Converting WMA/MP3 and SWF/MP4 using FFMPEG

Using Apple MAC OSX to convert WMA to MP3

  • in terminal app, install brew, run: ruby -e “$(curl -fsSL” < /dev/null 2> /dev/null
  • in terminal app, run “brew install ffmpeg”
  • then you can run a command such as “ffmpeg -i input.wma -q:a 0 output.mp3” to convert a file called input.wma to output.mp3
  • if you have all the WMA files in the same directory/folder, you can create a script that will convert them all in one go
  • save the 6 lines below into a text file in the same directory as the WMA files e.g., called the file my_converter
  • make the script executable with the command “chmod 700 my_converter”
  • run the script with the command “./my_converter” (without the double-quotes)
  • you can change the 128k to something like 192k or smaller/bigger depending on the quality you want to MP3 to have
  • the 44100 frequency can also be increased to something like 48000 if you want
  • Below is the script (assumes all the source files are in the same directory)

echo WMA to mp3 converter! Work begins!
for FILE in *.wma; do
echo -e “Processing file ‘$FILE'”;
ffmpeg -i “${FILE}” -vn -ab 128k -ar 44100 -y “${FILE%.wma}.mp3”;

Convert Flash SWF to MP4 using Linux

– Install ffmpeg (CentOS 7)
$ sudo yum install epel-release
$ sudo yum localinstall –nogpgcheck
$ sudo yum install ffmpeg ffmpeg-devel

– Below is the script (assumes all the source files are in the same directory)

echo SWF to MP4 converter! Work begins!
for FILE in *.swf; do
echo -e “Processing file ‘$FILE'”;
ffmpeg -i “${FILE}” “${FILE}.mp4”;

NOTE: the conversion didn’t work out.

– Then I found some reference to using SWFtools and Gnash

git clone git://
sudo yum install -y agg-devel boost-devel SDL-devel GConf2-devel expat expat-devel libjpeg-devel speex-devel fontconfig-devel giflib-devel dejagnu curl-devel haxe

cd gnash/
./configure –enable-renderer=agg –enable-gui=dump –disable-menus –enable-media=ffmpeg –disable-jemalloc
sudo make install

NOTE: the conversions didn’t work properly, but old Firefox versions such as 47 can play the flash files. You can find Firefox 47 portable with flash on the Internet.
Just download it, run it, and choose “File -> Open File …” from the Firefox menu (ALT+F) and select the flash file
do not use this browser for regular browsing since it is hold and likely hackable 🙂

The Elfin Princess

Into the same tavern walked the elfin princess;
Wielder of magic;
Third in line to the throne of Frigga;
Here as an ambassador of peace

From her very lips I heard she suffered a loss
Her head still held high and her back straight
But from time to time you see the pain fleet across her face
Under her hoodie and her hair, are ears that hear a butterfly flap its wings a mile away

I have been asked the color of her eyes
I do not know for I fear to look too closely
I might look too deep or too long and be lost forever

Alcohol affects not one of her race
She can down a stein just as well as a thousand
But for mere mortals sake, a cup or two would do

What lives in her little purse?
A potion?
An elixir?
An army?  
A bow?
Some arrows?
A portal?

She’s fine of form and stature
Be not deceived,
Her strength is neither in her arms nor legs
With her mind, she will make you kneel

Her magic attracts all and sundry:
It makes the flowers grow;
The heart light;
The grass green;
The heavens weep on the farmer’s crops 

Her name is Jayde;
Princess Jayde;
Elfin princess;
Wielder of magic;
Third in line to the throne of Frigga;
Here as an ambassador of peace 

For Latara … 2021

2 Corinthians 4:16-18: “So we do not lose heart. Though our outer self is wasting away, our inner self is being renewed day by day. For this light momentary affliction is preparing for us an eternal weight of glory beyond all comparison, as we look not to the things that are seen but to the things that are unseen. For the things that are seen are transient, but the things that are unseen are eternal.”

Make me laugh

How or where do I start? If I have a dollar for every lady’s dating profile I have come across where the condition that takes pride of place is “make me laugh”, I would be a millionaire. Yes, I do a lot of “swiping”. I am told it’s a game of numbers. 

I was chatting with a friend one day, and she started laughing because I just had my thumb swiping right without looking at the screen. If I do match with someone I am not interested in, I could always “unmatch”. Of course, there have been some cringe-worthy moments when (even though my profile is configured as “interested in women” only) I find myself matched with a guy. Those are the times I swiftly find the unmatch button! I am not homophobic, but I am only interested in women. Most of these occurrences are with either Bi or gay guys who have probably set their profile to match both sexes or just guys. 

Back to the subject, the following is my opinion at the time of writing this piece and I reserve the right to change it at any time. 

