Tag: it

Sluggish new Mac

Recommendations for Macs that have plenty of memory and should otherwise be performing beautifully. I’m looking at you, Chrome 👀: 

  • Restart weekly.
  • Pare down extensions in browsers, especially Chrome.
  • I know I just said pare down extensions, but there’s a really cool extension for Chrome called OneTab. You can use it to quickly send all your tabs to a single page of links. And you can share those pages to yourself so you can open them in other browsers. 
  • Try using different Profiles in your browser and switching between them to close windows you don’t need right now.
  • Strongly consider switching to Safari.
    • Try starting mostly fresh, but do configure Profiles first and perhaps export specific folders of bookmarks from Chrome. OneTab can help with this.
    • I just searched “fastest browser 2025” and confirmed my guess that at least a couple people would rank Safari as the most performant and private, at least for Apple users. It’s not ’cos Apple is just better, but they are of course able to optimize for their platform. And they are also making their bones off maintaining privacy, which (to this non-programmer) feels like it cuts back on the cross-page cookie tracking whatever nonsense that is the bane of the modern web. (One of the many banes, I should say.)
  • Check out Activity Monitor on your Mac (in /Applications/Utilities), but when things feel sluggish, look at the Memory tab in there and see what the culprit is. If there is a non-zero number next to “Swap Used:” try closing/quitting as many apps and tabs as you can, and restart.

Did I spam myself?

A client writes:

I just received an email from myself with a fraudulent QR code containing a link that’s clearly a scam. But it looks like it actually came from my email, and other people are listed as recipients. What should I do?

Sadly, it’s not difficult to make email appear on the surface as being from any given address. Harder to make that more than surface-level, requiring a true hacking of an account. Since you and I have worked together, we have pretty well covered the bases to set the chance of that happening to you dang close to zero.

In other words, and to answer the question of what you should do now: Ignore it, stay vigilant, and keep using those strong passwords and two-factor authentication, preferably with a password manager. (I got a blog post about those, and the TL;DR there is that, for iPhone users, Apple Passwords is free, and great even if you have a PC. And 1Password [affiliate link] is fantastic if you want something more robust.)

All that said, to get more forensic about it, you can look at the source code of the original. In Apple Mail on the Mac, go to View menu > Message > Raw Source.

I know it looks like the matrix, and I don’t pretend to read it like prose myself. But see below for an example of part of the source code from a legitimate message, one of the sections you can look for where you can see your domain and terms like “dkim” and “dmarc” matched with “pass”, which indicates my email service (Google) asking your email service (also Google), “Hey, is this legit from yourdomain.com like it purports to be?” and getting a couple different “Yes”’s in response.

ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=yourdomain.com header.s=google header.b=Ssjl9RVC;
spf=pass (google.com: domain of xxx@yourdomain.com designates
209.85.220.41 as permitted sender) smtp.mailfrom=xxx@yourdomain.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yourdomain.com;
dara=pass header.i=@mydomain.com

If you look in there and something doesn’t pass a sniff test, let me know!

Identity Theft

In the past six months I’ve received two letters from local health facilities telling me that they’ve been hacked. One office suggested we victims use a company called IDX in case of identity theft. I have Googled IDX, but I do not like that they use cookies. I’m also wary about handing over my social security number. What do you think?

I sure appreciate your vigilance and suspicion! I don’t know if you clicked on the reviews for IDX when you searched for the company, but they indicate pretty clearly that you should steer clear. I’m not asserting that all such companies aren’t worth their salt, but at least a few of IDX’s customers are displeased.

The businesses you are hearing from are under obligation to make some kind of remedial suggestion to you, though I wish they had stricter obligation to maintain tight security in the first place.

What they should be doing is telling you to place credit freezes at the three major bureaus, and to change your major passwords to all be different if they aren’t already. Also use multi-factor authentication on every account that allows.

Sigh.

Your instinct guided you correctly, and keep trusting your gut. If anything on the internet smells even a little fishy, it almost certainly is entirely fishy. That said, you should know that nearly every single website you visit employs cookies. Of a nature it can be a useful technology, for example, letting a web app remember how I had logged into it and displaying my most recent choices on that app. You are not wrong, however, that cookies are also used for purposes more convenient to the site owner than to me, in gathering information about me to sell to data brokers.

