PDF Squeezer for macOS

If you’ve ever looked for a macOS tool that can compress PDFs, you’ve probably come across a list of dozens of apps in the Mac App Store for exactly that purpose. The problem: Most of them seem to be really old, incomplete, buggy or hardly working anymore.

One tool I can recommend (I bought it, use it almost daily and like it): PDF Squeezer (5.99 USD) (Home page)

Unlike the barely usable PDF compression feature in Apple’s Preview app (in the macOS file previewer, choose “Export…”, then “Quartz Filter: Reduce File Size”), PDF Squeezer manages to reduce a PDF file’s size by about 60-90% while retaining the original file’s legibility and good quality.

P.S. Another useful (free) tool from the same publisher, the PDF Print Service Creator, can be downloaded for free and allows to customize macOS’s print dialog in order to send any printable document directly to any of the apps that are capable of opening PDFs.

Paragon CampTune – a handy tool to resize the Boot Camp partition

Recently I ran out of space on a Boot Camp partition with Windows 10 Pro. So I looked around for ways to make more space for Windows by shrinking the macOS partition and enlarging the Windows partition. Apple doesn’t officially support this in Boot Camp without reinstalling Windows, and doing these operations by hand, e.g. with the help of GNU Parted, is time consuming and tedious.

Luckily, I stumbled over Paragon CampTune, a commercial macOS utility (ready for 10.14 Mojave) that automates these tedious tasks and allows to resize the macOS and Boot Camp partitions on the fly, without having to reinstall Windows or macOS.

It finally worked wonderfully, the only irritating thing was that the tool showed a bland error at the first start of the repartitioning process: “Object not found”. After restarting the process with slightly different partition sizes, it could be successfully completed.

I can thus recommend this handy utility as it can save hours of work for a few bucks (ca. 22 USD).

Beware: iOS 12 may have deleted your voice memos! How to recover them using iTunes and Time Machine.

Apple’s hardware and software ecosystem generally provides a fantastic UX by tight integration, relatively good usability (compared to most competitors) and good services and support.

Sometimes, users may be bitten by terrible hw and sw bugs nonetheless. The worst Apple software bug I’ve personally experienced so far is that I recently noticed that all my many voice memos on my iPhone were gone! The exact reason why and how this happened hasn’t been fully investigated yet, but the observed issue is evidently linked to the recent iOS 12 update release (and potentially also to later iOS 12.x releases, as neither the problem nor any fix have been mentioned in any of the iOS 12.x update changelogs to date). The data loss seems to have to do with the introduction of the revamped voice memo app (that is now also available on the iPad), perhaps due to a bug in the iCloud synchronisation.

So, lots of invaluable voice memos I recorded for beloved ones, recordings of important conversations and thoughts, all gone! Nothing to be delighted about, to say the least!

I thus contacted Apple support and they were very kind and keen to determine the problem and find a mitigation or solution (I was on the phone with them for roughly 45 minutes, involving 2nd level support too). They didn’t find any such issue mentioned in their support database though and apparently, none of the supporters I talked to ever heard of anything like that before, despite it being mentioned all over twitter). For understandable legal reasons, as they never recommend “random” 3rd party tools as a matter of principle, they couldn’t recommend the solution detailed in this blog post, but suggested a more general solution, involving only Apple tools and services (see at the very bottom of this post; if you don’t mind the risk and backing up your iPhone to iCloud, you could try this alternatively).

After a quick assessment, I decided to go with another solution as all in all, it seemed more transparent and promising, less time consuming and with an acceptable risk for me.

Idea and big picture: Extract the lost voice memos from an old iPhone backup in iTunes, ideally the latest backup before the release/installation of iOS 12, i.e. before Sept 17, 2018.

Disclaimer 1: Although the following tips worked fine for me, I can’t guarantee they’ll work for you too – you follow these steps at your own risk. If in doubt, I recommend backing up all your data redundantly on various media before.

Disclaimer 2: Let me tell you this first: If you don’t have any backups of your iPhone, don’t use iTunes for iPhone backups and don’t have Time Machine backups of those backups in iTunes, you’re likely out of luck. At least I didn’t find any method to restore the disappeared voice memos on the iPhone itself – once iOS 12.x is installed, those memos apparently weren’t anywhere on the device itself anymore. Considering iOS 12’s and iPhone’s more and more restrictive data protection measures, it would likely also be difficult for professional data recovery services to recover any lost voice memos from the device (they would need to be technically on par with secret services and forensic experts -> seldom and accordingly expensive).

