The Big Migration

TLDR; I moved this website to WordPress

The story

This blog used be a Tumblr. Moved to Squarespace. Then a WordPress. A Squarespace site again, and now I’m back to WordPress.

Why? Mostly because I don’t like Squarespace’s buggy mobile admin support and lack of an API. But also because WordPress allows me to tinker with code, css, Apple News and other fun integrations.

Hosting

This website now runs on a Google Cloud Compute Engine instance. It’s a free f1-micro instance which should be more than enough to keep this blog and a few side projects online. (You can find out more about the free tiers here.)

Why Google? Mostly because I already pay for my email via Gsuite, I use single sign on via oAuth for my blog and by hosting the blog there also it keeps everything nice and contained. But no Google Analytics, ads or other dirty stuff.

Don’t have a Google GSuite account yet? Give it a try.

Management

Google offers a barebones Linux Server, similar to Linode, Digital Ocean or a Mac mini at MacStadium.

I could have build the entire Nginx and SSL stack myself, but I decided to go the easy and stable route and search for a management layer that configures the webserver part for me and makes managing the databases and certificates a lot easier.

After a week of research and a mailbox that still gets daily offers from all the tools I tested, I ended up with RunCloud.

They allowed me to setup the web environment, add a LetsEncrypt certificate and install WordPress on a Google Cloud in 15 minutes thanks to this handy guide. With the extra benefit that it’s either free if you want to do the SSL part yourself, or just 8$ a month for SSL, Git support,…

And since they also have a good backup option available, a website that works on iOS and offer unlimited sites/apps on one Google Instance I was sold.

Migration

Having a server and a WordPress instance is one thing, but I also had years of content to migrate from Squarespace to WordPress. Luckily, this guide got me 99% there.

  1. Export Squarespace, which only works on macOS.
  2. Import into WordPress.
  3. Use a plugin to also import all images and remap them to a WordPress url.
  4. Fix permalinks.
  5. Find a theme that looks similar to my previous theme.

Finishing touches

Now that the hard work was done, I used Coda to restyle the theme so it’s more similar to what I had on Squarespace. New logo, a few css changes, rewrote the footer and changed a few php functions to show and hide metadata on posts.

I relinked it to Apple News, again via macOS, and used this plugin to redirect my previous RSS feed to the current feed. And I added a JSON feed too, and a web clip icon, Touch Bar icon and basic dark mode support.

Up next

  • Add automated and manual dark mode via Craig Hockenberry (it’s partially working now)
  • Play around with Cloudflare caching
  • Write more blog posts
  • Figure out how I can integrate Gitlab for theme versioning.

One more thing

Did I mention I did it all on an iPad with just Safari, Coda, Prompt, Working Copy and Pixelmator?

(Except for the two steps mentioned above that didn’t support iOS: Apple News (go figure) and Squarespace (as expected).

Affiliate links

  • GSuite – use this link to get a 20% discount for yo first year.
  • RunCloud – use this link and get 15 days of free usage on your plan.

Hide 1Password One-Time Password notifications

1Password allows you to add two-factor authentication codes or one-time passwords to its database. Very convenient cause it’s safer then using sms, can be shared across a family or team and allows you to delete the Google Authenticator app.

Since one of its latest releases the app automatically copies the code to the clipboard when you fill in a username and password. That way it’s ready to use on the next screen where most apps ask you to enter the code. You just select the text field and paste the code. No more juggling between apps.

1Password alerts you of the clipboard action via a notification. A notification that, if you don’t tap or dismiss it, will remain on your lock screen or Notification Center long after you need it.

Quick tip: since 1Password only uses notifications for the one-time passwords, go into settings and disable all options except for the pop up banner.

You’ll still be notified but the alerts won’t linger.

Easily toggle between light and dark mode in macOS Mojave

Apple has added a new dark mode, Dark Aqua, to macOS Mojave. Since there’s currently no easy way to toggle between the two modes, I’ve created a button you can add to your MacBook Pro’s Touchbar that allows you to quickly move from and  to the dark side.

