Tag Archives: tech

Immediate macOS Screen Lock

[Danger: Unix nerd stuff ahead]

While I work from home sometimes, often times, I find myself working at customer locations, in airports, train stations, Starbucks, my company’s field offices, conferences, or in some sort of environment that’s less than fully trusted. When I find myself working in such places, if I walk away from my Mac even for a moment, I’m a good boy and lock my screen. It’s really a best practices from a security perspective, you should do it too.

I also recently got an Apple Watch. One of the features I really love is that if my watch is unlocked, and I open up my Mac, as long as I’ve already logged in and it’s just simply locked, I can unlock with my watch. Open the lid, be in range, bang, unlocked.  Love it.

I also seem to often times have a terminal window open for something. By the way, can’t say enough good about iTerm 2. Conventional wisdom recommends that CLI-savvy folks who want a quick way to lock your Mac should have a bash alias that looks something like:

alias afk="/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/Resources/CGSession -suspend"

If you’re an Alfred user, that’s the same thing Alfred’s doing behind the scenes if you use the “lock” command with Alfred configured with its defaults.  The problem with this? When you’re using non-local accounts, like accounts hosted in Active Directory, instead of getting the “just have your watch on, or type your password” sort of lock screen, you get something more like a login window where you must type your username & password to get back in.  Ok, so why not use a hot corner to activate the screensaver?

This is where my problem kick in.  Our IT team has lock set to kick in 1 minute after the screensaver activates, and I can’t change it to “immediately”. So, even if I use a hot corner, that doesn’t do the job.  I want the lock to be instantaneous.  macOS has a standard app for Keychain management called Keychain Access.app. It has a preference to show Keychain status in the menu bar. This menu has an option called “Lock Screen”, which does exactly what I want, but now I need to mouse around, click, click again, as opposed to a quick Alfred command or a bash alias to invoke the magic.

I found a discussion on Stackexchange about this very topic. Some kind soul wrote a few lines of Objective-C code that works perfectly. It actually calls the same feature the Keychain menu uses. Figuring I can’t be the only person who wants this, I tidied up the code a touch and put it on GitHub for posterity’s sake. Out of a desire to make it easy for others to install this, I even submitted a Homebrew Formula. Sadly, the code didn’t meet the requirements the guys who maintain homebrew-core wanted, but they suggested I make a tap instead.  A tap gives anyone the ability to install the software without having it in the main repository.  Want to install this and give it a go? Assuming you’ve already got Homebrew installed, you can just run these commands:

brew tap jcostom/taps
brew install maclock

If you would like to see maclock end up in homebrew-core, star the repo, and better yet, fork the project, improve, and send a pull request back!  I know enough Objective-C to fill a small post-it note. Maybe you know more?

Our Journey Into Home Automation

A long, long time ago, Lao Tzu wrote, “A journey of a thousand miles begins with a single step.” Our journey into Home Automation began in earnest with 2 burnt out light bulbs.

LED Conversion KitOur living room has 4 6-inch recessed lights in the ceiling, which were there when we bought the house. Over the years, I’ve replaced bulbs a handful of times, typically with Halogen bulbs, since they offered a compromise between the lower cost of incandescent with lower power use than those same incandescent bulbs. One evening, one bulb blew, followed by another the next day.  And so, off to Lowe’s I went, in search of new bulbs. I ended up coming home with 4 Sylvania LED conversion kits. Essentially, it’s the bottom of a light bulb with a wire hanging out that connects to the LED assembly, including a new trim ring. The whole thing slides right on up into the can, and takes the place of your old trim, leaving you with a nice, clean look.

casetaThings took a turn when I found that the old Lutron dimmer in the wall had a higher minimum load rating than it took to turn these lights on. So, suddenly, lots of flickering lights. I popped out the little tab in the bottom of the dimmer to kill the power and went back to Lowe’s, since I know there are now dimmers with smaller minimum loads, to be friendly to LEDs. While looking around, I came upon the Lutron Caseta Wireless solution. Lowe’s had a starter kit that gave me the bridge, dimmers, remotes and so forth.  Naturally, I went for the thing I could play with from my phone. Came home, installed the dimmer, setup the hub, and was rolling in about 20 minutes. I like their dimmers, as we’ve got an older house, that doesn’t always have a neutral wire in the box, so these worked out nicely.  I changed out the bulbs in my office and family room next. Over the next several months, we added 3 more dimmers and 4 of their simple on/off switches. I ended up having the buy the switches at an electrical supply shop, since those are considered “Pro” items.  Caseta all nicely integrates into Apple’s HomeKit ecosystem, so I can tell Siri to do stuff with the lights.  I was happy with my shiny new toy, and my dear wife got to humor me.