So here are the detailed steps to follow:

  1. As precaution, create a current Time Machine backup of the Mac that holds the iTunes backups.
  2. Restore from Time Machine to the Mac the latest iPhone backup before iOS 12 was installed on your iPhone. Usually, this should be the latest Time Machine backup before Sept 17, 2018:
    1. Determine the relevant iPhone backup in iTunes
      1. Open iTunes
      2. In the iTunes preferences, navigate to the “Devices” pane
      3. Figure out the relevant backup of your iPhone
      4. Right-click on the entry and choose “Show in Finder”
    2. Enter Time Machine (by clicking on the according icon in the macOS menu bar and by choosing “Enter Time Machine”) and restore the latest version of the selected folder that was created before Sept 17, 2018, from your Time Machine backup. Note that restoring that folder can take anything from  10 minutes up to an hour or two, depending on the iPhone’s storage size, your network’s bandwidth etc.
  3. If your iPhone backups in iTunes aren’t encrypted, you can try using a free open source tool like the Open Backup Extractor (download page for the binary) to extract your voice memos from the backup in iTunes. Note: You use this tool at your own risk, like any tool and suggestion here (I didn’t review or audit it).
  4. If your iPhone backups in iTunes are encrypted: In this case, the above free, open source tool doesn’t work, as accessing encrypted backups is not supported by it yet (in v1.1 at the time of writing).
    I’ve only found commercial tools that can deal with encrypted backups.
    The tool I used successfully (and hence purchased for roughly 40-50 bucks) is iMazing (v2 at the time of writing) by DigiDNA. I chose this tool as it seemed to be the most professional and most trustworthy one of the many iPhone recovery tools I found online. It’s by a Swiss company; up-to-date (v2.7.2 was released on Oct 3, 2018); the binary files are properly signed; the web, GitHub, social media pages I visited looked professional and didn’t hint a scam.
    Note: This is in harsh contrast to many shady data recovery tools out there, some of them obviously being scams,  not working correctly, being trojans, crypto lockers, data sniffers or similar.
    Either way: You use any 3rd party tool at your own risk! Mind that you’re basically giving the tool full access to both your Mac and iPhone!

