Two-factor authentication on a really old MacBook
#379 Henry, Thursday, 13 February 2020 11:40 AM (Category: Apple)
(Tags: appleid 2fa macbook)

I use two-factor authentication with my Apple ID. This week, all my devices have been forced to enter the Apple ID password again. Not sure why. I did log in and check if there was anything suspicious with my Apple ID but there was not.

I have a 2006 MacBook Pro, a big metal thing. I use this for specific purposes. I hadn't booted it for a few weeks, so I fired it up. It asked for the Apple ID password like all my other devices, but this time I got the message on my phone asking if I would allow it, and yes I did. Then I got the six digit code on my phone. But my MacBook is so old it doesn't have the mechanisms to ask for the code, it just keeps asking for the Apple ID password. I have had this happen before, but I couldn't remember at first what I did.

After a little experimenting, I remembered what to do.

In the password box, I typed the Apple ID password followed immediately by the six digit code, no spaces. Then I pressed Enter and the password and code were checked and it was all good. So I must remember that for the future.

No comments
Editing PDF files on Linux
#380 Henry, Wednesday, 29 January 2020 11:48 AM (Category: Linux)
(Tags: pdf linux qpdf slackware)

Two years ago I bought a Mac software called PDF Expert. It lets me do a lot of things with a PDF file, but on my Macs. My primary desktop is still my Linux Slackware desktop. That's where I do all my work, and email, and browsing. The Macs for me are extra tools that let me do the few things that Linux can't handle.

I get my water bill mailed to me each month. It's encrypted with a sort-of easy password, and it contains 2 pages of guff, 2 pages of the bill, and then two more pages of how-to-pay forms.

I use PDF Expert to decrypt the file and then remove the junk pages. But the workflow is clumsy. It arrives in my mail on my Linux desktop, I shove it into Dropbox, edit it with Expert PDF on the Mac Mini, and pull it back off Dropbox and file it on my Linux desktop. Awkward.

Today I was hopefully looking at the Slackware change log to see if a new release might be coming. It's been three years, maybe longer. Next time I am really tempted to stick with current, rather than stable. But I noticed one package that had been updated in current. qpd. Never seen that before, so I checked and I do have it on my current box, and then checked to see what it was.

Well, holy hell. It's a command line tool for manipulating PDFs. It takes an input PDF, changes it, and produces an output file. I can use it to decrypt a PDF and remove the encryption, ignore the first two pages, copy the next two, and ignore the remaining pages.

Like this:

$ qpdf water_2018_12.pdf --decrypt --password=axolotl --pages water_2018_12.pdf 3-4 -- water_2018_12_fixed.pdf

No need to transfer it to the Mac anymore, just do it in one pass on my Linux desktop. Except, I have to write down the command to remember it, except I think I will create a shell script called and put it in that.

I still use PDF Expert after scanning to rotate pages. The scanner has auto-rotate and will adjust pages itself, but this proved really clumsy when doing magazines because pages just went haywire. I turned it off. I should turn it on when doing documents and turn it off again when doing magazines.

But I scan on a Mac, edit the PDFs on the Mac, then transfer them into Dropbox (now), so the workflow is fine.

But anyway, I have another tool in my arsenal now, to make quick adjustments to documents under Linux. Nice.

No comments
My PDF Workflow
#378 Henry, Friday, 22 February 2019 11:25 AM (Category: Linux)
(Tags: pdf scanning dropbox owncloud nextcloud readdle)

I have a workflow with all the paper that comes into my house - I scan it, I file it, I shred it (mostly). I end up with PDFs.

Might seem easy, but there are a lot of steps in the puzzle, a lot of tools, a lot of gadgets.

A few years ago, I read a book called The Ultimate iPad: Your Digital Life At Your Fingertips by James Floyd Kelly. This book got me started.