I think it is time women realize the simple requirement of “make me laugh” is likely a huge contributing factor to the proliferation of single baby mamas. Lots of guys have the skill to laugh all the way into your pants, and laugh all the way out, leaving you with a baby to raise by yourself while chasing them around for child support. 

I know a lady under 30 with five kids (not all the same father) who’s still look for a “good man to make her laugh”. You would think after 5 kids, it would be clear to her that the “make me laugh” kitsch is not “working” for her.  Maybe she needs someone to hit her over the head with a dirty diaper.

Yes, lots of guys who will “make you laugh” have no sense of responsibility for anything other than themselves – some don’t even have that. The scales only fall from your eyes when it’s too late – when there’s one or more kids involved. Then with some, the abuse starts, and the lady is wondering why the guy changed. No, he didn’t change. Your primary requirement was “make me laugh” and that’s easy when the only responsibility was still to take you out to dinner, parties, clubs, exploring. 

I watch a lot of true crime shows, and it’s no longer surprising to me the number of women killed by their partners (compare 62% of women killed by their partners who are mostly men to just 5% of men killed by their partners who are mostly women). It’s a vicious circle. Single baby mamas raise these boys with no father figures to teach them how to be a man and have respect for themselves and others. All the learning they have done is from their peers and the neighborhood older “bad” boys with no discernible direction in life beyond making the next quick buck. Who would have made several trips to jail by the time they are out of their teenage years and it’s all downhill from there. They in turn produce single baby mamas and the cycle continues. Producing these boys and men who won’t or can’t take no. The famous cliche “if I can’t have you, then no one else” repeats itself over and over again. 

You are in your early twenties and already saddled with a kid or more. No, it’s not because you or the other party changed. It’s because you were too young; it’s because you didn’t see beyond the “make me laugh”, it’s because you didn’t see beyond the exciting trips and partying when it was just the two of you; it’s because you think you are “grown” at 18; it’s because you got your first car at 16 making you believe you are independent and mature; it’s because you made your “own money” from working part-time at some eatery. It’s because you started dating at 14. It’s because some parents and guardians that should know better, in the name of equality, believe that if boys can run wild, they can let girls do to. But boys don’t get pregnant. Boys don’t carry a living being in their bellies for 9 months, so it’s easy for them not to have an attachment to the little screaming bundle that keeps you up at night. **

Women need to be taught to have a higher standard than “make me laugh.”

Of course, I may just be bitter that I am single because I can’t make anyone laugh.

– – – – – – – – – – – – – – – – – – – Finito – – – – – – – – – – – – – – – – – – – –

** I am simplifying the scope of the problem of course. Other factors such as abuse, trauma, drugs, etc also come into play. 

Building Microsoft CBL-Mariner (Linux) ISO

NOTE: I was able to build the ISO on Ubuntu 20.04 as the work platform (I got lots of errors with Ubuntu 18.04)

The only guide that worked for me is: but I made some changes to the procedure (i.e., I built CBL-Mariner instead of CBL-MarinerDemo)

root@ub2004:/wip# add-apt-repository ppa:longsleep/golang-backports
root@ub2004:/wip# apt-get update
root@ub2004:/wip# apt -y install -y make tar wget curl rpm qemu-utils golang-1.15-go genisoimage python-minimal bison gawk
root@ub2004:/wip# apt -y install pigz
root@ub2004:/wip# ln -vsf /usr/lib/go-1.15/bin/go /usr/bin/go
root@ub2004:/wip# curl -fsSL -o
root@ub2004:/wip# sh
root@ub2004:/wip# usermod -aG docker $USER

root@ub2004:/wip# git clone
root@ub2004:/wip# pushd CBL-Mariner/toolkit
root@ub2004:/wip/CBL-Mariner/toolkit# git checkout 1.0-stable
root@ub2004:/wip/CBL-Mariner/toolkit# make package-toolkit REBUILD_TOOLS=y
root@ub2004:/wip/CBL-Mariner/toolkit# cd ..
root@ub2004:/wip/CBL-Mariner# cp out/toolkit-1.0.20210722.0141-x86_64.tar.gz .
root@ub2004:/wip/CBL-Mariner# tar -xzvf toolkit-*.tar.gz
root@ub2004:/wip/CBL-Mariner# cd toolkit/
root@ub2004:/wip/CBL-Mariner/toolkit# make iso REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/full.json

root@ub2004:/wip/CBL-Mariner/toolkit# du -sh /wip/CBL-Mariner/out/images/full/full-1.0.20210722.0200.iso

678M /wip/CBL-Mariner/out/images/full/full-1.0.20210722.0200.iso

I was able to install the ISO on VirtualBox.

