macOS Server on Catalina and php 7.3.8

I’ve posted ways to update php on macOS Server. My Mac mini is now running macOS Server 5.6.1 on macOS High Sierra and WordPress dutifully reminded me it is time to update php to a supported version, so read on for how it came together.

Before hitting the steps below, High Sierra’s sandboxing and needing to edit system files are difficult unless you boot from recovery mode to temporarily disable SIP, “csrutil disable”. Or, if you have the luxury I have, I was able to boot from my backup and edit my main drive. Doing this allowed me to delete Apple’s libphp7.so file from “/usr/libexec/apache2”.

1. Open Terminal and execute one line of code to get the latest stable php version, 7.3.8 at the time of this post, using the following command (and yes, even though below says 7.3, it will grab 7.3.8):

curl -s http://php-osx.liip.ch/install.sh | bash -s 7.3
sudo pico /Library/Server/Web/Config/apache2/httpd_server_app.conf

The second command allows you to edit “/Library/Server/Web/Config/apache2/httpd_server_app.conf”. Search for the line with “php7_module” and change the file path to point to the new libphp7.so file:

LoadModule php7_module /usr/local/php5/libphp7.so

Notice that this path is different than “/usr/local/php4/php5-7.3.8-20190811-205217”, but the above path has an alias that points to 7.3.8 and should enable future upgrades (hint, when we’re ready for php 7.4 and beyond).

2. Verify that the updated php is running with the following command:

schwie:apache2 bradschwie$ php -version
PHP 7.3.8 (cli) (built: Aug 11 2019 20:50:16) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.8, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.3.8, Copyright (c) 1999-2018, by Zend Technologies
with Xdebug v2.7.2, Copyright (c) 2002-2019, by Derick Rethans

3. To verify that php 7.3.8 is running on your webserver, restart your machine (or restart the Apache web server from Terminal):

sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/server-apachectl graceful

To complete this verification, I recommend temporarily placing an “info.php” file on your webserver to know which php version your webserver is relying on and where the php.ini file is saved. Mine was stored here “/usr/local/php5/lib/php.ini”. I keep the info.php file on my server, but for security purposes I recommend commenting out the body of the file after obtaining your php configuration information.

4. After completing step 3, I moved back to my blog and noticed all sorts of JIT errors. Others recommended disabling JIT from the php.ini file linked above, so I did the same by adding:

pcre.jit=0

5. Finally, my blog was complaining that it didn’t have the imagick php extension. My server has brew, so adding imagick is pretty easy using Mattias’ instructions, but after his step to install imagemagick, install autoconf to avoid errors with the pecl command:

brew install autoconf

So far so good. I’ll keep you posted when I make changes or move along to 7.4.

Last note, I also looked at instructions posted here, but I don’t believe I needed them in the end.

Winshortcutter and Catalina

After starting with a clean install of Catalina, I also installed WinShortcutter and found that it no longer properly showed itself properly in System Preferences with the prefpane not fully expanding downward to show all of WinShortcutter’s advanced settings. I also noticed that Tech-Arrow seems to be continuing development of WinShortcutter, but I wanted to continue using Lobotomo’s free version, so that’s why I wrote this.

The issue above might have something to do with Dark Mode in Catalina, as I noticed that even after following the steps below, WinShortcutter’s prefpane doesn’t do Dark Mode like the rest of System Preferences prefpanes. This fix won’t correct that and you should maybe consider Tech-Arrows product if you need that feature.

For this fix, it helps if you have a backed copy of your old system preferences. Lobotomo’s archived forums indicate WinShortcutter’s settings are saved here:

~/Library/Preferences/com.fribi.WinShortcutter.plist

I had the fortune of grabbing a copy of the above .plist from my last back up. If you don’t have a copy, feel free to use mine. I then replaced the existing .plist with the copy from my back up. When I re-entered System Preferences, it failed to import my old WinShortcutter settings, but now the window fully expands to show the advanced settings, woohoo!

