Immediate macOS Screen Lock

[Danger: Unix nerd stuff ahead]

While I work from home sometimes, often times, I find myself working at customer locations, in airports, train stations, Starbucks, my company’s field offices, conferences, or in some sort of environment that’s less than fully trusted. When I find myself working in such places, if I walk away from my Mac even for a moment, I’m a good boy and lock my screen. It’s really a best practices from a security perspective, you should do it too.

I also recently got an Apple Watch. One of the features I really love is that if my watch is unlocked, and I open up my Mac, as long as I’ve already logged in and it’s just simply locked, I can unlock with my watch. Open the lid, be in range, bang, unlocked.  Love it.

I also seem to often times have a terminal window open for something. By the way, can’t say enough good about iTerm 2. Conventional wisdom recommends that CLI-savvy folks who want a quick way to lock your Mac should have a bash alias that looks something like:

alias afk="/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/Resources/CGSession -suspend"

If you’re an Alfred user, that’s the same thing Alfred’s doing behind the scenes if you use the “lock” command with Alfred configured with its defaults.  The problem with this? When you’re using non-local accounts, like accounts hosted in Active Directory, instead of getting the “just have your watch on, or type your password” sort of lock screen, you get something more like a login window where you must type your username & password to get back in.  Ok, so why not use a hot corner to activate the screensaver?

This is where my problem kick in.  Our IT team has lock set to kick in 1 minute after the screensaver activates, and I can’t change it to “immediately”. So, even if I use a hot corner, that doesn’t do the job.  I want the lock to be instantaneous.  macOS has a standard app for Keychain management called Keychain Access.app. It has a preference to show Keychain status in the menu bar. This menu has an option called “Lock Screen”, which does exactly what I want, but now I need to mouse around, click, click again, as opposed to a quick Alfred command or a bash alias to invoke the magic.

I found a discussion on Stackexchange about this very topic. Some kind soul wrote a few lines of Objective-C code that works perfectly. It actually calls the same feature the Keychain menu uses. Figuring I can’t be the only person who wants this, I tidied up the code a touch and put it on GitHub for posterity’s sake. Out of a desire to make it easy for others to install this, I even submitted a Homebrew Formula. Sadly, the code didn’t meet the requirements the guys who maintain homebrew-core wanted, but they suggested I make a tap instead.  A tap gives anyone the ability to install the software without having it in the main repository.  Want to install this and give it a go? Assuming you’ve already got Homebrew installed, you can just run these commands:

brew tap jcostom/taps
brew install maclock

If you would like to see maclock end up in homebrew-core, star the repo, and better yet, fork the project, improve, and send a pull request back!  I know enough Objective-C to fill a small post-it note. Maybe you know more?

Our Journey Into Home Automation

A long, long time ago, Lao Tzu wrote, “A journey of a thousand miles begins with a single step.” Our journey into Home Automation began in earnest with 2 burnt out light bulbs.

LED Conversion KitOur living room has 4 6-inch recessed lights in the ceiling, which were there when we bought the house. Over the years, I’ve replaced bulbs a handful of times, typically with Halogen bulbs, since they offered a compromise between the lower cost of incandescent with lower power use than those same incandescent bulbs. One evening, one bulb blew, followed by another the next day.  And so, off to Lowe’s I went, in search of new bulbs. I ended up coming home with 4 Sylvania LED conversion kits. Essentially, it’s the bottom of a light bulb with a wire hanging out that connects to the LED assembly, including a new trim ring. The whole thing slides right on up into the can, and takes the place of your old trim, leaving you with a nice, clean look.

