I’m changing hosting providers. As a result, some of the content here may be in flux for a while. Don’t worry, eventually it will all be back to normal! (I hope…)
I’m an avid reader. In large part, I justified my first iPad purchase because it can be used to read e-books. I own thousands of paper books, but since getting the iPad, I have purchased few paper books. E-books are just easier to deal with, and they don’t pile up and consume space in the house.
iBooks started off as a decent e-reader, and it still outstrips the competition—Amazon’s Kindle app and Barnes and Noble’s Nook app—in two big ways: typography, and ease of purchase. I’m not going to talk about Nook here, because it’s a dead man walking.
iBooks has always produced a screen that is easy to read and uses traditional fonts that are comfortable for reading books. The Kindle app, until very recently, used a font that was optimized for early e-ink screens and not for typographic beauty. It was functional, and that was the best you could say about it. Likewise, until recently the Kindle app didn’t handle hyphenation well at all. iBooks still looks better when it comes to line spacing, ligatures, and other small bits of the typographical art learned over thousands of years that make books easier to read. It also handles page turning and screen dimming better than the competition.
Also, iBooks is the only iOS app that allows you to purchase books. But this is Apple’s fault. Apple won’t let competing e-book applications include purchasing functionality unless they give Apple a substantial cut of the purchase. As a result, to buy books for the Kindle app, you have to go to Amazon’s web site. Apple’s rules mean that you can’t even use the Amazon shopping app to buy e-books—you have to use the website, and that’s clunky. In my opinion, Apple should be facing antitrust charges for this.
So why do I hate iBooks lately?
Well, like so many other Apple programs, in the last two years it has started breaking, first in small ways, and then in larger ways.
The biggest annoyance is one that’s really stupid on Apple’s part. I love reading, and I buy lots of books. Apple makes it really difficult for me to give them money, because they make it hard to discover books.
The iBookstore interface has been “streamlined.” That means that you can’t actually browse all of the books in the bookstore. If the book you want isn’t in a top-sales list or an indifferently-curated list, you’ll only find it if you use the search function to go looking for it.
There once was a button that purported to notify you when an author had a new release. It never worked for me, and it seems to be missing now.
It used to be that you could see all books by release date, and search out the new releases in a category. That’s now limited to about 25 books, so you’ll miss books if you don’t check often. That’s especially true when Apple uploads a new dump of shovelware self-published books into a category. These books are treated the same as major author releases from publishing houses, so you have to wade through the crap to find a good book. Apple offers no way to sort out self-published books from the big-league stuff.
They also don’t offer any way to filter out foreign-language books. Your search results for an author will be littered with translations for every language available. In some cases, the title may be the same for the foreign edition; hopefully you notice this before you click Buy Book, or you’ll wind up with a book you can’t read.
Sometimes, new releases in a given genre don’t even appear in the iBookstore interface. If you don’t go searching for them, you won’t find them. I’ve had this problem repeatedly with book series: I will miss a new book because iBookstore never offered me the opportunity to buy it, even though I own every other e-book in the series.
The iBookstore is so terrible at book discovery that I have used all of the following methods to find a new book before searching for it in iBookstore:
- Walking through a Barnes and Noble and looking at the new release section
- Surfing a publisher’s new-releases website
- Surfing Amazon’s website (which sometimes results in Amazon getting a purchase because the paperback or Kindle edition is cheaper than Apple’s artificially supported price tag)
- Surfing third-party websites that track genre new releases
The end result is that it is very difficult to discover new books in the iBookstore, and Apple is leaving money on the table by not letting me know that there are books I would willingly and instantly pay them to access.
Actually Downloading Purchases
Since Apple got rid of the faux-book appearance of iBooks, it seems like the download functionality has been broken. That’s especially true for book updates and books purchased using iBooks for Mac OS.
It’s very rare that I can get a book update to actually load. For months after iOS 8 came out, pushing the update buttons seemed to do absolutely nothing. Now, with 8.4, they seem to work, but they don’t always actually download. When they do, the updated book is marked “new” and pushed to the head of your reading list.
On the other hand, sometimes when you buy a brand-new book, it doesn’t appear on your reading list. It’s there, but buried somewhere in your grid of books. But more about that later.
