Archive for the ‘Apple & Macintosh’ Category

Apple’s computers are too good – they keep working and working. Case in point: we still use a Mid 2007 iMac at home. And: I also still use a Macbook Pro from Mid 2012. Certainly we’re not the only people in the world that do not throw out our computer every three or four years.

Hence it would be… nice if Apple kept the software on those older machines up to date. I understand that Apple cannot implement every last novelty on those oldies. That’s not what I’m asking for. But security patches and certificate updates can’t be that hard to integrate in some sort of update package for earlier versions of Mac OS X. After all, email is still email, and web browsers from 10 years ago are still capable of displaying most current sites. Just covering those two functional domains might allow many Mac users to use their older machines. How about it, Apple?

One of the issues posed by these older Mac OS X versions is the browser message “This Connection Is Not Private” when trying to access a site over the secure https: protocol. This message means that there is a problem with one or more certificates in the certificate chain for that particular site. Usually it’s a matter of expiration: certificates are only valid for a specific period of time. That is also the case for the certificates that were used by the Certification Authorities that sign the TLS certificates for the website. As time goes by, some of those “root certificates” expire, making browsers like Safari pop up warning messages to tell you of the problem. The correction for this problem is easy: the root certificate has to be updated, and things will work again. As long as Apple updates Mac OS X on your Mac, they will do that for you, and you don’t have to worry about this problem (at least for websites that play by the book!). However, if you’re not familiar with the underlying mechanisms in the browser, the error message is actually blocking you from accessing the site – even when in fact there is nothing wrong with it (the problem is on your Mac!).

Can this problem be fixed on older MAC OS X versions, for which Apple no longer provides updates? Luckily, the answer is yes. But it is not a “click here and you’re done” kind of fix; you need to have some experience with the Terminal application and the bash command line on your Mac, and you also need access to a Mac with a recent (preferably the latest) version of the certificates.

Here’s the procedure, paraphrased from StackExchange. To simplify things, I’ll describe how to update all system root certificates in one swoop.

  • On the ‘newest’ Mac, launch the “Keychain Access” application.
  • In the “Keychain Access” application, click on “System Roots” in the left column, and select all certifcates in the list that appears (a single click in the that list, followed by Cmd-A).
  • In the File menu, select the option “Export Items…” and save the file as “rootcerts.pem“.

All the certificates will be stored in that single file. The first thing to do now is to transfer that “rootcerts.pem” file to your ‘old’ Mac. You can do so with a memory stick or card, by email, or by using some kind of cloud storage (Google Drive, Dropbox, etc.).

To do so you should log on to the ‘old’ Mac, using a user account that has administrator rights.

  • Put the “rootcerts.pem” file in a folder, e.g. “Downloads”.
  • Open the Terminal application, and go to the folder with “rootcerts.pem” file.
  • In that folder, create a new script file called ‘trustroot.sh‘ (yes, I prefer to add a .sh extension to that file in order to recognize it as such later on), and add the following content (using pico or the text editor of your preference):
mkdir -p ${DIR}
trap "rm -rf ${DIR}" EXIT
cat "$1" | (cd $DIR && split -p '-----BEGIN CERTIFICATE-----' - cert- )
for c in ${DIR}/cert-* ; do
   security -v add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "$c"
rm -rf ${DIR}
  • Save the file and make it executable, using the command ‘chmod 755 trustroot.sh‘.
  • Everything is now in place; all that remains to be done is the execution of the script with the following command line (plus your sudo password, of course):
sudo ./trustroot.sh rootcerts.pem

You should see a list of certificate descriptors pass by in the Terminal window.

The certificates exported from your ‘new’ Mac will now be included in the list of ‘System’ certificates (as explained on StackExchange, only Apple can update the ‘System Roots’ keychain), but they will be taken into account just as well.

You can close your Terminal session now. It’s up to you to decide whether or not to keep the ‘trustroot.sh‘ script for future use; you will have to replace the rootcerts.pem file later anyway, with a more recent version of the certificates.