I was then able to finish configuring WinShortcutter again, which included getting the Services menu to let me copy Windows files paths for outgoing emails. Tech-Arrow’s user manual led me to configuring Services properly by going to System Preferences->Keyboard->Shortcuts and putting a check next to “Open as Windows Link” and “Copy Path to Clipboard”.

Kombucha!

Over the shelter-in-place period, Ella and I broke into making soda pop with our first batch of ginger-ale. We soon realized if we added more yeast and let it ferment longer, we’d get more fizz. We started reading a book on soda pop, but I remembered folks in my ‘hood spoke of making kombucha. Reading more about it, kombucha is made from a SCOBY, a symbiotic culture of bacteria and yeast – how cool! As long as you feed the SCOBY sugared up tea, it will do the job of helping to make a fizzy drink.

The excellent Lindenfelsers’ gave me a perfectly simple recipe: brew 6 cups tea, dissolve 1 cup sugar, and when it cools add your SCOBY to brew for 2-3 weeks. I’m using their basic recipe before I get silly on second fermentations with fruit, but I also wanted to read more about it. For those of you considering breaking into the hobby, here are a few websites I found interesting, with the first one going into some of the science that I gladly appreciate:

  1. https://scienceandfooducla.wordpress.com/2015/11/10/kombucha-brewing-the-process/
  2. https://ifoodreal.com/flavoring-kombucha-how-to-make-kombucha-fizzy/
  3. http://www.picklejarstudios.com/strawberry-rhubarb-kombucha/

I have been brewing kombucha in a large mixing bowl covered with a dish towel and a rubber band around the top. After the first fermenting period is complete, I pour the bowl through a fine-mesh strainer and into another bowl with blended fruit or straight into bottles, always reserving one cup of kombucha from each batch and the SCOBY for your next batch.

For the bottles, I biked to a liquor store and bought a 4-pack of the delicious Grölsch, but you might want to explore other options here:

https://myfermentedfoods.com/kombucha-bottles/

Also, I’ve only been using black tea for the fermentation period, but after I research whether or not caffeine is needed, I may start branching out with tea flavors as Ellen repeatedly told me. Oh, and I also grew a baby SCOBY on the side for Lurch:

Baby Scoby

Wes’ baby SCOBY

Will report back more later, but our first batch of strawberry rhubarb kombucha was definitely tasty and explosively fizzy 🙂 I’m tracking batches with this spreadsheet.

Batchomatic and 13.5

Tested out Batchomatic on my iPhone XS Max today. I perused some other tips before diving in this and found the last part about how to install the .deb a bit unclear, exactly what to tap. I had previously exported .deb files from iOS 13.3 in anticipation of an upgrade to iOS 13.5 before Apple stops signing it.

To re-install tweaks from 13.3 on to 13.5, I used the following general steps:

1. Update or restore your iPhone to iOS 13.5
2. Install AltStore on your Mac and iPhone.
3. On your iPhone, tap Cydia to update it and install Batchomatic, OpenSSH and Filza.
4. Transfer the .deb file containing your tweaks from your Mac to /var/mobile/BatchomaticDebs on your iPhone (I used FileZilla from my Mac to connect to my iPhone).
5. From your iPhone, open Filza and navigate to “/var/mobile/BatchomaticDebs”, tap the .deb file you placed with step 3, and in the upper right hand corner tap “Install” (don’t bother tapping “Extract”, it won’t help you for this exercise).
6. When the install is complete, move back to Cydia->Search, tap Batchomatic’s icon in the upper left corner, tap “Install .deb”, and tap “Proceed”.

Your tweaks should now install. Mine belched an error message about not being able to install Karen’s AppSync Unified, so I went back afterward and installed it manually. Finally, if you have trouble with errors about not being able to install more than 3 apps, I found a couple issues. One, I had Apple’s TestFlight and another developer’s beta, Eat It, on my iPhone. Two, the 13.5 restore brought back AltStore and unc0ver, so I had accidentally tried installing AltStore twice, this Tweet may also help you out of this issue.