Buying books in iBooks for Mac was, briefly, of benefit. There was a time that the Mac bookstore interface was slightly better for discovery. That’s not currently true; right now, it’s the same nerfed interface. Worse, iCloud loading of books to the iPad is broken in 8.4. A spinner appears in your book list, suggesting that something is downloading, and the Purchased list shows the books as “DOWNLOADING” and offers no button to stop or restart the process—but the books never load, even if you force-quit iBooks. The only workaround I’ve found is to find the book’s store listing, as if you were purchasing it on the iPad, and then tap the “stop download” progress button that’s visible only in that listing. You can then tap the iCloud icon to download the book. Of course, the UI doesn’t update to reflect a successful download.
Since iBooks got the Jony Ive-approved interface, downloading has been broken to one degree or another.
Finding Your Book
I think that the original author of iBooks never considered people like me, who might have hundreds or even thousands of books on their iPad. The list can get unwieldy.
But Apple’s solution to the problem is worse. In recent editions, books automatically stack by author or series—I’m not sure which, and there’s no indication or control over how it happens. There’s also no way to turn it off or adjust it. So, to find an older book, you need to use text search, switch to list view, or hope that you find the right stack where it’s hidden.
That’s not as big a problem as when you buy a new book and, for unknown reasons, iBooks decides to sort it somewhere into the middle of your book list. From the start, iBooks organized its book covers in order of purchase or import, with the newest books at the top. As you bought books, they appeared at the start of the list. Lately, sometimes you will buy a book and it’s not there. The store shows that it’s purchased and downloaded, but it’s not where you expect it. You have to search for it to find it. It’s like iBooks is playing keep-away with you.
At least iBooks 8.4 seems to have addressed the issue where you buy a book and it never actually downloads until you tap the get-from-iCloud icon in Purchased a few times.
Instead, as with the last few versions, iCloud apparently has a habit of deleting your books from your device at random, based on inscrutable criteria. It aggressively removes your books, flagging them with a “download from iCloud” icon. There doesn’t seem to be any way to mark a book so that it stays put and won’t get magically deleted. That makes the iPad utterly unreliable for reading offline. Apple has apparently assumed that you will have cellular or Wi-Fi access when you want to read another book, even if it’s the one you just read last week.
Apple’s Way Or The Highway
That’s an ongoing theme in Apple software in the past three years: You will do things Apple’s way, or you won’t do it at all. Yes, Apple has always encouraged a “walled garden” experience, but previously it didn’t completely mandate it for all users. To the extent Apple did, the experience actually worked.
Now, Apple has gone on an oversimplification kick, removing all hints of customization from their apps, even to the point of eliminating the ability to change the sort order of lists. You will use iBooks and Photos the way that the program author likes to use it. You will adapt to Apple’s way of doing things, even if it’s radically different and less useful than the way Apple did things six months ago.
Us old Apple fans used to ridicule Microsoft for that sort of thing. Now it’s Apple forcing it down people’s throats. Awkward and broken software? OS X and iOS are quickly becoming no better than Windows—and in many and increasing ways, worse than Windows.
Apple’s iPhoto was good enough for me. I had thousands of photos in iPhoto. I was comfortable with how it worked… even though it increasingly had odd interface choices, and it was slow, and it had weird bugs that were not being fixed.
I even managed to figure out the very arcane steps needed to move my iPhoto library to an external hard drive. You see, Apple no longer makes any computer that has an officially user-upgradeable hard drive. For years, Apple’s affordable desktop computer, the iMac, has had no option except an external hard drive. Until recently, with the introduction of Thunderbolt, using an external hard drive with an iMac meant FireWire 800 (slow, expensive, and rare) or USB 2.0 (incredibly slow). But I figured it out.
Instead of fixing iPhoto, Apple decided to nuke it and start over with Apple Photos. And, as Apple has a habit of doing, they were okay with a replacement that removes features present in the old software.
