Doctor Who Serial 062 – The Sea Devils

What better use of being sick in bed than watching Doctor Who?



The episode begins with a sinking ship and The Doctor visiting The Master in prison. OH. MY. GOD. The Master is actually running the prison he’s a prisoner in! Dum dum dum! Something is peculiar about that sinking ship, so The Doctor investigates, this leads him and Jo to a Naval base, from where they visit a “sea fort.” Their motorboat is exploded… by SOMETHING!

Seven months later, I’m no longer sick in bed, and I find myself watching Doctor Who again.  Episode 3 began with a sword fight between The Doctor and The Master. It might have been one of the greatest episodes ever. The vast majority of episode takes place when The Master insists the warden of the prison takes The Doctor into custody. It’s up to Jo to free The Doctor, and she does, by pretending to be an ottoman while The Doctor pushes a guard over her. Jo then delivers a karate chop that Jon Pertwee must have been proud of as the guard falls down.


Episode 3 ends when The Doctor and Jo are making their escape. The Master summons a Sea Devil, and our heroes are faced with prison guards on one side, a sea devil on another, a cliff with The Master behind them, and a mine field to their right. Roll credits.

The Doctor eventually goes down to the sea floor in a capsule and meets the Sea Devils. He proposes brokering peace negotiations between the Humans and the Sea Devils, while The Master is just a shit-disturber and trying to TAKE OVER THE WORLD!

Eventually is leads to shots of people in ridiculous costumes proceeding to war. The visuals are amazingly hilarious.

Then The Doctor encounters the invasion force, and YES! Pertwee’s karate chop is the highlight of his era in Doctor Who.

It’s strange that the main story of this episode seems to resolve itself with a firefight. Not the most Doctor Who of resolutions.

Then The Master escapes with a karate chop. Which leads to a watercraft chase

Overall, a worthwhile episode.

NetGear ReadyNAS Time Machine Backup

It seems you cannot mount your Time Machine backup on a ReadyNAS device using normal credentials. Time Machine is segmented off with a special user. Which means I needed to restore my computer using Migration Assistant. It took FOREVER over wifi. However, I seem to be missing my Aperture Libraries. What’s the solution? Assuming it was backed up, I need to find the sparsebundle. It took a lot of searching, but I found it, and will share my brilliance with you in case you ever need to find it, too.


To access: SSH in as root. Then copy the files to a SMB or AFP accessible directory.

cd /data/.timemachine
cp -R * /home/<yourusername>

New Job, New Server


If you weren’t aware, when the month changed from June to July, I also changed jobs. I graduated from elementary school to high school. Today was the first day at my new job where I really had time to myself to do what I please. It was time to play with servers.

The school already had a Hyper-V setup, so I installed a copy of Ubuntu and hit the ground running. Once I had the IP setup and SSH enabled, I was ready to go. First thing to install was Docker.

$ wget -qO- | sh

With that simple command I had Docker running on the server.

For those unaware, Docker is a container system for servers. It allows you to compartmentalize services on a server without the overhead of extra operating systems, like virtualization does. In other words, when you virtualize, you could have 10 virtual servers on one physical machine, all running full copies of Windows. That’s 10 copies of Windows. That’s a lot of overhead. Docker let’s you run on one single OS, sharing resources, but compartmentalizing services.

Once I had my server setup, I had to create a Munki repository. Munki is a program that allows you to easily distribute applications.

I started by creating a data storage container to hold my Munki files. I used this to guide me,

$ docker run --name munki-data -v /mnt/docker_data/munki_repo:/munki_repo busybox

Boom, I had a place to store my files, but I needed to get at the files. So I set up an SMB share. This time it takes three lines of code. I’m not inventing anything here, taking generously from here

$ docker run -d -p 445:445 --volumes-from munki-data --name smb nmcspadden/smb-munki /munki_repo

$ docker exec smb chown -R nobody:nogroup /munki_repo/

$ docker exec smb chmod -R ugo+rwx /munki_repo/

Now I can access my Munki repo through the Finder on my Mac. Now to populate the repo. To do that, I opened up AutoPKGr, pointed it to the new Munki server, and starting running some .munki recipes. There were some new programs I hadn’t used before that I needed to include. Among them were GameSalad and Sonic Pi. There weren’t AutoPKG recipes for them, so I dove in, and now they’re available to the whole community. There’s still a couple titles I need to create recipes for, but I’ll get to that tomorrow.

