Erica Sadun

Where technology meets something or other

Archive for May, 2018

Apple vs my daughter’s iPad: Part II

I just got off the phone with Apple, after speaking to a point person on the executive relations team. Isabella G offered to set me up with an escalated support member. I thanked her (and accepted) but said that my concern in this matter went wider than my specific case.

I explained that a no-reason account lockdown was a much broader and much more important issue to me. Our device was not stolen. My daughter did not enter bad passcodes or wrong passwords. There was no reason that the lockdown should have happened and no way for Apple Support to explain why it did  happen. If it could happen to us, it can happen to anyone and potentially at any time.

That my daughter had forgotten her security recovery information, too, led to a much broader issue. She was young, foolish, and feels sorry for her choices. At the very least, she should have changed her email when the provider shut down its services. But having an outdated email and no memory of security questions isn’t limited to her specific situation.

Consider the elderly or those who otherwise struggle with recall. They may be able to, as she was, know their passcode, account, and password but not be able to recall the specifics of the security questions or know where they had placed the documentation for the exact phrasing used when answering those questions the first time. They too may have clung to existing account names even if their email has changed over time.

The core problem isn’t that my child made regrettable decisions. She did. It’s that a lockout happened without explanation and without recourse. Something triggered the lockout. And, it clearly was something that fell outside the scope of where we, as customers, would want or accept that the lockout should occur.

I’d like to find out what that was, how Apple can prevent it from happening in the future and how they can offer remedies given the consequences of both losing information and device utility.

Update: Support call went nowhere but our support person was as usually thoroughly professional and nice. Other theories about what might have happened are “haven’t logged in for a long time, which could have activated the lockdown” (his) and “possibly the privacy act stuff this week bouncing back from a dead email” (mine).

objc App Architecture by Eidhof, Gallagher, and Kugler

The objc.io folk were kind enough to let me peek at their latest book, which provides an overview of iOS application design patterns in Swift. Anyone working in production code will be well served by keeping on top of the current art in these patterns.

The book introduces you to both the familiar (Model View Controller, better known as MVC and Model-View-ViewModel-Coordinator or MVVC) as well as less common architectures, which include Model-View-Controller+ViewState, ModelAdapter-ViewBinder, and Elm.  The latter group provides intriguing ways to establish view state and construction and communicate with your semantic model.

After an overview chapter, which explains and motivates each pattern, following chapters focus on exploring a single pattern. (There’s also a separate networking chapter that follows onto MVC and MVVC.) The authors carefully explain how you can incorporate each pattern into your code, considering design and testing, as well as related tasks like persistence. There are plentiful code examples and discussion that offer insights into each pattern’s benefits.

I have not had a chance to fully read the book yet, but what I’ve read has been clear and thoughtful. And yes, there are plenty of examples that tie back to RxSwift.

The book is extremely practical and sure to be of value to serious coders. It’s available from the objc.io site, priced at $49 for the basic eBook or paperback, or $99 which adds seven hours of in-depth video with live coding examples.

In which Apple destroys my daughter’s iPad forever

My daughter has an iPad mini. It is a second-hand one given very graciously by a friend when his daughter outgrew it.

My daughter has taken good care of this iPad, an astonishing thing given her age and the number of second and third hand iOS devices she had accidentally destroyed when younger.

She loves it and she had a lot of precious things in her iCloud account.

The other day, Apple locked her out of her iCloud account and her iPad. We don’t know why. The Apple support people don’t know why. I think it may have to do with when I modernized my AppleID to use an email address, which is what the iTunes account on the iPad is registered to.

My daughter knows her account name. She knows her password.  She did not forget either one. She did not lose her device. She did not do anything to trigger the Apple ID issue. The only thing we know is that it happened at roughly the same time the ApplePay person told me to update my AppleID. It may be related. It may not be.

She set up this Apple ID on her own around 2010 or so, when she was quite small and listening to her Mom, who said don’t give out personal information, she made up a birthday and answers to the security questions. 8 years later, she does not know that information and there’s no way for us to guess it.