For example, in iPhoto you could call up a map view of your photos. By moving around a map, you could easily and visually find all the photos you’d taken in a given area, and then view just those photos. Apple Photos doesn’t support this. The only map you get is hidden in the Info palette; it’s a small, non-resizeable map that doesn’t offer any organizational capability at all. The official way to find your photos by location is to use a text search. It’s left to the user to figure out what Apple has decided to call any given set of geographic coordinates, though. It’s like something you’d expect in Windows 95, not OS X from 2015.
iCloud Photo Library
One of the big selling points for Photos was Apple’s iCloud Photo Library. It’s supposed to replace the badly flawed iCloud Photo Stream. But it has fatal flaws. For me, the biggest flaw is that it simply doesn’t work if your photos are on an external drive. iCloud Photo Library requires your photos to be on your boot disk. That’s bad enough if you have a 1TB hard drive that’s simply gotten full. It’s absurd if you have a MacBook Pro with a 128GB or 256GB flash drive. A serious photographer with a DSLR camera, shooting in RAW mode, can easily fill a 32GB SD card in an hour or two of shooting.
(“But Photos isn’t meant for serious photographers!” I hear you muttering. Don’t forget that Apple previously offered a very well-received professional photography application, Aperture. They discontinued it when Photos was introduced, and they indicated that Aperture users should migrate to Photos. So, someone at Apple thinks Photos is suitable for serious photographers, as ludicrous as that sounds.)
Apple apparently expects that users with hundreds of gigabytes, or even terabytes, of photos will use iCloud Photo Library to store them all. But that’s not reasonable given the storage pricing. For the number of photographs I had accumulated—virtually all of them from before I had a DSLR—I would have needed the 500 GB plan, at $9.99/month. That means paying Apple $120/year in perpetuity to have space for just the photographs I have today. The 1TB plan more than doubles that, and there’s no plan beyond 1TB. Those prices for the larger storage buckets substantially exceed storage prices from competing cloud services.
Plus, by forcing you to move the bulk of your library to the cloud, Apple’s ignoring that most people have to pay for bandwidth one way or another. Whether it’s a cap imposed by your cable company, or the direct limit of a cellular data plan, at some point sending and receiving large photo files via iCloud is going to cost even more.
By making Photos incompatible with external hard drives and local network storage, Apple is baldly trying to fence customers into paying them for cloud service… and Apple has a long history of problems with their cloud services.
In iPhoto, it wasn’t hard to organize your photos by the people appearing in them. Okay, the face recognition was often unintentionally hilarious. You could rely on any set of imported photos having at least one phantom face in the bark of a tree, the grass of a lawn, or the fabric of a sofa. And the manual tools worked differently from any other rectangular selection you’d ever used on a Mac. But it worked, and when it was done you had a grid of faces and names you could quickly scroll through to find a person. (Granted, it was a graphic nightmare of Comic Sans-esque type on faux corkboard, and it was sorted by first character rather than last name, but it worked.)
Photos? What a mess.
To start with, it took me two hours to figure out how to add new faces in the first place. Jony Ive is in love with circles, so we get circles; rectilinear grids are passé, so we get a hexagonal grid with extra whitespace and strangely-aligned text. This is combined with Apple’s sans-serif font du jour for an utter train-wreck of human-interface graphic design.
The top row of faces is extra large. It’s not clear why. It’s also not clear how the faces are organized. I’m guessing it’s by frequency of appearance or something; it could just be random. It certainly isn’t alphabetic. There’s no way to change the sort order, either. So, if you’re looking for pictures of a certain person, you’re forced into using the Search text box, because otherwise you’re going to be scrubbing through a non-rectilinear grid of circles arranged randomly looking for a small circular punchout of their face subtitled with small text. Oh, and you can’t change how many faces you get on the screen, either. There’s no control for changing the zoom level, but if you resize the window, you don’t get more faces—they change size to keep the number of circles on screen constant. If you make the window as narrow as Photos will let you, you get illegible faces combined with absurdly short labels that run into each other, an “unidentifiable” twofer.
Nor can you change what part of the “face” is displayed in the circular punchout. You apparently get the center of the rectangular area you defined in iPhoto. With luck, that’s positioned well enough to give you some clue who you are looking at. You can’t change the positioning unless you delete the face tag and recreate it for the photo.
At the bottom of the faces area in Photos is a strip of “Suggested Faces.” It’s not immediately obvious what this is supposed to be. It’s replacing the iPhoto mode where you could look through photos with unrecognized faces and assign them.
