Whatsapp end to end encryption

End to End encryption – The reasons we can’t just outlaw encryption for all.

Over the past few days in the UK there has been a renewed sense of urgency within government to address & ban/circumvent end to end encryption in communications apps. On Wednesday of last week in the UK an attack was launched on Westminster. During the subsequent investigation it has come to light that the attacker used the WhatsApp messaging app to message a friend or accomplice minutes before the attack. The government’s response to this, perhaps with the best of intentions, is to outlaw or circumvent encryption for the purposes of law enforcement. The reasoning, to stop criminals using platforms to co-ordinate is commendable, however it is totally unworkable. encryption’s raison d’etre is to make interception by a third-party as difficult as possible, if not impossible.

It would be wonderful if the government could figure out a way to allow complete privacy between citizens for all of the personal communications, whilst being able to listen in on the bad guys, but the two aims are mutually exclusive. We have to pick one side or the other, either all of our communications are un-encrypted & able to be read by anyone, or we admit that for the good of the privacy of billions of people, encryption is a must. It’s ethically tough to defend encryption amidst a criminal investigation, especially one as sensitive as an act of terror, however the privacy of millions of UK citizens cannot be surrendered for the sake of a few fringe elements of our society.

If encryption was to be removed from the likes of Whatsapp, iMessage, Facetime and a whole host of messaging apps, people would lose trust in the platforms. Imagine, for example having a video message with your children & not knowing if a third-party was watching your live video stream, making recordings or notes & redistributing them online. Imagine the same party intercepts something intimate, a private exchange between lovers or a chat of confidential nature such as discussing finances. If this video was intercepted it could be used to extort those involved with the threat of publishing said private material in a public place online.

As the internet of things becomes a major industry, consider the implications of an IoT without encryption. Your neighbour accessing your thermostat and turning your heating on while at work to cost you money. A sexual predator using an internet or wi-fi connected video baby monitor to watch & talk to your child in their bedroom. A stalker connecting remotely to your home CCTV system. The list of problems & threats is huge & encryption means that such data can pass over the internet from your home to your device, without any man in the middle or third parties accessing the feeds. This kind of stuff needs discussing to balance the governments insistence on having access to everything.

Imagine you send a photo of your children to a family member, and those photos are intercepted & distributed online among child abusers – the very thought would send chills down your spine & invoke outrage. We trust that information between each other is secure & that no third parties can listen in, including governments. There are thousands of strong arguments in favour of strong encryption & very few strong arguments against.

Another method of interception being discussed freely by MP’s such as Amber Rudd is that of requiring manufacturers of hardware & applications to include back doors into their encrypted apps. This would hopefully give governments free access to accounts while limiting the exposure of  personal information to eavesdroppers and criminals. However a back door into an encrypted system essentially nullifies encryption. If your communications are safe until such a time when someone comes along and reads them through a back door, they aren’t safe at all. Developers spend countless hours securing code & systems against such vulnerabilities, to write one in by default & just bide your time until a criminal cracker (note I’m not using the often incorrect term used by the media of hacker, completely different beast) or questionable regime expose the weakness and they too start reading messages would be madness.

Now, picture the scene. The government of the UK has legislated to require a back door into all hardware & all software which employs encryption. They believe this gives them an edge over criminals & allows intelligence services to track certain individuals. What they haven’t realised is that a third-party government has employed a group of crackers to find & breach these back doors. For months, the emails, text messages sent via iMessage or Whatsapp, the video conferences over Cisco or Facetime, the encrypted VPN’s allowing them to connect to their place of work in Whitehall on the go (I’m assuming they have some sort of encrypted tunnel, I could be wrong) have all been cracked & the contents of all of those communications have been captured. The foreign governments now have intimate knowledge of the inner workings of our democracy. We are exposed & vulnerable & the misinformed MP’s and public via tabloid witch hunts all supported the legislation of back doors. There would be a scramble to find out what had been breached, information would be used against the UK & distributed amongst criminals & foreign governments. We would be facing a leak of monumental proportions & all because we enforced the introduction of a weak spot via a back door. A way around that would be a two tier system where government employees are allowed encryption without back doors while the general public aren’t, but this would be a serious ethical issue in any democracy. It would also leave the public exposed.

I admit, that is an extreme example, but encryption is an all or nothing kind of thing. You wouldn’t, for instance, be happy to give a copy of your house keys to the government so they could pop in whenever they liked to check everything was in order. You wouldn’t allow them to just have a quick read of all of your post before it came to you, just to make sure you where a good citizen. How about someone in a trench coat sitting with you over a romantic dinner to make sure conversation was all to their liking? That would be preposterous, but when it comes to tech, ministers lag behind in a big way.

Let’s use an analogy for the back door in encryption software. Every house in Britain, for securities sake, has to be fitted with a secret door around the back of the house. Only the government would know exactly where it was, just in case they wanted to pop in now and then, but it would be common knowledge that everyone had a secret back door (no puns or innuendo please) which was unlocked and ready to use, if you could just find it. Can you imagine such a use case for that? But the same ministers push for either an end to encrypted communications or at least a way in. My advice to them would be to consult someone with a grasp of technology before coming out on live TV and making statements which are either impossible or unworkable.

MP’s are always banging on (I’m a Northerner, sometimes I like to write with an accent) about making Britain the tech capital of the world. With innovation it could be the next huge export. But with such a simplistic grasp of the basics of tech, it’s hard to imagine how these same people can legislate towards this mecca of a country for innovation. If encryption is outlawed in the UK, our apps will be useless to a worldwide market, the products we produce will be insecure & undesirable. Our ability to harness the power of e-commerce & online finance will be impossible without stronger & stronger encryption. Any watering down of encryption & vilification by MP’s and the press will only make such innovation harder if not impossible.

This website uses encryption via a HTTPS certificate. That means that anyone watching, other than my server & your browser, will only see the metadata of you viewing my website. They will see the time you connected and the top level domain, but not the individual pages you load. Chances are, you have checked your online banking today via an app or your banks website. Good news, those connections are encrypted too. You’ve probably signed into websites today, over encrypted connections and safe in the knowledge that your passwords with that website are hashed & encrypted, so any data dumps or site hacks won’t reveal your password.

Encryption is a fundamental of privacy & guaranteed privacy is the only way that the internet can work for private or transactional data. If you thought your texts where being read, you would seldom say anything which needed to remain private. If logging into your bank meant others could intercept your traffic and access your bank account online, you would never use internet banking. This is where the rhetoric of MP’s without a basic working knowledge collides with the realities of passing data over public networks. If you wanted to tell someone something in secret or confidence, face to face, you would generally meet somewhere with a closing door & without others present. The only way to simulate this kind of data transfer online (over a public network like the internet) is to encrypt the traffic, otherwise it’s the equivalent of shouting your bank card details and billing address across a crowded pub. You wouldn’t do it for fear of someone making a note.

The final issue we need to deal with is retention of data. Since the introduction of the IP Bill a requirement is coming into force that ISP’s and providers need to retain data on their users. Logs & metadata. Without encryption, this could be expanded to keeping a copy of all files you upload to the cloud, a recording of all voice and video chats, retention of all personal instant message chats and countless other data sets. As much as companies try to safeguard this data, eventually they will face a data breach. This could be an external hack or it could be a breach from within such as an employee breaching their privileges and accessing or leaking your data. This kind of breach could expose so many data points & so much personal information about you that your privacy could be breached indefinitely. If someone gains access to your most intimate information, you could potentially face a lifetime of identity theft and frauds in your name. I would hope that any data retained would be encrypted & protected with as much security as possible, but the best defence would be to not require any logging of data. Once it has been deleted or the transaction has taken place, the data expires and its erased. This does prove to be an obstacle for law enforcement, but the security of millions of citizens intimate lives needs to be considered when trying to stop a handful of criminals.

The conundrum faced by politicians is not an easy one, but they need to seek advice from those with the technical skills to educate them. A reactionary “we must tackle” or “we must ban encryption” isn’t a reasoned argument. Criminals use all sorts of tools that regular citizens use. They drive cars, they cook with knives – this means they have the tools required to harm fellow humans. The solution isn’t to ban everything, but to develop tools that can be used to detect. Behavioural patterns, anonymous tip offs, education of the general public – not the removal of all citizens rights to a private life.

