Installing Citrix Reciver on Ubuntu 13.04/chrubuntu

I just installed ChrUbuntu on my Acer C7 Chromebook and of course it’s time to install Citrix.

Get the application from the citrix website.
Select the deb format, and in my case the 32bit version.
Open with Ubuntu Software Center
Enter the root password

And we get the old classic “SSL error 61”
SSL error 61

The SSL Error 61, is now easily fixed by copying the certs into the correct directory

sudo cp -v /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/

That was it.

Posted in citrix | 1 Comment

RaspberryPi and the baby Dinosaur

In this Hacker Public Radio episode Ken and his Son hatch a plan to film a Dinosaur egg hatching using fswebcam.

Groeiend Dinosaurus Ei

We had to wait 8 days for a Dinosaur egg to hatch, so we rigged up a RasberryPi with a cheap usb cam to take pictures. This was just before the camera module was releases. However the principle was the same. We positioned the egg in a mixing bowl and placed it on some boxes to give it height. Then we used the handle of a camera stand as a place to clip on a cheap usb camera. We then connected the camera to a RasberryPi.

the camera rig

On the first day we let the light in and you see flickering as the lighting conditions change over the course of the day and the camera adjusts. Peter64 has promised a episode on how to fix this. So we closed the curtains and added an artificial light source as can be seen below.

While we could have used fswebcam to automatically take the pictures, there was a certain satisfaction in seeing the program run every minute. Other than the default rasbian install, we installed fswebcam and screen. The first to take the pictures and the other to allow the script to continue running after we disconnected.

$ cat egg.bash
while true
  nowdate=$(date -u +%Y-%m-%d_%H-%M-%SZ_%A)
  echo ${nowdate}
  fswebcam -r 640x480 \
           -S 15 \ 
           --flip h \
           --jpeg 95 \
           --shadow \
           --title "Dinosaur Hatching" \
           --subtitle "Pádraig Fallon" \
           --info "" \
           --save egg-${nowdate}.jpg
  sleep 1m

That produced a big long list of images, 10886 in total, and it was a “simple” matter to convert them to a mp4 file with ffmpeg. See for more information on encoding for the web in general

ffmpeg -y -r 120 -f image2 -pattern_type glob -i "*.jpg" -b:v 2000k -vcodec libvpx -quality best egg-libvpx.webm


Here’s the finished product:

Hatched Dino

Posted in General, Podcasts | Leave a comment

Preparing your Acer C7 Chromebook to install GNU/Linux

  1. Purchase a Acer C7 Chromebook
  2. Enable developer mode
    • Invoke Recovery mode, you hold down the following keys:
      ESC, first key on the left on the very top row.
      F3/Refresh, fourth key on the very top row
    • Touch the Power button, located just under the left hinge. This will display the prompt “Chrome OS is missing or Damaged Please insert a recovery USB stick.”
    • Press ctrl, the first key on the left on the very bottom row, and D. This will display the prompt “To turn OS verification OFF, press ENTER. Your system will reboot and local data will be cleared. To go, back press ESC.”
    • If you are happy to proceed then press Enter
    • Wait and the system will beep twice. Then the system will go into developer mode which can take 5 minutes. After a reboot you will get the prompt “OS Verification is OFF Press Space to re-enable” followed by two beeps
    • You will be brought back into a new Chrome Install, where you normally select, your language, keyboard, and network.
    • Press and hold the following keys to get a Crosh shell:
      • ctrl, the first key on the left on the very bottom row
      • alt, the key to the left of the space bar
      • F2/Forward (->), third key on the very top row
    • type root to login
    • type the following to enable booting from a USB, booting from the SD will not work
      • crossystem dev_boot_usb=1
      • crossystem dev_boot_legacy=1
      • crossystem dev_boot_signed_only=0
    • type reboot to reboot the system
    • At the “OS verification is OFF” prompt press ctrl, the first key on the left on the very bottom row, and then at the same time the letter U to boot from the USB Stick.

At this stage the simplest option is to install ChrUbuntu (ChrUbuntu: One Script to Rule Them All!). I would recommend doing this even if you are not going to continue to use Ubuntu, as the script takes care of all the nasty partitioning steps for you.