Despite the fact that she owns the iPad, has the physical iPad, knows her id, and knows her password, there is no way for her to ever use the iPad again because we do not have a receipt for the iPad, nor does the kind gentleman who gave her the iPad. The Apple Store does not provide access to records from that far back, roughly 7 years ago. Also, her email provider deleted the account about 3-4 years ago and is no longer allowing email signups.

What’s more, Apple will not unlock her iCloud account to get all those drawings and letters she put there for “safety” even though she has never forgotten her password.

We dug up a previous iPad with a cracked screen that used the same iCloud account, and for which I did have the receipt. That was insufficient for Apple to unlock her device or to let her back into iCloud, even though both devices use the same account and both are physically in our possession.

My daughter is the owner of a brick, which is not getting replaced.

Update: Just for the lawls. I don’t know why it says Weds, Dec 31. This is the older mini with the cracked screen that I had the receipt for.

The festering realities of Bluehost: In which I learn about “unifiedlayer.com”

Sometimes my outgoing email bounces for reasons I don’t understand from a variety of recipients. I usually try to contact the postmaster to find out why. This weekend, I actually got a response from one:

My apologies for the delay in replying.  Your email went into the gmail spam folder and so was not forwarded out to where I could respond immediately.

Going directly to “spam”? That’s not good.

The postmaster continued:

The reason that your email is blocked is because it originated at unifiedlayer.com. Unifiedlayer is one of the worst spam originators. They host spammers and they really don’t care, so I don’t have much choice but to block many of their mail servers.

Finally, some concrete information. I searched for “unifiedlayer”, finding common searches like “is unifiedlayer unsafe” and “unifiedlayer spam”. Go ahead and do those searches yourself. You’ll find that overall trust in unifiedlayer-originated mail is somewhere up there with body cavity searches, STDs, and politicians.

So I did what pretty much anyone would, I called my service provider. Bluehost told me that unifiedlayer was an in-house product, that they were well aware of the spam problem, that they worked on it really really hard (that’s a paraphrase, not a quote), and like every other thing that Bluehost gets wrong (and gets wrong repeatedly), that if I were just willing to pay a tiny bit more per month (five bucks in this case), they’d allow my “ericasadun” domain email to go through a different originator.

I am so sick of Bluehost.

If you have any advice on how I can transfer my web site and my email away from this festering heap, please drop me an email (I’ll probably get yours even if you don’t get my reply) and help me find an alternate home. I’ve heard good things about Digital Ocean, for example, but I don’t even know where to start in terms of moving over ten years worth of email.

At least I’ve been through the process of reinstalling WordPress and have my backups.

Thanks in advance.

Straw Poll: Unwrapping solutions

Swift should be able to mitigate two issues related to forced unwrapping. First, it’s used as a bandaid by developers new to the language who want to make their code compile. Second, developers should be able to provide code-level annotation support for why a guaranteed wrap cannot fail and provide runtime diagnostics in any “Black Swan” scenario where they do. These items are discussed further in this proposal.

Please let me know which of the following designs you prefer. Each contains a link to a code solution. (The first item in the list (“Unwrap or Die”) links to a full proposal so scroll down to the design section.) The other two offer alternate designs. You can assume !! can be redesigned to support both throwing and Never solutions just as easily as fail or ??. The proposal goes into detail as to why that was not the original design, as doing so fundamentally changes nil-coalescing semantics.

Thank you in advance for your feedback and/or participation in the survey.

link to poll

Auto Layout, Playgrounds, and Xcode

Today, someone asked what the easiest way was to center a view (specifically a UIImageView) inside a parent view with minimum offsets from the top and sides.

Because you’re working with image views, it’s important that you first set the content mode. For insets, it’s almost always best to go with a “fitting” aspect-scale, which preserves the entire picture even if it has to pillarbox or letterbox. (Pillarboxing adds extra spacing to each side for tall images; letterboxing adds the top and bottom for wide ones.)