In human-factors engineering, the term “affordance” is used for any feature of an object that suggests a way in which it can be manipulated. For instance, a large flat handle on a door affords pushing; a soft, textured area on an otherwise hard metal rod affords a place to grip the rod. On a computer, affordances can be subtle (the small lines in the corner of a window suggesting a place to grab and resize, now long gone from Mac OS) or obvious (a button to click, easily identified by its distinctive rounded-rectangle outline and coloration, sadly now an endangered species in Apple operating systems).
Suggested Faces has absolutely no affordances whatsoever. There is nothing to suggest what you’re supposed to do with them.
A single click highlights the face, but no user interface elements appear to suggest actions you might be able to accomplish with the face.
A double-click will bring up a dialog box where you can type in a name. However, that will appear as a pop-out sheet at the top of the Photos window. Since the Suggested Faces bar is at the bottom of the window, you may not even notice the sheet—especially if you’ve got a 27″ iMac and you’ve enlarged the window. It took me five minutes to notice the dialog box, and I’m not an idiot.
Right-clicking gives you exactly one option: “Ignore this face.” This comprises two deadly Mac interface sins. First, it suggests that the only thing you can do is ignore the face; there’s no “Name this face…” option. Second, there is no other way to ignore a face. There’s no button, nothing in the toolbar, no menu item. Dragging a suggested face to the Trash does nothing. Ever since Apple introduced right-button support back in Mac OS 8, Apple’s Human Interface Guidelines have clearly said that the right-click contextual menu should never be the only way to do something, for many reasons but chief among them the fact that Apple products come with one-button mice (or nowadays, devices that appear to be, and act as, one-button mice by default). Apple seems to have completely forgotten that important rule.
So how do you tell Photos that a Suggested Face is a face of someone you already have listed? Well, you could do it by starting to type that person’s name and then selecting the automatic match… or you can drag the face onto the face in the grid (supposing you can find it there to begin with).
There’s so many other problems with Photos, but Faces is the part where you can see that Apple no longer cares about making a product that’s easy to use. Apple no longer cares about user-interface rules based on scientific data that it has championed for decades. Apple cares about circles.
SD card handling
One last rant before I stop, though. Photos really, really wants to be your photo application. So much so that whenever you insert an SD card containing photos from a camera, it will open whether you want it to or not. While it does so, it will block any other application from successfully importing photos off that SD card. The only way to stop this is to go into Photos and check the button on the import screen to never import photos off that SD card. You’ll need to do this for each and every SD card you use with photos on it. If a friend offers you photos from their camera, Photos will insist on looking at them first.
The end result of Apple’s investment in replacing iPhoto with Photos for this lifelong Apple user?
I started paying Adobe $10/month for Adobe Lightroom. It works much better than Photos if you’re the least bit serious about photography. It has a working Maps module that even supports loading GPS trail data off your phone. It has working facial recognition. It has absolutely no problem with storing your photos on any sort of external or network disk. It’s better in every way.
And for no extra cost, I can switch to the identical Windows version.
OS X Mail Scrolling
Since OS X 10.10 “Yosemite” came out, Apple’s Mail client has had a simple but annoying bug. The “home” key doesn’t work right.
On previous versions of OS X, if you were viewing a large thread of emails—such as a daily notification that’s always sent with the same subject—you could click in the message pane, push the “home” key on your Apple extended keyboard, and you’d zip right to the top of the list of messages.
Well, that’s still there in Yosemite… but it doesn’t quite work right. The “home” key takes you almost to the top of the list. You then have to scroll about an inch or so to actually view the top of the topmost message.
This is a little detail, a small thing. But it’s annoying. It’s an obvious flaw. And it should be an easy fix. Something’s not right in the code that processes scrolling to the home position. The calculation is a little off. It’s 100% repeatable, and it shouldn’t be hard to nail down the bug in the code.
The flaw started in 10.10, and it’s still present in 10.10.4.
iOS Lock Screen Keyboard
I don’t even remember when this bug first appeared. It was present in iOS 7. It might have been in iOS 6; I don’t recall. It’s definitely present in every version of iOS 8 up through the current 8.4.
