 The Mac Observers' Mac GeekGab episode 660 for Sunday, June 4th, 2017. Greetings, folks, and welcome to the Mac Observers' Mac GeekGab, the show where you send in your questions, tips and cool stuff found. We discuss it all. We share everything that we possibly can about it. We share everything that you send us. And the goal is for each and every one of us to learn at least four new things every week when we get together. Sponsors for this episode include Smile with PDFPen9 at smilesoftware.com slash geek and BitBucket where you can get your free Git repo at bitbucket.org slash for the code. We will discuss both of them later in the show. I also want to send a big shout out to our five WWDC coverage sponsors for Mac Observer in general. That is gigskymaxsales.com, Redal, Sanebox, and iMazing. And I'm going to share a URL with you that you're going to want to visit right away. It's iMazing.com slash mini. You probably heard about it here first, although based on when the show releases, you might have heard about it elsewhere. But go check that out here in Durham, New Hampshire, recording a little bit early because I got to fly on Sunday. I'm Dave Hamilton. And here in fearful Connecticut, where unfortunately it rained on our parade, so we didn't have one. But this is John F. Run. They didn't hold the parade even though it rained? No, it was pretty nasty storm. Yeah, didn't want everybody getting soaked. They did kind of a mini parade later in the day though. I was driving around and all of a sudden I hear all these sirens and stuff and I pull over and so that there was a police car, but it wasn't like chasing anything. So first there was a police car, then there was a fire engine, then there was another fire engine. And there was like a bunch of kids waving at everybody and stuff like that. Yeah, it led up a little later. It was still a very unpredictable storm. So best that they... These things happen. These things happen. Yeah, man. Yeah. All right, let's make a show happen, shall we? Let's go to... I have none of my windows in the right places here, John. That's because it's recording on Friday night Sunday, but listener John has a question and we have an answer. He says, on last week's show, you talked about restoring the recovery partition. When one does that, do you then need to apply the latest Sierra update or is that applied to the partition when downloaded as an update to the regular operating system? Please let us know. So that's a good question. The recovery partition, in theory, this of everything's working correctly, is updated every time you update Sierra on your main drive. But, so you should be fine, but here's the thing. If you've done like a restore to the recovery partition or you've done anything that might have things sort of out of whack, go and download the latest Combo Updater for macOS Sierra and just apply that to your system, that should take care of updating the recovery partition as well. Did I get that right, John? Am I making stuff up? As far as I know, and I'm wondering what the way the question was worded, but what happens when you install the OS from the recovery partition, because I had to do this based on my misadventure there, is that it downloads and then installs the latest version of whatever OS you're on. Got it, got it. Yeah, that makes sense. Yeah, right, right, right. At least that's what I saw, and then I looked at my bandwidth on the Euro and I'm like, yep, it's pulling that thing down. Yeah, when you do an online restore, it does. It goes and pulls down the latest, but if you've done something where you've, say, restored it with carbon copy cloner or something from a copy that you had on a clone drive, probably not a bad idea to go and run the Combo Updater just to be on the safe side, then everything's in place. Good question, John. All right, listener Robbie asks, he says, I have an iPhone and iPad and a MacBook Pro all keychain synced to the same iCloud account. Per an Apple tech support article, I performed a reset all settings on my iPhone to fix my broken, i.e. dev, Siri that developed sometime after updating to 10.3.x. After the process was complete, I found a negative side effect to resetting all the settings. The reset deleted all of the Wi-Fi passwords from the phone, which was okay and expected, but I expected them to be reloaded from iCloud after I logged back in. But no, resetting the settings told iCloud to delete my Wi-Fi password, which then deleted the passwords from the other two devices as well. Yuck, a fish shake to Apple for no warning about the keychain ripple effect. I guess I could have signed out of iCloud on the phone first. Would you have done something different? Asks Robbie. I've done this before and this result is not what I've experienced. It doesn't mean that it's not what you experienced, but I would say that this is not expected behavior. However, A, it's been a while since I've done this with anyone's phone, let alone my own, and B, it doesn't really surprise me that this would yield unexpected behavior. iCloud syncing is a bit of an unpredictable black hole, and I'm being kind. Sometimes changes don't sync, and sometimes they do. For whatever reason, in this case, iCloud saw your phone as having more recent data than anything else and accepted its version of that database, i.e., the blank one, as gospel, as opposed to the other way around. I don't think this is intended. Like I said, when I've done this before, it hasn't done this to me. But that's even impossible to say for sure. Apple isn't all that transparent about this kind of stuff. So I did some digging for you, Robbie. And I looked in Keychain Access on my Mac in Mac OS Sierra, because that's the only place where you can go and actually see these entries. If you set your category on the left, you choose all items, and then do a search or a filter in the upper right for airport network password, you should see all of these things. For me, I'm finding them in two Keychains simultaneously, well, two of three Keychains simultaneously. iCloud is one that seems to have all of them. The system Keychain has some, and my login Keychain has the rest. But that's unhelpful, because even though I can see them there in Mac OS Sierra's Keychain Access, I can't find a way to export them or save them out from Keychain Access. So there's no way to back up just your Wi-Fi passwords, at least not short of exporting the whole Keychain and then later re-importing it. And I guess you could do that. I guess you could move them all to a Wi-Fi password Keychain and then just export that. So I guess that would be one way of trying to preserve them and then bring them back in if iCloud wipes them out. So that would be one way. But man, I don't know. What do you think, John? I think backing up your Keychain is a good idea. Well, yeah, but it would be nice to be able to restore selectively from your Keychain. And the only way to do that is to get a carve them out. No, I like that. So I think you and I both do this, but if you have certificates for your email, I've actually created a separate email Keychain. I think you've got that idea for me. Yes, I did. It's a good idea. Well, what's cool about it is not only do you get to compartmentalize those things, but you also get to set a different lock time out on that mail Keychain. So I have a five-minute lock time out on my MailChain Keychain. So somebody can't decrypt mail even if they can get into my computer. Which is right. Yeah, the same thing is that I know I've gotten a signed or encrypted email because I'll get a prompt saying, hey, I need a Keychain password. Yeah. Yeah. All right. Well, hopefully that helps. Obviously, if anybody has any thoughts on solving this problem for Robbie that are better or more elegant, perhaps, than the ones we've suggested, send us a note. FeedbackatMacGeekab.com. As you know, we love to hear from you. Yeah, I think you said FeedbackatMacGeekab.com. Well, I did. I mean, I said FeedbackatMacGeekab.com is what I said, because that's what we say. Danny, on a very similar subject here, I love it when all this stuff sort of comes together, says, I'm wondering if you have any idea how to get my MacBook Pro Retina to sync text replacements with iCloud. I tried to turn off iCloud Drive, reboot, turn it back on, still no sync. All of my other devices are syncing just fine. Danny, I feel like I could rewind this show five years and change the name. Not of the show. The show's been the same name, but change your name and read exactly that same question from another listener. And then I could probably rewind five years ago from that and do the same thing. We might have to change the names of iCloud to DotMac or MobileMe in those cases. But this problem has existed for a long