Tiny Deathstars of Foulness

Encrypting a volume in OS X couldn’t be easier. In this article, we will look at three ways to encrypt OS X El Capitan volumes in OS X Server 5. The reason there are three ways is that booted volumes and non-booted volumes have different methods for enabling encryption. Encrypting Attached Storage For non-boot volumes, just control-click or right-click on them and then click on Encrypt “VOLUMENAME” where the name of the volume is in quotes. Screen Shot 2015-09-25 at 10.29.58 PM When prompted, provide an encryption password for the volume, verify that password and if you so choose, provide a hint. Screen Shot 2015-09-25 at 10.30.59 PM Once the encryption process has begun, the entry previously clicked on says Encrypting “VOLUMENAME” where the name of the volume is in quotes. Before you can encrypt a volume from the command line you must first convert it to CoreStorage if it isn’t already. As volumes on external disks aren’t likely to be CoreStorage, let’s check using diskutil along with corestorage and then list: diskutil corestorage list Assuming your volume was already formatted with a non-corestorage format and isn’t listed, locate the volume and document the disk identifier (in this case disk2s3). Then, run diskutil corestorage along with the convert verb and the disk, as follows (no need to run this command if it’s already listed): sudo diskutil corestorage convert disk2s3 The output should look similar to the following: Started CoreStorage operation on disk2s3 Reco
Resizing disk to fit Core Storage headers
Creating Core Storage Logical Volume Group
Attempting to unmount disk2s3
Switching disk2s3 to Core Storage
Waiting for Logical Volume to appear
Mounting Logical Volume
Core Storage LVG UUID: 19D34AAA-498A-44FC-99A5-3E719D3DB6FB
Core Storage PV UUID: 2639E13A-250D-4510-889A-3EEB3B7F065C
Core Storage LV UUID: 4CC5881F-88B3-42DD-B540-24AA63952E31
Core Storage disk: disk4
Finished CoreStorage operation on disk2s3 Reco Once converted, the LV UUID (LV is short for Logical Volume) can be used to encrypt the logical volume using a password of crowbar to unlock it: sudo diskutil corestorage encryptvolume 4CC5881F-88B3-42DD-B540-24AA63952E31 -passphrase crowbar The output is similar to the following: Started CoreStorage operation on disk4 Reco
Scheduling encryption of Core Storage Logical Volume
Core Storage LV UUID: 4CC5881F-88B3-42DD-B540-24AA63952E31
Finished CoreStorage operation on disk4 Reco According to the size, this process can take some time. Monitor the progress using the corestorage list option: diskutil corestorage list In all of these commands, replace core storage w/ cs for less typing. I’ll use the shortened version as I go. I know that we rarely change passwords, but sometimes it needs to happen. If it needs to happen on a core storage encrypted volume, this can be done from the command line or a script. To do so, use diskutil cs with the changevolumepassphrase option. We’ll use -oldpassphrase to provide the old password and -newpassphrase to provide the new passphrase. diskutil cs changeVolumePassphrase FC6D57CD-15FC-4A9A-B9D7-F7CF26312E00 -oldpassphrase crowbar -newpassphrase hedeservedit I continue to get prompted when I send the -newpassphrase, so I’ve taken to using stdin , using -stdinpassphrase. Once encrypted there will occasionally come a time for decrypting, or removing the encryption, from a volume. It’s worth noting that neither encrypting or decrypting requires erasing. To decrypt, use the decryptVolume verb, again with the -passphrase option: diskutil cs decryptvolume 4CC5881F-88B3-42DD-B540-24AA63952E31 -passphrase crowbar FileVault 2: Encrypting Boot Volumes Boot volumes are configured a bit differently. This is namely because the boot volume requires FileVault 2, which unifies usernames and passwords with the encryption so that users enter one username and password rather than unlocking drives. To configure FileVault 2, open the Security & Privacy System Preference pane and then click on the FileVault tab. Click on the lock to make changes and then provide the password for an administrative account of the system. Then, click on “Turn On FileVault…” Screen Shot 2015-09-26 at 10.00.24 PM You’ll then be prompted to restart; do so to begin the encryption process. Screen Shot 2015-09-26 at 10.01.50 PM When prompted, choose whether to create a key or save the key to iCloud. In