Flattr this!

If you’ve, uh, patched an App for whatever reason, Catalina can be a bit whiny about it, and tell you the app is damaged and can’t be used.

Simple fix

xattr -cr /Applications/

Usual Caveats – only do this if you’ve modified the App yourself.

Flattr this!

If you’ve been running a beta, or if Apple update is just confuzzled 🙂 this may help.

I was getting an error trying to update to the final version of Catalina – “The requested version of Mac OS is not Available”. Installing and removing the beta profile didn’t help.

If you have this issue, you can reset the Software Update Catalog to defaults by doing the following in terminal:

  • sudo defaults delete /Library/Preferences/ CatalogURL
  • defaults delete CatalogURL
  • softwareupdate --clear-catalog

The last one will warn about being deprecated, but still works.
Check software update again, and you should be able to download updates again.

Flattr this!

Have issues with slow loading times for right click, open with menu on OSX?

Copy and paste the below to resolve –

/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -kill -seed -r -f -v -domain local -domain user -domain system

Ignore any errors, as it re-removes and re-registers registered context menu’s – once completed, right click menu’s will be back to their fast speed.

Flattr this!

I bought a Phicomm R1 Speaker for 150RMB delivered, its supposed to have Wifi and a config app, but the App registration is apparently broken.

The Phicomm R1 speaker has Android installed, unfortunately the configuration app for the speaker is no longer working as noted, so you can only use Bluetooth unless you hack it (Bluetooth is available via a triple press of the top button).

For some crazy reason, the speaker has a fairly decent cpu, and is running Android (albeit without a display, which is annoying, but not completely unfixable); we can connect via adb.

Download adb tools here – and stick in your path.

Set the speaker to Wifi (long press of the top button), and connect to the Phicomm_R1_xxx network.

Mine setup a network on, with a gateway of

adb connect

adb shell ls -al

drwxr-xr-x root     root              2016-01-21 16:50 acct

lrwxrwxrwx root     root              2016-01-21 16:50 bcm4329_cybertan.hcd -> /etc/bluez/bcm432x/BCM4329B1_002.002.023.0389.0000_Cybertan-Foxconn_Cls2_extLNA_EDRmaxInputLev+PeakDEVM_NT.hcd

-rw-r--r-- root     root       148936 1970-01-01 08:00 rk30xxnand_ko.ko.3.10.0

drwx------ root     root              2018-04-28 10:50 root

-rw-r--r-- root     root       252134 1970-01-01 08:00 vcodec_service.ko

lrwxrwxrwx root     root              2016-01-21 16:50 vendor -> /system/vendor

Yup, that worked!

Ok, so we can see the thing at least! Lets get some screen viewing software installed. I’m on OSX, so its a simple brew install..

This seems to work reasonably well –

brew install scrcpy

#load ADB first as above on the default unconfigured wifi ip
adb connect

You should now be able to see the device display, and the internal app called Pandora. The pandora app is a rather useless one – it basically doesn’t work. So ignore..
We need to install other tools.

#allow any app install
adb shell settings put secure install_non_market_apps 1

Next up, configure wifi on the thing!

#install adb wifi tool
adb push adb-join-wifi.apk /data/local/tmp/adb-join-wifi.apk
adb shell /system/bin/pm install -t /data/local/tmp/adb-join-wifi.apk

#change YOURSSID, and YOURWIFIPASS as appropriate..
adb shell am start -n com.steinwurf.adbjoinwifi/com.steinwurf.adbjoinwifi.MainActivity -e password_type WPA -e ssid YOURSSID -e password YOURWIFIPASS

It will hopefully setup the wifi. You’ll need to wait for it to ‘timeout’ and tell you wifi setting failed; it will then connect to your normal wifi as set above.

Once on your ‘normal’ wifi, you can adb connect again to the normal ip.
I installed airpin.apk to setup Airplay, now I can connect to the speaker in iTunes, and play. Good enough!

It can be downloaded here –
Install in a similar manner as other apk’s, then use screen mirroring to config the name.
I called mine phicomm

#copy and install airpin APK
adb push AirPin.apk /data/local/tmp/AirPin.apk
adb shell /system/bin/pm install -t /data/local/tmp/AirPin.apk
#run the screen mirroring to configure directly on the device

You can go further and remove the Xiao Xun (小讯) listening software, and install something else, but I haven’t bothered (yet). Mine is still unconfigured.
This is detailed in Chinese over here –

Flattr this!

The mail software has been completely revamped to support additional security precautions.

Failed logins will be blocked by ip address for 1 hour. (5 fails to trigger a 1hr block)

Senders can only send mail from their authenticated email address.

Outgoing mail is now also inspected for spam, if tests fail, sending will fail.

DKIM signing is now possible, we are in the process of implementation and testing.

