Scripts based on your network location

I recorded an episode of HPR about a script that I wrote to make my life a little easier. The show is hpr1654 :: Using AS numbers to identify where you are on the Internet if you want to listen along.

My “itch”

I have a laptop and I want it to use different configurations depending on where I am. If I’m on wifi at home, I don’t want my NAS mounted, but if I’m on a wired connection I do. If I’m at work I want to connect to various servers there. If I’m in the train I want to setup a vpn tunnel. You get the idea.

My solution to this was to approach it from the laptop and go out. So to look around and see what network I was on. There are a few ways to approach this, you could look at your IP address, the arp tables, try and ping a known server in each location. The issue with looking at an IP address is that most networks use Private Networks. Very soon you will find that the wifi coffee shop happens to have picked the same range as you use at home and now your laptop is trying to backup to their cash register.

To get around this I tried other solutions such as looking at the MAC address of the default gateway using IP Route and Arp, but that requires a lot of maintenance as devices change a lot.
$ arp -n | grep $(/sbin/ip route | awk '/default/ { print $3 }') | awk '{print $3}'

The next option was to try and ping known servers, but that resulted in a lot of delays as the pings will by definition need to time out, as you run down the list of possible places you are.

Then I was thinking that I’m approaching this problem from the wrong angle. Why not start with my public IP address range, which has to be unique, and work back from there to my laptop. There are a lot of services out there that provide look up services. Some I have used in the past are

Now even Google gives back your IP address if you type in “my ip address” into the search bar. Rather than using those services I just set up a small php file on my own server that returns the public IP address of your connection. So even if your home and coffee shop happen to have the same range, they will have different public IP address ranges.

print "$ip";

From there I was planning on maintaining a look-up table of public IP addresses, along the lines of the GeoIP tools developed by MaxMind. They provide the GeoLite Country and GeoLite City databases under a OPEN DATA LICENSE, which looks to me like a modified Apache License (IANAL). They provide a C library under the LGPL.

For those not familiar with Geolocation based on IP address, it’s the technology that maps your Public IP address to a physical location. This is what blocks the BBC iplayer website outside of the UK, or presents a cookie warning within the EU, or stops everyone else in the world watching US TV websites. For most applications the location is very coarse, based on information from the regional Internet registries. Once you get past country level you need to start investing serious money to get the data and so you can expect to pay for the more granular information.

The more detailed you get the more concerned you need to be about privacy. The location for most peoples home connection is mapped to the location of their Internet Providers head office. After checking my ip address location on, of the six databases queried four put me in the head office of my ISP, one had the right town and another had me the other side of the country. So for a website that needs to perform an action based on the country of origin IP address it is quite useful but for my personal use case, it wasn’t going to help me a lot.

# geoiplookup
GeoIP Country Edition: US, United States

That was until I ran the exact same command on Fedora.

# geoiplookup
GeoIP Country Edition: US, United States
GeoIP ASNum Edition: AS15169 Google Inc.

The first line is the same but what’s this about ASNum ? It’s not mentioned in the man page, but suffice to say they are very, very important for how the Internet works.

From WikiPedia: Autonomous System (Internet)

ISP must have an officially registered autonomous system number (ASN). A unique ASN is allocated to each AS for use in BGP routing. AS numbers are important because the ASN uniquely identifies each network on the Internet.

So what that is saying is that every network in the Inter(connected)Net(work), must have it’s own unique AS Number. So my home ISP will have a different AS Number, from my local coffee shop, from my office network, etc. It actually goes even further than that. Say you have the same provider for your home Internet and mobile Internet. Even though they might be using the same ranges for all their networks, they will more than likely route between the private networks using public IP Addresses, and that means different, unique AS Number. Your mileage may vary on this, but for me it works out very well indeed.