Encryption will be the scape goat for a lot of government & tabloid problems, but ultimately without it, we revert to the pre-internet days of filling in forms and transacting face to face. Without the ability to secure over a public network, the internet is nothing more than a public library of information. I’m an academic. I research internet security for my studies & also out of personal interest (I know, my hobbies sound really boring). The discussion around privacy in the UK needs to change. It’s not about having something to hide, it’s the freedom to express yourself and communicate without the fear of someone else reading or hearing your conversations. I believe everyone would see that as a basic right & one that needs protecting.

Let me know your views in the comments. I would love to hear from you. Also, send me any corrections, I’m sure there will be a few. I’ve written this all in one sitting to address concerns brought up by people asking me questions today, following the press coverage, so excuse any errors.

openPGP decrypted email

PGP encrypted emails on Mac OS X/Sierra using GPGtools GPGsuite

As part of my cybersecurity posts I’ve decided to write briefly about PGP (Pretty Good Privacy) encryption of email. We will use GPG which stands for GNU Privacy Guard and is a compatible free software equivalent of Symantec’s proprietary encryption algorithm. Both PGP and GPG are interchangeable so you can use either protocol. These keys use a high level of encryption. I Use RSA 4096 for my keys which is possibly a little overkill, but I like to future proof when learning.

GPG is important for emails as it means that an email remains encrypted between the sender & the receiver. It works on the principle of key pairs. Each user generates a pair of keys, one private key remains secret and on the user’s computer, the other, known as a public key is free to distribute on the internet and allows you to pass it on to those you wish to communicate with.

It is important that your private (secret) key always remains private & you never share it with anyone. The keys are paired so that both are required to encrypt & decrypt emails. I won’t go into the technicals of it, if you are interested there are a lot of free resources which will guide you through the technology.

Encryption also requires a password to be set when creating your key pair. This password allows you to unlock your keys & use them to encrypt your email. Both sender & receiver need to set up a keypair & share their public keys with each other. This allows encrypted communication between both parties.

On OSX/ OS Sierra you can use the free & open source GPG Suite to install the tools required to start encrypting email. The suite includes the GPG keychain which allows you to create your key-pair for your email address, and it also allows you to store the public keys of your recipients & to upload your public keys to public key servers. It allows you to manage & store your keys.

Also in GPG suite you have GPG mail which integrates with the native mac mail client. Much of the encryption process is automated once you setup your keypair, including downloading the keys of recipients you address your emails to. You can also sign your emails with GPG Mail which confirms your email as authentic to the recipient.

First, install GPGsuite using the .DMG file available on their website. If you are using Sierra or require cutting edge enhancements, opt for the beta package.

Once installed you will have an extra option in your settings preference pane called GPG Preferences. This allows you to set your GPG preferences, such as update checking and the public keyserver you would like to use. Most people can just leave this set with the default values.

GPGpreferences icon in your Mac OS settings
GPGpreferences icon in your Mac OS settings
GPG Preferences pane
GPG Preferences pane

The first thing you will want to set up are your keypairs. Make sure you have added the email account you want to start using with encryption as one of your Mac Mail accounts. If you use a free account such as Gmail you can still add it to your Mac Mail software & encrypt emails using that account.

Next, head to your applications folder & select the newly installed GPG keychain application. Open the application and click New in the top left corner. You will be presented with the following screen, showing you your Mac Mail email addresses. In these settings, select the email account you would like to use with GPG encryption, select the box to upload your public key (makes it much easier for people to correspond with you) and enter your passphrase.

The passphrase is a vital part of your encryption as it unlocks your keypair for use. Make sure it is a strong password & one you can remember. Also, my advice is to use a password you only use for encryption. This password is never for use with any online services such as websites. A single hack of any of those sites could reveal your password, so encryption passwords are only for local use.

Once you are happy with your passphrase, click generate key. Your GPG key pair will be generated & public key uploaded to they keyservers.

Setting up a GPG keypair in OSX using GPGsuite
Setting up a GPG keypair in OSX using GPGsuite

You should then see your newly created key within GPG Keychain. You are now good to start creating encrypted emails.

My GPG Keychain.
My GPG Keychain.

My advice, if you are going to start encrypting emails between friends, family or colleagues is to first send them an email with your public key attached. This way, they can import it into their keychain to allow them to email you. They can also send you theirs back. This isn’t a requirement if you have both uploaded them to a keyserver, but it’s always a good idea before you start encrypting communications between you. It’s also a friendly way to allow the other party to know that you want to encrypt your emails & to expect future emails to be encrypted.

Now, fire up Mac Mail and compose a new email, you will see a new OpenPGP option in the top right of your compose window. This will be green if using an email account for which you have created a keypair & will be greyed out if composing from an account without a keypair. In the screenshot below I’m emailing between my own account & my unused gmail account which also has a keypair. As you can see the OpenPGP button is green which means a keypair is present & I can encrypt on this account.

OpenPGP options in Mac Mail
OpenPGP options in Mac Mail

You will also see in the above screenshot the two blue icons. They are blue if they are enabled, but are greyed out if either a public key isn’t present for your recipient or you have opted not to encrypt. If you do have a public key for your recipient in your GPG Keychain you can activate one or both of these buttons. The left one which is a padlock is your encryption button, the right one is your GPG signature to securely sign your email. If sending to someone with whom you have a public key, I would always sign & encrypt.

Once you are setup, emailing is just as straightforward as before. Write your message, your subject and add any attachments you would like. Note that only the body of the email is encrypted, the subject line is not so be careful what you use there as it is publicly viewable. Once you are ready you can hit send, at this point you will be given an OpenGPG prompt for your pass phrase. This is your encryption pass phrase which you setup at the time of creating your key pair. This password will be required every time you encrypt or decrypt an email. You can opt to save the pass phrase in your keychain but I would advise against that. The whole point of encryption is to make email for your eyes only (and your recipient of course) so keep the passphrase to yourself & commit it to memory. It’s just good practice.

Enter your OpenPGP passphrase to encrypt & decrypt emails
Enter your OpenPGP passphrase to encrypt & decrypt emails

The last part of the puzzle is decrypting email. Below is a screenshot I took of the email I just sent between my two accounts. When opening the email you will be asked for your encryption passphrase, this is to unlock your own keypair to decrypt the email. You will see from the screenshot that the email looks like any other, with the exception that it has signature and encryption details. The padlock shows that the email is encrypted.

openPGP decrypted email
openPGP decrypted email

If you follow these steps you will ensure any correspondence sent between you & your friends/family can’t be read by any third-party. This means that if your email account is hacked, the contents of your messages remain private. Perfect for family photos, private information and general personal chatter. It also means that companies such as google can’t read your emails for advertising & data collection purposes. The message remains scrambled with encryption across the whole internet, no matter who intercepts it.

Once you get used to this process it will become second nature. I like the ‘at rest’ security of encrypted emails. I’m less worried about personal emails being hacked or stolen in a data grab. If my server is compromised, my emails are not. I also like the fact that using a completely unique password for my encryption means that my encryption password is never in the wild online. I’ve committed a complex password to memory & I’m not likely to forget it after typing it so many times.

No security is perfect, but this is by far the biggest bang for your buck with regards securing your communications on a day-to-day basis.

You must keep your key pair secure. You can back them up using GPG keychain, both your public & private key, but you must keep them safe. Never put your secret (private) key online or into cloud storage. If you ever lose control of your keypair, someone could pose as you and send emails masquerading as you, not to mention decrypt emails if they guess your passphrase. GPG Keychain has the ability to revoke keys if you feel they have been compromised. You can then generate a new keypair & upload to keyservers as required.

This is just a brief outline of how to get started with OpenPGP using GPGSuite. If you would like to know more, you can read up online. A good starting point is the GPGtools site itself.

If you would like to send your first encrypted email, drop me a message at john AT johnlarge.co.uk using my public key which you can retrieve from the keyservers or download by clicking here. If you want to add to this post or correct please do let me know, like my other cybersecurity posts I’ve kept it as simple and non technical as possible to make it accessible. The post will evolve over time.