time. And the problem, even worse, is that my answer is going to be the same as it always has been, which is frustrating. This has not gotten any better. This truly is one of those holy grail questions that we fought with over the years and have no great answer to. I probably don't have a great solution for you, Danny, but while we're on the subject and since it's been a little while since we've discussed it, let's talk about the things that you can do. I have personally experienced this problem many, many times over the course of my history using the iCloud text replacement feature. I have solved it, but not always the same way twice. One thing that I start doing is I add or modify or remove a text substitution on the non-syncing device, and then I add, remove or modify a text substitution on one of the syncing devices. And I'll start naming them things like iMac Office or iMac Studio just so that I know which is where and I can look and see them if they choose to start syncing at some point. If that doesn't work, and sometimes that does, just adding something to... Generally, so the way iCloud works is there are multiple copies of this database. One, obviously, or not obviously, but one exists on Apple servers, so we'll call that the iCloud copy. Then there is the copy that your Mac actually uses locally, but there's a copy in the middle. The way iCloud syncs, or at least the way I understand it, is it stores a third copy of this data that does all the pulling and syncing and merging from between the local copy that's used on your Mac and the copy that's used in the cloud. But this other intermediate copy is also stored on your Mac, so every one of your devices has one of these copies. And this is how Apple deals with not having to fight the syncing war with your live data. It can do whatever syncing operation it needs to do, and then it just replaces your live data with the master copy once it decides whatever the master copy is. And that all is fine, but that sort of informs the process of, hey, if all that's happening is I'm getting changes from iCloud and for whatever reason the local sync engine decides there's no reason to make a change to my actual local copy that I use. Well, if you make a change to your local copy by adding, removing, deleting a text entry, a text replacement entry, then that's going to force, hopefully, the local engine to rethink its decision and re-merge all that stuff. And sometimes that actually works. So that's why that process is done, and that's why that process works, or that troubleshooting step works sometimes. But if that fails, in the terminal on your Mac, you can go mess around with this intermediate database. If you go into, you have to do it from the terminal, I found no way to do this from the finder anymore. You're going to go into your iCloud drive folder. But again, if you look at it in the finder, a lot of things are hidden from you, and I found no way to expose them. So I use the terminal. I go to home, library, and a folder called mobile documents that has a space in the middle of it. The easiest way to get to that is to go to your, open up the terminal, which should bring into your home folder, type cd, space, library, and hit tab. That will complete the library and put a little slash at the end of it. Then start typing MOB, capital MOB for mobile documents, hit tab, and that hopefully will show you a list and you can autocomplete the mobile documents thing. But you have to escape the tab, which means using back, or escape the space, which means using a backslash. But we'll put a link to that in the show notes, or you could do the whole thing in quotes. But I'll put a link in the show notes just to make life easier for you. Anyway, you go to this home, library, mobile documents folder and delete the com till the apple till the text input folder. This is that intermediate database that iCloud sinks down. And then the sink engine on your Mac tries to merge all these changes. That doesn't always work to delete that database, but that is one way to do it because it'll force it to kind of get a fresh copy from iCloud and hopefully kind of trigger the right sinking steps. That's my thought on that, John. Do you have any thoughts? Why? Excuse me, no. I don't sink those things. Really? You don't sink documents and data? Oh, that stuff, yeah. That's part of it. Oh, well, I mean, they sink whether... If you're sinking iCloud documents and data, your text replacements sink along with them. Oh, yeah. What I'm saying is I don't really use text replacements. Got it. Yeah, this is... What we're talking about here is if you go into system preferences, keyboard and then text, that's where those things all live and they should. In fact, I can even see one in here that I've got that's named. The replace thing is FMMBA and the expanded text is from my MacBook Air, so that is most definitely a lingering troubleshooting step. All right, good stuff. Hey, John, I want to talk about our sponsors. And then I want to get into some questions about some crazy stuff. How's that sound? Fantastic. Awesome. Our first sponsor, as I mentioned at the beginning of the show, is Smile at smilesoftware.com.geek. That's the URL that you can always go to to learn about whatever it is that Smile has on deck for you, our Mac geek listeners. And this month, that is PDFPen 9, which was released just about six weeks ago in April. PDFPen 9 packs over 100 new enhancements to improve your PDF editing workflow. And this is yet another one of those apps, as are many of the apps from Smile, that I just assume is always on every Mac that I use. And I feel like I'm typing with Mittens or operating the Mac with Mittens if I don't have it. PDFPen 9 enhancements include a new sidebar annotations view, more export options, a hand tool to pan and zoom. This is super handy being able to move that around and kind of treat the PDF like I'm touching it. Linking to other local PDF files, you can find and highlight to bring attention to all appearances of a term. Also really handy to see that all at once. Line numbering automatically, which is great for legal documents and even support for forms now, which include calculations. PDFPen Pro 9 additionally enhances the table of contents editing. It adds OCR for Chinese, Japanese and Korean. As I said, you can learn all about this at smilesoftware.com slash geek. If you do anything with PDFs, even just occasionally, if you want to sign stuff, if you need to move stuff around, if you need to redact stuff, I can't recommend it enough. PDFPen at smilesoftware.com slash geek are great big thanks to Smile for sponsoring this episode. And our second sponsor is Bitbucket at bitbucket.org slash for the code that's F-O-R-T-H-E-C-O-D-E. Bitbucket is the place to go if you are working on any sort of coding project because you want to be able to sync your changes, right? And so this week, Adam Christensen and I cooked up this crazy idea. We used to use Expression Engine as our content management system, right, John? And then a year ago, almost exactly a year ago, we moved to WordPress. But all the previous content was still being served by Expression Engine, and it is dog slow. So I had this crazy... I knew we needed to get away from Expression Engine. We talked about, well, did we just spit all the content out as static HTML files and just serve those from the server, which would be faster? And also, we needed to get away from EE because it's... We aren't updating it anymore. So we're bound to get hit by some attack on a security hole that somebody finds that we don't patch, but they do. So I cooked up this crazy idea. I said to Adam, I said, well, we know how to pull data from the EE database, right? And we can do it way more efficiently than EE because we know what our data structure looks like. So why don't we build our own content management system again and just pull the data we need? When somebody visits a URL that's an EE URL, instead of having EE serve that content, we'll serve it. And we can write the query and do it really efficiently. And so that's the project that we did. And it actually came together really quickly. But when you do a project like that, writing a content management system, actually, the hard part is the input and editing part. The easy part, relatively speaking, is the outputting part. So we wrote just the outputting part. We're not editing this content. If we do, we'll just go into the database and do it. That's fine. But we needed a way to share this project and also track our changes in case we introduce a bug or whatever. And that's what you want a code repository for. And that's what Bitbucket is for. Bitbucket.org slash for the code, F-R-T-H-E-C-O-D-E, allows you to create free repository for your