Marc's Musings

Put Dates on Everything

This depends upon how fast you go through things. But, as a 2 person household, we can go through some things pretty slowly. That bottle of mayonnaise can be in the fridge for any number of weeks.

Likewise a bottle of brake fluid or a can of paint will easily sit half full for months, if not years. Knowing when it was opened or, if you really are looking ahead, predicting when it will be of questionable value is something that “future you” will always appreciate about “past you”.

Some things it’s just good to be aware of. I have a “disposable” water bottle sitting on my desk right now where I’ve marked the date that I first opened it on the bottom as January 6, 2016. I use it probably 4 times a week when I work out in my gym and it shows no signs of failing. Disposable indeed.

It takes maybe 10 seconds if you keep sharpies handy in your kitchen or workshop to jot the “opened” or “toss by” date on something. *That* is a tiny investment that yields dividends…

AAA Shady Automatic Renewal Practice

I like the AAA, I was a member of CAA when I lived in Canada and like having the safety net of having a trusted entity that can be called if I run into issues on the road.

With the purchase of my Tesla, I’m less certain the AAA will be helpful (they are still ramping up EV benefits) but there is a measure of comfort available for my wife having this resource available to her for her ICE car.

Also, there is usually some small price advantage available when booking hotels with the AAA rate.

This morning I received an alert from my credit card (you really need to set up these alerts) that AAA had charged it for the amount of my renewal. I was a bit surprised as I don’t need to renew until late next month and I ONLY renew things like AAA manually.

They’ve been trying to get me to join their auto renewal program for years with tiny incentives (“Save $4 if you set up auto-renewal!”). But I prefer taking a moment to consider if it is still worthwhile to me each year before deciding if I’m going to renew.

Well, last year, it seems they got tired of the tension and just went ahead and set me up anyway, without my knowledge or permission. Believe me, I carefully scan the checkout screen before I submit payment to prevent exactly this kind of nonsense.

I went back and checked my confirmation email from last year’s payment and, sure enough they have a blurb at the very bottom informing me that I’m now automatically renewing.

Paragraph at the bottom of my renewal confirmation email from last year

I checked on the website and the ONLY way to change this back is to now call them on the phone. I mean, who does that in today’s day and age?

“Convenience” Billing, unless you want to stop it

I did call (wait time was exactly 10 minutes with another 12 minutes after that on the call) and intended to get them to refund my payment and disable the automatic renewal. However, I was told that:

They could not disable auto-renewal with the charge pending
If I would give them my full credit card number they would put in a request to refund the already paid fee. But could not guarantee this would work.
I can always call back later if things don’t work as expected.

So I went ahead and cancelled my membership (confirmed by email) and I will dispute the charge with my credit card company if the pending authorization does not go away.

AAA, I am disappointed.

Shared iPadOS TemporarySessionTimeout Experience

I have implemented some Shared iPads at my company. These are to be single-purpose devices that are shared among the staff at particular offices and are used to run a single App that is important to them.

It should be noted that the app requires some permissions before it can be used properly and so these, while not amazingly hard to agree to, are just kind of annoying for the end user to constantly be challenged with while trying to get on with their job (Camera access kind of things). The app has its own security so locking down the device and then making use of the Guest (Temporary) session meets our needs.

I also have a need to keep the devices’ iPadOS up-to-date* and this requires that they are signed off of the device to work correctly.

Counting on the end user to reliably sign out at the end of the week so the OS updates can occur over the weekend is not likely to be successful, so Apple thoughtfully provided an attribute that I could use called TemporarySessionTimeout. The only problem is… it didn’t work.

But finally, after over 5 months working with Microsoft and Apple it seems the issue is now settled.

Here are my conclusions:

iPadOS 15.5 is required for the TemporarySessionTimeout attribute to work correctly.
Apple assures me that any value from 1 to 129,600 seconds (36 hours) will work. I am using this as my upper limit.
I have tested, multiple times now, 86,400 seconds (24 hours) and this works fine. This is the value I agreed upon with my business partner that should permit the session to persist throughout the week but then timeout on the weekend and leave enough time for iPadOS updates* to occur.
The timer is reset with pretty much ANY interaction with the device. In my earlier testing I was checking at 16 hours, 20 hours, etc. with the intent of catching if the device was timing out sooner than expected. But when I did this, it would also NOT timeout after 24 hours. Only if I left it completely alone and then checked after 24 hours was the guest session signed-out. All I did was press the power button to check if the “Sign out” button was still present.

* I keep mentioning iPadOS updates like they work. They don’t. I have cases open with both Microsoft and Apple on this issue. As of iPadOS 15.5, using an Intune iOS/iPadOS Update policy does not cause the update to occur successfully, at least on my devices. There is some kind of permissions error buried in the logs and the direction I’m getting from Apple is that we will need to wait for a future release of iPadOS to see if it’s fixed. Yay team!

iOS 15 Managed Pasteboard and Intune MAM/MDM Protections

I recalled reading about the Managed Pasteboard feature in the iOS 15 release notes but the full import of it hadn’t hit me until today.