most cases, on a server, you’ll want to create a recovery key and save it to a very safe place. Screen Shot 2015-09-26 at 10.05.26 PM When prompted with the Recovery Key, document it and then click on Continue. Choose whether to restore the recovery key with Apple. If you will be storing the key with Apple then provide the AppleID. Otherwise, simply click the bullet for “Do not store the recovery key with Apple” and then click on the Continue button. When prompted, click on Restart to reboot and be prompted for the first account that can unlock the FileVaulted system. Screen Shot 2015-09-26 at 10.05.32 PM Once encrypted, the FileVault tab in the Security & Privacy System Preference pane shows the encryption status, or percent during encryption. That’s it. Managing FileVault 2 using the System Preferences is about as easy as it can get. But for those who require mass management, Apple has provided a tool called fdesetup for that as well. Using fdesetup with FileVault 2 FileVault 2 now comes with a nifty configuration utility called fdesetup. To use fdesetup to encrypt the boot volume, first check FileVault’s status by entering the fdesetup command along with the –status option (wait, no — required any more!): fdesetup status As with most other commands, read the help page before starting to use just in case there are any changes to it between the writing of this article and when you kick off your automated encryption. Done using the help verb: fdesetup help After confirming FileVault is off, enable FileVault with the enable option, as follows: sudo fdesetup enable Unless additional parameters are specified, an interactive session prompts for the primary user’s short name and password. Once enabled, a Recovery key is returned by the fdesetup command. You can also cancel this by just hitting Control-C so we can look at more complicated iterations of the command. It should be recorded or otherwise stored, something easily done by mounting in a script (e.g. a write-only share in a script for key escrowing). If more complicated measures are needed, of course check out Cauliflower Vest at The fdesetup command is now at version 2.36: fdesetup version Now, if you run fdesetup and you’ve deployed a master keychain then you’re going to have a little more work to do; namely point the -keychain command at the actual keychain. For example: sudo fdesetup enable -keychain /Library/Keychains/FileVaultMaster.keychain To define a certificate: sudo fdesetup enable -certificate /temp/filename.cer Adding additional users other than the one who enabled fdesetup is a bit different than the first: sudo fdesetup add -usertoadd robin To remove users, just remove them with a remove verb followed by the -user option and the username: sudo fdesetup remove -user robin The remove and add options also offer using the -uuid rather than the username. Let’s look at Robin’s uid : dscl . read /Users/robin GeneratedUID | cut -c 15-50 Yes, I used cut. If you have a problem with that then take your judgmental fuc… Nevermind. Take that GUID and plug it in as the uuid using the -uuid option. For example, to do so with the remove verb: sudo fdesetup remove -uuid 31E609D5-39CF-4A42-9F24-CFA2B36F5532 Or for good measure, we can basically replicate -user w/ -uuid for a nice stupid human trick: sudo fdesetup remove -uuid `dscl . read /Users/robin GeneratedUID | cut -c 15-50` All of the fdesetup commands can be run interactively or using options to define the variables otherwise provided in the interactive prompt. These are defined well in the man page. Finally, let’s look at -defer. Using -defer, you can run the fdesetup tool at the next login, write the key to a plist and then grab it with a script of some sort later. sudo fdesetup enable -defer /temp/fdesetupescrow.plist Or define users concurrently (continuing to use the robin test user): sudo fdesetup enable -user robin -defer /temp/fdesetupescrow.plist FileVault accounts can also use accounts from Directory Services automatically. These need to synchronize with the Directory Service routinely as data is cached. To do so: sudo fdesetup sync This is really just scratching the surface of what you can do with fdesetup. The definitive source for which is the man page as well as a nicely done article by Rich Trouton. Encrypting Time Machine Backups The last full disk encryption to discuss is Time Machine. To encrypt Time Machine