S/Mime and iOS5 and Google Apps/Exchange – no worky

I’ve been trying to get my s/mime email signing certificate to work under ios5 and i think i’ve found a bug.

If you are trying to send a signed email from your iOS5 device and instead your recipients are receiving an attachment called smime.p7s it is likely that you are using gmail or google apps and are also using the exchange connector in iOS.

My guess is that Google didn’t setup a PKI infrastructure properly and when iOS tries to go a fetch a certificate from the non-existent exchange server the process fails and then an attachment is created.

If you setup your iOS mail account to google via IMAP then smime works as expected.

Filed a bug report with apple – 10302200.

[Update: 7 March 2012 – This is not fixed in iOS 5.1]

[Update: 17 November 2012 – This is not fixed n iOS 6.0.1]

Fix Time Machine Sparsebundle NAS Based Backup Errors

Time Machine

This is a modification of an original post for use when you have a corrupt sparsebundle backup on a NAS (as opposed to an external drive attached to a router) and it needs to be repaired. The NAS is likely a hardware product from the likes of Netgear, Synology, Buffalo or QNap – or for those of us with a home-grown backup server running FreeNAS.

The error you may see is “Time Machine completed a verification of your backups. To improve reliability, Time Machine must create a new backup for you.” This can be fixed by following the below.

From your Mac, connect to the network share that houses the sparsebundle.

At the top level of the drive are the various sparsebundles that make up your individual computer backups.

Do not double click on these sparsebundles or try to repair with Disk Utility.

Open Terminal and then switch to root by typing

sudo su -

and then enter your password.

The verication that has already run has marked your sparsebundle as bad, so first we need to make it look normal.

From the command line

chflags -R nouchg /Volumes/{name of your network share}/{name of}.sparsebundle

This may take a little while.

Now type

hdiutil attach -nomount -noverify -noautofsck /Volumes/{name of your network share/{name of}.sparsebundle

You will then see something like

/dev/diskx Apple_partition_scheme
/dev/diskxs1 Apple_partition_map
/dev/diskxs2 Apple_HFSX

Where x is the disk id for the external disk. You are interested in the one labeled Apple_HFSX or Apple_HFS. It might be 2, 3, 4 or higher.

At this point, I have found that the filesystem check is already happening. You can check for activity by tail’ing the fsck_hfs.log

tail -f /var/log/fsck_hfs.log

If fsck is going then in my experience it will be able to repair the sparsebundle. Go away for a few hours and let it chug away.

When it is done, you will either see

‘The Volume was repaired successfully’

or

‘The Volume could not be repaired’

If the latter you can run disk repair again:

fsck_hfs -drfy /dev/diskxs2

(Optionally if you have the available RAM, you can set a RAM cache in the command above to help speed up this command like so:

fsck_hfs -drfy -c 750 /dev/diskxs2

This will use 750MB of RAM – feel free to change this amount to best fit your system (amount of RAM vs size of your Time Machine Sparsebundle). If you are unsure about this, use the first command.

Make sure to replace x with whatever number your disk is from the output above.

The letters “drfy” tell the filecheck utility different things. d for ‘Show Debug’ – r for ‘Rebuild Catalog Tree’ – f for ‘Force’ and y for assume ‘yes’ to any prompts.

Now go do something for an hour or two. Come back and

tail -f /var/log/fsck_hfs.log

If all went well, the last output you will see is

‘The Volume was repaired successfully’

Now you need to type
hdiutil detach /dev/diskxs2

You can redo the above for any other Time Machine sparse bundles you have permission to modify while you have the network share attached to your computer.

Final step.

When complete, you need to edit an plist file within the sparsebundle that records the state of the backup. On the top level of the sparsebundle find a file called com.apple.TimeMachine.MachineID.plist. Edit it and remove these two nodes

<key>RecoveryBackupDeclinedDate</key>
<date>{whatever-the-date}</date>

Finally you want to change

<key>VerificationState</key>
<integer>2</integer>

to
<key>VerificationState</key>
<integer>0</integer>

Now you can eject the network share and have Time Machine give it another go. After the (long) verification step, backups should proceed once again.

Notes:

Ideally this should be done over a gigabit wired network connection. Do not attempt using Wi-Fi. You also want to make sure your machine does not go to sleep during the above operation.

[Update: 1.1.2013]

I appreciate all the warm feedback from people all over the world who have been helped by this post. This site helps to fund my hobbies, so if this post has helped you please consider a USD $1.99 donation to my hobby fund.