This article is a summary of the information gleaned from the following websites. All credit goes to the maintainers of these sites:

Posted in General | Leave a comment

Checkpoint SSL Network Extender and Fedora19

Due to a change in the way CheckPoint are now rolling out policies, the native snx client and SSL client require different policies. This means that you may be in the situation where you need to run the SSL Network Extender to gain access to the network. This seems to call the native client with the -Z switch.

I was unable to connect even after following this tutorial “Install Oracle Java JDK/JRE 7u25 on Fedora 19/18, CentOS/RHEL 6.4/5.9″ and confirming that java was in fact installed and verified working. It was only when I installed and succeeded in getting it working on CrunchBang Linux, that I released that Fedora is running SeLinux now so seamlessly that I forgot that it is even running.

I tailed the log files and saw messages relating to the snx client

tail -F  /var/log/audit/audit.log /var/log/messages
Aug  7 00:00:00 pc setroubleshoot: SELinux is preventing /usr/bin/snx from using the dac_override capability. For complete SELinux messages. run sealert -l 00000000-0000-0000-0000-000000000000

Running sealert -l 00000000-0000-0000-0000-000000000000 as suggested resulted in the answer

*****  Plugin mozplugger (99.1 confidence) suggests  *************************

If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
# setsebool unconfined_mozilla_plugin_transition 0

Once that was done, SNX worked fine. Be warned that this allows all plugins not just snx.



Posted in snx | Leave a comment

Adjust LCD brightness from the command line

Sometimes I just need to do this.
echo -n 15 > /sys/class/backlight/acpi_video0/brightness

Posted in General | Leave a comment

fix_tags – manipulate ID3 tags and then some…

I would like to introduce you to a tool that you have probably needed or will need some time. It’s called fix_tags and is written by my friend Mr. Dave Morriss, lead developer at Hacker Public Radio. While the tool claims to only change the tags in MP3 and OGG, it also modifies WAV and FLAC without problems as well.

It’s hosted over on the HPR Gitorious site, but if you just want the tool itself just copy the file from here: fix_tags. I saved it in /usr/local/bin/fix_tags, which makes it available to everyone on the system and then changed permissions so that it could execute.

chmod +x /usr/local/bin/fix_tags

It’s written in perl, and has some dependencies on some perl modules which can be installed easily from cpan. Most distributions install cpan by default but for some reason I needed to install it on Fedora. You will also need to install development tools and Perl Documentation if you haven’t already done so.


apt-get install build-essential perl-doc


yum groupinstall "Development Tools" && yum install perl-CPAN perl-Pod-Perldoc

Now that cpan is installed, we need to update it, reload it and then install the perl dependencies. You do this by running the command cpan as root

install CPAN
reload cpan
install Modern::Perl Getopt::Long Pod::Usage Data::Dumper File::stat Date::Manip::Delta Date::Manip::TZ Audio::TagLib

While there is complete help available by typing perldoc fix_tags you can get a good idea of what awaits by typing fix_tags –help

Version 1.2

     fix_tags [ -help ] [-album=ALBUMSTRING] [-artist=ARTISTSTRING]
        [-comment=COMMENTSTRING] [-genre=GENRESTRING] [-title=TITLESTRING]
        [-track=TRACKNUMBER] [-year=YEAR] [-[no]fix_comment] audio_file ...

    -help   Prints a brief help message describing the usage of the program,
            and then exits.

            Sets the album tag to the string defined by the option.

            Sets the artist tag to the string defined by the option.

            Sets the comment tag to the string defined by the option.

            Sets the genre tag to the string defined by the option.

            Sets the title tag to the string defined by the option.

            Sets the track tag to the number defined by the option.

            Sets the year tag to the number defined by the option.

            If selected, causes the comment tag to be edited to remove
            non-graphic characters, newlines and multiple space sequences.

To use the tool just point it at a file and it will show you all the common fields that are of interest.