You can follow the steps on this page to install the output ISO on VirtualBox:

VMWare OVFTools required to build OVA CBL-mariner images (VHDX, OVA/VMDK)

– download 64-bit Linux VMWare-tools from
# chmod a+x VMware-ovftool-4.4.1-16812187-lin.x86_64.bundle
# ./VMware-ovftool-4.4.1-16812187-lin.x86_64.bundle
(NOTE: “./VMware-ovftool-4.4.1-16812187-lin.x86_64.bundle –uninstall-product vmware-ovftool” to uninstall)

– # make image REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/core-ova.json
(builds OVA, VMDK, and VMX files in CBL-Mariner/out/images/ )

– # make image REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/core-efi.json
(builds a 381MB VHDX file in CBL-Mariner/out/images/core-efi/ )

NOTE: in the VMDK file, the password field for the root user in the /etc/shadow file is set to <NULL>. Which meant that after creating a VM with the VMDK, I couldn’t login after I booted up the CBL-Mariner. I had to slave the VMDK to another VM, in order to manually change the <NULL> to the encrypted value of a known password. Alternatively, you can use the VMware disk tool to mount the VMDK after generating it on the Ubuntu instance, and edited the /etc/shadow file. On the other hand, the username and password for the CBLMarinerDemo is mariner_user  and p@ssw0rd

Thou shalt know thy neighbors

No, I do not mean camping outside their house or becoming a nuisance. But go out of your way if necessary to say hello regularly. 

To the subject of this article, I was reading about a recent incident where a lady was attacked in her house (by an ex or so) and she made it out, and all the way to a neighbor’s house where she screamed and knocked on the door around 3am or so. 

The neighbor heard the scream, turned over, and went back to sleep. 

In the morning he discovered blood streaks on his door. The attacker apparently trailed the lady and dragged her back to her house and finished the job. 

From the neighbor’s comment you can sense he was a little sad he didn’t get up, but from the way he referred to the lady, I wouldn’t even suggest they were acquaintances. 

Now, this is all conjecture after the fact so we can never be sure of what difference it would have made if any to the subsequent events that took place. But it is possible the neighbor heard the scream, and his brain subconsciously goes something like: (1) no one is breaking into my house, (2) I didn’t hear my name, (3) I don’t really know anyone in this neighborhood, (4) it’s not my business, (5) go back to sleep. 

Now consider the difference it might have made if for example the victim had regularly greeted this neighbor (at a minimum), or gone a step further and had known the neighbor’s name, and instead of just screaming, had screamed the neighbor’s actual name out in her distress.  The neighbor’s brain might instead have gone: (1) no one is breaking into my house, (2) was that my name I heard? (3) sounds like that lady a few houses down the street that always says hello, (4) I better get up and make sure she’s not in trouble. 

So yes, we have the extreme at one end where neighbors become busybodies, and the other extreme where even though we are just yards apart we might as well have been on different continents. We need to find a middle ground. The typical African and possibly other cultures (which for some reason appears to have a correlation with third world nations) almost never have a neighbor who is a stranger. Whereas the independence (and huge personal space) that an affluent lifestyle associated with first world nations have over time created the opposite – strangers that may have dwelled next to each other for years or decades. 

I am also guilty of the same thing. I have new neighbors on two sides. To the neighbors at the back, I did say hi once, to which they responded but it didn’t go beyond that. I do not know their names. On one side is a new Hispanic family to which I do not even believe we have ever exchanged greetings. Part of the reason of course is that we all literally arrive at home and disappear inside our various houses. 

This lack of connection does not bode well for a neighbor getting into trouble and expecting some help from those around. Yes, people will call the police if the disturbance is obvious or loud enough, but in general refuse to really “engage”. They may step out when the neighborhood is flooded in “blue” with their lights flashing, but usually by then the damage is already done, whereas maybe even a neighbor putting on their floodlights and stepping outside during the incident itself (not saying they put themselves in danger) may cause an attacker to cease long enough to make a difference to the outcome. 

Ultimately, lack of familiarity makes our response impersonal. We literally fail to respond, or do the minimum possible. I always try to imagine when driving if someone cuts me off for example, that the person is an acquaintance at a minimum. That literally prevents me from having any angry thoughts that might escalate to road rage. For example, say you recognize the car, what are you likely to do? You might smile, pull level with the other car, wind down your window, get their attention, and say something like “you clown! You just cut me off!” with a smile on your face and in your voice. To which the other party (also recognizing you) might respond with a smile and a wave acknowledging you in return. Even on a bad day where you are completely frustrated, you would still likely not react angrily if you recognize the other car. In fact it may completely change your mood for the better. 

But when we have no personal connection with another party, our default response is nonchalance at a minimum, suspicious, or aggressive at the other end of the scale. 

