Tag: iOS

I’m Running Late Setback: Can’t Send Texts in the Background

TimeHorse May 18, 2020 No Comments

Originally, I wanted to implement an texting in the background for the I’m Running Late iOS app. After all, the whole idea of the app is that you may be stuck in traffic and not really in any position to send the I’m Running Late while you’re driving or otherwise indisposed in transit. If you in the car, for instance, sending that text, even if it just means clicking the Send Button, is dangerous. It totally defeats the purpose.

The idea of I’m Running Late is it’s a background process like cron for the iPhone. It just programs events based on the clock and your calendar, then, when the grace period begins, if your Sat Nav notices you’re not within a prescribed number of meters from your event location, it automatically informs the host—or your boss—that you’re running late.

How is this not a thing?

It’s not a thing because Apple‘s philosophy is, if you can send one text without consent, you will be able to spam infinite texts without consent. But, the thing is, the App Review team should be able to detect of an app was abusing the option to text without consent, so why prevent this safety feature when you could just stop it from being abused?

For the record, texting without consent is a safety feature. When you’re driving to an Event, it’s dangerous to have to look at your phone and hit a consent button. Forcing the user to do so may even violate some state laws. Yet, you want to send the text because you are running late, yet you can’t because you’re stuck in traffic.

Sadly, you need a user interaction to send an email too.

With both options stupidly closed by Apple, making this very important use case at first impossible to solve, the only option left is to send the text via a GET Query, for example, to a web service, and rely on the web service to send the text.

One such service is Twilio. Twilio seems to be the leader in Web to SMS transactions. Unfortunately, as far as I can tell, Twilio is a paid service and I’m still trying to figure out how this service works. I created an account and want to test it, but if all users of I’m Running Late are going to be using the service, I’m sure I will have to set it up as a business account.

One possibility I’m considering is having a monthly fee to use I’m Running Late, that I can use to pay Twilio for the use of their service. However, I want the fee to be small, like 15¢ per user per month. And then, say if Twilio costs $15 per month for one hundred users, then one hundred I’m Running Late users would completely cover the cost and I won’t need to let TimeHorse, LLC go further into debt.

The question is, though, what if I have less than one hundred users. In that case, I may have to disable the service or come up with some poor-man version on this very server. Initially, all text message requests could come here, and when the numbers crack one hundred, I can tell I’m Running Late to switch to the Twilio server.

On the other hand, maybe I’m going about this all wrong. IIRC, all Teslas are running Linux. And if the Tesla is connected to the driver’s Phone, and it knows the time, and it has the Phone’s calendar, then surely it could have an app that texts the Event organizer when the driver is running late.

And I could write that code!

Hear that Tesla? You could be bidding on me, because I’m still available for hire but my rates are going up with all the offers!

I’m Running Late

TimeHorse May 15, 2020 1 Comment

My boss doesn’t understand how hard it is to text when you’re stuck in traffic. That’s why he wants to fire me. That’s why I’m looking for a new job. And I will continue to consider a better offer and say goodbye to just under 18 years of Federal Service, but I think I’ve come up with a better way!

The thing is, if I’m running late because I’m stuck in traffic—or in a car with a lackadaisical Uber driver who won’t listen when I tell him I need to get to work on time—I might just have a solution. I could build an iOS app to text my boss for me!

I’m not actually sure I can do this. My app would have to always be running or at least be run at certain times when I would be expected to text. The idea would be, it would trigger at a fixed interval before the time I’m supposed to be at an Event, and if I’m not, say, within 100 m of that location, automatically send a text saying I was stuck in traffic and running late.

Phase one will be to build the app framework. Once that’s done, I want to see if I can have my app generate a text in the first place. I wouldn’t be surprised if iOS disallows that, so that’s why I want to determine that first.

Phase two will involve me setting a timer and providing a notification when the timer dings warning that, if the notification isn’t dismissed, the text will be sent.

Phase three will involve getting the GPS location of the phone and comparing it to the location of the Event to see if the phone is within 100 m, and if so, it will disable the text. I will then add a grace period where you must send the message by. For instance, if you’re due at the Event at 10:00, and you set the grace period to 15 minutes, the text goes out at 09:45, well before the Event is scheduled to begin.

Phase four will read your calendar to automatically generate alarms and warning texts. This will be filterable so that only events you choose will send out the text warnings. Each event will have to have a text number associated with it, but that shouldn’t be too hard if I also give the App access to the owner’s Contact List where you can select one or more numbers from.

