Box Sync High CPU Usage on MacOSX



If you see extremely high CPU usage by box sync on MacOSX (Mountain Lion), one of the reasons could be locked files. For some reason, a large number of files in my box sync folder were marked unchangeable on the filesystem. This would cause box sync to repeatedly try and fail in uploading these files.

To fix this, look for such files and unset this flag:
$ cd /path/to/box/sync/folder
$ find ./ -flags +uchg -print0 | xargs -0 chflags nouchg

Retiring gmailUnlabelled



I wrote gmailUnlabelled around 8 years ago as I was just getting used to labels vs folders and had a bit of an OCD w.r.t. unlabeled emails. Then I rewrote it for a subsequent gmail overhaul. Thousands of people started using it and I now had to maintain it. It was a fun ride. Gmail would push updates to one part of the World and the script would break for some users. I’d get emails almost immediately and would end up having to fix it as soon as gmail pushed the updates to me.

Well its now time to retire the script. Gmail has had native search operators with this functionality (has:nouserlabels or -has:userlabels) for a few months now and they do work very well. So say goodbye to gmailUnlabelled!.

(PS: To search for labelled messages use has:userlabels).

Don’t Trust That Two-factor Authentication



A hacker cracker broke into your favorite provider, stole a bunch of passwords. Being run by extremely smart and security conscious people, the provider quickly implemented two-factor authentication (2FA) and announced to the World that they could fire up Google Authenticator and get their security fix. Since you followed their blog, you did that immediately and felt ever so secure!

Sounds familiar?

Well not so fast! The way the most common 2FA (TOTP) works is by having the authentication server and the application on the user’s device share a common secret (“key”) during the initial setup. When authenticating a user, they both come up with a seemingly random magic number derived from the shared key and the current time (for this discussion, lets assume they both have coordinated time). If the magic numbers match, then the user is authenticated since different users are assigned different keys.

While 2FA protects you if someone obtains your password or your 2FA device, it does not protect you if your credentials are stolen from the provider. Unfortunately that is the most attack scenarios these days. The attacker may well steal the shared key too. It really depends on the provider and how they keep the keys safe, but there are no guarantees.

So remember, 2FA doesn’t mean automatic safety. Though it provides improved security, there is no reason to get lax. You still need to keep your passwords strong. If your provider is hacked again, change your passwords again!

RTFM Hall of Shame



I’m a pain to deal with over email. In most cases its purely intentional and that is usually due to someone trying to take an easy shortcut. This post is really an example of how not to seek help, instead of asking the right questions.

A few days ago, I got this email

From: Mr. XYZ <foo@bar.com>
Subject: auto bcc on gmail
Hi

how can i change the email address i entered ?

thanks…xyz

As per the very reasonable disclaimer in this page, I proceeded to ignore it. Which then elicited this gem:

From: Mr. XYZ <foo@bar.com>
Subject: Re: auto bcc on gmail
1st follow up

On Mon, Jun 18, 2012 at 11:55 AM, XYZ <foo@bar.com> wrote:

Then this masterpiece. Note the CAPITALIZATION:

From: Mr. XYZ <foo@bar.com>
Subject: Re: auto bcc on gmail
2ND FOLLOW UP

On Tue, Jun 19, 2012 at 9:28 AM, XYZ <foo@bar.com> wrote:

One can’t ignore an email written in all caps right? So I wrote:

From: Jaidev Sridhar <mail.jaidev@info>
Subject: Re: auto bcc on gmail
Read my web-page. I have absolutely no info from you to help me answer your question.

-Jaidev

Which apparently had the effect of turning XYZ’s verbose mode ON. Note the absence of any relevant information in the email. Its also clear that XYZ still hasn’t read what’s on the project page:

From: Mr. XYZ <foo@bar.com>
Subject: Re: auto bcc on gmail
Dear Jaidev

Thank you for your response
sorry if i was not clear

I did download & install your application AUTO BCC for gmail & it’s actually work
but the problem is when I type the email address for BCC, I mispelled it
so now every time i sent an email i have to correct the email address

my question is how can i change & correct the email address I mistyped?

your help will be highly appreciated

thank you & God Bless…xyz

Now, I had to turn on my verbose mode. How could I not respond with this:

From: Jaidev Sridhar <mail.jaidev@info>
Subject: Re: auto bcc on gmail
Thank you for failing to give relevant information again. I don’t even know what browser you are on. Anyway, it’s all here: http://jaidev.info/home/hacks/gmailAutoBcc

-Jaidev

Please don’t excuse any typos

Now we are getting somewhere (are we?):

From: Mr. XYZ <foo@bar.com>
Subject: Re: auto bcc on gmail
Sorry, i am using mozilla firefox

i went to the page but i can not find anything about changing or editing email address

will appreciate your help

thanks..xyz

Only some minor encouragement needed now:

From: Jaidev Sridhar <mail.jaidev@info>
Subject: Re: auto bcc on gmail
What does it say on the advanced usage page?

Finally:

From: Mr. XYZ <foo@bar.com>
Subject: Re: auto bcc on gmail
Ok thank you
i need to read & study how it work
rgds xyz

It wasn’t easy to do or justify it, but I think I just made the World a better place today.

Tablet War Playbook



Dear Apple, Google & Microsoft,

Here-in I reveal the secret to tablet monopoly circa 2012 (this may seem vaguely familiar to one of you). You guys have cash equivalents of approximately $110B, $50B and $70B respectively. There are ~200 killer apps available on tablets today. Buy each of these developers / companies for an average price of $100M before your competitors get a whiff.