Insulation Tape over webcam

Apple Cybersecurity basics – Securing your hardware

I’ve been planning on writing a series of posts on cybersecurity for a while now. I’ve been interested in computer security for decades & have always tried to secure my machines, data & online profiles. In the modern computing landscape, many aspects of basic cybersecurity have been lost. When I started out online, perhaps in the early 90’s, there was a strong culture of using online handles as opposed to your own personal details. We had an awareness that the internet was a public sphere which is universally accessible.

The internet is a public place, but it is also a place where you can’t control data flows. As soon as you upload information or data to the internet, you need to assume it is now on public record. Even if you believe your account is private and secure, there is a good chance that at some point, the data will be used, resold or even hacked & released into the wild. If you approach the internet with this in mind it is very easy to secure your information. I’ll come to internet security later, but let’s start with your hardware itself.

I personally have a lot of computers. I have two Macbook Pro’s and an iMac, I also have Raspberry Pi’s running various versions of Linux & also an old IBM Thinkpad X200 running Trisquel Linux. All of these machines use full disk encryption.

With apple products, make sure your software is up to date. All of my machines run OS Sierra which is a free upgrade. Sierra has a very good version of full disk encryption known as Filevault 2. Filevault 2 allows you to encrypt the entire contents of your hard drive with a password. This means that without the password, the contents of the Hard Drive can’t be read by a third-party. File Vault requires the disk password as soon as you start your machine, so anyone who steals your hardware will be unable to boot your machine to access information & also unable to wipe the hard drive to reinstall the OS on your hard drive. This is vital in case of loss or theft of your devices. We store so much personal information on our devices & their security is as important as securing your own home. Perhaps more important.

The same goes for iPhones. Make sure you use a strong passcode or passphrase to secure your device & consider not using fingerprint access. Your fingerprint is very convenient, but a strong passcode is much more secure. Also, backup your iPhone or iPad to an actual computer and not to iCloud. If someone hacks your iCloud, they could clone your iPhone from one of your own backups & access your entire iOS environment.

The passwords you use should be unique & strong. You should also ensure that your encryption password is never stored or used for any online accounts. Your encryption password should be unique from any other password you use. You can choose a way of codifying your password, for instance take your favourite book (paper back or hard back) and use your birthday to select a page and a line. For instance, pick up a copy of Harry Potter, go to the page number which relates to your day of birth and then on that page go to the line number which relates to your month of birth. Use the text on that line for your password.

You can use any method to code your password, that is just a single example. Whatever you choose, make sure you have a way of reminding yourself which is not obvious. Without your encryption password your data would be lost forever.

Also, on Macs, make sure you disable any guest accounts in Settings > Users & Groups. Turn on the Firewall in Settings > Security & Privacy. This menu also contains the settings for turning on Filevault.

While in Security & Privacy, make sure you choose to require a password after sleep or screen saver. This means that if you need to leave your laptop or desktop unattended, you can put it to sleep to lock the machine or set the screen to sleep after a certain amount of idle time. These are basics steps to secure your machine but will make a vast difference to the physical security of your Mac.

Set your mac to automatically lock
Set your mac to automatically lock

With my iMac I use a Kensington lock to physically lock the machine to my desk. Make sure any external hard drives for your mac are also formatted with encryption & set your encryption password on each of them. This means if any are lost or stolen, for example your time machine backup drive, they cannot be accessed by anyone but those with the encryption password. I encrypt all media including USB flash drives. It only takes seconds to mount them & enter a password, but it does mean that your data is always much more secure. Get into the habit of encrypting & you will massively reduce your exposure to hacking & identity theft.

Something else I always do is use a small roll of black insulation tape to cover up the webcams on my laptops and desktops. You can peel it off easily if you require the webcam for facetime or skype, but most of the time I tend to leave the cameras covered. The camera can be used for spying by both governments & criminals & there have been many cases of people being recorded on their webcams & then blackmailed. For the sake of a few pence, always have a roll of insulation tape and cover your webcams. You can even colour match the tape to your black Macbook/iMac bezel.

 

Insulation Tape over webcam
Insulation Tape over webcam

With regards to securing your iPhone my main advice would be to set a fast timeout on your automatic screen lock. Never leave your phone unlocked & make sure you get into the habit of locking the screen whenever you put the device down. Also make sure under your Touch ID & passcode options in iOS settings, that you opt to require the passcode immediately & that you opt to erase the device after 10 failed attempts. This means that in the event of loss or theft, the device will likely wipe itself before anyone can get your information & identity from the device. You can also use iCloud to remotely message & wipe your Mac’s & iOS devices.

iOS Touch id & Passcode.
iOS Touch id & Passcode.

Mac’s & iOS devices now increasingly rely on cloud services to sync & store your data. Ensure that you setup two factor authentication on your iCloud account, to make sure only someone with access to one of your physical devices can login to your iCloud account. Also, be aware that if iCloud is ever hacked & the encryption keys that Apple hold are accessed, your iCloud data can be decrypted. Ensure that anything you offer up to the cloud is information which isn’t personally identifiable or potentially damaging. The cloud is ideal for mundane documents and data which isn’t specifically personal, but if it is something you want to keep private, don’t ever upload it to cloud services. I’ll cover this more in my next post regarding securing yourself online.

Finally, never give out your encryption password, it is the key to all of your data. Never use it for anything but encrypting, never use it with an online provider. If you do need to make a note of the password, codify & hide it in a way that it can’t obviously be identified as a password. Always aim to physically keep hold of your devices. It is much harder to compromise your devices if they are always in your possession.

Never give out any passwords in email or over the phone. If someone calls asking for your account details, don’t give them out or ask them for their details and phone number & offer to call them back. You can then check the number & details online & call a verified number.

Finally keep software up to date. There are zero day exploits being discovered and utilised daily. You massively decrease your attack surface if you keep software, services & devices patched & up to date.

I will add to this post as & when I think of tips to help. If you have anything to add, please let me know in the comments. There will be loads that I have missed & I expect this post will constantly evolve. I’ve also tried to keep the post as straightforward and non technical as possible. I want the basics to be adopted by everyone, so I’ve left out the in-depth discussions on things like AES & encryption bit sizes.

 

Stop speakers buzzing, hissing and popping in OS sierra on iMac

OS Sierra external speaker pop & hissing/buzzing/humming noise fix

Since upgrading to OS Sierra on my iMac, I had noticed a horrible buzzing noise coming from my external desktop speakers. The pop would occur after a short timeout and seemed to indicate that sierra had put the audio driver to sleep, leaving no output to the external speakers. The initial switching off of the speakers would cause the pop and then the speakers would buzz until a system sound woke up the audio driver & played a sound.

This hissing & buzzing of the external iMac speakers was driving me mad. A few years ago I remember a fix called Antipop which was a small Daemon which would play a system narration consisting of no actual sound, but enough to keep the sound driver from sleeping.

Antipop has not been updated for years & didn’t seem to work with El Capitan & Sierra, so I decided to make a quick fix using the same kind of empty narration speech and Sierra Launch Control. This fix will persist after sleeping the system & also after a reboot. On my system it has eradicated the annoying pop of the driver going to sleep & also stopped the speakers buzzing by maintaining power through the aux cable and my externally powered & amplified speakers.

  1. Open Terminal and use nano to create our plist file for launchctl using the following terminal command:

    sudo nano /Library/LaunchDaemons/com.antipop.plist

  2. Paste the following text into terminal (nano) using ctrl + v

    <?xml version=”1.0″ encoding=”UTF-8″?>
    <!DOCTYPE plist PUBLIC “-//Apple Computer//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd“>
    <plist version=”1.0”>
    <dict>
    <key>Label</key>
    <string>com.antipop</string>
    <key>KeepAlive</key>
    <false/>
    <key>RunAtLoad</key>
    <true/>
    <key>ProgramArguments</key>
    <array>
    <string>/bin/bash</string>
    <string>-c</string>
    <string>while true; do say ‘ ‘; sleep 10; done</string>
    </array>
    </dict>
    </plist>

  3. Press ctrl + o to save the file and hit enter to confirm.
  4. Exit nano with ctrl + x
  5. To start the plist and set it as a persistent service use the following command in terminal

    sudo launchctl load /Library/LaunchDaemons/com.antipop.plist

Those few simple steps will give you a pop around 10 seconds after running the last terminal command, after that you should find that your external speakers no longer pop & because the driver won’t go to sleep you wont get the buzzing & hissing on your external monitor speakers.