backups, use Time Machine’s System Preference pane. The reason for this being that doing so automatically maintains mounting information in the Operating System, rather than potentially having an encrypted drive’s password get lost or not entered and therefore not have backups run. To enable disk encryption for Time Machine destinations, open the Time Machine System Preference pane and click on Select Backup Disk… From the backup disk selection screen, choose your backup target and then check the box for “Encrypt backups”. Then, click on Use Disk. At the overlay screen, provide a backup password twice and if you would like, a hint as to what that password is. When you are satisfied with your passwords, click on the Encrypt Disk button. Now, there are a couple of things to know here. 1. Don’t forget that password. 2. If you use an institutional FileVault Key then still don’t forget that password as it will not work. 3. Don’t forget that password… Scripty CLI Stuff We’ve always been able to enable FileVault using scripts thanks to fdesetup but now Apple’s taken some of the difficulty out of configuring recovery keys. This comes in the form of the changerecovery, haspersonalrecoverykey, hasinstitutionalkey, usingrecoverykey and validate recovery options. These options all revolve around one idea: make it easier to deploy centrally managed keys that can be used to unlock encrypted volumes in the event that such an action is required. There’s also a -recoverykey option, which indicates the number of the key if a recovery key is being used. To use the fdesetup command to check whether a computer has a personal recovery key use the haspersonalrecoverykey verb, as follows: fdesetup haspersonalrecoverykey The output will be a simple true or false exit. To use the fdesetup command to check whether a computer has an institutional recovery key, use the hasinstitutionalrecoverykey verb, as follows: fdesetup hasinstitutionalrecoverykey To enable a specific personal recovery key, provide it using the changerecovery verb, as follows: fdesetup changerecovery -personal This is an interactive command, so when prompted, provide the appropriate personal key. The removerecovery verb can also be used to remove keys. And my favorite, validaterecovery is used to check on whether or not a recovery key will work to unlock a host; which can be tied into something like an extension attribute in Casper in order to store a key and then validate the key every week or 4. This helps to make sure that systems are manageable if something happens. The enable verb also has a new -authrestart which does an authenticated reboot after enabling FileVault. Before using the -authrestart option, check that a system can actually run it by using fdesetup with the supportsauthrestart verb and it will exit on true or false. Defer mode is nothing new, where FileVault waits until a user password is provided; however, a new verb is available called showdeferralinfo which shows information about deferral mode. This is most helpful as a sanity check so you don’t go running commands you already ran or doing things to systems that have already been provided with tasks to perform otherwise. Conclusion Encrypting data in OS X can take on other forms as well. The keychains encrypt passwords and other objects. Additionally, you can still create encrypted dmgs and many file types have built in encryption as well. But the gist is that Apple encrypts a lot. They also sandbox a lot and with the addition of gatekeeper are code signing a lot. But encrypting volumes and disks is mostly about physical security, which these types of encryption provide a substantial solution for. While all this security might seem like a lot, it’s been in Apple’s DNA for a long time and really security is about layers and the Mac Systems Administrator batbelt needs a lot of items to allow us to adapt to the changing landscape of security threats. OS X is becoming a little more like iOS as can be expected and so I would suspect that encryption will become more and more transparent as time goes on. Overall, the options allow encrypting every piece of data that goes anywhere near a system. The mechanisms with which data is now encrypted are secure, as is the data at rest. Once data is decrypted, features like Gatekeeper and the application layer firewall supplement traditional network encryption to keep well secured.