    1. Download the iMazing demo app to your Mac
    2. As a precautionary measure, you may want to disable wifi networking and disconnect any Ethernet network cable (like that you could at least prevent live data sniffing and sending by such a tool -> not delayed data sniffing and sending though)
    3. Install the iMazing demo app
    4. If you run macOS 10.14 (Mojave) or later, give iMazing.app full disk access:
      1. In System Preferences -> Security & Privacy -> Privacy -> Full Disk Access click the lock icon to make changes, then click the “+” button and add ‘iMazing.app’ to the list of apps with full disk access (this is required as access to the iTunes ‘Backup’ folder is restricted in macOS 10.14 and later)
    5. Run the iMazing demo app and extract the voice memos of the pre-iOS-12 iTunes backup of your iPhone:
      1. Run the iMazing demo app
      2. Click “later” when prompted to buy a license (we want to test whether the tool works before making a purchase, right?)
      3. In the list on the left, instead of accessing the iPhone directly, select the iTunes backup we previously restored from the Time Machine backup
      4. When prompted by iMazing, enter the encryption password to let the app decrypt the encrypted backup
      5. Go to the “Voice Memos” app icon in the list and select all the listed voice memos you’d like to extract from the backup.
      6. If you want to extract 3 voice memos only, you can do this with the demo app. If you want to extract more than 3 voice memos, you need to purchase and unlock/activate the full version of iMazing, which I did. If you try to extract more than 3 voice memos, a handy assistant will be displayed to guide you through purchasing and activating the full version of iMazing, which is pretty straightforward.
      7. Extract the voice memos to a local folder. Voilà, here you have your dear voice memos again (as .m4a files, playable with e.g. the Quick Time Player or VLC)! Not in the voice memo app on your iPhone anymore, but that’s usually less of a concern anyway (I for one won’t trust the new, apparently rushed voice memo app and will always export future voice memos to an external medium right after recording one).
  5. If you don’t need anything else from the old iPhone backup in iTunes (some other users experienced also other data loss when upgrading to iOS 12, so check if that applies to you too), you can now restore the latest iPhone backup in iTunes from the Time Machine snapshot we created in step 1.
  6. If you don’t need iMazing anymore you can remove its “full disk access” privilege and uninstall iMazing (e.g. using any of the uninstaller apps in the Apple Store or AppCleaner). I also removed the “iMazing.Versions” folder in ~/Library/Application\ Support/MobileSync/Backup that iMazing created for its own purpose.
  7. To lower the risk of losing voice memos and other data on your iPhone/iPad in the future, consider the following tips:
    1.  Create iTunes (or iCloud) backups of your iPhone/iPad regularly. If you use iTunes to back up your iPhone/iPad, make sure to also create regular Time Machine backups of your Mac holding your iTunes backups. It’s best to automate both tasks by ticking the according checkboxes in iTunes and Time Machine.
    2. In the settings of the “voice memos” app on your iPhone/iPad, tell the app to “never” remove user-deleted voice memos (instead of removing them after “30 days”, which seems to be the somewhat unfortunate default in the new voice memo app). AFAIK, this only applies to already manually deleted voice memos though.
      BTW, I’d also recommend disabling the location-dependent naming of voice memos as this is a pretty silly feature for most users.
    3. Consider disabling “automatic updates” in your iPhone/iPad settings under “General” -> “Software updates”. Like that you can wait a couple of days or weeks before installing newly released iOS versions and check the feedback of other users on social media like Twitter first, and maybe catch potential big glitches like that. Actually, Apple’s beta/developer release staging mechanism is supposed to catch those glitches before they can reach the general public in an official release, but apparently, that mechanism hasn’t worked as well yet as it should have.
      Note though that on the other hand, by not installing new releases automatically, you’ll potentially expose your iPhone/iPad to additional security risks due to a bigger time window with missing security patches. So, this advice is a two-edged sword. Decide for yourself!

Interesting observations:

  • I was a bit astonished to see that iTunes itself apparently doesn’t create incremental backups, but only saves the very latest state/snapshot of any device. It thus apparently fully relies on Time Machine’s incremental backup feature if you want to access earlier backups than just the latest snapshot, i.e. you need additional Time Machine backups of your iTunes backups to accomplish this. It looks like iTunes also doesn’t use macOS versioning or APFS’s snapshot feature.
  • Note that iMazing creates a new folder named “iMazing.Versions” in ~/Library/Application\ Support/MobileSync/Backup for its own purpose, which is astonishing and slightly annoying.

Finally, here’s what Apple support suggested doing, instead of the above method:

  1. Backup your current iPhone to iCloud. If you don’t have enough iCloud storage to store the content of your iPhone, purchase a suitable amount of storage before.
  2. Reset your iPhone, deleting all content
  3. Restore your phone from an old (pre-iOS-12) backup in iTunes that still contains your voice memos (note: they didn’t mention that one has to restore that backup from Time Machine first, in most cases)
  4. When starting your iPhone, connect it to iCloud. In particular, let the voice memo app synchronise with iCloud.
  5. Switch off and switch on again the iCloud synchronisation in the settings of the voice memo app in order to make it synchronise the old voice memos to iCloud
  6. Restore the backup from iCloud

According to the Apple support, this should intelligently merge old and new data, so that you end up with iOS 12 and all the new and old data on it, without losing any, including the old, previously vanished voice memos.

If you don’t mind the potential risk of a failed data merge and don’t object backing up your iPhone to iCloud, you could alternatively try this.

Either way, I hope these tips are helpful. Good luck!

 

 

 

 

Solution: Apple Thunderbolt Display brightness control doesn’t work anymore

Apparently, there’s a macOS bug that if your Mac has been connected to a Thunderbolt Display for a long time, the brightness of the display can no longer be adjusted (neither by pressing the according F1/F2 keys on your keyboard nor by using the brightness slider in the display settings of the system preferences).