Steps

  1. Create a Contextual Workflow in Automator and add the code below.
  2. Set the input to none, and pick a good icon.
  3. Save the workflow and give it a clear name like Dark Mode.
  4. Go to System Preferences > Extensions and choose Touch Bar.
  5. Enable your newly created workflow
  6. Go to System Preferences > Keyboard and choose Customize Controlstrip
  7. Drag the Workflow button to your Touchbar

The code

tell application "System Events"
    
    tell appearance preferences
        
        set dark mode to not dark mode
        
    end tell
    
end tell

Screenshots

The result

Play Alexa Audio Routines on Sonos

Alexa now allows for routines that start audio playback. So for example you can say “Alexa, start the radio” and it’ll start playing your favorite radio station from TuneIn on your Alexa. (You can’t use play radio for some reason)

Sadly, by default, the interface doesn’t allow you to execute these commands on a Sonos One or redirect the audio to a Sonos speaker.

But there’s a workaround:

If you want to play a certain radio channel on the Sonos in the kitchen: start by creating a new routine in the Alexa app:

  1. Set an Alexa trigger, eg “start the radio”
  2. Add a Music action
  3. Type out the name of the channel or track you want to play and set the source. For radio, it’s TuneIn
  4. Append the sentence “in the kitchen”, to redirect the chosen music to the Sonos speaker in the kitchen.

The screenshots above will probably explain it better. 

Complexity

This shows the main difference between Apple Siri/HomeKit and Alexa. Alexa allows for these kind of hacks. But it makes for a frustrating experience because the advanced features don’t always work as expected.

Siri is locked and doesn’t allow these kind of workarounds. But the basic audio features Apple promises do work right out of the box.

It’s iOS stable and closed vs Android tweakable but unstable all over again.

Morning Report

Recently I started listening to the 9to5Daily Podcast while starting my day. It’s a fun short overview of Apple related news. Yesterday, Relay.fm launched Subnet, a show hosted by Stephen Hackett with a similar premise.

Two great shows to start your day which I’ve added to a Morning News playlist.

Today I discovered an easy handsfree way on Twitter to start a Morning Report via Siri on your iPhone or AirPods.

 Hey Siri, play my (name of podcast playlist) podcast station.

In my case, I named the playlist Morning News and when summoned via Siri, my iPhone starts telling me the current news. Pretty cool!

Similarly Alexa also has a Flash Briefing feature, which plays a queue of selected news sources.

Subnet is also available on Alexa thanks to the latest Anchor.fm integration, as are a list of other news related sources.

 Hey Alexa, play my Flash Briefing. 

This results in Alexa starting with Subnet, followed by local news and a few other short stations.

Sonos and AirPlay

Streaming music across the house has become more easy these last few years. Sonos has supported all the major music services for years now, Alexa has Spotify support and the HomePod will be an Apple Music beast from the get go. But when you want to stream media from your devices, choices are limited. Sonos doesn’t natively support AirPlay or bluetooth, Alexa has bluetooth pairing, but it’s clumsy. The Apple HomePod supports AirPlay, and will soon support AirPlay 2 to stream music across multiple rooms. Sonos has also announced they will support the new AirPlay 2 later in 2018.

But what if you want to AirPlay Overcast or Audible to your Sonos speakers right now? One solution is this convoluted setup involving an AirPort Express, Sonos Connect or Play:5 and a lot of cables.

A better way? Audiobridge.

Audiobridge

It’s a small software tool that live in the menubar of your Mac. It scans your network for Sonos devices and relays them as AirPlay sources to any device on your network. It’s fast, stable and for 10$ a lot cheaper than the “official” hardware solution.

I’ve been streaming podcasts all day from my iPhone to the Sonos devices across my house without any hiccups. Audio pauses when people call, you can rewind and fast forward from, let’s say, the Apple Watch and control the volume with Alexa or the Volume buttons on your devices.

Pretty sweet, especially if you have an always-on-Mac in the house.

Hide iTunes Extra’s in Plex

I’ve got a Plex Server running on top of my iTunes installation to more easily stream media to my iPad and iPhone. It’s more stable than using the Shared tab in the Movies app, and it’s available while out of the house too. One thing that always bothered me was the fact that Plex showed a lot of garbage in the Movies list. Especially clips from iTunes Extra’s were an issue. They did not have a nice image, have an ugly title, aren’t playable due to DRM and frankly there were just too many clips to keep things organised.