Let’s say you have an iPad that’s been configured for a non-“simple” passcode, one that uses letters. Sometimes, when you go to unlock it—either by swiping, or especially by opening a Smart Cover—the keyboard is unresponsive. On iOS 8.4, at least, you’ll know because the Enter and various shift keys will be missing. On older versions, you would only know you’ve hit the bug because your typing does nothing. The only solution is to swipe left, wait a second, then swipe right again to reset the unlock screen. This doesn’t happen all the time, but it happens frequently. I’ve had it happen on a “New iPad” (iPad 3) and an iPad Air.
I’m not saying Apple ever wrote flawless software. But three years ago, it was a lot less likely that Apple software would have glaring errors like this, and if it did, it would be fixed in the next version. I feel like Apple has gotten much worse about fixing flaws like this since Steve died.
I suspect that Apple, despite its size, simply doesn’t have enough programmers to keep on top of all their products. The Apple-centric press often mentions how programmers are being diverted from one project to another, particularly to support the latest new-hotness project. For the last year, it was OS X and iOS getting shorted on manpower to support the Watch. Now there’s rumors that all three of those projects are getting shorted to support the car project. If this is true, Apple desperately needs to hire more staff—or put a moratorium on new projects until the existing ones work right.
Perhaps, without Steve there to fly into a rage at embarrassing, ugly bugs, Apple’s management is more likely to let them slide. After all, it’s mostly cosmetic, right? There are bigger bugs that need work, bigger features and new shiny toys… except that Apple’s meteoric rise was due in part to cosmetics, and very much due to It Just Works—not It Almost Works or It Usually Works (But Not Always).
With a domain name like macwhiz.com, it’s pretty obvious I’m an Apple fan. I’ve owned nine Apple computers (and purchased or influenced the purchase of at least 12 others), three iPods, three iPads, and more accessories than I can count.
But… I’m not so much of an Apple fan lately.
Since Steve Jobs’ death, Apple has started getting things wrong in a big way:
- Apple’s products used to be centered around the idea of “it just works.” But current Apple products no longer just work. Often, they fail to work in weird ways.
- Apple products used to be easy for beginners to use, but had great power for advanced users. Lately, Apple has oversimplified their products, removing features needed by advanced users—and sometimes even basic features beginners need.
- There was a time when Apple’s products had incredible physical design that was exceptionally natural and easy to use while also being gorgeous. Now, many Apple products have uncomfortable or awkward design choices that still look good, but make for a flawed product.
- The number of bugs in Apple products has been increasing greatly. It’s becoming uncommon for Apple to release software that doesn’t have a major flaw.
These are sweeping generalizations, I know. Consider this a new thesis statement for this blog, for the next while. I’ll be elaborating on these generalizations in future posts. I’ve tried writing to Apple management, and submitting bugs to Apple engineering, but I don’t feel like Tim Cook and his staff truly grasp just how disillusioned their most faithful customers are feeling at this point.
So how does the tank monitor actually work?
The sensor unit sends out an inaudibly high-pitched burst of sound toward the surface of the oil in the tank. When it hears the echo off the surface of the oil, it returns a pulse on the SIG line. That pulse is as long as the time between sending and receiving the echo.
Continue reading »
Now that I’ve got a sensor unit for measuring the heating oil left in my tank and the interface board and Raspberry Pi needed to do something with it, it’s time to write software that can actually do something with all this hardware!
Continue reading »
Now that we’ve built the sensor for our Raspberry Pi-based oil tank monitor, it’s time to build the interface and integrate the Pi hardware.
The interface is pretty simple. For the I2C bus, it’s pretty much just wiring jumpers to terminal blocks. For the Ping))) sensor, there’s a bidirectional voltage divider to adapt the Ping)))’s 5-volt interface to the Pi’s 3.3-volt logic. (This board was a lot more complex when I was playing with the I2C bus extender!)
- J1: Six-pin male header. I chose a right-angle header.
- J2–J4: Two-position screw terminal.
- C1: 100nF ceramic capacitor (noise filter).
- R1: 330-ohm 1/4-watt resistor
- R2: 1.8k-ohm 1/4-watt resistor
- R3: 3.3k-ohm 1/4-watt resistor
- D1: 1N5226B 3.3-volt Zener diode
- D2: 1N6263 Schottky diode
Except for the headers and terminals, I got these parts out of the following parts kits available on Amazon. They’re nice kits if you need an assortment of standard parts:
- JoeKnows Electronics 1/4W 86 Value 860 Piece Resistor Kit
- JoeKnows Electronics 33 Value 645 Piece Capacitor Kit
- JoeKnows Electronics Semiconductor Kit (320 Transistors & Diodes)
After testing the circuit on solderless breadboard, I wired it down onto a SparkFun Solder-able Breadboard. These neat little boards have internal traces that match solderless breadboard, making it easy to transfer designs over.