The GDPR law passed by the EU in 2016 requires that websites that use cookies must display a choice screen if they want to operate in the EU. I think the spirit is right, though the implementation has proven annoying: rather than use different policies for visitors from different locations, the sites show those choice screens to the globe. So perfectly legitimate, nice, well-meaning, or beneficial websites might show you that they use cookies and let you turn different categories of cookies.

Finally, while I support your care in handing your social security number to just anyone, that number is flowing like water all over the internet, and the credit freezing and password security are our primary, if not only, defenses against identity theft.

How should an individual person buy Microsoft Office?

I updated my MacBook Pro, and now Excel and Word are locked up, telling me I need to subscribe for $100/year. I can’t remember when I bought Microsoft Office. What are my options? Buy the suite, or switch to Google Docs, or what? Are there other options? I tend to feel averse to subscription-model software.

If you can’t remember when you got it and/or your updated computer can’t run the version you have — and if you indeed need to run Office rather than use Google Docs or the excellent open-source OpenOffice — you should prepare to pay Microsoft something.

And if you really don’t need anything but the basics, no extra storage on OneDrive or any new feature Microsoft rolls out, then what you pay should probably be $140 for this one-time license.

I don’t perceive you need any of the more business-y or organizational tools like OneDrive, but if you do, that’s when you pay the subscription. I understand anyone’s reluctance to do so, but truly it is the appropriate model for to keep software that we value in existence.

Latest on AI tools

Just a bit of zeitgeist pasted from a conversation…

…Another well worth mentioning is Perplexity. Their pitch is that it’s built for research, the immediate upshot of which is that the results are organized to lead to your likely next questions. The main features are: 1. it actively searches the web as well as generating from LLM’s, and 2. included are links to real web pages supporting the output. 

Again with the controversy and likely copyright infringements, but the tools are incontrovertibly useful, astonishingly so. Even the stuff in Apple’s latest “Intelligence” feature set has some nice quick “please capitalize and punctuate this nonsense so I don’t have to” abilities that I use. I don’t yet pay for any subscriptions, only the backend API’s. I am able to get most of what I want for free, although I have considered paying for Anthropic’s Claude mostly just to see what it will do, choosing that one for the reasons we discussed. 

I also run a couple of large language models locally on my Mac both for fun and when I don’t want the material out in the world. 

One comparative point I wanted to highlight: While these are all, for so many purposes, interchangeable, they each have their moments in the sun. And in this moment, Google happens to have just released a new model that has received praise, and they are offering 2.5 Pro to all accounts both free and paid as “experimental.” This dropdown menu gives you a good idea of how the different models might be used:

To me it’s a sign of how young this technology is that we have to think about which tool is right for the job. 

I have to acknowledge here and now how little I like the term “AI” in this context — and for different reasons the movie of that name that Kubrick pawned off on Spielberg —  and wish Apple could have kept using “machine learning.” It does not help that now the companies are bandying about “AGI” (“G” for “general”) to represent Kurzweil’s singularity. There is so much nonsense and jazz-hands and jibber-jabber about it, not to mention legitimate concerns and fears, but as that seems true for bloody well everything these days, I’m content using this amazing stuff for what it actually does do very very well. 

Finally, the thing I really want it to do is read my whole computer of my own text, and either answer queries about that or spit my own words back out at me, so I can say, for example “repeat what I wrote Lucy about AI last week.” Apple purported to be working on that, but appears to have been failing in that effort, so much so that they have done some reorganization to address the lack.

AI Notetaking for Meetings

We are considering implementing an AI solution for meeting notes. Do you have any recommendations?

There are now a bunch of tools for this. I stopped employing any of the cloud solutions, to protect client privacy and security, but I am considering a solution to do it locally. Here’s my experience so far:

  • Apple Notes on the phone or Mac is now actually pretty good at recording and transcribing audio. This is my current go-to.
  • Notion is superpopular and if you pay for it, it will AI the heck outta any text your throw at it.
  • I have used Fathom and thought it was cool but didn’t want to pay for it.
  • I just ran into Krisp.ai.
  • I’ve started using MacWhisper a bit for all transcription, and it’s quite slick.

