DOCTOR WHO SERIAL 066 – Carnival Of Monsters

The Doctor and his ever annoying companion, Jo, set their TARDIS down inside a peep show machine. This machine has the capabilities shrink matter, and store an entire ship, it’s crew and passengers. And that’s in only one compartment. The machine is topped with a beautiful CRT television, which allows those on the outside to watch what’s happening on the inside.

A traveling pair of entertainers or swindlers arrives on a planet with their machine in tow. They are penniless and ready to entertain the people of this planet with their machine of wonders.

Unfortunately the people on the planet don’t care. Unfortunately for the writers, nor do I.

It doesn’t seem very good con to get people to watch a CRT screen, but that’s all that these travelers have going for them… well that and their amazing outfits.

The Doctor gets out, and things happen, and everyone leaves happy. Except the audience.

Doctor Who Serial 065 – The Three Doctors

Happy 10th season! To celebrate the start of Doctor Who‘s 10th anniversary, the producers put together “The Three Doctors,” an adventure featuring Jon Pertwee, Patrick Troughton, and William Hartnell all in the role of The Doctor.

The Time Lords are facing an energy drain. They must get help from The Doctor, but The Doctor is not enough, they cannot spare any other Time Lords, so they get The Doctor to help The Doctor. In comes Patrick Troughton. William Hartnell, however, was too ill as such, his Doctor got caught in a “time eddy” and provided help via the TARDIS’ built-in CRT television.

Brigadier General Alistair Gordon Lethbridge-Stewart is an idiot. He refuses to believe anything either of the Doctors tell him. He’s known him for so long now that he should understand.

The Doctors must travel to the anti-mater universe where Omega1, the Time Lord responsible for their species’ ability to travel through time has been trapped for oh so long. Omega wants to return to the matter universe, and have The Doctor(s) stay there in his stead.

After they succeed, the second Doctor disappears and returns to his time, Dr. Tyler proclaims “now I’ve seen it all.” A man disappearing in front of him is more strange than traveling to a universe of anti-matter, meeting three extra-terrestrials, and that the British Armed Forces have a unit called UNIT that is involved in all this.

The episode ends with the third Doctor getting a dematerialization unit from the Time Lords. That means The Doctor is no longer exiled to Earth and ready to take off for some fun in the universe.

  1. Why can’t they pronounce omega right? []

DOCTOR WHO SERIAL 064 – The Time Monster

This might be the greatest episode of television history. The Doctor has a nightmare… The Master is near. Lethbridge-Stewart invites The Doctor to attend a scientific presentation. The Doctor refuses, and goes off with Jo Grant to find The Master. Well, it ends up that they all come together. It seems The Master is heading this new scientific research, which does many things. It leads to humanity’s better understanding of the space-time continuum; it brings Cronus to the modern time; it helps The Master (and The Doctor following) to travel back in time to Atlantis1.

We see such beauty, such as a dude in a pure white bird costume, flap-flap-flapping his bird wings2. We see a muscle-bound man wearing a bull’s head. We see The Doctor using his coat’s red lining to act as a matador. The Doctor is good at his matador skills, with one quick karate chop, the minotaur is down. We also see some goth-Atlantians with great eye-liner.

This is a magnificent episode of Doctor Who. It doesn’t make much sense, but it’s amazing.

Next time on Doctor Who, “The Three Doctors.” Jon Pertwee, Patrick Troughton, and of course, the original, William Hartnell.

  1. Not Stargate Atlantis []
  2. I’m flap-flap-flapping my albatross wings. []

DOCTOR WHO SERIAL 063 – The Mutants

In this episode of Doctor Who, we find humans in the year 3000 who have dominion over the planet Solos. The native Solonians are subjugated. Earth is planning to leave Solos, but Earth’s Marshall of Solos is a maniacal genocidal asshole.

The Solosians are mutating into insect-like creatures. Of course they don’t know what’s going on, and The Doctor has to tell the Solosnigans that it’s a natural occurrence.

