Checkpont SNX on Ubuntu 14.04 LTS (Trusty Tahr)

I have released an updated version for Ubuntu 15.04 Vivid Vervet

Life has conspired to bring me back to the open arms of Kubuntu and with a new install comes the required update on getting Checkpont Firewall AKA SNX working. This is part of the snx series here.

The first step remains the same and is to get your username, password and ip address or host name of your snx server from your local administrator. Once you do that you can login and then press the settings link. This will give you a link to the various different clients. In our case we are looking for the “Download installation for Linux” link. Download that and then run it with the following command.

# sh +x
Installation successfull

If you run this now you will get the error

snx: error while loading shared libraries: cannot open shared object file: No such file or directory

We can check if the required libraries are loaded.

# ldd /usr/bin/snx | grep "not found" => not found => not found

This is the 64 bit version and I’m installing a 32 bit application, so you’ll need to install the 32 bit libraries and the older version of libstdc if you haven’t all ready. The old trick of simply installing ia32-libs will no longer work since MultArch support has been added. Now the command is simply

apt-get install libstdc++5:i386 libpam0g:i386

You should now be able to type snx without errors. You only now need to accept the VPN Certificate by loging in via the command line and press “Y”.

user@pc:~$ snx -s my-checkpoint-server -u username
Check Point's Linux SNX
build 800007075
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: my-checkpoint-server VPN Certificate
Do you accept? [y]es/[N]o:

Note the build number of 800007075. I had difficulties connecting with any other version lower than this.

Posted in General, snx | 14 Comments

XPath and namespace

When your XSLT/Xpath search is not giving the desired results always check the namespace of the element you are using.

EDIT For some reason spammers find this post delightful so I’m turning off comments on this one.

Posted in General | Comments Off on XPath and namespace

The engineering uses of hair tie

Quick Engineering tip: Get yourself a bag of black elastic hair ties. Since my Daughters have grown their hair, I have been exposed to this brilliant piece of engineering. Useful as removable cable ties, a makeshift spring, … think springy duck tape. The applications are endless.

A collection of elastic ties.

Get the smooth ones

Posted in General | Leave a comment

ORCA Fundraiser and the HPR New Year Show

During this years third annual Hacker Public Radio 26 Hour New Year show we will be discussing the ongoing work on the Orca project.

The orca Screen Reader is a free, open source, flexible, and extensible screen reader that provides access to the graphical desktop via user-customizable combinations of speech and/or braille. Written in python, it provides a way for blind, low vision, dyslexic, etc. people to do all the things we all take for granted. Filing taxes, checking when the next bus is leaving, or simply earning a living.

The problem is that while this program is so essential to so many peoples lives it has only one (1) developer, Joanmarie Diggs of Igalia open source consultancy.

We’re going to fix that.


We’re going to raise $100,000 to hire two full time contractors to fix all the outstanding bugs  tracked by Orca.


We’re going to find programmers and have them work on this either full time or part time, to continue to improve Accessibility in:

  • Orca
  • Speech Dispatcher
  • Thunderbird
  • Gecko
  • Evolution
  • LibreOffice
  • Java (and its Atk Wrapper)
  • GnuCash
  • AbiWord
  • Audacity
  • and any other apps and toolkits that need help


We’re going to raise the profile of Accessible Computing in every software project so that support is included from the start, contributing documentation, putting people in touch with advisors, telling our friends that Orca and Sonar exists, recording new voices, and generally making Orca not just better but, ten times better

So please spread the word, on social networks #FundOrca, contact every celebrity, entrepreneur, or personality you know. Please support this campaign.


Edit: Updated to add developer information as per Stomme poes, comments below.
Edit2: Updated to add comments by Joanmarie Diggs.

Posted in General | 2 Comments

Installing Citrix Reciver on Ubuntu 13.04/chrubuntu

I just installed ChrUbuntu on my Acer C7 Chromebook and of course it’s time to install Citrix.

Get the application from the citrix website.
Select the deb format, and in my case the 32bit version.
Open with Ubuntu Software Center
Enter the root password

And we get the old classic “SSL error 61”
SSL error 61

The SSL Error 61, is now easily fixed by copying the certs into the correct directory

sudo cp -v /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/

That was it.