Next was activating the web server. Munki is just files on a web server. Using Docker to create an Nginx instance shouldn’t be hard, and it’s already been done for Munki. So all I had to was type in:

$ docker run --name munki --rm -p 80:80 --volumes-from munki-data macadmins/munki

Easy peasy, right?


$ sudo defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "http://FQDN/munki_repo"

I, of course, replaced FQDN with the fully qualified domain name. It wasn’t working. Running managedsoftwareupdate on the computer was returning a 404 error. It wasn’t hitting the server properly. What did I do wrong?

After a bit of help from the author of the docker file, I discovered that it’s pointed to http://FQDN/repo, not /munki_repo. D’OH! I could have gone here and seen on the original file that repo is pointing to munki_repo.

But it’s up and running. I could now use Munki to have to client upgraded to OS X 10.10.4, so I can test Yosemite (or Yo, Semite!) in this environment. And that worked like a charm.

That was all I was supposed to do that day, but it was still early. Why not tackle one more job? Let’s set up MunkiReport-PHP!

MR-PHP is a program which lets the client computers report in and give the admin useful data about the state of the fleet. Fantastic! It’s also been Dockerized, so it should be easy. I found it on DockerHub, and I was ready to go…

As you can see from above, my Munki repo is sitting at /mnt/docker_data/munki_repo, so it made sense to put the config file for MR-PHP at /mnt/docker_data/munkireport.

$ sudo mkdir /mnt/docker_data/munkireport

$ cd /mnt/docker_data/munkireport

I needed the config file there.

$ sudo curl -O

$ sudo cp config_default.php config.php

That downloaded the file and copied it, so I had a factory default if needed. I then ran the docker container.

$ docker run -d -v /data/munkireport -v /mnt/docker_data/munkireport/config.php:/app/config.php -p 80:80 macadmins/munkireport-php

Except the ports of 80:80 won’t work! EEK! 80 is in use by Munki. So I ran…

$ docker run -d -v /data/munkireport -v /mnt/docker_data/munkireport/config.php:/app/config.php -p 5000:80 macadmins/munkireport-php

So now I could go to http://FQDN:5000 and generate a password, which I would then throw into the config.php file, along with any other changes I might need to make. Hoorah!

And that’s it, easy peasy lemon squeezy.

Tomorrow I test Yo, Semite!

Yosemite Sam 10.10.3

OS X 10.10 Yosemite

In September, Apple released OS X 10.10 (Yosemite). September is not a good time to release a new OS from the point of view of a K-8 IT Manager. We need a few months before the school year starts to do testing, and that was not able to happen.

In previous years I had waited until the following summer to upgrade. This year with the implementation of Munki at the school, I wanted to roll out 10.10 to staff and students as an optional install after 10.10.3 or 10.10.4 was released. During the Passover break, Apple released 10.10.3, and that release led to a major realization.

Apple had patched a security vulnerability in 10.10, which is also present in 10.9, 10.8, and 10.7. This vulnerability gives a user access to root privileges, allowing one to install software. I can’t think of a better reason to roll out Yosemite.

Upon return from break, I used createOSXInstallPkg to create an OS X installation package. In other words, it makes an installer that one can distribute through normal distribution means; including Munki.

I ran my first test and I was getting an error saying the drive must be an HFS+ drive to install Yosemite. Turns out all it really means is that I have to enable journaling. It’s a simple terminal command to allow one to do that.

/usr/sbin/diskutil enableJournal /

That was easy. Now to do this for the entire school fleet. That’s also easy. I created a nopkg installer through Munki and was left with this file (hosted on GitHub). Once that was in Munki, I watched it go out without a hitch.1

Now that I could install 10.10.3, I did, but umm, why is it taking me through the setup assistant?

I booted into Deploy Studio and told it to skip the setup assistant. On reboot, the computer looked normal, but there was no local admin user (LBDS). Uh oh.

