Nomad Network – Communicate Freely

Off-grid, resilient mesh communication with strong encryption, forward secrecy and extreme privacy.

Nomad Network allows you to build private and resilient communications platforms that are in complete control and ownership of the people that use them. No signups, no agreements, no handover of any data, no permissions and gatekeepers.

https://github.com/markqvist/NomadNet

Information is the basis of society in the digital world.
Freedom of expression/speech and free access to information are indispensable prerequisites for democracy.

Sadly, there are misleading and dubious organisations, lobbyists, parties, secret services, legislative and executive bodies that work against these liberal, enlightened and humanitarian values and demand or advocate censorship, online and offline.
This is a big threat for civil society – you and me, all of us.

And this is what makes projects like NomadNet important and valuable.

Stand up for freedom of expression/free speech and fight censorship!

(And as always, please note the disclaimer: All software and hardware can have security bugs).

macOS Ventura: Fix the “Operation not permitted” error in Terminal

The “Operation not permitted” error message is caused by one of the typical annoyancesfeatures in macOS, namely the Terminal app lacking “full disk access” by default (and by design).

This conclusion unfortunately isn’t obvious, as when encountering the above error message, one would typically first check the ownerships and permissions of the directory/file/symlink “causing” the error, then perhaps the ACL / extended attributes, then whether the resource might still be locked by another process accessing it, and last but not least, one would remember macOS’s SIP (System Integrity Protection) and even consider booting into recovery mode. But none of that is actually required. The solution is:

  1. In the macOS “System Settings”, go to “Privacy & Security”
  2. Then click on “Full Disk Access” and enable it for “Terminal” (slider turns blue)
  3. Open a new Terminal window/session

Irritatingly, upgrading to macOS Ventura apparently resets the Terminal app’s security privileges.

Example:

I wanted to remove and recreate a symlink, so that “MobileSync” (where macOS stores backups of iOS devices like iPhones, iPads) isn’t just a regular, local directory, but a symlink pointing to a directory on a mounted NAS share. Advantage: Backups of iOS devices don’t use up valuable (and expensive) SSD storage space on your MacBook Air/Pro, but use cheap NAS storage instead (further, you don’t create duplicate backups on each of your Macs). Here’s where the MobileSync symlink is located and where it points to, in my case (you can create it using ‘ln -s /Volumes/backups_ios/MobileSync .‘, my share is named ‘backup_ios‘)

mymac ~/Library/Application Support $ ls -lad ~/Library/Application\ Support/MobileSync
lrwxr-xr-x 1 myuser staff 31 Apr  1 00:47 '/Users/myuser/Library/Application Support/MobileSync' -> /Volumes/backups_ios/MobileSync

Even as root, I first couldn’t remove the symlink I created some time back before the upgrade to Ventura. Which is even the more puzzling considering this all happens in a regular user’s home directory.

New Apple Magic Keyboard with Numeric Keypad is surprisingly good, even excellent!

Recently, I’ve managed to render my beloved old Apple Keyboard (full-size, with numeric keypad) useless – accidentally pouring half a glass of tap water over it was sufficient, unfortunately (due to the mineral ions in the tap water; distilled water wouldn’t have conducted electricity and thus wouldn’t have shorted circuits; on the other hand, drinking distilled water would probably shorten your life, so please don’t consider doing this).

Luckily, I could temporarily use a similarly old, compact Apple Bluetooth keyboard instead. As I really wouldn’t recommend that keyboard for everyday work though (poor, bubbly typing experience, odd placement of keys requiring weird function key combinations, no numeric keypad), I had to order a full-size keyboard as a replacement again, so I ordered one of the new Apple Magic Keyboards with a Numeric Keypad (in Space Gray and I really like that, but the colour doesn’t matter in regard to the typing experience):

https://www.apple.com/ch-de/shop/product/MRMH2SM/A/magic-keyboard-mit-ziffernblock-schweiz-space-grau

(above is the Swiss German version, US version: https://www.apple.com/shop/product/MRMH2LL/A/magic-keyboard-with-numeric-keypad-us-english-space-gray)

I first thought that the even smaller lift of the keys (luckily with scissor and not butterfly switches) of this new keyboard would be very disturbing and that I’d have a hard time getting accustomed to it.