If you are using an Intune App Protection policy to “sandbox” your managed apps and you are also using Intune’s MDM, you will find that Pasting from the clipboard behaves a bit differently after upgrading your devices to iOS and iPadOS 15.

Previously, in Microsoft’s Office 365 ecosystem you used App Protection policies to specify which apps are “Managed”. You would specify what kind of actions could be done with data with respect to those apps. Only certain apps were “enlightened” or compiled with the SDK that recognized Intune’s MAM requirements so you had a very limited ecosystem of apps you could use in this fashion.

Things like saving files from a managed app to local storage, or copy-and-pasting data from inside of one of those apps to another app would be controlled this way.

In my institution, we allow people to copy-and-paste into these managed apps, but not vice-versa.

I’m not an expert on other MDM solutions having only worked with MobileIron and BlackBerry in the past, but I understand Intune’s approach is a bit different in that, for the Office 365 primary apps (Outlook, Word, OneDrive, etc.), the apps themselves are primarily responsible for enforcing the MAM requirements imposed by the Administrators.

More so, each app discriminates between Corporate data and personal data on an account-by-account basis. i.e. You can be using Outlook to access your Corporate email AND your personal Gmail account. This means you can have emails side by side in your aggregated inbox and you can copy-and-paste from the personal Gmail messages to any other app you please on your device, but try to paste from any of your Corporate emails and all you get is “Your organization’s data cannot be pasted here.” pasted in any non-managed receiving apps.

This was fine and worked well enough. We were satisfied that our data was protected.

However, it seems Apple understood the MDM piece of the equation, which would allow data from managed apps to be pasted to non-managed apps to be a gap which they rectified in iOS / iPadOS 15 with the Managed Pasteboard. The issue here is that it cannot have the nuance of Microsoft’s App Protection policy solution. Apple doesn’t know about the contents of the Managed apps, it’s unaware that some data contained in the app is personal and some is Corporate. Basically, if the MDM pushed down the app, then it’s managed and you’re not moving ANY data out of this to any but another managed app.

I’m using cut-and-paste as my typical use-case, but this will affect any data movement from managed to unmanaged apps – saving files, opening files in other apps, etc.

I’m hopeful that Apple will introduce the ability to disable the Managed Pasteboard feature should we want to. I recognize that their approach is probably a bit more “standard” but I feel that usability suffers.

Android gets around this issue by having an entire area sectioned off (Work Profile) where EVERYTHING inside the work profile is work only – nothing leaves there, and everything outside is personal. The distinction is so clear that you will actually have two separate copies of any app that would be used for work purposes. So you can use Outlook for your personal Gmail account outside of the work profile completely unfettered and you use another copy of Outlook for your Corporate mail within the work profile under the limitations your company feels are appropriate to prevent the data from being exfiltrated in some undetectable fashion.

I recall that Apple seemed to be working on a similar scheme but I have not heard anything about it for a few years now.

Moving Back to Quicken from Banktivity (Long)

TLDR; I moved from Quicken to Banktivity a little over 3 years ago and now I’m going back. I basically don’t trust the Banktivity registers and it takes WAY too much time manually inspecting, auditing, and repairing to be worth my effort.

I have tracked my finances in detail since my university days in the mid-80s when I created a complicated set of macros in Quattro to handle the basics required to record, track, and reconcile all of my accounts. This continued until I got my first job and decided I wanted a more polished system, whereupon I migrated over to Intuit’s Quicken product.

I continued to use Quicken for a little over 25 years when they started faltering and appeared about to go out of business. Their support had gone very much downhill, updates to the product were unspectacular and, frankly, it seemed as if Intuit regarded the Quicken product as just an advertising means to push their TurboTax product.

I was disenchanted and looked around for a native MacOS product that could handle my personal finance needs. In late 2018 I decided that Banktivity (which had *just* rebranded from “iBank”) had the comprehensive set of features that I needed, and so I migrated to this platform.

Banktivity was still a bit rough around the edges, but it had just been overhauled and they looked like they were eager to build a world-class personal finance solution so I tolerated some of the fairly glaring shortcomings and found workarounds with the assistance of their support folks.

Sengled Window & Door Sensor Review

I picked these up for a decent price from Amazon. Most of my contact sensors are Z-Wave so this was my first foray into Zigbee sensors.

I was a bit uncertain about them after reading so many reviews that said the devices would report in for a while and then kind of stop.

As of this writing I’ve had these Sengled Smart Door sensors installed for just under 2 months and I couldn’t be more pleased.

