Something is wrong.
Instagram token error.

Mitigating Issues with Uptime Reminders by way of MunkiReport

Posted: May 9th, 2018 | Author: | Filed under: Uncategorized | No Comments »

A lot of our users have can go weeks or months without a reboot. Then they write in to ask for support on their slow Mac. Well…. reboot man! How would you feel if you didn’t sleep for a couple days? To mitigate this we’ve leveraged munkireport and google sheets to automate this process. We’ve created a google sheet with three four columns; USER NAME SERIAL NUMBER COMPUTER NAME ASSOCIATED EMAIL. Then we wrote a python script to pull this information in and cross reference it against computer records that report an uptime greater than 7 days. At the end of the script we email all of those users and ask them to please reboot.


# munkireport integration to alerts users of 7 day uptime.
import re
import gspread
from oauth2client.service_account import ServiceAccountCredentials
import sqlite3
conn = sqlite3.connect('db.sqlite')
import smtplib
from email.MIMEMultipart import MIMEMultipart
from email.MIMEText import MIMEText

## use creds to create a client to interact with the Google Drive API
scope = ['']
creds = ServiceAccountCredentials.from_json_keyfile_name('client_secret.json', scope)
client = gspread.authorize(creds)
# Find a workbook by name and open the first sheet
# Make sure you use the right name here.
sheet ="copiousUsers").sheet1
humanname = sheet.col_values(2)
humanname = filter(None, humanname)
serialnumber = sheet.col_values(3)
serialnumber = filter(None, serialnumber)
emailaddress = sheet.col_values(5)
emailaddress = filter(None, emailaddress)
hostname = sheet.col_values(4)
hostname = filter(None, hostname)

# Now find hosts on the shitlist
c = conn.cursor()
#c.execute('SELECT hostname FROM machine INNER JOIN reportdata ON WHERE reportdata.uptime>604800;')
c.execute('SELECT serial_number FROM reportdata WHERE uptime>604800;')
shitlist = c.fetchall()
# clean up the list and make ascii unicode
newlist = []
for tup in shitlist:
newlist = newlist + [item.encode('ascii','backslashreplace') for item in tup]
# get rid of anything after the first (.)
newlist = [i.split('.', 1)[0] for i in newlist]

# loop the list and search for matches against the googlesheet, get the details of each user and make a list of lists.
userlist = []
for line in serialnumber:
if line in newlist:
indexNumber = (serialnumber.index(line))
x = [user, email, host]

for line in userlist:
## user is line[0] and email is line[1] and the host is line[2]
msg = MIMEMultipart('alternative')
msg['From'] = 'yourEmail'
msg['To'] = line[1]
msg['Subject'] = 'Reboot Reminder, Over 7 Days Uptime Detected'

text = """\
Hello %s,

We have noticed that your computer, %s, has been up for 7 days without a reboot. Please reboot your computer when you can. Having a computer left on for too long without a reboot can lead to memory leaks and overall performance issues.

Best Regards,
Automatic Watchdog
""" % (line[0],line[2])
html = """\

Hello %s,

We have noticed that your computer, %s, has been up for 7 days without a reboot. Please reboot your computer when you can. Having a computer left on for too long without a reboot can lead to memory leaks and overal performance issues.

""" % (line[0],line[2])

part1 = MIMEText(text, 'plain')
part2 = MIMEText(html, 'html')

server = smtplib.SMTP('', 587)
server.login("emailaddress", "password")
text = msg.as_string()

server.sendmail("emailaddress", line[1], text)

Restrict RADIUS usage in Server 5.x

Posted: February 29th, 2016 | Author: | Filed under: Uncategorized | No Comments »

2000px-Circle-withsegments.svgThis is a follow up post to my previous article about how to setup RADIUS on Server 5.x

In my Open Directory user list I have a user called scanner with a password of, you guessed it, scanner. Now I know this isn’t the most secure thing ever but the user only has very limited access. Recently I wanted to implement RADIUS so that the VPN concentrator could authenticate against Open Directory but I certainly don’t want the scanner user to be able to authenticate. Previously I would fire up WorkGroup Manager and build a service access control list, SACL. However with WGM now gone I have to do it on the command line. After some hacking I figured it out.

First, you’ll need to make a group in OD called VPN and put the users you would like to have VPN access in it. Then whip open a terminal and get the GUID of that group.

dscl localhost read /LDAPv3/

You’re looking for the “GeneratedUID” record this somewhere. Next edit the following script and put your GeneratedUID into the line where it says NestedGroups

dscl localhost create /Local/Default/Groups/
dscl localhost create /Local/Default/Groups/ RealName
dscl localhost create /Local/Default/Groups/ passwd "*"
dscl localhost create /Local/Default/Groups/ gid 260
dscl localhost create /Local/Default/Groups/ NestedGroups PASTE_GUID_HERE

Then reboot radius with a serveradmin stop/start radius and you should be good to go!

