No Relation To Blog
Subscribe to the personal musing of Emmanuel Bernard

Making the best of Google Authenticator for One Time Passwords

You can't reorder tokens on Google Authenticator nor edit the associated description? Read on.

I use one time passwords everywhere I can. It's a little hassle but increases security by a whole lot. And the good thing is that more and more providers offer this:

• GMail
• Google Apps
• Dropbox
• Amazon Web Services
• Your company if they are not too dinosaur-y

Go use one time passwords aka two factor authentication, you will thank me later.

I looked around on iOS and the most well known soft token application that supports both time based and event based tokens is Google Authenticator. Except that Google Authenticator's UI is really crap and buggy.

The edit button does not seem to function properly and nothing happens most of the time. The trick is to go to Legal information then back. You can now press the edit button and voilà! Things work. You can now:

• reorder the list properly
• edit the name under each token

That made my life much easier.

Multiple email aliases in iOS

I have tons of email identities. Depending on which hat I am wearing, I use one alias or another. Most are behind my GMail address. It is easy enough to create and use multiple aliases in the GMail web client or even in Mac OS X's Mail app. But until recently I thought it was impossible with iOS Mail app.

It turns out it is possible but requires a bit of cheating. First off, instead of setting up your GMail account as GMail, set it up as IMAP. I already do that as I never give my GMail address (in case I change provider). Once setup, go in Note or any other editor and type the list of comma separated email aliases (including your primary address) and copy this line. For example:

scooby@doo.fr, scooby.doo@worldwildlife.org, scooby.doo@gmail.com

Then go to Setting -> Mail, Contacts, Calendars and select the email account you are interested in. In the Email field, remove the address and paste the list of comma separated email addresses. This whole gymnastic is necessary because iOS does not let you add commas in an email field.

Now you are good to go, when you create an email, you can change the email address with any of the aliases. Note that the last email in the list will be the default email (experienced on iOS 6.1.3).

I found the tip on iMore, they describe a more step-by-step explanation with some screen shot if you get lost.

In search for a 2560x1600 display

I have been using a Samsung SyncMaster 305T+ 30" monitor for 4.5 years now and have been very very happy with the screen real estate. Yes two monitors are nice but a big massive one wins for me. Anyways, it's failing me. The screen blinks more and more - luckily I'm epileptic - often and a few straps that used to display true back now are dark green. It won't last long. I am looking for a replacement.

I have a MacBook Pro with a mini DisplayPort but pre thunderbolt (by a couple of month...). I am quite interested in the Apple Thunderbolt Display:

• it has the resolution I'm looking for,
• great ports (USB, Firewire, Ethernet)
• it's a breathe to dock a MacBook Pro
• good reviews

There is one catch, it won't work on my current MacBook Pro - i tried. And that sucks big time. I can't justify buying a new MacBook Pro to secure a future proof screen and I could not find a way to make this Thunderbolt monitor work on a mini DisplayPort computer (no adapter, no nothing). Which means Apple will force me in the past :(

The alternatives I have are:

• the Dell U3011 (30", 2560x1600, DisplayPort, DVI, HDMI)
• the HP ZR30w (30", 2560x1600, DisplayPort, DVI)
• the Apple LED Cinema Display (27", 2560x1600,mini DisplayPort, MagSafe power adaptor)

It seems to me the best option is the Apple Cinema Display. Despite the smaller screen, it's the same resolution, it's cheaper (by 200 to 400 euros) and I will have less cable to plug my laptop to. The sad thing is I'm not sure it will work on future Thunderbolt MacbookPro, let alone if I need to plug other Thunderbolt accessories in between, and for sure it will be inconvenient compared to a nice and well connected Apple Thunderbolt Display. And spending that much money on previous generation when the next gen is the same price really pisses me off.

Do I have any other alternatives? I looked for refurbished or second hand Apple Cinema Display (27", mini DisplayPort) but could not find any around Paris.

By the way, 4.5 years ago for a 30" 2560x1600 monitor, I paid the same price or less than what these beasts sell for today. Granted, these are new technology and new panels (IPS) but at constant size and resolution, price has not drop a penny. Where the hell have Moore's law corollaries gone? Oh and is 4.5 years old for a screen?

iTunes vs incoming connection and VPN vapors: fixes for unApple behaviors

I've just found solutions to two nagging problems I had on Mac OS X.

iTunes and incoming connection requests

Some times ago, iTunes has started to ask me every time it launches "Do you want the application “iTunes.app” to accept incoming network connections?". It gets quickly annoying.

There is a very simple solution. Move iTunes.app (from /Applications) to your trash, download iTunes and install it. The first time you start it, iTunes will ask you to change your firewall settings. Do so and you will be good to go.

If you want to know the tiny details, somehow your iTunes package got changed or corrupted and the firewall was not trusting iTunes anymore.

VPN connection after sleep

Another problem I had was that after the laptop goes to sleep, it is sometimes impossible to reconnect to a VPN. If that happens, you need to restart the right daemon. Open a terminal and run

sudo launchctl stop com.apple.racoon

sudo launchctl start com.apple.racoon

You are now able to connect to your VPN again.

How to install an Apple Keynote theme

It is surprisingly hard to find on da internet how to install an Apple Keynote theme (and make it work).

Follow this procedure:

• retrieve the .kth file (that's the keynote extension for templates)
• alternatively open the .key file containing the theme you are interested in
• double click on it or open the file in Keynote
• In the File menu, click on Save Theme...

