the itjerk

my adventures with technology

Category Archives: Apple

parental controls

I have a teen that refuses to do homework. You know, gets a “zero”. Thus, I take the phone away. However, teen needs a computer for homework. Fine. But you know when she gets on to the computer, she’s going to go to all those sites where “screenagers” waste their time. That’s fine. I’m going to show you how to block individual sites using OpenDNS and your Router. [Note that I’m going to use terminology for my Netgear, but chances are if you’re bothered to read this, you’ll know what I’m talking about. Also, while my Netgear router has a “Blocked Sites” function, it doesn’t work. Useless!]

DNS can be set in many places: local computer, router, modem. I’m not quite sure what trumps what, but I believe that’s the line. Using your router for DNS is better than using your modems – my AT&T modem does not allow it to change! Setting on an device level, well, that’s a lot of work. Also, I have to believe that most “screenagers” don’t know what DNS even is. So, here we go.

The first step is to open your router’s settings and go to Internet Settings (also called WAN). Set the Primary and Secondary numbers to OpenDNS, 208.67.222.222 and 208.67.220.220. Now, all requests originating form your router will go through OpenDNS. I’m sure there is some chatter on whether using Cisco-owned product is all that good, but from what I’ve read, it’s one of the better choices out there for the home user. What you may give up in privacy, you’ll gain in secure web browsing.

The second step is to let OpenDNS know that request from your router are yours. Okay, that may sound all scary and Big Brother, but let’s not pretend that our web surfing is anonymous. It’s not. You buy your internet from someone, or are you really getting it for free from a leaky neighbor or a nearby Starbucks?

To sign up for an OpenDNS account, go to their website and sign up for a free Home account. All it requires is an email address. Once completed, open their Dashboard from a computer on your home network. Under settings, add your local network: it’s going to be the IP address of your modem. Give it name, and save it. OpenDNS will now associate requests from that IP as yours. Under Web Content Filtering, you’ll see two areas. The top is a predefined set for a variety of “undesirable” sites – if I had teenage boys, I’d sure as hell use this to block the “naughty bits”. The bottom section allows individual site blockage. Here’s what I wanted:

Give it about five-ten minutes (they say three) and those sites are as good as gone! While a web browser may give a different warning (usually a cert error), dig one deeper with nslookup, you’ll see what’s going on:

PS Desktop> nslookup snapchat.com
Server: UnKnown
Address: 192.168.0.1

Non-authoritative answer:
Name: snapchat.com
Addresses: ::ffff:146.112.61.104
146.112.61.104

And if you go to that IP:

Couple of points: First, you’ll probably need to run Cisco’s OpenDNS-Updater program as your ISP provides your modem with a dynamic host; exact same thing as if you were running a DynamicDNS service like DuckDNS. Second, a really smart kid could probably figure out how those sites are being blocked. My kid is smart, but if she was really that smart, she’d just do her homework in the first place.

One the web:
https://www.opendns.com/home-internet-security/

new computers

My teenage daughters received new computers this Xmas. The younger one (freshman in high school) got the Surface Laptop Go. It was relatively inexpensive at $540 for a 10th Gen i5, 8GB RAM, 128GB model. I also opted for a Microsoft Complete package that runs $84 for two years. It has a touch screen, touch Windows Hello power button, 12.4″ screen with 1536 x 1024 (148 PPI) resolution. On the disappointing end was that it arrived with Windows 10 2004. After a round of updates, I had to use that Windows 11 Installation Assistant to get to Windows 11. Also disappointing is the 720p camera and lack of lighted keyboard. But for what she’ll be doing, web browsing, watching movies and (hopefully) schoolwork, it was a great solution. I just hope it’s durable.

The older daughter (junior in high school) made the pitch for an Apple MacBook Air, as she didn’t want “some janky-ass Surface computer that I’ll never like”. Fair enough, all of her friends have Apple computers. Ordered on a Tuesday evening, it arrived the next morning at 9:30am in an Apple Store bag, hand delivered to my door (for $9.00 extra). It was a base model, with M1 chip, 8GB RAM and 256GB SSD, costing $899 (with Education pricing). The Air has a superior Retina screen (though without touch capabilities) and a lighted keyboard (good to see that touch bar gone). I also opted for annual Applecare at $70 per year. Kids, right?

Those Dell Latitude 3190s? Not sure if I’ll scrap or sell them, they got some heavy use during the pandemic and you know, kids put stickers all over their laptops! But I did upgrade them to Windows 11 (one required me to turn on TPM in the BIOS) before doing a Reset this PC that (among other things) cleared the TPM before restoring the OS. That’s comforting.

new macbooks – overspec’d is overserved

They’re in the store, those shiny new Apple MacBook Pros with the M1 Pro and M1 MAX chips, 10 Core CPUs, up to 32 Core GPUs, up to 64 GBs RAM and 8TB SSD. Go big, Apple hopes, so your $2500 laptop will end up costing $5000! With the iPhone’s 16-core Neural Engine too for all those pictures you’ll be taking with your laptop!

