Custom Icon for Terminal-Notification

Posted in IT on November 3rd, 2013 by Matt – Comments Off on Custom Icon for Terminal-Notification

Will all my automation scripts I needed an easy way to monotor their status. One solution is to create a status script which output some test which is display on my desktop using GeekTool. Although I hace being disturbed by system notifications, I don’t mind them if they are from me telling my my webserver is down or my temperatureing logging has failed.

I found this command line tool called terminal-notification which sends notification to the systems:
/Applications/ -title "The Title" -message "The contents of the message."

Although this is a command line utility in order to be recognised by Mac OS and take the icon it needs to be bundled as an app. The icon that appears in the notification is always taken from the app, this if you want a custom icon then you have two options:

  • use the icon from another app using the -sender command
  • re compile the application with a custom icon

As I want a custom icon both require an apple icns icon file to be created. Since OS 10.8 icons contain icons of up to 1024×1024 (actually 512×512@2x for retina high DPI displays). As for the favicon and IOS bookmark icon for this site I though I would use a fleuron. Ideally I would fire up illustrator and create an nice set of icons with a subtle colour gradient. Unfortunatly as I don’t have access to Illustrator at the moment so I had to make to with powerpoint. The process was as follows:

  1. Create an empty slide in powerpoint with a white background
  2. Change the dimension to custom in page setup and set height and width to 10 cm
  3. create a text box with a single red fleuron and set the type size to fill the whole canvas with a small white border.
  4. Save as Picture, and set size to 1024×1024 in the options and save as a PNG file called icon_raw.png
  5. Open the file in Preview, and show the edit toolbar
  6. select the instant alpha tool and drag over the white region to become the alpha chanel and delete. Repeat this step for any other background regions.
  7. save as icon_1024x1024.png

In order to create the icns file the icon is needed in multple sizes, as this is a simple shape these can easily be created by adjusting the size in preview and saving as the appropriate file. Note this is not how you should create high DPI icons.

  • save icon_1024x1024.png as icon_512x512@2x.png
  • resize icon_1024x1024 to 512×512 and save as icon_512x512.png and icon_256x256@2x.png
  • resize icon_1024x1024 to 256×256 and save as icon_256x256.png and icon_128x128@2x.png
  • resize icon_1024x1024 to 128×128 and save as icon_128x128.png
  • resize icon_1024x1024 to 64×64 and save as icon_32x32@2x.png
  • resize icon_1024x1024 to 32×32 and save as icon_32x32.png and icon_16x16@2x.png
  • resize icon_1024x1024 to 16×16 and save as icon_16x16.png

Place all the png files except icon_raw.png into one folder and rename the folder icon.iconset then run
iconutil -c icns icon.iconset

If you just want to mod an icon it is worth noting that iconutil can also work in reverse and create the icon set folder and individual images from a single icns file:
iconutil -c iconset icon.icns

If you always just want to scale the original image then you can just use this online tool or the stand alone app.

Now you have your custom icns file all you need to do is edit the Xcode project:

  1. Download the source for terminal-notifier
  2. Add the icon icns file to the project
  3. Drag the icon to the App Icon under the General tab of the project replacing the current Terminal.icns App Icon
  4. Build

Move the app bundle to the Applications folder and test with the following command:

I found this command line tool called terminal-notification which sends notification to the systems:
/Applications/ -title "Custom Icon Test" -message "This icon replaced the default icon."

It might be easier to just create a small app bundle that does nothing but has an ID and a custom icon and use the -sender flag. This way you don’t need to mod terminal notifier each time there is an update.

CrashPlan on Mac OS 10.9 Mavericks with Java 7

Posted in IT on October 31st, 2013 by Matt – Comments Off on CrashPlan on Mac OS 10.9 Mavericks with Java 7

Although the current version of CrashPlan is Java 1.7 (Java 7) compatible when you first launch it on a clean install of Mavericks is still prompts you to install Java 6 from Apple. This kind of defeats the object of saying it is Java 1.7 compatible!

Although others have worked out how to use Java 7 for the pro version of CrashPlan or for systems where both Java 6 and Java 7 runtimes are installed it was not too clear for Mac OS using just the Oracle Java 7 runtime.

To make matter worse clean uninstallation of Apples Java 6 is near impossible and would probably lead to more issues than it would solve. Thus the aim was to get CrashPlan working using Oracles Java 7 on a clean install of Mavericks. The trick is to direct the backup engine to use Oracle java and not /usr/bin/java which is where Apples Java 6 is and hence prompts for installation.

  1. download and install the current Java 7 JDK from Oracle. Note this is the JDK not just the runtime enviroemnt that you would normally install
  2. download and install the current version of CrashPlan
  3. when prompted cancel the prompt to download and install Java 6 from Apple
  4. stop the CrashPlan backup engine by unloading the launched agent
    sudo launchctl unload /Library/LaunchDaemons/com.crashplan.engine.plist
  5. edit the com.crashplan.engine.plist launch agent and change the /usr/bin/javato
  6. restart the CrashPlan backup engine by loading the launched agent
    sudo launchctl load /Library/LaunchDaemons/com.crashplan.engine.plist

  7. now open the CrashPlan executable directly using terminal/Application/
  8. Once the GUI launches then proceed as normal and create a new backup or adopt an old one, finally launch the menu bar item

The only issue is that you can’t launch the Crahplan GUI from the icon or the menu bar item menu. This just stalls and you have to force quit. I just created an alias to the executable.

I think what is happening is that the double click on the app bundle executes either the JavaCheck or CrashPlanLauncher executable which only check for Java 6 and then if found then call the CrashPlan executable. If this is the case then it should be possible to redirect the bundle to another executable. As this is quite simple fix for CrashPlan I really hope a fix come soon as the hard ware has been done to add Java 7 compatibility already.


An article from Code42 now shows how to tell java to allow bundled apps and allow you to launch CrashPlan GUI from the icon by adding the following to the JDK Info.plist:



Also to stop the irritating “you need Java 6” dialogue I just unloaded and moved the responsible system launchd agent:

sudo launchctl unload /System/Library/LaunchAgents/
sudo mv /System/Library/LaunchAgents/ /System/Library/LaunchAgents/

Clean Install Mac OS 10.9 Mavericks from SD card to Fusion Drive

Posted in IT on October 31st, 2013 by Matt – Comments Off on Clean Install Mac OS 10.9 Mavericks from SD card to Fusion Drive

After having some issues after upgrading to Mavericks I have decided to clean install all my systems.

I needed to clean install Mavericks on my iMac. In fact this is the second clean install, unfortunatly after the first one I cut a few corners an partitioned my Fusion drive and lead to a very unstable systems. Also I used migration assistant to copy back my files from the old partition. Surprising this also copied all the problems and some things I didn’t want like mysql.

Bottom line: if you are having problems do a real clean install and manually copy back files and reinstall applications.

As I didn’t want to use USB and couldn’t be bothered to dig out a Firewire external disk and risk any Firewire/Thunderbolt issues I though I would try installing from an SD card. This way I could use the same media on my Retina MacBookPro when I get round to clean install that later. I followed the same logic as before but now pointed createinstallermedia to the formatted SD card.