With an email to MacEnterprise email group, I was reminded of a discussion from months ago that Apple now owns users with a userID below 500, back then I wasn’t worried, our local admin user was 501. Turns out I was wrong. Our userID was 499.

To be able to roll Yosemite out to all users, I’d have to change the admin user. Do I make a new one and roll out that package through Munki using CreateUserPkg? Allowing Yosemite to erase the old local admin user? That could work, but what if it doesn’t erase the old user? I could delete the user using dscl, or I could just use dscl to change the userID. What about all the permissions? A quick Google search led me to here.

That would be easy to implement with a nopkg installation through Munki. And I did.

Now just to make those two a prerequisite for 10.10 installation and we’re Yosemite-bound.

  1. We had a weird problem where the actual script wasn’t running, so we put it in the install check, it worked fine that way. []

Doctor Who Serial 061 – The Curse Of Peladon

Synopsis: The planet of Peladon wants to join the Galactic Federation. While awaiting Earth’s arrival, a man is attacked, and the curse of Peladon is believed to be responsible, at which point The Doctor and Jo arrive.

What I learned from this episode: If time travelling, don’t wear heels.

David Troughton as King Peladon

OMG! King Peladon is played by David Troughton… yes, the son of former Doctor Patrick Troughton.

Alpha Centaurian

So the delegate from Alpha Centauri is a giant jelly bean, and the delegate from Arcturus is a creepy spider head thingy.


The Doctor and Jo climb up to the Imperial Palace and skulk around, only to find an Ice Warrior! However, it turns out that the Ice Warrior is the delegate from Mars, and is there at the behest of His Majesty the King.

The Ice Warriors are now a peaceful species living in harmony with Earth, Alpha Centauri, and that other planet.

The Curse is that a great beast that is now extinct and the symbol of Peladon will return, and when it does, a STRANGER WILL BE AMONG THEM!

Peladon is a backwater and thought of as primitive by the delegates. They’re not even sure why they’re there to discuss admission of Peladon into the Federation. And if the delegates don’t know why they’re there, nor do the audience.

It’s obvious from the get-go that the baddy is not actually any mystical beast or actual beast, but the King’s right-hand-man. He’s a dick who doesn’t want admission into the Federation, so he’s trying to sabotage it. He admits this to The Doctor, when there was no reason to tell. I think he’s just bad at bad-guying. Why he doesn’t want to be part of the Federation is anyone’s guess.

Episode four splits from the rest of the story to tell a political tale. The danger and murder is done as the King’s advisor has gone to split the Federation, while The Doctor tries to convince the King to replace him and promises the backing of the Federation in case of Peladonian civil war.

This story is kind of painful and drags throughout most of the final episode.

Back to the Future Is The Future

Natalia’s shop Future Is The Future seems to be going well. Since my last photoshoot, we’ve done two others.

IMG_6017 IMG_6002 IMG_6029 IMG_6063 IMG_6078 IMG_6080 IMG_6100 IMG_6140 IMG_6388 IMG_6325 IMG_6321 IMG_6320 IMG_6188 IMG_6152

IMG_6586 IMG_6602 IMG_6604 IMG_6617 IMG_6682 IMG_6771 IMG_6802 IMG_6843 IMG_6851 IMG_6889


I’ve been using Munki at work for some time. Munki is a system for central management of package installation for OS X computers. It allows end-users to be forced installs from IT, and allows a catalogue of IT-approved installs that end-users can install themselves. It’s really handy.

However, to manually add packages all the time, with constant updates from Google, Mozilla, Adobe, Apple, Evernote, and more and more, all my time would be spent searching for updates. Instead I use a command-line tool called AutoPKG which looks for updates from any program you specify (assuming a recipe has been created), and AutoPKG will download it and install it into your Munki repository.

With the quick command “autopkg run -v Firefox.munki Thunderbird.munki MakeCatalogs.munki”, autopkg will run the Firefox and Thunderbird recipes for Munki and then tell Munki to remake its catalogues.

AutoPKGr is a graphical interface for AutoPKG to make management easier. Instead of having to touch the terminal, I just click off the recipes I want to run and schedule it to run every _ hours. I then give it details to be able to send emails, and I get email notifications of updates.