[Update: 12.23.2012]

If after running the initial

fsck_hfs -drfy /dev/diskxs2

command you get a message in the fsck_hfs.log along the lines of

RebuildBTree – record x in node y is not recoverable.

then try

fsck_hfs -p /dev/diskxs2

followed by

fsck_hfs -drfy /dev/diskxs2

And see if that works.  It did for me today.

iTunes

iTunes Home Theater – How to integrate with iPad, iPhone, other iOS devices, AV Receiver and TV

I’ve been asked a few times to explain how iTunes runs everything in the house. So here it is.

We have an always-on computer (a mac, but could be an old PC) – which is always running iTunes and this is where we keep all of our homemade and purchased media – Movies, TV Shows, Music.

The iTunes folder is stored on an external disk that has an internal RAID-1 mirror (One drive can die and you are ok) — like this one

LaCie External Raid

Each iPod, iPad, iPhone in the house that wants media, syncs to this machine – with the relevant tabs in iTunes adjusted per device.

THEN

We have two Apple TV’s – one for each TV. We have an old model and a new model. New model is here:

Apple TV 2

The new Apple TV is connected via HDMI to the AV Receiver (Yamaha RX-V667) and the receiver is then connected to the main TV set. Apple TV is also connected to the house network.

Using the Apple TV software everything on the aforementioned iTunes computer can be watched on the main TV on demand. Apple TV can also buy individual TV Shows or Movies from the iTunes store and you watch them on your TV. The new Apple TV also allows you to stream shows from Netflix. You also have access to YouTube, Vimeo, Flickr and MLB tv and NBA tv streaming.

As a bonus, if the iTunes computer is a mac and you have iPhoto – you can setup Apple TV to use your digital photo library as a slideshow on the TV – which is nice to have just running in the background.

And another bonus, Apple TV becomes a ‘speaker’ destination for iTunes. From the iTunes computer you can play any of your music and then choose to stream to Apple TV and the sound will come out of your TV or home stereo (however your TV sound is setup). This is called Airplay – formerly called AirTunes. Another feature of Airplay is the ability to send video from the iTunes computer or your iPad straight to the TV for watching – pretty much any video you can watch on your iPad — YouTube/Vimeo/iTunes/etc.

I recently added outdoor speakers to the back deck and that was a little tricky as they would be run through the Yamaha receiver but I also wanted a separate volume control so they would not just be the same volume as what was playing in the Living Room. To solve this, I had to use another Airport Express (AX). So the Airport Express sits in the AV Cabinet and the Airplay name is ‘Back Deck Speakers’. The AX is then connected to the AV Receiver via a 3.5mm to RCA cable. On the iTunes computer, I then select the ‘Back Deck Speakers’ and turn on Zone 2 on the Yamaha and I have amplified sound that is separate from what is playing on the Yamaha.

Finally, Apple has a free Remote app for iPad/iPhone/iPod Touch that can control all of the above and also makes any typing you need to do on the Apple TV much easier.

An IPv6 search result icon and specific browser error message for IPv6?

As I have been playing more with IPv6 I have noticed even Google is not returning search results for IPv6 only sites. My own test site – ipv6.cybernode.com has been indexed by Googlebot – but the pages do not show up in Google results.

So I started thinking – well, what if they did? Most people would not be able to reach the site in question, since most ISPs do not have IPv6 for their end-users. So really, why would Google display a page link that 99.999999% of their users can’t reach?

What’s needed? I think we need two things:

1 – An icon that search engines can use to note that the result in question is an IPv6 only site. This will need to be accompanied by a public information campaign, but this will be necessary anyway.

2 – Browsers can’t just return 503 service unavailable. Most users don’t know what this means and it gives them nothing to act on. Google said there is a page there with information I want – why can’t I get there …

Browsers need to help the users by:

– if there is only an AAAA record and no A record and the user does not have IPv6 connectivity then display an error message along the lines of ‘This site is only available over IPv6. Your computer does not have IPv6 connectivity. Contact your ISP and demand IPv6 connectivity today.’ Maybe even use some geo-location services to determine the users IP address and display their ISP name.

Thoughts?

[UPDATE] – I did find this feature request for Chromium but it got a ‘won’t fix’ response – I think they should reconsider as this is going to be a problem going forward

IPv6 Enabled

Hurricane Electric, my co-location provider was kind enough to allocate 18 quintillion IPv6 addresses to me (a /64 block) and I have started to put them to use. My Linux kernel has been IPv6 ready for awhile, so I added ipv6 addresses alongside my ipv4 addresses, setup dual-stack dns, and also dual-stack apache, and voila!