To my big surprise however I got accustomed to this new typing experience within a couple of hours already and now, after about 3 weeks of using it, I can confidently say: I love this new Apple Magic Keyboard with Numeric Keypad even much more than my previous, old Apple Keyboard with Numeric Keypad and wouldn’t want to switch back anymore.

Typing with it feels so immediate, so quick and so “raw” and “crunchy”, it’s literally almost addictive. I can type considerably faster with it than with the previous keyboard, let alone any regular IBM-type keyboards (although I like those too, for their build-quality, for the interesting history and stories behind them, for their customizability and standardization, for the bustling keyboard enthusiast scene around it). Further, typing for a prolonged time feels much less tiring for the fingers, hands and forearms.

It feels as if you had to work with a wobbly tool for quite some time, then all of a sudden, get a very precise and exact instrument, like e.g. skiing with racing skis vs. with allround skis. It’s pure joy!

The difference is difficult to describe, so I would recommend you rather go experience it yourself and judge for yourself. For me, it’s my most favourite keyboard so far.

I’m even thinking of getting one for the Windows workstation at work too, it’s that good.

Got a recent Mac and Boot Camp? You’ll need unofficial drivers.

(Or: The sad state of Apple’s Boot Camp support)

If you use Boot Camp with the official AMD GPU drivers the Boot Camp assistant installs, you’ll notice that many recent games in Windows 10 will issue warnings about outdated AMD GPU drivers and/or will simply crash (e.g. after a couple of minutes, like Forza Horizon 4).

Apparently, the only remedy is installing unofficial AMD drivers from https://www.bootcampdrivers.com (kudos!). It worked fine for me ( Adrenalin 19.1.2 V3 on a 15 inch MBP late 2018 with an AMD Radeon Pro 560X) – the games stopped crashing – BUT apparently, installing unofficial drivers from the above web site happens to void your Apple Care warranty (read: You do it at your own risk).

This means that one has the choice to either void the warranty or stick with an unacceptably buggy Boot Camp installation. Really, Apple?

Paragon CampTune – a handy tool to resize the Boot Camp partition

Recently I ran out of space on a Boot Camp partition with Windows 10 Pro. So I looked around for ways to make more space for Windows by shrinking the macOS partition and enlarging the Windows partition. Apple doesn’t officially support this in Boot Camp without reinstalling Windows, and doing these operations by hand, e.g. with the help of GNU Parted, is time consuming and tedious.

Luckily, I stumbled over Paragon CampTune, a commercial macOS utility (ready for 10.14 Mojave) that automates these tedious tasks and allows to resize the macOS and Boot Camp partitions on the fly, without having to reinstall Windows or macOS.

It finally worked wonderfully, the only irritating thing was that the tool showed a bland error at the first start of the repartitioning process: “Object not found”. After restarting the process with slightly different partition sizes, it could be successfully completed.

I can thus recommend this handy utility as it can save hours of work for a few bucks (ca. 22 USD).

Beware: iOS 12 may have deleted your voice memos! How to recover them using iTunes and Time Machine.

Apple’s hardware and software ecosystem generally provides a fantastic UX by tight integration, relatively good usability (compared to most competitors) and good services and support.

Sometimes, users may be bitten by terrible hw and sw bugs nonetheless. The worst Apple software bug I’ve personally experienced so far is that I recently noticed that all my many voice memos on my iPhone were gone! The exact reason why and how this happened hasn’t been fully investigated yet, but the observed issue is evidently linked to the recent iOS 12 update release (and potentially also to later iOS 12.x releases, as neither the problem nor any fix have been mentioned in any of the iOS 12.x update changelogs to date). The data loss seems to have to do with the introduction of the revamped voice memo app (that is now also available on the iPad), perhaps due to a bug in the iCloud synchronisation.

So, lots of invaluable voice memos I recorded for beloved ones, recordings of important conversations and thoughts, all gone! Nothing to be delighted about, to say the least!