This page is a nice rundown from a trusted source of the current cloud-based offerings.

The benefit to using a cloud-based doohickey is that they’ll have a plug-in running on your Mac or in your Zoom or Teams account, ready to capture any meeting and do all the work for you.

Notes and MacWhisper, on the other hand, will do the trick, though one has to be up for a little manual work: <nerdery>getting or extracting the audio and feeding it into those apps manually. Major upside is they’re running on your Mac, so free and kept entirely local. I am considering recording calls on my iPhone (which is now a thing) and/or using Audio Hijack on the Mac to route audio from multiple apps into a single recorder, and then having Hazel and/or Shortcuts automate from there.</nerdery>

An option well worth mentioning is to build your own custom automation with an excellent tool like Zapier. These have become the new backbone of business operations. I’ve transitioned the main of my work to building them for other folks. In this case, for example, we might have an automation run like:

New Teams recording triggers:

  1. Get the audio
  2. Send to GPT Whisper for transcription
  3. Send to GPT or Claude for summarization, and also separately to list the individual action items and determine/guess the assignees from context
  4. Turn each of those action items into tasks in Asana, with assignments

That kind of build might take an hour or two, plus $240/year for Zapier — which could then do alllllll kinds of other things for you.

Live Text is OCR everywhere

When it comes to scanning and/or printing documents, what is OCR?

Humans and their acronyms! OCR is fortunately real easy: “optical character recognition” meaning the computer turns a picture of text into copyable text. 

I use it on all my scans of documents, so I can just boop! copy and paste from the scan into an email or Word or wherever. Also, my Mac can then search for text inside scans. 

This used to be rarified magic, but now all of our phones and Macs are doing it on all of our pictures. You can even search your Photos library or Notes app for text that’s inside photos! And look for the little “live text” icon on your phone  when you open a photo or take a screenshot. That will let you select text, tap a phone number to call it or an address to map it, and even translate!

Update everything always

Should one have macOS set so that apps update automatically? is there any reason not to?

Yes, one absolutely should auto-update both apps and the operating system. while there are edge cases when a given app or OS shouldn’t be updated — a mission-critical app with an update that would lose a feature, cost more, or break compatibility with some other software or peripheral — everyone else will benefit from current security practices and the latest features.

Configure one Airport Base Station to extend another

Airport Utility

Apple has really made setting up a wifi network easy. Airport Utility now requires only a few clicks, and correctly guesses what you want to do with each device.

When they start adding devices, or reconfiguring existing ones, many people are reluctant to wipe the routers and start from scratch, but that’s totally the thing to do. It saves a ton of time and guesswork.

Here’s how you do:

  1. Reset both devices to defaults
    • holding the reset button with a pen til light blinks faster
  2. Unplug your internet modem from power, count to 5, and plug back in.
  3. Set up the Airport A connected to the internet.
    • Use the same settings, including wifi network name.
  4. Make sure you can now surf the web.
  5. Plug in Airport B, in the same room as the first one.
  6. Configure B, letting Airport Utility guess correctly that you want the B to extend A.
  7. Once both are green, unplug B, and plug it in where you need it.
  8. Make sure it goes green, and you can surf in the G’s office.

Look up any stored password, and then some

We need to connect a PC laptop to our wireless router.  The computer can find the network, but I don’t know the password. Where should I look?

Your Mac does a very cool thing with passwords: It stores them in a single file called the “keychain,” which is locked with the password that you use to log into your Mac.

Here’s that paragraph in slightly more geeky terms: The keychain is locked with military-grade encryption, typically with the password assigned to your user account. Each user gets their own keychain, and the default keychain name is “login,” though you can rename it or create multiple keychains. Whenever you see a checkbox option for “Remember password in keychain,” or when Safari asks whether you want it to remember a particular password, that login will get stored in the keychain. (If Safari never presents you with that option, go to Safari > Preferences > AutoFill, and turn on “User names and passwords.”)

You can find passwords in your keychain using the Keychain Access utility, which you can find, along with everything else on your Mac, through Spotlight, or by going to Macintosh HD/Applications/Utilities.

