I have had a hell of a time finding a way to install a Let’s Encrypt certificate on macOS Server the Right Way™, due to how Server customizes the Apache config in weird and annoying ways.

For the moment, I am going to use this way to “trick” certbot into issuing the cert to a different server temporarily running on the same machine. Adapted from the very helpful instructions at Denis Gladkikh’s blog.

Set up certbot

Get your first certificate

Start a temporary python web server on port 9000.

Then change the port forwarding on the AirPort router:

  • Launch AirPort Utility
  • Select Basement Extreme
  • Edit
  • Network tab
  • Port Settings:
  • Select the port forwarding entry for your server
  • Edit
  • Change Private TCP Ports: from 80, 443 to 9000, 443
  • Save and restart the router.

As part of the output of this command should be a notice like:

As above, change the AirPort settings back to the ports 80, 443, and restart the router.

Kill ^C the python server.

  • Launch the Server app
  • Go to the Certificates tab
  • Click +
  • Select Import a Certificate Identity…

Server requires you to drag-n-drop instead of selecting from a file dialog, so copy the certificates to the Desktop (or someplace handy where you have permissions to deal with them in the Finder).

  • Select all of the .pem files and drag them onto the import dialog. Server will work out which ones it needs.
  • Click Import
  • At the top of the Certificates window, for the Secure services using: pop-up, select the new cert.
  • Go to the Websites tab
  • Under Websites:, select Server Website (SSL)
  • Click the pencil button to edit
  • Under SSL Certificate:, select the new cert.
  • Select OK.
  • Go back to the Certificates tab
  • Select the old certificate, and click then Delete to delete the old certificate.

Renew Certificate

I haven’t actually done this yet, so take this as tentative.

  • Run the python server and reconfigure the router as above.
  • This time, we don’t need to specify the domain; just renew:

  • Restore the router settings and stop the python server, as above
  • Copy the new .pem files and install them into the Server app, as above.
  • Repeat every ten weeks. (It expires every three months, but give yourself a deadline with time to get it done so it doesn’t expire if you get delayed.)

Need to figure out a way to make this more automated, but that will wait until the pain of doing this every ten weeks has settled in. 😉

Last night, we elected a new President of the United States. It is not who we hoped for.

If there is one thing that this election did, was shattered the illusion that I understood half of the people that live in this Republic of ours. We can quibble about the popular vote vs. the electoral vote, but it’s very nearly split right down the middle. If you look at a map of the counties, you can easily see where higher population centers are the ones colored blue, and the more sparsely populated areas are colored red. It has been this way for decades, and I believe this split offers an idea as to why this election fell the way it did.

One of my greatest passions is studying film — immersing myself in someone else’s shoes for a hundred minutes and coming out the other side with a wider experience and more empathy for another viewpoint. I have also been drawn to cities where there is more culture, more diversity, more people living their weird lives, showing me things I never knew before, and opening my eyes to other experiences, and other personal truths. I’m not a perfect human, by any stretch of the imagination, but I try to be inclusive and accepting of as much as I can. If they’re not hurting someone else, what business of mine is it how they live their life? And perhaps they have something to teach me about how I live my own. I try to improve myself, bit by bit. I have some brain chemistry issues that make it harder than it should be sometimes, but learning to compensate for that is just part of being human. Everyone has their own personal hurdles to overcome.

I saw a lot of Democrat friends last night railing at third-party voters, at Trump voters, blaming Bernie Sanders, blaming Clinton for suppressing Sanders in the primaries, blaming… whoever they can think of. It may make you feel better for a few minutes, but being angry and divisive is not going to change minds. We, as Americans — each and every one of us — have only ourselves to blame. While we may be more inclusive and understanding in the cities, the wide swaths of rural America just shouted that they don’t share our degree of acceptance, our values of inclusivity and progress. But it is important to remember that these views do not come from a vacuum. People in the cities get reminded all day every day that humanity is diverse and wondrous, and that people that look different, live different, love different — they are no threat to my existence, my ideals, my values. As long as you’re not hurting people, we can all get along. In fact, we need to get along, to support each other, to pool our resources (taxes!) to pay for services that the lowest earners would never be able to provide for on their own, to care for each other, even if in small, seemingly superficial ways.

That leads me to wonder if this is mainly a problem of education. That people feel not only left behind by new technology, but by new views. They are not exposed to diversity early enough in life and form life-long assumptions about how different equals “bad”. They may think everyone has the exact same opportunities afforded to them. They don’t like taxes because “the government” will just spend it on helping people they think don’t deserve it, just because they didn’t need it. Many also lack exposure to diversity of thought, both in their schooling and in their choice of news sources (c.f. Fox News, Breitbart, etc.). I don’t know how else to explain how half of the country could excuse the racist, sexist, fill-in-the-blank-phobic behavior of the “strongman” braggart of a Republican that we just elected. He obviously made their voices felt heard in a way that the relatively centrist Democrat candidate did not. The question is, why did he make them feel heard?