Setting them up was simple, I took to heart the warnings that the battery protector tab might leave behind some residue which caused issues for some other reviewers, and just popped out the button batteries to remove the tab instead of just tugging on it.

I then popped the battery back in, put the case back together and then set my hub to “Zigbee Discovery” mode. After pressing the reset button with a paper-clip, each one of these sensors paired immediately.

Mounted on TOP of the door just under the slide

I have 2 of these installed on lesser-used hall closet doors (maybe used once a day), one on a much more used wife-primary closet door (half dozen times a day) and a final one installed on one of my most-used doors which leads to my garage / workshop (maybe 20-30 times a day). This replaced a previous sensor that was acting up. I just attached the Sengled and it worked fine. I didn’t immediately remove the old sensor bracket while I was evaluating the Sengled as you can see in the image, but I’ll clean that up next month.

Sengled Sensor on door to garage — Kinda messy temporary installation replacing an older sensor.

None of these have ever failed to report their status IMMEDIATELY and consistently. They are all used to primarily activate lights – 3 of them activate Philips Hue bulbs, and the garage one activates a GE Enbrighten paddle switch, all via Hubitat’s Rule Machine logic.

Even without being on sale (Currently $70 for 4 sensors), these are among the least expensive Door/Window sensors I’ve found. When I bought them in December they had a 40% off sale which made them THE most cost-effective sensors I’ve purchased. Combine that with their great reliability (so far…) and these are really a great deal.

You definitely HAVE to use a hub with these. I’m using them with a Hubitat Elevation, but I know that SmartThings’ hub also works with Zigbee. So that should cover a pretty substantial portion of the hub user’s demographic out there.

I will be buying more of these both for new projects and to backfill some less reliable older sensors on my property.

McDonald’s Rewards Best Redemption Value

McDonald’s is.. well, McDonald’s. Famous world-wide for, perhaps not the best food on the planet, but certainly among the most consistent food available.

If I’m ever traveling and have had just a *wee* bit too much local cuisine or, as I found on my honeymoon in Germany, that my high school German should not be counted upon to understand a menu and order when visiting that country, I find McDonald’s to be a reliable, familiar taste haven. More than once have I scurried to a local McD’s while abroad to erase the memory of a regretful food choice or just to reset my palate back to my bland North American expectations.

They are available almost anywhere I go. They are open just about any time I would want to eat. Their fries are “good enough”. Their hamburgers are “good enough”.
This is perhaps not lofty praise, but nobody is going to fast food restaurants because they are after Michelin Star level cuisine.

McDonald’s recently started a points reward program, presumably because of the success of other fast food chain rewards. One reason to switch from dollars to tokens or points is because the math can be annoying for figuring out the best value

McDonald’s point redemption is nowhere near as flexible as that of Chick-Fil-A (See my article on Chick-Fil-A Best Redemption Value here) in that, as of this writing, you can only choose a single item to buy with points OR you can use one of their other deals. But, Chick-Fil-A almost NEVER offers any deals so that does somewhat mitigate their reward offering.

So, as of December 8, 2021, here are some of my favorite McDonald’s rewards in order from best to worst value per point.

McDonald’s Rewards in Value per Point oder

Keep in mind that pricing can vary dramatically depending upon location. A quarter-pounder can cost as much as 30 cents more if I pick it up 15 miles North of me where I work vs near my home. But I’ll use this to guide my point purchase whenever they do not have a better deal on offer at that restaurant.

Microsoft Intune “Defer software updates” and iOS Patch releases

Right now I’m trying to allow my fleet of devices to access iOS 15.0.2 but I do not want them to have access to iOS 15.1 yet (being released later today). Typically I like to allow a couple of weeks before upgrading devices to new minor releases to allow other folks to uncover any issues that might be introduced before my fleet tries to use them.

Intune has implemented, as part of their Device Configuration policies for iOS, the ability to take advantage of Apple iOS’ ability to defer a software update by up to 90 days.

This is potentially a great feature and has worked so far on Major and Minor releases. However, this is the first time I’ve attempted to use it to limit folks to a specific patch release (Major.Minor.Patch i.e. 15.0.2).

In my testing I find that just having the “Defer Software Updates” option set to Yes regardless of how many days delay specified causes iOS’ Software Update to completely ignore the patches.

If I watch closely, I sometimes see a ghost “iOS 15.0” zero byte offering that will disappear on a subsequent refresh. I find it appears immediately after I Check Status of my device in Intune Company portal. Then goes away after I refresh the Software Update page until the next time I refresh.

I cannot say for sure if the flaw is with Microsoft’s Intune implementation or in iOS’ Implementation, I can only say that I cannot take advantage of this feature for Patch versions while trying to safeguard the integrity of my iOS fleet.