So far, this blog, cybernode.com, and Jeteye are all IPv6 enabled. And there is one IPv6 only site at – ipv6.cybernode.com. Let me know if you have any questions.

I also have a domain setup using only IPv6 for email. If you need an account to test IPv6 email, let me know via the comments.

Fix Time Machine Sparsebundle Network Backup Errors

[UPDATE – The post below is mostly for people using a USB hard drive attached to an Airport Extreme – if your sparsebundle is on a network drive or NAS, please see my modified post here.]

I use an external hard drive attached via USB to an Airport Extreme N for my Time Machine backups. This effectively works for the four household computers.

Occasionally though, things go wrong – very wrong. You will be stuck with ‘Making Disk Available’ or ‘Invalid Sibling Link’ … but there is a fix.

Another error you may see is “Time Machine completed a verification of your backups. To improve reliability, Time Machine must create a new backup for you.” This can also be fixed by following the below.

First, disconnect the external disk from the Airport Extreme and attach to your Mac via Firewire (or USB).

At the top level of the drive are the various sparsebundles that make up your individual computer backups.

Do not double click on these sparsebundles or try to repair with Disk Utility.

We are going to use the same underlying tools as Disk Utility but from the command line.

Second, open Terminal and then switch to root by typing

sudo su -

and then enter your password. Now type

hdiutil attach -nomount -noverify -noautofsck /Volumes/{name of your disk}/{name of}.sparsebundle

You will then see something like

/dev/diskx Apple_partition_scheme
/dev/diskxs1 Apple_partition_map
/dev/diskxs2 Apple_HFSX

Where x is the disk id for the external disk. You are interested in the one labeled Apple_HFSX or Apple_HFS. It might be 2, 3, 4 or higher.

Depending on the state of the disk, the filesystem check might run anyway. If you see or hear disk activity after running this command, just wait for it to finish, or type

tail -f /var/log/fsck_hfs.log

and wait until you see it give up. Type Control-C to exit the tail command.

Now type

fsck_hfs -drfy /dev/diskxs2

Make sure to replace x with whatever number your disk is from the output above.

The letters “drfy” tell the filecheck utility different things. d for ‘Show Debug’ – r for ‘Rebuild Catalog Tree’ – f for ‘Force’ and y for assume ‘yes’ to any prompts.

Now go do something for an hour or two. When you come back the last output you will see is

‘The Volume was repaired successfully’

Now you need to type

hdiutil detach /dev/diskxs2

You can redo the above for any other Time Machine sparsebundles while you have the disk attached to your computer, or now you can eject the external disk from your computer the normal way and re-attach the external disk to your Airport.

One final thing. Since 10.6.3, Time Machine will verify backups and if a problem is found will prompt you to erase the old backup and start a new one. The above procedure will recover the backup. You need to do a couple things first.

1. The sparsebundle will be locked, and you cannot unlock it from the Finder. Once again, as root from the command line type

chflags -R nouchg /Volumes/{name of your disk}/{name of}.sparsebundle

If the sparsebundle failed verification, it was also renamed to the date of verification failure. You can rename it with the command line as well

mv /Volumes/{name of your disk}/{name of}_YYYY-MM-DD.sparsebundle /Volumes/{name of your disk}/{name of}.sparsebundle

Then proceed as above. When complete, you need to edit an plist file within the sparsebundle that records the state of the backup. On the top level of the sparsebundle find a file called com.apple.TimeMachine.MachineID.plist. Edit it and remove these two nodes

<key>RecoveryBackupDeclinedDate</key>
<date>{whatever-the-date}</date>

Finally you want to change

<key>VerificationState</key>
<integer>2</integer>

to

<key>VerificationState</key>
<integer>0</integer>

Now you can reconnect the drive to your Airport Extreme and start up Time Machine. It will do a Verification and then proceed with backups as normal.

Gift Card Laundering, or Buying Other Gift Cards with a Visa Gift Card

I recently received a Visa Gift Card, which is a very nice thing to get, but unfortunately has a couple issues when used online. Namely, there is no ‘Billing Address’ associated with the card, so trying to use the Visa Gift Card as payment at online merchants such as the Apple Store, Apple iTunes Music Store (iTMS) or Amazon, the payment is unable to be processed.

What to do?

So I headed over to Safeway and bought some gift cards for Amazon and Apple iTunes, paid Safeway with the Visa Gift Card and then proceeded to redeem the vendor specific cards as needed.

A little convoluted, but it worked.