Yesterday I discovered that Plex, similar to Git, has a .PlexIgnore option. You can add a file to the root folder of your movie folder and via a specific syntax add rules that make Plex ignore certain files. Since iTunes Extra files are contained in a bundle that has an .ite extension, this could be applied easily.

Hide iTunes Extra’s

  • Go to root of your Movie folder in Finder. (If you index more than one folder: rinse and repeat)
  • Open Terminal and type cd and drag the Movie folder into the Terminal window.

  • Press Enter/Return and type nano .PlexIgnore
  • Press Enter/Return again. This opens up a text editor within Terminal.
  • Now you specify which files Plex should ignore.

  • Add the following text: */*.ite*/* This will make Plex ignore all files or folders that have an extension .ite or are within a folder with that name.
  • Next, close and save the file by typing Control X and pressing Y followed by ENTER
  • Your Plex installation will now reindex your entire library and all iTunes Extra’s related content will disappear from view, with the original files untouched!

Some more options

You can do a lot more with .plexignore. Hide all episodes from a TV series you once saved but don’t want visible anymore. Or hide all files containing Trailer, or Cam.

Sadly, it only looks at filenames at the moment. I’d love a way to hide all Purchased and DRM protected media. But that’s currently not possible.

Security Clean Up

A new year. A fresh start.
Every year I start the year with a cleanup of my digital clutter.

Throughout the previous year I logged in to dozens of services with my Google, Twitter or Facebook account. It’s faster than creating accounts from scratch, and when I just want to check something out, convenience wins. This results in dozens of services being interconnected after a while. And lots of accounts and services that I probably don’t really use anymore.

So, every January 1st I go to the security page of the big three platforms and clean out the connected apps. Every app or service I don’t use anymore gets revoked, and preferably deleted.

If I want to keep using the app I check if I can turn my account in a dedicated separate account on that platform. This way a breach of say Facebook, doesn’t result in people getting access to my Airbnb account.

It only takes a few minutes, but the end result is a safer digital environment.

2018

This year I went a bit further. I disabled all authorizations for sharing across platforms too. So no more autosharing Instagram to Twitter, or Shazam to Facebook. Each platform has its strengths, so cross platform sharing only results in a worse experience when looking at content made on another platform.

Notable exception: this blog. I use Facebook, Twitter and RSS as a way to share a link to this site.

The end result:

Facebook

I used to have 34 services connected. Now, I have three apps connected to Facebook:

  • WordPress sharing
  • Instagram,
  • Facebook Development

Disabled services: Medium, Twitter, IFTTT, Netflix,…

You can disable apps via this page.

Twitter

I used to have 23 apps connected. After the cleanup, just seven apps:

  • Twitter apps for macOS and iOS
  • Twitteriffic for iOS
  • Tweetbot for macOS and iOS
  • WordPress sharing
  • Nuzzel

Disabled services: Overcast, Medium, Shazam, IFTTT,…

Also, by revoking access you free up tokens for third party developers.

You can clean your apps here.

Google

Finally Google, which went from an surprisingly low 5 to this handful:

  • iOS and Mac mail
  • Plex Cloud

Deleted services were Fantastical, IFTTT, Zendesk,

Clean your Google list here.

Fix the macOS High Sierra Root Issue with JAMF Pro

Update: Apple fixed the issue. A critical flaw has been discovered in macOS High Sierra that lets anyone log in as ‘root’ with an empty password. It’s fixable via this Apple guide.

But, as a System Administrator for hunderds of Macs, doing it automatically is better. So: a quick guide for JAMF Pro.

Could be useful for others:

Find Empty Root

Create an extension attribute that looks for users with empty root passwords. (Source)

#!/bin/bash
RESULT=$(sudo dscl . -read /Users/root Password)
if [[ $RESULT == "Password: ********" ]]; then
echo "<result>haspassword</result>"
elif [[ $RESULT == "Password: *" ]]; then
echo "<result>nopassword set</result>"
else
echo "<result>unknown</result>"
fi

Scope all vulnerable devices

Create a Smart group that targets devices with nopassword or Unknown + High Sierra

Setting a password for root

Upload this package from Der Flounder

This package runs a script that sets a random password to the root user + sets its environment to /usr/bin/false

Fix it

Create a policy that runs the package + does an inventory update for all devices within the smart group.

The result: