macOS Sierra Beta

August 24, 2016 1:12 pm , Leave a Comment ,

Apple has been seeding developer previews of macOS Sierra (10.12) since the Worldwide Developer Conference in June. I installed developer preview 6 and have been using that and version 7 since their release. Fortunately, everything seems to be running quite well.

One of the features of 10.12 is Siri on your Mac. The one thing I use Siri for the most is the clock functions. Timers and alarms. I tried setting a timer on my Mac using Siri, and there’s no functionality for that in 10.12.

Perhaps Apple will add this functionality. In the mean time we are seeing SiriKit being made available to iOS developers in iOS 10, so perhaps we’ll see something similar in macOS 10.13.

Siri on macOS

Posted in: Information Technology , Tagged: , , , , , ,

Standing Desk

October 16, 2015 10:06 am , Leave a Comment ,

At my work, I have a motorized standing desk. I was looking for apps that would remind me to stand and sit at regular intervals. In the long run, I want an app that conditions me, so it starts at standing for an hour a day for a week, then two hours a day for a week, and so on and so forth. I can’t find that app. Instead I made a quick AppleScript that will prompt me to change position every 45 minutes.


set answer to ""

repeat while answer ≠ "Quit"
set answer to the button returned of (display dialog "Please rise." buttons {"Quit", "Okay"} default button 2)
log answer

if answer = "Okay" then
delay 2700

else if answer is equal to "Quit" then
tell me to quit
end if

set answer to the button returned of (display dialog "Please be seated." buttons {"Quit", "Okay"} default button 2)

if answer is equal to "Okay" then
delay 2700
else if answer is equal to "Quit" then
tell me to quit
end if
end repeat

It’s been a long time since I’ve done any AppleScripting. I forgot how human it is. I expected not equal to to be !=, when it’s just the not equal to sign (≠). I expected else if to be elseif.

I’ve thrown it up on my GitHub repo, you can find that here. A compiled version can be found here.

Posted in: Information Technology , Tagged:

Doctor Who Serial 062 – The Sea Devils

September 23, 2015 11:49 am , Leave a Comment ,

What better use of being sick in bed than watching Doctor Who?

vlcsnap-2015-09-20-12h37m08s588

Synopsis:

The episode begins with a sinking ship and The Doctor visiting The Master in prison. OH. MY. GOD. The Master is actually running the prison he’s a prisoner in! Dum dum dum! Something is peculiar about that sinking ship, so The Doctor investigates, this leads him and Jo to a Naval base, from where they visit a “sea fort.” Their motorboat is exploded… by SOMETHING!

Seven months later, I’m no longer sick in bed, and I find myself watching Doctor Who again.  Episode 3 began with a sword fight between The Doctor and The Master. It might have been one of the greatest episodes ever. The vast majority of episode takes place when The Master insists the warden of the prison takes The Doctor into custody. It’s up to Jo to free The Doctor, and she does, by pretending to be an ottoman while The Doctor pushes a guard over her. Jo then delivers a karate chop that Jon Pertwee must have been proud of as the guard falls down.

vlcsnap-2015-09-20-12h36m49s078

Episode 3 ends when The Doctor and Jo are making their escape. The Master summons a Sea Devil, and our heroes are faced with prison guards on one side, a sea devil on another, a cliff with The Master behind them, and a mine field to their right. Roll credits.

The Doctor eventually goes down to the sea floor in a capsule and meets the Sea Devils. He proposes brokering peace negotiations between the Humans and the Sea Devils, while The Master is just a shit-disturber and trying to TAKE OVER THE WORLD!

Eventually is leads to shots of people in ridiculous costumes proceeding to war. The visuals are amazingly hilarious.

Then The Doctor encounters the invasion force, and YES! Pertwee’s karate chop is the highlight of his era in Doctor Who.

It’s strange that the main story of this episode seems to resolve itself with a firefight. Not the most Doctor Who of resolutions.

Then The Master escapes with a karate chop. Which leads to a watercraft chase

Overall, a worthwhile episode.

Posted in: Television , Tagged: , , ,

NetGear ReadyNAS Time Machine Backup

July 27, 2015 5:07 pm , Leave a Comment ,

It seems you cannot mount your Time Machine backup on a ReadyNAS device using normal credentials. Time Machine is segmented off with a special user. Which means I needed to restore my computer using Migration Assistant. It took FOREVER over wifi. However, I seem to be missing my Aperture Libraries. What’s the solution? Assuming it was backed up, I need to find the sparsebundle. It took a lot of searching, but I found it, and will share my brilliance with you in case you ever need to find it, too.

