Jim Willis

In trying to harden my WordPress install that’s hosted on Linode I decided to enable https for encrypting the login page. At first I just went with the old self-signed certificate route and it was fine but boy did I have to jump through some hoops to get iOS/my iPhone to play nicely.

Then I noticed that Google’s Chrome browser was giving me a “not secure” message on my site (and on the other sites I host on Linode) and realized that Google no-likey the self-signed certificates and further research showed that Google may actually penalize your site in search results if you don’t have a CA-signed SSL cert.

I didn’t want to pay for an SSL cert just to encrypt my WordPress login and googling didn’t return much until I came across Linode’s great documentation for Securing HTTP Traffic with Certbot.

Here I learned about Let’s Encrypt and the way they handle requesting certificates. Super, super cool. And Free. And with the instructions from Linode it was so easy to do.

And now none of my hosted sites are getting that pesky Not-Secure error from Google Chrome!

Playing with micro.blog and sunlit.

I think this explains why the stink is getting better!

The other day Amazon put several of their Amazon Dash buttons on sale for $1.99. I picked up a few.

The first project I tackled was to get a Dash button to let everyone in the house know that the dog has been fed. This was pretty easy. 

• Someone feeds the dog and presses the Dash button on the dog food bin
• a computer on my network (a MacBook Air in my stereo cabinet) running Dasher listens for the Dash button to be pressed
• that computer uses some java code to call a pre-defined IFTTT webhooks/Maker URL
• that triggers a text message to everyone in the family that the dog has been fed

There are step by step instructions for doing much of this in this article. It is surprisingly easy and relies upon the Dasher project code. 

As I started looking at the Dasher code I realized that it also had a hook for ExecFile and that could be used to call a script/program etc instead of just calling a URL. Super!

Using an Amazon Dash Button to Play a Spotify Playlist

Most of the dash button hacks that people have documented rely on IFTTT. While IFTTT is no doubt super useful, I needed a bit more granularity in what I wanted my buttons to do and wanted to be able to call something more robust like a python or AppleScript file when the button was pressed. As a starter project, I wrote an AppleScript that checks the current time of day and then launches a playlist (and sets the volume) for that time of day. Unfortunately I could not get Dasher to work with the AppleScript.

I tried:

• Saving the script as a compiled application and calling it in the command section, this just errored out and didn’t give me any clues
• Then I wrapped the AppleScript in a shell script calling it with osascript, that errored out with a (-600) “application isn’t running” error which told me that at least the script was getting launched but wouldn’t run right
• Then I realized that the process calling the shell script was running as root and as such the AppleScript was being called from root.
• At first I tried all sorts of setuid BS on the shell script but that didn’t work
• Then in an aha! moment I changed the shell script from ‘osascript /Users/jimwillis/bin/scripts/spotify_launch.scpt” to:
• sudo -u jimwillis osascript /Users/jimwillis/bin/scripts/spotify_launch.scpt
• Voila! It worked like a champ, I just needed to make sure that the AppleScript was being called/run as me, not root!

Calling an AppleScript from Dasher

So the key here is:

Setup Dasher to call a shell script in the dasher config.json file, like this:

{
 "name": “Spotify-button",
 "address": "78:E1:03:C5:D8:AF",
"cmd": "/Users/jimwillis/bin/scripts/spotify.sh",
 "debug": false 
}

Then, make sure that the AppleScript is running as you, not root by calling osascript with sudo -u {yourUserName}, so the shell script I’m calling is just a one-liner that looks like:

sudo -u jimwillis osascript /Users/jimwillis/bin/scripts/spotify_launch.scpt

Have fun!!  Huge thanks to John Maddox for writing Dasher and Jeff MacDonald for the great HowTo

I like the hypnotic quality of the instrumental (National resonator guitar) that leads up to the very short lyric part (which is great in its own right). Feels like a combination of atmospheric and folk at the same time. Not that they’re mutually exclusive but listen and you’ll see what I mean.

Here’s a live performance of jaybird on YouTube

If you are a dog person, you will almost certainly dig this track, Dog, off of his more recent release. … a soul is a soul is a soul is a soul.

Spent a lot of time yesterday waiting for sql inserts to load and thought, hmm let me change my desktop background image. From there it was all down hill. Rabbit hole after rabbit hole, looking for vintage Mac icons. I even resucitated DragThing, forgot what a great application it is. Anyway, back to work.

