Browser for your OS X Time Machine Backups

Apple's Time Machine backup system for OS X is great. So far, thankfully, I've not had to rely on it (see below), and I guess that will be the real test as to whether it truly is as great as I believe it to be, but for now I really like it. It basically (see below) stays out of the way, runs entirely on its own, backs up in a smart way, and generally just works...

Backing up involves me remembering to plug my external hard drive in that sits on my desk. This is fairly easy for me since it's plugged into the same USB hub as my mouse, iPhone dock & camera cable... The only time I've had to use it is when I've accidentally deleted a file or two, nothing catastrophic, so I guess I can't really sing praises too highly until I actually attempt to restore my laptop from it.

The one issue that's come up a few times for me is that I'll want to unplug everything to go home from work and I'll notice it's still backing up, and it'll be doing some massive 1.5 GB or so backup... d'oh. But... why? I have no idea what it's backing up (sometimes I've just forgotten, for example, that I upgraded XCode earlier), and there's no way to see what it's actually doing. For that matter, what is the difference between each successive backup? The Apple Time Machine browser lets you see what's there at any point in time, but the curious are left unsatisfied, being unable to see how big individual backups are, or what's changed between versions. (At this stage I should point out to those unfamiliar with Time Machine that it makes incremental backups, so it only has to store the changes made to the disk rather than a full copy every single time).

I recently found a (very beta/pre-release) application called TimeTracker [download] from CharlesSoft (with the very apt tag-line of "software you always wished someone else would write" — I've been wishing for about a year for this app).

It lets you see a list of all the backups in the Time Machine database, how big each backup is (i.e. the size of the changes on the disk for that particular backup — not the entire size of all data backed up), and most importantly lets you browse through the backup seeing just the files that changed. So when you're wondering why Time Machine is suddenly backing up 200 MB every hour or two you can look back and see what folder it's all in... (Turns out Google Chrome on OS X doesn't store its cached webpages etc in the ~/Library/Caches like all good little OS X apps should *tsk tsk*).

TimeTracker Screenshot (the '0 bytes' backups are just ones I've not yet clicked on)

So, if you're like me, and you have no desire to backup caches, build directories from code projects, and sources files or data that you have backed up elsewhere, you can go into TimeTracker to see what's being pointlessly backed up and then:

1. Open up the Time Machine browser (aka "Enter Time Machine"), right click on the unnecessary item, and select Delete all Backups of "..." to delete all the past backups of the item.
2. Open up the Time Machine preference pane, click Options and add an exclusion for the unnecessary item so it doesn't get backed up in future.

As I said before, TimeTracker is fairly beta (it has no icon for example, and a couple of minor bugs) but for occasional use by the curious Time Machine operator, it's great!

For the especially curious, once you've gone and delete an item from your Time Machine backups, you may want to go into your ~/Library/Caches/com.charlessoft.TimeTracker/Backups/ folder and remove the contents so it refreshes the file/directory tree of the backups (otherwise it won't update the trees to show you the new sizes/files after you delete something).

iTunes in the Mix — Fanboy Rant

About once a month or so I stumble across some software feature that reassures my faith in the genius of certain programmers/software designers. These tend to be in Apple, Google or Canon products, though plenty of smaller software companies/developers have pleasantly surprised me equally well (I'm on a bit of a Connected Flow fanboy-high at the moment, for example).

I've actually had two such pleasant surprises in the last week. Both with iTunes 9.

Compound Smart Playlist Rules

Last week, when I installed iTunes 9, the first thing I did (as with each new version) was check if they'd finally implemented a more comprehensive mechanism for settings 'rules' up for Smart Playlists. I was pretty happy to find they had finally done so.

Basically, instead of making a playlist that can match "any" or "all" of a single list of rules, you can now create sub-rules (effectively allowing brackets in search/logic terms). For example, you could have a playlist (for your iPod/iPhone) that includes all songs rated 3+ or that you've listened to more than 5 times, but excludes the ones you've listened to in the last week and excludes the classical music that you only listen to when working on your laptop...