The book recommended a little scanner called the Doxie Go. The link takes you to the Doxie Go SE, as the Doxie Go that I have is not the latest product. Mine cost about $140. It's basically a small portable scanner, runs on rechargeable batteries, scans pages one by one, stores a lot of scans in internal memory, and you can extract those scans in multiple ways. You can use the Doxie software on the iPad or the Mac. With the Doxie software on the iPad, you can pull all the scans via wifi, or with the Mac you can pull them by USB or by wifi. Once you get them on the device, you can correct them, rotate them, staple them together, turn them into PDFs and save them. I save them to Dropbox.

Alternatively, I can mount the Doxie on my Linux box and extract the PDFs directly.

This worked really well for a while. I did it exclusively on the iPad for a while, but eventually ran into problems. The iPad software got updated a few times, and then it started glitching. It would save the original unrotated images into the PDFs, or not save, or other small things. I reported the issues to Doxie at first, and they would be corrected, but it seemed after a while that the iPad software got flakey. I switched to using the Doxie software on the Mac. This was easier, did not get updated as often (what a relief) and worked much better. In addition, I found that the PDFs created with their Mac software were much smaller than that created by the iPad software. So now I use the Mac software only.

There were some other issues. I never got the hang of feeding the pages perfectly straight every single time. Often, they were tilted slightly. And it was page by single page. It got to be a bit of a chore, and I would put off scanning for weeks at a time.

Then I saw a review of a scanner on Cool Tools - the Fujitsu ScanSnap iX500. Turns out this is the second scanner recommended in the Ultimate iPad book. But it costs $419. And there's a newer model - the Fujitsu ScanSnap iX1500. I read a lot of the reviews for the iX1500 and most were people lamenting that they upgraded to the newer model and saying they should have stuck with the older model. I read enough, so I bought the older model from Amazon. The old and the new model were both available for exactly the same price - $419. I bought it, and this tiny little box arrived. I was shocked how small it was.

I installed it and got it working and it's a wonderful neat little scanner. You can put a packet of paper in the hopper, hit the button, and the whole lot will be scanned, both sides scanned simultaneously, blank pages automatically omitted, pages automatically rotated if needed, all merged into a single PDF and saved to Dropbox with one or two clicks. It is amazing. The first time I scanned a batch of pages in and watched the action, I said "Multiple cursewords, look at that". I was shocked, it was such a fast, accurate, beautiful little scanner. It works so well. I totally love it. I got through 18 inches of my immigration documents in about 15 minutes. That's scanning, saving to Dropbox, and filing them. As a comparison, I could do a five page document with the Doxie, scanned, retrieved, combined, saved to Dropbox and then filed in about 4 minutes. Doing the same with the Fujitsu took about 7 seconds. It's a great little scanner. But it's not portable, and does not run off batteries.

I continue to use both scanners. The Doxie is great for flimsy receipts, scans of delicate items, and weird stuff. The Fujitsu is great for regular pages of documents and bills.

Very occasionally, I use Anne's flatbed scanner which is part of her all-in-one printer. Books, passports, things that won't go through a page scanner. So I'm using three scanners.

Transferring PDFs

Both the Doxie and the Fujitsu let me save to Dropbox. I have a free Dropbox account with about 4 gig of storage. I don't permanently store data there. I use Dropbox like a portal. I put data in at one end, and pull it out at the other. It's perfect for transferring data between systems. I put data in on my iPad, and pull it out on my Linux desktop. I put files in on my Linux desktop and pull them out on my Macs, my iPad, my iPhone, other Linux desktops. It's the most awesome tool.

Except Dropbox has been getting restrictive. I understand, they have to make money, and I'm on the free plan. I also feel a bit twitchy about storing financial documents there. So I created my own OwnCloud server, and started using that. It works like Dropbox, except I control the data repository on my own servers. There are iOS apps, Mac programs, and Linux programs for ownCloud. I use it now. I scan directly to the local ownCloud directory, and the ownCloud software distrubutes it to my devices.

So generally, I will scan documents and create PDFs on my iPad or Mac, push them into ownCloud, and pull them out on my Linux desktop.