It also makes me wonder what difference it might have made to some of the suicide cases in the news regularly. Take some of the well-known celebrities that have committed suicide. They seem happy, have many friends, have every material thing their heart desires, appear well adjusted, then their suicide seems to happen out of the blues. Now I am not talking of the celebrity friends they have, that they only meet on the red carpet or at exclusive parties; nor the celebrity friends living in the same zip code each behind their 10-foot electrified-fence mansions (nothing wrong with having a mansion), but instead say they have a run-of-the-mill neighbor (who would also be rich but not necessarily a celebrity) who says a genuine hello from time to time. Maybe the person with suicidal tendencies may have come across the neighbor on the faithful day and that “hello” might be all it takes to make a difference. 

So make some effort to know your neighbors. Respect their privacy of course. The line maybe subtle but a greeting here and there hurts no one. An invitation to a house party or a kid’s birthday party (if they also have children) may taw the ice or foster some familiarity or help know where that line is where the neighbor is comfortable interacting over. For example, if they appear uninterested or gruff, don’t take it personal, still say hello wherever your paths cross. You can never be sure what difference you might be making in their lives as well as yours. 

7:30pm Hogle Zoo, SLC, Utah. 

Timeout with the Raspberry Pi 2

There is a website called EstateSales ( ) where you can bid for all sorts of stuff (new, used, etc.) and I believe they have a presence in most US states if not the larger cities.

I bidded on a Raspberry Pi 2 (status not tested) and got it for $2. If I add the gas to drive to the pickup location and back, maybe the total would come to about $8. I then bought a USB WiFi card for $4 on Ebay since the Pi 2 does not come with a WiFi inbuilt chip on the board.

Below are my notes from the “experience”:

– – – – This section is only if you can’t get the Pi on the network via its Ethernet interface – – –

– My first issue was that the Pi came with a HDMI port for which I didn’t have the cable, but fortunately my German friend left a Monitor with a VGA-to-HDMI cable attached. I connected it to the Pi as well as a USB keyboard and powered the Pi using its USB port connected to a USB port on my desktop PC.

– Second issue was that I didn’t know the password of the pi user since it was pre-owned so I had to intercept the boot process (the splash screen says to press the SHIFT key), append “init=/bin/bash” to the “kernel” line, and then issue a “mount -o rw,remount /” followed by a password reset for the pi and root users.
– – – – – – – – – – – – – – – – – – – – – –

– Connect through a console (HDMI Monitor and USB keyboard). If you decide not to get a WiFi card and you don’t want to attach the Pi via an Ethernet cable to your router, you can do the following to get access to the Pi from a Windows PC that you have connected to it via its Ethernet port (I couldn’t get it to access the Internet via ICS for some reason).
– Set ethernet interface eth0 to dhcp in /etc/network/interfaces
– Connect it to a Windows PC via an ethernet cable
– Configure ICS on say the WIFI interface of the Windows PC with the Ethernet as the “home network” (ICS then pops-up the message that it will assign to the Ethernet interface on the PC)
– Run “arp -a” on the Windows PC and look for all IPs in the 192.168.137.x (one of them will be the IP assigned to the raspberry by ICS)
– The interface on this specific Pi has the MAC address b8-27-eb-90-b3-30 which is also visible in the “arp -a” output
– SSH to the Pi IP address and login with the root or pi user

– NOTE: ping the broadcast IP of the IP address assigned to the Windows Ethernet interface may help get the MAC/IP assigned to the Raspberry Pi to show up in the output of the “arp -a” command e.g., “ping”

– NOTE: if you can’t get the Pi to be assigned an IP address via ICS, do the following:

  1. Make sure ICS service is running on the Windows PC (restart it if necessary)
  2. Disable ICS on the NIC that is being shared via ICS (e.g., the WiFi NIC) then re-enable ICS

NOTE: watch out for the SD card on which the O/S is installed. It is very easy to eject it without noticing – if you are on the console, you will see it start to display “read errors” on the SD card and essentially stops working. If you are just attempting to boot up the Pi, it won’t boot at all since the O/S is on the SD card.

Issue three: The much older kernel on the Pi (I think it was 3.18 from year 2016) did not have drivers for the Ralink WiFi (USB) card I got off E-Bay. I was able to upgrade the O/S to a 4.19 kernel, but later decided I would just install a completely new Pi distribution by using the Windows Raspberry Pi Imager (there is a version for Ubuntu as well). The Imager prompts to select a O/S distro/version and the target Storage (I inserted the SD card into my Windows laptop using a Micro SD Adapter) and it will then download the selected image and (over)write it to the the SD card so backup its contents first if you need them.
The latest version as at 05/26/2021 is the 1.1GB Raspberry Pi OS (32-bit) released 2021-03-04 (includes the Pi Desktop).
There is also a 0.4GB Raspberry Pi OS Lite (32-bit) with no desktop environment released on the same date (2021-03-04)

