First week with the Apple TV 4th Generation

Last Friday I received my new 4th Generation Apple TV (note to people living in Southern California‚Ķdon’t pay extra for rush shipping from Apple as products shipped from Apple tend to arrive quickly) and I’ve been playing with it on and off since. For years now, I’ve been looking for the best way to handle my family’s video entertainment needs. I’ve played with a number of streaming boxes including the Apple TV 1st generation, Apple TV 2nd generation, Roku 3, and Fire TV 1st generation. With the exception of the 1st generation Apple TV, all the boxes have served some of our needs.

When my wife first wanted to watch Netflix, I bought the 2nd generation Apple TV as watching it on our Nintendo Wii was not really something I wanted to do. At the time, we were recording shows with El Gato’s EyeTV and playing it through a Mac Mini. Having 2 devices was not ideal, so I pieced together a setup to put the EyeTV recordings into iTunes and then play them on the Apple TV. This setup worked quite well for several years.

Two years ago when I bought a new Vizio TV that had Amazon Prime Video (and Netflix) as apps in it, I tried to use it and found the UI to be impossible to use. I had heard good things about the Roku, so I purchased one. That left me with 2 boxes, one for Amazon Prime Video/Netflix and one for recorded TV shows. I saw that Roku had a Plex app on it, so I setup Plex, changed my setup to move TV shows to Plex and I was basically back down to 1 box (except for AirPlay). Last year, I was given a Fire TV which had Netflix, Amazon Prime Video (obviously) as well as the ability to play games. It also had a Plex app so I was hopeful that this box could be the box and it would give my son the ability to learn to play some video games (yes, I know I’m corrupting my son by wanting him to play games!). Unfortunately the Fire TV’s UI (1st generation box) was pretty poor and difficult to navigate. It does have “X-Ray” for Prime Video so it has stayed in use for that as well as some games (my son likes Minecraft). I wrote about the Fire TV before.

So where did that leave me before the new Apple TV? Well, we still used the Roku 3 for most of our watching, but switched to the Fire TV for games and Amazon Prime Video. The Apple TV was only used for AirPlay. Like every streaming box I’ve tried, I was hopeful that the 4th generation Apple TV would replace all the other boxes.

After I unpacked the Apple TV, I put it in place of my old Apple TV in my equipment rack and fired up the TV. Due to issues with RF signals, I was expecting to have to mount it on the wall, but was going to put that off for awhile (turns out the Bluetooth on it is good enough that I can just leave it on the top shelf of my rack). When I started the setup for the Apple TV, I couldn’t understand why moving my finger on the remote didn’t change the menus. Turns out I had the same problem that others have, I was holding the remote upside down. This does continue to be a problem for me that I have to solve. The Apple TV is able to turn my TV on and off using HDMI-CEC which is an awesome feature. Also, the volume buttons control my Vizio sound bar via IR, so the Apple TV remote is on track to be the only remote I need.

On day 1, we were able to watch Netflix and play a few games. I did buy the Nimbus SteelSeries game controller so that we could more easily play games. Pangea had a number of titles available and since I had already bought them on the iPad and the games were universal purchase, I could download them for no additional charge. There were a few other games available as well. My son and I played games and in general, they work well with the game controller. No Minecraft or Goat Simulator, yet, so the Fire TV still has to be connected.

After a few days, Plex appeared on the app store and I quickly downloaded it. It took me about a day to figure out why all my video was being transcoded when being played, but after that, Plex seemed to work well (I had set the maximum bandwidth for the streaming to be 10 Mbps instead of unlimited). The only feature that Plex is missing is the ability to delete episodes. I like the scrubbing and the navigation works well. I do have to train my wife to use the remote and Plex, but that will come with time.

Now that I had a few games, Netflix, and Plex, the Apple TV could become the primary device. I unplugged the Roku (I’ll probably have to plug it back in for my wife until she gets used to the Apple TV, however). I am very close to making the Apple TV the only box we need and I have high hopes that this will happen. However, Amazon has to get off its high horse and port their iPad Amazon Prime Video app to the Apple TV, Minecraft has to be ported as well as Goat Simulator. (Yes, Goat Simulator is a dumb game, but my son loves it.) Given that these are all on the iPad, it shouldn’t be a monstrous effort (famous last words) to bring them to the Apple TV.