October 10th, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , ,

You might be happy to note that other than the ability to interpret new payloads, the profiles command mostly stays the same in El Capitan, from Yosemite. You can still export profiles from Apple Configurator or Profile Manager (or some of the 3rd party MDM tools). You can then install profiles by just opening them and installing. Once profiles are installed on a Mac, mdmclient, a binary located in /usr/libexec will process changes such as wiping a system that has been FileVaulted (note you need to FileVault if you want to wipe an OS X Lion client computer). /System/Library/LaunchDaemons and /System/Library/LaunchAgents has a mdmclient daemon and agent respectively that start it up automatically. This, along with all of the operators remains static from 10.10. To script profile deployment, administrators can add and remove configuration profiles using the new /usr/bin/profiles command. To see all profiles, aggregated, use the profiles command with just the -P option: /usr/bin/profiles -P As with managed preferences (and piggy backing on managed preferences for that matter), configuration profiles can be assigned to users or computers. To see just user profiles, use the -L option: /usr/bin/profiles -L You can remove all profiles using -D: /usr/bin/profiles -D The -I option installs profiles and the -R removes profiles. Use -p to indicate the profile is from a server or -F to indicate it’s source is a file. To remove a profile: /usr/bin/profiles -R -F /tmp/HawkeyesTrickshot.mobileconfig To remove one from a server: /usr/bin/profiles -R -p com.WestCoastAvengers.HawkeyesTrickshot The following installs HawkeyesTrickshot.mobileconfig from /tmp: /usr/bin/profiles -I -F /tmp/HawkeyesTrickshot.mobileconfig If created in Profile Manager: /usr/bin/profiles -I -p com.WestCoastAvengers.HawkeyesTrickshot You can configure profiles to install at the next boot, rather than immediately. Use the -s to define a startup profile and take note that if it fails, the profile will attempt to install at each subsequent reboot until installed. To use the command, simply add a -s then the -F for the profile and the -f to automatically confirm, as follows (and I like to throw in a -v usually for good measure): profiles -s -F /Profiles/SuperAwesome.mobileconfig -f -v And that’s it. Nice and easy and you now have profiles that only activate when a computer is started up. As of OS X Yosemite, the dscl command got extensions for dealing with profiles as well. These include the available MCX Profile Extensions: -profileimport -profiledelete -profilelist [optArgs]
-profileexport -profilehelp To list all profiles from an Open Directory object, use 
-profilelist. To run, follow the dscl command with -u to specify a user, -P to specify the password for the user, then the IP address of the OD server (or name of the AD object), then the profilelist verb, then the relative path. Assuming a username of diradmin for the directory, a password of moonknight and then cedge user: dscl -u diradmin -P moonknight profilelist /LDAPv3/ To delete that information for the given user, swap the profilelist extension with profiledelete: dscl -u diradmin -P apple profilelist /LDAPv3/ If you would rather export all information to a directory called ProfileExports on the root of the drive: dscl -u diradmin -P moonknight profileexport . all -o /ProfileExports In Yosemite we got a few new options (these are all still in 10.11 with no new operators), such as -H which shows whether a profile was installed, -z to define a removal password and -o to output a file path for removal information. Also, as in Yosemite it seems as though if a configuration profile was pushed to you from MDM, you can’t remove it (fyi, I love having the word fail as a standalone in verbose output):
bash-3.2# profiles -P _computerlevel[1] attribute: profileIdentifier: 772BED54-5EDF-4987-94B9-654456CF0B9A _computerlevel[2] attribute: profileIdentifier: 00000000-0000-0000-A000-4A414D460003 _computerlevel[3] attribute: profileIdentifier: C11672D9-9AE2-4F09-B789-70D5678CB397 charlesedge[4] attribute: profileIdentifier: com.krypted.office365.a5f0e328-ea86-11e3-a26c-6476bab5f328 charlesedge[5] attribute: profileIdentifier: _computerlevel[6] attribute: profileIdentifier: EE08ABE9-5CB8-48E3-8E02-E46AD0A03783 _computerlevel[7] attribute: profileIdentifier: F3C87B6E-185C-4F28-9BA7-6E02EACA37B1 _computerlevel[8] attribute: profileIdentifier: 24DA416D-093A-4E2E-9E6A-FEAD74B8B0F0 There are 8 configuration profiles installed bash-3.2# profiles -r 772BED54-5EDF-4987-94B9-654456CF0B9A bash-3.2# profiles -P _computerlevel[1] attribute: profileIdentifier: F3C87B6E-185C-4F28-9BA7-6E02EACA37B1 _computerlevel[2] attribute: profileIdentifier: EE08ABE9-5CB8-48E3-8E02-E46AD0A03783 _computerlevel[3] attribute: profileIdentifier: 24DA416D-093A-4E2E-9E6A-FEAD74B8B0F0 _computerlevel[4] attribute: profileIdentifier: 00000000-0000-0000-A000-4A414D460003 _computerlevel[5] attribute: profileIdentifier: 772BED54-5EDF-4987-94B9-654456CF0B9A _computerlevel[6] attribute: profileIdentifier: C11672D9-9AE2-4F09-B789-70D5678CB397 charlesedge[7] attribute: profileIdentifier: charlesedge[8] attribute: profileIdentifier: com.krypted.office365.a5f0e328-ea86-11e3-a26c-6476bab5f328 There are 8 configuration profiles installed bash-3.2# profiles -rv 772BED54-5EDF-4987-94B9-654456CF0B9A profiles: verbose mode ON profiles: returned error: -204 fail