Years prior, we got a Nest thermostat. Not for their “learning” capabilities, but simply so we could do things like set it to Away when we left town, and then turn it back to its usual settings while on our journey back home. Eventually, we got some of the Nest Protect smoke/CO alarm units as well. They worked well enough, and we never bothered to do much with them, apart from occasionally be annoyed when they’d go off while cooking, though that’s not exactly a unique problem with these particular smoke alarms.  More on that stuff later..

Then the garage door opener kicked the bucket. No big shock, it was in the house when we bought it, and served us well. It sounded like a train running through one of the kids’ bedrooms when we’d use it, so it was more of a blessing than anything. In Home Depot, while selecting a new opener, another choice stood before us. For $5 or 10 more than the opener we needed, we could have roughly the same one with a box that connected it to the network, and allowed us to open, close & monitor the door from our phones.  Again, yes, please. Chamberlain MyQ works pretty well. I won’t bore you with their failed & broken promises about HomeKit compatibility being added to the existing hardware via firmware upgrades. Suffice to say, they handled that about as badly as a company can.

Then, Alexa came into our lives. We connected her to the lights. Kids forgot for the 43rd time to turn off the kitchen lights? “Alexa, turn off the kitchen lights.” She quickly became a member of the family, with kids asking her questions, and of course, our daughter requesting her to play various songs.

harmonyOne fateful afternoon, I knocked our Harmony remote off the table and it landed just right, smashing the touchscreen.  So, once more, off to the store I went, returning home with the Logitech Harmony Elite.  It’s an RF remote that has their Home Hub, with connected IR blasters. It also connects to your home’s network, and has apps, as well as tie-in’s to Alexa, Caseta, and others.  Our Harmony activities can now all be activated by asking Alexa to do it. “Alexa, turn on the Roku” – yes, please.

To date, our HomeKit use was limited to the Caseta switches & dimmers. It served us well, and we had no complaints. But we wanted a more integrated experience.  Enter Homebridge, the brainchild of Nick Farina. The goal is simple – bridge the gap between devices that don’t implement Apple’s interface to HomeKit and the HomeKit world, enabling control of devices by our other virtual assistant pal, Siri. The community has responded in a big way, having made several hundred plugins to extend Homebridge. I’ve got 2 plugins installed and working – MyQ and Nest. So, now I can see the state of our opener, as well as open & close it using Siri. Our Nest Protects show up as Smoke & CO sensors as well. What about the Nest thermostat?  Well, that’s gone off to greener pastures…

ecobee-3-sensoronstand-standingup-usI recently replaced the Nest with an ecobee3. This one is HomeKit compatible straight out of the box. The ecobee3 solves one of my chief complaints with any thermostat. Think about where the thermostat is in your house. I bet it’s somewhere like a hallway. Do you spend a lot of time in the hallway?  Of course not. You’re in the living room, kitchen, bedroom, office, hobby room, family room, or wherever. But you’re almost surely not in the hallway for any appreciable length of time. The ecobee3 offers additional sensors (the little white thing next to the thermostat above) that you can locate around the house. When designing your “Comfort Settings”, you get to decide which sensors factor into the temperature reading. So, during the day, when I’m working from home, and the only one here, only the one in my office matters. Around 2:30, the thermostat shifts to another profile that looks at other parts of the house, plus my office. The thermostat averages temperature between all the sensors you’ve specified. These sensors also now double as motion sensors that show up in HomeKit and allow you to generate alerts upon sensing motion, a sort of poor man’s (???) alarm system.

img_2957The last bit we’ve added is a few Hue bulbs and a light strip on the back of the TV in the living room, as a bias light.  The bulbs are for the kids’ rooms where they’re interested in playing with different colored lighting.  Otherwise, we’d have just done more Caseta for them.

Hopefully this inspires someone to automate something.  Go build something cool!