I’ve been using the Apple TV for a week and am really enjoying it; I’ve been playing Oceanhorn on it, watching Netflix and TV shows via Plex. My son has been watching Bill Nye via Netflix and playing a few games. He loves the box because one remote turns the TV on and off, changes volume, and he can use Siri to skip ahead; I’m not so enamored by Siri as he is. I really hope to retire the Fire TV, but Amazon Prime Video will likely prevent that from happening.

Even without 4K video (I don’t have a 4K TV and all of my content is at most 1080p), the Apple TV, in my opinion, is the box to get for people that don’t have anything today. For people that already have an Apple TV or another box, the decision becomes a lot more difficult. The Roku boxes work real well for video; they just didn’t have the ability to play many games (casual gaming). The Fire TV (1st generation at least before the promised software update), has a horrible UI. If someone needs/wants Amazon Prime Video, the only real option today (sorry, AirPlay from an iPad isn’t a viable option), is the Roku. The Apple TV has tons of potential and does most of what I need it to do today. I’m quite satisfied with the purchase. (It doesn’t hurt that I managed to get a good price for my used 2nd generation Apple TV on eBay.)

When is zip not zip?

Like most experienced iOS developers, I use an automated build system. A colleague of mine and I have spent portions of the last 2 years building up our system so what we do looks like magic to others! As part of this system, we’ve written tools and put together scripts to package our application as an .ipa (iPhone application). An .ipa file is simply a zip file with the extension changed.

Well, it isn’t that simple. It appears that how the zip is created is just as important as the structure of the package. There are various flavors of zip, libraries that do zip, and other tools that zip. In one of our tools, we were using a zip library. It appears that Apple made a change in iOS 9.0.2 or 9.1 that caused applications created by our tool to not install on devices. However, the problem was only present if the app was installed over the air or through iTunes; installed through Xcode’s Devices window succeeded. After an arduous day of debugging trying to determine the failure point (provisioning is usually to blame for failures and they can be super frustrating), I switched our tool to use the command line zip (/usr/bin/zip) and amazingly the problem went away.

It would appear that iTunes, iOS itself, and Xcode use slightly different methods for unzipping and installing applications. Since Apple’s xcrun command for packaging (PackageApplication) uses /usr/bin/zip, I think it is a safe bet. It is invoked using something like:

/usr/bin/xcrun -sdk iphoneos PackageApplication -v -o MyApp.ipa" --sign "iPhone Distribution: Scott Gruby"

On a side note, it also appears that there is an error in the PackageApplication script found at:


that has:


In Mac OS X 10.10 and higher, this line is no longer valid, so if you use this command, you need to modify the script.

Fixing Missing Sound Output

As I was trying to troubleshoot why my media center Mac Mini froze twice over the last 2 days, I discovered that the sound output didn’t list the Built-in speaker. After a bunch of searches with different suggestions, I decided to reset the NVRAM. The problem is that the Apple support docs say to use Command-Option-P-R at startup and my Mac Mini doesn’t have a monitor or keyboard hooked up to it. After some additional searching I found the following command:

sudo nvram -c

and then a restart. After I did that, the sound output options were back. Yeah! Does this solve the freezes I’ve seen? I have no idea, yet, but at least I know one problem is solved.

The best, underutilized and poorly implemented accessibility feature

[Update – October 21, 2015: It looks like the issues with News have been fixed with the iOS 9.1 update. Yeah!]

iOS 7 brought a feature called dynamic type which moves away from developers specifying exact point sizes for text and instead uses a number of descriptions for fonts.