// set content mode
imageView.contentMode = .scaleAspectFit

Make sure your view can squish its content by lowering its compression resistance:

[UILayoutConstraintAxis.horizontal, .vertical].forEach {
    imageView
        .setContentCompressionResistancePriority(
            UILayoutPriority(rawValue: 100), for: $0)
}

You must preserve your image’s aspect ratio. Calculate your target ratio by dividing its width by its height:

let size = imageView.image?.size ?? CGSize()
let aspectRatio = size.width / size.height

Add strong constraints that preserve the aspect, and make the view smaller than its parent using inset values you supply:

let insets = CGSize(width: 20.0, height: 32.0)

let constraints = ([
    // Preserve image aspect
    imageView.widthAnchor
        .constraint(equalTo: imageView.heightAnchor, multiplier: aspectRatio),
 
    // Make view smaller than parent
    imageView.widthAnchor
        .constraint(lessThanOrEqualTo: parentView.widthAnchor,
                    constant: -insets.width * 2),
    imageView.heightAnchor
        .constraint(lessThanOrEqualTo: parentView.heightAnchor,
                    constant: -insets.height * 2),

    // Center in parent
    imageView.centerXAnchor
        .constraint(equalTo: parentView.centerXAnchor),
    imageView.centerYAnchor
        .constraint(equalTo: parentView.centerYAnchor),
])

If you want to be super cautious, keep the aspect and two center constraints at 1000 and bring the width and height ones down to 999. You can install the constraints as you create them but I prefer to break that part out so I can tweak the priorities for each constraint group:

constraints.forEach {
    $0.priority = UILayoutPriority(rawValue: 1000)
    $0.isActive = true
}

I always mess up with the signs (positive or negative) of the constants. It helps to test these out in a playground rather than going by memory because the signs aren’t always intuitive. Even better, write routines that automates your Auto Layout tasks because if you debug once (and add proper tests), you never have to think about it again.

Mac playgrounds are inherently superior to iOS ones as they don’t run a simulator and are faster and more responsive. That is to say, you don’t have to quit and relaunch Xcode quite so often. If you are debugging iOS layouts though, and your playground hangs when starting the simulator or running your code, learn to quit, kill the core simulator service, and relaunch Xcode. It will save you a lot of time.

I have a one liner in my utilities to deal with the service:

% cat ~/bin/simfix
killall -9 -v com.apple.CoreSimulator.CoreSimulatorService

Most of the time a single quit, simfix, and launch will get things moving again with recalcitrant iOS playgrounds. Be aware that malformed format strings and other auto layout issues won’t produce especially helpful feedback, especially compared to the runtime output of compiled projects. If you know what you’re doing, you can set up a simple layout testbed in playgrounds with less overhead and time than, for example, a one view project but at a cost.

Stick to projects, and avoid playgrounds, when testing even mildly complex code-based layouts. You cannot, at this time (at least as far as I know), control which simulator will be used in the playground so it’s not great for checks on a multitude of simulator geometries. The tl;dr is that playgrounds work for general layout routines. Prefer compiled projects for specific tasks.

Creating a low-cost ADD/ADHD refocusing band

My middle child recently had an evaluation regarding her processing and retention in reading. She has diagnosed ADD, and aside from the specific results of her tests, the specialist recommended we look for and purchase a device that would buzz her wrist at regular intervals when doing homework and reading. The goal is to refocus when one is easily distractable. It’s a bit like Apple’s “stand up and move” reminder.

However, when we headed over to Amazon, we were met by two realities. First, these things cost a lot. Second, they have terrible reviews. It occurred to me that I could probably put together a band with things we already had around the house.

Last summer, I did a little work exploring BLE, the low energy form of Bluetooth that works with iOS. My test platform was the 1st generation Mi Band step tracker, which I purchased for under $20. The second generation is similar and appears to cost under $30. (Here’s a link to the first gen model, which is sold by third parties.)

My build consisted of the following components:

  • I built a basic single-view app and added a single centered segmented control. The control specifies the time-out interval, which is simply a standard Timer.
  • When the Timer activates, it uses my Bluetooth helper type to write a single byte to the band, which causes it to buzz. It’s slightly more complicated than that because the code needs to scan for the device, discover it, stop scanning, and then write to the peripheral, but that’s all covered in my previous posts.
  • To keep the app running longer than 3 or 10 minutes in the background, I resort to the standard “play a silent wav file over and over”. I based my code on this simple github repo, which handles audio interrupts and restarts.
  • I added every background mode I thought potentially applicable: plays audio/video streams, uses CoreBluetooth, provides VoIP services. I could probably have dropped the first one but it does no harm so I kept it.