They were trying to do something interesting… talk about colonial issues, but unfortunately they never quite hit the nail on the head. The native population is talked down to by everyone, Earthlings and Time Lords alike. The Solosians are not listened to or treated with respect. A human scientist, on their side, is the authority figure on Solosers.

Much like a lot of Doctor Who, this story’s failing is just how British the show is.

Let’s Encrypt with CPanel

A lot of web hosts have Let’s Encrypt built into the CPanel. Not mine. I was kinda annoyed. I tweeted at them to ask if they’d support it. They wouldn’t. So I decided I would make it work myself. To do this is pertty simple. I’m just going to start by copying and pasting text from a previous article.

Open up your (Go to the Go menu, choose Utilities, double-click on Terminal). This isn’t even a step, you should know this.

Step One – Install Homebrew

/usr/bin/ruby -e "$(curl -fsSL"

At this point, you will be prompted to press RETURN to continue. Press the return key.

It will then start downloading and installing Homebrew.

Install XCode Select

Turns out you need XCode Select installed, too. So I ran this code.

xcode-select --install

That popped up a dialogue box, I said Install.

This install took a few minutes, and then once it was done, I was ready to install certbot.

Install certbot

brew install certbot

That easy? Aye!

Begin the Process

sudo certbot -d -d -d -d --manual --preferred-challenges dns certonly

The program will ask you a few questions, if you’re okay with your IP being logged.

Then it will, for each included domain, ask you to set up a TXT record.

Setup DNS Records

Go to your CPanel, is usually the address. Click on the DNS Zone Editor.

Choose the domain you want and click “Manage.”

Click the down arrow beside “Add Record” and choose to add a TXT record.

In the name field put what it told you in Terminal, aka and under Record paste in the gibberish string that certbot told you.

Back to Terminal, press enter to proceed.

Repeat these steps for all domains.

Wait for it to validate your domains.

Copying certificate to desktop

Using the cp command you can copy the two files over to your desktop.

sudo cp /etc/letsencrypt/live/ ~/Desktop/privkey.pem
sudo cp /etc/letsencrypt/live/ ~/Desktop/fullchain.crt

Installing in CPanel

Go back to your front page of CPanel and look for SSL/TSL, and click on that link.

Click on “Generate, view, upload, or delete SSL certificates.”

Scroll down to find “Choose a certificate file (*.crt).”

Upload the CRT file.

Your list of certificates at the top will update and beside the new one, click on Install.

Open the privkey.pem file in a text editor, like BBEdit, and copy it’s contents.

Paste that into the key area and save.

You’re done.


In July, I will be presenting at MacAdmins at PSU. My talk will be called “OMG! APPLE IS GUTTING SERVER.APP!!!!” I will be using my blog to document all the processes taken to get all the data.

The goal of this is to find easy ways to move away from while utilizing the existing Apple hardware in your server closet and macOS. Sure you can move to a new system, but you might not have the money or time.

You can find the slide deck here. -> BIND

So before I start, I should say that this is fully documented in Apple’s macOS Server Service Migration documentation, which is almost perfect. I’m only making two small changes.