/data/.timemachine

To access: SSH in as root. Then copy the files to a SMB or AFP accessible directory.

cd /data/.timemachine
cp -R * /home/<yourusername>

Posted in: Information Technology , Tagged: , , , , , , ,

New Job, New Server

July 13, 2015 8:24 pm , Leave a Comment ,

Adam

If you weren’t aware, when the month changed from June to July, I also changed jobs. I graduated from elementary school to high school. Today was the first day at my new job where I really had time to myself to do what I please. It was time to play with servers.

The school already had a Hyper-V setup, so I installed a copy of Ubuntu and hit the ground running. Once I had the IP setup and SSH enabled, I was ready to go. First thing to install was Docker.

$ wget -qO- https://get.docker.com/ | sh

With that simple command I had Docker running on the server.

For those unaware, Docker is a container system for servers. It allows you to compartmentalize services on a server without the overhead of extra operating systems, like virtualization does. In other words, when you virtualize, you could have 10 virtual servers on one physical machine, all running full copies of Windows. That’s 10 copies of Windows. That’s a lot of overhead. Docker let’s you run on one single OS, sharing resources, but compartmentalizing services.

Once I had my server setup, I had to create a Munki repository. Munki is a program that allows you to easily distribute applications.

I started by creating a data storage container to hold my Munki files. I used this to guide me, https://registry.hub.docker.com/u/macadmins/munki/

$ docker run --name munki-data -v /mnt/docker_data/munki_repo:/munki_repo busybox

Boom, I had a place to store my files, but I needed to get at the files. So I set up an SMB share. This time it takes three lines of code. I’m not inventing anything here, taking generously from here https://registry.hub.docker.com/u/nmcspadden/smb-munki/

$ docker run -d -p 445:445 --volumes-from munki-data --name smb nmcspadden/smb-munki /munki_repo

$ docker exec smb chown -R nobody:nogroup /munki_repo/

$ docker exec smb chmod -R ugo+rwx /munki_repo/

Now I can access my Munki repo through the Finder on my Mac. Now to populate the repo. To do that, I opened up AutoPKGr, pointed it to the new Munki server, and starting running some .munki recipes. There were some new programs I hadn’t used before that I needed to include. Among them were GameSalad and Sonic Pi. There weren’t AutoPKG recipes for them, so I dove in, and now they’re available to the whole community. There’s still a couple titles I need to create recipes for, but I’ll get to that tomorrow.

Next was activating the web server. Munki is just files on a web server. Using Docker to create an Nginx instance shouldn’t be hard, and it’s already been done for Munki. So all I had to was type in:

$ docker run --name munki --rm -p 80:80 --volumes-from munki-data macadmins/munki

Easy peasy, right?

Wrong.

$ sudo defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "http://FQDN/munki_repo"

I, of course, replaced FQDN with the fully qualified domain name. It wasn’t working. Running managedsoftwareupdate on the computer was returning a 404 error. It wasn’t hitting the server properly. What did I do wrong?

After a bit of help from the author of the docker file, I discovered that it’s pointed to http://FQDN/repo, not /munki_repo. D’OH! I could have gone here and seen on the original file that repo is pointing to munki_repo.

But it’s up and running. I could now use Munki to have to client upgraded to OS X 10.10.4, so I can test Yosemite (or Yo, Semite!) in this environment. And that worked like a charm.

That was all I was supposed to do that day, but it was still early. Why not tackle one more job? Let’s set up MunkiReport-PHP!

MR-PHP is a program which lets the client computers report in and give the admin useful data about the state of the fleet. Fantastic! It’s also been Dockerized, so it should be easy. I found it on DockerHub, and I was ready to go…

As you can see from above, my Munki repo is sitting at /mnt/docker_data/munki_repo, so it made sense to put the config file for MR-PHP at /mnt/docker_data/munkireport.

$ sudo mkdir /mnt/docker_data/munkireport

$ cd /mnt/docker_data/munkireport

I needed the config file there.

$ sudo curl -O https://raw.githubusercontent.com/munkireport/munkireport-php/master/config_default.php

$ sudo cp config_default.php config.php

That downloaded the file and copied it, so I had a factory default if needed. I then ran the docker container.

$ docker run -d -v /data/munkireport -v /mnt/docker_data/munkireport/config.php:/app/config.php -p 80:80 macadmins/munkireport-php

Except the ports of 80:80 won’t work! EEK! 80 is in use by Munki. So I ran…

$ docker run -d -v /data/munkireport -v /mnt/docker_data/munkireport/config.php:/app/config.php -p 5000:80 macadmins/munkireport-php

So now I could go to http://FQDN:5000 and generate a password, which I would then throw into the config.php file, along with any other changes I might need to make. Hoorah!