  1. Download Mavericks Installer
  2. Erased the 16 GB SD card as Mac OS Extended (Journaled)
  3. Run creatinstallermedia from installer and point to SD card
    sudo /Applications/Install\ OS\ X\ --volume /Volumes/Untitled --applicationpath /Applications/Install\ OS\ X\ --nointeraction
  4. Restart holding down the option key
  5. Select the disk named “Install OSX Mavericks”
  6. Select Disk Utility in OS X Utilities and erase the disk you want to onto
  7. Quit Disk Utility and select Install OS X
  8. Select the disk you just erased and install as usual

On my iMac once I started up from the media I fixed my partition issue and then erased the disk. I then synced my files back from my Retina MacBookPro and re-installed all the needed apps including mysql, wordpress and all the backend for the webcam stuff.

Clean Install Mac OS 10.9 Mavericks from HDD Partition to SSD

Posted in IT on October 29th, 2013 by Matt – Comments Off on Clean Install Mac OS 10.9 Mavericks from HDD Partition to SSD

After having some issues after upgrading to Mavericks I have decided to clean install all my systems.

I needed to clean install Mavericks on my old laptop but would be too slow to use USB. Also could not be bother to connect external harddisk. The solution, create a second partion and use as setup as startup disk. Process was modified from here and here.

  1. Download Mavericks Installer
  2. Create an 8 Gb Mac OS Extended (Journaled) partition
  3. Run creatinstallermedia from installer and point to partition
    sudo /Applications/Install\ OS\ X\ --volume /Volumes/Untitled --applicationpath /Applications/Install\ OS\ X\ --nointeraction
  4. Restart holding down the option key
  5. Select the disk named “Install OSX Mavericks”
  6. Select Disk Utility in OS X Utilities and erase the disk you want to onto
  7. Quit Disk Utility and select Install OS X
  8. Select the disk you just erased and install as usual

On my old MacBookPro I partitioned my internal 500 Gb HDD and installed onto my 64 GB express-card SSD.

To tidy up I just deleted the partition named “Install OS X Mavericks” and expanded the remaining partition back to the full disk space.

I also need to clean install my Retina MacBookPro so will also work out how to do this from single SSD.

One word of warning, don’t try this with an iMac with a Fusion drive. There are lots of reported issues with partitioning Fusion drives. Will explain more when I Clean install my iMac.

PHP 5.5.5 on Mavericks +

Posted in IT on October 26th, 2013 by Matt – Comments Off on PHP 5.5.5 on Mavericks +

Mac OS 10.9 Mavericks ships with PHP 5.4.17 under /usr/bin. If you want to upgrade or add other precompiled modules then the easies solution it to install the liip release using the very simple command:

curl -s | bash -s 5.5

The script also configures Apache to use the new install by adding this file:


If you are using, however, this file is ignored so it still used the default version. In order for the controlled instance of Apache to use the new install you need to mod:


In the same way as you would mod httpd.conf:

#LoadModule php5_module libexec/apache2/
LoadModule php5_module /usr/local/php5/

Then just test with a phpinfo().

Simple curl to PHP file upload

Posted in IT on June 30th, 2013 by Matt – Comments Off on Simple curl to PHP file upload

I need to view a log file from work but don’t have SSH access to work without VPN and from work due to IP/port filter. However, HTTP does work so though I would give HTTP POST a go via PHP and CURL. Took a bit of playing around but in the end is quite simple.

Setup consist of either a HTML form or CURL command to send the file via HTTP POST and a PHP backend to accepts the HTTP POST call and provide feedback.

HTML Backend (upload.php) is:

$allowedExts = array("txt", "htm", "html", "csv", "log", "pdf");
$uploadPath = "/Users/username/Sites/logs/";
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "text/plain")
|| ($_FILES["file"]["type"] == "text/html")
|| ($_FILES["file"]["type"] == "text/x-log")
|| ($_FILES["file"]["type"] == "text/csv")
|| ($_FILES["file"]["type"] == "application/pdf"))
&& ($_FILES["file"]["size"] < 104857600) && in_array($extension, $allowedExts)) { if ($_FILES["file"]["error"] > 0)
echo $_FILES["file"]["error"];
echo "File Name: " . $_FILES["file"]["name"] . "
echo "Mime Type: " . $_FILES["file"]["type"] . "
echo "File Size: " . ($_FILES["file"]["size"] / (1024 * 1)) . " kB
echo "Temp File: " . $_FILES["file"]["tmp_name"] . "

if (file_exists($uploadPath . $_FILES["file"]["name"]))
echo "
Note: " . $uploadPath . $_FILES["file"]["name"] . " already exists and will be overwritten.

$uploadPath . $_FILES["file"]["name"]);
echo "Saved as: " . $uploadPath . $_FILES["file"]["name"];
echo "Invalid file extension mime type size";
echo "";

HTML front end:




CLI backend (upload-curl.php):

$allowedExts = array("txt", "htm", "html", "csv", "log", "pdf");
$uploadPath = "/Users/username/Sites/logs/";
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "text/plain")
|| ($_FILES["file"]["type"] == "text/html")
|| ($_FILES["file"]["type"] == "text/x-log")
|| ($_FILES["file"]["type"] == "text/csv")
|| ($_FILES["file"]["type"] == "application/pdf"))
&& ($_FILES["file"]["size"] < 104857600) && in_array($extension, $allowedExts)) { if ($_FILES["file"]["error"] > 0)
echo $_FILES["file"]["error"];
move_uploaded_file($_FILES["file"]["tmp_name"],$uploadPath . $_FILES["file"]["name"]);
if (file_exists($uploadPath . $_FILES["file"]["name"]))
echo "owerwrote: " . $uploadPath . $_FILES["file"]["name"] . "\n";
echo "uploaded: " . $uploadPath . $_FILES["file"]["name"] . "\n";
echo "Invalid file extension, mime type or size";

CLI frontend:

curl -F "file=@test.log;type=text/x-log"

Not for log files I have to override the mime type to text/x-log as by default these were application/octet-stream.

Photomatix presets & Aperture

Posted in IT on January 9th, 2013 by Matt – Comments Off on Photomatix presets & Aperture

Due to Aperture running in a sandbox in OS 10.8 the Photomatix presets of the standalone application are not easily accessible from within the Photomatix plugin. This can be solved by creating a link into the Aperture sandbox.

The standalone Photomatix Pro application stores its presets here:

~/Library/Application Support/Photomatix/Presets/

The Photomatix Aperture plugin stores its presets in the Aperture sandbox:

~/Library/Containers/ Support/Plug-Ins/Photomatix/Presets/

Replacing the presets folder in the sandbox with a symbolic link to the the presets folder of the standalone application solved the issue:

cd ~/Library/Containers/ Support/Plug-Ins/Photomatix/Presets/
rm -rf Presets
ln -s ~/Library/Application\ Support/Photomatix/Presets/ Presets

UNIX commands

Posted in IT on January 9th, 2013 by Matt – Comments Off on UNIX commands

A short list of my most used shell commands:

man cd
man ls
man man

ls a*
ls -a
ls -al
ls -hlog
ln -s

Ownership & permissions
ls -l
sudo chown
chmod 777
chmod 755

Reading & Editing files
head -n 100
tail -n 100
tail -f
wc -l

echo hello > test
echo hello >> test

File manipulation
wc -l
ls -c1 | wc -l
grep -i
sed s/old/new/g

ps -u
du -h


find . -name "string*" -print0 | xargs -0 rm -f
find . -name "string*" -print0 | xargs -0 -J % mv % newdir

jobs -l

Xcode and 10.8

Posted in IT on July 28th, 2012 by Matt – Comments Off on Xcode and 10.8

When trying to install Xcode on OS 10.8 gave me an error stating OS was too new.