I used a spare length of Cat3 wire to make the jumper connections. I was careful to match the wire colors to the colors used on the sensor lead; this makes it easy to match up which wire goes to which terminal.
A set of female-female jumpers is used to connect the board to the Raspberry Pi’s GPIO connector. Any GPIO pin can be used for the Ping))) sensor, but I chose GPIO 4 to keep everything close together.
In the picture above, the jumpers connect to the following pins, in order of appearance:
- RED: Pin 4 “+5V”
- BLACK: Pin 6 “Ground”
- BLUE: Pin 1 “+3.3V”
- YELLOW: Pin 3 “SDA”
- GREEN: Pin 5 “SCL”
- BLUE: Pin 7 “GPIO 4”
I also connected a PL2303HX USB to TTL UART serial adapter cable to the Pi, for use as a console. The PL2303HX is cheap, so I’ll just leave it attached for convenience. It attaches as follows:
- WHITE: Pin 8 “UART TXD”
- GREEN: Pin 10 “UART RXD”
- BLACK: Pin 14 “Ground”
- RED: Wrap in electrical tape and zip-tie out of the way. This cable supplies +5V from the USB connection when the cable is plugged in; it’s of no use here.
For Internet connectivity, I added a Linksys USB10T Ethernet adapter I had sitting around. This interface is only 10Mbps, but that’s plenty for this use. The USB10T uses the Pegasus chipset and is supported out of the box by Raspbian Linux. Because my oil tank is a short distance from my home’s central Ethernet switch, it made sense to use the wired hardware. You could use a WiFi adapter, or use a Raspberry Pi B+ board with built-in Ethernet.
To hold all this stuff, I found an old electrical time switch with a mechanical clock movement inside. The clock movement popped right out, giving me a nice metal case with pre-drilled holes and wall-mounting brackets. I drilled a few holes and secured the boards with appropriate screws, nuts, and nylon standoffs. (I carefully used M3 screws, but it was a tight fit for the Pi. You should use M2 screws and standoffs.)
The Pi is mounted on two sets of 6mm standoffs to provide extra clearance for the USB cable over the interface board. The network adapter is attached to the lid of the case using a large piece of industrial-strength Velcro. I attached a three-foot Ethernet cable to the adapter and threaded it through the case, attaching a zip-tie to keep it from being pulled out too far. I will run an Ethernet jack next to the unit. In the meantime, an 8P8C modular coupler lets it attach to a longer Ethernet cable. The USB power cord and sensor cable are held in place by the standard electrical clamp.
My house is heated by an oil-fired hot-air furnace. The oil tanks are in the far corner of the basement. Occasionally, I’ll walk over and glance at the float gauge to see if it’s time to order more oil. Often, I forget to check for a while, and then it’s a panic…
Now that computing power and electronic components are cheap, I set out to see if technology could solve my problem! There are a number of commercial solutions, but they’re all quite expensive. Some of the commercial level sensors cost hundreds of dollars themselves, not including anything to actually display the level!
I drew inspiration from Mike Podruchny’s blog, where he describes building an ultrasonic tank sensor for an outdoor tank using an Arduino. As a professional UNIX geek, I’m partial to the Raspberry Pi instead—and with the new Model A+, the Pi can be a cheaper solution if you’re looking to use a ready-made microcontroller.
My monitor features:
- Controlled by a Raspberry Pi running Raspbian Linux
- Collects oil level data from a Parallax Ping))) ultrasonic distance sensor
- Calibrates the Ping))) with temperature data from a SparkFun TMP102 temperature sensor
Continue reading »
Encryption software can do two things for your email: It can sign your messages, to prove that it was you who sent it and that the message wasn’t altered in transit; and it can encrypt your messages, so no one but the recipient can read the contents.