I hope this helps, please do let me know how you get on. This was put together using research from around the internet & by looking into how antipop used to work.

If you want to revert the changes you made, simply unload the plist from launchctl using the following command in terminal:

sudo launchctl unload /Library/LaunchDaemons/com.antipop.plist

2016 Macbook Pro

Apple just released new MacBook Pro’s – So I went a bought a 2012 model.

On October 27th Apple held one of their new product unveiling conferences & I was instantly disappointed. I was sat in a coffee shop in central Manchester watching the stream & almost shouting at Apple in public. Apple hardware has been iOS focused for a long while now & any real innovation in the computing hardware side of things has been seriously lacking. I bought a 24″ top of the line iMac back in 2009 & I’ve used it daily ever since. The new hardware just doesn’t warrant the outlay & the performance gains are negligible in my opinion for the price.

To me, however, this has always been a selling point for Apple. The fact that you invest heavily in their hardware, but expect it to last as long as you want it to without ever breaking down has always appealed to me. My 2009 iMac has a 2.93Ghz dual core processor & 8GB of ram. I also opted for an uprated Nvidia GT120 in this iMac and for the most part I’ve never needed any more power. It’s still on the original hard drive & using SMART shows me that the HDD in the iMac has been in use for 32314 hours. That’s 1347 days of  actual use. I’m just now considering upgrading to an SSD & intend to remove the superdrive & have two hard drives in the iMac.

My wife has a 2011 Macbook pro & again with uprated ram to 8GB and an SSD, it just doesn’t warrant the upgrade. That laptop has also required component changing, such as a faulty keyboard after a water spillage & that can be achieved with cheap parts off the internet and a basic precision screwdriver kit. Repairability is super important to me, and the later Macbook pros & those with Retina displays lack the ability to repair & upgrade which put’s me off. I don’t want my ram soldered in at time of purchase. I don’t want pci-e SSD storage over standard & much cheaper SSD hard drives. I don’t want my batteries glued in place, requiring apple servicing and disposal of big parts of the laptop just to change the battery cells. If something breaks, I want to repair it. I don’t want to pay a fortune for apple techs to repair it with proprietary tools & methods. I certainly don’t want a disposable laptop & a huge price tag. If that is the price to get the laptops so impossibly slim, I’m sorry, I’m not interested.

So after being totally disappointed at the new Macbook’s, with their relatively non pro specs & removal of keys I use daily, I decided to save my money and buy one of the last true Macbook pros. I managed to source a mint condition, used, Macbook pro in 2012 specification for £550, a bargain when you think the new ones are starting at £1449 with a similar spec. This machine doesn’t have hard-wired ram. It has a SATA port so I can put in my own SSD, and the battery can be changed. Along with the Macbook, I have a Crucial 525GB SSD on the way & 16GB of brand new Crucial ram. Combined, that will be a pretty beast spec for Photoshop & web development work. And all for £720. A bargain for sure.

2012 Macbook Pro + Crucial 525GB SSD and 16GB Ram
2012 Macbook Pro + Crucial 525GB SSD and 16GB Ram

I’ll do a post when the machine is all ready to go & I’ll also post some benchmarks. Until Apple stops creating disposable appliances & starts making real computers again, I think most of their engineer customers & professional/hobbyist computer users will steer clear. Plenty of people I know wanted faster GPU’s, faster processors & oodles of RAM. Instead we got thinner, lighter & mediocre power wise. They should lose the Pro moniker on these laptops. They are really just casual consumer grade laptops at an astonishing price. Since Brexit became a thing in the UK, the spiralling pound has driven up the cost of tech & apple have added 20% to their hardware, making mediocre hardware even more expensive. I personally don’t think this will fly with consumers & they will be forced to change tack at some point.

I know a lot of people are switching to PC based machines. For a comparable price you can get a hell of a lot more hardware spec wise. For me, the iMac has always been a solid & dependable daily workhorse & my new Macbook Pro will allow me to break free of the desktop and work on the go. I do hope that Apple will change their minds & start catering to the Pro market, but in the meantime I’m sure most of us will just stick with what we have. Hardware & processors aren’t developing at the rate they once did, so it is much more feasible to stick with hardware for many years. I for one can attest to that, having used my iMac for 7 years solid.

What are your thoughts on the new Macbook Pro’s? Especially the model with the touch bar?

Apple iPhone 7 Plus missing the 3.5mm headphone jack

iPhone 7 & 7 Plus ditching the 3.5mm audio headphone jack – I’m not convinced

This week Apple unveiled its latest & greatest flagship device, the iPhone 7 & 7 Plus. This is the first Apple conference which I haven’t attended or streamed live from home. For me, the magic of Apple is starting to fade. Don’t get me wrong, their hardware is exquisite, but their decision-making & rush of new hardware & software to market is getting a little tedious. Especially on the software side, nothing is quite as polished & flawless. Everything feels buggy & clunky.

It also feels like Apple are innovating for the sake of it. I was majorly put off the new MacBooks for their lack of built-in ports. I don’t want to use a dongle, it’s something else to carry & totally impractical. Not to mention aesthetically void. My plan is to buy a used Macbook with the ports still built into the unibody because I like a USB port & an audio jack, not to mention an ethernet port (WiFi might be fine for most users, but try troubleshooting a network or transferring huge amounts of data without ethernet, it’s painful & totally useless).

Back to the iPhone 7 and iPhone 7 Plus. They have gone down the same route, by losing the audio jack and replacing it with lightning headphones. The lightning port was a pain in the arse to start with. None of my accessories worked with the port. I still have an iPhone 4 in one audio dock & a 3S in another. I now have an iPad mini 2 and an iPhone 6 with lightning so I’m getting used to it. But replacing the 3.5mm jack, for me, is a no go.

For one we have a usability issue. At the moment I can plug my 3.5mm jack into any device setup and pass audio from any app on the iPhone to any amp or device. I can use the aux cable in rental cars that don’t have bluetooth or when riding in a friend’s car. I can use my official headphones, earphones, X-mini speaker or any cheapo headphones I need to use. No restrictions. With the Lightning setup you are limited to Lightning only accessories. If you friend has an Android phone in their car and uses an AUX cable, you are screwed. If you break your headphones, you can’t just grab any generic pair from almost any shop, worldwide, you don’t need a specific proprietary cable.

Imagine, for example, you are travelling in some far-flung place. You break or lose your headphones. The 3.5mm jack has existed since the 60’s. You can guaranteed, anywhere in the world, you will find a pair of earphones or headphones. That simply won’t be the case with a proprietary connector.

Furthermore, imagine all of those people with a specific need for a 3.5mm jack. Musicians, DJ’s, hackers, makers, hobbyists, journalists, teachers with presentations. The list is endless.

Another issue with the lightning & bluetooth (ear pods) approach is DRM. More so over bluetooth with the wireless Ear Pods, but also with lightning I can see a time where DRM is used to stop you outputting audio to certain devices. Lightning & bluetooth are digital, 3.5mm is analogue, meaning over lightning or bluetooth the iPhone can communicate with the device it’s connected to. This could, for instance, stop you outputting Spotify to an amplifier. It could stop you streaming audio and then outputting that audio to recording equipment or a third-party stereo setup. Anyone who has used airplay will understand the frustrations of DRM. Try outputting video over Airplay for certain apps. it just won’t allow it (specifically the Sky TV apps for example).

Apple Air Pods
Apple Air Pods

The 3.5mm jack has been a bastion of audio for years. I won’t buy an iPhone 7 for this very reason, unless they produce an analogue converter, but still it would mean carrying an external adaptor or dongle. Rubbish.

Apple Wired Earbuds
Apple Wired Earbuds

I’m no Luddite. I enjoy new technology. I’ve been into tech for as long as I can remember, but sometimes I feel that innovation isn’t progress. The rest of the iPhone 7 & 7 plus is a bit meh! The price tags have gone skywards and the features are actually putting me off. Don’t get me started on the fact that the camera is still protruding. I can’t imagine that camera ever coming into existence under Steve Jobs, never mind persisting model after model. I’ve hated it since I got my iPhone 6, the flush camera of previous models was perfect.

Oh, and why do we still not have Micro SD support & dual sims. We have to pay a fortune for built in, fixed storage while the android boys can infinitely upgrade their storage capacity with cheap micro SD.