Problem can be solved by clearing the preferences and caches of the using these commands:

rm ~/Library/Preferences/
rm -r ~/Library/Saved\ Application\ State/
rm -r ~/Library/Caches/
rm -r /private/var/folders/*/*/*/

Mail rules, signatures and smart mailbox sync in OS 10.8

Posted in IT on July 20th, 2012 by Matt – Comments Off on Mail rules, signatures and smart mailbox sync in OS 10.8

In my attempt to create a workaround for the lost sync features of MobileMe in iCloud I found out that syncing is now done by and OS 10.8!

On my new MacBookPro I did a clean install and entered only my iCloud login and pass during the install process. Thus when first launched Mail had only one account and proceeded to downloaded all my mail stored on iCloud. As expected other accounts, rules and smart mailboxes were not synced. A bit of digging around in:


showed some interesting file names:


When I first looked into these they were unpopulated. So the idea was to use Unison to sync these files from my old laptop, which I had upgraded to 10.8 i.e. no clean install.

But what are SyncedRules.plist and SyncedSmartMailboxes.plist for?

The plan was to add a smart mailbox on the clean install, then sync with the updated install and see what happened. Well what happened was as soon as I crated a new smart mailbox all my old smart mailboxes magically appeared! Then when I checked my oldlaptop the mailbox I had just created on my new laptop was now there too. I then tried the same thing for rules and signatures and the same thing happened! (signatures are a bit messed up though)

The only conclusion I can draw from this is that although iCloud might not sync rules and smart mailBoxes, and OS 10.8 Mountain Lion does!

The question I now have is why has this not been discussed in all those presentations and reviews? Is this an NDA issue? What is surprising is that this is most definitely a real feature to promote, especially to ole MobileMe customers that lost functionality.

Update: In 10.9 Mavericks syncing of rules and smart mail boxes is enabled in the iCloud system preference pane under Document and Data. I assume this is also what happened in 10.8 and there is even a knowledge base document from apple here.

Restoring MobileMe sync functionality with iCloud in OS 10.8

Posted in IT on July 20th, 2012 by Matt – Comments Off on Restoring MobileMe sync functionality with iCloud in OS 10.8

When MobileMe was replaced by iCloud a number of syncing options were removed. These all appear to be based on the sync agent approach. According to Apple the syncing of the following items will no longer be supported in iCloud:

  • Dashboard Widgets
  • Dock Items
  • Keychain
  • Mail Accounts
  • Mail Rules, Signatures, and Smart Mailboxes
  • Mac OS X Preferences syncing

Although I moved to iCloud quite quickly only when I did a clean install of OS 10.8 did I remember what it was like before syncing.

This post documents my attempts to find either a fully or semi-automated solution or workaround for each of these issues. My tool of choice will be Unison as I currently use this to keep files in my home directory in sync between three Macs, a windows PC and a linux box.

The main aim is to work out is old MobileMe features can be implemented by simple file transfer or if a more complex script based approach is needed. For example in cases of conflict resolution discarding one of the changes might not be good and merging might be needed, as MobileMe did with KeyChains for example.

Dashboard Widgets: not tried/don’t care
As I don’t use these I don’t care about hot wo sync these at the moment.

Actual widgets are stored here:


but I am not sure where their screen locations and instal status are kept. Need to fire up grep. Also not sure how different screen real estate is acconted for.

Dock Items not tried
Preferences and items appear to be stored in the preferneces plist file:


Maybe just syncing this would work but am not sure about the folders as these might be absolute links and not relative with home directory.

update: Looking inside the plist files there are file URLs such as file://localhost/Applications/ so these would be universal however there are also references to the names of the drives. Maybe a simple script with a global replace would work?

Keychain: possible 3rd party solution
This one is complicated, have tried Keychain2Go but is not ideal as I feel it defeats the object to have to open the client the the devices you want to sync. However, anything is better than nothing!

Mail Accounts: not tried
Relavant file could be:


Not sure how to use this at the moment.

Update: Syncing Accounts.plist file caused mail to crash, look like you need to sync the mailbox file structure too. Also old file has legacy info like mobileMe not iCloud so just bit the bullet on this one and manually added my six email accounts. Didn’t take as long as I thought!

Mail Rules, Signatures and Smart Mailboxes: Done
This appears to be possible in the OS, so although iCloud might not sync rules, signatures and smart mailBoxes, and OS 10.8 Mountain Lion do!

All the relevant files appear to be in:





Signatures are in the folder:


Something is a bit messed up though with signatures on one device they appear as iCloud signatures and the other under All Signatures. Purging files and creating new didn’t help.

More details can be found here.

Application Preferences not tried

Most relevant files are in:


with a few folders with other files for specific apps here too.

Unison file synchronisation in Mac OS X

Posted in Automation, IT on July 18th, 2012 by Matt – Comments Off on Unison file synchronisation in Mac OS X

Currently I use Unison over SSH to sync my documents and some specific system files.

I have been using Unison for over seven years and it’s great. Unison works a bit like rsync in that although initial sync may take a long time afterwards only differences are transfered. Conflict resolution is handled well with the user able to override suggestions by skipping or forcing a specific direction of sync i.e. local > remote or remote > local.

Another advantage of the way you configure Unison is that server information i.e root sync directories of local and remote hosts can defined in a separate file to the paths to be synced or ignored. This means that bi-directioal syncing is possible with the same configuration file. This allows Unison to sync it’s own configurations, which is very useful as an identical sync set can be initiated from either side. Similarly you can split your synchronisation into parts via different profiles so not all files are synced all the time. For example, do you really need to sync all your old university files which you don’t change them very often any more? This makes scanning quicker.

The other advantage is syncing is done over SSH, so if you setup public key authentication then only one port and no password is needed. This also opens up possibilities beyond the LAN to secure syncing over the internet via NAT.

Finally, although here I discuss a homogenous all mac LAN Unison is cross platform. Install the client, on windows or linux and happily sync all data. This is also a good way to sync data off accounts with restricted permissions as you all you need to do be able to do is initialise an ssh connection i.e. be a client not a server, and tunnel everything else.

Finally although the GUI is nice for monitoring, resolving conflicts or forcing overwrites the CLI can easily handle simple synchronisation sinarions, and has options for automated conflict resolution. This allows specific sync profiles to be initiated by scripts or by cron.

Currently my common file on A is:

root = /Users/
root = ssh://@//Users/

wheras on B it is:
root = /Users/
root = ssh://@//Users/

Syncing of more than two devices us undertaken by syncing to one central device sync. Thus if B is the central device full synchronisation is achieved by a sequential sync:

A <-> B then B <-> C then A <-> B

After this you just need to sync each time you switch computer i.e. A <-> B or B <-> C. If you edit the same file on multiple computers a conflict will arise and an overreide direction can be specificed i.e. A > B or B > A.

My current setup sync my whole iPhoto Library (120Gb) and my iTunes library (100 GB). Unless I edit/add lots of pictures then syncing only takes afew minutes. For example when I upgraded all my iPhoto thumbnails for the retina display of my new laptop this was just as few GB of syncing.

