pip3 crashes on macOS Catalina
Posted by MB in Uncategorized on February 8, 2020
In cases where pip3 has a bad environment on macOS Catalina, it may crash with this message:
% pip3
Traceback (most recent call last):
File "/Library/Developer/CommandLineTools/usr/bin/pip3", line 10, in <module>
sys.exit(main())
TypeError: 'module' object is not callableTo fix this, clear the user pip library by running:
rm -rf ~/Library/PythonYou can also reinstall Xcode tools with:
sudo rm -rf /Library/Developer/CommandLineTools
xcode-select --installBulk Convert jpg to HEIC (with metadata!)
Posted by MB in Uncategorized on September 2, 2019
Want to bulk-convert jpg files to the more space-efficient HEIC format, and preserve your metadata while you’re at it?
Here’s a few commands to do just that.
This will assume all images in the current directory have ‘.jpg’ extensions, and may have an ‘.XMP’ sidecar file with metadata in it. Most photo libraries, including macOS Photos, have an option to export files with metadata in an XMP sidecar file. Doing this is highly recommended, as it will pull in metadata from the sidecar file that may not be embedded in the original image.
These bash one-liners were run using bash 3.2.57. These also require the latest (as of this writing) ExifTool and ImageMagick installed and on your path. If you’re using macOS, ExifTool and ImageMagick can be installed using Homebrew with the following commands:
brew install exiftool
brew install imagemagick
Once you have those, you’re ready to go.
First, convert all the files to HEIC:
for x in *.jpg; do echo "$x"; magick "$x" "${x%.jpg}.HEIC"; done
Next, import the metadata from each source image:
for x in *.jpg; do echo "$x"; exiftool -overwrite_original -tagsFromFile "$x" -all:all "${x%.jpg}.HEIC"; done
Last, import any additional metadata from XMP sidecar files, if they exist:
for x in *.jpg; do echo "$x"; exiftool -overwrite_original -tagsFromFile "${x%.jpg}.XMP" -all:all "${x%.jpg}.HEIC"; done
That’s it!
Reimport an image and MOV file as a Live Photo in macOS Photos
Posted by MB in Uncategorized on June 9, 2019
If you have a Live Photo in your macOS Photos library, and export it using File > Export > Export Unmodified Original, you’ll end up with 2 (or 3) files:
- an image file that is the still image,
- an MOV file that is the video and sound portion of the Live Photo,
- and optionally an XMP file (if you selected Export IPCT as XMP)
Reimporting the image or the movie file will give you separate files in your photos library. If you want to reimport these, make sure they both have the same filename (except for the extension) and drag both the image file and the MOV file (and the XMP file, if you have it) to Photos at the same time. Photos will reimport them as a single Live Photo.
Import XMP sidecar data into JPG file
Posted by MB in Uncategorized on June 9, 2019
This is a quick tip based on my experience handling image files with XMP sidecar files.
XMP sidecar files typically contain useful data such as GPS information and file keywords. Some asset management software may not handle the sidecar file as easily as an image file, so you can import the XMP data directly into the image file using exiftool.
Example:
exiftool -tagsfromfile IMG_1234.XMP -all:all IMG_1234.JPG
If you want to loop through a directory of files, try this:
for x in *.JPG; do exiftool -tagsfromfile ${x%.*}.XMP -all:all $x; done
References: https://superuser.com/a/1414490
How to fix calendar invites not sending from iCloud accounts
Posted by MB in Uncategorized on June 19, 2018
If you use an iCloud calendar and invite an iCloud user to a calendar event, they’ll get a notification in the calendar app. If you invite a non-iCloud user, they’ll get an email notification — except when they don’t, and it might be confusing to figure out why.
To understand why this is happening, it’s important to realize that invitations sent from an Apple ID to another Apple ID are, by default, kept in Apple’s ecosystem and routed to the recipient as a notification rather than an email. If your recipient has an Apple ID that’s a third-part email address, such as a Gmail address, and uses the Gmail calendar, your invite likely won’t make it to them because of this.
The solution is to ask the recipient of your invite to sign into iCloud and change a setting within their iCloud calendar settings to enable email delivery of notifications. After signing in, the recipient should open Calendar, click the gear icon in the bottom left corner, click Preferences, Advanced, and change the invitations setting to “email to…”
I’ve prepared a snippet below that you can use to pass this information on, in case someone doesn’t get a calendar invite. Feel free to use this freely and modify it as the need arises:
If you were invited to a calendar event that I sent you, you should have received a notification to inform you of it, which includes an option to respond. If you didn’t receive this notification, it’s very likely that you have an Apple ID set up with the same email address. The reason that you didn’t receive my notification has to do with the way that notifications are passed through Apple’s system, and it may have redirected the notification to your iOS or MacOS calendar instead of your email, or vice-versa, depending on how you have it set up.
To make sure you don’t miss these notifications again, I encourage you to change the setting within your iCloud account to best fit your notification preferences. To do this, just follow the short instructions below:
First, sign into your iCloud account and go to your calendar by following this link:
Next, click the gear icon in the lower left.
Then click Preferences, Advanced, and locate the invitations setting on this screen.
Set it to email if you want an email, or in-app notifications if you want that instead.
Last, click Save.
I’ve had to do this once myself, so I can speak to it solving the issue.
Switching your Apple ID to your iCloud email address
Posted by MB in Uncategorized on June 19, 2018
When creating an Apple ID, it’s very likely that you set up an Apple ID based on a third-party email address, such as a Gmail or Outlook address. You may want to consider switching your Apple ID to your iCloud email address, especially if the email address that you first used was your primary email, and you’ve considered using your iCloud email address as your new primary email.
Apple has a great support article on how to change your Apple ID to your iCloud ID, and it comes with one very important notice: That you need to sign out of every device that’s associated with your Apple ID before you start.
Once you do this, I recommend that you have a recovery email address set on your account.
Taking Notes
Posted by MB in Uncategorized on September 24, 2017
Most people reading this blog carry around a computer every day, whether its a laptop, tablet, or smartphone. Yet many of us still reach for paper and pen when it’s time to take notes.
For many of us, it’s because pen and paper are what we’re familiar with, and we know how they work. There’s a bunch of note-taking apps out there, and they don’t all work the same, or even similarly in many cases.
I recently decided that I was going to try to take notes in a digital format whenever possible and went on an adventure to see which of the most popular apps fit my needs. I had a pretty good idea of what I wanted when I started, and I’ve spent a few days trying to find an app that was just the right fit for me.
I put together a few apps I found and a list of the features that I directly compared between them below, and hopefully it helps someone in the same position that I’m in decide which works best for them:
| OneNote 2016 | Evernote | Bear | Turtl | Apple Notes | |
| Publisher | Microsoft | Evernote | Shiny Frog | Lyon Bros | Apple |
| Price | Free | Free-$7.99/mo | Free-$1.49/mo | Free | Free |
| Platforms | Windows, Mac, iPad, iPhone, Android, Web | Windows, Mac, iPad, iPhone, Web | Mac, iPad, iPhone | Windows, Mac, Linux, Android | Mac, iPad, iPhone |
| Cloud Sync | Yes, via OneDrive | Yes, via Evernote | Yes, via CloudKit (Subscription only) | Yes | Yes, via iCloud/CloudKit |
| Self-hosted sync option | No | No | No | Yes | No |
| Offline access | Yes | Paid plans only | Yes | Yes | Yes |
| Local storage option | No | Yes | No | No | Yes |
| Organization | Notebooks, Sections, Pages | Notebooks, Notes | Notes, Hashtags | Boards, Notes | Folders, Notes |
| File attachments within notes | Yes | Yes | Images and photos only | Yes | No |
| OCR within attachments | Partial | Yes | N/A | No | No |
| Encryption | Yes, per section | Yes, selected portions of notes | No | Yes | Yes, per note |
| Encryption Strength | AES-256 | AES-128 | N/A | AES-256 | AES-128 |
| Encrypts media within notes | Yes | No | N/A | Yes | Yes |
| Web Clipping | Yes | Yes | No | No | No |
| Sharing | Yes | Paid plans only | No | Yes | No |
| Drawing/Write anywhere | Yes | Mobile apps only | No | No | No |
| Markdown support | No | Partial, as typing shortcuts | Yes | Yes | No |
| Language syntax highlighting | No | No | Yes | No | No |
| Note history | No | With paid plan only | No | No | No |
| Import options | Print to OneNote, Import from Evernote | zip file | Apple Notes, Evernote, DayOne, Vesper, Ulysses | None | ENEX |
| Export options | OneNote, Word, PDF, XPS, mht | ENEX, HTML | HTML, PDF, DOCX, MD, JPG | None |
There are a lot more options out there than just these. In fact, there’s a whole Wikipedia page here.
YubiKey GPG key for SSH authentication
Posted by MB in Uncategorized on September 7, 2017
In this post I’m going to go over the steps to configure your YubiKey for SSH authentication using a GPG key stored on the YubiKey itself.
