Ben Smith https://bensmith.uk/blog Kirby Mon, 24 Apr 2017 07:13:43 +0000 Safer Dropbox-ing for apps requesting ‘Full Access’ https://bensmith.uk/blog/safer-dropbox-ing-for-apps-requesting-full-access blog/safer-dropbox-ing-for-apps-requesting-full-access Mon, 24 Apr 2017 00:00:00 +0000 Like it or not, Dropbox is Internet glue.

It's grown beyond ‘just’ file-syncing, and is now a universal ‘online disk’ for web and mobile apps. Often those apps access the user's absence to do ‘useful stuff’ triggered by an external event or allowing long tasks to complete without the user waiting.

Having apps read and write to a folder on my laptop is brilliantly useful, but also risky. I don’t store sensitive stuff on Dropbox, but it would be inconvenient to lose files or for them to be compromised by malware.

The best apps use Dropbox's permissions options to access only the files and folders they actually use. That way, if a service has a ‘security problem’ the damage is contained. However, some don’t and ask for 'full access, despite not needing it.

A recent example of this I encountered is Fujitsu’s ScanSnap Cloud. This update to my desktop scanner added direct uploads to ‘the cloud’ and it’s super useful… Except it requests ‘full’ access to my Dropbox files, not just the upload folder it uses. However convenient, I’m not handing unsupervised access to that much of my data to a 3rd party.

I needed to create my own equivalent Dropbox’s single-folder permissions. A separate Dropbox account and folder sharing lets us get close. Here’s how to do it (this doesn’t appear to contravene any Dropbox terms or conditions):

  1. Sign-up for a new ‘Basic’ Dropbox account via the website - you can leave desktop and mobile clients logged in to your ‘real’ account throughout this process. The new account needs a dedicated email address - create one via your email host (use a descriptive name in the address so you can tell which account Dropbox emails relate to).
  2. Complete email verification for the new account and use it to login to Dropbox via the website. Add a profile photo with an icon of the service you’re sandboxing (again, for ease of identification) and turn on 2-factor authentication (optional, but recommended).
  3. Logout of Dropbox and back in to your ‘real’ account. Still via the website, create the folder you’d like to store the app’s data. I add mine to a dedicated ‘syncing’ folder to keep things tidy.
  4. Click ‘Share’ next to the folder you have just created and send a sharing invite to the new account in step 1 with ‘can edit’ permissions and management by ‘Only owners’ (management options are in ‘Folder settings’).
  5. Logout of Dropbox (again, sorry) and find the invitation email for the sharing request you have just sent. Click ‘Go to folder’, login with the new account credentials and accept the invitation.
  6. Dropbox setup is now done. Test it by adding a file to the newly-shared folder through the web browser and checking it is visible in your ‘real’ Dropbox account through a desktop or mobile client.
  7. Switch to the app or cloud service insisting on ‘full access’ and link it to the newly created account. Selected the shared folder (it should be the only folder in that account) to use and give it the permissions requested.
  8. Use the service (in my case, by scanning some documents) and confirm that, although the files are being written to a dedicated account they are synchronised to the chosen folder within your main account.

Setup is now complete. The shared folder gives access to the app's files as if you'd allowed it access to your ‘real’ account, but without exposing any of your other files.

This has worked reliably for me for many months and syncing is instant. It requires no maintenance other than ensuring the shared folder doesn’t grow larger than the ‘Basic’ account’s 2GB capacity. If you have several apps requiring it, you can repeat this method as many times as needed.

I tried a similar process with Evernote, but it didn’t work for me as the app I tried couldn’t write to a shared folder.

]]>
How to search for links to your website on Twitter https://bensmith.uk/blog/how-to-search-for-links-to-your-website-on-twitter blog/how-to-search-for-links-to-your-website-on-twitter Thu, 20 Apr 2017 00:00:00 +0000 Because I am a terrible person (and recently changed the domain name I use) I wanted to monitor for tweets linking to this site. After some false starts I discovered the best way to do this is to search for:

url:bensmith.uk

This gave the result I wanted: any tweet with a link to this domain.

