forgiven for thinking all of this sounds terribly complicated, but with certbot, it couldn’t be much easier (assuming you’re running your own server). You just download and run the certbot-auto script and follow the instructions. In my case, as an Apache user, getting this blog running on HTTPS was as simple as:

$ certbot-auto --apache -d lkrms.org,www.lkrms.org,arms.to,www.arms.to,lukearms.net,www.lukearms.net

This command looked after reconfiguring, testing and reloading Apache. Then I dropped the following into /etc/cron.d/certbot:

42 2,14 * * * root /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade

Now, as my Let’s Encrypt certificates expire (or are revoked), they are automatically renewed. Twice daily.

Suck on that, NSA / metadata retention agencies / ASIO / AFP.

NO DATAS FOR YOU.

Installing Homebrew on El Capitan when SSL won’t give you a handshake

This is a tech post for tech people who like to tech out their Macs using Homebrew.

(With apologies to those who have no clue what I’m talking about.)

If you’re trying to do a clean install of Homebrew using the instructions on http://brew.sh, you’ll probably you might get this error:

curl: (35) Server aborted the SSL handshake

Apparently something is currently broken about accessing GitHub-hosted raw content via https://raw.githubusercontent.com. It’s probably nothing do with your curl version.

Here’s an alternate install command that worked for me:

/usr/bin/ruby -e "$(curl -fsSL https://github.com/Homebrew/install/raw/master/install)"

You’re welcome.

UPDATE: it’s possible I was experiencing this issue due to intermittent problems with Telstra’s network.

App update notes

App update notes

Ben Brooks on The Brooks Review:

Stop wasting my time, stop wasting everyone’s time. If you want to write something cutesy, put it on your blog. Release notes should be clear, concise, well structured, and helpful.

Once upon a time, I thought it was great when creative/hilarious release notes appeared in my App Store updates tab. Now, I’m with Ben. Make them useful.

Developing for painfully slow Internet

Developing for painfully slow Internet

I’ve meaning to link to this piece for a while, but in my new role as a web developer, it takes on additional significance. Even for developers who aren’t targeting “third-world” users, the reality is that sometimes Internet links are slow, and building websites and web-based products that function admirably when bandwidth is severely limited should be one of our priorities. Click through for some good ideas on how to do this.

Running Ubuntu on a laptop? Annoyed by your flashing WiFi light?

This is such a serious #firstworldproblem you probably don’t even know what I’m talking about.

That’s OK. Wait for the next post. Google will bring my Linux-loving geek friends to this one.

It’s a pretty easy fix on Ubuntu 14.04. Create a file called /etc/modprobe.d/wlan.conf with this inside:

options iwlwifi led_mode=1

And reboot. Your WiFi LED should stay on when you’re connected. Without blinking.

Thank you, other blogger.

How to stop Photos.app opening whenever you connect a memory card

Yo Apple, Photos.app is really great and everything, but those of us who use third-party photo production software for ingestion and processing don’t want to see it EVERY TIME WE PLUG A MEMORY CARD INTO OUR MAC. (We don’t want to see it when we connect our iPhone, either. We only do that when Facebook Too Much Very Important Work has killed our phone battery.)

A user-friendly toggle to disable this for all devices would be super. Perhaps under System Preferences > CDs and DVDs?

Meanwhile, fellow photographers, here’s a terminal command that will safely disable the automatic opening of Photos.app when you least expect it. Copy and paste everything after the $ into Terminal.app and press Return:

$ defaults -currentHost write com.apple.ImageCapture disableHotPlug -bool YES

Unlike some of the other workarounds on the Internet, this one works even when you regularly re-format your memory cards (as most of us do). And it doesn’t require you to delete Photos.app, which might potentially break something somehow. No reboot required, either.

Update (27-Nov-15): If, for some reason, you want to reverse this change and return to OS X’s default behaviour, here’s the command to run:

$ defaults -currentHost delete com.apple.ImageCapture disableHotPlug

Why Android still sucks

This is the second post in my November writing challenge series.

I’ve been an Apple convert for a few years now (I started to see the light in 2010-ish), but every 12-18 months, I grab a Google-endorsed device that can run the latest version of Android and put it through its paces.

I do this because I feel obliged to speak without ignorance on the advantages and disadvantages of the major mobile platforms. Also because playing with new tech is fun.

There’s more to it than the UI

When it comes to Android vs. iOS, the differences are much bigger than user experience. Apple’s business model is completely different to Google’s, which impacts on everything about its hardware, software and online services.

Some of the differences are less obvious than others. For example, Google’s efforts to retain and profit from its users’ data are no secret, but most people don’t realise just how much of their personal information is being passively disclosed. Apple, meanwhile, draws most of its profit from hardware sales and actively avoids the disclosure and retention of user particulars.