While I’m discussing gripes, don’t get me started on the bluetooth Ear Pods. I would lose them without a doubt, not to mention the requirement to charge yet another device. At the moment & for years, I rout my earbud cables from my trouser pocket, underneath my T-shirt and out at the neck. This means if I pop them out, to chat to someone or to do some work, they hang from my T-shirt neck, where I can find them & pop them back in my ears when ready. Also, when riding my bike or being generally active, if an earbud falls out, it simply swings from my t-shirt neck on the wire & I grab it and put it back in. With bluetooth, it would drop to the floor and probably end up ridden over or smashed. Plus the fact I would always be running out of battery in the bluetooth earbuds, it’s just a non starter for me.

Some things are meant to have wires. Networks are supposed to be hard-wired for reliability, security & speed. Earphones are no different for me.

Anker Power Core 20100 charging ports

Anker PowerCore 20100 4.8 amp Mobile Power Bank

Modern smart phones aren’t great when it comes to battery life. This can be blamed on the user as much as the device itself. We tend to use smart phones for everything nowadays. From MP3 playback to calls, texts, social media & maps. The usage is endless. Unfortunately the power life is not.

I often find myself in cities & on trips without access to an outlet & I can be down to 50% before 10AM. I use my iPhone to conduct my business, manage my life, listen to music & take photos. I use it to pay for coffee, to organise meeting friends & reply to business emails on the go. I use it a lot. I don’t tend to kill time with the iPhone, I’m not a Facebook user and tend to limit my social media usage, but I still struggle to maintain battery life.

I was excited when Apple introduced their low power mode, but I’ve mostly found it useless as it manages to save very little power. In the past I’ve used low quality power banks. I had a cheap one from Primark which would give me around a 50% charge on the iPhone 6. I’ve also resorted to dropping into Apple stores in Liverpool, Manchester, London, Amsterdam & San Fransisco on my travels to replace the display iPhones with my own to sneak a charge. It would be handy if Apple provided charging bays at tables for this very purpose.

Anyway, after all of the road warrior action I decided to address the problem. A power outlet isn’t always available. You find them in places like Starbucks, but they normally have someone tethered to them for the long haul. I therefore opted for a high-capacity power bank.

After a search  & reading plenty of reviews I decided to buy the Anker PowerCore 20100 power bank from Amazon. It is currently reduced from £59.99 to £29.99 so it is an absolute bargain. This is a 20,000mAH battery pack and I’ve found it can keep my iPhone 6 charged for an entire week. The power bank itself takes a while to charge on a standard USB port or USB charger. I’ve been using my high-capacity 12w iPad charger to charge the power bank much more quickly & find an overnight charge will fill the power bank.

I do like Anker products, the build quality is second to none & the quality in general of their products is superb. I prefer to buy once & buy well & this fits the bill. It’s made from sturdy, rugged plastic and is quite heavy. It has a charge indicator button and four small blue LED’s to show you the current charge level of the power bank, much like that found on Macbook’s.

This particular model has a single micro usb input for charging (with the supplied cable) and two standard USB outputs for charging any USB device. The Power Bank also comes in a great padded sleeve with a draw cord, which is perfect for travelling & throwing into your backpack.

The Anker PowerCore 20100 can charge two devices at the same time & I find it charges my iPhone 6 as quickly as a mains adapter. On a recent trip, it managed to keep my iPhone 6 charged for an entire week, which is crazy.

The Anker PowerCore 20100 can output 4.8 amps and features something they call Power IQ technology, which optimizes charging based on the device it is charging & can rapid charge supported devices. I feel more confident using a device like this over a generic one as I trust the quality of the cells used & trust it won’t burst into flames or fry my devices.

Anker Power Core specifications
Anker Power Core specifications

I also found this is the maximum capacity I would go for as anything larger can been troublesome when it comes to airport security & carry on luggage. There is a limit on the size of lithium-ion batteries that can be taken on a plane without scrutiny, so to save the hassle I went with an acceptable battery capacity.

Finally the packaging. I’m a bit of a packaging geek & Anker satisfied my geekiness. The packaging is wonderful & even feels nice. You can see just how good the packaging is in the pictures below.

If you use your smart phone or tablet on the go I would recommend you go & grab one of these before the price increases. It has become a staple in my everyday carry & always sites fully charged in my backpack. No more hunting for sockets. I’ve also been able to bail out friends when their devices have died.

Do you use a power bank? Let me know which ones you use & your experience with them. In the days pokémon Go it would appear more & more people rely on them to keep their devices charged.

Anker Power Core 20100 packaging
Anker Power Core 20100 packaging
Anker Power Core 20100 packaging
Anker Power Core 20100 packaging
Anker Power Core 20100 charging ports
Anker Power Core 20100 charging ports
Anker Power Core 20100 & packaging
Anker Power Core 20100 & packaging
Anker Power Core 20100 packaging
Anker Power Core 20100 packaging
Anker Power Core 20100 packaging
Anker Power Core 20100 packaging
Anker Power Core 20100 & packaging
Anker Power Core 20100 & packaging
Anker Power Core 20100 & packaging
Anker Power Core 20100 & packaging
Let's Encrypt free TLS/SSL for HTTPS

Using Let’s Encrypt to enable HTTPS for your website

For a long time I’ve been meaning to sort out SSL certificates for my domains & secure traffic to them. Last year HTTPS became a google ranking factor & since then site wide HTTPS adoption has been on the increase. The problem with HTTPS is that up until recently it required buying an SSL certificate from a vendor & installing it on your hosting.

SSL certificates are not cheap & need renewing on a regular basis. It isn’t just a one-off cost. Furthermore, if you have multiple websites hosted on shared hosting, you need to sort out & purchase a separate certificate for each domain, or buy a wildcard certificate to cover your domains. Not cool.

Enter Let’s Encrypt (visit website). Let’s Encrypt is an SSL certificate signing authority who offer HTTPS (TLS, SSL) certificates free of charge. The certificates last for 90 days but can be renewed indefinitely without any extra charges.

Let’s Encrypt is a Linux Foundation project supported by a lot of big tech vendors including Google & Mozilla, not to mention the fact that is in endorsed by the EFF.

If you have your own server, installation is quite straightforward. You can use the EFF’s Certbot page to find instructions for your web server software & OS with a step by step guide for installing Let’s Encrypt.

If, like me, you have a lot of sites on shared hosting, things are a little more complicated. Luckily however, in August cPanel released a Let’s Encrypt plugin. The plugin has been in beta for a while but went live last month & the plugin automatically requests certificates for each domain hosted in cPanel & sets up the keys and certificates for you. It couldn’t be simpler. Whats more the cPanel Plugin will also run a cron job to check & renew the certificates, so it is a perfect turn-key solution for enabling full SSL (TLS) for your domains.

As soon as the plugin became available, I asked my hosting company to install the plugin. Within minutes I had SSL setup on all of my domains.

Once setup, the only task was to set my websites to use SSL over HTTPS be default. I set the domains to HTTPS in wordpress settings, and added rules in my .htaccess files to redirect all non HTTPS traffic to HTTPS. Ensure you set your redirects as 301 redirects to pass on any link juice from old links to your websites.

I added the following to my .htaccess for this site to redirect all

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^johnlarge.co.uk
RewriteRule ^(.*)$ https\:\/\/www\.johnlarge\.co\.uk\/$1 [R=301,L]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.johnlarge.co.uk/$1 [R=301,L]


My HTTPS TLS Certificate details
My HTTPS TLS Certificate details

I noticed a few days of SERP drops, but they have now recovered and my rankings are in fact climbing across the board. I also find that a nice big padlock in the address bar is great for reassuring customers & conversions on my e-commerce sites are up. My payment pages have always been encrypted as a third-party payment processor manages payments, but by securing every page of my sites it would seem customers feel extra secure.

HTTPS is also important from a privacy point of view. HTTPS gives end to end encryption between your browser and the server, meaning third parties are unable to snoop on your traffic. What you read & the sites you visit are your business & you are entitled to browse the web in relative privacy. HTTPS goes a long way to protecting your privacy online and I think we will see mass adoption of services like Let’s Encrypt for that reason alone. You can read more about Encryption & privacy over on the EFF’s website.

I must say I’m very happy with Let’s Encrypt. The whole process was straightforward and I now have HTTPS encryption across all of my domains. Any SEO benefits are a real bonus & I’ll do a further write-up on that when I’ve had some time to review the results.

If you manage your own server, I’d recommend adding Let’s Encrypt. Gone are the days of paying to secure your websites. And if your hosting is cPanel based, drop your hosting company an email and ask them to install the Let’s Encrypt plugin. It really is worth it.

Configuring LibreELEC

Migrating from OpenELEC to LibreELEC kodi

I’ve been using OpenELEC for a few years now, having it installed on an older Apple TV 1 (ATV1) and more recently on my Raspberry Pi 2 for use as a media centre. OpenELEC drastically simplified a kodi installation on any supported hardware & by aiming OpenELEC at being an appliance they managed to make a lightweight & rock solid kodi OS.

It would seem over the past 6 months or so, development of OpenELEC and support for OpenELEC has wound down. Maybe the developers have other projects to focus on, but I found that it wasn’t being updated as often as I would like. I then spotted LibreELEC which is operated by a small board of developers focused on creating a system with just enough OS for Kodi. This is excellent news for anyone running Kodi on a Raspberry Pi as the filesystem requirements are small & only enough processes & services run in order to support Kodi, meaning precious resources are freed up on slower hardware.

It would appear LibreELEC is based on OpenELEC and the filesystem appears to be very similar. The update procedure also appears to be identical. To upgrade to LibreELEC, I downloaded the latest release from the Libreelec website and selected the “Manual Update from OpenELEC” .tar file. Once downloaded, open up your OpenELEC shared folder on the network and place the .tar in the update directory. Once you have done that, reboot the Pi and LibreELEC will install in place of OpenELEC.

And with that my Raspberry Pi 2 which is a dedicated media centre was upgraded to LibreELEC. I’ve actually found that the libreELEC install is very stable, and my uptime has been constant since the update. I’m currently running Kodi 16.1 Jarvis and this media centre experiences very heavy usage in our household.

LibreELEC is going through constant development, so if you still use OpenELEC I would recommend updating. Also, it’s nice to get the latest versions of kodi Stable when they are available.

I’ve not had any issues with LibreELEC and it works very well with my raspberry Pi 2. I’ve also found that HEVC x.265 hi def content actually plays on the latest version of Kodi running on LibreELEC. I struggled to get those high resolution/compression files playing on OpenELEC without dropping a lot of frames and jerky playback. LibreELEC and Kodi 16.1 Jarvis seem to handle them perfectly now on my Raspbery pi 2 media centre.

LibreELEC has an almost identical extra configuration menu to that offered in OpenELEC, allowing you to manage wifi connections and stop/start services. It also has a handy little event viewer which allows you to view basic system logs. May come in handy when debugging issues int he future, but so far it has been rock solid so I’ve not needed to use it.

LibreELEC now powers our living Room media centre. This is the only TV we have in the house, as we tend to use Computers in other rooms or Laptops with kodi installed. But as our main media centre it is excellent. I’ve yet to find a format that libreELEC and the Raspbery pi 2 can’t handle, and even streaming over wi-fi on our internal network, we haven’t experienced any issues.

Have you upgraded to LibreELEC? if so let me know how you are getting on with it in the comments below.

LibreELEC kodi home screen
LibreELEC kodi home screen
libreELEC config menu
libreELEC config menu
Configuring LibreELEC
Configuring LibreELEC
Raspberry Pi 2 System Use on LibreELEC Kodi
Raspberry Pi 2 System Use on LibreELEC Kodi

Lenovo Thinkpad X200 laptop battery woes

Regular readers will know that I now use a Lenovo X200 for most of my computing needs. It has Libreboot installed and I run Trisquel 7 GNU linux on the laptop. This laptop is perfect for linux, all of the hardware including the updated Atheros wifi adaptor have open source & free drivers available & the machine is truly 100% my own.

The laptop itself is still fairly powerful for an older laptop with an Intel® Core™2 Duo CPU P8600 @ 2.40GHz dual core processor and upgraded ram to 4GB it really is a good mobile workhorse. I only paid £50 for the laptop in September & I installed 4GB of ram I had in my desk drawer from an old Macbook upgrade. I also updated the Intel wifi board to an Atheros to allow me to run Trisquel.

The laptop was in great condition when I bought it used, considering it was 6 years old. I did a full refurb myself & stripped it down to clean and restore it. One annoying thing was that the installed battery seemed to be the original & after a lot of charging cycles it was lucky to run for 40 minutes on battery. I decided to hold off upgrading the battery and carried the power cord with me when feasible.Lenovo thinkpad X200 batteries

Original Thinkpad x200 5200mah battery
Original Thinkpad x200 5200mah battery

Last month however the original Lenovo battery finally died. The battery light on the x200 was flashing orange and as soon as I unplugged the power adapter the laptop would power down instantly. I hit the forums & read that this is common with older batteries in the thinkpad’s. Apparently they have a fuse in them & when a cell starts to die, varying the voltage across them, the fuse burns out and shorts the battery. This seemed to be the case so I hit the Internet to weigh up my options.

An original 5200mah battery manufactured by lenovo was coming in at around £70. This didn’t seem like a great option considering I only paid £50 for the laptop. I was adamant that I didn’t want to buy a used battery as the history of the battery & the life remaining is such an unknown, but I definitely wasn’t going to spend so much on an original Lenovo battery.

I found various sellers on eBay & amazon & decided to opt for a higher capacity 7800mah battery. These have a larger form factor & stick out of the back of the laptop, but apparently they can run the X200 for an extended period of time, so I thought it would be a good option. The battery was also cheap at £23 including delivery.

On receipt of the battery it was quite obvious that it was a cheap & nasty product. It had a small crack in the flimsy plastic case, the locking button was stiff and the copper pins of the battery looked like a dog had been chewing them.

I tested the battery to see if this was just cosmetic, but when plugging the battery in i found that they battery would run the laptop, but would not charge & wasn’t even being detected by the X200 charging circuits. For all intents & purposes, the laptop didn’t know a battery was present & also couldn’t give any indication of charge levels or discharge rates.

Thinpad X200 7800mah battery
Thinpad X200 7800mah battery
7800mah mashed battery terminals
7800mah mashed battery terminals

I contacted the seller who must have known this is a common problem as he refunded the order, without question or return. I was disappointed but relieved to have the refund.

I then decided to head to Amazon. I was determined to find a cheaper third-party battery & decided to look for an item which was held in Amazon stock & dispatched by them. This way, if any problems arose I would be dealing with amazon for a return and not a third-party seller.

I found the battery supplied by a company called TPE. Another third-party brand I had never heard of, but a brand none the less. They had a website & lots of safety certification. They also seemed to have positive reviews so I decided to order from them. This battery was a 5200mah battery which was the same spec as the original Lenovo. I decided to go for this one as I prefer the flush fitting of the standard battery over the extended life battery I tried previously.

7800mah mashed battery terminals
7800mah mashed battery terminals

The TPE X200 battery came within a week and again cost me £23. This one was 100% better. Nicely packaged, perfect anti-static, decent quality casing & stickers & the copper pins where perfect. I plugged it into the X200 and instantly I was running off battery. It was 78% charged and the X200 on trisquel was showing 3 hours of battery life remaining.

Modern lithium-ion batteries are less prone to memory effect than older laptop batteries but I always run new batteries in nicely. It’s a habit now. So I ran on battery until it was critically low & then gave it a full charge. I’ve got to say, I have no complaints with the battery. After a few full cycles it’s holding excellent charge & giving me almost 4 hours without using any specific power tweaks on Trisquel.

This TPE battery seems comparable in quality to the original Lenovo battery & I would highly recommend you have a search on Amazon if you need to update or replace yours.

The X200 takes battery part number FRU P/N 42T4647 or ASM P/N 42T4537 as standard so search for those part numbers if you want to replace your original X200 5200mah battery.

Front veiw on my 5th Generation iPod U2 edition & original packaging

iPod 5th Generation SSD Upgrade with iFlash and Sandisk SD cards

I love my old school technology. While I love all the new developments in tech, I’m still one of these people who wont replace something which is perfectly good just to upgrade to the latest model. My 5th Generation iPod is no exception. I bought this iPod in 2006 from the Apple store in San Francisco. It was my first new Apple device & I opted for the special U2 edition, not because I particularly like U2, but because I loved the black with red click wheel.