project. And then you get the benefits of everything that their Git algorithms do. They have like the world's best pull request stuff, built-in continuous delivery so that everybody has all the changes all the time. And it's got integrations with all your favorite tools like Docker, AWS, Azure, and everything else from Atlassian, because that's where Bitbucket comes from. Jira integration, giving your team everything you need to track bugs and feature requests and sync them to your repository. So this is the kind of project that you absolutely need to use Bitbucket for. And you got to go check it out. Bitbucket.org slash for the code. I know this ad read got a little longer than normal, but I had a little story to tell, which I thought you folks would appreciate. Because now Macobserver.com is way faster, like 10 times faster than it used to be because we got rid of that doled inefficient expression engine code. Our great big thanks to Bitbucket at Bitbucket.org slash for the code for sponsoring this episode. All right, John, why don't you take us to Bruce? All right, take us to Bruce. And Bruce asks a couple of questions about safety when using public Wi-Fi. For instance, at a place like Starbucks. Yes. Number one, if you connect to an AFP server, is your traffic encrypted or is it only the login and password that is encrypted? Let me answer that first. So a little while ago, I said that in general, if you provide a username and password, it can be used and it certainly is. If you do something like a WPA to for Wi-Fi, that information is used to create an encryption key and encrypt the traffic. However, I had to do a bit of digging here. So most file transfer or file sharing protocols, AFP being Apple's file protocol, I think. And there's of course also SMB is another one. And we talked recently about FTP. None of those normally are encrypted. Well, I'll put an asterisk there. Except for SMB version three, which I don't believe the Mac will run yet. So, but SMB up through two doesn't natively or doesn't by default do encryption. So there you go. Right. So for the most part, yeah, but thanks for the clarification. So I even... So my assumption was wrong. I thought at this point in time is an AFP and SMB and all that. And some are now. Some have gotten to that point where it's baked in, but sometimes not. An AFP. So I started researching AFP and its iterations. And at some point, they make a reference to, oh, well now AFP supports AFP using SSH tunneling. And I'm like, oh, well, that's interesting. How do you do that? SSH, of course, being secure shell. And that is a secure way to access another device. Yeah. And to be fair, I think any protocol that uses TCP would support SSH tunneling because you sort of create the tunnel out of band from the remaining protocol there. Like the file server doesn't know that it's being tunneled to. It just knows it's seeing a connection. And it's like, yeah, all right, I'll answer that. But explain the tunnel. Yeah. So even though... So although they added that AFP tunneling over SSH, I was like, how do you do that? And so using my Google foo, I found it. So you can either go to the terminal and do a whole bunch of crazy stuff to create this tunnel. And basically what you're doing is that you're connecting via SSH to the remote machine. And then you're connecting, then you create a mapping from your local machine to that other machine. And you create that mapping on your local IP or your 27.001. And then you connect to that. So it's really kind of crazy. Now there are tools that will make this a lot easier. And I'm not going to go through all the steps here, but basically... Really, I mean, it can be done with just a single command line, but the incantation for that command line, as with all command lines, has to be exactly right. And to me, it's not overly intuitive. Every time I create an SSH tunnel, I have to be like, all right, what am I doing? Where does the colon go? How high do I hold my foot off the ground to get it right? That kind of thing. Right. So what you need is... So the remote resource has to have SSH on it. I tested it with my Synology. And the Mac normally has a SSH, right? As far as I know. Definitely. So you have to have SSH in addition to the whatever file service. And actually, this is what SFTP is as far as I know. Some people call it SFTP secure, FTP. It's actually FTP through SSH tunnel. Is it? I thought SFTP was just straight like SCP. Or maybe it's SSL. I think it's just an SSH connection. I don't think it's actually doing FTP, but I could be wrong about that. I could be wrong about that. But anyways, to answer the question, so what you need is a tool, or there are tools, and we're linking to a couple of them. And I used one of these tools to create this because I didn't want to go through the gymnastics of typing in this very funky thing on the command line. So to me, that's one of these tools here. So one I found, and I actually downloaded and tried it, the link in one of the articles will post that kind of walks you through it. I think it was broken, but it's called SSH tunnel manager. And Hank, Dave, you found another one, right? Yeah, called TUNA. It just builds this connection for you, or this thing. I mean, it's just like the one you found. It manages the process, makes it easier. Yeah. Well, you can tune a piano, but you can't tune a fish. That's all I know, right? All right. So that's answer number one, is that you have to go through some effort to create a secure connection for AFP and other file transfer. And I think that you, and then what you do is when you type it in, so on the Mac, it's connect to server, you can do from the finder, you would type AFP colon slash slash or SMB or whatever file services you want to make available. Sure. That happens. So the second question, if you use Google's web interface for Gmail, is that traffic encrypted? What about if you're using Apple Mail instead? Could someone sniffing see the actual email content or only the addresses and titles? So if you're accessing Gmail via browser, SSL should be enabled. You could tell because in the, when you connect to the web server, you're going to see a little lock next to it. If there's a little lock next to it, then SSL is in place, and that means that your traffic is protected. It's not so clear that that's the case if you're using an Apple email client either on Mac OS or iOS. Frustratingly, Apple Mail no longer, Dave, so fish shake at Apple, they used to show you or let you configure the gory details of your connection to a mail server. And typically somewhere was a little box. So you could just select a port which was a secure port, or you could check a little box saying, well, please use SSL for this connection. That's no longer there, and that makes me unhappy. So how could I verify that I did, in fact, have a secure mail connection? Well, I hopped into the terminal, Dave, and I ran our pal netstat. And what netstat will do is it'll print all of your network connections. And I saw one, well, I saw several, but what netstat does is a lot of times at the end of a connection or next to it, it'll list, rather than the port, it'll list the protocol that's being used. So for example, one of them that I saw, so opt online is one of my providers, I saw mail.optonline.someotherstuff.imaps. Okay. So this is using the netstat command. So you're just typing netstat and nothing else to do this, is that right? And it just, yeah, that just blasts out a list of all network connections and a bunch of other stuff. But the fact that I saw that. The terminal has a find feature, right? So once you do that, you could do command F, and that pops down a little find window, and then you could look for, say, iMap or Apple, if you want to see where it's connecting to, and it just makes life a little easier to find that stuff, that's all. All right. So the fact that I saw that would indicate to me that that's a secure SSL type connection to the mail server. Yeah. You could use something like Dubuque, though, to sniff that traffic from another computer and see what you can see, right? And it will be secure. Yeah. Yeah, yeah, yeah. Yeah. And I think by default, if it's available, Apple's mail will select it. Generally, that's true. Yeah. Now, in this case, what's weird is that iOS is a little different and that actually gives more information for your mail setup. And if you dig into the details, usually as part of the advanced section, if you dig in and I don't have a hard and dry path because it's a little different depending on the type of mail servers you connect to, but at some point, you're going to see, along with the information about the server you're connecting to, you're probably going to see, or at least in some of mine, I'll see