The important thing to remember is that while people are lashing out, whether overtly, vilifying and threatening violence like we saw at the Trump rallies, or more quietly, like in electing someone they feel speaks for them despite proving over and over that he is unfit for the presidency — these people are lashing out because they are hurt. Because they don’t feel listened to. Because they don’t know where to turn. Remember that these are human beings, just like you, and that their circumstances have led them to this point, just like yours have led you here. It may be difficult, but I encourage you to listen to them, and try to understand where they are coming from. Compassion and empathy is the way forward, to understand and meet the needs of the half of this country that is obviously going unassuaged.

As to the future, I know that things will get better. If you feel as strongly as I do about this, volunteer for local programs that you want to encourage. Volunteer to help campaign for our representatives (local and national) in two years, for the mid-term elections. I know both of you are heading toward becoming great artists — express your empathy and care in your work. Keep being the fine young people I know you to be. Don’t despair. We can get through this, together.

A few months ago, I was drawing in Adobe Illustrator for an animation we were producing, and I was having trouble with my laptop bogging down and becoming completely unresponsive when Illustrator threw up its hands at copying or pasting the hundreds of tiny switches and buttons I had drawn on a retro-style computer bank.

When that happened, my options were basically to wait 10–15 minutes for Illustrator to get itself together and return control, or log in remotely and kill the process. Thankfully, Gil showed me how to do the latter. Here are the instructions, in case I need them again:

Read more…

I’m testing out django CMS for a small personal site,, and installing it on my WebFaction hosted server. I’m writing down the steps, so you don’t have to! (And by “you,” I mean “future Mark who has forgotten these steps.”)

I’ve had a great experience with WebFaction — they’re both inexpensive and reliable. If you’d like to give them a try, please use this affiliate link to sign up for a free trial, and try installing for yourself.

Read more…

My goal is to have made at least one tiki mug for my home tiki bar, by the end of the year. I’ve been poring over Tiki Central’s forums to learn more about the process. I have also picked up a couple of books on it, and have been creating a big workflow list of all of the tips and tricks I’m finding so far.

Yesterday, I finally rented a car and drove down to Seattle Pottery Supply, to try to get my brain around slip casting materials. It was… a little overwhelming. After asking a couple of other employees, eventually one lady there, more experienced in slip casting, gave me some pointers to get going. (Sadly, I didn’t catch her name, or I would thank her again here. That said, everyone at SPS was very helpful.)

  • She recommended creating my master sculpt with water-based clay, because the wax and oil from the Monster Clay (that I was going to use) will clog the pores in the plaster mold, causing it to take much longer to soak up the water when casting. Seems like the speed of casting isn’t really a critical thing at this point in my learning (I’ve certainly seen other people on Tiki Central use oil-based clays for this), but I’ll give it a shot. Sculpting with water-based clay seems different enough from the oil-based that I was using, that I suppose I should get used to doing it “the right way.”
    • Reading this the day after, am I supposed to wait until the clay is dry to mold it? Make sure it’s still wet? Forgot to ask this question, and I’m afraid that if the clay is dry, it’s going to stick to the plaster.
  • For this same reason, she recommended against using mold soap on the master positive. Only if there’s a multi-part mold, and then only on the plaster-to-plaster seams. While the mold soap can be washed off to some degree, some will always remain in the plaster pores and cause extended slip casting times.
  • She recommended working in stoneware slip for the tiki mugs, as they will chip less easily than earthenware. She sold me their “Swan” casting slip, which fires at cone 04-6 (I assume that means cone 04 for bisque and cone 6 for glaze (glost?) fire? I should have asked.)
  • She also recommended National Artcraft Co. Casting Rings for determining when to dump the slip from the mold. These rings come in 7 different thicknesses (she recommended #4 for mugs). You set the ring on top of the plaster mold (number side up), just next to the pour hole, and fill the ring with slip. When the button of slip inside the ring becomes leather hard, the mold is ready to dump. She said differences in humidity and plaster density (not to mention moisture from casting multiple items in a row from the same mold) can change the amount of time required for the slip to build to the thickness you desire, so this “button” method is more reliable than setting a timer.
    • Once I get to doing multiple castings at once, she gave me this tip: instead of buying many copies of these $5 casting ring sets, find washers at the hardware store with the same interior diameter, and glue them together to match the height of the ring number I want to pour to. All you basically need is a little ring-shaped dam to keep the test slip on top of the mold.
    • The rings seem to be in roughly 1.5mm increments, with a 14.5mm average interior diameter. (All of the rings are a little sloped so they have a larger diameter at the bottom; the shortest ring has a 14mm inner diameter.) Ring #4 is 6.05mm tall, according to my micrometer. That means two glued-together washers of USS size 1/2″ (which actually have an inside diameter of 9/16″ / 14.29mm) will be close, if a little thin (5.54mm height for two washers). Maybe the glue will make up the difference. 😉
  • I picked a single glaze for the test medallions: Duncan RG722 Sea Glass, which says “fire to cone 5-6”. The sample there showed it coming out as this aqua green sand-tumbled Coke bottle kind of finish, though a bit more glossy. Should look nice on what I have planned for my test medallion. She recommended a fan brush with a rounded ferrule to evenly distribute the glaze, if you’re not doing small areas of different glazes. Water cleanup. “Everything’s water cleanup with clay,” she said.
  • I also grabbed a couple of Kemper sculpting tools, including one with soft rubber tips, which seemed useful for smoothing the edges of relief elements onto a mug/medallion surface. These wood handles are way nicer than the unfinished ones that came in my $10 beginner’s kit from Amazon. I already feel the Kemper lust forming in my heart.
  • For plaster mixing, she recommended a Jiffy Mixer drill attachment, which she said would help prevent air bubbles from getting into the plaster. “Submerge mixer into materials to be mixed before starting motor; shut motor off before allowing mixing unit to reach surface of the mixed materials.”

