Mac 911: When Filevault won’t turn on, how to block incoming texts
Solutions to your most vexing Mac problems.
HOW TO USE MULTIPLE DRIVES WITH TIME MACHINE FOR REDUNDANT BACKUPS
When you create a backup system for your data, duplication is the best course of action. I don’t mean duplicating the files— that’s a requirement—but duplicating the destinations to which files are bound.
Every form of backup media is destined to fail, and despite high reliability from cloud-backup services, you can’t put all your faith that any of them will always be perfect. Even a system with “five nines” of reliability (99.999 percent) may suffer a loss, and the universe might pick you to experience that loss.
The rule of thumb is summarized as 3-2-1: three copies of your data, two of them local, and one offsite. One copy is your live version on your active drives; one can be a Time Machine backup; and the offsite one can be either a cloud backup,
or your files stored somewhere securely and regularly rotate with the local backup.
Time Machine has this concept baked in, but I don’t think most people are aware of it, as it’s not promoted as such and based on the questions I get from Macworld readers. Apple makes hay (and rightly so) about the ease of plugging in a drive, responding to a prompt that asks if you want to use it for Time Machine backups, and then never having to interact with it again unless you need to restore files.
But macos also incorporates support for having multiple active backup volumes used for your same source data at the same time.
1. Plug another drive into your Mac. (See note at the bottom about formatting.)
2. In the Time Machine system preference pane, click Select Disk.
3. In the dialog that appears, select the new drive under Available Disks and click Use Disk.
4. When asked if you want to replace your existing Time Machine volume or use both drives, click Use Both.
(Checking the Encrypt Backups box in step 3 is an excellent idea, too, because it means whenever the volume isn’t mounted, it’s of no use to anyone else without your passphrase to unlock the disk.)
Time Machine begins an initial backup to this volume, which will take as long as the first time you performed a backup with the previous volume. After it’s complete, macos alternates between the two drives in making backups when both are connected.
But here’s the best part. As soon as the initial backup is finished, you can eject either of the drives, take it somewhere safe away from your home or business, and the Time Machine backup continues on your remaining volume. As frequently as every week or two, swap your offsite volume with the one onsite, and even if you have a fire, theft, or destructive event, you’ll have that offsite copy.
If you pair this kind of backup with storing important documents using a sync service, like Dropbox or icloud Drive, you’ll wind up being able to restore a Mac that experiences a severe crash, or one that’s stolen or you lose on a trip, to nearly the state it was when it became unavailable.
Note on formats: Remember that Time Machine volumes— even in High Sierra and Mojave— cannot be formatted with the new APFS method that Apple requires for SSDS used as the macos startup volume. Instead, they must use HFS+. You can format a drive as HFS+ in Disk Utility (Applications → Utilities) by erasing it in the Mac OS Extended (Journaled) format. Erasing loses all the data on the disk.
WHAT TO DO WHEN FILEVAULT WON’T TURN ON
After a recent inexplicable problem on my Macbook, in which macos would complete loading but never get past the blank screen before the Desktop appeared, I had to revert to a clone. (Even reinstalling macos didn’t work.) I then upgraded to Mojave. Somewhere in there, an important piece of macos “fell out,” metaphorically.
Apple added the concept in 10.13 High Sierra of a “secure token” to the first account created in macos on installation or after upgrade as part of the process that allows you to use Filevault. There’s almost no information about this feature, and there’s no way to determine from macos’s graphical features whether an account has it set.
But if you’re missing a secure token on all your accounts, there’s no way to obtain one, and you won’t be able to turn on Filevault. That’s the situation I find myself in—and I found plenty of others in the same boat.
I went down this rabbit hole by trying to re-enable Filevault after I got my Macbook restored and up to date:
1. Open the Security & Privacy system preference pane.
2. Click the Filevault tab.
3. Click the lock icon in the lower-left corner and enter an administrative account and password.
4. Click Turn On Filevault.
What should happen after step 4 is that either macos presents a dialog that guides you to proceed, or an error message appears explaining (sometimes obscurely) why you can’t.
In my case, and that of other people who have shared the same experience on internet forums, there’s no interaction at all. Clicking the button doesn’t result in any action.
At this point, you can “interrogate” macos via Terminal (in Applications → Utilities). First, you need to know the Unix account name of your macos account. If you don’t know what that is, follow these steps first:
1. Open the Users & Groups pane.
2. Click the lock icon in the lower-left corner and enter an administrative account and password.
3. Control-click your account name in the account list and choose
Advanced Options.
4. The Account Name is your Unix account’s short name.
Now, with that name in hand, follow these steps:
1. Open Applications → Utilities → Terminal.
2. At a terminal prompt copy and paste the following, replacing accountname with the Unix account name you found above, and press Return: sudo sysadminctl -securetokenstatus accountname
3. When prompted, enter your account password.
If you’re having the same problem as me, the response will be: sysadminctl[...] Secure token is DISABLED for user Full Name
(Your account name will appear instead of Full Name.)