I hope to have all that code complete, tested, and submitted to the App store by 1 July. I don’t know if I’ll have the time—or even if the texting is possible—but the beauty of this App is it’s extremely multi-functional. It doesn’t just need to be about getting to work, it can be for any appointment where you’re likely to be stuck in traffic or otherwise would have difficulty generating a text in a timely fashion.

I know for my part, when the world is collapsing on me and someone commits grand larceny against me or I get a $2,000 tyre repair bill for a slow leak, and thus am frazzled and having trouble remembering my name never mind to text when I’m running late, I won’t get fired because I arrive at 10:05. And that’s a very good thing!

Feel free to track my progress and remember, though job offers keep coming in, I remain available for hire!

You can have any star you want, as long it is gold

TimeHorse April 7, 2020 No Comments

One huge flaw with Google‘s iPhone app for Gmail is that it doesn’t support multiple star types. You are only allowed a gold star, while with the computer-based web interface, you can have many different colour stars, warning, and other alerts.

This is a huge oversight in the GMail app compounded by the fact that the applications like Safari, which allow the user to simulate Desktop browsing crash when you activate the standard web interface and try to select a star colour other than gold.

It used to be you could just open up a desktop browser session to manually set the star level but now even that doesn’t work and still the app can’t handle it.

Stars are a very useful aspect to GMail. With stars you can denote more than just that an email is important, but why it is important. For instance, I like to use the blue stars for coupons. I don’t want to mix coupons in with stars to indicate a SpamGourmet email address is about to expire.

This, in my opinion, is a major flaw to the Apple iOS GMail app and I hope someday they add an option to modify star type because I had to spend two hours today unable get my coveted blue star and ended up having to get out of bed and go to the computer just for this very simple action.

As a software, I know they could do better. As a software engineer, I may just end up doing better. Thanks to the Python interface to Google, I likely will do better.

So unless they want to hire me, bugger you, Google!

Meetup Online: It’s Okay to Zoom

TimeHorse April 5, 2020 2 Comments

As an Internet Security professional, I have heard some folks expressing dismay over various security issues in the Zoom video conferencing package and the MatterMost chat services. I may do a piece on MatterMost at a later date, but for now I want to focus on Zoom because Zoom is what Meetup is suggesting as one of their preferred video conferencing platforms. (The other, Google Hangouts, is limited to ten people and thus isn’t practical for a number of the meetups I run.)

The thing is, many of the earlier security issues which plagued Zoom at the beginning of the recent surge in online meetings have been solved. Tom’s Hardware wrote a very insightful analysis of these issues in a recent article by Paul Wagenseil, Zoom privacy and security issues: Here’s everything that’s wrong (so far).

Most of the issues covered have already been patched, such as UNC password theft under Microsoft Windows. This was a rather insidious security flaw but fortunately the folks at Zoom stepped up to the plate and patched.

iOS profiling also seems to be fixed. Since I do a lot of my Zoom conferencing, with the National Popular Vote Interstate Compact grassroots coalition, on the iPhone, this has been a great relief. Now, though, I do most of my meetup Zoom conferences on my laptop.

The decrypting of streams at the Zoom servers and re-encrypting them as they go out to the far-end client is at first blush worrisome, but that in part is necessary for folks recording their zoom sessions and though it puts a vulnerability at the level of Zoom staff, one hopes Zoom is careful with whom it employs. But it must be said, nothing I do on Zoom is something I would be embarrassed about were it to leak. I nonetheless want to do everything in my power to make sure it stays secure and I’m happy to hear Zoom is looking into closing this security flaw.

The auto-download for Macintosh is worrisome but again I am happy to say this practice is also ending as it is a backdoor that Zoom can use to allow third party software onto ones Mac. Zoom also has ceased allowing team profiles to share email addresses, though this is not a feature I’m using for any of my Zoom conferences.

As for recording leaking onto the Internet or folks joining your conference uninvited (Zoom Bombing) or war drive scanning Zoom to find your conference, all of these can be solved by user diligence. It’s important to be mindful of who you let into a conference, and don’t let just anyone have access to your recordings. For my Writing Groups, only myself, the account owner, and the persons being reviewed will ever have access to the recordings, and if the reviewed doesn’t need the recordings, we will delete them.

Also, as of this morning, 5 April 2020, at 0:00 UTC, Zoom now requires passwords on all new Zoom events. Thus, even with a Zoom ID scan, you won’t be able to get into the meeting without the password and although the URL can encode the password in an obfuscated way, simply scanning Zoom IDs will not get you into the conferences. And even if you did, I’d still have to approve you. I won’t.

Zoom
The Zoom Logo

Overall, I’m quite happy with Zoom and hope to use it all through Covidapolis. Overall, I give it this Security Engineers line of approval. And please note, I am available for hire if you like what you see!