– In order to access the instance via SSH, you need to enable the SSH service first:
sudo systemctl enable ssh
sudo systemctl start ssh

– I decided to configure the Pi to boot into multi-user mode (CLI with network services) instead of graphical mode which will consume more system resources:
sudo systemctl set-default multi-user

My particular Ralink WiFI USB card had the MAC address 00:E0:2D:90:70:34
Sample network interface file content:

– Configure the WiFI network you intend the system to join in the file /etc/wpa_supplicant/wpa_supplicant.conf :

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev


– Configure the network interfaces in the file /etc/network/interfaces

source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

alow-hotplug wlan0
auto wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

auto eth0
iface eth0 inet dhcp

– Reconfigure the WiFI start the card:
sudo wpa_cli -i wlan0 reconfigure
sudo ifdown wlan0
sudo ifup wlan0

– Restart the networking service if necessary:
sudo systemctl restart networking

– Troubleshooting: To scan and check WiFI networks, use the command “sudo iwlist wlan0 scan” and check the essid field. This field should be the same as what you entered in the ssid field in the /etc/wpa_supplicant/wpa_supplicant.conf file .

root@raspberrypi:~# lsusb
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp.
Bus 001 Device 004: ID 1c4f:0002 SiGma Micro Keyboard TRACER Gamma Ivory
Bus 001 Device 005: ID 0bda:c811 Realtek Semiconductor Corp. <—- needs drivers
Bus 001 Device 006: ID 148f:7601 Ralink Technology, Corp. <—- supported out of the box by the 2021-03-04 distro

Just for fun: I also had a Realtek WiFi USB card as well that is normally connected to my Windows Desktop PC so I can avoid using an Ethernet cable to connect it to the Internet router which is somewhere else in the house. You can see it is detected from the output of the “lsusb” command above but the Pi OS did not have in-built drivers for it. You can install the drivers as follows:

sudo wget -O /usr/bin/install-wifi
sudo chmod +x /usr/bin/install-wifi
sudo /usr/bin/install-wifi
(this script detects the card, downloads and install the appropriate driver and configures the card. In this case, it downloaded the driver file 8821cu-5.10.17-1403.tar.gz)

– Some Links (lots of commands related to setting up networking on the Pi) (drivers for Realtek cards) (where I got the reference to the install-wifi script)

Pi 2 with the WiFI USB card

Using Let’s encrypt SSL certificates

Letsencrypt certificates are only valid for 90 days so you have to continually renew them.

  1. Install Certbot/Letsencrypt on a Linux system where we will be generating the certificates for our website (the install command below actually installs a “certbot” package):
    sudo yum install -y
    sudo yum install -y
    sudo yum install -y letsencrypt

  2. Generate the certificate (command):
$ sudo su -
# cd /etc/letsencrypt/ && certbot certonly -d ',*' --manual

– NOTE: the certbot command prompts you to create a DNS TXT record (you MUST do this before pressing the Enter key to continue!!)

Please deploy a DNS TXT record under the name with the following value:


Before continuing, verify the record is deployed.

2b. In cPanel, use “Zone Editor” in the “Domains” section to add the TXT record (e.g., with the displayed value (e.g., obLL0Cludw4VpwXJuMG0AFlRryUbdb0ozHiNrgAvqx8)

2c. In the Linux session, press the Enter key to continue

2d. You are prompted to create a file on your webserver (or website). You MUST do so before pressing the ENTER key to continue:

Create a file containing just this data:


And make it available on your web server at this URL:

2e. In cPanel, use the “File Editor” in the “Files” section to create the indicated file with the indicated content e.g., (vxp4GyEKqvkniMdE_20XCR2RpPiPPjfvhAqgAtC-8Hk.vrNHNIC3FVyuv2kJU8JcnmZK_lfarmjV_FDWrtWY1wc)

  • the file is in directory /home2/itayemi/public_html/.well-known/acme-challenge/
  • use the “+File” link to the top left of the “File Manager” page to add the new file
  • then click on the file, and select the “Edit” button to edit the file to add the content,
  • then click the “Save Changes” button, then the “Close” button


2f. In the Linux session, press the Enter key to continue, the process will complete and display the certificate details e.g.:

  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your certificate will expire on 2021-09-11. To obtain a new or
    tweaked version of this certificate in the future, simply run
    certbot again. To non-interactively renew all of your
    certificates, run “certbot renew”

for each domain/FQDN, select “Update Certificate” link under the “Actions” column, populate the “Certificate: (CRT)” textbox with the content of the file /etc/letsencrypt/live/ on the Linux system, and populate the “Private Key (KEY)” field with the content of the file /etc/letsencrypt/live/, then click the “Install Certificate” button.