Raspberry Pi 3 Terminal Server

Every now & then, I find myself working on my network gear at home.  And like many of you, I occasionally upgrade firmware or occasionally yes, even manage to make a mistake and lock myself out now and then..  Like that time I accidentally obliterated my EX2200’s configuration with PyEZ (note – don’t use overwrite config unless you really mean it!).  Hurray for Junos features like “rollback 1”. 🙂

Of course, fixing such things, or doing such upgrades is typically done via the console.  I could string a big long USB extension cable across my office that I’d have to limbo under to leave the room, or figure out something better.  Then, the Raspberry Pi 3 came out, and my lightbulb sparked.  I’d played with an old original Rpi Model B to do this a long time ago, but only wired (which makes it slightly useless when upgrading the switch it’s connected to!). Shouts out to Duane Grant for the tips on how to make it all happen back then.

The Rpi3, with its 4 USB ports, and built-in WLAN chip?  I was sold immediately, and ready to level this thing up so it would be way more useful.  Off to Amazon, where I grabbed the Canakit Rpi3 starter kit and the official Rpi3 case (neither of these are affiliate links). I had a 32GB MicroSD card laying around, so I used that.

What’s it doing now?  Well, it’s Ethernet connected, so I can reach it over the LAN in my house.  It’s also now got a WLAN it’s broadcasting, courtesy of hostapd.  It’s got 2 USB serial dongles, and can accommodate 2 more for console connections.  It’s bridging those serial connections to the network, courtesy of ser2net.  It’s also running Linux ipmasq (think SRC NAT using the outside interface to hide behind), so if you connect to the Pi’s WLAN, you can still talk to the outside world.  Then, I found tty.js, a node app.  This thing gives you a fully functional terminal on the host you’re running it from.  You see where this is heading, right?

We begin with a vanilla Raspbian install. I used the latest image, via NOOBS, based on Debian Jessie (i.e. Debian 8).  I undid all the “helpful” things that the NOOBS-Raspbian image does, like autologin to an X desktop (in the raspi-config utility), and dumped the “pi” user, adding one for me in its place.  Vanilla Linux bits so far though.

I started by setting up the WLAN AP side of things.  This was super simple.  Here’s the really nice guide I followed to get it done.  It’s also worth noting that if you use the ISC dhcp server instead of dnsmasq, you’ll want to configure the static IP for the WLAN in /etc/network/interfaces rather than the /etc/dhcpcd.conf file.  It’s all about what tools you want to employ here..

Got your WLAN on?  Great, next up – serial ports.  There’s a whole pile of USB to RS232 out there.  If you’ve got some laying around, they probably already work.  If you’re buying new ones like I did, go for something based on the Prolific PL2303 chipset.  It’s far and away the most common chipset used for this purpose.  I went with a couple of these, from Amazon (not an affiliate link). When you plug those in, they’ll self-register as /dev/ttyUSB0, /dev/ttyUSB1, and so on.  The remaining piece to bridge the serial ports to the network is ser2net, which is in the Raspbian apt repositories (apt-get install ser2net is all it takes).

Configuring ser2net is simple.  I added 2 lines to the bottom of its config and restarted the process.  Here’s the entire /etc/ser2net.conf:

BANNER:banner:\r\nser2net port \p device \d [\s] (Debian GNU/Linux)\r\n\r\n
7000:telnet:600:/dev/ttyUSB0:9600 8DATABITS NONE 1STOPBIT banner
7001:telnet:600:/dev/ttyUSB1:9600 8DATABITS NONE 1STOPBIT banner

So now, you can telnet to the Pi on port 7000 and get to /dev/ttyUSB0 or go to port 7001 to hit /dev/ttyUSB1.  If you’d like to further restrict this, you could change to localhost,7000 in the above to restrict connections to come from the Pi itself (i.e. so you’d have to ssh to the pi, then telnet localhost 7000).

Ok, it’s a terminal server now.  Let’s turn that up a notch and make it web accessible.  I installed the nodejs package from heroku (I was having trouble with the raspbian repo version), then did an “npm install –global tty.js”.  Configuring tty.js was a bit of a new experience for me, as I don’t really play with JSON files much.  Err.. ever.  I generated a key & cert, and here’s the config, which I stashed in /etc/default/webconsole/config.json, along with the cert and private key I’d generated:

 "https": {
 "key": "/etc/default/webconsole/key.pem",
 "cert": "/etc/default/webconsole/cert.pem"
 "port": 8000,
 "term": {
 "termName": "xterm",
 "geometry": [80, 40],
 "scrollback": 1000,
 "visualBell": false,
 "popOnBell": false,
 "cursorBlink": false,
 "screenKeys": false,
 "colors": [

I launch the app from /etc/rc.local as:

su -l jcostom -c '/usr/local/bin/tty.js -d --config /etc/default/webconsole/config.json'

Yes, I did some (very slight) customizations to the index.html and style.css in the static/ directory under the tty.js install.  Perfectly usable in its default state, but I just wanted some slight changes.