The file will be stored in ~/Library/Application Support/iWork/Keynote/Themes.

This technique is known to work for Keynote '09 (5.1) on Mac OS X 10.6 (Snow Leopard).

Script to hot switch JDK versions in Mac OS X terminals

Personal note.

Here is a script that lets you switch your JDK version in a terminal window. It also has auto completion.

Put the script in a file and add

source filename

in ~/.profile or ~/.bash_profile and you will be able to call setjdk and use autocompletion (with <tab>) from the command line.

emmanuel@computer $ setjdk 1.<tab>

emmanuel@computer $ setjdk 1.5

Original version at codehaus.

#!/bin/bash

function defaultjdk {

local vmdir=/System/Library/Frameworks/JavaVM.framework/Versions

local ver=${1?Usage: defaultjdk }

[ -z "$2" ] || error="Too many arguments"

[ -d $vmdir/$ver ] || error="Unknown JDK version: $ver"

[ "$(readlink $vmdir/CurrentJDK)" != "$ver" ] || error="JDK already set to $ver"

if [ -n "$error" ]; then

echo $error

return 1

fi

echo -n "Setting default JDK & HotSpot to $ver ... "

if [ "$(/usr/bin/id -u)" != "0" ]; then

SUDO=sudo

fi

$SUDO /bin/rm /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK

$SUDO /bin/ln -s $ver /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK

echo Done.

}

function setjdk {

local vmdir=/System/Library/Frameworks/JavaVM.framework/Versions

local ver=${1?Usage: setjdk }

[ -d $vmdir/$ver ] || {

echo Unknown JDK version: $ver

return 1

}

echo -n "Setting this terminal's JDK to $ver ... "

export JAVA_HOME=$vmdir/$ver/Home

PATH=$(echo $PATH | tr ':' '\n' | grep -v $vmdir | tr '\n' ':')

export PATH=$JAVA_HOME/bin:$PATH

java -version

}

function _setjdk_completion (){

COMPREPLY=()

local vmdir=/System/Library/Frameworks/JavaVM.framework/Versions

local cur=${COMP_WORDS[COMP_CWORD]//\\\\/}

local options=$(cd $vmdir; ls | grep 1. | tr '\n' ' ')

COMPREPLY=($(compgen -W "${options}" ${cur}))

}

complete -F _setjdk_completion -o filenames setjdk

complete -F _setjdk_completion -o filenames defaultjdk

Mac OS X and IntelliJ crashes

It seems it was cause by a couple of things.

Thread 55 Crashed: Java: JobScheduler pool 1/2

-XX:-ReduceInitialCardMarks

<key>VMOptions</key>
<string>-XX:-ReduceInitialCardMarks -Xms128m -Xmx512m -XX:MaxPermSize=250m -ea -Xbootclasspath/a:../lib/boot.jar</string>

Removing fonts from ~/Library/Fonts solved the issue. What you can do is move them to a different directory and slowly re-inject them to find the culprit.

I am quite happy all this is behind me. I chose:

• A Java VM
• On Mac OS X
• with IntelliJ IDEA

to precisely avoid this kind of bad experience and time waste :) Back to normal.

Automatically lock your computer when you go away

If you are like me, your colleagues like to pown you when you leave your laptop unlocked. Here is a super easy solution to lock your Mac automatically when you leave it: if your cellphone is out of bluetooth range, lock your computer. Easy, efficient.

Here is how to do it:

• Download Proximity: this application does detect bluetooth devices and lets you launch scripts upon detection or absence of detection (download page here).
• Copy Proximity.app in /Applications
• Start the Proximity.app and open its preference panel (the application adds itself to the menu bar next to your clock)
• Reduce the device monitoring to 30s or so (less time for your colleagues to mess around)
• Add the device (the device needs to be linked with your computer bluetooth, you can do that in System Preference)
• Add an AppleScript that will be run when your cellphone goes out of range (see below)
• Optionally add an AppleScript that will be run when your cellphone goes back in range

The AppleScript to lock your computer is pretty simple. Create a file name out-of-range.scpt and add:

-- out-of-range.scpt

tell application "ScreenSaverEngine" to activate

You can do many more things in these AppleScripts like:

• change your Adium and Skype status
• unlock your screen when you come back in range

This other blog entry has a fairly compete setting example. I personally purposely do not unlock the screen when I come back in range. It's safer to ask for the password explicitly incase someone... borrows your cellphone.

Unlike some more complex apps, Proximity is pretty simple and does not let you decide at which range a bluetooth device is considered out-of-range. The good thing is that it is pretty soft on your cellphone battery.

Got a MacBook (Pro), better consider this upgrade

Last night my battery and my MacBook Pro decided not to talk to each other anymore. The battery was full but as soon as I unplugged the AC, the laptop shut down immediately, fairly useless ;-)

Have a look at Apple's support case MacBook Battery Update.

This patch apparently prevent the synchronization failure to happen, saving you a WFT moment and few hours of downtime.

I have been fairly impressed by the Genius bar support. It took me 1h to figure it out the problem in the morning (The Apple support website roughly described my problem), I made an appointment right away, another hour later I had my new battery operational (travel time included).

At least, they don't argue with you and don't ask if you know how to turn the power on. It's a big plus compared to other support organizations.