  • Set up a local instance of Apache (httpd) webserver to be able to renew the certificates (since I don’t have direct file-system access to the actual web-server where my site is hosted unless I login via cPanel, this allows me to automate renewal of the certificate “locally”, then manually copy it to my actual site’s cPanel configuration). This is a one-time activity.
    $ sudo yum install -y httpd
    $ sudo yum install -y python2-certbot-apache
    $ sudo systemctl enable httpd
    $ sudo systemctl start httpd
  • Add a line to /etc/hosts so that all utilities know to point to “localhost” as the webserver for
  • Run the command “sudo egrep -e ‘^User|^Group’ /etc/httpd/conf/httpd.conf” to know the User and Group the webserver is running as (e.g., “User apache” and “Group apache” – to be used in the next step)
  • Create the directory and files for
    sudo mkdir -p /var/www/
    sudo chown -R apache:apache /var/www/
    sudo chmod -R 755 /var/www/
    sudo echo “” > /var/www/
  • Create a “VirtualHost” for on the local Apache Server (e.g., create file /etc/httpd/conf.d/ containing the following lines):
<VirtualHost *:443>
   SSLEngine on
   SSLCertificateFile /etc/pki/tls/certs/localhost.crt
   SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
   DocumentRoot /var/www/
<VirtualHost *:80>
   SSLEngine on
   SSLCertificateFile /etc/pki/tls/certs/localhost.crt
   SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
   DocumentRoot /var/www/
  • Restart the HTTPD server:
    $ sudo systemctl restart httpd

  • Install a root crontab entry to renew the certificates every 90-days (2:45AM on the 25th day of March,June,September, and December):

# sudo crontab -l
# autorenew certificates for * which should generate new
# valid certificates every 3 months. Note that I still have to login
# to cpanel and update the CRT and Private key fields of each
# defined FQDN with the new certificate generated by certbot
#i.e., cert.pem and privkey.pem
45 2 25 3,6,9,12 * cd /etc/letsencrypt/ && certbot certonly --force-renewal -d ',*' --apache -n

  • INSTALLING THE LETSENCRYPT Certificate in cPanel (repeat every 3 months when the certificate expires):
  • Copy the updated files /etc/letsencrypt/live/ and /etc/letsencrypt/live/ from the local server
  • Login to (Client Area) -> Select “Services” -> “My Services” from the menu
  • Click on the “Status” button to the right of the target service e.g.,
  • Expand the “Actions” menu (left-side of page) and click on “Login to cPanel”
  • In cPanel, select “SSL/TLS” (under the “Security” section)
  • For each listed FQDNs/certificate row, select the “Update Certificate” link under the “Actions” column; populate the “Certificate: (CRT)” textbox with the content of the file /etc/letsencrypt/live/ on the Linux system, and populate the “Private Key (KEY)” field with the content of the file /etc/letsencrypt/live/, then click the “Install Certificate” button.

Installing Mac OSX 10.15 Catalina on HP EliteBook Folio 9740m

Installing Mac OSX 10.15 Catalina on HP EliteBook Folio 9740m

You need to create the Installation USB on a Mac (real or a VM).
You can find VM images for Mac OSX suitable for use with Oracle VirtualBox or VMWare Workstation on the Internet. In this research, I used the Mac OSX 10.13 High Sierra VM deployed on VirtualBox to create the Installation USB for Mac OSX Catalina (I had instability issues when I tried to use the Mojave/Catalina VMs). Please remember to follow the instructions associated with deploying the VM on VirtualBox/Workstation – e.g., there are “vboxmanage” commands you need to run otherwise the VM will be stuck in a continuous reboot loop.
Also I found out the hard way that the latest VirtualBox (6.1.4-136177) crashed my Windows laptop on which I deployed the Mac OSX VM consistently once I started the VM. I then tried the older VirtualBox version 6.0.18-136238 and that worked with no issues. Also note that on Linux, you must register the VM (“vboxmanage registervm “) before running the other vboxmanage commands specified in the procedure for deploying the VM. You also need to add the Linux user you are running VirtualBox as to the Linux group vboxusers otherwise you will not be able to attach a USB drive to the VM. Remmeber to install the VirtualBox extension pack as well.