This guide goes through the steps for setting this up on a Mac running OS X. Although the concepts of doing this under Linux and Windows are the same, the exact steps will be different.
Ensure your YubiKey has CCID mode enabled
Per Yubico’s site, this is usually enabled by default:
“Note that all YubiKey NEOs shipped after November 2015 come preconfigured with all modes enabled.” — yubico.com
If you’re using an older YubiKey and need to enable it, you’ll want to download the YubiKey NEO Manager from Yubico’s website and run it to ensure that your YubiKey has CCID mode enabled. The link to this tool and instructions to run it are here.
Once you’re certain that CCID mode is enabled, you can move ahead with the next section.
Install GPG
The remainder of the steps in this guide use the command line interface for GPG tools. If you don’t have either GPG Tools or GnuPG installed, install one of them. If you already have one installed, you can skip on to the next section.
GPG Tools provides a nice set of GUI tools and is recommend for most users, but if you’re not afraid of the command line and have Homebrew installed on your Mac, you can install GnuPG2 using Homebrew with the following command:
brew install gnupg2
Decide if you want to require touch
YubiKey will prompt for your PIN during SSH authentication. Starting with YubiKey version 4, YubiKey can also require a touch on the sensor during authentication. Enabling this will require a touch confirmation on the touch sensor for each and every SSH connection.
If you want to enable this, it is highly recommend that you install and use the Yubikey Manager CLI using the instructions from this page. Once installed, you can enable touch using the following command:
ykman openpgp touch aut <'on'|'off'|'fixed'>
If you want more information on these specific policies, please see this page under the heading “Yubikey 4 touch”. IMPORTANT NOTE: A link to a bash script to enable touch is found on that page. Because the behavior of that script requires providing your admin key on the command line, it should be considered insecure. I highly recommend using the ykman tool instead whenever possible.
Unless you set ‘fixed’, (ON_FIXED), you can always come back and change this setting later. If you set fixed, you can’t change it until you put a new secret key onto the YubiKey.
Change the YubiKey PINs
Before continuing, it’s you should change the YubiKey PINs from their defaults if you have not already. The default PIN is 123456 and the default admin pin is 12345678.
To do this, start by running: gpg --card-edit
Once you have the card editor open, allow admin commands by running admin
Then, open the PIN change dialog with passwd
From here, set your PIN, Admin PIN, and reset code. Store these in a safe place.
Once you’ve set your PINs, you can further personalize the data on the card. Here’s the full list of commands available after running admin:
gpg/card> help quit quit this menu admin show admin commands help show this help list list all available data name change card holder's name url change URL to retrieve key fetch fetch the key specified in the card URL login change the login name lang change the language preferences sex change card holder's sex cafpr change a CA fingerprint forcesig toggle the signature force PIN flag generate generate new keys passwd menu to change or unblock the PIN verify verify the PIN and list all data unblock unblock the PIN using a Reset Code
Generate and move a GPG key to the YubiKey
If you already have a set of GPG tools installed and your own key generated and available within those tools, good on you! Run the following commands to be sure:
gpg --list-keys
gpg --list-secret-keys
If your public and secret keys do show up as expected, there’s no need to generate another key. You simply need to move your existing key to the YubiKey.
IMPORTANT NOTE: If you want to make use of the ability to revoke your key in the future, then you must generate the revocation certificate before moving the key to your YubiKey. Once you move a key to your YubiKey, it is not possible to generate a revocation certificate unless you have a full backup of the secret key somewhere and are able to re-import it to your GPG keyring.
To move your secret key from your GPG keyring to your YubiKey, go to this page and start where it says “To import the key on your YubiKey”
If you need to generate a GPG key for SSH authentication, take a look at this guide and follow one of the two methods provided.
Once your key is generated and moved to the card, you’re all set to move on to the next section.
Making it all work locally
This part requires editing just a few files to make gpg-agent work as expected.
Really important note: Starting with GnuPG 2.1, the –write-env-file is obsolete. See the GnuPG 2.1 FAQ for more information. The following instructions have been updated with configuration information for versions both below and above GnuPG 2.1. A reader, Nick, confirms these instructions work for versions starting at 2.1, and eliminate the error message that appears regarding write-env-file being obsolete.
If any of the below configuration instructions do not work for you, I recommend that you reach out to the GnuPG mailing list for more help.