Here’s a good tutorial with screenshots on using Keychain Access. And here are Apple’s instructions:

To display your passwords in Keychain Access:

  1. Open Keychain Access, located in the Utilities folder in the Applications folder.
  2. Select a keychain.
  3. Click Passwords in the category list.
  4. Use the Passwords category disclosure triangle to reveal the types of passwords, and then choose a password type.
  5. Double-click a keychain item.
  6. Select the “Show password” checkbox.
  7. Enter your keychain password.
  8. To display your password, click Allow. [Editor’s note: don’t choose Always Allow, or Keychain Access will always diplay that password without entering your master password.]

It’s worth mentioning here that sometimes we encounter problems with the keychain, usually having some application keep asking for the password. This post on the Apple Discussion boards runs through some techniques to address those issues, but the first step is to go to the Keychain Access menu (top left, up by the Apple), and click on Keychain First Aid. Enter your keychain password, and click Repair. If it finds any errors, click Repair one more time. If the errors are intractable, refer to the post on Apple Discussions.

For Your Eyes Only

Now, one feature of Keychain Access that’s frequently overlooked is Secure Notes. Too often, we’ll run into someone who has put private information someplace way too public, say the address book, or in Stickies. I try not to let abject horror that I’m feeling show on my face, but I pretty quickly move into a discussion of how to protect your computer and phone from unwanted eyes — turning off automatic login, and setting a passcode lock on the iPhone, at the very least.

Of course, I prefer to keep such data digitally, and passcode-protected, rather than have someone scrawl their passwords on a piece of paper. That’s where Secure Notes comes in. Apple’s instructions:

  1. Open Keychain Access, located in /Applications/Utilities.
  2. Click Show Keychains if the Keychains list is not open, then select the keychain you want to use (if your keychain is locked, click the lock icon then enter your keychain password to unlock it).
  3. Choose File > New Secure Note Item.
  4. Type a name for the note that will help you remember what it is.
  5. Type the information you want to preserve in the Note box, or paste text you’ve copied or cut from another document.
  6. Click Add.

Is there another way?

You bet. I recently started using the awesome app 1Password — $39.95 from Agile Web Solutions — and I’m thoroughly impressed with it. These are the distinctions Agile makes between their program and the Mac keychain scheme:

  • Store and provide easy access to more than one account for any website.
  • Correctly handle financial websites which often disable storing passwords in Safari’s AutoFill.
  • Integrate with multiple browsers, including Safari, Fluid, Firefox, DEVONagent, OmniWeb, NetNewsWire, Flock, Netscape Navigator, and Camino.
  • Eliminate the need to synchronize your data between browsers.
  • Support multiple identities, such as personal and business identities. You can even create fake identities for websites you do not trust.
  • Fill credit card information with one click.
  • Import information from a multitude of sources.
  • Integrate a strong password generator directly into the browser for quick and painless generation of super strong passwords.
  • Sync your information to the iPhone/iPod touch, as well as Palm devices.

That iPhone sync is great, because I use a different password for almost every service, so in the unlikely event someone tried to torture my passwords out of me, they’ll never get them all. Bwaaa-ha-ha-[cough-cough]!

The sync with Firefox is also stellar. I kinda like that Firefox has its own password-storage system, just because it maintains their cross-platform paradigm, but I definitely do not like that they don’t have it protected with a master password by default, unless you turn it on: Firefox > Preferences > Security > “Use a master password”:

1Password installs useful plug-ins all over the place. You get a button in the Firefox toolbar, several menu items in Safari’s Edit menu and Firefox’s View menu, and a contextual menu item in Safari and Firefox (and others, I’m sure). I just entered my credit cards as “Wallet Items,” so my browsers can fill in that info quickly without my dragging leather outta my pocket. (Did that come out wrong?)

Check out this short video for more info.

One more option: I’ve heard a lot of good things about LastPass, which does many of the same things as 1Password, and it’s free, although there is a Premium version. The only thing about LastPass that makes me a little nervous is that it synchronizes your data via the LastPass web site. Now, I sync my 1Password database via Dropbox, but I use different passwords for Dropbox and 1Password, so if someone hacks my Dropbox account (heaven forfend!), they won’t be able to get at my other passwords. As we’ve seen, no site is forever secure, and I want to be at least doubly sure my password database is tight.