This could be done in earlier versions as well, except that you had to create intermediate Smart Playlists for each sub-rule (i.e. one to match the sub-rules, like the "play count > 4" OR "rating > 2", and then another to match the outer 'all' rule). It was messy. This is less messy. I'm happy.

Failings / Suggestions

It's not perfect of course. I'd like to be able to make variables of my own, for example the ratio of Play Count to Skip Count (maybe I used to like a song a lot, but now I skip it all the time...). Also if the variables could be stored as part of the main database, I could make variables indicating how 'neglected' a song is (some formula to represent how much I like it from play-count/rating or dislike it from skip-count, and how recently I've played it) to put these songs onto my iPhone preferentially over others. I know, I know, I'm getting pretty picky here, but I thought I had to suggest something :P

Genius Mixes

Today's awesome feature discovery was iTunes 9's Genius Mixes feature. It's been sitting there for about a week now, but I only just realised what it actually does. Basically it's made 12 categories out of my music library, letting me select music based on mood/genre/some kind of qualitative term like that.

It seems to have made some very sensible groups for me (though I imagine it won't work for everyone's music collection), letting me easily put my music on shuffle with a specific theme or mood in mind. As someone who almost never listens to albums, always shuffles, this is great for me.

There are plenty of guides on how to set it up, but the basic gist is you need Genius enabled (see the Store menu) to get access to the mixes.

Failings / Suggestions

It does of course have a few issues. The names of each list really suck. I have six mixes called "Rock Mix" for example (sure, it's enumerated them, but that's not that useful). Whether that's because iTunes Genius classifies the songs as Rock or whether it's reading the Genre tags on my MP3s (which I think are mostly from CDDB), they're fairly silly Genius Mix titles. I like the clustering, but as with all classification problems, knowing exactly what you've classified isn't always easy. I'd suggest they allow people to rename the mixes, but that would assume/require that the clustering algorithm consistently generates the same song clusters (which I'm quite sure it won't — I'm quite sure my own listening habits and those of others contributing to Genius will change where boundaries are drawn between clusters over time).

So the names suck, but the Genius Mixes themselves are quite good, and I think they know this because they've listed a few artists under each mix to give you an idea of what is in it. If you know the artists in your music collection, you're going to know which mix you want to hear.

Another problem with it is that you can't see what's in each Genius Mix. There's currently no way to access a list of songs in the mix (or even a sample of the mix) except for the currently playing song (which, of course, you can only see by playing the mix). So might be good if they opened up the box a little on this one.

It'd be nice also if they had Genius mixes on the iPhone/iPod, generated automatically from the songs you've chosen to sync to the device. While you can sync the Genius Mixes themselves (though the interface only displays their sometimes-unhelpful-name, not the artists, so having 6 Rock Mixes kinda sucks for picking the one you like), you can't have it generate Genius Mixes automatically based on the (limited) library of your music device.

End Fanboy Rant

Anyway, I'm a fan of iTunes 9. Two pretty cool features that make it suck less, and make me a happier iTunes user.

Aperture Bug — EXIF Data Missing in Exported Images

I really like Aperture. It's got a simple and intuitive interface, and gives you a lot of power to store, organise, prepare, manipulate, etc your photos. I've been using it for about a year now, and on the whole, it's great...

Of course, like any software, I have a few issues with it... some are simple UI annoyances, speed issues, the occasional, but temporary bug... but there's one that Apple seem to consistently ignore (I've sent them bug reports about it several times over the last year, and it still remains)... to the point where I wonder if somehow there's only a few of us suffering from this bug.

The bug in question is fairly simple, and completely repeatable (for me at least).

Step 1: You take a photo, and import it into Aperture.

Step 2: You do whatever it is you do in Aperture to your photos.

Step 3: You export the finished version (specifically the Version, not the Master).

This export step might be using basic "Export Version(s)" option of Aperture, or it might be using an export plug-in such as FlickrExport by Connected Flow (which essentially exports the versions to temporary files so the plug-in can do something with them). Either way, it's the same process of creating a JPEG file from your master, with your modifications applied.