casetaThings took a turn when I found that the old Lutron dimmer in the wall had a higher minimum load rating than it took to turn these lights on. So, suddenly, lots of flickering lights. I popped out the little tab in the bottom of the dimmer to kill the power and went back to Lowe’s, since I know there are now dimmers with smaller minimum loads, to be friendly to LEDs. While looking around, I came upon the Lutron Caseta Wireless solution. Lowe’s had a starter kit that gave me the bridge, dimmers, remotes and so forth.  Naturally, I went for the thing I could play with from my phone. Came home, installed the dimmer, setup the hub, and was rolling in about 20 minutes. I like their dimmers, as we’ve got an older house, that doesn’t always have a neutral wire in the box, so these worked out nicely.  I changed out the bulbs in my office and family room next. Over the next several months, we added 3 more dimmers and 4 of their simple on/off switches. I ended up having the buy the switches at an electrical supply shop, since those are considered “Pro” items.  Caseta all nicely integrates into Apple’s HomeKit ecosystem, so I can tell Siri to do stuff with the lights.  I was happy with my shiny new toy, and my dear wife got to humor me.

Years prior, we got a Nest thermostat. Not for their “learning” capabilities, but simply so we could do things like set it to Away when we left town, and then turn it back to its usual settings while on our journey back home. Eventually, we got some of the Nest Protect smoke/CO alarm units as well. They worked well enough, and we never bothered to do much with them, apart from occasionally be annoyed when they’d go off while cooking, though that’s not exactly a unique problem with these particular smoke alarms.  More on that stuff later..

Then the garage door opener kicked the bucket. No big shock, it was in the house when we bought it, and served us well. It sounded like a train running through one of the kids’ bedrooms when we’d use it, so it was more of a blessing than anything. In Home Depot, while selecting a new opener, another choice stood before us. For $5 or 10 more than the opener we needed, we could have roughly the same one with a box that connected it to the network, and allowed us to open, close & monitor the door from our phones.  Again, yes, please. Chamberlain MyQ works pretty well. I won’t bore you with their failed & broken promises about HomeKit compatibility being added to the existing hardware via firmware upgrades. Suffice to say, they handled that about as badly as a company can.

Then, Alexa came into our lives. We connected her to the lights. Kids forgot for the 43rd time to turn off the kitchen lights? “Alexa, turn off the kitchen lights.” She quickly became a member of the family, with kids asking her questions, and of course, our daughter requesting her to play various songs.

harmonyOne fateful afternoon, I knocked our Harmony remote off the table and it landed just right, smashing the touchscreen.  So, once more, off to the store I went, returning home with the Logitech Harmony Elite.  It’s an RF remote that has their Home Hub, with connected IR blasters. It also connects to your home’s network, and has apps, as well as tie-in’s to Alexa, Caseta, and others.  Our Harmony activities can now all be activated by asking Alexa to do it. “Alexa, turn on the Roku” – yes, please.

To date, our HomeKit use was limited to the Caseta switches & dimmers. It served us well, and we had no complaints. But we wanted a more integrated experience.  Enter Homebridge, the brainchild of Nick Farina. The goal is simple – bridge the gap between devices that don’t implement Apple’s interface to HomeKit and the HomeKit world, enabling control of devices by our other virtual assistant pal, Siri. The community has responded in a big way, having made several hundred plugins to extend Homebridge. I’ve got 2 plugins installed and working – MyQ and Nest. So, now I can see the state of our opener, as well as open & close it using Siri. Our Nest Protects show up as Smoke & CO sensors as well. What about the Nest thermostat?  Well, that’s gone off to greener pastures…

ecobee-3-sensoronstand-standingup-usI recently replaced the Nest with an ecobee3. This one is HomeKit compatible straight out of the box. The ecobee3 solves one of my chief complaints with any thermostat. Think about where the thermostat is in your house. I bet it’s somewhere like a hallway. Do you spend a lot of time in the hallway?  Of course not. You’re in the living room, kitchen, bedroom, office, hobby room, family room, or wherever. But you’re almost surely not in the hallway for any appreciable length of time. The ecobee3 offers additional sensors (the little white thing next to the thermostat above) that you can locate around the house. When designing your “Comfort Settings”, you get to decide which sensors factor into the temperature reading. So, during the day, when I’m working from home, and the only one here, only the one in my office matters. Around 2:30, the thermostat shifts to another profile that looks at other parts of the house, plus my office. The thermostat averages temperature between all the sensors you’ve specified. These sensors also now double as motion sensors that show up in HomeKit and allow you to generate alerts upon sensing motion, a sort of poor man’s (???) alarm system.

img_2957The last bit we’ve added is a few Hue bulbs and a light strip on the back of the TV in the living room, as a bias light.  The bulbs are for the kids’ rooms where they’re interested in playing with different colored lighting.  Otherwise, we’d have just done more Caseta for them.