There are two standard methods for encrypting e-mail: PGP and S/MIME. Most security types like PGP (or its open-source clone GPG), because it’s been around for a long time. The problem is that PGP requires a certain amount of technical savvy to use safely, and it can be awkward to use. That’s especially true on Apple products. While a GPG plugin is available for Mac OS, in my experience it doesn’t work very well. It seems to crash a lot, it breaks with every new Mac OS version, and it’s no longer free.
The alternative is S/MIME, which is an official Internet standard. S/MIME has long been the bastard stepchild of e-mail encryption, largely because it’s more complex to set up and keep up. However, Apple’s Mail programs on Mac OS and iOS both support it, as does Microsoft Outlook on Windows. There are plenty of S/MIME compatible mail programs.
Setting up S/MIME for your Apple products isn’t that hard. Even if you normally prefer PGP/GPG, it’s a good idea to set up S/MIME as well. Here’s a step-by-step walkthrough.
In this example, I’m presuming you have a Mac and one or more iOS devices (iPhone, iPad, iPod). It’s possible to set up S/MIME directly on an iOS device, but I’ll leave that to someone else to figure out. Here, I’ll show you how to set up S/MIME on your Mac running 10.9 “Mavericks” or 10.10 “Yosemite”, and then transfer that S/MIME certificate to your iOS 7 or 8 device.
Getting an S/MIME certificate
To use S/MIME, you must obtain a SSL Certificate for your e-mail address. To be useful, you need a SSL certificate that is signed by one of the major Certificate Authorities (CAs). The “big” commercial CAs are already trusted by most operating systems. (It’s possible to generate a “self-signed” SSL certificate on your own, but that will generate “untrusted certificate” errors for your correspondents unless you make them do extra work.)
There are several CAs that will give you a “Class 1” SSL certificate for your email address. That’s the minimum you need. You can get “better” certificates that provide a stronger proof of your identity. If you don’t already know you need a better SSL certificate (and how to get one), you’re almost certainly fine with a Class 1 certificate.
StartCom offers a basic Class 1 SSL certificate at no charge. It’s good for a year. You can get a new one at no charge when it expires. For personal e-mail, it’s sufficient.
To get a StartCom SSL certificate:
- Go to https://www.startssl.com in Safari. (It’s important that you use Safari.)
- Click the “Control Panel” button at the top right of the page.
- Click “Sign-up”.
- Enter your name and address. Enter the e-mail address for which you want a certificate. Make sure you spell it correctly. Click Continue.
- A pop-up message will appear asking you to verify that you’ll comply with the StartCom policies. Do so.
- Your browser may seem to take a while to load. Don’t hit reload or quit the browser. During this time, your browser and the CA are negotiating your new key.
- A new screen will appear asking you to enter a verification code. Check the e-mail account you entered; it should be there. Copy and paste it into the field. You need to do this within 15 minutes, or you’ll have to start over.
- You’ll be asked to verify what grade of key you’d like to generate. I recommend you select “2048 (High Grade)”.
- After clicking “Install” on the next screen, Safari will download the new key and start the Keychain Access program. You may see its icon bouncing in your Dock. Click the Keychain Access icon in the Dock.
- You should see your new key listed under the “login” keychain, in the “My Certificates” category.
Getting more SSL certificates
If you have more than one e-mail address, you can get additional SSL certificates now. Go to the StartSSL Control Panel and click on Validation Manager. This will let you validate the new e-mail address. Once you complete the validation process, you can click Certificate Manager to create a new certificate for the additional address. When Certificate Manager asks you to choose between SHA-1 and SHA-2 (Advanced), select SHA-2.
Installing your S/MIME certificate in Apple Mail
- If you already have Mail running, quit it and restart it. That will load the new key (presuming the account is already set up in Mail).
Using S/MIME in OS X Mail
Any message you send from an account that has a valid S/MIME certificate will automatically be signed. In the new-message window, you’ll see a checkmark icon near the subject line. It will be dark (10.9) or blue (10.10) to indicate the message will be signed.
When you receive a message that is signed with an S/MIME SSL certificate, you’ll see a similar blue checkmark next to the sender’s name in the message. Mail will automatically remember that SSL certificate.
To encrypt a message, you must first have the S/MIME SSL certificate for each recipient. Click the padlock icon near the subject line so that it’s a closed padlock. This enables encryption. If you cannot click it or it is greyed out, you’re missing the SSL certificate for one or more of the recipients. The easiest way to get someone’s SSL certificate is to ask them to send you a signed message.