And that’s it, easy peasy lemon squeezy.

Tomorrow I test Yo, Semite!

Posted in: Information Technology , Tagged: , , , , , ,

Yosemite Sam 10.10.3

April 15, 2015 10:44 am , Leave a Comment ,

OS X 10.10 Yosemite

In September, Apple released OS X 10.10 (Yosemite). September is not a good time to release a new OS from the point of view of a K-8 IT Manager. We need a few months before the school year starts to do testing, and that was not able to happen.

In previous years I had waited until the following summer to upgrade. This year with the implementation of Munki at the school, I wanted to roll out 10.10 to staff and students as an optional install after 10.10.3 or 10.10.4 was released. During the Passover break, Apple released 10.10.3, and that release led to a major realization.

Apple had patched a security vulnerability in 10.10, which is also present in 10.9, 10.8, and 10.7. This vulnerability gives a user access to root privileges, allowing one to install software. I can’t think of a better reason to roll out Yosemite.

Upon return from break, I used createOSXInstallPkg to create an OS X installation package. In other words, it makes an installer that one can distribute through normal distribution means; including Munki.

I ran my first test and I was getting an error saying the drive must be an HFS+ drive to install Yosemite. Turns out all it really means is that I have to enable journaling. It’s a simple terminal command to allow one to do that.

/usr/sbin/diskutil enableJournal /

That was easy. Now to do this for the entire school fleet. That’s also easy. I created a nopkg installer through Munki and was left with this file (hosted on GitHub). Once that was in Munki, I watched it go out without a hitch.1

Now that I could install 10.10.3, I did, but umm, why is it taking me through the setup assistant?

I booted into Deploy Studio and told it to skip the setup assistant. On reboot, the computer looked normal, but there was no local admin user (LBDS). Uh oh.

With an email to MacEnterprise email group, I was reminded of a discussion from months ago that Apple now owns users with a userID below 500, back then I wasn’t worried, our local admin user was 501. Turns out I was wrong. Our userID was 499.

To be able to roll Yosemite out to all users, I’d have to change the admin user. Do I make a new one and roll out that package through Munki using CreateUserPkg? Allowing Yosemite to erase the old local admin user? That could work, but what if it doesn’t erase the old user? I could delete the user using dscl, or I could just use dscl to change the userID. What about all the permissions? A quick Google search led me to here.

That would be easy to implement with a nopkg installation through Munki. And I did.

Now just to make those two a prerequisite for 10.10 installation and we’re Yosemite-bound.

  1. We had a weird problem where the actual script wasn’t running, so we put it in the install check, it worked fine that way. []
Posted in: Information Technology , Tagged: , , , ,

Doctor Who Serial 061 – The Curse Of Peladon

February 16, 2015 2:39 pm , Leave a Comment ,

Synopsis: The planet of Peladon wants to join the Galactic Federation. While awaiting Earth’s arrival, a man is attacked, and the curse of Peladon is believed to be responsible, at which point The Doctor and Jo arrive.

What I learned from this episode: If time travelling, don’t wear heels.

David Troughton as King Peladon

OMG! King Peladon is played by David Troughton… yes, the son of former Doctor Patrick Troughton.

Alpha Centaurian

So the delegate from Alpha Centauri is a giant jelly bean, and the delegate from Arcturus is a creepy spider head thingy.

Creepy

The Doctor and Jo climb up to the Imperial Palace and skulk around, only to find an Ice Warrior! However, it turns out that the Ice Warrior is the delegate from Mars, and is there at the behest of His Majesty the King.

The Ice Warriors are now a peaceful species living in harmony with Earth, Alpha Centauri, and that other planet.

The Curse is that a great beast that is now extinct and the symbol of Peladon will return, and when it does, a STRANGER WILL BE AMONG THEM!

Peladon is a backwater and thought of as primitive by the delegates. They’re not even sure why they’re there to discuss admission of Peladon into the Federation. And if the delegates don’t know why they’re there, nor do the audience.

It’s obvious from the get-go that the baddy is not actually any mystical beast or actual beast, but the King’s right-hand-man. He’s a dick who doesn’t want admission into the Federation, so he’s trying to sabotage it. He admits this to The Doctor, when there was no reason to tell. I think he’s just bad at bad-guying. Why he doesn’t want to be part of the Federation is anyone’s guess.