Previously I’d tried:

  • "bensmith.uk" but Twitter ignores the dot, giving a lot of false positives.
  • "bensmith.uk" filter:links which didn’t work at all (I expected a list filtered only to include tweets with links, albeit still with false positives).

]]>
Essential apps and utilities for a new Mac https://bensmith.uk/blog/essential-apps-and-utilities-for-a-new-mac blog/essential-apps-and-utilities-for-a-new-mac Thu, 13 Apr 2017 00:00:00 +0000 These are the apps I always install first on any Mac, in order:

  1. 1Password - My password manager of choice - rock solid and now TouchID enabled on my Mac. All the logins and license keys for subsequent apps are in here. We have a family plan, synced via 1Password’s own service. I’d previously used Dropbox syncing which added a frustrating delay waiting for the initial sync on a fresh Dropbox installation.

  2. Dropbox - This contains nearly everything I care about - working files, cloud-based app data (Auphonic for podcast production and Receipt Bank for business admin are my 2 must-haves) and scanned documents from my Fujitsu ScanSnap. During installation I enable ‘selective file sync’ and exclude an ‘online only’ folder containing photos and videos I want to share, but don’t want taking-up laptop storage. I’ve previously fought Dropbox’s sneaky accessibility permissions grab but have now given up in favour of a quiet life (I fear I’ll regret this at some point).

  3. Cloak - The best Mac VPN for browsing securely on public WiFi (I don’t need to access location-locked content and their team make it clear that’s not what Cloak is for), this app goes on all my MacOS and iOS devices. I’ve no idea if it’s the fastest, but it’s been incredibly reliable for me and the team behind it care about the right things.

  4. TripMode - A ‘mobile data saver’, this tool limits the apps that can use an internet connection when you’re using a personal hotspot. A menu-bar icon flashes as apps are blocked and they can individually be enabled or disabled stopping bandwidth hogs such as iCloud Photo Library or Dropbox from burning through your data allowance.

  5. Moom - There are many Mac window managers but this is mine. Although highly configurable I use the simplest features - a popup menu triggered by hovering over the ‘maximise’ window button that offers a list of window size / position presets (I use the default ones) and a grid to ‘draw’ more complex layouts. I tried others that relied on dragging windows to the screen edge but accidentally triggered that too often.

  6. Caffeine - This app overrides any power saving / screen-saver settings to keep your Mac awake for extended periods. I use it when I’m not actively using the laptop but need the screen to stay on, such as reading show notes during a 361 recording or following a recipe on a website.

  7. Alfred - I can’t remember a time my Macs didn’t have Alfred mapped to ⌘-Space in preference to Spotlight with my settings synced via Dropbox. Alfred is another powerful tool but I rely on it almost entirely for keyboard access to apps, an instant calculator and as a clipboard manager. I bought the ‘Power Pack’ upgrade despite not needing the features to support this brilliant independent developer.

  8. Keyboard Maestro - This tool lets me create simple macros for the Mac. I use it for inserting text (code snippets, business addresses or tax numbers) and clipboard ‘cleverness’ such as pasting text as if it had been typed. I previously also used TextExpander for the text-specific tasks but found Keyboard Maestro could do both jobs to the level I needed. It’s a tool I’ve previously used much more extensively and I like to keep it around ‘for emergencies’. I store my macros in Dropbox to keep them synced between Macs.

  9. SoundSource - The most recent addition, this app adds a menu-bar item showing the volume and other settings for each audio input or output device. Essential for podcasting, but also handy for demos / presentations when you need to quickly mute sound effects but leave other audio playing.

  10. Bartender - MacOS’s menu bar doesn’t cope well with lots of apps, quickly becoming a cluttered mess of randomly-ordered icons. Bartender offers an ‘overflow’ area where I put the apps I don’t need one-click access to and lets me set the order permanently so they’re always where I expect them to be. This goes-on last so I can arrange all the icons in one go.