Step 4: Notice the missing EXIF fields (e.g. in the 'more details' link on Flickr, using a program like ExifTool, or even importing the version into another photo application like iPhoto)

Now, perhaps for most people, nothing has gone wrong... The file has been exported, and it looks like it should. Unfortunately, Apple seem to have decided to not include a bunch of EXIF fields. Up until April 2009, this included things like Longitude and Latitude (which upset some people) — but that was fixed in 2.1.3 (not that they mentioned it in the release notes). Unfortunately, that was all they fixed — lens and flash information are still excluded for no apparent reason.

So you ask, why would anyone care, it's just some EXIF data that most people don't even know how to access? Mostly just education and/or curiosity on sites like Flickr, where you can see what settings and equipment people used to take specific photos. The internet is a great tool for learning, and with massive databases and information sources like Flickr, people can answer all sorts of questions and learn all sorts of things from the work of others.

So what are the actual differences?

I used ExifTool to read the EXIF data from a Master and Version of the same photo (with some modifications) and found the following notable differences.

Firstly some additional data is in the Version JPEG (which I would say is generally a Good Thing™, yay!)

• File name, size, resolution, etc that have changed are of course updated in the Version as they should be.
• Headline, Caption, Keywords etc from IPTC info are added. Cool.
• A bunch of EXIF info is added to the Version regarding colour profiles (about 30 EXIF fields relating to colour profiles in fact... I won't list them all, but things like Color Space Data and Profile Description).

Then some information has been changed between the Version and Master JPEGs (some good, some odd)

• GPS Longitude and GPS Latitude have lost some precision (tsk tsk, is someone carelessly type casting...?). In my example image, it's about 0.3 seconds, so not huge, but still unnecessary.
• Focal Plane X Resolution and Focal Plane Y Resolution have also lost precision (a change of about 0.0001 — probably no big deal!)
• Scale Factor to 35mm Equivalent, Circle Of Confusion, Field of View, 35mm Focal Length and Hyperfocal Distance have all been updated. I'm fairly sure this is because I cropped the image, so these are probably intelligent changes.
• Y Cb Cr Sub Sampling changed from YCbCr4:2:0 (2 2) to YCbCr4:2:2 (2 1). Don't really know what this is, so not sure if it makes sense or not...
• EXIF Byte Order changed from Little-endian (Intel, II) to Big-endian (Motorola, MM). No big deal, this is just the way the EXIF data is formatted at the bit/byte level.

And, as per my complaint, they've left out a bunch of EXIF fields. There's 165 in total that have been neglected, so I'll just list a few that I believe would be useful for some photographers...

• Lens Type — Canon EF 50mm f/1.8 MkII (and other Lens related data), or
• Lens Model — EF50mm f/1.8 II
• Macro Mode — Normal
• Self Timer — Off
• Quality — Fine
• Canon Flash Mode — External Flash
• Flash Activity — 146
• Flash Bits — E-TTL, External
• Flash Exposure Compensation — -1
• Flash Sync Speed Av — 1/200 Fixed
• Continuous Drive — Single
• Focus Mode — One-shot AF
• Record Mode — JPEG
• Canon Image Size — Medium
• Canon Exposure Mode — Manual
• Measured EV — 0.75
• Picture Style — Standard
• AF Mode — Single-point AF
• and so on...

Some of these I think would be useful to gain a bit more info about the scene being shot and how it was shot, and in plenty of cases give people a bit more info on how other photographers use their camera (e.g. the flash information or even that I use a single AF point).

I realise that copying the camera settings of another photographer, much like copying their camera body or lenses doesn't make better photos, but it does give people ideas to try out. There have been plenty of times I've seen 'odd' settings in the 'more details' tab on Flickr, or seen people describe settings that I'd not normally use which have helped me learn more about my camera and how it works. So I think this would actually be quite useful for those of us who do have a look behind the scenes on photos we wish we could take ourselves.