For this unsolicited advice, I will bill you a modest fee of $1B if and when you do deploy this strategy. You’re all welcome.

Post to Pocket (Read It Later) from NetNewsWire



My daily feed reading work flow goes something like this:

  • Grok through a bunch of RSS feeds (on NewsRack or Perfect RSS Reader on the ipad or Google Reader on my Samsung Captivate) and add any interesting articles to Pocket (Read It Later).
  • Sync Pocket, and read articles immediately or later and delete them from Pocket.

The advantage of this is that I’m no longer left with a million open tabs on browsers on several devices and the pressure to read and close them. I know that the articles are on Pocket when I get time to get to them and my browser is freed! Once synced, the articles are available in the Pocket app on my ipad and I can read them offline. I can also add any other articles to Pocket through browser bookmarklets, email, etc. The Pocket interface is kickass on every device I’ve tried (and it is seems to have the most consistent interface and cross-platform support among its peers) and allows me to bookmark or share articles which completes the whole process of reading stuff on the Interwebz.

However, I also use NetNewsWire on my Macbook Pros. Its a great feed reader, but its missing quite a few “new world” features. For some reason it supports Instapaper but doesn’t support Pocket or any other service. From what I’ve seen, it ain’t coming anytime soon.

So to complete my work flow, I wrote an AppleScript to add articles to Pocket from NetNewsWire. More details here. Comments welcome!

Recent gmailAutoBcc Breakage



If gmailAutoBcc stopped working for you sometime last week, its due to an upgrade to a broken version of greasemonkey (0.9.19).

The greasemonkey developers have released a newer version, but it is still under review by Mozilla. You may want to upgrade to that (0.9.20) or downgrade to the previous version (0.9.18) to get gmailAutoBcc working again.

DMCA, the New Job Creator!



We all know DMCA, the protector of modern creativity, right? Apparently its a big job creator too.

It does seem like someone actually watched a boring, 90 minute video of half a (mediocre) straight pool match on YouTube, found that a song playing in the background (thanks to a jukebox in the pool hall) was copyrighted and had YouTube take the video down.< (IANAL, but AFAIK background music from a jukebox is fair use.


Thank you DMCA!

The big bad record companies must have automated this or there must be several thousand jobs out there which pay you to watch long, grainy videos on YouTube! Either way, it must be financially justifiable for the labels to go after these kind of content. There must be a lot of people watching boring, 90 minute videos in the hope that they may catch a low quality version of their favorite song for free!

Update: Turns out that this is indeed automated.

Yahoo! Group’s B0rk3d Email



This broken email setup at Y! groups is messing up my email delivery and logs for the past few days. This issue affects email delivery to any yahoo group member with an email account on a server configured to perform sender verify callouts. Looks like somebody went on her Christmas vacation too soon (and for too long).

[11:21:01 root@~]# host -t mx returns.groups.yahoo.com
returns.groups.yahoo.com mail is handled by 10 rmx1.grp.vip.sp2.yahoo.com.
[11:21:11 root@~]# host rmx1.grp.vip.sp2.yahoo.com.
rmx1.grp.vip.sp2.yahoo.com has address 98.137.34.56
rmx1.grp.vip.sp2.yahoo.com mail is handled by 0 .
[11:21:24 root@~]# telnet rmx1.grp.vip.sp2.yahoo.com 25
Trying 98.137.34.56...
telnet: Unable to connect to remote host: Connection refused
[11:21:35 root@~]#

Update: After a break of two full weeks, this has been rectified. I guess the vacation is over.

[20:56:37 root@~]# telnet rmx1.grp.vip.sp2.yahoo.com 25
Trying 98.137.34.56...
Connected to rmx1.grp.vip.sp2.yahoo.com.
Escape character is '^]'.
220 returns.groups.yahoo.com ESMTP
quit
221 returns.groups.yahoo.com
Connection closed by foreign host.
[20:56:40 root@~]#

Nokia e71 Crashes / Reboots with AT&T 3G



I use a Nokia E71 U.S. version that I got unlocked off amazon a couple of years ago. Its a great phone, but being in the smartphone business for eternity, one would expect Nokia to have figured out the importance of frequent software updates. Whats worse, while the rest of the World gets some updates when Nokia feels generous, the U.S. version seems to have been abandoned (a search for 0569371 shows the mess).

Recently, I hit a serious issue with the phone. My phone now crashes and reboots continuously when I’m at home. Well, it eventually shuts off. The interesting bit is that I see this issue only at home. Turning 3G off does solve the problem. But where’s the fun in that? It turns out that AT&T is upgrading its network and is deploying a third WCDMA channel in certain markets. The e71 and other symbian s60 3G phones have a software bug that makes them reboot continuously in such areas.

Thats still okay, it seems to be a rarely used configuration and Nokia should probably be able to fix it soon enough right? Not so soon! I’ve found instances of people from other regions complaining about this issue since August 2009 and Nokia still does not have a software update with the fix. Here comes the kicker, the last available update for the U.S. e71 version is 200.21.118 (built 27th November 2008). Some versions seem to blessed with a more recent firmware upate though.

I do not think Nokia gets it! The days of releasing a new phone every couple of weeks is gone. Its all in the software now. A great phone like the e71 would have been far more successful with a company who understood the new realities.

PS: AT&T apparently stopped selling the e71x and other s60 in some regions.

Update – 5th May 2010

Nokia finally responded to all the 0569371 complaints and released firmware version 410.21.010 for this e71 product code yesterday. This update seems to have fixed the issue with the 3rd WCDMA channel.