]]>
Outlook Web Access as a Mac app for Office365 (with unread message badge) https://bensmith.uk/blog/office365-owa-as-a-mac-app-with-fluid blog/office365-owa-as-a-mac-app-with-fluid Tue, 21 Mar 2017 00:00:00 +0000 Some businesses use Microsoft Office365, but block syncing desktop applications. This isn’t as painful as it once-was, but it buries my most-used tool in yet another browser tab and I miss a dedicated dock icon and unread count.

Fluid offers a way to wrap websites into stand-alone apps, but Office365 needs some additional configuration and a userscript to get a dock badge (you’ll need a $4.99 Fluid license for that). When you have Fluid installed and the license applied, start by creating a new Fluid app in the normal way.

create
Create a new Fluid app.

At this stage you need to enter:

  1. The Office365 Outlook URL: https://outlook.office.com.
  2. An app name. I use Outlook Web Access.
  3. The location for the app to be created. This defaults to Downloads, but must be changed to your Applications folder for the dock item to work.
  4. An icon. The default results in an icon on an ugly white background so I use this image (PNG with a transparent background works best).

Click Create and then Launch Now to open. The new Fluid app will launch and immediately open a web browser to authenticate. Abandon this login attempt and open Preferences from the app menu.

whitelist-3
Whitelist the URLs Office365 needs to function.

In Preferences click Show All and select Whitelist. In this screen use the - and + buttons to remove all existing entries and add:

  1. *.lync.com*
  2. *.office.com*
  3. *.office365.com*
  4. *.graph.microsoft.com*
  5. *.microsoftonline.com*
  6. *.windows.net*

Close the Fluid app and re-open. You should now be able to login entirely within the app. If you can’t see the notes at the end of this post.

userscripts
A userscript adds an unread message count to the dock icon.

When you have logged in and can use Outlook Web Access through the app, you can add an unread badge to the dock icon if you have a Fluid license:

  1. With the Fluid app open, open the Window menu and select Userscripts.
  2. Use the - and + buttons to remove the default Gmail and Facebook entries and add a new one, Outlook - Badge.
  3. In the Patterns box use the - and + buttons to remove the example and add two new items: https://login.microsoftonline.com/* and https://outlook.office.com/*.
  4. In the code section replace the example with this script by Robert Cambridge. Don’t use the patterns listed in the code comments - they’re now out of date.
  5. Close the window and the change should take immediate effect.

Notes:

  • MacOS keeps settings separate for each instance so you can repeat this process to create apps for multiple Office365 accounts.
  • If your organisation uses single sign-on to access Office365 you will need to add the additional domains in the Whitelist step. These may be visible as you login via a browser or you can select Allow browsing to any URL, but this will also cause any links in emails to open within the app.
  • It's not possible to complete a login if diverted to a web-browser - the Fluid app cannot see cookies generated this way.

]]>
Backing-up Apple Photos without relying (only) on iCloud https://bensmith.uk/blog/backup-apple-photos-without-icloud blog/backup-apple-photos-without-icloud Fri, 22 Apr 2016 00:00:00 +0000 As a family we are all-in on Apple Photos… Our images are ‘magically there’ on phones, tablets and laptops. We share photo streams with family and make albums of important events. And whilst we mostly use iCloud to sync images, it’s reassuring to know they are all backed-up ’in the cloud’ too.

But I don’t trust Apple’s copy to be my only copy - we talked about this in detail on this week’s 361 Podcast.

apple-photos-preferences

Until now that’s been simple to fix - I setup a ‘home’ Mac laptop to download every image at full-resolution and let Time Machine (to a Synology NAS with redundant drives) take care of the rest.

Since the birth of our son my wife and I take a lot of photos and - inevitably - the laptop ran out of space. An emergency clean-up helped, but it’s clear this will only be a short-term fix and the clogged disk slows-down other apps.