  1. First step is to test the server. After booting this VM, I set my DNS to the testserver. It loaded no problem.
  2. Turn off DNS services in
  3. Install Xcode.
  4. Here’s the first change, and important one… LAUNCH XCODE and agree to the terms and conditions, otherwise it won’t work.
  5. Go to
    1. Click on “BIND” to expand that section
    2. Click on Download beside “Current Stable”
    3. The top row will be Windows installers, the second row will have the *nix version, choose that. The link currently says bind-9.12.1-P2.tar.gz – tar.gz
    4. Apple says to grab at least one signature. I did it, I don’t know if that was necessary.
  6. Open Terminal and navigate to the directory you downloaded to, in my case it was cd ~/Downloads
  7. Uncompress the files. tar xzf bind-9.12.1-P2.tar.gz
  8. Navigate the uncompressed directory cd ./bind-9.12.1-P2
  9. Run this command ./configure --infodir="/usr/share/info" --sysconfdir="/etc" --localstatedir="/var" --enable-atomic="no" --with-openssl=no --withgssapi=yes --enable-symtable=none --with-libxml2=no
  10. Make it by typing make
  11. Test the build by running the following commands
    1. sudo ./bin/tests/system/ up
    2. make test … this seemed to go on FOREVER, so control-c‘ed out of there. I don’t know if I was supposed to.
    3. sudo ./bin/tests/system/ down
  12. Let’s install it. sudo make install
  13. Apple suggests you verify that it’s installed by pulling up the manual for the DNS service called “named.” You do that by typing man named
  14. Create the launchdaemon by typing sudo nano  /Library/LaunchDaemons/org.isc.named.plist
  15. Go here, go to page 7, copy the contents from step two of “Create a launchd .plist file for the BIND9 service”
  16. Save and exit control-x, y, enter
  17. Here’s the next place I disagree with Apple, they say, “Set file ownership to root:wheel.” However, they use chmod, and it’s chown.
    sudo chown root:wheel /Library/LaunchDaemons/org.isc.named.plist
  18. Load the job sudo launchctl load -w /Library/LaunchDaemons/org.isc.named.plist
  19. Test the job launchctl print system/org.isc.named

Wow. Apple has made this super easy. Hooray for Apple. All your existing settings will be there already. Really. It just works.


In July, I will be presenting at MacAdmins at PSU. My talk will be called “OMG! APPLE IS GUTTING SERVER.APP!!!!” I will be using my blog to document all the processes taken to get all the data.

The goal of this is to find easy ways to move away from while utilizing the existing Apple hardware in your server closet and macOS. Sure you can move to a new system, but you might not have the money or time.

You can find the slide deck here. -> Apache

  1. First step is to test the server. After booting this VM, I visited my testserver. Mine was at It loaded no problem
  2. Then I turned off Websites in
  3. At that point I duplicated /etc/apache2/httpd.conf, renamed the duplicate httpd.backup and now I have a backup in case I screw anything else up.
  4. Edit /etc/apache2/httpd.conf. Uncomment LoadModule php7_module libexec/apache2/ by removing #
  5. Restart apache with sudo apachectl restart
  6. Visit your test server and make sure you see “It works!”
  7. Create a test PHP file to see if it works
    1. sudo touch /Library/WebServer/Documents/phpinfo.php
    2. Using your favourite terminal-based text editor, or mine, edit that file. sudo nano /Library/WebServer/Documents/phpinfo.php
    3. Paste this into that document <?php
    4. Save, control-o and exit control-x in nano
  8. test by visiting your sever
  9. Transfer contents from’s location to Apache’s
    sudo rsync -av /Library/Server/Web/Data/Sites/Default/ /Library/WebServer/Documents/
  10. Set proper permissions for the documents
    sudo chgrp -R _www /Library/WebServer/Documents/
    sudo chmod -R 775 /Library/WebServer/Documents/
  11. Since I was using Munkireport as my test, I needed to edit httpd.conf to point to /Library/WebServer/Documents/public.
  12. Restart apache, sudo apachectl restart
  13. Test

Migrate existing SSL Certs from Let’s Encrypt to apache

This makes the assumption that you already have an SSL certificate. Much of this is universal, but it’s told from the point of view of using a free cert you got from Let’s Encrypt.

My starting point was this document.

  1. You need to start by editing the /etc/apache2/httpd.conf file, again. This time we’re enabling modules to support SSL
    LoadModule socache_shmcb_module libexec/apache2/
    LoadModule ssl_module libexec/apache2/
  2. Uncomment by removing # the line Include /private/etc/apache2/extra/httpd-ssl.conf
  3. I don’t know if this set actually matters, but I did it. You need to edit the Virtual Host file /etc/apache2/extra/httpd-vhosts.conf and paste into the end of chunk of text. Go up to the link and grab the text.