You can check your GPG version with:
gpg-agent --version
A precautionary note:
For GPG versions before 2.1, add the following to ~/.bash_profile:
[ -f ~/.gpg-agent-info ] && source ~/.gpg-agent-info
if [ -S "${GPG_AGENT_INFO%%:*}" ]; then
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
export SSH_AGENT_PID
else
eval $( gpg-agent --daemon --write-env-file ~/.gpg-agent-info )
fi
For GPG versions at or above 2.1, add the following to ~/.bash_profile:
GPG_TTY=$(/usr/bin/tty) SSH_AUTH_SOCK="$HOME/.gnupg/S.gpg-agent.ssh" export GPG_TTY SSH_AUTH_SOCK gpgconf --launch gpg-agent
For GPG versions before 2.1, add the following to ~/.gnupg/gpg-agent.conf:
enable-ssh-support write-env-file ~/.gpg-agent-info pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
For GPG versions at or above 2.1, add the following to ~/.gnupg/gpg-agent.conf:
enable-ssh-support ~/.gpg-agent-info pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
Restart gpg-agent:
sudo killall gpg-agent source ~/.bash_profile source ~/.gpg-agent-info
Get your SSH public key
Use the following command to get the SSH public key that corresponds to the key installed on your YubiKey:
ssh-add -L | grep cardno
This can be installed on any server that you want to use your YubiKey-stored key to access.
WiFi not working on Asus T100TA
Posted by MB in Uncategorized on October 24, 2016
Today I ran into an issue with my Asus Transformer T100 where the Wi-Fi would not work under Windows 10 and going into Device Manager showed an issue with the Broadcom Serial Bus Driver over UART Bus Enumerator. Opening that shows “This device cannot start. (Code 10)” and the following message:
{Drive not Ready} The drive is not ready for use; its door may be open. Please check drive %hs and make sure that a disk is inserted and that the drive door is closed.
The first thing you will want to do to try to resolve this is to go into the BIOS by shutting the tablet down and then holding volume down + power to boot up into the BIOS. Once there, find “Network Stack” and set it to “Enabled” if it is not already. Save changes and exit.
If this does not resolve your issue, use a working system to download the drivers from Asus’ website and then transfer them to the Asus using a USB stick so you can reinstall the drivers. Optionally, you can use a USB-to-Ethernet adapter to get yourself back on the network and update the drivers.
At this point you should have resolved this. If not, go back and start over to ensure you followed the previous steps correctly. If it’s still not working, you should either restore to a previously-working restore point or reset/reinstall Windows. If that doesn’t help, you may have a hardware issue, so reach out to Asus for further support.
Installing GIMP on Mac OS X with ELA Script-Fu
Posted by MB in Uncategorized on April 9, 2016
This article will walk you through installing GIMP on OS X with an ELA (Error Level Analysis) plugin to detect editing.
To learn more about reading ELA results, read this:
http://fotoforensics.com/tutorial-ela.php
First, download GIMP from here: https://www.gimp.org/downloads/
Next, grab elsamuko-error-level-analysis.scm from the bottom of this page: https://sites.google.com/site/elsamuko/forensics/ela – Save it for later.
After downloading this .scm file, open it in your favorite text editor and locate the following line:
SF-STRING "Temporary File Name" "error-level-analysis-tmp.jpg"
Change it to the following:
SF-STRING "Temporary File Name" "/tmp/error-level-analysis-tmp.jpg"
And save the file. This fixes an issue with images not being able to be processed as the default location is not writable by GIMP.
Now double-click the GIMP .dmg file you downloaded, and copy GIMP to your Applications folder as shown:
Once you have it copied over, you will want to open the package contents by alt-clicking and selecting “Show Package Contents“.
From here, navigate to Contents > Resources > share > gimp > 2.0 > scripts and drop in the elsamuko-error-level-analysis.scm file you download earlier.
Now, run GIMP. Because of security-related things and stuff, the first time you run you will have to alt-click on GIMP and select Open. After doing this for the first time, you won’t have to do it again.
GIMP will appear to freeze for about 5 minutes while it builds its initial caches. This will cause GIMP to appear unresponsive. Do not force-kill it during this time, simply be patient until it opens.
Now, you can perform ELA on an image by opening it, and selecting Image > Error Level Analysis from the menu.
Once you’ve done that, running it against an image will produce an ELA mask as an additional layer, which you can use to analyze an image.
You can toggle the ELA layer visibility by clicking the eye shown in the following screenshot.
(Sample image from http://fotoforensics.com/tutorial-ela.php, retrieved April 11th, 2016)