Hopefully this inspires someone to automate something.  Go build something cool!

Raspberry Pi 3 Terminal Server

Every now & then, I find myself working on my network gear at home.  And like many of you, I occasionally upgrade firmware or occasionally yes, even manage to make a mistake and lock myself out now and then..  Like that time I accidentally obliterated my EX2200’s configuration with PyEZ (note – don’t use overwrite config unless you really mean it!).  Hurray for Junos features like “rollback 1”. 🙂

Of course, fixing such things, or doing such upgrades is typically done via the console.  I could string a big long USB extension cable across my office that I’d have to limbo under to leave the room, or figure out something better.  Then, the Raspberry Pi 3 came out, and my lightbulb sparked.  I’d played with an old original Rpi Model B to do this a long time ago, but only wired (which makes it slightly useless when upgrading the switch it’s connected to!). Shouts out to Duane Grant for the tips on how to make it all happen back then.

The Rpi3, with its 4 USB ports, and built-in WLAN chip?  I was sold immediately, and ready to level this thing up so it would be way more useful.  Off to Amazon, where I grabbed the Canakit Rpi3 starter kit and the official Rpi3 case (neither of these are affiliate links). I had a 32GB MicroSD card laying around, so I used that.

What’s it doing now?  Well, it’s Ethernet connected, so I can reach it over the LAN in my house.  It’s also now got a WLAN it’s broadcasting, courtesy of hostapd.  It’s got 2 USB serial dongles, and can accommodate 2 more for console connections.  It’s bridging those serial connections to the network, courtesy of ser2net.  It’s also running Linux ipmasq (think SRC NAT using the outside interface to hide behind), so if you connect to the Pi’s WLAN, you can still talk to the outside world.  Then, I found tty.js, a node app.  This thing gives you a fully functional terminal on the host you’re running it from.  You see where this is heading, right?

We begin with a vanilla Raspbian install. I used the latest image, via NOOBS, based on Debian Jessie (i.e. Debian 8).  I undid all the “helpful” things that the NOOBS-Raspbian image does, like autologin to an X desktop (in the raspi-config utility), and dumped the “pi” user, adding one for me in its place.  Vanilla Linux bits so far though.

I started by setting up the WLAN AP side of things.  This was super simple.  Here’s the really nice guide I followed to get it done.  It’s also worth noting that if you use the ISC dhcp server instead of dnsmasq, you’ll want to configure the static IP for the WLAN in /etc/network/interfaces rather than the /etc/dhcpcd.conf file.  It’s all about what tools you want to employ here..

Got your WLAN on?  Great, next up – serial ports.  There’s a whole pile of USB to RS232 out there.  If you’ve got some laying around, they probably already work.  If you’re buying new ones like I did, go for something based on the Prolific PL2303 chipset.  It’s far and away the most common chipset used for this purpose.  I went with a couple of these, from Amazon (not an affiliate link). When you plug those in, they’ll self-register as /dev/ttyUSB0, /dev/ttyUSB1, and so on.  The remaining piece to bridge the serial ports to the network is ser2net, which is in the Raspbian apt repositories (apt-get install ser2net is all it takes).