SSL connections are now set to a minimum of TLS1.2 and 2048bit encryption, as per internet standards.

Support for connecting to servers still using old insecure protocols has been deprecated (i.e. not supported anymore).
The protocol insecurity issue is explained in more detail here –

This has impacted some deliveries to outdated servers, which still use outdated software.

We can resolve these issues on a case by case basis if you forward support the relevant bounce messages.

If you see bounce messages with errors similar to this –
SSL routines:tls_process_ske_dhe:dh key too small;
SSL routines:ssl_choose_client_version:unsupported protocol;

The recipients server’s SSL key setup (the key they use for encryption for their mail server) is an issue.
Their keys are too small, and vulnerable to eavesdropping, and ideally need to be updated, as their communications are vulnerable.



Cert updates

Flattr this!

Certificates for * have been updated to use letsencrypt from April 2019 onward.


DNS Updates

Flattr this!

As part of our DNS migration in mid 2016 (June / July last year), we asked all our clients to update their DNS to the below servers.

Note that as of today (22nd Feb 2017), our previous DNS servers are now offline, and will no longer resolve.

If you are having issues with email and website hosting today (22nd Feb 2017), please ensure that your DNS has been updated as requested.

This will only affect clients that maintain their own DNS, if your services are managed by us, this was done last year.

If you are unsure on how to proceed, please contact us.

Flattr this!

小米 sells a small little wifi camera which works quite painlessly.
I’ve bought several over the last few years.

My recent ones don’t work oversea’s though (which is where I install them).
Its extremely bogus selling equipment that is limited to a country, especially when they don’t tell you about it.

Annoying, as my older models aren’t “region locked”, but the newer ones are.

There is a fix for it, although it will likely get more difficult to patch at xiaomi’s whim.
If so, I’ll probably stop buying the camera’s. Lovely how vendors want to mess with customers…

First up, enable telnet on the camera.
Get an SD card or take the card out of the camera.

Create a folder named test on the card.
Create a plain text file called in that folder, and add the following bash script:

# Telnet
if [ ! -f "/etc/init.d/S88telnet" ]; then
echo "#!/bin/sh" > /etc/init.d/S88telnet
echo "telnetd &" >> /etc/init.d/S88telnet
chmod 755 /etc/init.d/S88telnet
dr=`dirname $0`
# fix bootcycle
mv $dr/ $dr/

The script will enable telnet on the camera, and then rename the script so it doesn’t run again on the next boot.

Stick the prepared card into the camera, power on, and it should reboot (twice).
If you check the open ports on the camera ip you should now see port 23 (telnet) is open.

Login with the default user/pass (as below) via telnet

User: root
Password: 1234qwer

Once telnet’d in, enter the following, line by line –

Find and kill the watchdog process

killall watch_process

Find and kill /home/cloud process so we can edit it without the watchdog watch_process restarting it

killall cloud

Change the check within /home/cloud executable to query a fake domain so it never returns a failure, then reboot.

sed -i 's|||g' /home/cloud

Notes – The camera checks for the country by running an executable called /home/cloud
This calls an api at which does a ip check, then returns a true or false value if it thinks you’re in China or not. We change the /home/cloud executable ip check call to a bad url, which means it can’t perform its check.

Worked on my camera’s running version

Flattr this!

We are currently seeing some issues sending TLS encrypted mails to hosted email addresses.
This appears to only be affecting some of the hosted server ip addresses intermittently / /

If messages fail to be delivered, you will receive a bounce message similar to the following:

TLS connect failed: timed out; connected to
I’m not going to try again; this message has been in the queue too long.

In the interim we have disabled TLS encryption to the affected addresses.
We are currently unsure if this is a Microsoft issue, or a China Firewall Issue, so this may or may not resolve the issue.

We will update this post when we have further information.


SSL Updates

Flattr this!

The SSL certificate for the all servers have been updated to use a wildcard certificate.

We *finally* changed over to use a wildcard cert, as pricing has come down enough to not warrant having separate certificates per server.
Our new wildcard certificate is valid until 2019.

What does this mean for you?

The bad news
Really old browsers won’t be able to open our site
If you are an XP user running IE6, you won’t be able to load our encrypted sites anymore. We strongly suggest you upgrade though if you fall into that category!
Same goes for those running Android 2.x (which is equally ancient in computer terms).

The good news
Email is now encrypted point to point using AES256 SHA encryption where possible, and webmail is SHA256 encrypted from server to your browser.
Mail servers that support it (i.e. all of ours, plus the major providers like Google, Yahoo etc, will send encrypted mail to our servers).
Mail Headers will include things like the below if encryption is supported –
Received: from ( by with AES256-SHA encrypted SMTP;

Lastly – our new cert gets us a test rating of A at the SSL Labs site.

Screen Shot 2016-05-16 at 1.15.56 AM