a little slider that says use SSL. Just make sure that's enabled. So I would say for the most part, your email connections are protected, but you have to do a little work for the file server connections. There you go. So we had a similar question or a related question, not a similar question, from Paul who asked, who can I see who is logged into my Mac when I'm sharing files from my Mac? Because you can share files from any Mac. You don't need to be running Mac OS server and Paul wanted to know, could he see who is logged in? You used to be able to see this information back in the day, but now all you get to see is that someone is logged in. If you go to system preferences sharing and you go to file sharing and click options.dot.dot, you will see under the share files and folders using SMB or the same option for using AFP, you will see number of users connected. And right now on this computer, the number of users connected with SMB is one. And I suppose that's me from downstairs. But it doesn't, but fine. I didn't see that. Okay, so it's in the, all right, so you have to click on, so it's buried. Oh, that's very nice. But it, as you heard me say, I assume that's me from downstairs. I hope that's me from downstairs because if it's not, I don't know who it is. And that's just the thing, you don't get to see who it is. And to my knowledge, there is no tool freely available for Mac OS that will show you this information. But there is a tool that is available for the nominal fee of, I believe, 1999 and it is called Mac OS server because Mac OS server lets you see all the details and kind of have a little more granular control over that. So that's the answer there. I wish there was a better, I wish there was a better option, but there's not. So, you know, that's just how it goes. Yeah, right, John? I think that's the best choice. I don't know. I mean, it's possible, right? The data is there. I actually tried looking and searching through some log files to see if I could find where it's storing that, because I know it's storing it somewhere. I couldn't find it, but obviously if one of you knows, please let us know. That'd be handy. Yeah, we did find an article that I think answered a different question. There is a way to see who is logged in, but file sharing and logged in are two different things. And I think there's a couple of commands, either last or who, that'll show you who. Well, that makes sense, huh? If people are connected, I think, right via SSH. If people are so right, so last and who or also the w command, which is similar to who, but not exactly the same thing, will show you the open terminal sessions. And that can be terminal sessions from SSH, but it can also be the terminal sessions from you on that computer. So if you have four terminal windows open, you'll actually see five things here, because there will always be one listed as console once you log in to your Mac. And that's a non-visible session. But yeah, yeah, so you'll see all of your local and remote terminal sessions. So that would be SSH or Telnet, if you figure out how to turn that on. I don't recommend it. But those would show up there, but your file sharing connections and such do not show up there. So there you go. That's the answer I have. Good stuff. Shall we move on to some tips from, tips and comments and follow-ups and all that from last week's show? I think what one other thought is that if you're running a NAS, I think most NAS devices, we'll have to check this out, like a Synology, I think it will show. Oh, that's a good question. Depending on what NAS you have, I think it may show if you use it as a file server, I think it may. Let's look into that. Yeah, yeah, yeah. That could be another way if rather than sharing from your Mac, you want to share from a Synology or a DROBA or something like that, I think most of them. Right. Should be showing the number. How would I know who's logged in? That's a good question. Huh. I'm sure it shows me somewhere being where the currently logged in users. Huh. Yeah, I'll have to dig into that. I've never even looked for that in my Synology. And of course, now that you say it, I definitely should look for that. Because I guess what I'm saying, what am I saying, Dave? I guess what I'm saying is that, what am I driving at? I'd be a bit concerned about doing file sharing from the machine that one is also doing their work from. Well, if some of us don't have a choice to be fair. Yeah, if that's all you have or you're low on funds, then yeah, and the Mac can certainly do it. Of course. Yeah, as we said, OS 10 server makes a lot of things better. Yeah. This is interesting. I don't, huh. I'm sorry, Mac OS server. Yeah, yeah, yeah. All right. Yeah, I gotta figure out how to find that on Synology. Oh no, there it is. So if I go to resource monitor and connected users, I can see who is connected and by what protocol and what resource they're using. So I can see that I've got three computers connected via CIFS, which is, I think, another way of saying SMB, because that's how I'm connected to that. But I guess CIFS is a dialect. Yeah, exactly. Yeah, common internet files or something like that. But I see I've got three computers connected and they've got, you know, my general shares mounted. And then I have another one that's this computer that is connected via disk station manager, which is the user interface so that I can see this stuff. So that's in resource monitor and resource monitor connected users on your Synology. So there you go. Sweet. Yep. All right. Let's, yeah, let's run through a couple of these things. So we talked about splitting video in the last show and we heard from lots of you. Let's see. Alice and Sheridan actually wrote us and said that she has done this before with FFMPEG. She did not remember the incantation because it had been a while, but using FFMPEG from the command line, this certainly is possible. And when that's possible, then that means that maybe something with a GUI interface can do it. So Nick wrote in and said, you talked about splitting video files. He said, number one, quick time player 10, can trim, start and end of clips, open your clip and type command T, which puts it into trim mode, trim away and then save. Number two, AvidDemux, A-V-I-D-E-M-U-X is a better solution that allows full editing and saving without re-encoding. There are Linux, Windows and Mac versions available, and best of all, it's free. So that's going to be a good answer there. We will put that into the show notes. Listener Jeff also wrote in about this, and Jeff says, the best front end for FFMPEG that he's found is vidconvert from regiashworth.com. The program is not free, but it's only $7.95 and is very Mac-like, he says. So we'll put a link to that. It looks pretty. It looks like another good one there. So thank you very, very kindly. Jeff, very good stuff, fun. Listener Pom wrote and said, for the question about editing video files without re-encoding, iSkysoft Video Converter does some editing and if the format permits, they do what they call high-speed conversion. He says, I'm not sure if doing a high-speed conversion, you can cut out some parts and then keep the high speed, but that would be worth looking into. He says the interface is very simple for basic editing, cropping, rotate filters, et cetera. And I've used some of the iSkysoft stuff and I find it reliable even though it might seem like it's a little wonky. So we will put that in the show notes too. Moving along, we had any thoughts on the video stuff, John, before we jump to the other topics about which people wrote us? No, it looks like front-ends to FFMPIC. I think that's pretty much what they all are. Yeah, exactly. All right. And then Larry wrote, he says, for Jeremy's problem in 659 talking about fixing album art and all of that stuff, he says, rather than shelling out his hard-earned money, try using the open source MusicBrains with a Z at MusicBrainsWithAZ.org, Picard.MusicBrains.WithAZ.org, and we'll put a link to that in the show notes too. So thank you very much, Larry. Good stuff. I had no idea that MusicBrains existed, so I always like it when we find new things because that is the goal. Right? Good. Brains. Brains. Okay. And then we actually got a couple of comments about this one. Brian wrote in again about show 659. He said, my suggestion for the person who had problems recovering images from an old SD card is to try card raider from Ecamm. That's Ecamm with two M's. It cost $19.95 and has worked extremely well for me in the past for problematic SD cards. It indicates that it can recover somewhat corrupt files and has very positive reviews. So thank you very much, Brian. Good stuff. That's handy. I don't know that I even knew that Ecamm made that. They make call