Time Machine .backupbundle repair

On my macbookpro12,1, Time Machine could no longer do backups and I wanted to start a new archive. I didn’t want to lose my previously backed up files nor did I want to start a new backup from scratch as it takes several hours. To repair the existing backup stored on our Time Capsule, I tried using instructions on this guy’s blog.

Sadly, fsck_hfs couldn’t repair my .backupbundle/sparsebundle, so I had to start over anyway! This has happened to me and others a few times in the past, so maybe the instructions above will be useful later. Better yet, copying and pasting the commands above gets old, so I may try the shell script here: https://gist.github.com/ahknight/dec202583a910756c6d9 It also might help to add “fsck_hfs” to your full disk allowed list in System Preferences->Security->Privacy->Full Disk Access. Finally, others have asked me about scheduling Time Machine backups. I may give these instructions a shot at some point, as it may relieve the issues that caused me to write this post.

** UPDATE 7-8-2020 **
This issue came up again with the backups created by my MacBook Pro today. Instead of running all the steps and advice above, I turned to this shell script, which I perused on another site (sorry, I’d love to credit the author, but I can’t seem to find them). I store this script on another machine on my network that has access to the Time Capsul so it can do the dirty work as it seems to run for a while. Here are the updated steps:

0. Disable Time Machine on your Mac, in my case from my MacBook Pro -> go to System Preferences…->Time Machine->uncheck box for “Back Up Automatically”.

1. Open a Terminal window and navigate to the directory where you saved the .sh script referenced above, in my case the desktop:

schwie:~ bradschwie$ cd Desktop
schwie:~ bradschwie$ chmod +x TimeMachineRepairScript.sh
schwie:~ bradschwie$ ./TimeMachineRepairScript.sh

(don’t press enter yet and leave this window open, we’ll be coming back to it in Step 4)

2. Connect to a server on my network (Mac mini) and connect to the Time Capsule’s disk: In a Finder window, look in the left hand pane under “Shared”, click the name of your Time Capsule, and then click “Connect As…”

3. When the Time Capsule’s disk mounts, click the “Data” folder, locate the name of your backup and drag its icon to the Terminal window in Step 1 and release.

4. Press return in the Terminal window.

5. After the script successfully completes repair of the backup, reenable Time Machine on your Mac.

@@ I can’t remember where I got the script linked above, but if you run it from the Mac where your Time Machine backups originate, you could enable and disable Time Machine using (steps 0 and 5) using information from these folks.

** UPDATE 7-19-2020 **
So, it happened again today and the script once again worked. Not sure why this keeps happening, except I think it may have to do with me putting the Mac to sleep while its in the middle of a backup. Maybe I should start restricting Time Machine to do its backups between 2am and 5am? Here’s the successful script output and my Time Machine is back in action:

schwie:Desktop bradschwie$ ./TimeMachineRepairScript.sh /Volumes/Data/MacBook\ Pro.backupbundle
+ IMAGE='/Volumes/Data/MacBook Pro.backupbundle'
+ '[' -z '/Volumes/Data/MacBook Pro.backupbundle' ']'
+ chflags -v nouchg '/Volumes/Data/MacBook Pro.backupbundle'
/Volumes/Data/MacBook Pro.backupbundle
+ chflags -v nouchg '/Volumes/Data/MacBook Pro.backupbundle/token'
/Volumes/Data/MacBook Pro.backupbundle/token
+ chflags -v nouchg '/Volumes/Data/MacBook Pro.backupbundle/bands'
+ /usr/libexec/PlistBuddy -c 'Delete :RecoveryBackupDeclinedDate' '/Volumes/Data/MacBook Pro.backupbundle/com.apple.TimeMachine.MachineID.plist'
+ /usr/libexec/PlistBuddy -c 'Set :VerificationState 0' '/Volumes/Data/MacBook Pro.backupbundle/com.apple.TimeMachine.MachineID.plist'
+ set -e
++ hdiutil attach -nomount -noverify -noautofsck '/Volumes/Data/MacBook Pro.backupbundle'
++ awk '/HFS/ {print $1}'
+ DEV=/dev/disk4s2
+ echo '/Volumes/Data/MacBook Pro.backupbundle -> /dev/disk4s2'
/Volumes/Data/MacBook Pro.backupbundle -> /dev/disk4s2
+ fsck_hfs -fy -c 8gb /dev/disk4s2
** /dev/rdisk4s2
   Executing fsck_hfs (version hfs-407.50.6).
** Checking Journaled HFS Plus volume.
** Detected a case-sensitive volume.
   The volume name is Time Machine Backups
** Checking extents overflow file.
** Checking catalog file.
** Checking multi-linked files.
** Checking catalog hierarchy.
** Checking extended attributes file.
** Checking multi-linked directories.
** Checking volume bitmap.
** Checking volume information.
** The volume Time Machine Backups appears to be OK.
+ hdiutil detach /dev/disk4s2
"disk4" unmounted.
"disk4" ejected.

** UPDATE 8-17-2020 **
So, it happened again today and the script once again worked. Not sure why this keeps happening, but after running the script and continuing backups with Time Machine, a long clean seems to occur.

AEX error while updating configuration

I still keep AirPort routers in our house, because they perform fine and are relatively easy to manage. Of course, one AirPort Express proved to be stubborn to configure from my macbookpro12,1.

I had revived this AEX just a day ago and wiped it clean, but any follow up attempts to configure from my MacBook Pro resulted in an error while updating the configuration.

The fix was relatively easy. I moved to our Mac mini which has a wired connection to the network and it was able to update the AEX’ configuration. Better news, follow up attempts to change the configuration from my MacBook Pro are now successful.

Catalina and PPTP VPN

I understand security is an issue with PPTP VPN connections, but mitigation systems I access have routers that still rely on this protocol. Apple’s macOS began leaving PPTP years ago and with Catalina, the purge is complete. Fortunately, Filip Molcik and his readers have tackled this and I’ve modified their instructions here for connecting with SmartFlex routers as described in the following steps:

1. Open Terminal.app and run the following command (you may need to precede these with ‘sudo’):

mkdir /etc/ppp/peers
cd /etc/ppp/peers
sudo pico pptp_config_file

2. Paste in the following text and replace instances of REMOTE_ADDRESS, USERNAME, and PASSWORD with what is required by your PPTP server (also note, this text includes commands to refuse authentication for EAP, CHAP, and MSCHAP, if you’re connecting to a PPTP server different than a SmartFlex router, you may need to put hashtags on these lines):

pty “/usr/local/bin/pptp REMOTE_ADDRESS –nolaunchpppd”
remoteaddress REMOTE_ADDRESS
user USERNAME
password PASSWORD
# require-mppe-128
# logfile /tmp/pptp_vpn_log.txt
## Other settings
noauth
refuse-eap
refuse-chap
refuse-mschap
redialcount 1
redialtimer 5
idle 1800
mru 1436
mtu 1436
receive-all
novj 0:0
ipcp-accept-local
ipcp-accept-remote
hide-password
looplocal
nodetach
ms-dns 8.8.8.8
usepeerdns
debug
defaultroute

3. Download a copy of Filip’s PPTP library built from Debian:

http://filipmolcik.com/releases/pptp/pptp.zip

And save this file in:

/usr/local/bin

4. To establish the PPTP VPN connection, I’ve found you need to keep the command prompt for Terminal.app in the same directory where the config file is saved from step 1, above. If so, make the connection in Terminal.app with this command:

sudo pppd call pptp_config_file

5. I should make a script for this, but I use it so infrequently I may not bother. For now, I disconnect by opening Activity Monitor, searching for PPTP, highlight it, click the “x” button, and choose “Quit”.

After making the connection, pptp surged to using about 90% of the cpu on my macbook12,1, but it has since settled down. Thanks, Filip!

Should these connections require MPPE in the future, we’ll need to replace the downloaded file in Step 3 with this library.

Last note, my MacBook Pro connects and pings the ip address it receives, but it can’t ping anything else on the network. Will hopefully resolve this soon.

WS-C2960S-24TS-S Fan Noise Reduction

I grew tired of our aging 16-port SMC 10/100 switch that had a couple blown ethernet ports and was causing problems with an AirPort Express in the back room. The switch last about 20 years, so I’m not complaining. Since that time, close to 24 devices or ports remain on our wired network and of those, several are now capable of gigabit ethernet. The time seemed right to upgrade to a gigabit switch.

I figured why not go all-in, so I picked up a Cisco WS-C2960S-24TS-S on the cheap on eBay for $30 shipped – I mean, I didn’t want to lose money here. You might ask why? We’ve got several Apple AirPorts that don’t do SNMP, but a managed switch does so I’ll now have a little bit better feel of network health. Upon receiving the switch, I soon forgot where these switches typically reside: noisy wiring closets with fans and other hot devices nearby. After firing it up in my shop and mounting it to the wall, the whoosh of the single fan was super loud. Sadly, I didn’t take sound measurements, but ask my wonderful kids and they’ll attest to it – you could hear it throughout the entire basement!

Since it was only $30, I figured why not fix this? The switch is mounted on the wall of my shop, in the basement, where it is rather cool all the time. That and our network doesn’t use the full bandwidth capacity the switch can handle. So, I opened the switch up with the intent of installing a step down converter:



The switch was easy to get into, just 5 sheet metal screws on the back side of the router. The cover easily slides toward the same side the screws were removed. Easy access!

Inside, there’s a small bundle of four wires connecting the logic board to the fan – looks like Cisco is using pulse-width modulation. Black is the negative, red seems to always run at 12 volts, yellow operates consistently at 2 volts, and the blue wire appears to be the tachometer measuring 4.5 volts when the switch turns on and reducing 2.7 volts when the router finishes its startup procedure.

The step down converters I have in-stock can handle input voltages between 4.75 and 24 – so much for stepping down the blue wire, but the fan’s red wire seems to be a candidate. In the pic below, you’ll see that I cut the red and black wires and spliced in a step down converter that reduced the 12-volt fan power to 7.3 volts. The kids approved of the noise reduction, so I wrapped the step down converter in some knock off Kepten tape and put the cover back on.

With the switch back on the wall, the fan is still audible, but I still wanted some air flow and didn’t want the step down converter getting too hot. Using my paid-for and excellent copy of db Meter which you can also use for free 5 feet from the switch, I’m measuring an average of 31 db. Success! After running the switch for an hour, the temperature is 29 degrees C – an increase of 2 degrees from what I noticed prior to this hack – will keep an eye on this. If the fan noise continues to bother us, I’ll consider getting another step down converter than can handle inputs down to 1 volt, a smaller fan, or maybe even taping over the inlet and outlet ports of the existing fan to further reduce air flow.

macbookpro5,1 sleep and DOSDude1’s Catalina

We tossed DOSDude1’s patched Catalina on a macbookpro5,1 for a friend and noticed that when the MacBook Pro’s screen was closed and the sleep indicator on the front of the Mac illuminated, the MacBook Pro was not actually going to sleep and was unresponsive after reopening the screen.

This Mac is a 2008 machine, upgraded with a Kingston 240GB SUV400S37/240G. After the machine failed to wake from sleep and we restarted it, we found a crash log with a Sleep Wake Failure event.

Turns out the fix is easy. Go to System Preferences->Energy Saver and uncheck “Put hard disks to sleep when possible” for “Battery” and “Power Adapter”. Now the Mac goes to sleep and wakes up just as it should.

Cisco Network Assistant

I downloaded 6.3.4 of the Cisco Network Assistant to configure this router, but it wouldn’t launch. I greeted with the error message “The application cna_mac_k9_6_34_en can’t be opened”.

To fix this, open Terminal.app and paste in the following string and then drag and drop the CNA app on top of the Terminal window:

chmod +x

In the my case, it looked like this:

chmod +x /Users/brad/Documents/Brad/Service\ Manuals/Cisco/WS-C2960S-24TS-S/firmware/cna_mac_k9_6_34_en.app/Contents/MacOS/*

After doing this, I was able to launch Cisco’s app!