This iPod has seen heavy usage since the day I bought it. It has travelled with me around the world, still in its original Belkin hard case & it has never EVER failed me.

I had to replace the battery a few years back as it was holding less & less charge, but apart from that it just keeps going. I think the Wolfson DAC in this generation iPod offers the greatest sound output from any of the Apple music players before or since. It knocks the socks off even my iPhone 6 and all of my previous iPhones.

From the iPhone 3G onwards I’ve been tempted to switch my music to the iPhone only but I have various gripes with that. Firstly, it has limited storage space & is quite a clunky experience. I don’t like streaming as it relies on Connectivity, which eats battery, its useless for international travel and generally gives an interrupted user experience. Secondly, I find myself constantly interrupted by push notifications, calls, texts & distractions. Walking around a city in my own world listening to my extensive music library used to be my way of disconnecting and chilling out. Since using smart phones this is less & less viable.

So I’ve switched back to the iPod. My problem now is since using iTunes match, my entire library is now of a higher bitrate. My music is mostly now in 256kbps AAC. My MP3 collection used to be predominately 160kbps or 192kbps which was pretty normal in mid to late 2000’s. Couple that with my ever-growing library & I’ve found myself needing to be selective about the music I carry on the iPod. I hate that! If I think of a tune I would like to listen to on the go, I like to have it to hand. I therefore decided to upgrade the old iPod, not by replacing it, but by enhancing it.




I researched putting in an SSD and doing an iPod SSD upgrade, which seemed a good prospect, but not very flexible. I then looked at the possibility of using SD or Compact Flash cards to expand the memory & stumbled across the iFlash website & boards. iFlash make boards which allow you to swap out the internal ZIF hard drive on the iPod 5th Gen and replace it with a small PCB supporting SD cards. You have the option of a board supporting one card, a dual SD board or a quad board. To future proof I went for the quad board meaning I could expand it easily in the future.

iFlash Quad back view with 2 x Sandisk 64GB SDXC cards ready to go for iPod SSD upgrade
iFlash Quad back view with 2 x Sandisk 64GB SDXC cards ready to go for iPod SSD upgrade
iFlash Quad front view with 2 x Sandisk 64GB SDXC cards ready to go.
iFlash Quad front view with 2 x Sandisk 64GB SDXC cards ready to go.

The iFlash essentially replaces your hard drive with a board running SD cards which acts as a virtual HDD using JBOD (Just a Bunch Of Disks) mode allowing you to mix and match SD cards to create one large volume. I ordered the iFlash Quad & two fresh Sandisk Ultra Micro SDXC Class 10 cards. Both cards are 64GB giving me a combined 128GB of flash storage in the old iPod. Compared to the standard 30GB this is a massive improvement, & I can add some more SD cards in the future if needs be.

iPod opening tools. Tweezers, Small screwdriver & iPod opening tool (soft tool or spudger)
iPod opening tools. Tweezers, Small screwdriver & iPod opening tool (soft tool or spudger)

I used the iFixit tear down guide to dismantle my iPod, bearing in mind that I’ve stripped it down in the past to replace the battery. Dismantling is fairly easy, I’d recommend an iPod opening soft tool to open the case. The back cover is metal but the front is plastic so you don’t want to damage the clips or the casing. Make sure to turn the iPod off and use the lock switch to lock the iPod before starting. I find it best to insert the removal tool in the case gap on each side and run it the full length a few times to pop the clips open. I don’t lever it at all, the simple back and forth sliding is normally enough. One is pops open, don’t just pull it apart as the battery ribbon cable needs to be removed. I use a small pair of tweezers to lift up the brown ribbon latch a few mm. Go really easy with this, it only needs to raise slightly to release the cable. Once the cable is removed you can open the case like a book, leaving the other ribbon untouched.

The next thing you need to do is flip the hard drive 180 degrees towards the bottom edge of the case to expose the ZIF cable & connector. You then need to lightly flip-up the black connector at the HDD end, it doesn’t lift up, it flips up through 90 degrees or so to release the cable.. Once that is lifted you can slowly ease the ribbon cable out.

iPod 5th Gen Hard Drive removed
iPod 5th Gen Hard Drive removed

Next you need to take your iFlash board & insert your SD cards. In my case I inserted both 64GB cards into slow 1 & 2. Make sure you have removed all of the grey HDD bumpers, I found an extra little bumper at the bottom edge which had to come out to seat the iFlash properly. Slip the HDD ribbon into the ZIF connector on the iFlash and close the lock bar. It works exactly the same as the one you just opened on your HDD. I used tweezers again to make sure the ribbon was fully seated int he connector, be careful not to kink the ribbon. Light pressure only. You can then seat the iFlash and stick one of the supplied sticky pads to the chipset to keep it snug when the case is closed.

iFlash quad with SD cards inserted & ready to go
iFlash quad with SD cards inserted & ready to go
iFlash Quad replaces HDD and sites neatly inside the case.
iFlash Quad replaces HDD and sites neatly inside the case.

Before clipping the case back together, reinsert the battery ribbon and click the lock shut. Place the top case onto the bottom case but don’t clip the case back together yet. First plug your iPod into your computer and check that you can restore it with iTunes and that it boots up & reports your new storage capacity both in iTunes and on the iPod in the settings menu. Once you are happy & have restored the iPod using iTunes, clip back together & enjoy.

iPod switched on after iFlash installed, showing recovery required screen
iPod switched on after iFlash installed, showing recovery required screen
my iPod is now 128GB thanks to iFlash
my iPod is now 128GB thanks to iFlash

So far I’m loving this mod. Battery life is much improved as the iFlash doesn’t have a platter to move like the old HDD. Also I found syncing to be much faster, song seeking much faster and the ability to sync my entire library in 256kbps AAC means vastly improved audio quality. Better clarity and less fuzz.

New capacity on my 5th Gen iPod is 128GB
New capacity on my 5th Gen iPod is 128GB

This mod should be do-able by most competent DIY-ers and hardware hackers. Just be careful when releasing cable release latches, the plastic is now 10 years old in mine & no doubt more brittle with age. Take your time with these parts, treat it as if it where precious. No force, just patience.

I now have a smart phone killer in the mobile music battle. I expect this iPod will keep travelling the world with me for many years. I’m also looking onto running an even higher capacity battery, but right now I can just run it off my Anker PowerCore 20100 power bank if required.

Below is a picture of my upgraded iPod & my original packaging. This is now 10 years old (was 10 in June this year) and I still treasure it like the day I bought it.

Front view of my 5th Generation iPod U2 edition & original packaging
Front view of my 5th Generation iPod U2 edition & original packaging
Back view of my 5th Generation iPod U2 edition & original packaging
Back view of my 5th Generation iPod U2 edition & original packaging

If you have carried out any hardware hacks on old iPod do let me know & as always if you need help, just ask me in the comments.

Turn Off iCloud Music Library

iPhone storage full when using iCloud music *fix*

I’ve been having major issues with my iPhone 6 running out of storage capacity. I have a modest amount of apps installed on the iPhone & I have the 16GB version of the iPhone 6. I was constantly receiving the storage almost full banner on my iPhone and even when looking at the storage & iCloud usage in settings I couldn’t figure out what was taking up all the space. This tutorial will also apply to iPad as it’s an iOS issue and not an iPhone specific issue. Works well if you keep receiving the message “iphone storage full” and you use iTunes match or iCloud Music Library

I first tried deleting old apps and app data. This helped a little. I then deleted all of the music off my device which freed up some space but not a great deal. Next I opened the Battery Doctor app and ran the clean up scripts included, which clean out old cache and orphaned files. Again, this gave me a few extra MB but nothing noticeable.

The final thing I tried was to disable iCloud music under settings > music. As soon as I returned to check the storage space available I could see I had quite a bit more free. I checked back 5 minutes later and I had gone from almost full to 2GB free. It would seem that the caching of music on the iPhone with iTunes match is very inefficient on smaller devices. I see the benefit of caching music files for quicker retrieval & a reduction in cellular usage, but on smaller devices this really doesn’t help and I do wish they would include a way to disable caching, or a cache time-out.