recorder for Skype and other stuff that I've used over the years, but I had forgotten about card raider. So very, very cool. And well, one penultimate follow-up to last show, because I think you're going to take the final follow-up, John, is from listener Paul, who said, on MacGeek of 659, you mentioned that the home library folder could be displayed in the finder drop-down menu if you selected option or alt. That's by the go menu. And it's totally true. If I sit here and I go to the go menu and I hit option on my computer, the library option appears in the finder's go menu. However, as Paul astutely notes, I think in Mac OS Sierra, this has changed and you now need to hold down shift to expose the library folder. He says, I can't imagine why Apple changed this, but it took me some digging to find out after the option key or alt key no longer worked. You are totally right, Paul. Because I use a Tascam USB interface as part of the setup here for MacGeek and Tascam didn't ever release Sierra drivers, this computer is stuck on El Capitan where option still works in the go menu. So I got to replace this thing and just upgrade to Sierra on this computer, which I'll do. It's time. It's time to get past it. Maybe Focusrite makes me a decent audio interface I can use that actually has Sierra drivers. There you go. Good stuff. Thank you. Thank you. Thank you, everyone. John, though, you have, as I alluded, yet one more follow up. We talked about the Bitdefender box last show, and as it turns out, you've got one. I got one. I already got one, you see? I don't know if I would say it's very nice, but well, there's good things and bad things about it. So to explain the Bitdefender box, we described it last show. It sits past your router and is there to monitor all of your network traffic and keep you secure not only from the outside world, but also from any exploits that say your Internet of Things devices or other things internal to your network might have. And if one of those gets compromised, the Bitdefender box is, in theory, built to notice that and alert you so that you can compartmentalize that. And I like the concept, right? That's exactly where this kind of stuff should be done. I've always said it should be done in the router, but the Bitdefender box sits past your router or does it? And the thing is, so during setup, I determined one thing. Well, I determined a number of things. Yeah. But the first is that it is the router. Okay. It replaces your router. Oh, I see. Really? So in order for it to do that, it's going to have to provide network connections. And it does that. And it does that. All right, here's some of the kind of bad news, though. I was seeing some different colors when I was hooking this up. So the first thing I assumed like you, Dave, was I just plug it in my network because they said, well, plug it into your router. And I'm like, okay, well, I plugged it in my router. And I was like, huh, that light's not a color it usually is. Why is that? Because the hardware in this device is 100 megabits per second. Oh, it's supposed to be the thing that sits between me and my internet connection, my cable modem or whatever it is upstream. And the maximum data it can pass is 100 megabits per second. Because it has a 100 megabit per second ethernet port. But pretty much everybody in the US now can easily get 200 megabits or faster. Correct. From Comcast Time Warner, etc. That makes this a non-starter right out of the gate. Yes. So it offers 100 megabits per second and an 802.11b slash g slash n. No, it's missing there. No ac? Correct. Wait, okay, wait, wait. I'm just going to ask this question because it seems crazy. It sounds like this box was made five years ago. You found it in a pile that you think you got at a recent show. Is it? Oh, I absolutely did. Okay, but I'm just going to ask the question. I think I know the answer. So it's sort of a loaded question. Is it possible that you have an old version of this box or do you have the latest build? I went to the web page and the specifications match what I observed. So there you go. It's 100 megabits, 802. And I knew that answer. I just wanted to make sure that listeners thinking, wait a minute, this sounds old. All right. Because it does sound. The one for some, yes. And the hardware, the hardware cost of a 100 megabit chip and 802n radio is less. So I don't know if it was cost-cutting measure or what. Well, you know what it could be though, because I mentioned this in the last show. You need a really beefy CPU to monitor all of that traffic. So it's possible that they chose networking speeds. It's possible that if they had chosen, say, 802.11ac and gigabit ethernet, that the speed of this thing would still only pass stuff at 100 megabit-ish speeds because of the CPU power required to monitor all your traffic, that it's just not fast enough to go any faster than that. It could be. I'm just saying perhaps that's the reason. Now the way I have it set up. So one option is you use it to provide your hardwired and your wireless. Okay. And it'll do that. I made a second choice in that I put, they're like, oh, well, the other thing you could do is if you have another Wi-Fi router, you can put that in bridge mode. And that's exactly what I did. So my Eero is currently in bridge mode. The bad news there is that you lose a lot of the things that you can do when it's the router. But let me continue. And the final thing is that so my, with the Eero, which has gigabit speeds, I pay for 110 megabits down. Right now, when I do a bandwidth test, I get about 85. And I think that's a combination of it doing all this packet inspection and because it has the 100 megabit port. But let's move past the hardware. Okay. So that's one, yeah, to me also, a disappointment. But if you have a better Wi-Fi, you can put it in bridge mode. And that's what I did. Right. Okay. And then I went to set it up. And so they offer a management app, either on iOS or Android. So of course, I did the iOS one. And then what happens is once it does its thing, you can see a whole bunch of information in their management app. So it detects all your devices. It registers them. And then based on the type of device. And then so one thing it does is it scans your devices because it's seeing all the network traffic. One is that it'll do a rudimentary security check on your devices to make sure that you have a lock code or you don't have a lame password or something like that. And it'll give you a notification if anything is set up in a poor fashion. So that's kind of nice. I didn't get any of those notifications because I have passwords that are all my stuff. But that's kind of nice too. And then so that's one thing the app shows. So the app shows here, I'm looking right now, it shows, okay, well, I've protected 5.43 gigabytes of network traffic so far. It shows the most active devices on my network by traffic. So that's useful. That's cool. Yeah, I like that. Notifications, I don't have any. And then devices, and then it'll list your devices very similar to like the era where, you know, any other router is that it'll show each of the devices. And then, depending on the device, you can, so normally registers them all as a guest device. But then if you register as a family device, then you can get a certain level of control over it. Okay, right, right. Okay, all right. So depending on the device, go ahead and finish. What do I mean by control? Well, depending on the device, you have to install additional software. If you're on a Mac, you can install their Bitdefender software on the Mac. Okay. And it does the antivirus and malware and stuff like that. And I would say that software, I gave it a good, and it'll send notifications to the management app. I would say that their antivirus and their malware detection is very nice. Okay. So nice. So when I actually did a scan, I did a full scan, it actually found a couple of pieces of malware that I had on my system that I saved just for, you know, old time sakes, and it actually threw them away. Sure. Which is good. And it also sent an alert saying, hey, you have this malware, hey, you have that malware in it, you know, sent the alert to the management console. So if you want to make sure that people in your family are not downloading silly things or malicious software, this is good for that. But you said it, in the pre-show chat, you said that software is chewing up a ton of your CPU. Is that right? Yeah, it depends on what you regard as a ton. I mean, I'm looking right now, and I'm looking at my Mac Mini. It's not really perceptible. I didn't really notice it on my MacBook Pro because that has a beefier processor. But I'm looking right now. And so I have currently, it shows two processes, BD agent and BD core