I thus contacted Apple support and they were very kind and keen to determine the problem and find a mitigation or solution (I was on the phone with them for roughly 45 minutes, involving 2nd level support too). They didn’t find any such issue mentioned in their support database though and apparently, none of the supporters I talked to ever heard of anything like that before, despite it being mentioned all over twitter). For understandable legal reasons, as they never recommend “random” 3rd party tools as a matter of principle, they couldn’t recommend the solution detailed in this blog post, but suggested a more general solution, involving only Apple tools and services (see at the very bottom of this post; if you don’t mind the risk and backing up your iPhone to iCloud, you could try this alternatively).

After a quick assessment, I decided to go with another solution as all in all, it seemed more transparent and promising, less time consuming and with an acceptable risk for me.

Idea and big picture: Extract the lost voice memos from an old iPhone backup in iTunes, ideally the latest backup before the release/installation of iOS 12, i.e. before Sept 17, 2018.

Disclaimer 1: Although the following tips worked fine for me, I can’t guarantee they’ll work for you too – you follow these steps at your own risk. If in doubt, I recommend backing up all your data redundantly on various media before.

Disclaimer 2: Let me tell you this first: If you don’t have any backups of your iPhone, don’t use iTunes for iPhone backups and don’t have Time Machine backups of those backups in iTunes, you’re likely out of luck. At least I didn’t find any method to restore the disappeared voice memos on the iPhone itself – once iOS 12.x is installed, those memos apparently weren’t anywhere on the device itself anymore. Considering iOS 12’s and iPhone’s more and more restrictive data protection measures, it would likely also be difficult for professional data recovery services to recover any lost voice memos from the device (they would need to be technically on par with secret services and forensic experts -> seldom and accordingly expensive).

So here are the detailed steps to follow:

  1. As precaution, create a current Time Machine backup of the Mac that holds the iTunes backups.
  2. Restore from Time Machine to the Mac the latest iPhone backup before iOS 12 was installed on your iPhone. Usually, this should be the latest Time Machine backup before Sept 17, 2018:
    1. Determine the relevant iPhone backup in iTunes
      1. Open iTunes
      2. In the iTunes preferences, navigate to the “Devices” pane
      3. Figure out the relevant backup of your iPhone
      4. Right-click on the entry and choose “Show in Finder”
    2. Enter Time Machine (by clicking on the according icon in the macOS menu bar and by choosing “Enter Time Machine”) and restore the latest version of the selected folder that was created before Sept 17, 2018, from your Time Machine backup. Note that restoring that folder can take anything from  10 minutes up to an hour or two, depending on the iPhone’s storage size, your network’s bandwidth etc.
  3. If your iPhone backups in iTunes aren’t encrypted, you can try using a free open source tool like the Open Backup Extractor (download page for the binary) to extract your voice memos from the backup in iTunes. Note: You use this tool at your own risk, like any tool and suggestion here (I didn’t review or audit it).
  4. If your iPhone backups in iTunes are encrypted: In this case, the above free, open source tool doesn’t work, as accessing encrypted backups is not supported by it yet (in v1.1 at the time of writing).
    I’ve only found commercial tools that can deal with encrypted backups.
    The tool I used successfully (and hence purchased for roughly 40-50 bucks) is iMazing (v2 at the time of writing) by DigiDNA. I chose this tool as it seemed to be the most professional and most trustworthy one of the many iPhone recovery tools I found online. It’s by a Swiss company; up-to-date (v2.7.2 was released on Oct 3, 2018); the binary files are properly signed; the web, GitHub, social media pages I visited looked professional and didn’t hint a scam.
    Note: This is in harsh contrast to many shady data recovery tools out there, some of them obviously being scams,  not working correctly, being trojans, crypto lockers, data sniffers or similar.
    Either way: You use any 3rd party tool at your own risk! Mind that you’re basically giving the tool full access to both your Mac and iPhone!

