Installing OS X 10.11 El Capitan inside Parallels Desktop

This is actually surprisingly straightforward, once you know the hoops to jump through.

Essentially there are 4 main things we need to do:

  1. Download El Capitan from the App Store
  2. Prepare an install image
  3. Create a virtual machine
  4. Install El Capitan

So let’s take a look at those, one by one…

Step 1: Download El Capitan from the App Store

Currently you need to be a registered developer. Provided you are, you can download the beta from Apple’s website (this redeems a coupon inside the App Store, so you need to be on a Mac to start the download).

Step 2: Prepare an install image

This section is all command-line stuff, so go fire up (Warning: you’ll need at least 15GB of disk space free to deal with this next section safely… more if you don’t clean up the two temporary images we build along the way)

First up we want to install the iesd Rubygem which provides a nice way to deal with Apple’s InstallESD.dmg files:

sudo gem install iesd

Now we want to use that iesd tool to build a bootable image from the installer we downloaded from the App Store:

iesd -i /Applications/Install\ OS\ X\ 10.11\ Developer\ -o ElCapitan-base.dmg -t BaseSystem

Okay, so that’s built us a read-only (DMG format) bootable image for the installer. At the moment, though, that’s missing the copy of OS X that it actually needs to go and install into your VM. To fix that we need to get a read-write (sparse image format) copy of the image:

hdiutil convert ElCapitan-base.dmg -format UDSP -o ElCapitan.sparseimage

Let’s throw away the read-only version now:

rm ElCapitan-base.dmg

And now we want to mount the disk image so we can add some files into it:

hdiutil mount ElCapitan.sparseimage

We also want to mount the InstallESD.dmg file from inside the installer we downloaded from the App Store, as it has some files we’ll need to copy over:

hdiutil mount /Applications/Install\ OS\ X\ 10.11\ Developer\

Now we want to copy the files from the Install ESD into the writable image we made:

cp /Volumes/OS\ X\ Install\ ESD/BaseSystem.* /Volumes/OS\ X\ Base\ System/

Now we want to eject both of those:

hdiutil detach /Volumes/OS\ X\ Base\ System/
hdiutil detach /Volumes/OS\ X\ Install\ ESD/

And now we need to get it back into that read-only DMG format:

hdiutil convert ElCapitan.sparseimage -format UDZO -o ElCapitan.dmg

And let’s throw away the read-write version to free up disk space:

rm ElCapitan.sparseimage

Step 3: Create a virtual machine

  1. Open Parallels, and press the + button to create a new VM
  2. Install Windows or another OS from a DVD or image file
  3. Continue without a source
  4. When asked what type of OS you’re installing be sure to pick OS X
  5. Tick “Customise settings before installation” and click continue
  6. Go to the Hardware tab, then go to USB & Bluetooth, and turn off USB 3.0 support or the installer will kernel panic during boot
  7. Go to CD/DVD 1 and insert the ElCapitan.dmg file you created
  8. Go to CPU & Memory and make sure you have at least 2048MB of RAM
  9. Go to Video and ensure you have at least 128MB of video RAM

Step 4: Install El Capitan

Okay, now comes the moment of truth: boot the Virtual Machine and you should be presented with a white Apple logo on a black background for a few minutes, followed by the El Capitan installer.

Credit where credit’s due…

This post was originally inspred by this post by TheBressman on Reddit, however that was missing some steps, so I filled in the gaps with info from this blog post by Jacob Tomlinson. Thanks!

OS X Mavericks: restoring my development enviromment

I upgraded to OS X Mavericks last night. It’s great, my Mac is faster, and I’ve not touched a single byte of swap yet, even with a ton of stuff open. But like any OS upgrade, there are some things that are causing my dev environment to work strangely. Here’s how I’m fixing them.

Apache just shows 403 Forbidden for all my sites in ~/Sites

This one’s an easy fix. Open /etc/apache/httpd.conf in your favourite editor. Find <Directory "/Library/WebServer/Documents/"> on line 197 and replace it with <Directory "/Users/your-unix-username/Sites/">.

Alternative solution: If you have multiple users on the same Mac all needing ~/Sites to work, you may need to replace the Directory directive entirely with a <DirectoryMatch "/Users/*/Sites/">, but don’t forget to change out the closing </Directory> for a </DirectoryMatch> too.

Once you’ve made your edits, save the file, and run sudo apachectl restart to make apache pick up the config change.

Git shell integration stopped working

I added these lines to my .bash_profile to get RVM info and Git info in my shell prompt:

# Show RVM gemset and Git branch in Bash prompt
source /usr/share/git-core/
export PS1="\h:\W \u\[\033[01;34m\]\$(~/.rvm/bin/rvm-prompt g)\[\033[00;33m\]\$(__git_ps1 \"(%s)\")\[\033[00m\]\$ "

Now, however, my shell prompt is a bit broken and has an error above each prompt, like this:

-bash: __git_ps1: command not found
piro:~ my-unix-username$

Turns out I don’t have a


file anymore, which is causing the __git_ps1 environment variable to not get set.