issues. Each one's taken 100%. Is that the computer that you're also using for Skype for this podcast? Correct. Oh, I don't like that. Well, I still have idle pro. Well, the thing is, technically on this machine, I have 400%. It's dual core and a type of threading. But it's taken up a good chunk, more than I would expect. And you're not, it's not scanning. I mean, it's not like scouring your drive at the moment. It's just monitoring. This is like it's idle mode, if you will. Is that right? Yeah, but the benefit, again, with the various components is that as soon as you get a piece of malware or adware or whatever, it immediately sees it and says, well, I'm going to kill this off because this is bad. I would argue that something that uses 200% of my CPU is in and of itself malware. But you know, that's just my description of malware because anything that's going to chew up my CPU and not let me use it for what I want, no go. So I have another thing about this. I asked you before the show because I noticed that our Skype connection was not direct. It is relayed, although now it's not relayed. It got unrelayed magically somehow because Skype is magic. But it led to the question, hey, you said, well, it doesn't support UPNP, which makes sense. We've discussed the security implications and, you know, risks of UPNP. I can totally grok by a device like this would not use it. However, I said, well, can't you just go into the Bitdefender box and issue a port forward like you can on every other router on the planet? And the answer? As far as I can tell, no, I haven't found it. That's messed up, man. You gotta be able to. And that makes me unhappy too, because for example, by open VPN server, I can't get to it now because I had the port forward on my Eero, but because the Eero is in bridge mode, I can't do that. Right. And I don't see any way, maybe there is, I mean, you know, have a chat with them or they'll chat with us, I'm sure. I'm sure they'll hear this and want to chat. Yeah. I don't know. They're probably going to be at a, we have an event, which I gather we're going to come and visit. If they're there, let's have a chat with them. But, you know, I'm not totally bashing them. Again, the scanning software. Good. Yeah. Well, I mean, you can get the scanning software separately, just you can get Bitdefender for Mac at bitdefender.com, right? And there's nothing, well, there might be something wrong with that if it's going to use the amount of CPU that you're finding, but maybe not, right? So, there's that. And I like the concept of this Bitdefender box because it does have, I mean, it does the monitoring that people like, you know, what sort of generally becomes called Intrusion Protection Service or IPS, sorry. That's a good thing. You know, but it's a difficult task to accomplish. And, you know, like Synology, you can install IPS on their routers. And as long as you configure it right, you can get a few hundred megabits per second out of the thing, which is generally going to be enough for internet speeds today. So, I don't know. Okay. And there's some other things. All right. So, on the Mac, for the most part, what it does, so there's two things you can get from the Mac. One is their antivirus malware adware. And that, as far as I'm concerned, is very good. They also offer a, and they'll tell you this. So, if you go to the web interface, they'll tell you, oh, we also have a Safari extension that can warn you about certain browsing things. And there's also other things behind the scene. So, because you're connected to them and you're kind of connected to their security cloud and all that, if you try to go to sites, though, this is already provided elsewhere, it'll tell you if you're going to bad sites or if you're exchanging, you know, certain information. All right. We're going to wrap this up because, Frank, it's a cool concept. I'm glad we talked about it. But certainly, from what you're telling me, my advice at this point is, don't recommend now watch for the future. Would you tend to agree? I want to just mention one other feature and then, yeah, let's move on. No, what? No, because I think it was very clever. So, if you put an iOS device under its care, and it installs a profile for it, and I'm like, oh, that's interesting. Here's what happens, which is kind of neat if you're concerned about Wi-Fi security. If you connect to a Wi-Fi access point that isn't them or part of your home network, it activates a VPN. Oh, that's pretty cool. That I thought was pretty cool. Is that VPN to your home network, or is it a VPN to their VPN server? Yeah, they call it private. The VPN icon comes on, so they're providing a level of protection if you're not on your home network for iOS device. And there's some other features that are available only on Windows or Android. So, yeah, I guess I would wrap up is that it... No, it's a no-go. There are a number of shortcomings. I would say the speed's kind of killed it for me and because it kind of takes over the network. But you go to their site, you can get one, they have a return policy if you don't like it, but it may do it. I think it's probably better for Windows and Android users rather than Mac and iOS users. And that's... Not if you have any sort of speed to your network connection. I think it's... Check them out in six months. If they can update the hardware and clean up some of these issues, it's a good idea. Yeah, it's a good idea. All right, cool. Let's move on to David and perhaps help some folks here. So, David writes, he says, listening to 659 about Apple Music, it reminded me of something. I have a couple of older iPods, a shuffle and a first-gen Nano in a drawer recently and wanted to use them to put the grandkids' playlists on to keep the infighting down in the car. Smart. I then found out that there is no way to put songs from Apple Music onto devices that do not support the iTunes app. No devices like the Touch or older iPhones would work, but no app equals no songs. And yes, I tried using iTunes and the drag and drop to manually manage the library, but it will not let me copy Apple Music songs onto these devices. And it's true, those devices don't have the software in them to decode your DRM because you can't put your profile on them. It's just not the way the OS on those things works. And Apple tells you as much in their knowledge base. They've got an article that confirms this. So the only way to put music onto those devices is if it is non-DRM music, or at least non-Apple Music DRM music. And there's no official way to remove the DRM from Apple Music tracks because they're, you know, not yours. They are at least to you as part of your subscription. You're either streaming them or you can download a copy to play, but it still has to have the digital rights management on it. But enterprising folks out there have found ways. And ondasoft.com makes their iTunes converter that does strip out the DRM. I think it re-encodes the track, so it's a little more than just stripping out DRM. You might lose some quality in this process, but probably not anything that most of us would notice on most tracks. There's questionable legality about it, depending on your jurisdiction, and also questionable morality. Obviously, if you're paying for your Apple Music subscription, that's not so bad. If you continue using these tracks after you've stopped paying for your Apple Music subscription, that most definitely goes against their terms of service, and may or may not go against your moral terms of service, depending on who you are. But I figured I would throw that out there because why not? It does exist, so we'll throw it out there. Thoughts, John? People still have those? Yeah, that's the thing. Well, they're flash-based, right? So they're probably going to run for a good long time. Interesting stuff. We've got a couple more things to go through here, John. Do you have anything more on that one, or is it time to move to Robert? Moving on. Moving on. Robert writes, he says, is it possible to use an external hard drive in a Drobo system? If not, what's the difference between the hard drives used in external units and the hard drives used in internal units? So I think I'm understanding the question right, but I will be pedantic about this just for the sake of clarity for anyone listening. Drobo units don't support you attaching a hard drive externally to be used in the Drobo data blob, if you will. Drobos are these units, either direct attached or network attached, where you pump a bunch of hard drives into them, and then it manages this one big blob of storage with fault tolerance in case of drive or two drives, depending on how you configure it die. It can still maintain all your data. There's some speed benefits to it, because, of