  • Login to the mac OSX VM
  • Download “macoS Catalina Patcher” utility abd use it to download the macOS catalina installation files from Apple
  • Download
  • The instructions for running it to create the boot installation USB are on the same page. There is also an English walk-through video at
  • Summary:
    – run the “Gatekeeper” app (it is in the HP-ProBook-EliteBook-Package-Creator directory after you decompress the downloaded zip file);
    – run the Packager (needs Internet access) to create the “Create Install Media HP Laptop” app; attach a (minimum size 16GB) USB drive to the MAC oSX VM;
    – run the “Create Install Media HP Laptop” app which launches disk utility app where you need to erase the whole USB drive with “Format” set to “Mac OSX Extended (Journaled)”, “Scheme” set to “GUID Partition Map”.
    – once erase is completed, exit the disk utility and you will get a drive list from which you select the drive you just erased/formatted;
    – you then get a dialog box asking you to select the location of your “Install macOS” (either “10.9 to 10.12” OR “ 10.15”), then browse to where you downloaded the installation files and select the “Install macOS Catalina” installer; the HP Probook/EliteBook creator app will then copy files to the USB;
    – once completed, it will automatically launch the “Clover EFI” installation app, click the “continue” button, change the installation location to the USB drive that was just created (likely named “Install macOS Catalina”), click on the “Customize” button, the relevant selections for my laptop are below, then click “Install” button:

-> Install Clover in the ESP
-> Drivers off
-> Boot Sectors -> Install boot0af in MBR
-> Clover for BIOS (legacy) booting -> Clover EFI 64-bits SATA
-> BIOS Drivers, 64 bit -> Recommended drivers (all)
                                     -> File System drivers (all)
-> UEFI Drivers -> Recommended drivers (all)
                          -> File System drivers -> apfs, Fat, HFSPlus
                          -> Memory fix drivers -> OsxAptioFixDrv
                          -> Additional drivers -> OsxFatBinaryDrv, PartitionDxe
-> Themes (select all)
-> Drivers Kext -> FakeSMC, VoodooPS2Controller

  • Once done, copy the Gatekeeeper application and the HP-ProBook-EliteBook-macOS.pkg post-installation package to the USB drive volume “Install macOS Catalina”
  • Eject the USB drive and plug it to your target HP laptop
  • Power on your target laptop, press ESC key to interrupt the boot process, press F10 to enter BIOS setup – make the changes recommended on the “HP ProBook EliteBook Package Creator” web page then save and exit. For my laptop, the BIOS settings are: Deactivate Fast Boot, deactivate “SecureBoot”, set “Boot Mode” to “UEFI Hybrid (With CSM)”, deactivate LAN switching, deactivate Wake On LAN and Wake on USB, “SATA Device Mode” to “AHCI”, disable firewire/IEEE1394, disable “Trusted Execution Technology (TXT)”
  • Boot the target HP laptop with the USB drive, use disk utility to erase the laptop’s disk – if you only see volumes and not the disk devices, select “View -> Show All Devices” from the Disk Utility menu (if planning to multiboot, use disk utility to create all the partitions you need – in my example I erased the HDD using “GUID Partition Map” scheme, then created 3 partitions: OSXHDD, LINUXOS, WINOS. I set all the non-OSX partitions set to type ExFAT), install the macOS Catalina to your newly formatted OSX volume.
  • When completed, reboot with the USB in place, once started from the USB, select the option to boot from the OSX disk you just installed Catalina to – the install will continue – when it reboots again, select the option to boot from the OSX disk again, it may reboot again, select the OSX disk again, it will then boot to the GUI to complete the setup – go through the setup wizard to complete the configuration and create your login user account.
  • At the desktop, open the USB install drive (should be named “Install macOS Catalina”), copy the Gatekeeper and HP-ProBook-EliteBook-macOS.pkg to your Desktop.
  • Run gatekeeper and choose “Disable” to allow you to run software from any source
  • Run the Post-Installer “HP-ProBook-EliteBook-macOS.pkg”, change the installation target location to your laptop disk, select the customize button, and select all the options necessary for your specific laptop (see video on the creator web page), and complete the clover installation. My customized selection were as follows:

        -> HP Laptop Clover V2.5K r5103
                  -> 7 series macOS 10.12>10.15 -> Elitebook 9x70m
                  -> Intel HD 3000/4000 Graphics -> Intel HD 4000 -> Low screen 1366×768
                  -> HDMI -> HDMI Low screen
                  -> Fan Patch -> FanSmooth
        -> SSDT Generator
        -> Airport WIFI Fix -> AirportBrcmFixup (for Broadcom or Atheros for Atheros card)
        -> Bluetooth
        -> HWMonitor
        -> Applications

  • DO NOT reboot the laptop yet otherwise you will get kernel panics and it will be stuck in a loading/panic/reboot loop.
  • Open Terminal app:

# sudo su -
# mount -o rw /
# mkdir /tmp/efi
# df -h
# mount -t msdos /dev/disk0s1 /tmp/efi (*see note below)
# cd /tmp/efi/EFI/CLOVER/ACPI/patched/
# rm DSDT.dsl DSDT.aml SSDT.aml origin.dsl

Note: the EFI partition on the HDD may already be mounted (usually under /Volumes/ESP) so this mount command will throw a “Resource busy” error. If it is already mounted as /Volumes/ESP then you should “cd /Volumes/ESP/EFI/CLOVER/ACPI/patched/ ” in order to delete the files indicated above.