Episode four splits from the rest of the story to tell a political tale. The danger and murder is done as the King’s advisor has gone to split the Federation, while The Doctor tries to convince the King to replace him and promises the backing of the Federation in case of Peladonian civil war.

This story is kind of painful and drags throughout most of the final episode.

Posted in: Television , Tagged: , ,

Back to the Future Is The Future

February 5, 2015 12:00 pm , Leave a Comment ,

Natalia’s shop Future Is The Future seems to be going well. Since my last photoshoot, we’ve done two others.

IMG_6017 IMG_6002 IMG_6029 IMG_6063 IMG_6078 IMG_6080 IMG_6100 IMG_6140 IMG_6388 IMG_6325 IMG_6321 IMG_6320 IMG_6188 IMG_6152

IMG_6586 IMG_6602 IMG_6604 IMG_6617 IMG_6682 IMG_6771 IMG_6802 IMG_6843 IMG_6851 IMG_6889

Posted in: Photography , Tagged:

AutoPKGr

February 4, 2015 11:47 am , Leave a Comment ,

I’ve been using Munki at work for some time. Munki is a system for central management of package installation for OS X computers. It allows end-users to be forced installs from IT, and allows a catalogue of IT-approved installs that end-users can install themselves. It’s really handy.

However, to manually add packages all the time, with constant updates from Google, Mozilla, Adobe, Apple, Evernote, and more and more, all my time would be spent searching for updates. Instead I use a command-line tool called AutoPKG which looks for updates from any program you specify (assuming a recipe has been created), and AutoPKG will download it and install it into your Munki repository.

With the quick command “autopkg run -v Firefox.munki Thunderbird.munki MakeCatalogs.munki”, autopkg will run the Firefox and Thunderbird recipes for Munki and then tell Munki to remake its catalogues.

AutoPKGr is a graphical interface for AutoPKG to make management easier. Instead of having to touch the terminal, I just click off the recipes I want to run and schedule it to run every _ hours. I then give it details to be able to send emails, and I get email notifications of updates.

Screen Shot 2015-02-04 at 11.36.20

I even made a recipe to auto update a package that was missing in the repository. Apparently not enough people use Kobos outside of Canada, and as such, no Kobo recipe was created. I made one!

Recipes have many different functions. For work I mostly just use the .munki one, as it downloads, packages, and imports into Munki. There’s also a recipe format to import into one’s JAMF CasperSuite. We don’t use Casper, as it’s super-expensive, but a fantastic suite. At the core of each recipe is a .download recipe, which just downloads the file. There’s a .pkg recipe which calls the download recipe then packages it. .munki and .jss recipes would just follow the same theme, grabbing from the previous information.

A short while ago, AutoPKG added an .install type. This is what I’m really writing about.

At home I have a computer which I use for classic gaming emulation, and occasional video streaming. If I’m watching CBC’s election coverage on my TV, sadly I can’t get that without a computer. I had an old Mac Mini, so I plugged it into the TV video HDMI, put some classic games on it, and use it to stream video when needed.

During the last provincial election, I found that my Flash was out of date, as my Safari, and Chrome, and Firefox. I needed to update all this software.

Why don’t I automate it?

I installed AutoPKGr. Opened it up, told it run every 24 hours, put in email details so it could report to me. Added the .install recipes for Adobe Flash Player, Firefox, Chrome, Silverlight, and VLC.

Now, once a day, my computer looks to see if any new software is available, and if so, it installs it and emails me to notify me.

I will never again need to anything and have out of date software on this computer.

Posted in: Information Technology , Tagged: , ,

Apple Canadian Settings through MCX

December 1, 2014 5:07 pm , Leave a Comment ,

Background

I was tired of looking at my end-user’s screens and calling up “Managed Software Center” rather than “Managed Software Centre.” I figured I would enforce both the system-wide language setting, as well as enforce keyboard layouts to include both Canadian English and Hebrew.

Those are kept in two files.

com.apple.HIToolbox.plist holds the Keyboard settings
.GlobalPreferences.plist holds the language settings

The leading . means that it’s an invisible file, but you can use the terminal to copy it to another location:

cp ~/Library/Preferences/.GlobalPreferences.plist /PATH/TO/GlobalPreferences.plist

If you notice that in the second path, I removed the leading . to make it visible.

.Plist setup

The keyboard settings file just need to be setup on a test machine, and then copied, and it will work as is.