At this point we diverge from the above link, I had tested and it didn’t work.

  1. Find your old downloads from Let’s Encrypt, the two PEM files. Rename fullchain.pem to server.crt and key.pem to server.key. I actually renamed them to the FQDN.*, so
  2. Move them into /private/etc/apache2
  3. Edit /private/etc/apache2/extra/httpd-ssl.conf and find ## SSL Virtual Host Context
  4. Make sure DocumentRoot is correct
  5. Put in ServerName
  6. Scroll down a bit more and put in SSLCertificateFile and SSLCertificateFile
  7. Save and exit
  8. Restart Apache sudo apachectl restart


In July, I will be presenting at MacAdmins at PSU. My talk will be called “OMG! APPLE IS GUTTING SERVER.APP!!!!” I will be using my blog to document all the processes taken to get all the data.

The goal of this is to find easy ways to move away from while utilizing the existing Apple hardware in your server closet and macOS. Sure you can move to a new system, but you might not have the money or time.

You can find the slide deck here. -> MAMP

I started with a simple MunkiReport instance running in I figured this would be using enough resources to move. I also got a certificate with Let’s Encrypt and had all traffic going through SSL. While the blog post is specifically for servers running 10.12, my steps were the same in 10.13.

  1. Let’s start by downloading MAMP.
  2. Turn off’s web function
  3. Run the installer you had downloaded.
  4. From /Applications/MAMP launch MAMP
  5. Click start Servers, and check that yourdomain:8888 is working.
  6. Go to Preferences and click on Web-Server. Set the location to be the old root folder.
  7. Stop/Start the server and test.
  8. Go to Preferences and click on Ports. Click that “Set Web & MySQL ports to 80 & 3306 button.
  9. Stop/Start the server and check to make sure it’s working on port 80.

Your web server is up and running. Mostly. Next we need to get SSL setup. MAMP Pro has an easy GUI to do this, but that costs money and this is easy enough for our needs.

I used this this gist to help me through this process.

We already know that MAMP is working on port 80, so you can ignore the first bits of that file.

  1. Duplicate your /Applications/MAMP/conf/ folder, rename the copy something like conf.backup.
  2. Obviously you were using already and were using it with a Let’s Encrypt certificate using my procedure outlined on this post. So you should have on your Desktop a couple .pem files. Rename them fqdn.crt and fqdn.key and move them to /Applications/MAMP/conf/apache
  3. Open /Applications/MAMP/conf/apache/httpd.conf in BBEdit or your favourite text editor and uncomment by removing the #, Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf.
  4. Edit /Applications/MAMP/conf/apache/extra/httpd-ssl.conf and search for General setup for the virtual host. From there, you’ll want to enter the path to the web files.
  5. In the same file, you’ll see information about server.crt and server.key. Rename the server part to match the names of the files in step two.
  6. Stop/Start the service.

Find a Mac’s serial number in Recovery Partition or the macOS installer

I couldn’t find this anywhere, so I thought I’d blog about this. Thanks to the #general channel on the MacAdmins Slack for the help.

To find a serial number for a Mac when booted into the Recovery Partition or the macOS installer, to go Utilities and choose Terminal, type in ioreg -rd1 -c IOPlatformExpertDevice | awk -F'"' '/IOPlatformSerialNumber/{print $4}'

That’s it, it will output the serial number for the computer.

Importing Data to FileMaker 16 via APIs

I’m new to APIs. Have quite a bit of FileMaker experience. I’ve decided to see if I can build a system to track parent-teacher contact. This is a system that once existed for the school in an ASP system that I mocked up and outsourced. It was replaced with Edsby, an LMS system that wasn’t truly designed for this purpose. We were smashing a square peg into a round hole.