But the original creator of ownCloud has abandoned it, and started a newer one called NextCloud. I should be looking at that too, except it requires a newer version of PHP to run, and I must wait till the next version of Slackware comes out with that version of PHP. When it does, I will surely investigate NextCloud.

Saving the data

My primary workspace is my Linux desktop. Command line work, storing and filing data in a file hierarchy. Old school. But the data is readily available, everything is consistently named so it's sorted, it's easy to use the regular Unix tools like ls, find and grep.

Once the data is transferred to my Linux desktop, it gets stored on the local hard disk. Occasionally I do some editing or manipulation, but mostly the PDFs are already complete and just need filing.

Each night, my local data is automatically backed up to my NAS. The data on my NAS is automatically backed up to an external hard drive. Once a week, the data on my NAS is backed up to a portable external hard drive, which is stored offsite. And there are a few other backups that occur as well. At any given time, I have it on my desktop, on my Nas, on about four external hard drives in various places. I have a phobia about losing data.

And I don't shred the original documents until it's filed and backed up. Then I shred. That's in case I have to go back to the original source and do it all over again.

Editing PDFs

Sometimes I need to edit the PDFs. This is where things get tricky. Some things I can do on my Linux desktop, some things are better done with a GUI tool on the Mac.

Joining PDFs

Often I end up with an invoice that I scanned with the Fujitsu scanner because it's so fast and easy, and a credit card receipt that I scanned with the Doxie because the Doxie scans these little things so much easier, and I don't want two PDFs, I want one that contains both the invoice and the receipt. Say for example, I have 20190121_rutledge_henry_invoice.pdf and 20190121_rutledge_henry_receipt.pdf. There are two Linux tools I can use to combine these into one PDF - pdfconcat and pdfunite.

pdfconcat works nicely, gives you lots of data about the process.

$ pdfconcat -o 20190121_rutledge_henry.pdf 20190221_rutledge_henry_invoice.pdf 20190221_rutledge_henry_receipt.pdf
Input PDF (20190221_rutledge_henry_invoice.pdf): filesize=598630, xrefc=16, xreftc=1, catalogofs=597881, #pages=1, is_binary=1
Input PDF (20190221_rutledge_henry_receipt.pdf): filesize=119191, xrefc=16, xreftc=1, catalogofs=118460, #pages=1, is_binary=1
Output PDF (20190121_rutledge_henry.pdf): filesize=717549, xrefc=32, subfiles=2, #pages=2, is_binary=1

The end result is usually smaller than the individual PDFs. It's a very tight, clean program.

pdfunite is almost the same, but has no output if things work well.

$ pdfunite 20190221_rutledge_henry_invoice.pdf 20190221_rutledge_henry_receipt.pdf 20190221_rutledge_henry.pdf

Both work about the same, both are fast and smooth and tight, and I use them interchangeably.

Removing passwords

Occasionally I get financial documents that are password protected. I generally remove the password before filing them. To do this, I use an iPad app from Readdle called PDF Expert. It cost me $9.99 for the basic PDF viewer, and then another $9.99 in-app purchase to get the ability to edit the PDF. This tool will let me view the PDF after entering the password, and then let me change the password or delete the password. It works, it's neat, it was worth it.

I also bought Readdle's PDF Expert For Mac. The price tag was high, $79. I bought it at that price. The new version 7 was released mid-2019, and it is a subscription model, with free download for basic functions and annual subscription fees for the specialist functions. I am hoping my current abilities have been grandfathered in.

I have been using the Mac version of this program a lot. I scan my documents into my ownCloud directory on my Mac, then edit them immediately with PDF Expert. I remove empty pages, rotate some pages, and remove passwords. I didn't expect to use it so much, but I find I use it a lot. It's a good program and does a good job.

Extracting images

Occasionally I have a PDF that I have scanned and I want to get some of the images out of it so I can do things with them. I might have scanned a whole Christmas card/letter combo which included some photos, and I want to store the photos elsewhere. I use the command line tool pdfimages to extract the scanned images.

$ pdfimages 20190121_rutledge_henry.pdf image
$ ls

This will extract images in the original format. In this example, the scanner created ppm files and they were extracted as is. I can specify the first and last PDF page to extract images from with -f and -l. I can convert the ppm files to another format like jpg with the ImageMagick tools like "convert".

Splitting a PDF up

Sometimes I make mistakes and end up with a PDF that is missing a page, or has blank pages that need to be removed, or a page upside-down, or any other sort of problem. I now use Readdle's PDF Expert on Mac to edit these. It's easier to do it with the GUI. But sometimes I want to do the editing under Linux. I don't do it often, so I forget the commands, so I have included them here for the sake of my memory.

The first step is to break the PDF into individual pages. I use pdfseparate for this.

$ pdfseparate 20190221_rutledge_henry.pdf rhpage_%d.pdf
$ ls

Now I can put them back together using pdfconcat or pdfunite, but with extras. If I have scanned an extra page that needs to be included, I can do it like this:

$ pdfconcat -o new.pdf rhpage_1.pdf extrapage.pdf rhpage_2.pdf

and I will end up with a three page PDF with the extra page in the middle.

Or I could replace page 2 with the extra page like this:

$ pdfconcat -o new.pdf rhpage_1.pdf extrapage.pdf

If a page is upside down and needs to be fixed, there are a number of ways I can modify it. The simplest way is to split the PDF into individual PDF pages, convert the offending page to an image, edit the image, convert the edited image back to PDF, then create a single PDF from the individual PDFs. For example:

$ pdfseparate 20190221_rutledge_henry.pdf rhpage_%d.pdf
$ pdfimages rhpage_2.pdf page2image
$ mogrify -rotate 180 page2image-000.ppm
$ convert page2image-000.ppm newpage2.pdf
$ pdfconcat -o merged.pdf page1.pdf newpage2.pdf

There are lots of ways of doing this on the command line. This is detailed finicky work, doing it on the command line. That's why I started using Readdle's PDF Expert, just to get the job done quickly.

Constructing a PDF

I don't often do this with documents. Sometimes I want to create a PDF from scratch, like a poster or a game sheet or a timesheet. I use a Python library called ReportLab, and write Python that generates the PDF. I've done this a few times and it's very satisfying. The PDFs are tiny in size, but crisp and very nice. Even though I am writing code to generate the PDF, it takes far less time to write my own than creating a form in LibreOffice and generating a PDF from that.

Viewing PDFs

On my Linux desktop, I used to use the Adobe acroread tool to view and print PDFs. But I recently moved all my desktops and servers to 64 bit Slackware, and acroread no longer works. I had to find alternatives.

xpdf is old and venerable, but it stays up to date and it works with almost all PDFs.

gv is part of the GNU suite, It works with a lot of PDFs, has a beautiful old-world feel to it. I don't like the navigation though.

okular is a modern part of KDE, and it is quite nice. It handles a lot more file types than just PDF. It doesn't display some of my bank's PDFs though.

mupdf is a very choppped down PDF viewer, very fast, no menu bars, just the PDFs and no frills like menus, and it uses Vi style keystrokes for navigation. It's fast and I like it. It also handles epubs, so when I want rapid navigation with Vi-style, I use mupdf for epub too. I use it on the command line a lot, and it throws off a lot of errors and warnings, so I've wrapped it in a script that sends all that stuff to /dev/null. As a bonus, it will also view epubs.

In the end, I use mupdf for quick and dirty viewing of PDFs, and Okular for printing PDFs. So mupdf is in my Midnight Commander mc.ext extension handler, and in my .mailcap file, and I will manually start Okular on the command line. I'm always on the command line anyway, so it's no big deal.


Once, I used to keep all documents after I scanned them. No more. I keep some that I need to keep, like tax and immigration documents. But everything else gets shredded once scanned and saved.

We are on our fourth shredder. I have burnt out three previous shredders. We used to get good shredders from local stores like OfficeMax, but after the last one, we just gave in and ordered an Amazon Basics Shredder for about $85 and it's been excellent. It does a serious cross-cut shred on everything.