Testing was, as you’d expect, a bit tedious, especially trying to figure out whether I had beaten the automatic time out (which is why went from my custom code to the github version for keeping alive). I put the pedometer portion on an empty diet coke can, to make it buzz a lot louder without having to wear the band.

In the end for a few hours of my time and under $20 capital investment, I ended up with a handy little tool. My daughter has only been using it a few days so it’s still too early to see whether the refocusing component is actually effective.

If you want to give this a try, I’ve put up gists for the primary view controller and the bluetooth controller. You can grab the background handler from the above github  repo link. I didn’t bother cleaning up any of my code, so it is what it is, which is a working prototype. Don’t forget to add the background modes to your Info.plist.

If you build this yourself (or just intend to try it out), drop me a note or a comment and let me know how it goes.

In which I get hacked, Part 6

Last weekend, Bluehost closed down my site. After spending significant time on the phone with support, I came to the conclusion that I needed to nuke the entire site down to the ground. The WordPress install was simply too corrupt to continue or repair.

Since my secure shell access was revoked at the time, I used their control panel to entirely remove my public_html folder. They ran a scan on my account, found no further malware, and allowed me back in.

To recover, I re-installed a fresh copy of WordPress using Bluehost’s control panel tools. I then used CyberDuck (for sftp) and secure shell to upload my wordpress database and image uploads. That’s the site you’re reading today.

I reverted my theme back a few years to a version I knew was safe. I use  a customized version of the open source Frank theme. Rather than pull down a new copy, I wanted to keep my tweaks that supported the ads on the right side of the screen. They don’t produce much money but they help offset the hosting costs involved in running this blog..

I also  installed the following plug-ins, some old, some new:

  • ActivityLog: “Get aware of any activities that are taking place on your dashboard! Imagine it like a black-box for your WordPress site. e.g. post was deleted, plugin was activated, user logged in or logged out – it’s all these for you to see.
  • Really Simple SSL: “Lightweight plugin without any setup to make your site SSL proof
  • WP fail2ban: “Write all login attempts to syslog

And on a less security note:

  • oEmbed Gist: “Embed source from gist.github.
  • WP to Twitter: “Posts a Tweet when you update your WordPress blog or post a link, using your URL shortener.

Most importantly, I use Updraft Plus: “Backup and restore: take backups locally, or backup to Amazon S3, Dropbox, Google Drive, Rackspace, (S)FTP, WebDAV & email, on automatic schedules.” 

My daily database backups and my weekly upload backups (only for the current year, I already have backups for previous years) ensured I could get my site back up and running within hours of the most recent hack.

I still hate WordPress. I still wish I could run a static site and get comments and other great stuff in one convenient package. However, WordPress does the job I need it to do. It’s simple to write posts and interact with you.

My website is all about this connection. I don’t do any e-commerce. It’s basically a passion project rather than anything I do for business related reasons. I like having somewhere I can get thoughts out of my head and share them with other people. Beyond that, I don’t really have any important agendas and I don’t have the time in my life to perfect my security or delivery tools.

I want to thank everyone who sent me feedback of encouragement and support during my latest hack. I appreciate the comments and the suggestions. I now have a great list of static solutions (including github.io and DNS redirect) to fall back to if I must. Yes, I’m sticking with the crappiest solution right now. I’m doing so because it’s the path of least resistance and not because I don’t prefer your suggestions.

For those with more time and more investment, the popular consensus seems to be using Jekyll/github.io with disqus comments. Other suggestions included Hugo (gohugo.io), GetGrav (getgrav.org, “No Ruby, supports comments, fun to play with”), Ghost (ghost.org), and AWS Lightsail.

I don’t know why anyone would want to hack my nothingburger of a site but I’m glad I have friends out there who helped when they did.