I really wish Apple would stop ignoring this problem. If it bugs you too, please head over to the Aperture feedback form and tell them to fix it as well! Feel free to link to or copy sections of this post that you feel they should fix (e.g. the specific EXIF fields you want them to include in exported versions).

My experience is with a Canon EOS 450D (aka XSi or Kiss X2), so no doubt the EXIF data will be a little different for other Canons and other brands, so you might even want to use ExifTool to check out what Aperture is ignoring for you! I recommend using a 'diff' tool (such as FileMerge which comes with the Apple Developer Tools or the command line 'diff') to compare the outputs from ExifTool.

Stop imposing maximum password lengths!

I recently got a letter from Medicare Australia asking me to sign up to their online services, so I can make claims online or something (I'm young and healthy and generally deal with Medicare less than once a year but figured I'd go along with it anyway, whatever...). After signing up and having them mail me (not e-mail, real actual mail... more secure perhaps?) a password to log in, I got to the stage of logging in for the first time, setting up my account with security questions and a new password...

At which point I discovered

Your new password will be case sensitive and must contain:

• eight characters in total
• at least one (1) letter and one (1) number.

The password policy can also be seen here for those without a Medicare account, if you scroll down to 'Passwords'.

At first I thought nothing of it, the usual password restrictions, security conscious etc, but then found that eight characters in total was not just a minimum, it was a maximum as well! Ridiculous. What possible reason could they have to limit my maximum password length?

Perhaps management have insisted that all fields on the website have a fixed length so that the cursor can be automatically advanced between fields when the user has typed in their details. While this can be a nice feature for the very computer illiterate, it's forcing a reduction in password security (and is often implemented poorly so that it becomes quite difficult to correct mistakes in the last character of input fields).

Perhaps they store passwords in clear-text in an 8-byte database field... sigh... surely not... I hope not.

Perhaps they think users will forget long passwords, but let's face it, most users either have their web browser remember all their passwords, or have their own standard memorable password (be it secure or not) that is quite possibly not 8 characters long... if it's about not forgetting passwords, don't force them to make a new 8 character version for your site!

Eight characters seems to be considered a minimum for a secure passwords, definitely not a maximum... About 10 years ago I remember a lot of websites had these kinds of password length limits, typically forcing users to have a password between 6 and 8 characters, but there's just no excuse for it these days.

Stop forcing us to have insecure 8-character passwords!

EDIT: As commenter Charles has pointed out, some websites crop your password to the first 8 characters, which is even worse than Medicare's practice!

It's a reasonably common practice to add a few words, numbers, symbols, acronyms, etc together to make up a memorable password (for those who don't have randomly generated ones). For example, "elephant#43spiced" might be reasonably secure in that it's two separate dictionary words, a number and a symbol in some arbitrary order. It might also be very memorable if your favourite animal is the elephant, and your favourite menu item at the local Thai joint is Spiced Chicken Soup and appears 43rd on the menu...

Alas, if your bank only uses/checks the first 8 characters, your password is now a simple dictionary word: "elephant". Bugger. Despite all your efforts to include numbers and symbols and make it more complicated, its really not that secure at all.

The worst part is, you probably don't even know that your password is insecure. If they'd told you that your password should be 8 characters only, then at least you could have made it "spiced#43elephant" for a much more secure cropped password of "spiced#4".

So check your passwords — try logging into your important accounts (e-mail, banking, share trading, anything that has your credit card details saved like eBay and Amazon...) with just the first 8 characters... Perhaps you need to change passwords to make the first 8 characters secure, and perhaps you have a spare 5 minutes to e-mail the webmaster of the site to ask them to fix up this gaping security hole!

University of Sydney's new Mail Service

For many years my university has offered a simple e-mail service with web-based, POP and IMAP access via servers on-campus. On-campus servers meant it was fast in response and download speed, and data was free (for both us students and the university). External access was available via SSL when necessary. The only real problems were limited attachment sizes and inbox quota (a few megabytes each).