From UIFontDescriptor.h:

    // Font text styles, semantic descriptions of the intended use for a font returned by +[UIFont preferredFontForTextStyle:]
    UIKIT_EXTERN NSString *const UIFontTextStyleTitle1 NS_AVAILABLE_IOS(9_0);
    UIKIT_EXTERN NSString *const UIFontTextStyleTitle2 NS_AVAILABLE_IOS(9_0);
    UIKIT_EXTERN NSString *const UIFontTextStyleTitle3 NS_AVAILABLE_IOS(9_0);
    UIKIT_EXTERN NSString *const UIFontTextStyleHeadline NS_AVAILABLE_IOS(7_0);
    UIKIT_EXTERN NSString *const UIFontTextStyleSubheadline NS_AVAILABLE_IOS(7_0);
    UIKIT_EXTERN NSString *const UIFontTextStyleBody NS_AVAILABLE_IOS(7_0);
    UIKIT_EXTERN NSString *const UIFontTextStyleCallout NS_AVAILABLE_IOS(9_0);
    UIKIT_EXTERN NSString *const UIFontTextStyleFootnote NS_AVAILABLE_IOS(7_0);
    UIKIT_EXTERN NSString *const UIFontTextStyleCaption1 NS_AVAILABLE_IOS(7_0);
    UIKIT_EXTERN NSString *const UIFontTextStyleCaption2 NS_AVAILABLE_IOS(7_0);

When developers use these instead of say Helvetica Neue 12, a user can change the font size in Settings->Display & Brightness->Text Size.

Text Size

This is generally thought of as an accessibility feature as it helps people who have trouble seeing. However, for people like me who can see well with glasses, larger type is just more comfortable to read. Implementing this is quite easy, but requires a few extra steps like listening for changes to the fonts and making sure that table rows resize to accommodate the text. These steps aren’t rocket science and don’t take much effort, but many developers are constrained by what their designers give them and many designers are still used to specifying exact fonts as well as spacing. This needs to change as it is hurting those that want to increase the font size and also makes it harder to adapt to different screen sizes.

I’ve implemented dynamic type in a few of the apps I’ve done and it worked out well; the extra effort was worth it in my opinion. Some developers just don’t care and other developers including Apple make an attempt, but fall short.

Here are images from the Apple News app. The first image is the standard text size; the second is the largest text size (largest before going into Accessibility and moving it to super large).

News - Standard Size News - Large Text

(I never knew there were images with the posts because they aren’t seen with the large text.) You can see that the text resizes along with the cells, but the title collides with the first part of the article. That’s pretty sloppy.

The next example is in Calendar. This one is worse than the first because the row is a fixed height and it looks like each row of text is also a fixed height so that when a larger font is used, it looks awful.

Calendar - Regular Font Size Calendar - Large Font Size

For a company that pays so much attention to accessibility, these examples show that individual teams making the apps aren’t doing enough to look at their apps. Maybe all the engineers have great eyes and can see the text, but this does need to get fixed. (Filed as Apple Radar 23196322.)

Outside of Apple, developers need to pay more attention to this; accessibility is hard and I’ll be the first to admit that I don’t do enough on accessibility. Handling dynamic type is an easy first step in making apps more accessible and easier for everyone to use.

Recovering from a hack

At the end of last week, I got a message from my sister about a problem with her email account. It is a Google Apps for your Domain account and luckily, I don’t manage it! Around the same time I got her message, I received email from Google that her account was suspended. Turns out when I setup the Google account, I added an admin account for me and had email forwarded to my main email address. This turns out to be a good thing as I was able to reset her password and get her going again. My sister explained that she had checked her email from her work Windows machine and it had some type of virus/malware on it and that caused her account to be compromised. Ouch. Like a good brother, I helped get things going again and told her (and the rest of my family) to enable 2 factor/2 step authentication everywhere it was available. In addition, I told her never to check her Google email from her work computer and just use her phone. That’s probably good advice; don’t use machines that aren’t under your control if you can help it. Email can wait and with a smartphone, it is easy enough to check mail on the phone.

Her email address (not the account) was then used to send a bunch of spam. Unfortunately, there isn’t much that can done about it. However, since I have control over the DNS for her domain, I setup SPF and DKIM so that any service that implements either or both of these will mark any mail that doesn’t originate from Google servers as spam. Email that originates from a server not identified by SPF will have something like this in the header:

Received-SPF: fail ( domain of person@example does not designate as permitted sender)
client-ip=; Authentication Results:;

spf=fail ( domain of person@example does not designate as permitted sender)

Whereas legitimate email will look like this:

Received-SPF: pass ( domain of designates 2607:f8b0:400e:c03::232 as permitted sender)
client-ip=2607:f8b0:400e:c03::232; Authentication-Results:;

spf=pass ( domain of designates 2607:f8b0:400e:c03::232 as permitted sender); dkim=pass

(This SPF pass also shows a DKIM pass.)