$ fix_tags 955-The_Loss-Return_to_Litany.mp3
album     : MIND OUT
artist    : Return to Litany
comment   : Attribution-Noncommercial-No Derivative Works 3.0
genre     : 
length    : 00:04:09
title     : The Loss
track     : 0
year      : 2012

As an example you could change the genre by using fix_tags -genre=”” 955-The_Loss-Return_to_Litany.mp3. Resulting in:

$ fix_tags 955-The_Loss-Return_to_Litany.mp3
album     : MIND OUT
artist    : Return to Litany
comment   : Attribution-Noncommercial-No Derivative Works 3.0
genre     :
length    : 00:04:09
title     : The Loss
track     : 0
year      : 2012

An excellent tool from a most Excellent Gentleman.

Posted in General | Leave a comment

hpr1027 :: Migrating away from Google Reader – Feed2Imap

Back in 2012-07-10, I did a Hacker Public Radio episode entitled, “hpr1027 :: Migrating away from Google Reader“. Given the current news that Google is to shut down Reader, I thought I would re-post the episodes show notes here as a reminder. I have been running this IMAP solution on a raspberry PI from my home without issue since then.

Getting a list of my feeds

Google should be credited with the fact that they make exporting very easy to do. Thanks to the work of the team. Who’s stated goal is “Users should be able to control the data they store in any of Google’s products. Our team’s goal is to make it easier to move data in and out.”

For Google Reader this amounts to:

Settings -> Reader Settings -> Import/Export -> OPML

OPML (Outline Processor Markup Language) is an XML format for outlines (defined as “a tree, where each node contains a set of named attributes with string values”). Originally developed by Radio UserLand as a native file format for an outliner application, it has since been adopted for other uses, the most common being to exchange lists of web feeds between web feed aggregators.

From Wikipedia, the free encyclopedia

That’s it. You now have a list of all your feeds we are still faced with the problem of reading/deleting items in one place and having them synchronized everywhere else ? The answer is actually quite obvious.

imap – Internet Message Access Protocol

From Wikipedia, the free encyclopedia

Internet message access protocol (IMAP) is one of the two most prevalent Internet standard protocols for e-mail retrieval, the other being the Post Office Protocol (POP). Virtually all modern e-mail clients and mail servers support both protocols as a means of transferring e-mail messages from a server.

The great news is that there are imap clients everywhere. Microsoft Outlook supports it. Thunderbird, Evolution, Kmail, Claws-Mail all support it. It’s supported on Android, the iPhone, and on Windows Mobile. There are a multitude of web clients. The only problem now was to find a way to get the RSS feeds over to a imap message format. A quick duckduckgo search later lead me to ….


Feed2Imap is an RSS/Atom feed aggregator. After Downloading feeds (over HTTP or HTTPS), it uploads them to a specified folder of an IMAP mail server or copies them to a local maildir. The user can then access the feeds using Mutt, Evolution, Mozilla Thunderbird or even a webmail.

It’s in all the major repositories and I had it up and running in under ten minutes. It keeps it’s settings in a hidden file .feed2imaprc in your home directory. The configuration is simple, four lines per feed.

 - name:
   target: imap://
   include-images: true

The name filed is what will be the feed name and url is the link to the rss feed. The target is the path on the imap account you want to put it to. I used a throw away email account on my own domain with some restrictions on the size so that if I forget to check it won’t affect the rest of my mailboxes.

The line it’s broken into several parts, first is imap:// followed by the imap account user name and password. If your login contains an @ character, replace it with %40. Next is the @ sign followed by your server hostname and then the path. I chose INBOX.Feeds and then a subfolder for every group I had in Google Reader. The only other option I set was to include the images.


I have quite a few feeds now and I did not want to be typing them in by hand. So I wrote a small perl script to convert the opml file into a .feed2imaprc format and it will hopefully get you most of the way. The code is available on ( thanks to Klaatu over at where he covered using Git in the March 31, 2012: Episode 7×13.)

Now setup the imap account on your mail client(s) and once you are happy run feed2imap and you should see the items beginning to appear. I set it to run every two hours at 14 minutes past the hour by adding the following line to my cron tab.

14 */2 * * * /usr/bin/feed2imap >/dev/null 2>&1


Posted in General | 1 Comment

rsync: mkstemp “…” failed: No such file or directory (2)

For the third time the disk in bay 4 of my Iomega StorCenter ix4-200d, failed, and finally the good folks at Iomega/Ems/Lenova sent me a brand new ix4-300d. As far as I can see it’s the same thing but with some bug fixes, more bling and a lot of cloud™.


I’ve been relying on rsync as the backbone of my backup solutions for years and so naturally I was going to use rsync to copy the data from the old nas box to my new one. So I set up the new NAS, then set up rsync in a screen session on my desktop and walked away.

The following day a quick comparison showed a 3GB difference between the source and destination. When I re-ran the rsync, I was suddenly faced with loads of error messages from the un-synced files that I had not noticed before.

rsync: mkstemp “/new/path/to/files/some:file.txt” failed: No such file or directory (2)

Searches on the web threw up information which to be honest didn’t help a lot and didn’t give a concrete explanation for what is going wrong. So left to my own I decided that the problem probably wasn’t rsync and that it was trying to tell me what was wrong. The searches on the internet suggested that the issue was related to file/directory permissions. I confirmed that this wasn’t the case and was able to create files on the old and new nas without problem. These files were even synced when I reran rsync.

So then the problem must be the files themselves. This was worrying as this meant that 3G of my files may be corrupt but keeping a cool head I had a look at the files themselves and then it hit me. All the file names contained characters outside the nice clean [0-9A-Za-z] range, and then I had a look at the type of mount and I noticed the source (old nas) is mounted over NFS while the destination (new nas) is mounted over CIFS. Looking at the list of error files, it became obvious that all the files contained reserved characters that are not acceptable on CIFS/Windows file systems. So the simple solution was to disable the default CIFS share and setup NFS shares and use those. Sure enough a few minutes later rsync was copying the files without issue.

The moral of the story is “read the screen” the only problem is that sometimes it’s difficult to interpret what it’s saying. So instead of focusing on No such file or directory (2), I needed to look at rsync: mkstemp “/new/path/to/files/some:file:with:colon:in:the:name.txt” failed: and ask why is it failing.

Posted in General | 4 Comments

Citrix on linux

I have a series on Citrix and while support is getting better, they do tend to change things. For example the location of the binary binary binary binary.

They have also moved the location of the application from /usr/lib/ICAClient to /opt/Citrix/ICAClient, a more unix like move.

The famous SSL error 61

SSL error 61

The SSL Error 61, is now easily fixed by copying the certs into the correct directory

cp -v /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/
Posted in citrix | Leave a comment

Checkpont SNX on Ubuntu 11.10 (oneiric)

It’s time for Ubuntu 11.10 and the obligatory how to get Checkpoint SSL extender VPN (SNX) working under it.

The first step is to get your username, password and ip address or host name of your snx server from your local administrator. Once you do that you can login and then press the settings link. This will give you a link to the various different clients. In our case we are looking for the “Download installation for Linux” link. Download that and then run it with the following command.

# sh +x
Installation successfull

This is the 64 bit version and I’m installing a 32 bit application, so you’ll need to install the 32 bit libraries and the older version of libstdc if you haven’t all ready.

# uname -p
# aptitude install ia32-libs libstdc++5

Now let’s check that the required libraries are loaded.

# ldd /usr/bin/snx | grep "not found" => not found

This is a new one so a quick check on Google found the answer in of all places the Citrix forum.

Combining the post from Stuart Johnston, and Israel Diaz you get:

# wget 
# mkdir tmp
# dpkg -x libpam0g_1.1.3-7ubuntu2_i386.deb tmp
# cd tmp/lib/i386-linux-gnu/
# cp /lib/i386-linux-gnu
# cd /lib/i386-linux-gnu
# ln -s
# ldd /usr/bin/snx 

You should now be able to type snx without errors. You only now need to accept the VPN Certificate by loging in via the command line and press “Y”.

user@pc:~$ snx -s my-checkpoint-server -u username
Check Point's Linux SNX
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: my-checkpoint-server VPN Certificate
Do you accept? [y]es/[N]o:

Finally you should be able to use the client and login.

Posted in snx | 5 Comments