No comments
More on mutt, but this time with gpg
#377 Henry, Sunday, 17 February 2019 7:55 PM (Category: Linux)
(Tags: mutt gpg email encryption)

On my Linux desktop, I use mutt for email. I have a friend who also uses mutt. He used to run mutt on a Linux desktop, but he has since migrated to using mutt on a Mac. You can do that using MacPorts or Homebrew or similar add-ons that give a better Unix experience on a Mac.

Back in 2003, we set up encrypted email between ourselves. This was a bit of an adventure, but we did it. We continue to use encrypted email. We don't have to, we don't have any massive secrets, we did it because we could, and we keep doing it to keep our knowledge fresh. We use gpg for the encryption.

My friend wants to expand the encryption. We are using older keys. Mine is 2003 vintage, my friend's key is 2006 vintage. Mine is only 1024 bits long. It's old, it's near worthless. Also, my friend wants to access his mail in two ways now. He wants to keep reading it in mutt when he's home, but he wants to read the mail when he's on the road, using his iPad. He can use Canary Mail on the iPad, but it doesn't support our old keys. Canary Mail supports OpenPGP. So does gpg, and therefore mutt can too, but we have to change our keys. We did that today, and I updated my notes, and wanted to add my notes here so we have access to them next time we have to fiddle with the keys.

(These notes assume that you already have mutt configured to use gpg. This can be a bit of a struggle, but mutt provides good instructions and a sample config file. I'm not going to go into detail about this here.)

First thing I did was look at what keys I had.

$ gpg --list-keys
pub   1024D/91D9A11F 2003-12-03
uid                  Henry Brown (Change 3) <>
sub   1024g/233C1CA4B 2003-12-03

pub   1024D/CCFF1021 2006-02-21
uid                  My Friend <>
sub   2048g/1614AAFF 2006-02-21

Look at that. My key was created back in 2003. My friend updated his key in 2006. Here we are in 2019 and we're using such ancient keys, and such small ones. Tsk.

What we did was add two new keys, one mine, one his.

I created my new key using these steps:

Creating a new key for myself

Examine my new key

$ gpg --list-keys
pub   1024D/91D9A11F 2003-12-03
uid                  Henry Brown (Change 3) <>
sub   1024g/233C1CA4B 2003-12-03

pub   1024D/CCFF1021 2006-02-21
uid                  My Friend <>
sub   2048g/1614AAFF 2006-02-21

pub   4096R/57BC136C 2019-02-16
uid                  Henry Brown (OpenPGP compatible) <>
sub   4096R/81CAF066 2019-02-16

So there's my new key. I have the comment in brackets beside my name which will help distinguish between the old key and the new key. I note the key ID so I can specifically refer to that key. The key id is the second number on the first line, the one after the slash. In this case, 57BC136C.

Make the new key the default

Edit the file ~/.gnupg/gpg.conf and change the default to the email address, and you may as well change the encrypt-to to the same address.


Send the public key to my friend

I now have both my public and private keys, but that's not much use. I have to pass my public key to my friend, and I have to get his public key. There are a number of ways to do this. The easy way is to use mutt and send an email. An encrypted email. You want to send the new key inside an email encrypted with the old key. Right now, we are still emailing with the old keys, so we can do this.

Accept my friend's new public key

While I've been creating my new key, my friend has been creating his new key using the same instructions. He emails me his public key in an email encrypted with our old keys.

If I look at my list of keys now, I see this:

$ gpg --list-keys
pub   1024D/91D9A11F 2003-12-03
uid                  Henry Brown (Change 3) <>
sub   1024g/233C1CA4B 2003-12-03

pub   1024D/CCFF1021 2006-02-21
uid                  My Friend <>
sub   2048g/1614AAFF 2006-02-21

pub   4096R/57BC136C 2019-02-16
uid                  Henry Brown (OpenPGP compatible) <>
sub   4096R/81CAF066 2019-02-16

pub   4096R/15BC809F 2019-02-16
uid                  My Friend (OpenPGP) <>
sub   4096R/FFCCAA13 2019-02-16

So now we have our two old keys, and we have our new keys stored. But his new key isn't quite ready for action yet. I have to sign it and trust it.