It’s already installed on Fedora (yum install GeoIP), so to install the application on Debian/Ubuntu type:
aptitude install geoip-bin

This will drop the IPv4 (GeoIP.dat)and IPv6 (GeoIPv6.dat) databases into the directory /usr/share/GeoIP/. Your package manager will not update the databases for you, although there is a Fedora package GeoIP-update* to schedule a cron job it only updates the GeoLiteCity.dat file. Here is the script I use to update all the databases:
# vi /usr/local/bin/geoip-update.bash

Paste in the following code:

for database in
  wget "$database" -O - | gunzip -c > /usr/share/GeoIP/$(basename "$database" .gz)

Make the script executable
# chmod +x /usr/local/bin/geoip-update.bash

Then run it and check that you have new files in /usr/share/GeoIP to be sure it works. Finally all that’s left to do is to install it into cron. (Thanks James Wald)

# Minute   Hour   Day of Month       Month          Day of Week        Command
# (0-59)  (0-23)     (1-31)    (1-12 or Jan-Dec)  (0-6 or Sun-Sat)
    0      12          *             *                Mon              /usr/local/bin/geoip-update.bash > /tmp/geoip-update.bash 2>&1

I have modified my mapping script so that it combines the location and the connection type. It first does a quick check to see if there is an Internet connection and will time out after 2 seconds.

wget --timeout=2 -O -

I already have this file on my server for remote monitoring, so it makes sense to reuse it. The file contains the word “success” and if that is not returned then you don’t have any Internet connection. My server could also be down but that would be a bigger problem for me at least.

The next part gets the Public IP Address and then uses it to find the AS Number

geoiplookup "" | awk '/GeoIP ASNum Edition/ {print $4}'

So that’s all I need to find out my position on the Internet, but I also want to know what type of connection I’m using. For example, when I use a usb network theathering connection to my phone it displays as a wired connection when in fact it should be “wireless”. Once I have found both the location and the connection type, I then combine them with an underscore, and use a case statement to run the different commands.

Here is a finalized script:


result="$(wget --timeout=2 -O - 2>/dev/null)"
if [ "${result}" != "success" ]
  echo "No connection to found"
  exit 1
  myip="$(wget --timeout=2 -O - 2>/dev/null)"
  asnum=$(geoiplookup "${myip}" | grep 'GeoIP ASNum Edition: ' | awk '{print $4}' )
  case "${asnum}" in
      echo "No location found for AS Number \"${asnum}\""
      exit 2
  interface=$(route | awk '/default/ {print $(NF)}')

if [ "$( iwconfig 2>&1 ${interface} | grep 'ESSID' | wc -l )" -eq 1 ] || [ $(echo ${interface} | grep ppp | wc -l ) -eq 1 ]
  essid=$( iwconfig 2>&1 ${interface} | awk -F '"' '{print $2}')

echo "Connection Found: $myip $asnum $location $interface $type $essid"

case "${location}_${type}" in
    echo "Work Network"
    echo "Work Wireless Network"
    echo "Mobile Network"
    echo "Home Wired Network"
    echo "Home Wireless Network"
    echo "No custom configuration applied"
Posted in General, Podcasts | Leave a comment

Installing Citrix on Fedora 21

Time moves on. Distros move on, and so again it’s time to install Citrix Receiver for Linux. They have moved on to version 13.1, which fixes a lot of install bugs in the Ubuntu version. Unfortunately that seems to be at the cost of the RPM version which is no longer available. In this post we will be installing it on Fedora 21 which is still in beta.

Get the software Receiver for Linux 13.1 and look for For 64-bit Systems (assuming you have a 64 -bit system).

uname -p
-p, –processor print the processor type or “unknown”
$ uname -p

Then look for File Type: .tar.gz and download it. As root move it to somewhere like /usr/local/src/citrix/. Make sure you create a new directory as it is a tarbomb. Then extract it using the following command:

tar xvf linuxx64-

You can install it using the command:

# ./setupwfc 
Citrix Receiver for Linux 13.1.0 setup.

Copyright 1996-2014 Citrix Systems, Inc. All rights reserved.
Copyright (c) 1986-1997 RSA Security, Inc. All rights reserved.
This software uses libraries from the FFmpeg project under the LGPLv2.1

Citrix, Independent Computing Architecture (ICA), Program Neighborhood,
MetaFrame, and MetaFrame XP are registered trademarks and Citrix Receiver,
Citrix XenApp, XenDesktop, Citrix Presentation Server, Citrix Access Suite,
and SpeedScreen are trademarks of Citrix Systems, Inc. in the United States
and other countries.