If everything went well, your browser should no longer show the dreaded message – except for sites that really have an expired certificate.

PS. I have changed the location of the temporary directory in the ‘trustroot.sh‘ script to the current directory, compared to what you see on StackExchange. I did that because I got an error message when running the ‘trustroot.sh‘ script that complained about “/” being a read-only file system. Somehow the settings of my Terminal shell had chosen “/” as the TMPDIR, and you can’t just create new folders there. Since the script deletes the temporary directory anyway, it’s location doesn’t matter; it will exist for a just a few seconds anyway…


Read Full Post »

When I tried to update my iPad Pro to iPadOS 15.0.1 a good week ago I ran intro trouble: the “verification” of the update never ended, not even overnight. I had to resort to a hard reboot to regain control of the device. Figuring the next update would solve the issue, I continued to use it without the update.

This is what I saw for many hours: “Verifying update…”

The day before yesterday 15.0.2 came along, but I saw the same situation arise again.

So I did what seemed most logical to me: a complete ‘recovery’, executed from one of the Macs here in the house. It took several hours, including the necessary backup and restore. But in the end the iPad was back up and running 15.0.2.

It turns out I am not the only iPad Pro user encountering this issue. I saw a German blog pointing to “Warum lässt sich iPadOS 15.0.1 nicht auf meinem iPad Pro 10,5 nicht installieren” (Why can’t I install iPadOS 15.0.1 on my iPad Pro 10,5?). MacRumors has similar reports (and solutions) in the “iPadOS 15.0.1 ‘Software Update Failed’” thread.

Not what I expected from Apple in terms of quality, but I’m sufficiently versed in software development to know that it’s hard to avoid bugs in your code ;-). But I won’t go so easy on them if I have to resort to the same measures with the upcoming 15.1 upgrade!

Read Full Post »

Almost a year ago I wrote about my lack of confidence in the synchronisation powers of the Keepassium-and-Files combination on iOS. Having an extra layer between my data (the passwords!) and the storage (Dropbox in this case) does seem to complicate matters… especially in comparison to the situation on Android. In the Keepass4Android app there is a button that will do a two-way sync from within the app: you don’t even have to save the data before hitting that sync button.

Today I can say that I have completely mastered the art of syncing from iOS too. The trick, if that’s what you want to call it, is that you have to “exit” the Keepassium file (not the app!) to force the app to update the file and get the Files app to recognise that fact. How do you do that, “exiting” the file? It’s simple: when you’re on the screen that shows you the top level of entries in your vault, you just press “Back”:

See that “Back” option top left?

You’ll return to the “Databases” screen. If you now check the Files app and look for your file, you’ll see that the date and time will be quite current, and you can be sure that your cloud service provider of choice will get that version as soon as you’re online.

What I describe also means that you always have to open file explicitly in order to consult or update it, in order to avoid sync conflicts when changing data on multiple devices. If you don’t do that, you may not be using the latest version of the file since you’re working with data in memory, not in file storage – and that will spell trouble at some point. As a bonus your passwords will also be safer, since an encrypted file on a storage device is much better protected from prying eyes than an unencrypted file in the memory of your iPhone or iPad!

So my general advice is: if you need to read/update/create a password entry in Keepassium, open the file, do your thing, and close the file immediately.

PS. Keepass4Android users should probably do that too, and they should also use that “Sync” button often!

Read Full Post »

Two weeks ago, we took delivery of a brand-new, ARM-powered Macbook Pro. Nothing fancy, just the basic configuration with (only) 8GB of RAM. It felt a bit weird when I started it up for the first time: why would Apple think that we speak German here in Flanders?

But after using it for a couple of days we – my wife and I – were pleasantly surprised by a couple of things:

  • For a Pro, the body is sleek and yet not as light as you might expect. Feels… professional.
  • That machine is fast – not only when compared the (very old) Macs we have been using so far, but also compared to more modern machines.
  • Battery life is more than good: I did a Zoom session lasting a bit longer than an hour and a half, and the battery went from 100% to… 90%. That’s more than pleasant, it’s fantastic!
  • The “function key bar” (Touch Bar) takes a bit of getting used to, but so far I like it. I’m not capable of typing blind, even after all these years, and I’m not good at remembering what button does what. Having an extra “touch screen” is not that bad at all.