And now, what you’ve all been waiting for – what’s this thing look like?



Printing from the iPad without buying a new printer

Ok, so you’ve got a snazzy new iPad, and would like to print.  Since iOS 4.2, Apple has had AirPrint, which only works with a small set of HP printers.  While yes, it’s super cool to be able to print from the iPad, how much will you really do this?  If it’s enough to warrant buying a new printer, good for you.  If you’re like me, and want to have the ability to do so, but probably will rarely do it.  Read on to find out more. Continue reading Printing from the iPad without buying a new printer

Review/Howto: CyanogenMod 6.0

CyanogenMod LogoI finally did it.  I rooted, and took the plunge.  This past week, Cyanogen release CM6.0, based on Android 2.2, aka Froyo.  What the heck is this rooting business about?  One of the nifty things about Android is the open source nature of the beast.  Since the source code is all out there, users are free to modify, remix & reload to their heart’s content.  Now, I’ll grant you that you’re not likely to find a lot of kernel hackers out there who really want to squeeze the last bit of performance out of their phone.  However, that’s not to say that there aren’t users who want to serve up the phone “their way,” be that simply changing the look & feel of the device, swapping out the kernel for one that underclocks the CPU to save battery, or even simply gaining more control over the device (especially true in carrier-subsidized devices).

Right now, CM6 is available for a handful of HTC devices, as well as the original Motorola Droid.  For a complete list, check the wiki to see if your phone can use CM6.  First up, you’ll need root access to your device, as you’re going to need to flash a custom recovery image onto your phone.  Don’t worry, it’s not as scary as it sounds.  Again, back to the wiki, look at the detailed directions for your device.  For some devices, like the Nexus One (what I’m using), you may want to grab the “Universal Androot” package.  It works for the N1, as well as a bunch of other devices, and is available from the developer’s site. And yes, Virginia, there is enough of the pages written in English that you’ll be able to figure it out.  If you’re a phone that’s not supported by the Universal Androot, you’re not sunk yet.  There’s either a manual process, which will be described on the wiki, linked above, OR if you have an HTC Evo, Desire, Incredible, Wildfire, Aria (aka Liberty) or Hero, you can use unrevoked.  It’s pretty painless.

CM6 Home Screen
My Home Screen

Warning: once you root, there may be no going back, especially if you do something like unlock the bootloader.  Officially speaking, once you unlock the bootloader (which isn’t always required), your warranty may be void.  I’m not responsible if you blow up your phone, start a small war, or your cat runs away.

Another warning: If you’re using a device that uses the HTC Sense UI, flashing CM6 will cause the UI to revert to the standard Android UI.

Got root?  Ok, now it’s onto the easy parts.  Install ROM Manager from the Android Market.  You can use the free version without any troubles.  Got that loaded?  Go ahead and flash the Clockworkmod Recovery to your phone.  ROM Manager should autodetect what type of phone you have, but it will ask for confirmation before it does anything.

Ready to roll?  Ok, grab the CM6 ROM image from a mirror.  While you’re at it, grab the latest Google Apps zip file for your phone type as well.  Stash those on your SD card.  Here we go.  First up, a full backup.  Back into ROM Manager, and “Reboot into Recovery”.  In the recovery?  Ok, now do a backup.  This is also called a “Nandroid Backup”.  What the heck is that?  Put simply, it’s a full backup of your current ROM image.  You want to do this.  REALLY.

Once you’re in the recovery menu, just do a backup.  Navigating the recovery menu uses the trackball to go up, down & select, and the power button acts as a “back button”. Your backup will take 3-5 minutes, and will require about 300-500 MB on your SD card.  Make sure you’ve got the space available!  For your reference, my Nexus One’s backup of the stock 2.2 image was 303MB.