Microsoft, MS, MS-DOS, Outlook, Windows, Windows NT, and BackOffice are
either registered trademarks or trademarks of Microsoft Corporation in
the United States and other countries.

All other Trade Names referred to are the Servicemark, Trademark,
or Registered Trademark of the respective manufacturers.

Select a setup option:

 1. Install Citrix Receiver for Linux 13.1.0
 2. Remove Citrix Receiver for Linux 13.1.0
 3. Quit Citrix Receiver for Linux 13.1.0 setup

Enter option number 1-3 [1]: 1

Please enter the directory in which Citrix Receiver for Linux is to be installed.
[default /opt/Citrix/ICAClient] 
or type "quit" to abandon the installation: 

The parent directory /opt/Citrix does not exist.
Do you want to create it? [default y]: y

You have chosen to install Citrix Receiver for Linux 13.1.0 in /opt/Citrix/ICAClient.

Proceed with installation? [default n]: y

Installation proceeding...

Checking available disk space ...

        Disk space available 230130076 K 
        Disk space required 35519 K

Continuing ...
Creating directory /opt/Citrix/ICAClient
Core package...
Setting file permissions...
Integrating with browsers...
Browsers found.

Integration complete.
Do you want to integrate Citrix Receiver with KDE and GNOME? [default y]: y
Do you want GStreamer to use the plugin from this client? [default y]: 
Do you want to install USB support? [default n]: n
USB support not installed.

Select a setup option:

 1. Install Citrix Receiver for Linux 13.1.0
 2. Remove Citrix Receiver for Linux 13.1.0
 3. Quit Citrix Receiver for Linux 13.1.0 setup

Enter option number 1-3 [3]: 3
Quitting Citrix Receiver for Linux 13.1.0 setup.

Unfortunately we are not out of the woods yet, as a quick check shows that we are missing some dependencies.

# ldd /opt/Citrix/ICAClient/wfica | grep -i "not found" => not found => not found => not found => not found

Fortunately with the excellent yum installer we can just point to the missing files and it will install the required packages.

yum install

Once you log in to your companies web page and launch citrix you get a popup asking you to accept the license.
Screenshot of the EULA

Citrix ships with a very small number of CA Root Certs. Therefore the chance is quite high that you will be presented with a signed cert from a CA provider that they do not have the root certificate for. If your server has signed their SSL/TSL cert with a missing root certificate you will be presented with the “SSL error 61” message that we have come to know and love.

SSL Error

At this point I normally suggested using the certs from Firefox, but in the version of Firefox (32.0.2) shipped with Fedora 21 Beta, the root Certs are no longer kept as files on the disk. The error message actually tells you which one you are missing, in my case “Global Sign Root CA”. Now go to Firefox and open Edit > Preferences > Advanced > Certificates > View Certificates > Authorities, where you will be presented with a long list of Authorities.
GlobalSign-AlphaSSLCA-G2.pem from Firefox

Scroll down to the Authority that issued your cert and starting at the top, export them one by one and save them to /opt/Citrix/ICAClient/keystore/cacerts/. I needed to save them in my own Downloads folder, and from there I moved them to the folder as root adding the pem extension.

mv -v /home/user/AlphaSSLCA-G2 /opt/Citrix/ICAClient/keystore/cacerts/GlobalSign-AlphaSSLCA-G2.pem

For me it turned out to be the third one and once I had it installed I was able to open the applications on my companies citrix web page. One improvement is that there is no warning about missing languages.

Posted in citrix, General | 22 Comments

Setting the default document folder/directory in the KDE Kate Text Editor

By default Kate is trying to open and save files starting in the ~/Documents folder. While this may be convenient for some, I’d like to change it. Try as I might I couldn’t find this option in the configuration of Kate. I remember this was an option, and it was removed. Then it was a command line option but kate –help-all shows it as been removed.

The only I found to change this is via KDE > System Settings > Account Details > Paths > Document Path:

Changing that to your desired directory works fine.

Posted in General | Leave a comment

Speeding up Speech with mplayer

Mplayer is a fantastic media player and I have been using it as the default tool to play both music and speech for years now.