From all my reading and testing, there’s no way to enable a secure token. I tried one method suggested that allows you to re-run the initial macos setup without erasing your system, and created a new administrative account that should ostensibly receive a secure token grant. It didn’t work.
There are also articles explaining how to grant yourself temporary secure access and use that to assign it to another account—it also didn’t work in Mojave.
I also tried a method of having an administrative account set access, which failed in Mojave and High Sierra. The full error message is rather long: setsecuretokenauthorization Enabled error Error Domain=com. apple.opendirectory Code=5101 “Authentication server refused operation because the current
credentials are not authorized for the requested operation.” Userinfo={nslocalized Description=authentication server refused operation because the current credentials are not authorized for the requested operation., Nslocalizedfailure Reason=authentication server refused operation because the current credentials are not authorized for the requested operation.
I haven’t yet tried the next option, which is to reinstall macos. My recent reinstallation is too fresh in memory and currently stable. And some people have reported even that didn’t work for them, so I’m not sure it’s the best path forward.
There’s a nuclear option, which is to make a full backup, wipe your Mac, and install macos from scratch. Then use Migration Assistant to restore your files. (If you use a clone to restore, it overwrites the account information, and thus erases the newly created secure token, too.)
IS THERE A WAY TO BLOCK CERTAIN INCOMING TEXTS IN IOS?
A Macworld reader want to know if there’s a way in IOS to block texts from everyone who isn’t in the Contacts list. Her elderly mother is receiving harassing texts from someone who obtains a new number and continues the attack every time they are stymied using ios’s option to block texts (along with Facetime requests and calls).
There isn’t such a feature, although you’d think this would be a much-desired one. Apple has continued to add antispam and contact-blocking features across the latest releases of IOS, and allows third-party app makers to tap into calls and texts to help, too.
Apple does offer a feature to sort
imessages—texts sent from people with registered icloud accounts—into a separate area. Visit Settings → Messages → Unknown & Spam, and enable Filter Unknown Senders. (On a Mac, using Messages → Preferences, and uncheck the Notify Me about Messages from Unknown Contacts box.)
This doesn’t act on text messages (SMS), which are always delivered is more likely the problem faced.
The only option at present is to change one’s phone number and keep it private.
CAN’T FIND A FILE IN MACOS? HERE’S WHAT TO DO
Macworld reader Lon has a problem finding a file on his Mac. He needs to remove it to avoid a compatibility problem, and no amount of Spotlight searches nor browsing through folders can find it.
Spotlight should let you find nearly any file you create or store in macos with ease, but it doesn’t always work that way. There’s a way to search comprehensively through your macos drive (or drives) using the Terminal, but I think of it as a last resort, because it involves tricky syntax and can be slow. It also may match a lot of files you’re not interested in.
In the Terminal, a command called
find can perform a comprehensive and deep search across everything, including system files and other stuff that we don’t need to interact with and macos doesn’t readily expose to users. (Find is something I’ve used for decades, and it feels like a tool designed for a computer with a teletypewriter attached.)
In this example, let’s assume I’m looking for a file I know is named
easysolutions.mdl, and I’m going to search on just easysolutions as the unique portion. The search pattern I show below is case independent, so uppercase and lowercase letters get matched regardless of what you specify. If you need
to use a space, enclose the text in quotation marks, like “easy solutions”.
1. Launch Terminal, which you’ll find in Applications → Utilities.
2. Switch to superuser, which requires an administrative account. You enter sudo su -
and press Return, and then enter the administrative password. If it’s the first time you’ve used sudo, macos also warns you about the dangers of having system super powers.
3. You can include part or all of a file name in the search. Type exactly find / -name easysolutions -print
4. This may take some time to process. It could be several minutes as macos matches against every one of hundreds of thousands or millions of individual files. Each result appears as a separate entry.
5. When you see the file appear, it will be proceeded by its full path name. Copy the path from the first / to the last / before the file name, like /Library/ Application Support/bingobongo/ settings/preferences/config/
6. Now in the Finder, choose Go → Go To Folder, and paste in that path.
7. The folder will open. In some cases, you may have to authorize opening the folder, entering an administrative account name and password.
8. If you’re sure the file you see is the one you want to delete, move, or interact with, you’re all set.
During this find operation, you will see entries you can ignore, like: find: /path/name/here/filename. txt: Operation not permitted or find: /dev/fd/3: Not a directory
Even though you’re a superuser, the underlying Unix operation system and Apple’s specific modifications prohibit some kinds of operations.
Once you’re done, return to Terminal and press Control- D or type
exit and press Return to leave superuser status. ( The # at the far left will change to a $.) ■