Configuring ser2net is simple.  I added 2 lines to the bottom of its config and restarted the process.  Here’s the entire /etc/ser2net.conf:

BANNER:banner:\r\nser2net port \p device \d [\s] (Debian GNU/Linux)\r\n\r\n
7000:telnet:600:/dev/ttyUSB0:9600 8DATABITS NONE 1STOPBIT banner
7001:telnet:600:/dev/ttyUSB1:9600 8DATABITS NONE 1STOPBIT banner

So now, you can telnet to the Pi on port 7000 and get to /dev/ttyUSB0 or go to port 7001 to hit /dev/ttyUSB1.  If you’d like to further restrict this, you could change to localhost,7000 in the above to restrict connections to come from the Pi itself (i.e. so you’d have to ssh to the pi, then telnet localhost 7000).

Ok, it’s a terminal server now.  Let’s turn that up a notch and make it web accessible.  I installed the nodejs package from heroku (I was having trouble with the raspbian repo version), then did an “npm install –global tty.js”.  Configuring tty.js was a bit of a new experience for me, as I don’t really play with JSON files much.  Err.. ever.  I generated a key & cert, and here’s the config, which I stashed in /etc/default/webconsole/config.json, along with the cert and private key I’d generated:

{
 "https": {
 "key": "/etc/default/webconsole/key.pem",
 "cert": "/etc/default/webconsole/cert.pem"
 },
 "port": 8000,
 "term": {
 "termName": "xterm",
 "geometry": [80, 40],
 "scrollback": 1000,
 "visualBell": false,
 "popOnBell": false,
 "cursorBlink": false,
 "screenKeys": false,
 "colors": [
 "#2e3436",
 "#cc0000",
 "#4e9a06",
 "#c4a000",
 "#3465a4",
 "#75507b",
 "#06989a",
 "#d3d7cf",
 "#555753",
 "#ef2929",
 "#8ae234",
 "#fce94f",
 "#729fcf",
 "#ad7fa8",
 "#34e2e2",
 "#eeeeec"
 ]
 }
}

I launch the app from /etc/rc.local as:

su -l jcostom -c '/usr/local/bin/tty.js -d --config /etc/default/webconsole/config.json'

Yes, I did some (very slight) customizations to the index.html and style.css in the static/ directory under the tty.js install.  Perfectly usable in its default state, but I just wanted some slight changes.

And now, what you’ve all been waiting for – what’s this thing look like?

 

 

Lunch – Smoked Wings

Lately, I’ve been after some wings.  This past Saturday, I picked up a pack of the super duper, organic, raised by Tibetan monks, lead a life of luxury type wings at Wegmans.  This morning, I went outside and lit a chimney full of charcoal, dumped that in the bottom of the smoker, and added a bit more on top.  In hindsight, I didn’t need the “bit more”.  Oh well, live & learn.  I really liked doing the wings because it required almost no attention whatsoever from me.  I lit the coals, adjusted the vents once, assembled, pulled, then ate.  My total time actively doing stuff, apart from eating, was maybe 10 minutes.

I ran the WSM without the water pan in place, dropped a chunk of hickory on top of the fully ashed over coals, and assembled the cooker.  The wings were rubbed with the Weber Kick’N Chicken rub and put in place.  I ran the smoker hot so the skin would be nice & crispy – 350F.  About an hour later, I went out and checked the wings.  They registered 163F, so I pulled them.

I sauced them with a mixture of 1/2c Frank’s Hot Wing Sauce and 1/3c wildflower honey.  I think next time, I might do less of the wing sauce.  Maybe a 50/50 split to tone down some of the heat.  They were fantastic.

First Brisket on the New Smoker

So, earlier this year, the best wife ever agreed to let me go out and get myself a smoker.  I ended up deciding on the Weber Smokey Mountain Cooker, 22.5″.  I probably would have been fine with the smaller 18.5″ one, but figured since I wanted to try my hand at brisket, I’d go for the bigger one.

So, last weekend, I gave it a go for a brisket. This first brisket run wasn’t a full brisket.  I just picked up a hunk of flat from the store.  It was 2.68 lb at the start.  I put it on at 10:30, hoping for a 15-16:00 sit down time.  Since it was small, and I was planning on going slightly hotter that usual, at 275F, I figured I was in pretty good shape time-wise.