If you use an Apple iPhone or iPad along with iTunes match/iCloud music I would advise giving this trick a go. Turn off iCloud music and watch your free space return. I now do this on a regular basis to free up space & delete the cache. It has really helped me free up space & made my 16GB iPhone much more useable.

If you are having the same issue please do let me know. I would love to hear your own fixes for storage issues on smaller iOS devices. iTunes match & iCloud music library seem very under-optimised in iOS 9 & I do hope they invest some more time & effort into improving this, especially on 16GB devices which I assume they will phase out in future iPhone & iPad models.

 

iCloud Music Library Enabled

Turn Off iCloud Music Library
Turn Off iCloud Music Library
iCloud Music Library toggled off
iCloud Music Library toggled off
Almost 2GB free space on iPhone. Previously it was as low as 200MB free
Almost 2GB free space on iPhone. Previously it was as low as 200MB free
Firefox ends support for OSX 10.7

Can’t update Firefox on OSX 10.7 Mountain Lion – Mozilla ends Firefox support

This evening I was greeted with a message from my trusty firefox installation that OSX 10.7 (Mountain Lion) is no longer supported and as such won’t receive any future updates. This contradicts the message over on the Firefox support site which states that support will continue to August 2016. I, like many people still run an old iMac. This machine is fast (faster than my brother in laws brand new iMac running OSX El Capitan) in real life even though the hardware is in no way a match.

I’ve tried all new versions of OSX on this machine and the last fast version to work is OSX Mountain Lion. I cannot replace a machine due to bloaty software and I in particular hate it when an OS gets bloaty. OS’s should be light & fast and allow each user to customise the system with software based on their needs. I don’t like all the new & faddy features to be baked into the OS. It’s harder to tweak and generally performs badly.

Firefox ends support for OSX 10.7
Firefox ends support for OSX 10.7

Chrome recently ended support for 10.7 so I switched to using Firefox solely on this machine. It would now appear that Mozilla have brought forward ending support for older versions of OSX and in turn ended support for people wanting to run older hardware.

I run older hardware because ethically I can’t justify replacing a perfectly serviceable machine. I don’t like planned or forced obsolescence. It feels like Apple are forcing people’s hands more and more with bloated ios updates and slow software. The hardware is still fine but the software cripples it.

I’m disappointed that Mozilla would also end support, especially as the open source community is made up of a lot of people with lower spec hardware, especially in the developing world. I refuse to update working hardware with software which will make it slow & useless. As an example, I currently have Dreamweaver, Firefox with 12 tabs, Mac Mail, iTunes, Illustrator, Photoshop & trillian running on my machine, with plenty of power to spare.

Current Memory usage on OSX 10.7
Current Memory usage on OSX 10.7
Current CPU usage on OSX 10.7
Current CPU usage on OSX 10.7

If you have hit this snag with Firefox you can opt for the Extended support release to buy some time, or start looking for another browser. Many open source projects are based on Firefox so it might be time to look into those. I use various firefox derivatives on my Trisquel Linux machine so I’ll start to investigate this further.

Firefox Ending support for 10.7 early and extended support release
Firefox Ending support for 10.7 early and extended support release

If anyone from Mozilla reads this, I would love it if you could extend support for older versions of OSX. I’m pretty sure you will get lots of requests for this & many more people will just run out of date & insecure browsers.

Really disappointing.

Apple Macbook repaired & working

Apple Macbook Pro water damage – fixed

If any of you guys follow me on social media you will be aware that a few weeks back we had a disaster in our household. I brought a cup of tea to my wife while she was working in bed, and as I handed it to her I dripped a few drops on her Apple Macbook pro. We quickly dried it off and thought no more of it. It worked all morning & she closed the Macbook when we went out for lunch.

On our return the Macbook refused to startup. On pressing the power button it would make the startup chime, the grey apple screen would appear with the apple logo and then with a click of the hard drive the machine would shut down. This happened every time we tried to boot the laptop. The liquid had done damage. I inspected the Macbook where the drops had landed, mainly around the top right of the keyboard & the power button. I couldn’t see any signs of moisture at all. I suspected a fried logic board but refused to give up on the machine & testing.

I decided to lay it keyboard down on a towel and let it dry out for 12 hours. This did nothing. I then tried sitting the laptop in the sunlight to dry even further. Again nothing. I even pondered a huge bag or rice, but it seemed overkill for a few drops of tea. I thought long & hard how a few drops of liquid could have made it past the keyboard & backlight & down to the logic board. It was almost impossible due to the low amount of drips on the keyboard. At this point I decided that it must be a faulty keyboard or power button. As the laptop would boot a little surely the logic board must be OK.

I then tried booting the laptop holding the command key. It booted without issue, but as soon as I released the key it would shutdown. The shutdown was exactly the same as when you force shutdown the Macbook by holding the power button for 4 seconds. Eureka! It must be a short in the power button circuit. Probably due to the sugar content in the tea or corrosion caused by the moisture.

Macbook with bottom plate removed
Macbook with bottom plate removed
Hard drive removed
Hard drive removed
Power button location
Power button location
Power Button Location
Power Button Location
Power button ribbon sliced & lifted with spudger
Power button ribbon sliced & lifted with spudger

Next I opened up the Macbook, pulling out the radio board, battery, Superdrive and other bits getting in the way. I revealed the power button and noticed that the power button is part of the keyboard assembly and runs on a ribbon to the rest of the keyboard circuitry. As the keyboard was fried I decided to take a knife and slice off the ribbon for the power button. Surely if the short was in the button itself this would isolate it & allow the machine to boot. It didn’t. No big deal, the keyboard was thought to be faulty anyway so next I decided to disconnect the keyboard ribbon cable from the logic board, isolating the keyboard. As soon as I did this & reassembled the Macbook booted & worked perfectly. Due to the fact that I had disconnected the power button I had to start the Macbook up by shorting the power pads on the logic board. I did this with a screwdriver. I then replaced the bottom cover and had a fully working Macbook, without a keyboard & power button.

The power button wasn’t an issue as the Macbook always uses sleep as opposed to a cold shutdown. I plugged in an external keyboard and the Macbook was once again functional. What a result. We had gone from a destroyed Macbook to one with an obviously faulty internal keyboard. I enquired locally with Mac repair specialists who quoted between £200-£300 to replace the keyboard. Ridiculous prices, so I headed over to eBay and ordered a brand new official apple Macbook pro keyboard & brand new backlight for £24 delivered. The keyboard arrived next day and I set to work dismantling the Macbook. It’s a complicated laptop to dismantle, but only because of the sheer number of steps & screws involved. The keyboard assembly alone is held in by about 80 tiny little screws.

Water damaged Macbook Pro ready to tear down
Water damaged Macbook Pro ready to tear down

To disassemble you need to remove the bottom cover, followed by the battery. I then removed the hard drive mount, the superdrive & radio board, followed by the logic board fan, ribbon cables & logic board. There are model specific tear-downs over on ifixit so check those out for your model.

Macbook with logic board removed & keyboard backlight removed, ready to reomve keyboard. Note all of those little screws
Macbook with logic board removed & keyboard backlight removed, ready to reomve keyboard. Note all of those little screws

Removing the old keyboard & fitting the new one is time-consuming & fiddly, but not overly difficult. The hardest & most scary part for me was refitting the ribbon cable for the keyboard. It’s hard to get it seated properly, so I used a bit of sticky tape on the ribbon to create a tab, allowing me to pull the cable home in the bracket without kinking or bending it. Reassembly is the opposite of disassembly. When disassembling I’d advise that you keep components & their screws together so you know which screw belongs to which part. For the logic board screws I laid them out on a piece of card board in the same pattern as they came out of the logic board (see above picture), that way I could quickly see which hole to put them back into.

Once reassembled the MacBook worked perfectly. It had a brand new keyboard & backlight, which was all new & matte finished (the old one had gone shiny). This fix is well worth it if you think you have water damaged your MacBook, at least try disconnecting the keyboard to rule it out. If it boots, you can work with an external keyboard until you get around to replacing it. The Apple Macbook in question is 4 years old but perfectly good & used heavily, so this fix was a lifesaver. What’s more I managed to save a perfectly good bit of tech & a load of money in the process.

 

Apple Macbook repaired & working
Apple Macbook repaired & working