HTC_IME Keyboard Portrait
HTC_IME Keyboard Portrait

All backed up?  Ok, let’s go.  Do a factory reset/wipe and wipe the cache as well.  Next, install a zip file from the SD card, specifically the CM6 ROM.  Repeat the steps to install the gapps image as well (if you’re planning on using the gapps, and you probably are).  All done?  Reboot.  Your phone will come up like it’s all brand new.

I’ve take some additional steps, going a bit further than just stock CM6.  I also added the HTC_IME Mod keyboard, which replaces the standard Android keyboard with the HTC Sense keyboard.  Once you get it installed, selecting it is as simple as doing a long press on a text field, and changing the input method to HTC_IME mod (assuming you’ve already turned the mod on in the system keyboard preferences!).

So back to the review.  So, was it all worth it?  I’d have to say yes.  Absolutely.  There was certain a small amount of inconvenience, associated with backup & restore of data, re-creating accounts and sync mappings, as well as the little things like prefs for ringtones, etc.  That was far and away outweighed by the good stuff I got – better performance, enhanced feature set – especially the use of ADW.Launcher by default, and the enhanced power control widget.

HTC_IME Keyboard Landscape
HTC_IME Keyboard Landscape

Ok, so now suppose you want to go back to where you started, how do you undo all of this?  Simply boot back into the recovery image, do another factory reset/wipe, wipe the cache and then restore.  Reboot, and you’re back.

Android is still in many regards somewhat of a wild west affair with regard to software updates, especially given the open source nature of the OS.  Will there be bumps along the way?  Probably.  Are you the type wants a phone that “just works” and doesn’t like to tinker?  CM6 probably isn’t for you, nor is pretty much any custom ROM.

Home Virtualization Project 2.0

Virtualization FunnelYou may remember the Home Virtualization Project from last year.  In that project, I converted my existing server, based on a Shuttle XPC (SP35P2 Pro, to be more precise) from a Linux server running VMware Server 2.0 to a VMware ESXi 3.5 server.  It worked well, but left a few things to be desired, such as..

  1. No RAID
  2. Onboard NIC required significant fiddling to get working under ESXi 3.5u4
  3. No onboard video, so I needed a video card, plus a network card to get going (the real root cause of #1 above).
  4. A bit loud.  The system wasn’t terribly loud, but for something that’s on full-time in the background in my office, it could be distracting at times.

So here we are, it’s a brand-new year, so the big project was an upgrade, inspired by some requirements I found with a project at work.  In the end, the old server was converted into a workstation and now has a happy home.  So what’s the current system?  Another Shuttle XPC.  This time, it’s the SG45H7.  This is a slightly smaller chassis than the already small SP35P2 Pro.  The SP line has space for 2 hard drives up top, above the optical drive that the SG line lacks, resulting in a shorter case.  The SG45H7 is targeted as an HTPC, and includes onboard video with both SVGA and HDMI outputs.  Further, it includes 2 expansion slots, one PCIe x16 and one PCI. Continue reading Home Virtualization Project 2.0

Facebook Chat via Jabber/XMPP

Facebook Chat on JabberAt long last, after promises to open up Facebook chat to Jabber clients, it’s up and going.  Finally!  No more crappy plugins for Pidgin and Adium that stop working randomly.  No more leaving a browser window up and connected to Facebook either.  It’s working quite well, so far at least.  Interested?  Head over there and they’ll walk you through the process.

What brought this about?  Facebook has started opening up and federating their IM system with other networks.  First up is AIM.  That’s right, AIM users can now chat with Facebook Chat users.  Since Facebook wisely chose the open XMPP (eXtensible Messaging & Presence Protocol) for this, which allows easy federation (i.e. interoperability) with other IM services, including the greater Jabber/XMPP community, which includes Google Talk, both in its standard and “Apps for Your Domain” flavors.

Here’s the gist, tell your Jabber client (they give precise instructions for Pidgin, Adium and iChat) to connect as your-user-name@chat.facebook.com and you’re all set.  For other Jabber clients, check out the link above for any particulars on the connection parameters.

One thing that they did not do, and it’s a bit irksome – no SSL/TLS support.  Come on kids, we’re in the 21st century here, let’s get with the program a bit.  After all, the standard login.facebook.com page uses SSL, so why not this too?

So overall, it’s great news, but they’ve still got a bit of work to do.