Screen Shot 2015-02-04 at 11.36.20

I even made a recipe to auto update a package that was missing in the repository. Apparently not enough people use Kobos outside of Canada, and as such, no Kobo recipe was created. I made one!

Recipes have many different functions. For work I mostly just use the .munki one, as it downloads, packages, and imports into Munki. There’s also a recipe format to import into one’s JAMF CasperSuite. We don’t use Casper, as it’s super-expensive, but a fantastic suite. At the core of each recipe is a .download recipe, which just downloads the file. There’s a .pkg recipe which calls the download recipe then packages it. .munki and .jss recipes would just follow the same theme, grabbing from the previous information.

A short while ago, AutoPKG added an .install type. This is what I’m really writing about.

At home I have a computer which I use for classic gaming emulation, and occasional video streaming. If I’m watching CBC’s election coverage on my TV, sadly I can’t get that without a computer. I had an old Mac Mini, so I plugged it into the TV video HDMI, put some classic games on it, and use it to stream video when needed.

During the last provincial election, I found that my Flash was out of date, as my Safari, and Chrome, and Firefox. I needed to update all this software.

Why don’t I automate it?

I installed AutoPKGr. Opened it up, told it run every 24 hours, put in email details so it could report to me. Added the .install recipes for Adobe Flash Player, Firefox, Chrome, Silverlight, and VLC.

Now, once a day, my computer looks to see if any new software is available, and if so, it installs it and emails me to notify me.

I will never again need to anything and have out of date software on this computer.

Apple Canadian Settings through MCX


I was tired of looking at my end-user’s screens and calling up “Managed Software Center” rather than “Managed Software Centre.” I figured I would enforce both the system-wide language setting, as well as enforce keyboard layouts to include both Canadian English and Hebrew.

Those are kept in two files. holds the Keyboard settings
.GlobalPreferences.plist holds the language settings

The leading . means that it’s an invisible file, but you can use the terminal to copy it to another location:

cp ~/Library/Preferences/.GlobalPreferences.plist /PATH/TO/GlobalPreferences.plist

If you notice that in the second path, I removed the leading . to make it visible.

.Plist setup

The keyboard settings file just need to be setup on a test machine, and then copied, and it will work as is.

When I set it up with the Canadian English keyboard and Hebrew keyboard, it looks like this…

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “”>
<plist version=”1.0″>
<string>Keyboard Layout</string>
<key>KeyboardLayout ID</key>
<key>KeyboardLayout Name</key>
<string>Keyboard Layout</string>
<key>KeyboardLayout ID</key>
<key>KeyboardLayout Name</key>
<string>Keyboard Layout</string>
<key>KeyboardLayout ID</key>
<key>KeyboardLayout Name</key>
<string>Keyboard Layout</string>
<key>KeyboardLayout ID</key>
<key>KeyboardLayout Name</key>

The GlobalPreferences.plist had a lot of superfluous settings in it that could be eliminated. So I slimmed it down to as follows. As you can see, AppleLanguages is an array with many entries and it starts with “en-CA”, or Canadian English, then American English, Hebrew, and then French. The rest is superfluous.

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “”>
<plist version=”1.0″>

You’ll then need to rename the file to include the leading . using the cp tool in the terminal.

Convert to PKG and Deployment

For deployment, I use a wonderful open source program called Munki. You can use anything that will deploy profiles. Munki doesn’t, but it deploys pkg files.

To make this MCX file I need two programs developed by Tim Sutton, mcxToProfile and make-profile-pkg.

I’ve got those two setup on my Munki server

./PATH/TO/ –plist /PATH/TO/ –plist/PATH/TO/.GlobalPreferences.plist -i Canada\ Settings -g Organization -o /PATH/TOCanadaSettings.mobileconfig –displayname ‘Canadian Settings’ -m Once

What this is doing is calling to the python script mcxToProfile, telling it to pick up the two plists com.HIToolbox.plist and .GlobalPrefernces.plist, telling it to identify as “Canada Settings” with the organization name “Organization.” Then it uses -o to know where to spit the mobileconfig file to, including a display name and how to be managed. I want my end users to be able to customize it after first use, so we use the Once flag.