But, there does appear to be a copy at /Applications/ so I edited my .bash_profile to and updated the source line with the new path. Not sure it’s such a great idea running it from the /Applications/ path but it’s probably better than copying/symlinking it to /usr/share until I get familiar with The New Way Of Doing Things™.

X11 was no longer installed

Easily fixed, just need to download a fresh copy from

More issues will be posted here as I find/solve them.

My Koobface / Facebook Roadblock experience

I figured I’d write up my experience with the Facebook Roadblock, as it might come in useful for other people who get locked out.

Last night I noticed Adium started spinning away on my dock, unable to connect to one of its configured networks, which turned out to be Facebook. A few minutes later I closed whatever browser tab I had open, and noticed that Facebook tab I had open behind it was showing the “Please login to continue” dialog over my previous session. Clicking the login button took me to something I’d not seen before, the Facebook Roadblock:

The Facebook Roadblock
The Facebook Roadblock

A few minutes of checking the SSL certs, retyping bookmarks, checking for DNS spoofing, and even trying from my iPhone over the 3G data network (which still didn’t work, it instantly logged me out once it loaded and didn’t let me back in), I received an email claiming to be from Facebook. And the headers seemed valid too:

Return-Path: <>
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
X-Spam-Status: No, score=-99.0 required=5.0 tests=AWL,BAYES_50,
Received: from ( [])
  by (Postfix) with ESMTP id CF77B315237
  for <>; Thu, 28 Oct 2010 19:04:33 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha1;; s=201006181024; c=relaxed/relaxed;
  q=dns/txt;; t=1288289073;
Received: from [] ([])
  by (envelope-from <>)
  (ecelerity r(34222M)) with ECSTREAM
  id F6/5B-27367-13BB9CC4; Thu, 28 Oct 2010 11:04:33 -0700
X-Facebook: from zuckmail ([MTI3LjAuMC4x])
  by localhost.localdomain with local (ZuckMail);
Date: Thu, 28 Oct 2010 11:04:33 -0700
To: "Aaron B. Russell" <>
From: Facebook <>
Reply-to: Facebook <>
Subject: Security Warning From Facebook
Message-ID: <9202ff1cbcd06add33c763f96edc88cd@localhost.localdomain>
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
X-Facebook-Notify: roadblock; mailid=333b85fG1e289220G6f8ad57G7b
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"

Dear Aaron B. Russell,

We have detected that your Facebook account is infected with a form of
malware, or virus, called Koobface. You downloaded the virus after
receiving a message from a friend, which invited you to view a video.

To restore your account, please log in to Facebook and follow the
instructions you see there. You can also learn more in our Help Centre at:

Facebook Security Team

Hmm. So I really was locked out. But was I really infected? As I use a Mac, I wondered if I’d been hit by the (supposedly harmless) OSX/Koobface.A virus (Intego Security Memo). But if that was the case, why didn’t VirusBarrier X6 tell me about it? And why didn’t I get the Java applet warning? My mind wandered back a couple of days and I remembered I’d logged in on my Windows 7-based HTPC recently too, so there was a slim chance that I got infected that way.

So off I went to set some scans running. Kaspersky Internet Security finished on the HTPC first due to it’s relatively small HD, but that was clean, which only left my MacBook Pro as a potential candidate for infection. After discovering just how long it takes to scan a 500gb hard disk (more than 8 hours)… VirusBarrier told me that it didn’t find anything on my laptop either.

VirusBarrier says "no virus detected"
VirusBarrier says "no virus detected"

Both Kaspersky Internet Security and VirusBarrier X6 claim to be able to deal with various versions Koobface worm/trojan hybrid, but neither of them picked anything up despite having the latest virus definition updates, so my systems seem to be clean. Having checked my systems meant that I was now “allowed” through the Roadblock (Facebook requires you to certify that you’ve checked your system — that said, it’s only a checkbox to tick and you could easily lie, but if you receive genuine reports that your computer appears to be compromised, it’s better not to chance it), and I went through this sequence of steps…

Facebook give you a few options to prove your identity
Facebook give you a few options to prove your identity
I opted for SMS message verification
I opted for SMS message verification
Facebook then try to educate you about what happened...
Facebook then try to educate you about what happened...
... which is a really good idea (despite showing me Windows screenshots when I'm on a Mac)
... which is a really good idea (though they should detect I'm on a Mac)
... and then they forced me to reset my password (also good!)
... and then they forced me to reset my password (also good!)

And then after a confirmation screen, my account was restored.

So… what the hell happened? Well, from what I can tell my machines are not infected, so either my account was compromised, or it was a false alarm (possibly due to Adium’s frequent reconnects to Facebook Chat, because it drops the connection often). Either way, I think Facebook handled this very well from a security point of view. They also offered me a (Windows-only) 6 month free subscription to McAfee VirusScan Plus on the final confirmation screen, but I skipped that as I’m on a Mac and already use Intego VirusBarrier X6, but it’s good to be offering protection to people who might not be protected.

I’m interested to hear if anyone else has gone through this (especially Mac users), so if you have a similar story to share, please drop me a comment.