A more obvious difference is in the area of version fragmentation. Android hardware vendors aren’t obliged to provide timely software updates for their devices–even if they contain critical security patches–and most of them don’t. Meanwhile, iOS updates are made available, to all devices capable of running them, simultaneously. You can guess which of these ecosystems is riddled with unpatched, deprecated operating system software.

But let’s talk about the UI anyway

Assuming we’ve made peace with Android’s underlying constraints, the next question to ask is: how does its user experience stack up?

To find out, I tested Android “Lollipop” (5.1.1) on a Nexus 7 (2013 version). I tried to use it productively for about a week, in place of an equivalent iPad.

I accept that without migrating all of my data to Google’s cloud services, my experience of the platform wasn’t completely immersive, but hopefully you’ll agree that it was immersive enough to make a few meaningful observations.

1. Reading and typing

iOS always set a high bar when it came to the display, entry and editing of text, but with Lollipop, Android has caught up pretty comprehensively. Its new font (Roboto) is crisp and appealing; the default keyboard has an improved layout and responds without the lag of earlier versions; and working with text selections is much less frustrating than it used to be.

It’s not just the keyboard that’s more responsive. Animations are vastly smoother, and scrolling is finally on par with iOS. I can’t overstate the importance of these these improvements–they significantly increase user enjoyment and confidence.

2. App updates

Android’s built-in apps receive updates via Google’s Play Store. This allows core apps to be updated without the overhead of a full operating system update (great!), but it also makes for a volatile experience when the Play Store app itself needs updating (not so great!). After factory resetting my Nexus 7, I had the Play Store app crash, then declare it wasn’t installed, before eventually starting to work again. Unfriendly much?

The Play Store also had trouble resolving dependencies between core apps while they were being upgraded. A bunch of “You must upgrade X before you can upgrade Y” notifications were thrown at me after I hit “Update All”. This sort of thing shouldn’t happen ever, much less immediately after a factory reset (i.e. with no third-party apps in play).

3. Settings, settings, settings

The design of Android’s “Settings” app has improved significantly since previous versions, but I still found it relatively cluttered, with too many superfluous “advanced” options offered too prominently. Your mileage may vary.

Enterprise users will be annoyed to find that proxy auto-discovery remains unavailable in Lollilop. Manually entering a PAC file URL is still necessary. Apple has been all over this for years now. C’mon, Google!

Also, disabling those annoying keyboard tap sounds is not a simple task, because settings for “Sounds” aren’t all in one place. (I eventually found the toggle I was looking for–deep in “Keyboard” settings. Argh.)

Finally: IMAP users still can’t configure the stock email app to use custom mailboxes for Sent messages and Trash. Their names are hard-coded into the app.

4. Notifications

I liked that I could turn off all notifications for a set period of time (unlike “Do Not Disturb” mode on iOS, which needs to be manually switched off). I didn’t like that I could allow “priority” interruptions during this notification blackout–simply because it’s not clear what a “priority” interruption is (“Did I configure this? Do I trust my former self to have configured it properly? Is my presentation going to be interrupted by a Facebook message?”) I also didn’t like that the UI for this feature only appeared when I used the volume rocker. It belongs on the main notification panel.

My verdict

Android as an operating system isn’t bad. Like iOS, it has annoying shortcomings in some areas, but overall, it’s fast, beautiful and easy to use. When it’s not, pop-up tips pick up the slack.

So why do I think it “still sucks”?

It’s the apps.

Or, to be more specific, it’s the tablet apps.

Android has been tablet-friendly for years now, but a large of number of app developers (including Facebook) stubbornly refuse to build tablet versions of their apps. With a few exceptions, most of the apps I tried on the Nexus 7 opened as stretched or magnified phone apps. I could access all of my content, but the apps were so useless I couldn’t do anything with it.

The iOS App Store, meanwhile, is full of high-quality tablet apps.

Also, iOS plays nice with IMAP.

Also, Apple doesn’t hunger and thirst for my metadata.

Reeder 3 for Mac is in public beta, and it’s awesome

Reeder 3 for Mac is in public beta, and it’s awesome

Lovers of technologies like RSS, Tiny Tiny RSS + Fever and Instapaper will want to get on this.

I’ve been using Reeder 2 for Mac since it was released, and although it’s hard to imagine a better desktop blog reader, the next version is also an Instapaper client, which trumps all of the other improvements (in my opinion).

I grabbed the latest beta last night and dropped it into /Applications as a Reeder 2 replacement. It picked up my previous configuration instantly, and adding my Instapaper account was straightforward. Thankfully I was able to configure manual archiving for Instapaper (this is analogous to marking RSS posts read, which I prefer to be automatic “on-open”) and was able to catch up on most of my “Read on Desktop” folder straightaway.

Aside from a few non-critical UI glitches, this is a very stable beta. Well worth your time.