course, you can read and write to multiple hard drives simultaneously and all of that good stuff. But it generally displays as one big blob of data, and the drives need to be inside the Drobo for it to use it that way. In fact, I'm trying to think if the new 5N2 has a USB3 port on it for any reason, but I don't think it does. Even if it did, you couldn't put an external drive on it that would be sort of slurped into the main Drobo data blob. However, you can crack the case open on that external drive if you're not using it for anything else and put that drive inside your Drobo in most cases. A couple of things to think about. Any data that's on any drive that you plug into a Drobo or a Synology or anything like that is going to be wiped out by the operating system on it as it absorbs that drive into its data pile. So, if there's data on that drive that you want on the Drobo, connect the drive to your Mac first, copy it to the existing data store on the Drobo, then put this drive in, and the Drobo will manage the process and get the data to it. So, just know that when you plug a drive in, it will be erased in that sense. There are recommendations about what types of drives work better and not so much better in these sort of always on, always active RAID type devices. And generally desktop drives, a lot of companies called them green drives for a while, the power saving drives. A lot of those don't tend to work well for a long time in something like a Drobo. It'll work initially, but those drives tend to take a long time to recover when they notice an error within themselves. All your hard drives, they're going to have some built-in error correction. If they notice a sector that's bad, they'll remap it, but they go offline during that remapping process. And with those green drives, that offline time is generally long enough that it registers an error in the Drobo. And with more than a few errors, the Drobo will actually blacklist your drive and won't let you use it in that Drobo ever again, even if the drive is still mostly totally fine. And that's just to protect you against having data or a drive that just fails. So, yes, you can take your external drives and put them in your Drobo or your Synology. And that's one of the things I really like about both Drobo and Synology is that they allow multiple or different size drives to be used. And in most cases, we'll allow you to see all the storage on all of your drives, even if they're all different sizes. So, yeah, that's sort of the point. But just know that, depending on the type of drive, it may or may not last as long as another one. You might only get a year out of it instead of three years or, I don't know, something like that. Thoughts, John? I remember doing something like this with the Synology. I remember you can plug a USB drive or stick into it though. Yeah, like you said, it doesn't fold it into the array. No, but on the Synology, it will let you address that as an external disk. But I don't think the Drobo works that way. I don't even think it has USB ports, but I could be wrong on that. Okay. So that's a nice Synology feature. Yeah. I temporarily want to pull data off of a USB device. It's probably quicker to plug it into the Drobo than it is to do it over your network. Into the Synology, you mean? Synology, yes. I actually have a Gen3 Drobo, a USB3 Drobo attached to one of my Synologies, and that's what my Synology backs up to and has for a long time. And it works great. I know it sounds kind of crazy, but it's actually a great little setup. It's fun. It's crazy. I know. I'm nuts. What can I say? Hey, we have a couple more questions, but I do want to give a shout out to all of our premium subscribers who either added their subscriptions this week or renewed or contributed in any way this week. So big thanks to at our $25 every six-month biannual level. We have new subscriber Jeff Kay, thank you. James B, thank you. And John Z, thank you to all three of you. And at our monthly $10 level, we have Michael P to thank, Dave C, Michael L, Jason A, Bob P, Frank K, Michael L, and David B. Thank you to all of you. You rock. Your continued ongoing support is awesome. It really does make a difference. And then we had a couple of one-timers this past week. $50 from Bob L. Thank you so much, Mr. L. And $100 from Rod R. So thank you, Rod. You rock and you know it. So thanks all of you. If you want to learn more about that, macgeekab.com slash premium is the place to go. So thanks very much. All right, I had a question from Kevin that is very specific to the scenario or started out as being very specific to the Synology Router, but it really is just one of these general things that hopefully you find handy. Kevin writes, I'm looking for a new router, so I re-listened to a few of the old episodes. He said in 642, he says, I thought you said you had to type your ISPs download speed in the router settings and the Synology RT2600AC and actually both the Synology Routers only allow kilobytes. So I wondered if someone could type the wrong number. And yes, it is possible. The good news is now the Synology Router, even though it defaults to kilobytes and will always display kilobytes when you come back to that screen, you can change it to megabits while entering data because that, in fact, is what your ISP likely reports and what speedtest.net reports. So this is when you're configuring quality of service? Correct. That's exactly right. Thank you for that. Okay, just wanted to interject why you would even have to tell you. Why you would want to do this? Right, because if your router needs to know your speeds so that it can manage your connection and shape your traffic properly. Wouldn't it be nice if it could do that for you? I know the technology's out there. It could. Iroh does it. I don't know why Synology doesn't. Well, yeah, when they do their daily speedtest, I guess part of what they do is they set that cap to about the dreaded buffer bloat. That's the idea. Although Iroh, some people at Iroh tell me that they don't employ any sort of QoS. Every bit of my testing refutes that, but that's how it goes. All right, but here's the thing. There's eight bits in a byte, so this math isn't just drop a zero and you're good to go. So I always employ Google because Google is a great calculator and it's very explicit about units. If you go into Google, what I do is I type 5050 space M, capital M, lowercase BPS, so that's megabits per second, equals question mark because I want to know that variable, and then I put my units KB both in caps B, or KB both in caps and then PS, kilo bytes per second. The problem is Google doesn't care about the capitalization of that B in kilobytes, and the reason is not everyone cares about that. With megabits versus megabytes, the lowercase B versus the uppercase B, lowercase B versus bits, uppercase B versus bytes, that seems to be the general accepted standard, but because kilobits and kilobytes were referred to simply K for so long, this whole capitalization of the B is not as standard as I would like it to be, it seems. So you will not necessarily get the right answer from Google, but the good news is Google will show you right there in the results. So you type 50 space MBPS, space equals, space question mark, space KBPS, enter that into Google. It'll say data transfer rate, because it figured out that that's what you're asking it about, and on the left side it says 50 megabits per second, on the right side it'll say 50,000 kilobits per second, but you can drew a little drop down where it says kilobits per second and change it to kilobytes, and then you get your calculation, 50 equals 6250, and that's the best way I've found to do it, because you're seeing the units written out, and I suppose you could do the same thing with the search, you could just say 50. Would that work if I just typed in 50 megabits per second and wrote it out? I think it probably would. It's crazy doing all this math, John, right? I'm typing it now. Yeah, it totally works. Yeah, so put that search into Google and you're good to go. It's crazy. Capitals, they matter, John, except when they don't, you know? Mm-hmm. All right. Do we have... All right, we'll answer Corey's question. I feel like we've got a little bit of time here. Corey writes while we're on the router subject. He says, I just installed, or I just got installed, AT&T fiber at my house, which is a gigabit up and down. The router slash modem is supplied by AT&T and can't be changed. The device can't be set to bridge mode. Given the speeds of the connection, I need to make sure that whatever I do is efficient and can pass data fast enough to actually utilize the available bandwidth. Wired speed tests directly connected to the router give about 950 megabits in