The only minus I have found so far, except for the missing ports, is that the keyboard is easily stained when your fingers are a bit greasier than average. But that problem is easily solved, luckily.

This machine is going to be with us for a long time, just like its predecessors. Now I just have to remember where I have stored the USB-C plus HDMI hub I bought a year ago, in preparation of computers like this M1 beauty.

Read Full Post »

We live in an era of rapidly increasing digitalisation. Hence it’s no surprise that digital systems, however complex they may be, are the subject of increasingly sophisticated attacks. If you want proof of that, take a few hours and read “An iOS zero-click radio proximity exploit odyssey” by Google engineer Ian Beer. He explains how he discovered – and “exploited” – a vulnerability in Apple’s iOS that made it possible to take over an iOS device remotely without the user knowing what happened.

If you like programming, like me, you’ll find the story lacking in code but rich, very rich, in debugging techniques. Plus a lot of detective work and experimenting – in soft- and hardware. That’s what “hacking” is about, of course, and this story is a good illustration of just how devious you have to be!

Read Full Post »

My setup has been the same since quite a few years now: I have a Keepass file on Dropbox, and I use several different applications and apps on multiple devices to access and update that file. Which applications, you ask?

On my Macs as well as on my Xubuntu machines I will use Keeweb. Despite its name, it gives you a desktop application that natively accesses (and syncs) files on Dropbox. This is the application I go to for when I want or need to reorganise the Keepass file, e.g. to rearrange groups or import lots of account data.

I would use Keeweb on a Windows PC as well – if I had one. At work, we have no free choice of which application to use to store passwords, but luckily we do have the “official” Keepass Password Safe at our disposal.

On Android my favourite Keepass app is called Keepass2Android. I will admit that I made that choice a few years ago, and haven’t checked on its competitors recently (are there competitors of note, by the way?). But it does what I need it to do; it accepts Dropbox as cloud storage and it will even merge changes from the local version and the Dropbox version when it detects differences between the two during the synchronisation process. That last one is a killer feature, and it hasn’t failed me a single time in the years I have been using it.

On iOS the situation is a little more complicated – at least, that how it feels to me. I wrote earlier about KeePassium, and that is still my app of choice. I like the interface, and it does all I need when I look for account info (you can store more than just passwords there!).

But in order to sync my central file on Dropbox, on iOS the app has to go through the “Files” app from Apple. Files-the-app is capable of showing files of all kinds on the iOS device, as well as the files on several cloud file systems, like Dropbox. What is less clear to me, however, is how quickly “Files” notices changes on Dropbox and picks up the latest version of my central KeePass file. I also have had trouble getting the latest version of my file (as changed on Android, for example) onto my iPhone. Although I must admit that the last few weeks fared better: I haven’t noticed anymore missing syncs lately. What I can’t say is whether the issue was/is with Files rather than KeePassium or even my internet connection…

Anyway, when it comes to passwords I want to be sure that I’m not missing any information – or worse: I don’t want to overwrite my updated central file with an older version on iPhone! That’s why I currently always check the “last updated on” date of my Dropbox file in Files before opening the file again. Of course my Dropbox account is protected with a password, but I don’t think that is what Andrei Popleteev means when he’s writing about “How to sync KeePassium with Dropbox“.

Manually checking the file date on iOS is not an ideal situation, I know, but to me that check is a small price to pay for the greater good of having my account data available on all the platforms I use! And for me, KeePassium is still the way to go on iOS.

Read Full Post »

No, I’m not going to gut my Macintosh SE/30 to use it as an iPad stand.

But yes, this is a cute mod !

Photo by ‘mtietje’ on Imgur – Click on the picture to see the rest of the gallery.