The simple yet surprising fix is:

  1. Unplug your Thunderbolt Display’s Thunderbolt cable, and plug it in again
  2. The display’s brightness will be adjustable again

 

(credits: https://forums.macrumors.com/threads/thunderbolt-brightness-control-settings-gone.1254406/)

GitLab 10.5 and later: Solution for error “Validation failed for domain” with Let’s Encrypt

GitLab 10.5 introduced built-in support for Let’s Encrypt.

Unfortunately, if you follow the official GitLab instructions how to enable Let’s Encrypt support, you may encounter the following error when rebuilding GitLab:

Running handlers:
There was an error running gitlab-ctl reconfigure:

letsencrypt_certificate[yourhost.yourdomain.com] (letsencrypt::http_authorization line 3) had an error: RuntimeError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 20) had an error: RuntimeError: [yourhost.yourdomain.com] Validation failed for domain yourhost.yourdomain.com

Running handlers complete
Chef Client failed. 11 resources updated in 11 seconds

Warnings:

Let’s Encrypt is enabled, but external_url is using http

The last line is rather misleading, as the domain validation can apparently also fail if one sets  external_url = “https://yourhost.yourdomain.com”

As a workaround, add the following two additional lines to /etc/gitlab/gitlab.rb (hat tip to Kai Mindermann and Thomas Jost for the hints):

nginx['redirect_http_to_https_port'] = 80
nginx['redirect_http_to_https'] = true

 

So, all in all, you need to set in /etc/gitlab/gitlab.rb:

external_url 'https://yourhost.yourdomain.com'

and add the following lines (adjust the notification e-mail address):

letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['gitlab-notifications@yourdomain.com'] # optional
nginx['redirect_http_to_https_port'] = 80
nginx['redirect_http_to_https'] = true

Make sure that your firewall doesn’t block access to ports 22 (SSH), 80 (HTTP), 443 (HTTPS).

After that, reconfigure GitLab (in a shell):

# gitlab-ctl reconfigure

That’s it! You can now register/login at https://yourhost.yourdomain.com.

macOS: SystemUIServer eating your CPU? Check your Ethernet connection!

Recently, the SystemUIServer process on my MBP running macOS Sierra has started “eating” a lot of CPU, slowing down the whole machine, even making the clock in the top menu bar stop working properly. It usually started using one-digit percentages of the available CPU power, then growing to 10%, 15%, 20%, up to well above 60%, sometimes even 80% and more! It wasn’t a steady growth – it sometimes shrank again, just to grow even further.

The only apparent remedy was to kill the SystemUIServer process (e.g. using the Activity Monitor) from time to time (i.e. every 30 minutes -> there are also scripts to automatically restart SystemUIServer). Its CPU usage then reset to a low one-digit number.

Taking a closer look at the process in the Activity Monitor, I then noticed that the number of (used) ports (so-called “Mach ports“) by the process were steadily growing, once SystemUIServer was started. This was weird, pointing to some kind of leakage. Typically, for a CPU load of around 50%, more than 5000 Mach ports were used.

By coincidence, I then noticed that, unlike expected, my MBP wasn’t actually using Ethernet, but only WiFi. Further investigation then hinted that the according Gigabit Ethernet port on my HP 1810 switch was apparently malfunctioning (or even dead): In the macOS Network Preferences, the Thunderbolt-Ethernet connection was constantly shown as red/disconnected, although the OS was apparently trying to establish a connection again and again (and failed). First, I even suspected a problem with the Thunderbolt-Gigabit-Ethernet adapter itself (it wasn’t the problem here, the adapter seemed to work fine with another Mac and connection).

The solution to this problem thus was:

  • Connect the Ethernet cable to another, working Ethernet port: Now the SystemUIServer process consumes less than 0.1% CPU again and roughly 400 ports only, both with and without additional WiFi.
    Note that both the problem and this solution are reproducible.