When I set it up with the Canadian English keyboard and Hebrew keyboard, it looks like this…

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>AppleCurrentKeyboardLayoutInputSourceID</key>
<string>com.apple.keylayout.Canadian</string>
<key>AppleDateResID</key>
<dict>
<key>smRoman</key>
<integer>0</integer>
</dict>
<key>AppleEnabledInputSources</key>
<array>
<dict>
<key>InputSourceKind</key>
<string>Keyboard Layout</string>
<key>KeyboardLayout ID</key>
<integer>29</integer>
<key>KeyboardLayout Name</key>
<string>Canadian</string>
</dict>
<dict>
<key>InputSourceKind</key>
<string>Keyboard Layout</string>
<key>KeyboardLayout ID</key>
<integer>-18432</integer>
<key>KeyboardLayout Name</key>
<string>Hebrew</string>
</dict>
</array>
<key>AppleInputSourceHistory</key>
<array>
<dict>
<key>InputSourceKind</key>
<string>Keyboard Layout</string>
<key>KeyboardLayout ID</key>
<integer>29</integer>
<key>KeyboardLayout Name</key>
<string>Canadian</string>
</dict>
</array>
<key>AppleNumberResID</key>
<dict>
<key>smRoman</key>
<integer>0</integer>
</dict>
<key>AppleSelectedInputSources</key>
<array>
<dict>
<key>InputSourceKind</key>
<string>Keyboard Layout</string>
<key>KeyboardLayout ID</key>
<integer>29</integer>
<key>KeyboardLayout Name</key>
<string>Canadian</string>
</dict>
</array>
<key>AppleTimeResID</key>
<dict>
<key>smRoman</key>
<integer>0</integer>
</dict>
</dict>
</plist>

The GlobalPreferences.plist had a lot of superfluous settings in it that could be eliminated. So I slimmed it down to as follows. As you can see, AppleLanguages is an array with many entries and it starts with “en-CA”, or Canadian English, then American English, Hebrew, and then French. The rest is superfluous.

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>AppleLanguages</key>
<array>
<string>en-CA</string>
<string>en</string>
<string>he</string>
<string>fr</string>
<string>de</string>
<string>zh-Hans</string>
<string>zh-Hant</string>
<string>ja</string>
<string>es</string>
<string>it</string>
<string>nl</string>
<string>ko</string>
<string>pt</string>
<string>pt-PT</string>
<string>da</string>
<string>fi</string>
<string>nb</string>
<string>sv</string>
<string>ru</string>
<string>pl</string>
<string>tr</string>
<string>ar</string>
<string>th</string>
<string>cs</string>
<string>hu</string>
<string>ca</string>
<string>hr</string>
<string>el</string>
<string>ro</string>
<string>sk</string>
<string>uk</string>
<string>id</string>
<string>ms</string>
<string>vi</string>
</array>
</dict>
</plist>

You’ll then need to rename the file to include the leading . using the cp tool in the terminal.

Convert to PKG and Deployment

For deployment, I use a wonderful open source program called Munki. You can use anything that will deploy profiles. Munki doesn’t, but it deploys pkg files.

To make this MCX file I need two programs developed by Tim Sutton, mcxToProfile and make-profile-pkg.

I’ve got those two setup on my Munki server

./PATH/TO/mcxToProfile.py –plist /PATH/TO/com.apple.HIToolbox.plist –plist/PATH/TO/.GlobalPreferences.plist -i Canada\ Settings -g Organization -o /PATH/TOCanadaSettings.mobileconfig –displayname ‘Canadian Settings’ -m Once

What this is doing is calling to the python script mcxToProfile, telling it to pick up the two plists com.HIToolbox.plist and .GlobalPrefernces.plist, telling it to identify as “Canada Settings” with the organization name “Organization.” Then it uses -o to know where to spit the mobileconfig file to, including a display name and how to be managed. I want my end users to be able to customize it after first use, so we use the Once flag.

This output my .mobileconfig file. So I could quickly double-click on it and it works! However, that’s not going to help me deploy it to 200+ computers. So I need to get it into Munki, first it needs to be a PKG.

./PATH/TO/make_profile_pkg.py -m /PATH/TO/CanadaSettings.mobileconfig

This python script is pretty straightforward. You call it, tell it that you want it to dump into your Munki repo (-m) and then tell it the path to your mobileconfig file. A few seconds later, it’s in your repo and a duplicate PKG is in the directory that your mobileconfig is sitting at.

Now all you need to do is throw it into the appropriate testing manifest, make sure it works, and then slowly roll it out to your fleet.

Posted in: Information Technology , Tagged: , ,