both directions, which is what I would expect. That's really fast. Wireless tests on my MacBook Pro give me about 500 in both directions when I'm right next to the router, and wireless on my iPhone gives me about 350 in both directions in the same location. A couple of rooms over, however, and Wi-Fi performance on both the laptop and the phone drop to about 50 in both directions, so the radios in this device aren't great. In the past, I've always set the modem and router combos to bridge, and then I just use whatever I want at the best router at the time to handle everything, but with this setup, I can't do that. I basically have two options, he says. I can use a router. So this other point of this question, and the reason I wanted to share it, is what's the best setup when you know you have to do what effectively might be double-nat, where you've got two routers in place if you want to get the features you want? He says, number one, I can use a router, either the Synology or perhaps one of the mesh options connected to the AT&T router in access point slash bridge mode and use it only for wireless connections and let the AT&T device handle my routing. I don't know if the routing performance on the AT&T device is, I don't know about how the routing performance is on the AT&T device, and I'm sure there are features I would be giving up if I did this. The other option is to put the AT&T device into what they call DMZ plus mode, which forwards all the traffic to one other device, and then point that at either my Synology or mesh router in router mode. My router would get a private address, meaning I would have double-nat, but supposedly all the traffic would be forwarded to my router, and then the router could do with it what it pleased. If I did this second option, would I want to put the AT&T on a different range as my internal network? The AT&T router would have my public IP, Synology router would have a 10.0.x address, and then my normal devices would get the Synology's 192.168 IPs. Alternatively, I could put everything on 192.168, and should I do that? This is, like I said before, I need to be a bit careful because even a small decrease in efficiency can bring my speeds down from 950 to more like 600, and that just won't do. Well, I don't blame you for that, Cory, even though I would love to have those speeds here. That's just not an option, at least not at any reasonable price point. In order of importance, based on what I'm understanding about this setup, I think you would want to have two separate IP ranges. I don't know enough about the AT&T router's capabilities, but knowing that you enjoy some of the geeky stuff, Cory, you're probably going to want the routing functionality of that Synology device if you have it. I'm putting an asterisk there because I think there might be a better option for you. You would want to have two IP ranges if you're going to do double NAT. There's no question about that because you would want to know that any time you're talking to a 10.x device, that's the one upstream at your AT&T router, and you want to know that any of your 192.168 devices are your internal network. Confusing those is going to cause a great deal of headache, I would think. Right, John? I suppose, yeah. As for wireless, you're not going to, I don't think you're going to get, certainly not with ADO 2.11 AC, you're never going to get 950 megabits per second wirelessly. Even with AC doing 433 megabits per second per stream, most of your devices only support two streams, which is 866 theoretical, and that's probably about 400 real-world max, which is why you're getting 350 from your iPhone. Your iPhone is dual stream, and that's where that math works out. Your new MacBook Pro and an iMac support three streams, so 1300 theoretical max have to 600 is where you're getting your 500 megabits. You are seeing the maximum throughput that your devices will do on ADO 2.11 AC when you're in the same room. There might be some client devices out there that can do four streams, but I've not come across them. Apple certainly doesn't make any. The Synology router is a four stream router, and that's, if you want just one router, that's still what you want, because with beamforming, the router and the client devices pick the best of those streams. If you've got four, and your iPhone only has two, your iPhone and the router will negotiate and pick the best of those two to get the maximum throughput, and the same with your iMac and MacBook Pro. If you go with any of the mesh options, all of them, for the client-facing stuff, so the stuff that would connect to your devices, is all 2x2 radios, even the Orbi. I know there's some of you saying, but the Orbi has a 4x4 radio, that's true. The high-end Orbi does have a 4x4 radio, but it's only for connection between the Orbis. It's just for the backhaul. Fronthaul is all 2x2, which means two streams, maximum throughput of that, about 350 of what you're reporting there, Corey. Even on your devices that would support three, obviously the mesh stuff only does two. But the benefit there is you can put the mesh stuff in multiple rooms and have access points all over the place, which is going to help when you're not in the same room as your internet connection. If you do go with any of the mesh options, though, knowing how much you're caring about efficiency, I would really focus on getting some mesh option that allows you to do Ethernet backhaul. Because you might wind up putting Ethernet in your walls, or you might use something like Mocha, and then you're able to let your wireless stuff be as efficient as possible. So that rules out the Orbi, because at the moment the Orbi still doesn't do Ethernet backhaul. It rules out the Amplify HD points because they don't have Ethernet ports on them. But it does leave you with Eero, Vellop, Luma. Those all support Ethernet backhaul. The Eero and the Vellop can both now be put into bridge mode. So if you are willing to use just the routing features of your AT&T device, then you could avoid double that and just put your wireless mesh and bridge mode and just let it be your mesh. So it depends on the, you know, you got to kind of make some decisions about how complex you want your network to be, and also where you want that complexity to lie. There you go. Thoughts, Sean? I hate when you can't have full control over your devices. I know. I know. But you know, he traded, right? He could have Comcast at whatever, 200 megabits a second, but he has AT&T at 950. So, you know, it's a little bit of a, a little bit of give and take. So there you go. Yeah, kind of like me in this little box. I don't have full control and I don't like it. No. That's right. Yeah, exactly. Exactly. Craziness. Well, you know, that's how it goes. I think anyway. It's time. So it goes. And so it goes. That's what we like to say. That's what this guy said. Somebody said that. I don't know who it was. It was Kurt Vonnegut. It was. That's true. That's true. Well, we told you how to email us. We did not tell you, if you're a premium listener, that you get access to our special premium at macgeekab.com email box where we prioritize the stuff that comes into that. As you know, we try to answer every single thing that comes in to all the boxes. But we do give a nod to the premium stuff, at least when we're, when we're digging in, so that those of you that were able to help us directly are getting helped by us first. So that's premium at macgeekab.com. You can also call us 224888geek, John, which is 4335. That's correct. And of course, find us on Facebook. Go to macgeekab.com slash Facebook to join what I think is the best Apple focused tech support community on the internet right now. Really, really great questions, great answers, just great people involved. And I love it. So thanks to all of you that help out in the community. Thanks to all of you that post there. It's great stuff. We could, and I think even we have done almost entire episodes based on questions that come from there. So it's really, really good stuff. I want to thank Cashfly, C-A-C-H-E-F-L-Y.com for providing all the bandwidth that gets the show from us to you, all the sponsors in our podcast marketplace. Of course, smile at smilesoftware.com slash geek. I wanted to say two different things. Barebone software at barebones.com, Bitbucket at bitbucket.org slash for the code. And of course, other world computing at macsales.com. Have an excellent week. Watch all our WWDC coverage. We're going to have fun out there digging into whatever it is that Apple and all the related vendors show us. We will see you on Sunday again. And please, please first, no wagering, because the keynote's coming up. So, you know, that there's that rule. And then secondly, of course, don't get caught.