October 6th, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , ,

Sometimes when I’m writing a script, I need something to phone home to something in the script. For example, this can tell another daemon where to ssh into when I invoke it remotely. So, let’s say I want to grab my WAN address in a script. I can use curl with a number of 3rd party sites (sites that often change. But, one that we can use here is Here, we’ll look at their plain output page here: curl This can then get output into a variable or file for processing in other parts of a script. For example, the output here is basically the same thing but the command is in backticks, as you might put it in when scripting: echo `curl`

July 26th, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Ubuntu, Unix

Tags: , ,

In bash, you can run multiple commands in a single line of a script. You do so by separating them with a semi-colon (;). The great thing about this is that if you end up using a variable, you can pass it on to subsequent commands. Here, we’re going to string three commands together and then echo the output: a=1;b=2;c=$a+$b;echo $c because we told c to be $a + $b, the $a expands to 1 and the $b expands to 2, we throw them together and then echo out the contents of c$ which appears as follows: 1+2 Now, we could have this thing do math as well, by wrapping the mathematical operation in double-parenthesis, which bash treats as an arithmetic expansion: a=1;b=2;c=(($a+$b));echo $c The output this one is simply 3.

June 15th, 2015

Posted In: Mac OS X, Mac OS X Server, Ubuntu, Unix

Tags: , , , , , , , , ,

QuickLook scans file contents before you open those files. Usually this just lets you view a file quickly. But you can also use this same technology from the command line to bring about a change to the Finder without actually opening a file. To access QuickLook from the command line, use qlmanage. qlmanage -p ~/Desktop/MyTowel42.pdf While open, click the space bar to go back to your Terminal session. The most notable use case here is that when you use qlmanage you don’t run the risk of changing the date/time stamp of the files.

November 10th, 2014

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , , ,

JSS-autopkg-addon Presentation from Allister Banks on Vimeo. (Guest post by Allister Banks) On June 26th, I had the pleasure of being invited by @Tecnico1931 to the NYC Metro JAMF user group meeting. A worksheet I created for this event may be found here: See also Shea Craig’s python-jss, and thanks go out to James Barclay, Sam Johnson, and all the folks mentioned in the video.