Read Full Post »

I have written about my tribulations with the Xerox Phaser 3260 laser printer earlier this year. All in all, I’m happy with the machine: it’s probably not the cheapest option but it worked without fail for many years now, mainly helping my children with their homework and their university courses.

The trouble I wrote about earlier was in fact solely due to the appearance of Mac OS “Catalina”: this version of Mac OS requires 64-bit drivers, which were unavailable from Xerox for a very long time. During the whole process of trying out how best to work with different versions of Mac OS and the corresponding drivers I also turned on AirPrint in the printer settings. I did not hope to solve our problems that way, but in house full of iPhones and iPads AirPrint comes in handy. And turning it on for the Xerox is just a matter of clicking once:

As it turns out, this is actually the easiest way to get any Mac to print to the Phaser – even without any printer driver software. So here’s my tip of the day: if you are the owner of one or more Mac’s or iOS devices, make sure your printer understands AirPrint and turn it on! As long as you don’t need any fancy features of your printer, say for printing photos, this is the easiest and quickest way to get your printer working for you.

If I ever need to buy another printer, I’ll make sure it understands AirPrint ;-)

Read Full Post »

Printing from MAC OS X Catalina is hard, when your printer is a Xerox 3260. Somehow the procedures I described a few days ago no longer work (and yes, they did work when I wrote them up). As far as I can remember there were no OS X updates, no printer driver updates, etc. to explain the fact that my measures no longer work… Perhaps there is interference from the old Xerox driver, which is probably still hiding somewhere on the hard disk.

My conclusion remains, however: Xerox has to come up with a solution!


UPDATE: just as I published this post, I noticed that Xerox (finally) published a driver update: the Phaser 3260 Mac 10.15 Driver v1.08 is out since yesterday, March 5. I haven’t tested it yet, but I’ll be doing that tomorrow!

Read Full Post »

In November 2019 or thereabout my youngest daughter upgraded her MacBook to Mac OS X 10.15 (Catalina). Ever since she has had trouble when trying to print to the family’s Xerox Phaser 3260 laser printer: sometimes it would work, if only for one or two pages, and mostly it failed. And when I upgraded my Macbook Pro, I encoutered the same problems, of course. Luckily there’s the old and faithful Mac Mini, still on 10.12 and perfectly capable of printing with a 32-bit printer driver from Xerox…

The cause of the printing problem is not hard to find: Xerox so far has failed to deliver a 64-bit printer driver for many models, including the Phaser 3260. Which is unforgivable, since they are still selling that printer model without a clear warning that it won’t work on the latest Mac OS X version!

For those of you having the same issue I can offer two workarounds that so far seem to work without limitations when it comes to simple print jobs.

The first is to go into the Phaser 3260 settings and enable (and configure) AirPrint in the “Network Settings”. If you also own an iPad and/or iPhone you may already have done so, since it allows those mobile devices to use the printer directly as well. To use this protocol from your Mac as well, you have to go into the “System Settings” of your Mac, and define a new printer using the “AirPrint” driver. That should do the trick.

There is a second way to print from your 10.15 Mac, but it isn’t supported wholeheartedly by Xerox (although it is referenced in the Xerox support forums): you just have to install the “Xerox macOS Common Print Driver from a closely related product”… The hardest part of this solution is figuring out which printers are already supported by this driver. I have been clicking around and had success with the Phaser 3330:

(Click on the image to go to the download page)

The installation of the driver is pretty standard stuff, and once you define a new printer in the “System Settings” of your Mac you will be able to select any of the supported Xerox printers as the driver for your 3260 model. I tried the 3330 model, and so far have not encountered any problems with the printing of PDF’s and HTML pages. Am I just lucky? I hope not!

Having workarounds is nice, but Xerox should wake up and do the right thing: adapt the driver software (and their support website) to accept the 3260 and any other printer still on sale into the Mac OS X 10.15 driver package!

Read Full Post »

A couple of months ago I started my search for a good iOS app to replace MiniKeePass; I even wrote about it briefly on November 15th. The situation became very urgent when I switched iPhones two weeks ago: everything moved swiftly from iPhone One to iPhone Two – except MiniKeePass, which had disappeared completely from the App Store!

It took me a couple of hours to read up on the current state of KeePass affairs in the iOS world (thank you, reddit!), and a few more to test and re-test a few candidates. Since my wife will also be using the application, and we both also have an iPad, syncing with the iCloud was a must-have feature.

In the end, KeePassium turned out to be a winner after all. This time (and ever since!) it does open our .kbdx files without issues, and is well integrated with iOS and Face ID. That’s all we need at the moment. Thanks, Andrei!

PS. It must be happening more and more these days: apps that are no longer compatible with current OS versions, or that are no longer actively maintained by their developers. But I feel it might be worthwhile to keep a trace of them in the App Store (and similar repositories), if only when you search for them by name. I’ll give bonus points for a small explanation as to why they disappeared from current search results…

Read Full Post »

This (my!) Macbook Pro from 2012 is still in a fine condition, and very usable, e.g. to maintain this blog. It may be 7 years old, but is by no means too old to be productive. I have no trouble keeping it up to date, at least until now: it is running Mac OS Catalina.
About window of the Macbook Pro

Since I took the screenshot Catalina has been updated to version 10.15.1.

Read Full Post »

For those of you who want to know more about the cameras in the iPhone 11 (and the iPhone 11 Pro), DPReview has a deep dive into the cameras and their performance: “DPReview TV: iPhone 11 Pro – what photographers may have missed“.

DPReview TV: iPhone 11 Pro – what photographers may have missed

(Click on the image to go to the DPReview TV episode)

They also recorded the whole video on an iPhone, so it’s not just photo talk! Well worth 14 minutes of your time, if you care about the iPhone 11.

Read Full Post »

Yeah, I cracked under Apple’s marketing and ordered an iPhone 11 to replace the iPhone 7 I was using since January. My excuse? My eldest daughter was exasperated with the old Samsung J5 I gave her a long time ago, so I promised her an iPhone 7 to replace that ;-)

I was not looking for a pocketable camera – I have two of those, thank you. But Austin Mann says that the 11 might well replace them in daily use…

Here’s a sample from yesterday, unedited: a view of the rooftops of Antwerp, seen from the top of the Vleeshuis museum.

Unedited picture of the Antwerp roof top, seen from the museum Vleeshuis. Click on the image to see the full-size version.

I’m not blown away by the sharpness of this picture, but the conditions were not ideal. I will admit that the photos I took inside the building are much better than expected given the dim lighting in the museum rooms – thank you, Night mode!

Read Full Post »

Since a few months I have been using Cloudflare’s “ Internet” app on my iPad. I like the idea of having more privacy while surfing the Web, even though it’s hard for me to verify what the app is doing exactly. At least I never had the impression that the iPad got slower because of the app – but your mileage may vary, of course.

Icon of the app

Anyway, what I wanted to mention is that the upgrade to iPadOS 13.1 posed a problem for the network connection on the iPad. Some applications, Safari included, had no problem accessing the internet, but my main banking app continued to report “You have no internet connection – please try again later’. Puzzling and frustrating, since a second banking app (for a different bank, of course) had no problems whatsoever. I’ll leave it to the specialists/hackers to figure out what that means about the safety of that second app ;-)

In the end I removed the app completely, and reinstalled it from the App Store. This did the trick: the application installed its VPN Configuration and hey presto, all my applications found the way to the web without any trouble. So even if you have configured your iPad to update all apps automatically, I recommend having a look at the app directly after upgrading to iOS, sorry: iPadOS 13. If it has trouble establishing a VPN connection, just remove it from the device and reinstall it – that should do the trick.

Now I’ll take some time this weekend to read up on Cloudflare’s extension of the app, called Warp. I was already intrigued by earlier articles about the WireGuard protocol, and Warp seems to give us a possibility to try it out without costs. I might well do so; if I do, I’ll report on it later.

Read Full Post »

Older Posts »