One other thing – a defect in the Device Configuration policy. It seems if you EVER set and save the Defer Software Update setting, even if you subsequently set it to Not Configured, this will permanently enable the number of days parameter. This parameter defaults back to 30 when you set the Defer parameter to Not Configured and still be sent to the devices…

Tesla Firmware Update 2021.24.5 Resolves My Car’s Sleeping issues

As you probably know, today’s cars are almost more like our smartphones than like the cars we knew and loved from the 70’s and 80’s. Electric Vehicles (EVs) even moreso.

I have a 2017 Tesla Model X. Most of the time I have it parked at home where I can leave it plugged in as much as I want to ensure that it’s always topped up and ready to go with a full tank of “gas”.

One big difference between EVs and Internal Combustion Engine (ICE) cars is that, unless you leave your headlights on, there is very little that will impact your ICE car if you leave it just sitting somewhere like an airport parking lot while you are traveling to some far away destination. EVs, or at least Teslas, have a relatively low power “Idle” mode that they enter immediately after you lock the car and walk away.

They also have an ultra-low power consumption mode referred to as “sleeping” that they are supposed to enter soon after that. They are supposed to remain in this sleep mode most of the time they are not in use, waking now and then to check for software updates or to perform some internal housekeeping.

Since I’ve owned my car, it has be very reticent to actually sleep. This didn’t affect me much except to be concerned for what the long-term impact of the car basically staying active all the time might do to its components. This was dramatically exacerbated when I upgraded my Full Self Driving computer and Media Control Unit (MCU) to the latest and greatest versions.

When I was at home any drain was not an issue since the car could be plugged in all the time if I so chose. But I found my “Phantom Drain” (as the excess power consumption caused by not sleeping is called) was pretty impactful when away from home. I was on a cruise a while ago and lost just under 30% of my battery state of charge just sitting in the hotel parking lot for a week.

Anyway, this is all just a preamble to say that the latest firmware update – called 2021.24.5 (I get these, on average, about every 18 days) seems to have absolutely addressed the sleep issue for my vehicle.

I mean it’s night and day. Where it was alternating 16 minutes sleep, 45 minutes idle for much of the day, ever since the update it sleeps for literally HOURS at a time regardless of whether it’s plugged in or not!

It even sleeps when it’s not at home (Sentry mode off, of course) which was a rarity before. But now it appears to be the norm.

I imagine this does not affect a lot of people, but I’m pretty pleased with this update.

Oh, and as a sidenote, as of about 3 software updates ago (2021.12.25.7 or 2021.24.2) I was finally able to log into YouTube in my Tesla’s entertainment system.

So somebody on Tesla’s engineering team seems to be fixing these ancient issues…

Wemo Smart Plug – Not there yet

I have a love/hate relationship with Belkin’s Wemo products. When they work they work very well but when they decide to misbehave, they are miserable to get working again.

I already have 9 Wemo switches in my smart home. These took a long time to settle down but back when I first got them they were at the “bleeding edge” so, like everything else at the time, things were expected to be somewhat rough around the edges.
I credit creating DNS reservations on my router for most of their current stability and improvements in device driver code for much of the rest.

When I added the first of these new smart plugs to the Wemo app it seemed to work perfectly. So I went ahead and added the other two and had them distributed throughout the house.
By the next morning I found the first one was no longer responding (just flashing orange LED) and it had to be reset – after that it worked perfectly, it even integrated with IFTTT just fine.

The other two were not so good, they just kept losing connectivity, regardless of where I located them in the house.

A real deal killer for me, and something I had not initially considered was that these were not recognized by SmartThings (which is not a problem for the Wemo Smart Switches). Likewise, Hubitat Elevation – which was going to be my primary hub for these new plugs – only has a user supported device driver for Wemo switches, dimmers, etc. and these new ones apparently do something funky (respond unexpectedly or on random ports, who knows) such that they cannot be identified for use as a device with this hub.

The real kicker is that, in introducing these to the Wemo app, it started doing all sorts of interesting things both with these plugs and my existing stable of switches. Random switches / plugs would show up as disconnected at different times. Never less than two and typically no more than four even though the switches were still working just fine with my existing hubs.

So I have returned these and am going to instead use Ikea’s Tradfri Wireless Control Outlets. I have 5 of these controlling various lighting fixtures in my house already and do you know what has never given me any problems? These Tradfri outlets! They are somewhat more limited in that they do not have an on/off switch on the unit to override them if things go awry or if you just feel like manually turning something on or off. But I’ve ordered a bunch more and am unlikely to look back at the Wemos for a long long time.

Even now, days after removing these Smart Plugs from my Wemo app, one of my Smart Switches still shows as disconnected, even tough my SmartThings hub can still control it just fine.

tldr; don’t use with SmartThings or Hubitat Elevation and beware the Wemo app. If you do get these working, don’t ever, ever change your setup…