Lessons learned:

  • Sometimes, very unexpected, seemingly unrelated and “small” problems can have big (negative) effects.
  • Sometimes you need a bit of luck to find the cause of a problem (a web search didn’t bring up the above hint, rather suggested updating or removing faulty apps, buggy extensions and menu widgets. I thus already tried removing or updating some of the suspected apps, extensions and widgets.)
  • Ports of HP 1810 switches can actually break/fail! Remember the saying: “I got 99 problems, but a switch ain’t one!” – well, in this case, the faulty switch was actually part of the problem and even the initial trigger of the problem! Also remember that HP offers a lifelong warranty on its (good ol’) 1810 switches.
  • Extra points for you, further research: The fact that the SystemUIServer allocates more and more Mach ports if there’s a malfunctioning Ethernet port (i.e. faulty Ethernet connection or faulty handling of a faulty Ethernet connection by the Thunderbolt-Gigabit-Ethernet adapter) is hinting that this might be an attack vector for a (new?) DoS attack. Perhaps not an easily exploitable one (on the Ethernet or MAC layer, even), but it’s nonetheless something that should actually be handled gracefully by SystemUIServer, not leading to more and more CPU and system resources being consumed.
    If you have time to research this further, let me know about your findings!

The ‘All-in-One WP Migration’ plugin is all you need to migrate your WordPress blog

This blog has just been migrated to a newer and (much) faster host node running Proxmox 5 with ZFS.

Therefore, I was looking for the best method to migrate a WordPress blog to another server (and/or database and/or directory and/or URL).

Do you remember the times when migrating a WordPress blog was rather tedious, involving many manual steps, despite (other) handy tools like WP-CLI? Apparently, this is no longer needed, as all you need is the following plugin:

All-in-One WP Migration

This plugin’s export and import functionality takes care of all the required configuration and path adjustments, allowing you to easily migrate a blog with up to 512 MB data. The steps are thus:

  1. Install the All-in-One WP Migration plugin on your current WordPress site
  2. Use the plugin to export all your data, plugins, themes, configuration etc., e.g. as a downloadable file.
    Note: In particularly tricky cases you can also manually replace certain strings in the db or exclude specific data and files.
  3. Setup a new vanilla WordPress installation at another location (server, directory). You’ll need a database and the WP installation files for this.
  4. Install the All-in-One WP Migration plugin on your new WordPress site
  5. Use the plugin on your new site to import the previously exported data from your old site

It’s hard to believe, but that’s really it!

How to upgrade Zimbra/ZCS 8.8 GA from Ubuntu 14.04 LTS to 16.04 LTS

When upgrading Ubuntu 14.04 LTS to 16.04 LTS the usual way, ‘do-release-upgrade’ will by default remove 3rd party packages. For a Zimbra/ZCS server this means that Zimbra/ZCS packages would be automatically removed when upgrading to Ubuntu 16.04 LTS.

Luckily, there’s a neat little trick to prevent ‘do-release-upgrade’ from removing Zimbra/ZCS packages during the upgrade. Here’s how to do it:

  1. Open two screen sessions (or two terminal sessions) on your Zimbra/ZCS server
     $ screen -R
  2. Block at least the SMTP and SMTPS ports (to prevent clients from accessing the server, consider blocking the IMAP and IMAPS ports too, or all ports but SSH and port 1022) for your Zimbra/ZCS server on your firewall (to stop the delivery of messages).
  3. Backup the server or make a snapshot, just in case anything goes wrong
  4. Stop Zimbra/ZCS:
     $ sudo /etc/init.d/zimbra stop
  5. Make sure the system is current:
     $ sudo apt-get update && sudo apt-get upgrade
  6. Start the Ubuntu distro upgrade process:
     $ sudo do-release-upgrade

    (if you don’t have do-release-upgrade, you have to execute ‘sudo apt-get install update-manager-core’ first)

  7. When prompted by ‘do-release-upgrade’ that the third party sources have been disabled, re-enable those third party sources. To do this, open ‘/etc/apt/sources.list.d/zimbra.list’ with an editor (e.g. nano, vim) in another terminal/screen session and change its content from:
    # deb [arch=amd64] https://repo.zimbra.com/apt/87 xenial zimbra # disabled on upgrade to xenial
    # deb-src [arch=amd64] https://repo.zimbra.com/apt/87 xenial zimbra # disabled on upgrade to xenial

    to

    deb [arch=amd64] https://repo.zimbra.com/apt/87 xenial zimbra
    deb-src [arch=amd64] https://repo.zimbra.com/apt/87 xenial zimbra

    Then return to the first terminal/screen session and let ‘do-release-upgrade’ continue with the upgrade process (i.e. hit ‘enter’).