How to Push Watchman Monitoring Windows Agent

Posted: November 10th, 2014 | Author: | Filed under: Uncategorized | No Comments »

Recently, I was granted access to the Windows beta agent. In a word, amazing. Truly, Allen and the guys at watchman have done an amazing job. Now, I have most of my clients enrolled in Meraki Systems Manager and I wanted to be able to push this agent to them without getting in the user’s face. I came up with the following and please keep in mind, I’m NOT a Windows sysadmin.

mkdir C:\temp
bitsadmin.exe /transfer "MSI" C:\temp\MonitoringClient.msi
bitsadmin.exe /transfer "regfile" C:\temp\MonitoringClient.msi C:\temp\monitoringclient.reg
Regedit /s C:\temp\monitoringclient.reg
Msiexec.exe /I C:\temp\MonitoringClient.msi

I take this code and paste it line by line into the “Command Line” feature of Meraki Systems Manager.

For more info on Watchman Monitoring Windows Beta go here.
For Meraki Systems Manager go here.

Migrating OS X Server Wiki from 10.7 Lion to 10.8 Mountain Lion

Posted: April 7th, 2013 | Author: | Filed under: Uncategorized | No Comments »

Great article on Apple’s support page outlining how to migrate the wiki service from 10.7 Lion Server to 10.8 Mountain Lion Server, aka OSX Server 2.2

And We’re Back!

Posted: February 13th, 2013 | Author: | Filed under: Uncategorized | No Comments »

openAfter a long while I’ve decided to bring my personal blog back to the net. I took it offline originally so I could redirect the web traffic to a company website that I started. However I quickly learned that nerds do not buy IT services, this is why they’re nerds – Nerds do IT themselves. (Get it?)

Hopefully the wizardry that is Google will be able to figure out that I moved the blog back, originally I did a 403 redirect, however this time I redesigned my company website without moving the wordpress content any where. I checked my pagerank and at a whopping 3/10 I’d have to say that I lost the traffic. Looking to future, I’m hopefully going to be adding a lot of content here, currently looking into FOSS AD/OD replacements, as well as some outdoor adventures!

Thanks for reading.


Vacation Time

Posted: July 19th, 2010 | Author: | Filed under: Uncategorized | No Comments »


So this going to be my last post for a while. Probably till the end of summer. I’m going on a european vacation with my lady. It’s going to be an epic adventure full of battles, conquests, and amazing sites. If you want to follow our adventure please check out our new tumblr blog.

Free Geek Summer Sale

Posted: July 15th, 2010 | Author: | Filed under: Uncategorized | No Comments »

A little bird told me Free Geek Vancouver is having a crazy sale this saturday! Check it out!

Old Trick: Cloning Over Network

Posted: June 17th, 2010 | Author: | Filed under: Uncategorized | No Comments »

Here’s an old but great trick. I had a server that was dying on me, I wanted to clone the computer but didn’t want to have the hassle of taking it apart. By using netcat and the dd command I was able to clone the computer over the network.

First on the destination computer, but up off of Ubuntu 10.04 Desktop liveCD and execute the command:

nc -l 10000 | dd of=/dev/sda

Then on the source

dd if=/dev/sda | nc 10000

Wait for the dd command to finish. Then reboot the new hardware, if you’re lucky it should just boot and you’re done! Yay! If not boot the destination up off of the liveCD once more and mount the drive. Edit any changes in drives (sda/sdb/hda) in /etc/fstab as well as grub. As well as any other changes you have to do, perhaps your modprobe.conf file needs editing. Once done make a new initrd and you’re happy!

/sbin/mkinitrd -v -f /boot/initrd-new.img 2.6.21

Free Geek: A Non-Profit Computer Reuse and Recycling Centre.

Posted: June 15th, 2010 | Author: | Filed under: Uncategorized | 1 Comment »

Free Geek Vancouver (FGV) is a non-profit computer reuse and recycling centre. They accept all computers, old and new as well as related electronics whether they are working or not! FGV is comprised of volunteers who breathe new life into these electronics to create functioning and useable computers. These born again computers are then either sold at low costs or are granted to various non-profit organizations in need. The computers that cannot be salvaged are disassembled properly and sent to various ethical recycling plants. Free Geek follows a strict recycling code of conduct set in place by the Basel Action Network. This ensures that our electronic waste is safely and locally disposed rather than shipped to developing nations where it often contaminates air and water.

You can help Free Geek by bringing your used computer down to be recycled! They’re located at 1820 Pandora St in Vancouver. Or if you are interested in lending a hand the please come down this Saturday at either 2 or 4pm for one of our infamous tours!

In today’s world we are becoming attached to our technology. For many computers are the first things we see in the morning, and the last thing we see before we sleep. They take our daily abuse now if only when we could give them the proper ending they deserve!

X forwarding on SSH after `sudo -u -i` or `sudo su`

Posted: May 24th, 2010 | Author: | Filed under: Uncategorized | No Comments »

X authentication over SSH is based on magic cookies! The problem though is that when you change users via sudo the new user is not aware of these magic cookies.

Before you issue the su (but after having ssh’ed into the remote
system), request the cookie for the current DISPLAY that’s connecting
to your X server:

bart:~ jordan$ xauth list $DISPLAY MIT-MAGIC-COOKIE-1

Then, after having done su, tell the new user what the cookie is:

bart:~ root# xauth add MIT-MAGIC-COOKIE-1

Just cut’n-paste the output of the above ‘xauth list’ onto ‘xauth add’
That’s it.