What I want is the ease of Apple Photos without leaving my files solely in Apple’s hands. Switching services is the nuclear option as the family has many years of familiarity with Apple - a change would be 'unpopular'.

I considered and dismissed several options:

  1. Archive less important images somewhere else to keep the Apple Photos library a manageable size. This is a short-term option but requires frequent manual curation. Also, it doesn’t prevent the library of images we do want to keep available from becoming too big in future. A definite no.
  2. Upgrade the home Mac's disk. I could fit a Terabyte disk to provide ‘enough’ photo and other-uses storage for the foreseeable future, but this is pricey if I want to maintain SSD speeds for other day-to-day use. Possible, but poor value for money.
  3. Add external storage to the home Mac. This is a cheaper and more flexible way to add storage - USB3 is fast enough to run a Photos library from now - although it would need to remain connected all the time. Quick and easy, but inconvenient and fragile.
  4. Use network storage to host the Photos library. Possible in theory, but too slow in practice - especially over WiFi. Not an option.

For now, I’ve gone with a 5th option: a dedicated Mac ‘server’ for backups.

For about £55 per month (at current exchange rates) I rent a Mac Mini (i7 processor, 1TB internal storage and 16GB RAM) with 4TB external storage in a Las Vegas datacenter from MacMiniColo - a recent promotion provided this 'more than I need' spec at a bargain price. It’s always on with data-centre quality power and networking and an engineer will replace it for me if it breaks.

I considered a similar approach with a virtual Windows server and iCloud for Windows. In theory this would offer a similar capability on a cheaper machine, but reports of unreliability of syncing and Photo Stream out me off for now. I may revisit it in future.

So far, this is working well:

  • Remote desktop access feels as fast as a local machine even over 4G from an iPad (Screens is an excellent app for this).
  • Storage is sufficient for all our Apple Photos need in the foreseeable future.
  • Time Machine takes frequent versioned backups.
  • Large imports / exports no longer take our home Mac out of use.
  • I don’t worry about accidental damage or (unfortunately frequent for us) power cuts at home.
  • I can install other backup services - I'm backing up our other important data direct from our home NAS and am also testing image sync to both Google Photos and Amazon Drive.

I’ve read posts from people doing similar things who go-on to run their websites and mail servers from the same device. I’ve decided against that for now and locked-down the services / ways to access as much as possible to keep my data secure. For now I sync only data I’d be happy to have in any other cloud service to keep the admin manageable.

]]>
Apple SVP confirms quitting apps won’t improve battery life → http://9to5mac.com/2016/03/10/should-you-quit-ios-apps-answer/ blog/apple-svp-confirms-quitting-apps-wont-improve-battery-life Fri, 11 Mar 2016 00:00:00 +0000 A definitive answer: You don’t need to manually close each background app in iOS.

]]>
361 Podcast: Mobile World Congress 2016 [S12E02] → http://361podcast.com/episodes/s12e02 blog/podcast-s12e02 Mon, 07 Mar 2016 00:00:00 +0000

This week the team review the mobile industry’s annual gathering in Barcelona: Mobile World Congress. Ewan is championing #MWCinaday again, but Rafe’s seen it all and gives us the low-down on hardware, virtual reality, 5G (yes, it’s a thing; no, you can’t have it yet) and the ‘internet of things’.

There is a brief (safe for work) discussion of bovine fertility and the phrase 'cow fitbit' is used once towards the end of this week's show. We apologise to those of a sensitive disposition or listeners that expected better than childish giggling (although it's been 12 seasons so you should know by now).

]]>
361 Podcast: Smartest home challenge: Conclusion [S11E11] → http://361podcast.com/episodes/s11e11 blog/podcast-s11e11 Fri, 04 Mar 2016 00:00:00 +0000 This season’s challenge was both a brilliant idea (it’s had really positive feedback from interested listeners) and wildly ambitious. We thought it would ‘simply’ be a case of choosing some products but the costs and integration complexity is still substantial. As one listener commented “shouldn’t it be called the ’switching lights on and off’ challenge’?”

