On the bugginess of El Capitan

I never updated my home Mac Pro to El Capitan. To paraphrase Borges, each successive Apple OS release since Snow Leopard makes you long for the previous one. Unfortunately I have no choice but to run the latest OS X release on my work Macs as that is usually required to run the latest Xcode, itself required for the App Store.

I did not realize how bad El Capitan was until I upgraded my work iMac (27-inch 5K model) to Sierra last week. Previously, I would experience a mean time between crashes of around 3 days. I thought it was flaky hardware (the problems started from when I unboxed the computer), but couldn’t find the time to take it to the Genius Bar. I had also experienced the same problem with my old home 2009 Nehalem Mac Pro, which I had taken to the office, in fact that’s why I bought the iMac in the first place (and the first one I ordered had to go back because of defective pins in the RAM expansion slots). The Mac Pro had previously been rock-steady at home.

Since I upgraded to Sierra, I haven’t had a single crash. The only possible conclusion is that El Capitan bugs were to blame. The only thing unusual about this iMac is I upgraded the RAM from OWC, but the memory passes testing using Micromat’s TechTool.

I am not one to look at the Steve Jobs era with rosy-tinted glasses, OS X has never had the same level of stability as Solaris or even Linux, but Apple’s hardware and software quality has really gone to the dogs of late, something Lloyd Chambers dubs Apple Core Rot.

I am now starting to hedge my bets and am testing Ubuntu for my laptop computing needs, first by repurposing my 2008-vintage first-generation MacBook Air that is no longer supported by OS X anyway (works, but painfully slow) and soon with a shiny new HP Spectre on order.

Avoiding counterfeit goods on Amazon: mission impossible?

I mentioned previously that I seldom shop for electronics on any more, preferring B&H Photo whenever possible. I now have another reason: avoiding counterfeit goods.

My company boardroom is in an electromagnetic war zone—dozens of competing WiFi access points combined with electronic interference from the US-101 highway just outside make WiFi reception tenuous at best, and unusable more often than not. To work around this, we set up a wired Ethernet switch, and since most of our staff use MacBook Airs, Apple USB Ethernet adapters purchased from Amazon. When I side-graded from my 15″ Retina MacBook Pro to a much more portable 12″ Retina MacBook, I wasn’t able to connect using the dongle, and the name of the device was interspersed with Chinese characters. At first I thought it was an issue with my Satechi USB-C hub, but I experienced the same problems via a genuine Apple USB-C multiport adapter as well.

Eventually I figured out the Ethernet dongles were counterfeit. The packaging, while very similar to Apple’s, was just a tiny bit off, like amateurish margins between the Apple logo and the edges of the card. On the dongles themselves, the side regulatory disclosures sticker was inset, not flush with the body of the adapter.

Counterfeiting is a major problem. By some accounts, one third of all Sandisk memory cards worldwide are counterfeits. In some cases like chargers or batteries, your equipment could be at risk, or even your very life. The counterfeit adapters we purchased from Amazon did not come from Amazon themselves but from a third-party merchant participating in the Amazon marketplace. To Amazon’s credit, we returned them for a prompt, no questions asked refund even though we bought them over six months ago, but it is hard to believe Amazon is unaware of the problem rather than willfully turning a blind eye to it.

My first reaction was to tell our Office Manager to make sure to buy only from Amazon rather than third-party merchants (pro tip: including “amazon” in your Amazon search terms will do that in most cases). Unfortunately, that may not be enough. Amazon has a “fulfilled by Amazon” program for merchants where you ship your goods to them, and they handle warehousing and fulfillment. These “fulfilled by Amazon” items are also more attractive to Prime members. One option Amazon offers is Stickerless, commingled inventory where the items you send are put into a common bin. Amazon still has the ability to trace the provenance of the item through its inventory management, but for purposes of order fulfillment they will be handled just like Amazon’s own stock. Some categories like groceries and beauty products are excluded, but electronics are not.

The implications are huge: even if the vendor is Amazon itself, you cannot be sure that the item is not counterfeit. All the more reason to buy only from trustworthy, single-vendor sites like B&H, even if shipping is a bit slower.