So, of course, I came home with more clay and plaster and glaze and other assorted tools. I plan to start with some small medallion/pendants first, just to get a feel for the process. Wish me luck!

I’m controlling everything in this project with a Raspberry Pi 2, a system on a chip. Essentially it’s a really tiny Linux computer that you can use for most anything you could use a full-size computer for. It’s just not quite as powerful.

NeoPixels (WS2811)

I was afraid, when I first started this project, that I would need to attach an Arduino to the Pi, to use as a slave to control the LEDs. The Adafruit NeoPixels, that I had picked to light the tiki mug shelves, are very sensitive when it comes to the timing of their communication, so if you’re not sending data to them at just the right speed, they won’t show the colors you want them to show (or maybe they won’t light up at all). The Pi, being a modern multitasking computer, might be busy doing something else, and not be able to communicate to the NeoPixels on the schedule it wants. The Arduino, on the other hand, is a real-time microcontroller, which means it can schedule its communications on a real-time clock and communicate at the required speed all day long.

Thankfully, someone much more clever than I figured out a way to drive NeoPixels consistently from the Pi by combining the Pi’s PWM (pulse-width modulation) module with its DMA (direct memory access) module, so that the NeoPixel data signal can be sent without being interrupted by the Pi’s multitasking operating system. The resulting library, rpi_ws281x, was exactly what I needed, and Adafruit’s tutorial on setting it up is killer.

The only thing that’s different in my setup is that I used a different level shifter chip to get from the 3.3V Pi logic level to the 5V logic needed by the NeoPixels. I used a Sparkfun PCA9306 Level Translator Breakout, which was also quite easy to set up. You just need a reference voltage attached on either side of the breakout, and then connect the data wire to each side, and the voltage gets shifted up or down as necessary. Here’s my circuit layout:

NeoPixel control from RasPi

Anyway — success!

PaleoPixels (WS2801)

Surprisingly, the bigger challenge was getting the pixels I already had hung from the air duct to be controlled by the Pi as well. Those LEDs are controlled by older chips, the WS2801, which use a different communications protocol. It should have been just as easy, but I really started looking in the wrong place, and it led me down this path of trying to deconstruct these really convoluted projects that were doing way more than I needed. I’m sure they’re great for the folks who made them, but man, I was way more confused than I needed to be.

Eventually, my salvation came in realizing that the Pi’s Serial Peripheral Interface bus would be the best place to connect these pixels, and a rough test code file from Adafruit pointed me in the right direction. The test code worked great, but the functions didn’t match up with the NeoPixel functions, so I spent a decent chunk of the afternoon writing a new library for the SW2801 Pixels that I’m calling PaleoPixel. (Because they’re older!) That way, once I load both kinds of pixel strips into my eventual master control program, I can issue the same commands to pixels of either type, and they’ll react the same, even though the underlying hardware is different.

Controlling just the PaleoPixels with the Pi, here’s my circuit:

PaleoPixel (WS2801) control from RasPi

And the latest version of my PaleoPixel code can be found on Github.

The upshot of all of this is now I can get rid of the Arduino entirely, and save both communications overhead and a big chunk of space inside my project box. Now, I just need to control them together… next time!