July 1st, 2014

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , , ,

Learn some stuff! For Free! There are so many resources available for learning these days that it’s hard to keep track of it all, or to find the things that are actually worth doing. So I decided to make a list of some of my favorites:
  1. Code Academy: Using Code Academy, you can learn a little JavaScript, HTML/CSS, jQuery, Ruby, Python and PHP. There are also projects for the web and integrating with APIs so you can hook into YouTube and Twitter. Screen Shot 2014-02-20 at 9.47.16 AM
  2. Learn a real language, like Spanish, Italian, German, Portuguese or French at this site, which has digestible chunks of lessons that you can use to get ready for that next work or personal trip, or just to make sure you continue to know more of a foreign language than your kid does when they come home from school.Screen Shot 2014-02-20 at 9.55.39 AM
  3. Learn Code the Hard Way: Free books? Learn to write Python, Ruby, C, SQL and even some regular expressions! Screen Shot 2014-02-20 at 10.25.41 AM
  4. Rails for Zombies: Learn Rails as a game. A nice, fresh approach to programming. You should know a little Ruby first, so check out or Learn Ruby the Hard Way first.Screen Shot 2014-02-20 at 10.24.49 AM
  5. Ted Talks: I didn’t really get these until I started to watch them. There’s over 1,600 Ted talks and counting. Want to learn about leadership, work-life balance, conducting an orchestra or how to motivate, this is your place. It’s a wealth of information from some very amazing people and what I now consider to be one of the best treasures online.Screen Shot 2014-02-20 at 10.19.58 AM
  6. Nike Training Club: Actually, the whole Nike experience, from Nike+ (Running, FuelBand, Kinect) to the skating app are awesome. But the Nike Training Club sports a collection of videos and workouts that are sure to push even the most fit to their limits. Screen Shot 2014-02-20 at 10.22.45 AM
  7. Make Games With Us: Learning programming doesn’t have to be boring. This site looks at building iPhone games. Screen Shot 2014-02-20 at 10.31.37 AM
  8. Stanford on iTunes: A lot of universities and other institutions have put a lot of content on iTunes U. But the quality of some of the Stanford lectures is IMHO) amongst the best! Check out what they have to offer, and search iTunes U for any other topic your heart may desire.Screen Shot 2014-02-20 at 10.34.17 AM

May 20th, 2014

Posted In: Articles and Books

Tags: , , , ,

I enjoy going to MacIT so much. Paul Kent ran a great little conference in Monterrey one year and I am so glad that I started going to Macworld around that time. I missed it last year while trying to trim back on the travel and am pretty stoked I got to get there again this year. Special thanks to everyone I saw and was able to hang out with. Considering there isn’t a single person I didn’t want to hang out with, sorry if I didn’t see you or get to spend any time. Thanks to Duncan and Kevin White for making time to do the podcasts (hopefully the background noise is low enough so we can get them posted!). Also, this is a top-notch production. Kathy, Paul, the board (Arek, Dan, John, Kevin, Duncan, etc) and everyone else I’ve ever interacted with there are absolutely amazing. I would love nothing more than to not get a chance to speak next year because a flood of amazing talks burst on the scene. Start thinking about what you could talk about now so I can show up and sit in the back and watch you do your thing! 🙂 And if you were in my session and asked about the presentation when the conference site was on the fritz (which could have also been my fault BTW), the presentation is here: MacIT 2014