[Note/Update: now that Apple has finally linked all the iMessage backend in iCloud you don’t need to jump through these hoops anymore. Just do this instead.]

Finally figured out how to make iMessage on my MacBook cooperate with a group text thread that includes non-iphone or Android users. This assumes that you have an iCloud account and you have an iPhone and want to send text messages to people who are not apple people. This solution allows you to send iMessages from your mac desktop to individual Android users or hybrid groups that include non-Apple users.

1. Make sure you are logged into the same iCloud account on your Mac (go to System Preferences->iCloud) and on your iPhone (Settings, click your username at the top of the Settings list and go to iCloud). You likely are logged in as the same user but just sanity check this.
2. on your iPhone go to Settings->Messages and select “Text Message Forwarding”
3. Select your mac desktop from the list. Once you do, your iMessage application on your Mac desktop will display a string of numbers that you need to type into your iPhone to link up your iPhone and your iMessage app on your desktop.

Once I completed these steps I was able to send txt and iMessage messages from my desktop.

[Note: combine these instructions below for how to lock down AirPlay on an iPad with an app called Volume Sanity and peace will descend upon your house!]

We use Airplay for music throughout the many rooms and audio systems in our house. Our youngest son likes to watch YouTube videos of buses and trucks all day long. In doing so he fiddles around with the settings a lot on his iPad and this inevitably leads to him broadcasting the trucks/busses audio to one of our home’s HiFi’s. This sucks. Especially early in the morning when you awake to the sound of heavy equipment roaring through a not insubstantial sub-woofer in the living room.

Besides the transmission of Airplay audio from his iPad to our home audio, no matter what I do to lock down his iPad under “Restrictions” he’s always finding ways to add events to our Family Calendar and albums full of no pictures to our family shared photo albums.

I wanted to lock down his iPad and disable AirPlay entirely. This turned out to be WAAYYYY more difficult that I thought. After a bit of a rabbit hole I ended up discovering an enterprise deployment tool called Apple Configurator 2. This tool is typically used by large businesses to roll out iPhone or iPads to their employees.

But it also does a really good job at locking down the iPad for our son. Note that following these steps requires wiping out the iPad entirely and starting from scratch so that it can be prepared as a “Supervised” drive. The process is tedious though. If you’ve used Active Directory or any other enterprise profile-type tool you can figure out. Here are some notes though.

Apple Configurator 2 to lock down iPad for child

• download the app from the App Store onto your mac
• launch the app and go to “Preferences”
  • create a new organization (i just use our family last name)
  • IMPORTANT: Skip enrolling in the Device Enrollment Program
• ERASE THE iPAD:  Plug in the iPad and click “Prepare”
  • select “Manual Configuration”
  • check Supervise Devices (you can only apply restrictive Profiles to supervised devices)
  • I checked “Allow devices to pair with other computers.” your needs may vary.
  • on the next screen select “Do Not Enroll in MDM”
  • The rest of the screens are pretty self explanatory
• Once the device is prepared and appears as a “Supervised” device
  • click the App button to install the apps you want on the iPad
  • you will need to jump through some hoops to install apps once you apply the restrictive profile so pay attention and install all the apps you want the first time to save yourself some grief.
• Go to File, New Profile
  • Fill out the General section
  • Fill out the Restrictions section (i mostly unchecked EVERYTHING on this tab
  • I also went to the AirPlay section and added a fake MAC address to the whitelist section, ostensibly only allowing my son’s iPad to connect to a device that doesn’t exist. I used for the MAC 00:00:00:00:00:00
  • save the profile with a name like “restricted profile”
• click the green “add +” button in the toolbar and add that profile to the iPad.
• You should be all set at this point with an iPad that has working apps and has whatever restrictions you set in the profile

two notes

1. if you want to install apps after you do this but have disabled the installation of apps in the restricted profile, simply create a new profile that has no restrictions, save it as “unrestricted profile.” Plug in the iPad, delete the restricted profile from it and apply the unrestricted one. Install the apps and then put the restricted profile back on the devices.
2. I tweaked the settings in the profile multiple times and just get removing and re-applying it until i got it right.

create a shell script with the following lines:

sudo mdutil -a -i off

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.metadata.mds.plist

sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.metadata.mds.plist

sudo mdutil -a -i on