  • Edit /tmp/efi/EFI/CLOVER/config.plist and set the DefaultVolume to your OSX volume name, and the ScreenResolution key to your actual resolution (1366×768 for my laptop) if necessary.

# cd /
# diskutil umount /tmp/efi

Fix Sound: To get sound to work properly (AppleALC kext that comes with the post installer enables the headphone jack but not the in-built speaker), you need to use the VoodHDA kext:

  • Download VoodooHDA 2.9.2 install package from
  • Unzip the downloaded file and open/run the package
  • Click the Continue button (x3), agree to the license terms, then click the Customize button -> Expand “VoodooHDA Clover UEFI/ESP” -> Select “macOS Catalina” -> “Install”

Eject the USB install drive, and reboot your “Mac” laptop, it should come up with WiFI, LAN, SD card, and Sound fully functional.

NOTE: the SSDT.aml was responsible was responsible for the continuous reboot “memory panic stackshot succeeded …” kernel panic that made my laptop continuously reboot. The only file you should have in the EFI/CLOVER/ACPI/patched/ directory in the EFI partition on your boot volume is the SSDT-FIXCAT.aml

Bootloader Setup: The easiest way to use CLOVER bootloader is to mount the EFI partition and copy EFI\CLOVER\CLOVERX64.efi to EFI/Boot/BOOTX64.efi (yes, overwrite BOOTX64.efi if prompted). Note that if you are multi-booting and you installed Windows or Linux after installing Mac OSX, you may need to repeat the copy again afterwards if you still want to use CLOVER bootloader. Alternatively, you may setup your laptop (BIOS) to use CLOVER by setting up the BIOS: System Configuration -> Boot Options -> Define Customized Boot Option -> Add -> enter “EFI\CLOVER\CLOVERX64.efi” -> in “UEFI Boot Order” (Move “Customized Boot to the top position) -> Save -> Exit. If you choose this alternative option, you should delete any other file that is in EFI/Boot/ directory.

Fun stuff: You can cast sound or video or your laptop desktop to a recent TV such as the Samsung series 8 that supports AirPlay. If I select my TV, I am prompted for the Airplay code which is displayed on my TV. You can even decide whether to just mirror your desktop to the TV or use the TV as a second screen (“As Separate Display”)!

Other: In Microsoft Windows, to mount the EFI partition on a O/S disk, run “mountvol <driveletter>: /s” from any admin cmd.exe session. To mount the EFI partition on a USB drive, run “mountvol” which will list all available volume, you can then run “mountvol <driveletter>: <\\?\volume-name-as-displayed-in-mountvol-output>”

Disclaimer: if you like Mac OSX buy a real Mac. This is for educational research purposes only.

Acknowledgement: chris1111


Vampire Diaries

For some reason I cannot donate blood. Back in 2017 I volunteered but was turned down because I hadn’t been in the country long enough and my last country of residence was Nigeria which is known for malaria.

Fast forward some 2.5 years and I got a notice from the Red Cross that I can now donate blood. In January the Red Cross had a blood donation drive in my office. Three different people attempted to draw blood from both arms. Lucky that I am not squeamish or afraid of needles because the needle they used looked humongous compared to a regular hypodermic needle. After poking both my arms several times without getting any blood to flow into the tube talk-less of the bag, they finally gave up. I joking asked the lady if she’s sure I am alive.

Another 2 months passes and I got another call that they need blood and every “whole blood” (as opposed to plasma for example) donation can potentially help three people. I signed up again and drove to the center the following morning at 10 AM (a Saturday). We basically repeated the same “show” from two months earlier. The youngest person on staff (and I suspect the most junior had a go first). In and out, left and right the needle went, she’s sure she’s in the vein but no blood comes out. She got a little blood into the tube but that was all. Finally she calls her colleague who she says is very good. He too starts on the same arm. I mentioned the January issue and he kind of laughed it off stating they probably just weren’t good enough to make it happen. After a while, his younger colleague suggested he may want to try my other arm as the vein seems to be more “hydrated”

So he switched to the other arm and repeated the same process. Finally he gave up and called the most experienced staff there who I think was the leader as well. She comes and repeats the same process and actually got the flood flowing slowly through the tube but she says at that rate, the device will time out.

I asked if she had any idea what was going on and she said while she’s not certain, it maybe that my platelets are overly aggressive and once the needle goes in, they react and start blocking the ingress point – basically clotting. The lady suggested that if I really wanted to help, seems it appears I can’t donated blood, I could donate my time in other ways such as welcoming people and ensuring they sign in properly when they arrive to donate blood.

I am going to give it one more try and after that if they still can’t get blood out of my veins, I may likely have them take my name off their list.