Many providers (such as Gmail) use SPF and DKIM to mark messages as spam; Gmail doesn’t flat out refuse the email, but some providers will. For anyone that receives spoofed email from a person whose domain uses SPF and DKIM, I’d recommend letting the provider know about this. SPF has been around for years and takes just a few minutes to setup.

While email is still going out using my sister’s email address, there is absolutely nothing she (or I) can do about it.

Lessons learned:

  1. Turn on SPF and DKIM on domains.
  2. Use 2 factor/2 step authentication where available.
  3. Don’t use untrusted computers.

I thought one hack related problem was enough for a week, but the world thought I could handle another. While I was investigating an SSL problem at work, I checked this blog to make sure that everything was using SSL. I have now redirected all traffic to SSL and should get the lock icon in the browser bar. In Safari, the lock icon only appears if ALL elements on the page use SSL, so I went through last week and make sure that all elements, including the Amazon links, used SSL. When I loaded my page, I saw the lock icon and then saw it go away. I used the tools in Safari to see that there were some elements loading off unknown websites. Google searches yielded information about some malware on Windows machines affecting WordPress sites. OK, I don’t use Windows except in limited cases and don’t use it to browse the web. I started digging around and found out that the header.php file in many of the themes on my site had some JavaScript injected in them that was obfuscated and when it was executed, injected that malicious code that loaded http (not https) sites. After I removed all the themes, except for 1 and replaced the theme I used, the malicious code was gone. I changed my WordPress password and that should have been that.

I backup my virtual server daily and then sync them to my laptop, so I started going through the backups to figure out when the code was modified. It appears that the code was modified right around when WordPress 4.3.1 came out. That is quite coincidental and scary. I couldn’t pinpoint the exact date or method of injection, but WordPress is a constant target for hacks and is patched all the time for security issues.

So now I’ve cleaned up this mess and disabled a bunch of plugins. While I hope this doesn’t happen again, I’m not sure what I can do to protect my site. I’ll keep a closer eye on the logs and see if I notice anything.

Dealing with this kind of thing keeps me up at night and gives me heartburn. It is too bad that criminals and miscreants don’t have better things to do than to cause problems for others. My wife believes in karma, and I’m sure that those that perpetrated these hacks will get what’s coming to them.

Looking for my next car

[Updated @ 3:50 pm with a line I forgot about changing needs.]

I currently drive a 2003 Toyota Highlander that has been treating me well since I bought it. I don’t drive that much and the car hasn’t had any problems. However, I’d like to get a new car before I start running into problems (based on my low mileage, that could be a long way off) and to get some more modern features found in cars. Another major reason to move away from the Highlander is that my needs have changed since I got it; I don’t haul around stuff and don’t usually haul people around besides my family. Earlier this year, I installed a new stereo which has been great and has breathed some new life into my car. Ever since my wife got her Honda CR-V 8.5 years ago, I’ve been interested in the Acura RDX which is kind of the luxury version of the CR-V. I had convinced myself that I was going to get this car and this was going to be the year. However, when the 2016 model came out, it didn’t have Apple’s CarPlay, so I put off getting a new car for another year.

A few months ago, I saw a post that Audi was going to start shipping it’s A3 plug-in hybrid in the US in October. I hadn’t thought about a hybrid, let alone a plug-in hybrid, but it looked interesting. As I don’t drive much and the touted range of this car on electric was about 30 miles, I could possibly do most of my driving on electric. (In a few years I’m going to look at solar which would make charging a plug-in a lot less.) I have been driving an SUV for a long time, so going back to a sedan was going to be a change. All the features on the Audi look like it would meet my needs (luckily it isn’t diesel :-)), except that it doesn’t have CarPlay and Audi won’t give me a straight answer on if the A3 will be upgradeable to it next year; other Audi models will get CarPlay, so I’d hope it is possible.