Posted in citrix | 1 Comment

RaspberryPi and the baby Dinosaur

In this Hacker Public Radio episode Ken and his Son hatch a plan to film a Dinosaur egg hatching using fswebcam.

Groeiend Dinosaurus Ei

We had to wait 8 days for a Dinosaur egg to hatch, so we rigged up a RasberryPi with a cheap usb cam to take pictures. This was just before the camera module was releases. However the principle was the same. We positioned the egg in a mixing bowl and placed it on some boxes to give it height. Then we used the handle of a camera stand as a place to clip on a cheap usb camera. We then connected the camera to a RasberryPi.

the camera rig

On the first day we let the light in and you see flickering as the lighting conditions change over the course of the day and the camera adjusts. Peter64 has promised a episode on how to fix this. So we closed the curtains and added an artificial light source as can be seen below.

While we could have used fswebcam to automatically take the pictures, there was a certain satisfaction in seeing the program run every minute. Other than the default rasbian install, we installed fswebcam and screen. The first to take the pictures and the other to allow the script to continue running after we disconnected.

$ cat egg.bash
while true
  nowdate=$(date -u +%Y-%m-%d_%H-%M-%SZ_%A)
  echo ${nowdate}
  fswebcam -r 640x480 \
           -S 15 \ 
           --flip h \
           --jpeg 95 \
           --shadow \
           --title "Dinosaur Hatching" \
           --subtitle "Pádraig Fallon" \
           --info "" \
           --save egg-${nowdate}.jpg
  sleep 1m

That produced a big long list of images, 10886 in total, and it was a “simple” matter to convert them to a mp4 file with ffmpeg. See for more information on encoding for the web in general

ffmpeg -y -r 120 -f image2 -pattern_type glob -i "*.jpg" -b:v 2000k -vcodec libvpx -quality best egg-libvpx.webm


Here’s the finished product:

Hatched Dino

Posted in General, Podcasts | Leave a comment

Preparing your Acer C7 Chromebook to install GNU/Linux

  1. Purchase a Acer C7 Chromebook
  2. Enable developer mode
    • Invoke Recovery mode, you hold down the following keys:
      ESC, first key on the left on the very top row.
      F3/Refresh, fourth key on the very top row
    • Touch the Power button, located just under the left hinge. This will display the prompt “Chrome OS is missing or Damaged Please insert a recovery USB stick.”
    • Press ctrl, the first key on the left on the very bottom row, and D. This will display the prompt “To turn OS verification OFF, press ENTER. Your system will reboot and local data will be cleared. To go, back press ESC.”
    • If you are happy to proceed then press Enter
    • Wait and the system will beep twice. Then the system will go into developer mode which can take 5 minutes. After a reboot you will get the prompt “OS Verification is OFF Press Space to re-enable” followed by two beeps
    • You will be brought back into a new Chrome Install, where you normally select, your language, keyboard, and network.
    • Press and hold the following keys to get a Crosh shell:
      • ctrl, the first key on the left on the very bottom row
      • alt, the key to the left of the space bar
      • F2/Forward (->), third key on the very top row
    • type root to login
    • type the following to enable booting from a USB, booting from the SD will not work
      • crossystem dev_boot_usb=1
      • crossystem dev_boot_legacy=1
      • crossystem dev_boot_signed_only=0
    • type reboot to reboot the system
    • At the “OS verification is OFF” prompt press ctrl, the first key on the left on the very bottom row, and then at the same time the letter U to boot from the USB Stick.

At this stage the simplest option is to install ChrUbuntu (ChrUbuntu: One Script to Rule Them All!). I would recommend doing this even if you are not going to continue to use Ubuntu, as the script takes care of all the nasty partitioning steps for you.

This article is a summary of the information gleaned from the following websites. All credit goes to the maintainers of these sites:

Posted in General | Leave a comment

Checkpoint SSL Network Extender and Fedora19

Due to a change in the way CheckPoint are now rolling out policies, the native snx client and SSL client require different policies. This means that you may be in the situation where you need to run the SSL Network Extender to gain access to the network. This seems to call the native client with the -Z switch.