    1. Download the iMazing demo app to your Mac
    2. As a precautionary measure, you may want to disable wifi networking and disconnect any Ethernet network cable (like that you could at least prevent live data sniffing and sending by such a tool -> not delayed data sniffing and sending though)
    3. Install the iMazing demo app
    4. If you run macOS 10.14 (Mojave) or later, give iMazing.app full disk access:
      1. In System Preferences -> Security & Privacy -> Privacy -> Full Disk Access click the lock icon to make changes, then click the “+” button and add ‘iMazing.app’ to the list of apps with full disk access (this is required as access to the iTunes ‘Backup’ folder is restricted in macOS 10.14 and later)
    5. Run the iMazing demo app and extract the voice memos of the pre-iOS-12 iTunes backup of your iPhone:
      1. Run the iMazing demo app
      2. Click “later” when prompted to buy a license (we want to test whether the tool works before making a purchase, right?)
      3. In the list on the left, instead of accessing the iPhone directly, select the iTunes backup we previously restored from the Time Machine backup
      4. When prompted by iMazing, enter the encryption password to let the app decrypt the encrypted backup
      5. Go to the “Voice Memos” app icon in the list and select all the listed voice memos you’d like to extract from the backup.
      6. If you want to extract 3 voice memos only, you can do this with the demo app. If you want to extract more than 3 voice memos, you need to purchase and unlock/activate the full version of iMazing, which I did. If you try to extract more than 3 voice memos, a handy assistant will be displayed to guide you through purchasing and activating the full version of iMazing, which is pretty straightforward.
      7. Extract the voice memos to a local folder. Voilà, here you have your dear voice memos again (as .m4a files, playable with e.g. the Quick Time Player or VLC)! Not in the voice memo app on your iPhone anymore, but that’s usually less of a concern anyway (I for one won’t trust the new, apparently rushed voice memo app and will always export future voice memos to an external medium right after recording one).
  5. If you don’t need anything else from the old iPhone backup in iTunes (some other users experienced also other data loss when upgrading to iOS 12, so check if that applies to you too), you can now restore the latest iPhone backup in iTunes from the Time Machine snapshot we created in step 1.
  6. If you don’t need iMazing anymore you can remove its “full disk access” privilege and uninstall iMazing (e.g. using any of the uninstaller apps in the Apple Store or AppCleaner). I also removed the “iMazing.Versions” folder in ~/Library/Application\ Support/MobileSync/Backup that iMazing created for its own purpose.
  7. To lower the risk of losing voice memos and other data on your iPhone/iPad in the future, consider the following tips:
    1.  Create iTunes (or iCloud) backups of your iPhone/iPad regularly. If you use iTunes to back up your iPhone/iPad, make sure to also create regular Time Machine backups of your Mac holding your iTunes backups. It’s best to automate both tasks by ticking the according checkboxes in iTunes and Time Machine.
    2. In the settings of the “voice memos” app on your iPhone/iPad, tell the app to “never” remove user-deleted voice memos (instead of removing them after “30 days”, which seems to be the somewhat unfortunate default in the new voice memo app). AFAIK, this only applies to already manually deleted voice memos though.
      BTW, I’d also recommend disabling the location-dependent naming of voice memos as this is a pretty silly feature for most users.
    3. Consider disabling “automatic updates” in your iPhone/iPad settings under “General” -> “Software updates”. Like that you can wait a couple of days or weeks before installing newly released iOS versions and check the feedback of other users on social media like Twitter first, and maybe catch potential big glitches like that. Actually, Apple’s beta/developer release staging mechanism is supposed to catch those glitches before they can reach the general public in an official release, but apparently, that mechanism hasn’t worked as well yet as it should have.
      Note though that on the other hand, by not installing new releases automatically, you’ll potentially expose your iPhone/iPad to additional security risks due to a bigger time window with missing security patches. So, this advice is a two-edged sword. Decide for yourself!

Interesting observations:

  • I was a bit astonished to see that iTunes itself apparently doesn’t create incremental backups, but only saves the very latest state/snapshot of any device. It thus apparently fully relies on Time Machine’s incremental backup feature if you want to access earlier backups than just the latest snapshot, i.e. you need additional Time Machine backups of your iTunes backups to accomplish this. It looks like iTunes also doesn’t use macOS versioning or APFS’s snapshot feature.
  • Note that iMazing creates a new folder named “iMazing.Versions” in ~/Library/Application\ Support/MobileSync/Backup for its own purpose, which is astonishing and slightly annoying.