Sign his new key

Get his key id, we're going to need it for this. His key id is the second number on the first line, in this case 15BC809F.

Trust his new key

And now his key is ready for action.

Switch to the new keys

Right now, we are both still using our old keys. Now we co-ordinate. I have imported his public key and signed it and trusted it. He has imported my public key and signed it and trusted it. So we send one final email to each other using our old keys, telling us to switch to the new.

All my gpg stuff for mutt is stored in a config file called ~/.mutt.gpg. Your mutt configuration might well be different. At the end of .muttrc, I have these lines:

# Add in GPG configuration
source ~/.mutt.gpg

and at the end of .mutt.gpg, I have this line:

set pgp_sign_as=0x91D9A11F

This tells mutt to sign and encrypt messages with the key identified by the key id of 91D9A11F. If you look at my list of keys, you can see that this is my old original public key.

So I change this to the key id of my new public key.

set pgp_sign_as=0x15BC809F

So now, mutt will start using my new key.

Just FYI, I have two lines in .mutt.gpg that determine who gets encrypted email and who doesn't.

send-hook . "set nopgp_autoencrypt nopgp_autosign"
send-hook "~t" "set pgp_autoencrypt pgp_autosign"

The first line sets the default and no encrypting and signing happens for everyone. The second line makes an exception for my friend, and emails to his email address are encrypted and signed.

Exchange emails encrypted with the new key

Now that I have switched to my new public key, I can send him an email or wait for him to email me. We both did this.

I used mutt and created an email for him. It recognised that his email address needs signing and encrypting, per the config up above. It gets my new public key, because it knows which one is the default now. It has to combine my public key with his public key, but oh look, his email address is associated with two public keys. Mutt shows a list of both keys and lets me choose which one to use. This is where the comment becomes useful, as one has a comment of OpenPGP and the other has no comment. See the list of keys up above. I select the new key, press Enter, and then mutt wants to know if I am really authorised to use these keys by asking for my passphrase. I type the passphrase, and press Enter, and then the email is encrypted using my new public key and his new public key, and mutt emails that encrypted email to him.

In the meantime, an email from my friend has arrived and it is encrypted with the his new public key and my new public key. I start mutt again, select his email and press Enter. Mutt knows it is encrypted, and it knows how to decrypt it, but first it wants to know if I am authorised to do this, so it asks for my passphrase. I type that and press Enter, mutt decrypts the message and displays it.

And we are done.

Cleaning up

So now we have two keys each, and we are using only the latest one. If I have any old encrypted messages, I need to keep the old key around to be able to decrypt those old emails. But if I have saved all the messages in unencrypted form and never expect to get another one with the old key, I could delete my old key, and probably my friend's old key. I would do this:

gpg --delete-key keyid
No comments
Improving mutt's handling of HTML
#376 Henry, Tuesday, 15 January 2019 12:11 PM (Category: Linux)
(Tags: mutt html)

After yesterday's success with getting mutt to show calendar invites, I looked at how I view HTMl emails. Apart from them being an abomination, and a huge security risk, sometimes I have to see them.

I used to have a .mailcap entry of:

text/html; links %s; nametemplate=%s.html

And that works okay, but I have to v to view the contents of the email, then manually select the text/html part, then m to view it with the mailcap entry. I did some reading to see if there was a way to improve this.

There was.

First I installed w3m, a small HTML to text converter. I installed it using sbopkg under Slackware.

Then I changed the .mailcap line for text/html to this:

text/html; w3m -I %{charset} -T text/html; copiousoutput

and finally, I added this line to .muttrc:

auto_view text/html

Now, when I view an email that contains a text/html section, mutt will show the HTML portion as parsed through w3m. There's rudimentary formatting, and most of the HTML will be displayed in a good-enough fashion. It works automatically, and it's better than before, so that's good.

No comments