The team make their final assessment of progress in their smartest home challenge. What worked, what didn’t and - more importantly - who won? The team consider 11 weeks of attempting to make their home ‘the smartest’ and can only agree on one thing… it was harder than we thought.

]]>
BBC Radio 4: Interviewed about an £18k roaming bill https://bensmith.uk/blog/bbc-you-and-yours-data-roaming blog/bbc-you-and-yours-data-roaming Fri, 26 Feb 2016 00:00:00 +0000 It was Mobile World Congress last week so all the ‘real’ mobile experts were in Barcelona queuing for a bus. BBC Radio - seeking a comment on data roaming - were forced to slum it with me. They had a chap ‘John’ with an £18,000 phone bill from Vodafone after a trip to Moldova.

I visited the BBC’s Milbank studios and did a live interview with the programme being broadcast from Salford. It’s rare that I’ve thought the 361 Podcast accommodation lavish…

bbc-studio
Ooooh the glamour…

Clearly the first question was how could this happen? John is a regular traveller and had arrived in Moldova to find his phone cut-off. He’d rung Vodafone twice (now the most complained about network - this was a stat I’d previously missed) and been stuck on hold for over an hour in total so gave-up, turned on data services and accidentally left it on for 12 hours.

Things to note about Moldova:

  • It’s outside the EU (land-locked between Romania and Ukraine) so roaming prices aren’t limited by regulation.
  • It’s also outside both Vodafone’s EuroTraveller (understandably) and WorldTraveller bundles so he couldn’t use his home allowance.
  • It has 4G but only 3G is available to Vodafone customers. However, this is still quick enough to download £18,000’s worth of data in a few hours.

So who - the host wanted to know - was wrong?

On balance - although John turned roaming on without understanding the cost and left it switched on - I said Vodafone:

  • They didn’t provide a reasonable standard of customer service to enable John to check or cap costs whilst overseas.
  • Although John had the standard roaming cost cap turned off, Vodafone extended him £18k credit without checking his ability to pay or verifying his use was genuine.
  • The roaming fee charged is unfair - even in Moldova £3 per megabyte is exploiting customers’ lack of alternate options and is not a fair mark-up on the costs. In fact, Vodafone’s CFO was recently reported as saying gross margin on roaming was 70%. Thats… er… ‘high’.

In previous cases the UK network’s argument has been that - in some cases - they only receive charges from overseas networks long after the event. However, this applies only to voice calls, which are connected directly. All data traffic flows out to the internet via the home network - this is how Vodafone were able to send John a notification (unseen at the time) as the bill passed £500.

Generally, if you are roaming outside the EU / USA (where pricing is more competitive) there are specialist products offering better value (although few I can find actually cover Moldova). However, Vodafone’s problem is the anxiety these stories cause will dissuade people from roaming at all.

My thanks to Sam Machin for the correction he provided on how roaming voice and data are billed differently.

]]>
361 Podcast: Unscripted… “What’s interesting you?” [S12E01] → http://361podcast.com/episodes/s12e01 blog/podcast-s12e01 Mon, 22 Feb 2016 00:00:00 +0000 361 is hardly ‘scripted’ at the best of times but this week Ewan suggested we ‘just talk’, abandoning our usual research and talking-points structure. This is much closer to the kind of chat we have before recording.

We’ve a new sponsor for Season 12 - Tengi - who are giving £1000 to a listener that signs-up to use their messaging app.

We’re back with season 12… Rafe definitely hasn’t had a spray-tan and at Ewan’s suggestion the team go off-script to discuss 3 things that caught their interest over the last week: Ewan’s new mobile gaming habit, Ben’s new bank and Rafe’s new news app.

This episode is sponsored by Tengi, the chat app that always shares 50% of its revenue with users through a weekly free prize draw. Download now for iPhone & Android.

]]>