Finally, here’s what Apple support suggested doing, instead of the above method:

  1. Backup your current iPhone to iCloud. If you don’t have enough iCloud storage to store the content of your iPhone, purchase a suitable amount of storage before.
  2. Reset your iPhone, deleting all content
  3. Restore your phone from an old (pre-iOS-12) backup in iTunes that still contains your voice memos (note: they didn’t mention that one has to restore that backup from Time Machine first, in most cases)
  4. When starting your iPhone, connect it to iCloud. In particular, let the voice memo app synchronise with iCloud.
  5. Switch off and switch on again the iCloud synchronisation in the settings of the voice memo app in order to make it synchronise the old voice memos to iCloud
  6. Restore the backup from iCloud

According to the Apple support, this should intelligently merge old and new data, so that you end up with iOS 12 and all the new and old data on it, without losing any, including the old, previously vanished voice memos.

If you don’t mind the potential risk of a failed data merge and don’t object backing up your iPhone to iCloud, you could alternatively try this.

Either way, I hope these tips are helpful. Good luck!

 

 

 

 

macOS: SystemUIServer eating your CPU? Check your Ethernet connection!

Recently, the SystemUIServer process on my MBP running macOS Sierra has started “eating” a lot of CPU, slowing down the whole machine, even making the clock in the top menu bar stop working properly. It usually started using one-digit percentages of the available CPU power, then growing to 10%, 15%, 20%, up to well above 60%, sometimes even 80% and more! It wasn’t a steady growth – it sometimes shrank again, just to grow even further.

The only apparent remedy was to kill the SystemUIServer process (e.g. using the Activity Monitor) from time to time (i.e. every 30 minutes -> there are also scripts to automatically restart SystemUIServer). Its CPU usage then reset to a low one-digit number.

Taking a closer look at the process in the Activity Monitor, I then noticed that the number of (used) ports (so-called “Mach ports“) by the process were steadily growing, once SystemUIServer was started. This was weird, pointing to some kind of leakage. Typically, for a CPU load of around 50%, more than 5000 Mach ports were used.

By coincidence, I then noticed that, unlike expected, my MBP wasn’t actually using Ethernet, but only WiFi. Further investigation then hinted that the according Gigabit Ethernet port on my HP 1810 switch was apparently malfunctioning (or even dead): In the macOS Network Preferences, the Thunderbolt-Ethernet connection was constantly shown as red/disconnected, although the OS was apparently trying to establish a connection again and again (and failed). First, I even suspected a problem with the Thunderbolt-Gigabit-Ethernet adapter itself (it wasn’t the problem here, the adapter seemed to work fine with another Mac and connection).

The solution to this problem thus was:

  • Connect the Ethernet cable to another, working Ethernet port: Now the SystemUIServer process consumes less than 0.1% CPU again and roughly 400 ports only, both with and without additional WiFi.
    Note that both the problem and this solution are reproducible.

Lessons learned:

  • Sometimes, very unexpected, seemingly unrelated and “small” problems can have big (negative) effects.
  • Sometimes you need a bit of luck to find the cause of a problem (a web search didn’t bring up the above hint, rather suggested updating or removing faulty apps, buggy extensions and menu widgets. I thus already tried removing or updating some of the suspected apps, extensions and widgets.)
  • Ports of HP 1810 switches can actually break/fail! Remember the saying: “I got 99 problems, but a switch ain’t one!” – well, in this case, the faulty switch was actually part of the problem and even the initial trigger of the problem! Also remember that HP offers a lifelong warranty on its (good ol’) 1810 switches.
  • Extra points for you, further research: The fact that the SystemUIServer allocates more and more Mach ports if there’s a malfunctioning Ethernet port (i.e. faulty Ethernet connection or faulty handling of a faulty Ethernet connection by the Thunderbolt-Gigabit-Ethernet adapter) is hinting that this might be an attack vector for a (new?) DoS attack. Perhaps not an easily exploitable one (on the Ethernet or MAC layer, even), but it’s nonetheless something that should actually be handled gracefully by SystemUIServer, not leading to more and more CPU and system resources being consumed.
    If you have time to research this further, let me know about your findings!