One of it’s lesser known features is the ability to speed up or slow down whatever it’s playing. Not very useful for music but very handy if you are listening to speech. In some cases you may wish to speed up podcasts, to get more enjoyment in. In other cases you may want to slow down a recording so that you can transcribe the text. For people with Dyslexia this is very empowering as it gives them control over the rate of input.

You can use the {, [, backspace, ], }, keys to control the speed.

  • { key will slow down by 50% of the current rate
  • [ key will slow down by 10% of the current rate
  • Backspace will return the speed to normal
  • ] key will speed up 10% of the current rate
  • } key will speed up by 50% of the current rate
  • 9 key will decrease the volume
  • 0 key will increase the volume

I strongly recommend taking some time to review the keyboard controls in the manpage.

By default mplayer will not maintain pitch when you change the speed. So if you speed it up the speaker starts to sound like a chipmunk, and if you slow it down female voices start to sound like male voices.

You can change this by starting mplayer with the switch -af scaletempo

You can change this quickly by creating an alias

alias mplayer='mplayer -af scaletempo'

A more permanent way to set this is to configure your mplayer configuration file. Simply add the following in the “# audio settings #” section


See the Configuration Files section in the man page for more information.

The system-wide configuration file ‘mplayer.conf’ is in your configuration directory (e.g. /etc/mplayer or /usr/local/etc/mplayer), the user specific one is ~/.mplayer/config. User specific options override system-wide options and options given on the command line override either.

Posted in Accessibility, General | Leave a comment

Installing Citrix Reciver on Ubuntu 14.04 LTS (Trusty Tahr)

EDIT: See comment below from Martin about the new version, where the fixes are applied. Get it here:

An update on installing the Citrix Reciver on Ubuntu 14.04 LTS (Trusty Tahr) as part of the Citrix series.

Get the application from the citrix website.
Select the deb format, and in my case the 64bit version.

Do not try and install this file as it will not work.

I only discovered this after I tried and failed to install it via the qapt-deb-installer. Dropping to the command line and installing dpkg failed as well but at least there was more information available.

# dpkg -i icaclient_13.0.0.256735_amd64.deb
Selecting previously unselected package icaclient.
(Reading database ... 143453 files and directories currently installed.)
Preparing to unpack icaclient_13.0.0.256735_amd64.deb ...
Unpacking icaclient ( ...
dpkg: dependency problems prevent configuration of icaclient:
 icaclient depends on libc6-i386 (>= 2.7-1); however:
 Package libc6-i386 is not installed.
 icaclient depends on ia32-libs; however:
 Package ia32-libs is not installed.
 icaclient depends on lib32z1; however:
 Package lib32z1 is not installed.
 icaclient depends on lib32asound2; however:
 Package lib32asound2 is not installed.
 icaclient depends on nspluginwrapper; however:
 Package nspluginwrapper is not installed.

dpkg: error processing package icaclient (--install):
 dependency problems - leaving unconfigured
Processing triggers for desktop-file-utils (0.22-1ubuntu1) ...
Processing triggers for mime-support (3.54ubuntu1) ...
Errors were encountered while processing:

At this point we have installed the software but there are still dependency issues. Normally running apt-get -f install would fix the problem. In this case the only option is to remove the icaclient package and I also had to run apt-get autoremove to get rid of unnecessary dependencies it installed.

After my experience with installing snx, I knew that the 32bit packages were removed after the move to MultiArch support. So I ducked around for a solution only to find this on the Citrix site “Installation Errors with Receiver for Linux 13.0 on Ubuntu 13.10 x64“, which details the problem and the fix. The fix is to essentially go in and edit the deb package to fix the dependency issues. The also provide a workaround to address the “SSL error 61”.

Here is the resolution they suggest:

The following resolution allows using Receiver for Web for authentication, enumeration and launch of the applications and desktops, as the aforementioned bug causes self-service UI to not work.