  8. When you get informed about the packages that will be removed (BTW, in the detail view you can see that the Zimbra packages will now be upgraded, not removed) and upgraded and asked whether you want to start the upgrade, confirm this.
    Note: Don’t worry about minor error messages like:E: changelog for this version is not (yet) available; try https://launchpad.net/ubuntu/+source/zimbra-perl-socket/+changelogYou can safely ignore them.
  9. Agree to all suggestions by ‘do-release-upgrade’ (e.g. the removal of files in /var/log/sysstat/ and whether you allow ssh to be restarted). In my case, it was also fine to go with the maintainer versions of the config files.
  10. When the upgrade process is finished, let ‘do-release-upgrade’ reboot the system.

After this, Zimbra/ZCS should work nicely again, on Ubuntu 16.04 LTS.

Note: It can take Zimbra/ZCS quite some time to properly start all its services (it’s Java, after all). Sometimes, the output of ‘$ sudo /etc/init.d/zimbra status’ and what’s listed in the service monitoring section of the Zimbra/ZCS admin webUI can thus be inconsistent. Sometimes, it’s even necessary to stop and start Zimbra/ZCS a couple of times (with ‘/etc/init.d/zimbra’) after an upgrade until all services run nicely.
Also note that Zimbra’s new dedicated ‘imapd’ service won’t run properly, unless it’s configured manually, as shown in the Zimbra Collaboration Administrator Guide version 8.8.3. If it doesn’t run properly, this service will simply be ignored in a single server setup, your Zimbra/ZCS will thus likely work as usual.

If there are any problems or if you want to be extra cautious, you can also additionally download Zimbra/ZCS 8.8 for 16.04 LTS manually and run its installer again:

$ sudo ./install.sh

If everything is fine, unblock the SMTP and SMTPS (and IMAP and IMAPS) ports again.

If things aren’t fine, simply roll-back from the snapshot or restore the whole server from the backup.

You might then want to try a fresh install according to the official Zimbra/ZCS migration manual: How to move ZCS to another server.

(Source: Kudos to vchong68 for his valuable hint in his forum post)

Solution for: Proxmox backup error due to iothread=1

If you see the following error when trying to backup a KVM VM image on Proxmox:

ERROR: Backup of VM 100 failed – disk ‘scsi0’ ‘zfsvols:vm-100-disk-1’ (iothread=on) can’t use backup feature currently. Please set backup=no for this drive at /usr/share/perl5/PVE/VZDump/QemuServer.pm line 77. INFO: Backup job finished with errors TASK ERROR: job errors

edit /etc/pve/qemu-server/100.conf, look for a line similar to

scsi0: zfsvols:vm-100-disk-1,iothread=1,size=70G

and change it to

scsi0: zfsvols:vm-100-disk-1,iothread=0,size=70G

Afterwards, it’s possible to backup the VM.

Using multiple Skype accounts on macOS

With the recent changes in Skype, the “traditional” method of running several Skype instances using different system users doesn’t work anymore (as the the new authentication dialog strangely doesn’t get the focus anymore).

So, in order to use several Skype accounts on macOS (formerly known as Mac OS X), do the following:

  1. Open the Script Editor (in the ‘Utilities’ folder in the ‘Applications’ folder)
  2. Create a new script with the following content:
    do shell script "open -na /Applications/Skype.app/Contents/MacOS/Skype --args -DataPath '/Users/your_system_user/Library/Application Support/Skype_any_identifier'"

    Replace your_system_user by your regular macOS user account (see ‘whoami’ in Terminal)
    Replace _any_identifier by the according Skype account name, e.g. _myskypename (doesn’t really matter what, just don’t use an empty string)
    Please mind the double quotes and single quotes (important!)

  3. Save the script as an application: File.. Save.., choose “Application” as file format, give it a name and store it e.g. in your home directory or in the Applications folder

Repeat these steps for any of your Skype accounts, giving each Skype account a different Skype_any_identifier. You can then start the according Skype instances by double clicking on the according app.

Explanation:

The above script starts a new instance of Skype (which would otherwise be prevented), using the -n argument. Each instance of Skype gets its own directory to store the according account data, using the -DataPath argument.