My proof of concept for this system involves seeing if I can build something that does three things I’ve never done in FileMaker before.

  1. OAuth login using Google authentication
  2. Sending nightly emails of any records that have changed for those affected
  3. Import data from Managebac’s API

The first step was surprisingly easy. Thanks to a blog post that had the entire process outlined on a simple PDF. Thoroughly detailed post from William Porter of Rucksack Texnology.

Step two is actually step three, but ending the blog post with “I haven’t done this yet” would not be very exciting.

For step three, I got off to a bad start. I did some research and didn’t realize that JSON support was added to FileMaker 16 and was looking at a third-party plug in. That plug in was super-confusing, so I stepped back. At that point I decided to upgrade from FileMaker 15 to 16, as I knew I needed that for the OAuth login.

Now that I had FileMaker 16, I decided to rewatch a video that I had watched months ago, and see if there was anything I missed there. There was, there was a whole section dedicated to JSON. Ready to conquer this task with the built-in functionality of FileMaker 16, I began.

I decided to start with the smallest table, teachers. Obviously there are fewer teachers than students, and fewer students than parents.

Using I was able to get what I needed using this command.

curl --request GET --url --header 'auth-token: <<AUTHTOKENVALUE>>'

Obviously, I removed the actual authtokenvalue, because I’m not a dum dum.

Open FileMaker, open my working database, create a field in the TeacherContacts table for the temp data dump.

I chose “Insert From URL”
Verify SSL Certificate was selected
Select Entire Contents was selected
URL was
cURL options was “–request GET –H \’auth-token: <<AUTHTOKENVALUE>>\'”

Everything matched my terminal command, the only problem was I was getting an error saying that “Authorization Failed.” Eventually I realized that my problem was using single quotes around auth-token. I replaced those with a double-quote and it worked perfectly.

cURL options is now “–request GET –H \”auth-token: <<AUTHTOKENVALUE>>\””

Once that was working, I was then able to get rid of the data other than the “teachers” table. Using Insert Calculated Results into the field $jsonTeachers, I used the calculation JSONGetElement ( $json ; "teachers" )

The data needed to be cleaned up a bit, using a new Insert Calculated Results this time it was enter into $jsonTeachersFormatted.JSONFormatElements ( $jsonTeachers )

From there, I needed to create records, and to do that, I needed to know when to stop.

This time I Inserted Calculated Results into the $jsonCount variable. The value was the number of records that was exported from Managebac. ValueCount ( JSONListKeys ( $jsonTeachersFormatted ; "" ) )

The JSON array starts count at 0, so $jsonCount is one more than I need. I began a loop and immediately Set Variable [ $jsonCount ; Value: $jsonCount -1 ]. This would trigger every time the loop began.

I then created a New Record/Request and Set Field [StaffContacts:id ; JSONGetElement ( $jsonTeachersFormatted ; "[" & $jsonCount & "]id" ) . I duplicated that for every field I wanted to import and modified id to the new field name. After all that I had an Exit Loop If [ $jsonCount = 0 ] and closed the loop.

Now I had a script that would pull all the teachers from ManageBac, create a new record for each and bring in the data to FileMaker. Now I just need to get it to update a record if it already exists, rather than creating a new record. We’re getting there.

I spent a long time trying to figure this out and it’s a lot easier than I thought. In the loop, after the decrease of the $jsonCount, I went to find mode, Enter Find Mode [ Pause: Off ] and Set Field [ StaffContacts::id ; JSONGetElement ( $jsonTeachersFormatted ; "[" & $jsonCount & "]id" ) . Needed to Set Error Capture [ On ] and ran the find Perform Find [ ] .

At this, I need to enter the data, either on a new record, or into the existing found record. So:

If [ Get (FoundCount) = 0 ]
     New Record/Request
End If

And I’m done. I win! I just have to do this with all the other tables of data, relate them all and build the actual parent contact part.