I was unable to connect even after following this tutorial “Install Oracle Java JDK/JRE 7u25 on Fedora 19/18, CentOS/RHEL 6.4/5.9″ and confirming that java was in fact installed and verified working. It was only when I installed and succeeded in getting it working on CrunchBang Linux, that I released that Fedora is running SeLinux now so seamlessly that I forgot that it is even running.

I tailed the log files and saw messages relating to the snx client

tail -F  /var/log/audit/audit.log /var/log/messages
Aug  7 00:00:00 pc setroubleshoot: SELinux is preventing /usr/bin/snx from using the dac_override capability. For complete SELinux messages. run sealert -l 00000000-0000-0000-0000-000000000000

Running sealert -l 00000000-0000-0000-0000-000000000000 as suggested resulted in the answer

*****  Plugin mozplugger (99.1 confidence) suggests  *************************

If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
# setsebool unconfined_mozilla_plugin_transition 0

Once that was done, SNX worked fine. Be warned that this allows all plugins not just snx.



Posted in snx | Leave a comment

Adjust LCD brightness from the command line

Sometimes I just need to do this.
echo -n 15 > /sys/class/backlight/acpi_video0/brightness

Posted in General | Leave a comment

fix_tags – manipulate ID3 tags and then some…

I would like to introduce you to a tool that you have probably needed or will need some time. It’s called fix_tags and is written by my friend Mr. Dave Morriss, lead developer at Hacker Public Radio. While the tool claims to only change the tags in MP3 and OGG, it also modifies WAV and FLAC without problems as well.

It’s hosted over on the HPR Gitorious site, but if you just want the tool itself just copy the file from here: fix_tags. I saved it in /usr/local/bin/fix_tags, which makes it available to everyone on the system and then changed permissions so that it could execute.

chmod +x /usr/local/bin/fix_tags

It’s written in perl, and has some dependencies on some perl modules which can be installed easily from cpan. Most distributions install cpan by default but for some reason I needed to install it on Fedora. You will also need to install development tools and Perl Documentation if you haven’t already done so.


apt-get install build-essential perl-doc


yum groupinstall "Development Tools" && yum install perl-CPAN perl-Pod-Perldoc

Now that cpan is installed, we need to update it, reload it and then install the perl dependencies. You do this by running the command cpan as root

install CPAN
reload cpan
install Modern::Perl Getopt::Long Pod::Usage Data::Dumper File::stat Date::Manip::Delta Date::Manip::TZ Audio::TagLib

While there is complete help available by typing perldoc fix_tags you can get a good idea of what awaits by typing fix_tags –help

Version 1.2

     fix_tags [ -help ] [-album=ALBUMSTRING] [-artist=ARTISTSTRING]
        [-comment=COMMENTSTRING] [-genre=GENRESTRING] [-title=TITLESTRING]
        [-track=TRACKNUMBER] [-year=YEAR] [-[no]fix_comment] audio_file ...

    -help   Prints a brief help message describing the usage of the program,
            and then exits.

            Sets the album tag to the string defined by the option.

            Sets the artist tag to the string defined by the option.

            Sets the comment tag to the string defined by the option.

            Sets the genre tag to the string defined by the option.

            Sets the title tag to the string defined by the option.

            Sets the track tag to the number defined by the option.

            Sets the year tag to the number defined by the option.

            If selected, causes the comment tag to be edited to remove
            non-graphic characters, newlines and multiple space sequences.

To use the tool just point it at a file and it will show you all the common fields that are of interest.

$ fix_tags 955-The_Loss-Return_to_Litany.mp3
album     : MIND OUT
artist    : Return to Litany
comment   : Attribution-Noncommercial-No Derivative Works 3.0
genre     : 
length    : 00:04:09
title     : The Loss
track     : 0
year      : 2012

As an example you could change the genre by using fix_tags -genre=”” 955-The_Loss-Return_to_Litany.mp3. Resulting in:

$ fix_tags 955-The_Loss-Return_to_Litany.mp3
album     : MIND OUT
artist    : Return to Litany
comment   : Attribution-Noncommercial-No Derivative Works 3.0
genre     :
length    : 00:04:09
title     : The Loss
track     : 0
year      : 2012

An excellent tool from a most Excellent Gentleman.

Posted in General | Leave a comment