Mac Pro first impressions

I received my late 2013 black cylinder Mac Pro last Monday. I ordered the 6-core model with D700 GPUs, since the higher-core models can’t Turbo boost to the full 3.9GHz the 4-core and 6-core ones can, and thus for most poorly-parallelized apps will underperform. I had to get a Promise Pegasus J4 with a pair of Samsung 840 Evo SSDs to hold my files, as I need nearly 2TB to do so and that is not available on the internal SSD, and it would be a shame to hobble this machine with spinning rust.

Some notes I have not seen in the many reviews sloshing around the Internet this far:

  • It is not actually black, rather a dark metallic gray, the color of hematite.
  • The TOSlink digital optical out is now capable of 192kHZ/24 bit audio, whereas the old Mac Pro was limited to 96 kHz. Unfortunately, it is very hard to find POF cables and DACs that can reliably sustain that data rate.
  • It is dead quiet compared to the old Mac Pro, and even my work iMac.
All in all, a remarkable engineering feat. A HP Z820 may have more memory capacity, expandability and total horsepower in its BMW-designed case, but Apple is the one pushing the envelope in terms of design.

Fixing Mac software update NSURLErrorDomain error -1012

Software Update for system components on my home Mac Pro has not worked in a while, and I have had to resort to manually downloading and applying updates. The updates just wouldn’t appear in the Mac App Store app where they normally should.

After upgrading to Mavericks, I finally figured out why. Instead of silently ignoring the updates, Mavericks displays a not-so-helpful error message “NSURLErrorDomain Error -1012”. On inspecting network traffic from the App Store app, I noticed it connects using TLS 1.2 to, then aborts. It then hit me – in 2011, after Comodo was hacked, apparently by elements affiliated with the Iranian government, I revoked the trust setting on their root certificates. The certificate for is signed by Comodo, and thus Software Update could no longer establish a secure connection to Apple and that’s why it was failing.

This is not the only time a Certificate Authority was hacked. Dutch CA Diginotar, which included the Dutch government among its clients, suffered a breach, apparently also involving Iran. Microsoft, Mozilla, Google and Apple promptly revoked Diginotar’s root CA certificates, which quickly led to the company going out of business. I guess Comodo is larger (the EFF calls them “too big to fail”) and better politically connected (it helps when you have people like Phillip Hallam-Baker on the payroll), and managed to elude the same punishment it richly deserved.

Apple should really step up its game and ditch a security provider which demonstrated incompetence at its alleged core competency, and I filed Radar bug report 15328323 to urge them to do so. In the meantime, the way to fix the error message is to temporarily reinstate trust in the Comodo root CA.

Update (2015-10-29)

At some point in the last 2 years they switched from Comodo to Symantex (probably 2014-04-13 when the current certificate was issued). Unfortunately, Symantec has its own problems.

Street sweeping reminders in iCal

Parking signSan Francisco sweeps streets twice a month in residential neighborhoods, and you will be fined if your car is parked on a street being swept. On my street, the schedule is the first and third Monday of each month, between 9am and 11am. I was trying to create reminders to myself in my calendar. Unfortunately, iCal does not have the ability to specify a recurring event with that definition.

No matter, Python to the rescue, the script below generates a year’s worth of reminders 12 hours before the event, in iCal vCalendar format. It does not correct for holidays, you will have to remove those yourself.

"""Idora street sweeping calendar - 1st and 3rd Mondays of the month 9am-11am"""
import datetime
Monday = 0
one_day = datetime.timedelta(1)
today =
year = today.year
month = today.month

def output(day):
  print """
SUMMARY:Idora street sweeping
""" % {
    'end': day.strftime('%Y%m%dT110000'),
    'start': day.strftime('%Y%m%dT090000')


for i in range(12):
  day =, month, 1)
  while day.weekday() != Monday:
    day += one_day
  output(day + 14 * one_day)
  month += 1
  if month > 12:
    month = 1
    year += 1