To see if you have a valid SSL certificate for a recipient, check the Contacts application. A checkmark-in-a-seal icon will appear next to each email address that has a valid SSL certificate on file.
Installing your S/MIME certificates on iOS
Once you’ve got your S/MIME certificate installed on your Mac, you can transfer it to an iOS device.
Part One: Export the certificate from your Mac
- Open the Keychain Access application. If it’s not already open, you can find it in the Utilities folder of your Applications folder.
- Select the “login” keychain from the Keychains list on the upper left side of the Keychain Access window.
- Select “My Certificates” in the Category list on the lower left side of the window.
- On the right side of the window, a list of certificates will appear. Find the one that’s associated with your e-mail account. If there’s more than one, check the expiration-date column and select the one with the most recent date. However, do not select one that has a red X on its icon; such certificates are invalid.
- Choose “Export Items…” from the File menu.
- Select the “Personal Information Exchange (.p12)” file format. Give the file a suitable name, and save it someplace safe. I suggest that you do not save it to cloud storage (iCloud, Dropbox, etc.)
- You’ll be prompted to create a strong passphrase for the file. This will be used to secure your certificate while you move it. It’s important that you choose a very strong passphrase. I recommend using a random password that’s at least 20 characters long, or a phrase made up of six or more random words.
- Now that the .p12 file is created, e-mail it to yourself.
Part Two: Import the certificate on your iOS device
- Open the Mail app and find the message that contains the .p12 file. Tap the file icon to load it.
- An “Install Profile” popup will appear for the Identity Certificate. Tap “Install”.
- A warning that this is an unsigned profile may appear. If that happens, tap “Install Now” to acknowledge it.
- You will be prompted for your Passcode. Enter the passcode you use to unlock your iPad or iPhone when it’s at the lock screen. (You do have a passcode set, right?)
- You’ll then be asked for the password for the certificate. Enter the passphrase you came up with when you created the .p12 file on your Mac.
- You may see a note that the certificate is “Not Trusted“. That’s okay.
- Push the Home button. Find the Settings app and start it.
- In Settings, find “Mail, Contacts, Calendars” and select it.
- In the list of accounts, find the account for this e-mail address and tap it.
- Tap the “Account” line.
- Scroll down until you see “Advanced”. Tap it.
- Scroll down until you see the “S/MIME” section.
- Make sure “S/MIME” is turned on.
- Tap “Sign”. Make sure that the certificate for this account is selected, and that Sign is turned on. (If you tap on the (i) icon, you should see that the certificate is “Trusted“.)
- Tap “< Advanced” or “< Back” to go back to the Advanced screen.
- Tap “Encrypt by Default”. Again, select the correct certificate, and make sure Encrypt by Default is turned on.
- Back out until you’re at the Account screen, and then tap Done to accept the changes.
- Repeat the above steps for each additional iOS device you use.
- When you’re done with all your iOS devices, delete the email containing the .p12 file so no one can get a copy by hacking your e-mail account!
- Repeat the above steps for each additional e-mail account you need to set up.
Using S/MIME in iOS Mail
iOS Mail will automatically sign any messages you send from an account that has a valid S/MIME key installed.
Unlike OS X Mail, iOS Mail does not automatically remember the S/MIME certificate from a signed message. If you receive a signed message, you need to manually add the key to use it for encryption later:
- Tap the recipient’s name in the “From” header. (It will have the checkmark-of-quality indicating a valid S/MIME certificate.)
- When the recipient-address pop-up appears, tap “View Certificate”.
- Make sure that “Trusted” appears next to the Install button. That indicates that the certificate is valid.
- To install the certificate, tap “Install”.
- Tap “Done.”
- Tap outside the address pop-up to close it.
When you send a message, iOS will automatically encrypt it if you have the recipient’s S/MIME certificate. When you compose mail, you’ll see “Encrypted” at the top of the window. That will appear so long as you have S/MIME certificates for all the recipients. If you enter an address for someone for whom you have no certificate, the header will change to “Not Encrypted“. You’ll see blue padlock icons next to each recipient whose certificate you possess, allowing you to see who the insecure person is.