Recently, the university has decided that we need a new e-mail system, my guess is they decided it'd be too expensive to set up a system with more realistic quotas (GB rather than MB) for every user themselves, so they're outsourcing it. At first I thought, great, they've finally jumped on the Google Apps For Your Domain band-wagon and we'll all have a much more usable e-mail service. Exciting times.

Alas, no. They went with Microsoft Outlook Live (beta).

This has a few serious drawbacks...

The servers are overseas

• Firstly, it's going to be a little bit slower. This doesn't really matter if you're using POP to access it, but for web-based and IMAP access it'll be a small annoyance. Given the larger e-mails we're now allowed to send/receive, this may become more of an annoyance, but this is probably the least of my complaints...
• The second effect is that the data now costs money. Okay, okay, they're not charging us directly, but tens of thousands of students now accessing their mail via servers, apparently located in Seattle, are going to have a sizeable impact on the university's overall internet budget. Again, not a major complaint...
  
• Thirdly, the university's firewall prevents direct access to external sites. There's a web proxy (HTTP and HTTPS with limited ports only) or a VPN (which costs money each time you connect and for the data you use). So if you don't want to use the web-interface (free over the proxy) you have to pay for the VPN and for the data you use connecting to the POP or IMAP services. Admittedly this problem is technically fixable, either by punching a specific hole in the firewall for e-mail access or making VPN access free and VPN data to these sites free. We'll see what happens there...

It's Microsoft, and there is no cure
Would you be surprised to hear that the Microsoft Outlook Live (beta) service is only fully featured in IE 7 and 8? Of course not... we've come to expect this kind of behaviour from them... But what does fully featured mean?

• Drag and Drop — okay, a minor annoyance if I decide to use the web interface and want to move e-mails around, but I'm more likely to set up automatic rules I think...
• Keyboard shortcuts — oddly these work "partially" in Safari and Firefox (no mention of Opera). This is just plain weird... unless they decided they just had to have some of the reserved shortcuts in FF/Safari, I can't imagine why they only half-completed this job...
• Keyboard shortcuts for MSN chat — I won't be using the built-in MSN chat in their web interface, so I personally don't care that these don't work at all (again, odd that they're specifically disabled in FF/Safari when some shortcuts work...).
• Options — yep, that's right, most of the settings pages for the e-mail service are completely unavailable in FF/Safari. We can create filters, adjust some very basic spell-check settings, change how our calendar is displayed and choose our localisation. We cannot access the following tabs: Automatic Replies, Deleted Items options, Mail options, General options, Change Password, Voice Mail options, Junk E-Mail options. Are you serious, Microsoft? We are forced to use IE specifically to change our password? Even just to access the general options? This includes things like enabling POP / IMAP interfaces so I don't have to use their crappy web interface...

At best this is some pathetic laziness on the part of their web devs, perhaps complete incompetence... at worst this is intentionally anti-competitive.

There's also one of my hated features of Hotmail present in Microsoft Outlook Live — the mandatory yet severely limited 'secret question'. When I opened the account for the first time, I was required to make a secret question, and I had a list of 5 options for my question. The problem with this, is most people will actually put a valid answer in, and thus make it incredibly easy for a stalker to gain access to their e-mail. One doesn't need to be a P.I. to figure out a friend's mother's maiden name. Unfortunately, since I'm refusing to load up IE, I can't remember what the exact questions were, but suffice it to say there was no "make up my own question" option. Now I know what you (the security conscious) are thinking — people can just put garbage in as their answer. But I guarantee you at least half the students will put a truthful response in. At least if they could have made up their own question, they might have put something more likely to actually be secret in there...

It's not the end of the world, I know, and eventually I'll succumb to their evil demands, open IE and enable POP access so I can keep checking my e-mail via my GAFYD account... (and keep having it read by the Google E-mail Overlord bots) but it's the principal of the thing — the university should know better than to support a company that's pushing their lax security and anti-competitive ways upon us. If they truly must outsource it, at least outsource it to a company that caters for everyone (not just IE users) and has even a vague notion of what online security should be.