My regular profile is:

include common

# Paths to synchronise
path = Books
path = Desktop
path = Documents
path = Movies
path = Music
path = Pictures
path = Sites
path = .bin

path = .tcshrc
path = Library/Application Support/Unison
path = Library/Application Support/myTracks
path = Library/Temperature

# Paths and files to ignore
ignore = Name .DS_Store
ignore = Name *.vmwarevm

ignore = Path Desktop/*.avi
ignore = Path Desktop/*.mov
ignore = Path Desktop/*.download
ignore = Path Documents/Microsoft User Data
ignore = Path Documents/Academic
ignore = Path Pictures/Webcam/archives
ignore = Path Sites/logs
ignore = Path Sites/pfarrplatz.jpg

ignore = Path Library/Application Support/Unison/ar*
ignore = Path Library/Application Support/Unison/fp*
ignore = Path Library/Application Support/Unison/unison.db
ignore = Path Library/Application Support/Unison/common

ignore = Path Library/Temperature/current-outside.txt
ignore = Path Library/Temperature/0-min.log
ignore = Path Library/Temperature/5-tmp-day.log

logfile = Library/Logs/Unison.log

My irregular profile is:
include common

# Paths to synchronise
path = Documents/Academic
path = Documents/Work

path = Library/Application Support/Unison

# Paths and files to ignore
ignore = Name .DS_Store
ignore = Name *.vmwarevm

ignore = Path Library/Application Support/Unison/ar*
ignore = Path Library/Application Support/Unison/fp*
ignore = Path Library/Application Support/Unison/unison.db
ignore = Path Library/Application Support/Unison/common

logfile = Library/Logs/Unison.log

SSH public key authentication

Posted in IT on July 16th, 2012 by Matt – Comments Off on SSH public key authentication

SSH public key authentication is used to establish ssh connection without the need to type a password. The details have be covered very well by many many other people like this. This post is just to remind me how to do it!

This process will allow the establishment of an SSH connection from client to server without a password. Remember you push your public key identity to the server to allow the server to verify your identity.

  1. on client create ~/.ssh directory with permission 700
  2. on client create public and private key pair with passphrase
    client:~> ssh-keygen -q -f ~/.ssh/id_rsa -t rsa
  3. transfer public key from client to server
    client:~> scp ~/.ssh/
  4. on server add public key of client to authorisedkeys file
    server:~> cat ~/ >> ~/.ssh/authorized_keys2

Follow process in reverse to allow password free authenitication from server to client.

Remember to use a real passphrase, and get OS X to remember the passphrase in your keychain (dialogue will spring up when you first try and connect).

Time Machine and OS 10.8

Posted in IT on July 16th, 2012 by Matt – Comments Off on Time Machine and OS 10.8

New laptop, new OS so time to create a new size-limited time machine sparse image bundle on my NAS. Wanted to do this the easy way so this time created 1 TB image sparse disk image bundle in Disk Then one new important step for OS 10.8 need to tell the OS that may share on my NAS is a time machine destination:

sudo tmutil setdestination /Volumes/Backup

where Backup is my mounted AFP share on my NAS used for time machine backups. All credit for this very important step goes here.

Now started a time machine backup to get OS to create a standard unlimited size limited sparse image bundle on my NAS. As soon as image was created and it starts to transfer file stop the backup. Swap out the sparse image bundl just created with the size limted one from Disk Utility and then transfer the following files from within the old bundle to then new one:

Fire up time-machine again and OK the dialogue to use the new image.

Clean install OS X 10.8

Posted in IT on July 16th, 2012 by Matt – Comments Off on Clean install OS X 10.8

Although it was a bit more tricky in 10.7 clean installing OS 10.8 is easier.

  1. Download Mountain Lion
  2. Extract the emergengy Startup disk
  3. Write this image to a an empty HFS+ GUID formatted USB drive using disk image or Carbon Copy Cloner
  4. Startup computer with USB drive
  5. open disk utility
  6. erase disk
  7. install

Apparent Temperature Heat Index

Posted in IT on July 1st, 2012 by Matt – Comments Off on Apparent Temperature Heat Index

Was looking around for an index to some how combine the influence of relative humidity on temperature and came across the heat index of apparent temperature (TA). The apparent temperature is calculated from the temperature in Fahrenheit or Celsius and relative humidity in percent using the following empirical equation:

TA = c0 + c1 T + c2 H + c3 TH + c4 T2 + c5 H2 + c6 HT2 + c7 TH2 + c8 T2H2

The proportionality constants for calculation in both Celsius and Fahrenheit are:

c0 -4.238 × 10+1 -8.786
c1 +2.049 +1.611
c2 +1.014 × 10+1 +2.335
c3 -2.248 × 10-1 -0.146 × 10-2
c4 -6.838 × 10-3 -1.231 × 10-2
c5 -5.482 × 10-2 +1.643 × 10-2
c6 +1.228 × 10-3 +2.210 × 10-3
c7 +8.528 × 10-4 +7.254 × 10-4
c8 -1.995 × 10-6 -3.582 × 10-6

Proportionality constants for Celsius were calculated from those given for Fahrenheit using the standard conversion from Celsius to Fahrenheit and simplifying.

The relationship between apparent and the true temperature and humidity is best shown in a contour plot:

The current apparent temperature is now also reported along with actual temperature and humidity. When I get around to updating the temperature history logs the apparent temperature will also be logged.

Facebook Image Loading Issue

Posted in IT on June 28th, 2012 by Matt – Comments Off on Facebook Image Loading Issue

For the last few month I have been having issues with images not loading from Facebook. Turns out all Facebook images shared by users are stored on the akamai content distribution systems with the domain name Direct loading of the URL for an image in Safari also didn’t work.

Looking up the hostname in my ISP’s DNS returned an error:

> dig

;; Truncated, retrying in TCP mode.
;; Connection to for failed: connection refused.

Situation was solved by adding google’s DNS server ( to my network setting in my router.

> dig

; <<>> DiG 9.7.3-P3 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50036 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ; IN A ;; ANSWER SECTION: 291 IN CNAME 351 IN CNAME 11 IN A 11 IN A 11 IN A 11 IN A 11 IN A 11 IN A 11 IN A 11 IN A 11 IN A ;; Query time: 77 msec ;; SERVER: ;; WHEN: Thu Jun 28 22:30:38 2012 ;; MSG SIZE rcvd: 276

Much better and sorted for all my devices in my LAN.

SSL and Mac OS X 10.7 Lion Server

Posted in IT on June 21st, 2012 by Matt – Comments Off on SSL and Mac OS X 10.7 Lion Server

Although basic web server functionally is provided in Mac OS X 10.7 migrating to the full server has a number of advantages. Firstly there is no need to dig around in the apache config files to enable PHP and other things as well as the ability to setup hosting multiple websites from different directories and using different SSL certificates.

The big trick to unleashing the power of 10.7 server is to install the Server Admin Tool (Server and not just the Server tool ( when you setup the server! This took me ages to work out and is not well documented. The second thing is to RTFM or more precisely read the online manual for the Server Admin tool.

So having got the web server up and running I Installed my old self signed SSL certificate and everything was OK. However, I really wanted a real SSL certificate to give my website a more professional look. Especially if arriving at my site in IE on Windows.

Recently I found a company called StartSSL which offers free SSL certificates but more importantly is recognised as a default authorised certificating authority by the most popular web browsers. In practice what this means is that when visitors navigate to my site using HTTPS they will no longer have to manually accept my self signed certificate. Instead the the SSL certificate issued from StartSSL is automatically accepted as it is authenticated against a registered certificating authority.

To create a free certificate for the following was done:

  1. go to StartSSL
  2. create an account and ID private key (this is used to log in to site in future)
  3. validate your domain by sending email to postmaster@domain-associated-to-ssl-certificate
  4. generate a private key
  5. decrypt the private key with openSSL or the online tool provided by StartSSL
  6. generate SSL certificate
  7. generate pxkt file using private key and certificate

In order to prove ownership of the domain you need to have an email server setup to receive email on the domain for which you need the SSL certificate. Although I though this would be trivial to setup in 10.7 server it was a bit more complicated than expected.

Add the certificate to the server by doing the following:

  1. in server select servers under hardware
  2. select settings
  3. select edit under ssl certificate
  4. select manage certificates from the settings menue
  5. click the plus and select import a certificate identity
  6. drag and drop the pxtk file for, make sure all three fields are filled and select ok.

To add the ssl certificate to the web server:

  1. open server
  2. select the web server service
  3. select the web site from the list for which the ssl certificate was created
  4. select the certificate
  5. make sure port is set to 443

As the email server has a different hostname a separate SSL certificate has to be created and separately installed using the same procedure as before. In Server

  1. select sever under hardware
  2. select the mail service
  3. select the settings tab and under advanced select the = ssl certificate
  4. set SMTP to use SSL if possible i.e. allow receiving without and MAP/PP to require

Now if we check the SSL certificates associated with the hardware in we see we have a custom configuration www.ssl for webserver and mail.ssl for email server.

Now when we visit the site in Safari over https and click the lock icon in the top right to view the certificate used SSL encryption we now have a green tick saying it was externally authenticated. Similarly option to SSL encrypt email is now possible.

Email server setup in Mac OS X 10.7 Lion Server

Posted in IT on April 23rd, 2012 by Matt – Comments Off on Email server setup in Mac OS X 10.7 Lion Server

As I want to move from a self-signed to a true external authenticated SSL certificate I need to setup a email server for my domain. With Mac OS X 10.7 server installed this should be easy. However the get it working was not so obvious.

The first step is to make sure you DNS passes emails sent to domain name i.e. username@domain to a specific server. This involves setting up an MX record in the DNS. As I use DynDNS to manage my DNS entry this was easily setup in their web interface.

Then I port forwarded the IMAP and POP ports through my router to my server on my LAN.

The next step was to setup the actual mail service on my Mac OS X 10.7 server. The first major issue was to realise that there are two GUI application used to administer the server component of Mac OS X 10.7 server; and Server Why both are not installed when you purchase Mac OS X server from the apple store I don’t know. The admin app needs to be separately downloaded and installed and is key to this procedure.

In turn on the mail service and add the domain name for which it should respond, in my case hereafter replaced as to stop issues.

Now in Server select the mail service under the server. In the settings tab under general the domain name should be set. Under hostname add the internet host name of the mail server, in my case “mail”.

As I only want to use IMAP and need to be able to both send and receive email from this server I disabled POP, enabled SMTP and allowed incoming mail. Now under the advanced tap the authentication method were enabled with only KRAN-MD5 allowed for both SMTP and IMAP/POP.

By default email accounts are enabled on the server for all users using the combination of their short usernames and the domain i.e. username@domain. To add email aliases all you need todo is add username aliases to the respective user of the server. This is done in system preferences by option clicking on a user to edit the advanced options for that give user. Now just add any needed aliases for a user making sure that they are unique. I added ‘me’ and ‘postmaster’ thus enabling and

The final step was to setup the email client and test if email could be sent and received using the server both locally when on my LAN and from the internet through my router.

In or in any other email clients such as on an iPhone the account was setup using the following paramaters:

  • protocol IMAP
  • email address
  • server
  • username and password for the given user (not email alias)
  • authentication md5

After a bit of fiddling, the details of which I can no longer remember, things were working.

ReadyNAS TimeMachine Verification Issues

Posted in IT on March 16th, 2012 by Matt – Comments Off on ReadyNAS TimeMachine Verification Issues

Every so often, when my laptop runs out of battery during a backup, I receive the following: “Time Machine completed a verification of your backups. To improve reliability, Time Machine must create a new backup for you.”

Not only does it take a long time to create a new full backup but it also removes all incremental changes.

Looking around the internet I found this article and it works great to fix the image as opposed to just delete it and start again. No credit for working this out just wanted to repeat the instructions here in a way that I understand.

Mount the remote volume were the sparse bundle used for time machine is stored:


Open Terminal and login as root:

sudo su -

Change the flag of the sparsebundle:

chflags -R nouchg /Volumes/Backup/Matt's Laptop.sparsebundle

This may take a while. Then run fsck on the bundle:

hdiutil attach -nomount -noverify -noautofsck /Volumes/Backup/Matt's Laptop.sparsebundle

You will see the following:

/dev/diskx Apple_partition_scheme
/dev/diskxs1 Apple_partition_map
/dev/diskxs2 Apple_HFSX

where x is the disk ID for the backup volume.

The status of fsck can be monitored by looking at the fsck_hfs log:

tail -f /var/log/fsck_hfs.log

Running fsck on the sparse bundle will take a few hours so just let it run. The process will either end with either:

“The Volume was repaired successfully”
“The Volume could not be repaired”

If the volume could not be repared fsck can be run again using different options:

fsck_hfs -drfy /dev/diskxs2

Again this will take some time and hopefully at the end this command will now return “The Volume was repaired successfully”.

Now the disk needs to be detached:

hdiutil detach /dev/diskxs2

Finally the plist within the sparse bundle needs to be manually edited to remove the following lines:


Also the verification state need to be changed from:

VerificationState 2


VerificationState 0

The volume can now be ejected and Time Machine should proceed once again as normal.

Enable wordpress permalinks Mac OS X 10.7 Server

Posted in IT on February 15th, 2012 by Matt – Comments Off on Enable wordpress permalinks Mac OS X 10.7 Server

Now hosting server from Mac OS X 10.7 Server and from my user directory as it is easier to add files.

As with 10.6 by default permalinks in wordpress don’t work and the httpd.conf file needs to be edited as described here to allow override.

This can be done In 10.7 by editing the httpd.conf files found under:


and if hosting multiple sites from other directories under:


In these locations fine the appropriate httpd.conf file and edit to:

AllowOverride All

This can also be set using In the Web services options select you particular website and click the edit setting button. Then select the check box ‘Allow all overrides’.

Enable SFTP update WordPress Mac OS X 10.7

Posted in IT on November 23rd, 2011 by Matt – Comments Off on Enable SFTP update WordPress Mac OS X 10.7

Although worpress allow an auto update feature, by default it only allows either FTP or FTPS. Ideally I would like to use SFTP as this would only require the SSH port to be open on my web-server.

Update: Currently I use this plugin: SSH SFTP Updater Support

To enable this the following steps need to be done:
download, compile and install libssh2
cd libssh2
sudo make install

install the perl SSH2 component

sudo pecl install -f ssh2

enable the ssh2 componant by adding the following line to /etc/php.ini

using the following command:
sudo nano /etc/php.ini

restart php by either disabling and re-enabling php application in or restarting whole webserver.

After this a third radio button should appear when you have to imput the server information for SSH2, along with FTP and FTPS. Now add paths to public and private key.


Update: Don’t really see a security upgrade if you have to make your private key readable by webserver! Probably better off using FTP on an obscure port!

ReadyNAS NV+ Expansion

Posted in IT on September 3rd, 2011 by Matt – Comments Off on ReadyNAS NV+ Expansion

Although I had planned to increase the size of my NAS’s array from 1.5 TB (4×500 GB) to 6 TB (4×2 TB) I had originally intended to only do this once I had upgraded my iMac to a 2TB disk. However, fait had other plans and one of my disk died a sudden death and now has major spin-up issues.

The positive is that I got lots of SMART errors a few days before so could buy four new 2 TB disks as planned. As the new disks have 4k sectors the usual RAID-X auto expansion trick is not possible and a factory reset is necessary to access the full capacity. However, this also wipes all data on the volume. Not great, but understandable as sectors are kinda important for RAID!

Most of my NAS is used for incremental backups, I can accept deleting this data as I have an offsite backup via CrashPlan. There was, however, about 80 GB of assorted stuff that I only had stored on the NAS that, although not impossible, would be time consuming to re-collect. Although I have an old external disk that I could use to store this data I could not access the data with one disk down. This was because when a disk in the array fails the NAS shuts down automatically, and unmounts the volume to limit possible further irrecoverable data loss. So how to get my data off the array? I didn’t particularly want to but another 500 GB disk gust for this one task. With four new 2 TB disks with 4k sectors I thought I would give one of them a go, as the advanced format functionality is ment to offer transparant mimicing of a 512 byte sector disk.

Pluged it in, re initialised disk, re-synced array and voila my data was back!

From here everything was easy:

  1. download data
  2. backup config
  3. swap out remaining 500 GB disks for other 2 TB disks
  4. do factory reset
  5. initilise array
  6. reload config
  7. apply Lion Netatalk settings for Time Machine
  8. upload data

To get Time Machine working again on the NAS a few more tricks are needed. Previously the disk image on the NAS was named according to the MAC address. Thus to limit backup size per machine you just needed to crate a sparse disk image with fixed maximum size and rename it accordingly.

hdiutil create -size 1t -fs HFS+J -volname "Backup" /Volumes/Backup/-.sparsebundle

This approach allowed me to limit the size of the Time Machine backups on a per machine basis. Having expanded my NAS to 6 TB I want to use 4 TB to backup my iMac and 1 TB to backup my Laptop.

However, it would appear that in Mac OS 10.7 does things slightly differently and ignores the size-limited image and goes ahead and creates a new image anyway. The sparse bundle created by Time Machined is also just named after the machines name and the name no longer includes the MAC address. Digging inside the two sparsebundles reveals that the sparsebundle created by Time Machine has two extra files:

Simply coping these files from the Time Machine created bundle to the size-limited bundle and delete the Time Machine bundle.

Upon starting a backup Mac OS X warns that the disk has changed and asks if you want to use the new disk. Upon saying yes to this everything proceeds as normal and the size limited sparse bundle is used.

WordPress & Mac OS X 10.7 Server

Posted in IT on August 28th, 2011 by Matt – Comments Off on WordPress & Mac OS X 10.7 Server

So having upgraded and got my old WordPress install working I din’t want to go through all the effort of creating an self-signed SSL certificate as described here.

Having read about the server add on to Mac OS X 10.7 I was intregued that it offered simple configuration of SSL for both web services i.e. https and the iChat server (not so important). So I payed for the server add on and wondered if it would work.

Installation was easy but a remember to backup your httpd.conf file as the server compoant changes quite a bit in the file.

One confusing point was the IP address setting in When set to “any” checking my external URL all I got were the defaults, changing this to my static IP of my server allowed the port forwarding from my router to work as expected and everything was OK. Obvious in hind-sight but still easy to overlook.

The use of the Server component has the added advantage the it is very easy to serve web pages stored in any location. For backup reasons I have been wanting to move my site from /Library/Webserver/Documents/ to ~/Sites for a while but wan’t looking forward to having to manually change things in httpd.conf. Having moved the files and changed the directory everything worked fine except WordPress permalinks. Remembering to move the hidden .htaccess file solved this one!

Although costing some money, the fact that an SSL secured site can be setup so quickly is work it.

Mac OS X 10.7 Lion Semi-Clean Install

Posted in IT on August 7th, 2011 by Matt – Comments Off on Mac OS X 10.7 Lion Semi-Clean Install

When upgrading from Mac OS X 10.6 Snow Leopard to 10.7 Lion you are recommended to install Lion over Snow Leopard. Now, having messed around behind the scenes of my Snow Leopard install I didn’t want to build upon possibly shaky foundations. With Lion there are limited official options either clean install having erased your disk and then recover home directory from a Time Machine backup on install over you previous build.

Having followed this hint to create a USB emergency install disk I decided to take an alternative approach. The aim was to boot from ESD then delete the old install except /Users/ then install over Lion over the top of my old home diretory. To achieve this boot from the USB disk by holding down option then open the terminal from within the installer. From here do some hefty rm -rf ing of you old disk mounted under /Volumes. I deleted everything except /Volumes (as this liked back to / of the startup disk) and /Users/home. Remember to copy any important config files to you home directory at this point that you can remember, like contents of /Library/WebServer/Documents or /etc/Apache2/httpd.conf.

Having done this I proceeded to install Lion giving same personal details and importantly same username. Once installed, rebooted and logged in I was happy to see my desktop background from my old install. Everything all fine, fresh install of Mac OS X with old home directory, just like an old archive and install.

Mac OS 10.7 & Temperature Log

Posted in IT on August 7th, 2011 by Matt – Comments Off on Mac OS 10.7 & Temperature Log

Having done a clean install of Mac OS 10.7 the back end of the temperature logger for my house needed to be reinstalled. If only I had written down what I did to get it working!

Install SiLabs USB-to-UART driver from their website
Install the perl Device-SerialPort module by downloading from here, extracting then running:

perl Makefile.PL
make test
sudo make install

In order to run make Xcode, all associated tools, needs to be installed too.

Install the launch agent to keep the tempget perl script always running. The file com.local.tempget.plist is installed in ~/Library/LaunchAgents containing:

<\?xml version="1.0" encoding="UTF-8"\?\>




Mac OS X 10.7, Time Machine & ReadyNAS NV+

Posted in IT on August 6th, 2011 by Matt – Comments Off on Mac OS X 10.7, Time Machine & ReadyNAS NV+

Time machine is wonderful, and has saved my bacon numerous times. As an early adopter of Time Machine, Mac OS 10.4 and a ReadyNas NV+ the not-so-simple setup procedure was followed. All was well through Mac OS X 10.6 Snow Lepoard using this combination of a custom share and sparse images of fixed maximum size. The advantage of this was that I could back up multiple macs to the same share on my NAS and limite their avalable space, and thus backup histories, using custom sparseimages. After a while Netgear implemented full support for Time Machine within the firmware and released this simple implementation. This method, however is limited to 2TB in total size and previous disk images would need to be migrated to the new share.

Then along came Mac OS X to 10.7 Lion and it’s updated AFP file sharing protocol. Obviously this broke AFP access to the NAS and also killed Time Machine, which only runs over AFP. The guys at Netgrear have been busy and have now implemented the updated version of Netatalk, the open source AFP library into their firmware (2.1.8 for the NV+) so now Lion users can mount AFP shares and use Time Machine, if you are using the supported method that is! After a bit of digging I came acrosse this article which made everything clear and looking at my console indeed I did have the following message:

System Preferences: /Volumes/backup is not supported as a Time Machine destination because kTMLockStealingSupported fsctl not implemented.

So I have two options to get Time Machine back up and running and thus allow me to update all my computers:

  • Update to the supported method of hosting Time Machine backups on the NAS and limit myself to 2TB of backups
  • Manually configure Netatalk to bless my current share for Time Machine use.
  • I think I will go for options two, especially as I also found this and so I can resize my sparse images as needed.

    So quickly SSH into the NAS as root (having enabled root access) and look at the netatalk config file using:

    cat /etc/netatalk/AppleVolumes.default

    All thats needed is to add the magic Time Machine option to the share in question by editing the netatalk config file using the joys of vi to the following:

    "/backup" "backup" cnidscheme:dbd options:tm

    In vi this is achieved by doing the following: open file in vi, locate cursor, change to insert mode by pressing I, type the text to be inserted, end insert mode by pressing escape and finally exit with saving by typing :x.

    To enable the change the Netatalk config needs to be reloaded which can either be achieved by a reboot or by :
    /etc/init.d/netatalk force-reload

    MySQL startup item Mac OS X 10.6

    Posted in IT on June 25th, 2011 by Matt – Comments Off on MySQL startup item Mac OS X 10.6

    Althogh checked in the preferences pane of system preferences an error occurs upon start stating that an insecure startup item was detected:
    /Library/StartupItems/MySQLCOM has not been started because it does not have the proper security settings.

    The issue and solution is described here. Solution is to change ownership of MySQL startup item to root:wheel then there is no issue:
    sudo chown -R root:wheel /Library/StartupItems/MySQLCOM

    Note don’t change the check box in the preferences as this will result in removal of the startup item and all associated ownerships.

    This doesn’t appear to be a problem in 10.7.

    Enable oauth on Mac OS 10.6

    Posted in IT on June 25th, 2011 by Matt – Comments Off on Enable oauth on Mac OS 10.6

    In order to allow access to the LinkedIn API the oauth module is needed in PHP. The default configuration released with Mac OS 10.6 does not come with this. This can be seen by seeing if this module is listed in the php info.

    The easiest way I found to described here using homebrew.

    The following assumes Xcode has been installed.

    Install homebrew from withing bash:
    ruby -e "$(curl -fsSL"
    brew install pcre
    sudo pecl install oauth

    Load the extension by add the following line to the php.ini file in /etc/

    Restart apatche
    sudo /usr/sbin/apachectl restart

    Update: not needed as plugin will load an included library.

    Enable permalinks Mac OS X 10.6

    Posted in IT on March 30th, 2011 by Matt – Comments Off on Enable permalinks Mac OS X 10.6

    By default permalinks in wordpress don’t work under Mac OS X. The htp.conf file needs to be edited as described here to allow overide. This can be enabled by editing http.conf such that under:


    the following setting is set:

    AllowOverride All

    iOS support

    Posted in IT on March 20th, 2011 by Matt – Comments Off on iOS support

    Although possible to use on mobile devices, especially iOS devices, wordpress needs to be customised. As I wanted a simple solution luckily there is the WP touch plugin to automatically create some iOS goodness!

    Implement reCAPCHA on Mac OS X 10.6

    Posted in IT on March 17th, 2011 by Matt – Comments Off on Implement reCAPCHA on Mac OS X 10.6

    I want to publish my email address but don’t want to get lots of spam. Although there are many ways to do this, such as replacing simple text replacement e.g. using [at] instead of @, they all look ugly. One solution is to use the MailHide and a CAPTCHA.

    Such email address hiding can be implemented site wide in WordPress using the WP-reCAPTCHA plugin. However, in order to work the mcrypt PHP module is needed.

    To install mcrypt on Mac OS X 10.6.6 the following can be done

    WordPress & MySQL DB backup

    Posted in IT on March 17th, 2011 by Matt – Comments Off on WordPress & MySQL DB backup

    Automated script to backup word press MySQL database and main web documents directory each day and keep monthly backup. The script backup-wordpress.csh is run by cron each day at midnight:

    0 0 * * * backup-wordpress.csh

    The crontab in Mac OS X 10.6 is located at:


    Cron tabs are far more easily created and edited in Mac OS X using Cronnix.

    # backup-wordpress.csh
    # script to backu wordpress setup
    # creates a backup of all wordpress files and the wordpress mysql database

    set timestamp = `date '+%Y-%m-%d'`
    set password = 'replace-with-your-own-password'

    # copies wordpress directory to user directory for time-machine backup
    tar -czf ~/Library/WordPress/$timestamp-dir.tgz ~/Sites/wordpress/

    # dump workpress database to user directory for time-machine backup
    /usr/local/mysql/bin/mysqldump --add-drop-table -u wordpress --password=$password wordpress > ~/Library/WordPress/$timestamp-db.sql
    tar -czf ~/Library/WordPress/$timestamp-db.sql.tgz ~/Library/WordPress/$timestamp-db.sql
    rm ~/Library/WordPress/$timestamp-db.sql

    # tidy up archive leaving only first of month
    set dom = `date '+%d'`

    if ($dom != 1) then
    set xtimestamp = `date -v-29d '+%Y-%m-%d'`
    rm ~/Library/Wordpress/$xtimestamp-dir.tgz
    rm ~/Library/Wordpress/$xtimestamp-db.sql.tgz
    #echo first of month

    # to restore
    # wordpress files simply uncompress tgz archive
    # mysql database: mysql wordpress --password=$password --database=wordpress2 < dump.sql

    SSL & HTTPS on Mac OS X 10.6

    Posted in IT on March 14th, 2011 by Matt – Comments Off on SSL & HTTPS on Mac OS X 10.6

    As SSL encryption was needed for access to the LinkedIn API and Mac OS X 10.6 does not ship with SSL enabled, in order to use the LinkedIn API SSL certificates need to be created and SSL and HTTPS enabled.

    To generate and self-sign the certificates the following processes was followed:

  • Mac OS X Hints: How to create a secure (HTTPS) OS X webserver
  • An alternative description is also given here:

  • Apple: Using mod_ssl on Mac OS X
  • As Mac OS X 10.6 uses apache2 certificates were created and installed using the following:

    Create and goto working directory:
    mkdir ~/ssl; cd ~/ssl

    Create Certificate Authority:
    /System/Library/OpenSSL/misc/ -newca

    Generate an encrypted, private key:
    openssl genrsa -des3 -out webserver.key 1024

    Generate a non-password protected copy of the encrypted private key:
    openssl rsa -in webserver.key -out webserver.nopass.key

    Generate a certificate request for your webserver based on the private key:
    openssl req -config /System/Library/OpenSSL/openssl.cnf -new -key webserver.key -out newreq.pem -days 3650

    Sign the certificate request newreq.pem with the Certificate Authority created in step one
    System/Library/OpenSSL/misc/ -signreq

    Tidy things up by creating a sub directory:
    cd ~/ssl
    mv webserver.key webserver.nopass.key newreq.pem newcert.pem
    mv demoCA/ CA/
    mv CA/

    Copy working directory to webserver:
    sudo cp -R ~/ssl /etc/apache2/

    Make a backup of original ssl.conf file and edit:
    sudo cp /etc/apache2/extra/httpd-ssl.conf /etc/apache2/extra/httpd-ssl.conf.original
    sudo nano /etc/apache2/extra/httpd-ssl.conf

    Change the following lines to match the previously created certificates under :
    SSLCertificateFile "/private/etc/apache2/ssl/"
    SSLCertificateKeyFile "/private/etc/apache2/ssl/"

    Comment out the following lines as client-certification is not needed.