Screen Shot 2014-03-29 at 11.09.44 PM

March 31st, 2014

Posted In: iPhone, Mac OS X, Mac OS X Server

Tags: , , , , , ,

Microsoft Azure is Microsoft’s cloud services. Azure can host virtual machines and act as a location to store files. However, Azure can do much more as well, providing an Active Directory instance, provide SQL database access, work with hosted Visual Studio, host web sites or provide BizTalk services. All of these can be managed at windows_azure_logo6 You can also manage Windows Azure from the command line on Linux, Windows or Mac. To download command line tools, visit Once downloaded, run the package installer. Screen Shot 2013-11-29 at 10.51.01 PMWhen the package is finished installing, visit /usr/local/bin where you’ll find the azure binary. Once installed, you’ll need to configure your account from the site to work with your computer. To do so, log into the portal. Screen Shot 2013-12-01 at 8.25.57 PM Once logged in, open Terminal and then use the azure command along with the account option and the download verb: azure account download This account downloads the .publishsettings file for the account you’re logged in as in your browser. Once downloaded, run azure with the account option and the import verb, dragging the path to your .publishsettings file from azure account import /Users/krypted/Downloads/WindowsAzure-credentials.publishsettings The account import then completes and your user is imported into azure. Once imported, run azure with the account option and then storage list: azure account storage list You might not have any storage configured yet, but at this point you should see the following to indicate that the account is working: info: No storage accounts defined info: account storage list command OK You can also run the azure command by itself to see some neat ascii-art (although the azure logo doesn’t really come through in this spiffy cut and paste job): info: _ _____ _ ___ ___________________ info:        /_\  |__ / | | | _ \ __| info: _ ___ / _ \__/ /| |_| |   / _|___ _ _ info: (___ /_/ \_\/___|\___/|_|_\___| _____) info: (_______ _ _) _ ______ _)_ _ info: (______________ _ ) (___ _ _) info: info: Windows Azure: Microsoft's Cloud Platform info: info: Tool version 0.7.4 help: help: Display help for a given command help: help [options] [command] help: help: Open the portal in a browser help: portal [options] help: help: Commands: help: account to manage your account information and publish settings help: config Commands to manage your local settings help: hdinsight Commands to manage your HDInsight accounts help: mobile Commands to manage your Mobile Services help: network Commands to manage your Networks help: sb Commands to manage your Service Bus configuration help: service Commands to manage your Cloud Services help: site Commands to manage your Web Sites help: sql Commands to manage your SQL Server accounts help: storage Commands to manage your Storage objects help: vm Commands to manage your Virtual Machines help: help: Options: help: -h, --help output usage information help: -v, --version output the application version Provided the account is working, you can then use the account, config, hdinsight, mobile, network, sb, service, site, sql, storage or vm options. Each of these can be invoked along with a -h option to show a help page. For example, to see a help page for service: azure service -h You can spin up resources including sites, storage containers and even virtual machines (although you might need to create templates for VMs first). As an example, let’s create a new site using the git template: azure site create --git Overall, there are a lot of options available in the azure command line interface. The web interface is very simple, with options in the command line interface mirroring the options in the web interface. Running and therefore scripting around these commands is straight forward. I wrote up some Amazon stuff previously at, but the azure controls are really full featured and I’m really becoming a huge fan of the service itself the more I use it (which likely means I’ll post more articles on it soon).

December 2nd, 2013

Posted In: cloud, Network Infrastructure, SQL, Ubuntu, Unix, VMware, Windows Server

Tags: , , , , , , , , , , ,

Wait, did I say control, I meant query… Sorry to disappoint! I am a home automation nerd. Recently I’ve noticed that as it gets closer to warmer or cooler extremes that it takes longer for my hvac system to bring my house to the temperature I want. I’ve also noticed that NEST claims to automatically learn these factors. Not to be outdone by the Griswolds, I decided to look at building this into my system.
I had been experimenting with using the site to pull this data but then someone pointed out that NOAA (the National Oceanic and Atmospheric Administration) actually publishes this information on their site. I was able to access a simple-to-parse dump of information for the Minneapolis airport, which is pretty close to my house. The URLs are based on ICAO codes. You can find the code for your airport on the ICAO code wikipedia page. The URL to look at for information is or for Minneapolis (or for Blaine which is actually closer to me). You can actually just curl this straight with nothing special to view the text file: curl The output is basically as follows: MINNEAPOLIS-ST PAUL INTERNATIONAL , MN, United States (KMSP) 44-52N 93-13W 265M Oct 01, 2013 - 10:53 AM EDT / 2013.10.01 1453 UTC Wind: from the WNW (290 degrees) at 13 MPH (11 KT) gusting to 24 MPH (21 KT):0 Visibility: 10 mile(s):0 Sky conditions: mostly clear Temperature: 68.0 F (20.0 C) Dew Point: 48.9 F (9.4 C) Relative Humidity: 50% Pressure (altimeter): 29.82 in. Hg (1009 hPa) Pressure tendency: 0.14 inches (4.6 hPa) higher than three hours ago ob: KMSP 011453Z 29011G21KT 10SM FEW150 20/09 A2982 RMK AO2 SLP094 T02000094 51046 cycle: 15 I subtracted or added the difference in temperature to my desired temperature and am experimenting with how much more quickly I need to fire things up based on that (for my hvac system seems to be about a minute per 10 degrees of delta), but there are definitely plenty of ways to go about such number nerdery. Either way, I can now control the temperature based on the weather using curl, which is basically controlling the weather in my house, so not as untrue a title as with most front-page newspaper articles… Finally, there’s also a REST API, available from NOAA at

October 2nd, 2013

Posted In: Home Automation, Mac OS X, Minneapolis, sites

Tags: , , , , , , , , , , , , , ,

« Previous PageNext Page »