Summarize of Apple Watch unlocking Mac

The macOS Sierra was released on 9/20 this year. One of the most interesting feature, I think, is Apple Watch unlocking Mac. I tried the feature on 9/21, Chinese time. I'm summarizing it as below.

• Apple devices unlock model:
• Unlocked iPhone unlocks Apple Watch.
• Unlocked Apple Watch unlocks MacBook.

• Enable the unlocking feature in MacBook.
• Connect to Internet
• Setup Two-Factor Authentication via iCloud account (Apple ID).
• Specify the unlocked password for the MacBook that is different from iCloud account password.

• The unlock conditions:
• Apple Watch is unlocked.
• Direct Wi-Fi (It is not necessary to connect to Internet or to Wi-Fi station)and Bluetooth must be enabled. 
• Apple Watch is near to MacBook.
• Press any key on MacBook or open the cover to unlock it. 

-Count

Connect MacBook to Ubuntu in Gen8 via AFP

The steps, referred to the page, of connecting MacBook to Ubuntu in Gen8 via AFP are as below.

1. Install AFP Server in Ubuntu
>sudo apt-get install netatalk
>sudo apt-get install avahi-daemon

2. Specify the config of Avahi
>sudo gedit /etc/avahi/services/afpd.service

<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>

<name replace-wildcards="yes">%h</name>

<service>
<type>_afpovertcp._tcp</type>
<port>548</port>
</service>

<service>
<type>_device-info._tcp</type><port>0</port>
<txt-record>model=Xserve</txt-record>
</service>

</service-group>

3. Specify the shared directories.
>sudo gedit /etc/netatalk/AppleVolumes.default

/home/your_home "your_home"
/media/your_hdd "your_hdd"

4. Restart the service

sudo service netatalk restart
sudo service avahi-daemon restart

5. Open MacOS Finder to connect the AFP server.

Input the IP address of the server. For example,

afp://192.168.11.10

Then the shared directories will display. For example.

your_home
your_hdd 

-Count

Use MacBook to Install Ubuntu in Gen8 via iLO

I don't have a monitor, a keyboard, and an ODD attached to my Gen8. I only have a SDD. How do I install Ubuntu in it? Fortunately I have MacBook to help it.

1. Connect network cables in Gen8.

Connect a network cable to the iLO connector and another one to the NIC 2 connector in the Gen8. (It is possible to use only one network cable to connect NIC 1 that is shared with iLO.)

2. Put SDD in the Gen8.

I use SDD to be a bootable disk. Because the hard drive tray is not suitable for my 2.5" SDD, I pull out the tray and connect SDD to the SATA port in the room. (The alternative way is connect SDD to the external USB port.)

3. Turn on the Gen8.

4. Check the IP address of the iLO in Gen8.

I open my router's web page to list all IP addresses of connected devices. I find one device is connected by a wire. I suppose it is for iLO.

5. Use Mozilla browser to connect the IP address and download Java plug-in.

Because Safari and Chrome browsers cannot verify the certificate of the iLO, some features are not workable. Therefore I download Mozilla browser to avoid the problem. The Remote Console of iLO must be run by Java in Mac OS. There is not Java in Mozilla in default. I need to download Java from Oracle web site.

6. Get a free license of iLO.

Because HP was separated into two companies, HP and HPE. It is difficult for me to find the free license of iLO. I need it to use Remote Console of iLO.

7. Activate Intelligent Provisioning.

Run Remote Console to display the Java applet.

It displays that the OOD doesn't exist.

Select "Activate" in the step.

8. Create a virtual ODD with a Ubuntu's installation image.

Run iLO Remote Console and click Virtual Drivers to create a virtual ODD from a image of Ubuntu. My image file name is ubuntu-14.04.3-desktop-amd64.iso, that is Ubuntu desktop for 64-bit. I select desktop rather than server because it has GUI in default.

9. Click Power Switch to restart Gen8 to install Ubuntu.


10. Run Ubuntu in iLO Remote Console.

What happens when changing iPhone's passcode?

The iOS's passcode is one of the factors to encrypt files. We expected that it spends much time when we change our passcode because files need to be decrypted by old passcode and encrypted a new one. However changing passcode is prompt. Why?

The below picture comes from the document, iOS Security which I refer to answer the question even though the document doesn't have a direct answer.

The iOS uses the hierarchy keys to encrypt files. Class Key, that is used to encrypt and decrypt File Metadata, is encrypted by Hardware Key and Passcode Key. Hardware Key and File System Key are unique and constant. File Contents is encrypted and decrypted by a unique File Key that is in File Metadata that is encrypted and decrypted by File System Key and Class Key. Only Passcode Key can be changed by a user via the below steps.

1. iOS uses Hardware Key and Passcode Key to decrypt the encrypted Class Key.
2. The Passcode is update to new one.
3. iOS uses Hardware Key and new one to encrypt the Class Key.

Because Class Key and File System Key are constant, changing of Passcode doesn't impact the encrypted file contents. This is the answer.