    SSLCACertificatePath "/private/etc/apache2/ssl/"
    SSLCARevocationPath "/private/etc/apache2/ssl/"

    Make a backup of httpd.conf file and edit:
    sudo cp /etc/apache2/httpd.conf /etc/apache2/httpd.conf.backup-php
    sudo nano /etc/apache2/httpd.conf

    Uncomment the following line:
    # Include /private/etc/apache2/extra/httpd-ssl.conf

    Restart the webserver either from system preferences or using:
    sudo apachectl restart

    Apparently apache was updated to 2.2.15 in Mac OS 10.6.5 and broke the apachectl script resulting in the following error:
    /usr/sbin/apachectl: line 82: ulimit: open files: cannot modify limit: Invalid argument
    Error can be avoided by changing the following line of usr/sbin/apachectl from:
    ULIMIT_MAX_FILES="ulimit -S -n `ulimit -H -n`"

    Auto-updating CV via LinkedIn API

    Posted in IT on March 14th, 2011 by Matt – Comments Off on Auto-updating CV via LinkedIn API

    So I wanted to publish my CV on my home page but don’t want to have to update the original LaTeX document, my LinkedIn resume and my homepage. As I already have CV on my public linkedIn profile a solution was found through the wonders or WordPress plugins.

    There are a few plugins to post your LinkedIn resume on your WordPress site:

  • LinkedIn Resume
  • LinkedIn hResume
  • LinkedIn SC
  • Both LinkedIn resume and LinkedIn hResume are very simple to setup by just adding the URL to your public LinkedIn profile. In contrast, LinkedIn SC is more complicated but allows access to individual items of your LinkedIn profile, this allows for a high degree of customisation and the application of your WordPress sites theme to your CV. LinkedIn SC also allows access to some restricted items through the use of the LinkedIn API.

    At present both LinkedIn Resume and LinkedIn hResume are broken, with LinkedIn Resume only returning a header. Due to this, and because I want to customise what is shown the LinkedIn SC plugin was used.

    Without any further action, at this point you can already access quite a bit of information from LinkedIn, however some specific information is restricted. To take full advantage of LinkedIn SC and have full access to the restricted items a unique user API key and secret are needed. To get these you need to register as a LinkedIn developer and setup an application. Once you have these you can access our information through the LinkedIn API with LinkedIn SC by setting your API key and secret.

    More information about setting up LinkedIn SC can be found here.

    If only life was that simple. One of the prerequisites of the LinkedAPI is SSL encryption and thus SSL needs to be enabled for the WordPress backend. This is quite easy to do by simply following the WordPress instructions and adding the following line to wp-config.php.
    define('FORCE_SSL_ADMIN', true);
    Now if your blog is hosted by a professional service then SSL and HTTPS access is probably already possible or at least someone will know how to help you.

    If you are hosting your own web server things are not so simple, for example in Mac OS X 10.6 SSL is not enabled by default. As certificates are involved enabling SSL and https is more than a simple modification of /etc/apache2/httpd.conf. See this post for further information.

    If using Mac OS X 10.7 the easiest way to setup up SSL is to use Mac OS X 10.7 server as this makes setting up a self-signed certificate very easy.

    WordPress Weblog as CMS

    Posted in IT on March 13th, 2011 by Matt – Comments Off on WordPress Weblog as CMS

    I needed an easy to maintain homepage with a clean uniform look-and-feel which allowed future style changes. To do this the WordPress blogging environment, with various plugins was used as a content management system (CMS). For such a small site this allows easy site-wide stylesheet and template customisation, remote posting and a mixture of database driven and apparently static pages.

    The following software is currently used:

  • WordPress: PHP based blogging/CMS software
  • MySQL: backend database
  • simpleX: WordPress Theme (slightly customised)
  • AddThis Social Bookmarking Widget: automatic links for social bookmarking
  • All-in-one Favicon: favicon upload and management
  • Exec-PHP: inline PHP processing (Log)
  • Adapa’s Last.FM plugin: automatic integration of Last.FM playlists and charts (Music)
  • Temperature & Humidity Log

    Posted in IT on March 13th, 2011 by Matt – Comments Off on Temperature & Humidity Log

    The aim of this project started out with then need to know current temperature and humidity in my house and expanded into a little bit more. It started out as just one perl script to locally log the temperature and humidity but soon expanded to a log aggregator and a dynamic webpage that can be accessed from anywhere. Finally it was integrated as a page on a WordPress blog being used as a CMS for my homepage.


    The setup is based on five wireless temperature and humidity sensors, four S-300-TH units which are used indoors in the kitchen, living room, bedroom and bathroom and one special weather proof ASH-2200 unit, which is placed outdoors. The five sensors all connect to a USB-WDE1 receiver unit connected to a computer by USB.

    indoor sensor ASH-2200
    outdoor sensor USB-WDE1

    Although off-the-shelf software is available (LogView) functionality was limited to only logging every minute. To enable extra functionality, and as a bit of a geek challenge, a custom software solution was created. This consist of the following parts:

  • A perl script ( run in the background that constantly gets reading from the receiver via a serial interface and writes out a log.
  • A shell script (templog.csh) run by cron every 15 mins that reads the log and writes out an hourly, daily and monthly logs.
  • A php script (tempweb.php) that reads the logs and dynamically creates a webpage with plots created using PHPlot.
  • None of these scripts is particularly pretty, nor efficient, but they work. As reading a serial interface and reporting results via a web interface was something I thought I would never be able to achieve with my basic programming knowledge I thought I would share this to encourage others to try such things. Although setup for Mac OS X 10.6 scripts should also work under Linux with appropriate modification. Note that PHP is not enabled by default in Mac OS X 10.6, PHP. To do this make a backup of the original http.conf file:
    sudo cp /etc/apache2/httpd.conf /etc/apache2/httpd.conf.original

    Then enabled PHP by editing the http.conf file:
    sudo nano /etc/apache2/httpd.conf

    and un-commenting the following line in /etc/apache2/httpd.conf and restarting the web server:
    #LoadModule php5_module libexec/apache2/

    Revision History

    Over time a number of new features have been added:

  • created perl script
  • created shell script to create hourly, daily and monthly logs
  • added php script to real last log entry and display current values
  • added inside value as average of all four indoor sensors
  • added delta values to outside
  • added separate delta value between living room and bedroom
  • added room colour code to match plot
  • calculates daily maximum and minimum and reports it to daily log
  • added plot of last two hours by the minute
  • made las two hour plot only show one reading per minute to ignore two logs per minute
  • added date and time of last log read and current time
  • added reload button
  • added favicon and iphone icon
  • added plot of last two days by the hour
  • added plot of average temperature for last 28 day
  • added links to both raw logs and contracted logs used to plot
  • added automatic reload every minute
  • added javascript to remember current scroll location upon reload (3rd party code)
  • added css to harmonise look
  • added countdown till next reload using javascript (3rd party code)
  • added buttons to go directly to minute, hour and day plots
  • added links to plots to jump to next plot and then loop back
  • added plot of last month showing only inside and outside with max and min
  • added daily running max and min temperature to current values
  • made running max and min ignore sensor dropouts
  • made templog script ignore sensor dropouts
  • corrected averaging error that skewed averages (initiate counter as zero not 12!)
  • added plot of average temperature for last year
  • changed log location as Time Machine in Mac OS X does not backup ~/Library/Logs
  • added daily running average and plot it as day zero on day view.
  • added weekly and monthly running average and plot it as zero point on week and month view
  • tidyied up HTML of PHP output for easier debugging
  • added time of daily max and min temperature as mouse over in table
  • added plot of time of daily max and min temperature for last four weeks
  • made templog script record time of daily max and min
  • extended year plots to two year plots
  • fixed humidity axes to 0-100±20 %
  • calculate temperature axis based max and min values plotted and quantised with ±5°C.
  • corected wrong reading of bathroom humidity
  • transfered to wordpress usinf exec-php