I loaded up the cooker with some good old Kingsford Blue, and dropped in 4 chunks of pecan.  To that, I added about half a chimney of lit coals and assembled the cooker.  I ran the cooker with the water pan installed, foiled, but empty.  I had a bit of temp control difficulty, but I attribute that to me being new to using the WSM.  In the end, it wasn’t a big deal.

I wrapped when the meat hit 155F, and was able to push through the stall without difficulty.  I’d expect more difficulty with a full packer brisket stalling out.  At 14:15, I’d hit 203F, so I pulled the brisket, and wrapped it in a new layer of foil and a beach towel for an hour’s rest on the counter.  Then, we came, we sliced, we ate.  And it was good.  I even took advantage of my time waiting for it to cook and made a snazzy Excel template for tracking smokes like this.

Weekend Project: Weather Shield for iGrill v2

My wife, who is awesome by the way, got me an iGrill v2 for Christmas.  If you’re unfamiliar, it’s a probe thermometer that speaks to an app that runs on your iPhone, iPad or Android device using Bluetooth.  Like most electronics, it’s not fond of getting wet.

So, I decided to build a housing for it that would protect it from rain, allow the probes to get out, and could be attached to a post underneath our deck.  I picked up a Rubbermaid food storage container at Target.  I got the 14 cup version.

I then hit the Lowes down the road, where I got a stainless screw and washers, and a galvanized (not stainless!) metal strap.  Don’t buy a stainless strap, since you want the magnet in the back of the iGrill to stick to it.  I also grabbed a water-tight electric conduit fitting for the probe outlet.

I taped and then drilled a 1″ hole in the side of the container and installed the conduit fitting.  I lined up and drilled another hole in the back for the mounting screw.  The strap is being held in place by the screw and held steady by some silicone caulk.  You can see a little squeeze-out below.

New Years Dinner – Smoked Tri-Tip

Early this morning, Heather & I were talking about plans for today..  It was then that we realized we had absolutely nothing planned, including dinner.  Since we had planned nothing, we neglected to take anything out of the freezer to defrost.  So, I trotted off to Wegmans this morning to see what struck me.  As I perused the meat case, a pile of tri-tips were being freshly put out.  Hmm..  Tri-tip.  It’s been forever since I’ve had any, and I’ve never actually cooked it myself, though I’ve been interested in doing so. As an added bonus, this would afford me the opportunity to play around with the iGrill2 that Heather gave me for Christmas.  Have I mentioned how amazing my wife is?

So, I rubbed the tri-tip with a store-bought mix of kosher salt, coarse ground black pepper and garlic and stashed it in the fridge. Later, I loaded up the smoker box with hickory chips, got the grill going at about 225F and then loaded up the meat.  We did a reverse sear on this tri-tip.  For those who don’t know, searing first, then finishing over indirect heat makes for a less evenly cooked piece of meat than if you flip the process around.  Roast/indirect cook first, then sear second.  While we’re at it, let’s shoot the notion of “sealing in the juices” right between the eyes.  This has been debunked multiple times, just let it die, ok?  I set the iGrill’s alarm for 120F, at which point I’d pull and rest the meat.  This took almost 90 minutes to get from 40F up to 120F, at which time, I pulled the meat and chucked the tater tots in the oven for 20 minutes.  During the 10-minute rest, I cranked up all the burners on the grill to high to get everything nice & hot.  By the time the 10 minutes was up, the grill was up to 650F, and the roast went back on for a blast of heat that made a crust that would have made Dr. Maillard proud.

After a nice crust was laid upon the meat, I sliced it against the grain to maximize the tenderness, and served it with the tots and some warmed up olive oil & rosemary rolls I also picked up at Wegmans.  We have plenty of leftovers, which will probably end up as tacos in the next few days.  Future yum.