The styling on the A3 e-Tron isn’t bad and I’ve been noticing more and more of the older A3 sport backs on the road. A few weeks ago, I noticed I was driving behind an A3 and saw the e-Tron logo with Michigan plates. Interesting because the car hadn’t been released, yet. After a search online when we got home, I found out that Audi was test driving the A3 in San Diego and anyone could sign up. So the next day I took the car for a drive. Driving the car wasn’t bad, but I’m not used to a sedan. It was quiet in all electric and seemed to perform OK, but the Audi guy just had me go in a big circle and I didn’t get a chance to take it on the highway. I’m going to need more time with this car to see if it is all that I want; it didn’t wow me out of the gate, so maybe that is a bad sign.

Some plug-in hybrids have federal tax credits available and in looking at the chart, I can see that most of the manufacturers don’t make the plug-in hybrids every year. The number of choices for plug-in hybrids is quite small, so I may have to look elsewhere for my ideal car.

At the same time, I started looking at the gas mileage on the Acura RDX and it basically stinks. As I mentioned, I don’t drive much, but it pains me to spend money on a new car that gets gas mileage only slightly better than my 13 year old Highlander (thanks to my Automatic, I can see I get around 20 mpg on average). So now I’ve crossed the Acura off the list and my list of cars to look at consists of just the Audi. Looking at other plug-in hybrids (they really seem to make a lot of sense), they’re all ugly (what is up with this one)?

My needs are simple, my wants are more extensive. I definitely don’t need a new car, but my wife keeps saying that I deserve one (I’m not going to argue with her :-)).

The San Diego International Auto Show is coming in January, so I’ll use that opportunity to check out what cars could be on my short list.

Unfortunately I have a feeling that I’m not going to find exactly what I want and then I won’t get anything; that will be fine for my wallet, but my wife said I deserve a new car, so I can’t lose the opportunity!

VLAN on a home network

When I first setup IP cameras over 2 years ago, I purchased a Cisco PoE switch. I didn’t need a managed switched, but at the time, it was the only PoE switch I could find without a fan (I probably should have looked harder). The switch has so many options like locking down ports based on MAC address, VLAN tagging, even some routing capabilities.

I thought about setting up a VLAN to isolate the camera traffic so that only the server recording the video could access the cameras, but decided against it as I couldn’t quite figure out all the pieces and didn’t see the point in doing so.

After purchasing the EdgeRouter Lite, I had to setup a VLAN for my guest network in order to prevent guest users from having access to the rest of my network. I don’t have too many guests over, but I figured it was a good idea and in order to emulate my Time Capsule, I set it up.

Over the past few weeks, I’ve been testing out an enterprise grade WiFi access point (more on this in a future post) and one of the features it has is the ability to assign a VLAN to a wireless network. Since I already had experience setting up a VLAN, I started playing with this feature and thought about using a VLAN for my WLAN traffic. Why would I do this? That’s a really good question. As this is my home network, I wanted the wireless clients to be able to access resources on the wired network and vice versa. A VLAN is designed to isolate traffic and by trying to combine the networks, I was basically defeating a main reason to use a VLAN. However, I went ahead with my experimentation and was able to put wireless clients on a VLAN. The setup was easy and my clients connected. However, I couldn’t use auto discovery like mDNS and UPnP that many services use on a home network.

mDNS was solved using:

set service mdns reflector

and this post got UPnP discovery working. I did have some high CPU load on my router with this however.

I got everything working and was fairly pleased (except for the high CPU usage on the router). A Ubiquiti employee pointed out the obvious to me that doing what I wanted defeated the purpose of a VLAN, so I really started thinking about what I was trying to do. I love statistics, so I guess I really just want to know how much traffic is going over the wireless network.

The other reason for doing VLANs is to handle more than 254 (or so) devices on a network. My home network currently has 38 devices, so I haven’t hit this limit, yet. If I was running a small business, I’m sure that I could hit this limit fairly quickly and VLANs would make a lot of sense. In that case, the mDNS reflector and UPnP broadcasting could bog down the router. In addition, in order to route traffic to a VLAN, the traffic has to go through a router and that will increase load on the router.

So, I’ve learned a bit about VLANs, UPnP, and mDNS. I haven’t accomplished anything in this experiment as my network still works the same way as it did before I started this.