-Count 

Why iPhone's passcode cannot be replaced with Touch ID

We are requested for inputing passcode rather than Touch ID when we restarting iPhone. Why? After I read iOS Security, I think I found one of the reasons.

The passcode in system memory (why?), which is disappear after we turn off iPhone, is charge of encrypting/decrypting files. However Touch ID cannot do the same thing. Why?

I explain the reason as follows.

1. For security concern, the plaintext passcode cannot be stored in flash storage because it is easily leaked.
2. The plaintext passcode in system memory disappears after turning off iPhone. Therefore there is no risk of leaking. Apps cannot read it at run-time because the memory's are is not readable and is encrypted by hardware (secure element.)
3. A ciphertext passcode in flash is encrypted by a one-way algorithm (eg., SHA-1) from the plaintext one.
4.  The iOS encrypts and decrypts files by the plaintext passcode.
5. Why cannot we use Touch ID to encrypt files? Because the biometric data of our pressed fingers are different each time.

Install binutils in Mac OS

Sometimes we need to install binutils in Mac OS to do something. Please refer the sites.

Homebrew
Building a GCC 4.9 cross compiler on OS X Mavericks


I use the below steps to build binutils in OS X Yosemite.

1) Install brew.

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

2) Installing GCC.

We need GCC to compile binutils in Mac OS

brew tap homebrew/versions
brew install --enable-cxx gcc49

3) Download binutils.

Download the source code of binutils. We get binutils-2.25.tar.gz.

4) Extract binutils.

Extract the source code to the home directory. For example,

~/src/binutils-2.25

5) Set environment variables.

We can set environment variables to build binutils.

export PREFIX="$HOME/opt/cross"
export TARGET=i686-elf
export PATH="$PREFIX/bin:$PATH"

6) Build binutils

In the ~/src/binutils-2.25 directory run the below command.

../binutils-2.24/configure --target=$TARGET --prefix="$PREFIX" --disable-nls --disable-werror

make
make install

8) Check if binutils is installed.

cd ~/opt
find . -name *objdump*

The results display.

./cross/bin/i686-elf-objdump
./cross/i686-elf/bin/objdump
./cross/share/man/man1/i686-elf-objdump.1

-Count

The GUI of iOS 8

The iOS 8 has many things that we can learn when we design a GUI of an application. For example, the Cellular is defaulted to be turned off in Settings.

The Cellular has > icon so that we know it has many sub settings. We swipe it to expand the sub settings. We know that the Cellular Data is the main switch of the Cellular feature.

If we swipe it to turn on, the another setting, Enable 4G, appears.

We go back the Settings and find that the Cellular has > icon instead of "Off >".

We enters Cellular again. We know that the Enable 4G depends on Cellular Data. It means that the Enable 4G can be turned on only if Cellular Data is turned on. 

If Cellular Data is turned off, the Enable 4G is hidden.

If we turn on Cellular Data, Enable 4G appears again and it is turned off. It seems that iOS 8 remembers the state of Enable 4G.

We can proof the assumption by turning on Enable 4G.

Then we turn off Cellular Data. The Enable 4G is hidden.

Finally we turn on Cellular Data and the Enable 4G displays as be turned on. It makes sense. iOS 8 remembers the state of Enable 4G and shows it only when Cellular Data is turned on.

I consider the GUI is very user-friendly. We can compare it with iOS 7 that Cellular Data and Enable 4G are independent. We are always confused when we turn on/off Cellular Data or Enable 4G in iOS 7, but iOS 8 eliminates our confusion.

-Count

Use iPad to play movies in media server through SFTP.

We can build a simple media server by installing Fedora 20 in PC. The SFTP is default to enabled after booting Fedora.  We use SFTP as our simple media server.

We install FTPManager and nPlayer in iPad. FTPManager helps us manage files in media server through SFTP. We open nPlayer to play movies through SFTP. The following are framework.

• X86 PC
• Install Fedora 20. The SFTP service is default enabled.
• Connect internet with fixed IP address via PPPoE.

• iPad
• Install FTPManager
• Install nPlayer

Let's use nPlayer to play movies anywhere after it is installed in iPad/iPhone.

It displays all supported connection types. Please select SFTP.

Please create your SFTP sites.

After you select a SFTP site, the App displays the directories.

You can enter a directory and play a movie.

How to backup iPad or iPhone in USB disk drive on Windows?

We always backup iPad or iPhone with iTunes on Windows. The backup data are stored in C drive. The backup path is for example.

C:\Users\[USER_NAME]\AppData\Roaming\Apple Computer\MobileSync

A problem is that there is often not enough space in the C drive. It seems that there is not an easy way to change the backup path to our USB disk drive. We can use the mklink command before running iTunes to solve the problem. For example,

mklink /j "C:\Users\[USER_NAME]\AppData\Roaming\Apple Computer\MobileSync" "F:\iPad Backup\MobileSync"

The F drive is a USB disk drive. We create a link of MobileSync under "Apple Computer" directory. It links to our MobileSync in the USB disk drive. When we run iTunes to backup, the data are really stored in F drive, not in C drive, even though iTunes only recognizes the path, "Apple Computer\MobileSync".