This output my .mobileconfig file. So I could quickly double-click on it and it works! However, that’s not going to help me deploy it to 200+ computers. So I need to get it into Munki, first it needs to be a PKG.

./PATH/TO/ -m /PATH/TO/CanadaSettings.mobileconfig

This python script is pretty straightforward. You call it, tell it that you want it to dump into your Munki repo (-m) and then tell it the path to your mobileconfig file. A few seconds later, it’s in your repo and a duplicate PKG is in the directory that your mobileconfig is sitting at.

Now all you need to do is throw it into the appropriate testing manifest, make sure it works, and then slowly roll it out to your fleet.

Future Is The Future

Once upon a time, I did a mini photoshoot with my buddy Natalia.


Now she is starting a clothing store and wanted pictures in a similar style. I CAN DO THAT! And I did… here, look at pictures.

Visit Future Is The Future.

IMG_5213 IMG_5244 IMG_5329 IMG_5397 IMG_5409 IMG_5481 IMG_5497 IMG_5638 IMG_5649 IMG_5707 IMG_5825 IMG_5849 IMG_5870


Apple Years


Between 1968 and 1975, George Harrison released six albums on the Beatles’ record label, Apple. The first record Harrison released was called Wonderwall Music, it was the soundtrack to a film directed by Joe Massot called Wonderwall. Maybe I should watch this film then.

Wonderwall tells the story of obsession. A scientist is obsessed with his work. His life revolves around it and he doesn’t notice anything around him. Not his coworkers, not his apartment. He lives amongst the stacks of papers that line the walls of his apartment.

Suddenly, in a rage, Professor Collins knocks a frame off his wall, exposing a hole. Through this hole he spies in neighbour. His boring life is exposed, and Professor Collins gets a glimpse into the swinging sixties.

Collins begins obsessing over Penny Lane, the woman next door, and the life lived by her and her boyfriend. Collins wishes he could be there living that life. Instead he’s stuck inside his own life. Living alone.

Wonderwall is more of a sketch than a film. There’s an unfinished quality to the story. There’s very little dialogue, Lane never speaks1, and we drift off into these fantasies of Collins’ mind. The fantasies are more reflective of the hippy genre than it is of the character’s senses. While he wishes to be a part of swinging London, he’s not on acid, leaving the audience wondering where these drug-fueled visions are coming from.

While Jane Birkin gets top billing as Penny Lane, she never speaks. Her role is to look beautiful and for Collins to leer. The brief moments of semblance of a characters are glossed over. We learn a brief moment of her life, slightly more than Collins knows. There’s an interesting question there: should the audience see more than Collins sees or should the audience see everything? I’d opt for everything make her a full character, but Massot goes for neither. The director instead shows us a quick glimpse into a possible world of Lane’s; never making her a full character, but making her more than Collins’ obsession. It’s a strange middle ground to be in, a horrible middle ground.

WonderwallConsent is barely touched upon within the film. We see that Collins understands what he is doing is wrong, but continues to invade Lane’s privacy. Collins has a vision of his dead mother shaming him for his inappropriate actions, but never touches upon this again.

Making matters worse, Massot has Collins become the hero of the film. He saves Lane’s life seemingly justifying his actions.

This is where we truly see how poor of a filmmaker Massot is. None of the characters evolve or change, and the actions they take, the bad, horrible actions they take, never go unpunished, instead get rewarded. These actions are not rewarded for social commentary, but seemingly are rewarded due to lazy writing. Collins becomes a hero for breaking into Lane’s apartment, he ends up calling the police and cheating the woman out of the death she desires.

Collins doesn’t break into Lane’s apartment to save her. Instead he breaks in to be a creepy stalker. He just happens to come across her dying.

I don’t think the film will ruin my appreciation for the album Wonderwall Music. Well it’s not a well known album, it’s a great one. It’s nothing like any of George Harrison’s other works and shines because of it. Harrison experiments with Indian ragas and musical tropes he never had the ability to experiment with in The Beatles or as a pop musician.

Harrison’s work fitted the film quite wonderfully. While much of the film didn’t have any form of dialogue, Harrison’s soundtrack created a soundscape that helps transport the viewer away from the mundane as Collins’ wonderwall does for his boring life.

  1. I’ll get back to that shortly []