Look how easy it is to add an extra grand or two to a machine? Apple consumers are sheep! Apple Marketing FTW!

iphones

Never got around to posting this, but I did buy my teenage daughters each the iPhone 11 for Xmas. The presentation they gave me, while grammatically a nightmare, was mostly compelling. I’ll share below. Good thing we have jobs, because those suckers cost me $1200, plus about $16 per month for insurance.
Google Family Link does NOT work with the iPhone, but I can get them to add their location to my Google Maps. I also set some parent restrictions on their phones with my AppleID.

bios, baby

I know that everyone hates updates, especially that ultra-pesky 1709 Creators update for Windows 10. But you gotta do them, just like exercising, dieting, eating healthy, etc. Please remember when an update says “DO NOT POWER OFF YOUR COMPUTER” it really means it.

Currently most every “modern” computer needs to have its BIOS updated for those also-pesky chip Spectre/Meltdown vulnerabilities. Most computer manufacturers and motherboard companies have Windows software that helps you perform a BIOS update. Apple calls these firmware, and handles the updates for you via the App Store. Just remember, these updates should be done attended, so that’s more for the itjerk to do!

dnscrypt

Domain Name Service (DNS) is the mechanism by where numeric IP addresses become readable domain names; it’s far easier for me to tell you to visit strawberrybricks.com than a bunch of numbers. When you browse the internet, then, the addresses you type or click on go through a DNS search. Typically, your ISP provides this service, or whomever you get your network connection from – however there is an implicit level of trust involved. Who’s to say that yahoo.com for example, is really yahoo.com? What is the DNS server spoofed the reply? Further, any DNS server can collect a wealth of information by recording your DNS requests. Finally, the speed of your browsing is dependent on how quickly these requests are filled.

Both Google (8.8.8.8) and OpenDNS (208.67.222.222) provide free DNS services that are fast and secure, and supposedly do not track your requests. A third service, Quad9 (9.9.9.9) was very recently launched. Your ISP has a lot of information about you. Switching your DNS to one of these providers is simple (just type them in your router, or network connection), and gives some degree of privacy. Every little bit helps?

DNSCrypt goes one further by encrypting all your DNS requests. It’s an easy enough program to install, available for PC, Mac and Linux, and for routers using DD-WRT. On my Ubuntu box, I needed to install libsodium-dev first, and then was most successful installing DNSCrypt-proxy from source by using the old “configure, make, make install” method with version 1.9.5. Then, you can run it with systemd automatically.

On the web:
DNSCrypt

apple vs doj

Apple has already helped the government retrieve data from some 70 iPhones. Cooks stance is about selling and market share, and not helping solve the heinous murders that the San Bernardino terrorists committed.

 

genius (sic)

“I tried following the instructions on that site but unfortunately I don’t really understand what they want me to do. For example I downloaded the correct version but I do not know how to run it at the command line.”

iMod

el capitan, thank you

Don’t know if it’s just me or not, but doing a clean install on an old Mac computer has been a pain, since 10.6 Snow Leopard. Back in the early days of Mac OS X, you could boot a Mac into firewire mode and copy an image over. As Apple moved away from firewire, that became more and more difficult. Doing a clean install of an operating system became even more problematic after the switch to Intel processors, as Apple made version-specific demands on installers; this disc only worked with this machine, etc. Of course a few years ago, Apple did away with optical drives all together.

Fortunately, that’s changed, and now making a bootable flash drive is easy business. To perform a clean install of 10.11 El Capitan, go to the App Store and download the free installer, it’s about >6GB and will end up in your /Applications directory. Take a big enough USB drive, format it to “Mac OS Extended (Journaled)” and name it “Untitled”. Providing you keep these defaults the same, you just need to run this simple command to make your very own bootable installer:

sudo /Applications/Install\ OS\ X\ El\ Capitan.app/Contents/Resources/createinstallmedia --volume /Volumes/Untitled --applicationpath /Applications/Install\ OS\ X\ El\ Capitan.app --nointeraction

Boot the Mac by holding down the option (Apple) key and you’ll be able to choose the USB drive as your startup device and proceed with a clean install.

Now that Apple is giving away free upgrades to their OS X, there’s really no reason to not run the latest and greatest version of OS X. (Well, maybe*). El Capitan will run on most any Mac that’s got a 64 bit processor, and you’ll have to go back a decade or so to find one that doesn’t have one – like my little Mac Mini with its core solo* that keeps chugging along after all these years!

iPad2 repair #2

iPad2 repair #2

Second time I’ve had to replace the digitizer. Didn’t bother replacing the plastic mid-frame bezel, so not worth the effort. And this time rubber bumper is being ordered before the kids get it back