  1. Install the dependencies libmotif4:i386 nspluginwrapper lib32z1 libc6-i386 by executing the following command:
    sudo apt-get install libmotif4:i386 nspluginwrapper lib32z1 libc6-i386
  2. Get the official Citrix Receiver 13.0 .deb from:

    Note: Download from “For 64-bit Systems” section. The download popup may not work in Chrome, use Firefox.

  3. Fix the broken .deb package.
    You can fix it using the following commands:

    cd ~/Downloads
    mkdir ica_temp
    dpkg-deb -x icaclient_13.0.0.256735_amd64.deb ica_temp
    dpkg-deb --control icaclient_13.0.0.256735_amd64.deb ica_temp/DEBIAN
    sudo vi ica_temp/DEBIAN/control
    Change the line that starts with "Depends: ..." to:
    Depends: libc6-i386 (>= 2.7-1), lib32z1, nspluginwrapper
    Now rebuild the package: dpkg -b ica_temp icaclient-modified.deb
  4. Install the fixed package:
    sudo dpkg -i icaclient-modified.deb

    This installation may throw the following error:

    dpkg: error processing icaclient (–install):
    subprocess installed post-installation script returned error exit status 2
    Errors were encountered while processing icaclient

    This can be resolved by changing line 2648 in /var/lib/dpkg/info/icaclient.postinst from echo $Arch|grep “i[0-9]86” >/dev/null to echo $Arch|grep -E “i[0-9]86|x86_64” >/dev/null.
    Then restart the post-install sudo dpkg –configure icaclient.

  5. Add more SSL certificates.

    Some sites can give an SSL error. Firefox has many more certificates than Citrix, so add them.

    For example, sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/

They quote the Ubuntu bug 1185771,
Mark libwebkitgtk-1.0-common as “Multi-Arch: foreign”.

Firefox is also not configured to open the Citrix Files correctly. To fix this select Open With and point it to /opt/Citrix/ICAClient/wfica

Posted in citrix | 2 Comments

Checkpoint SNX on Ubuntu 14.04 LTS (Trusty Tahr)

I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions

Life has conspired to bring me back to the open arms of Kubuntu and with a new install comes the required update on getting Checkpont Firewall AKA SNX working. This is part of the snx series here.

The first step remains the same and is to get your username, password and ip address or host name of your snx server from your local administrator. Once you do that you can login and then press the settings link. This will give you a link to the various different clients. In our case we are looking for the “Download installation for Linux” link. Download that and then run it with the following command.

# sh +x
Installation successfull

If you run this now you will get the error

snx: error while loading shared libraries: cannot open shared object file: No such file or directory

We can check if the required libraries are loaded.

# ldd /usr/bin/snx | grep "not found" => not found => not found

This is the 64 bit version and I’m installing a 32 bit application, so you’ll need to install the 32 bit libraries and the older version of libstdc if you haven’t all ready. The old trick of simply installing ia32-libs will no longer work since MultArch support has been added. Now the command is simply

apt-get install libstdc++5:i386 libpam0g:i386

You should now be able to type snx without errors. You only now need to accept the VPN Certificate by loging in via the command line and press “Y”.

user@pc:~$ snx -s my-checkpoint-server -u username
Check Point's Linux SNX
build 800007075
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: my-checkpoint-server VPN Certificate
Do you accept? [y]es/[N]o:

Note the build number of 800007075. I had difficulties connecting with any other version lower than this.

Posted in General, snx | 27 Comments

XPath and namespace

When your XSLT/Xpath search is not giving the desired results always check the namespace of the element you are using.

EDIT For some reason spammers find this post delightful so I’m turning off comments on this one.

Posted in General | Comments Off on XPath and namespace

The engineering uses of hair tie

Quick Engineering tip: Get yourself a bag of black elastic hair ties. Since my Daughters have grown their hair, I have been exposed to this brilliant piece of engineering. Useful as removable cable ties, a makeshift spring, … think springy duck tape. The applications are endless.

A collection of elastic ties.

Get the smooth ones

Posted in General | Leave a comment

ORCA Fundraiser and the HPR New Year Show

During this years third annual Hacker Public Radio 26 Hour New Year show we will be discussing the ongoing work on the Orca project.

The orca Screen Reader is a free, open source, flexible, and extensible screen reader that provides access to the graphical desktop via user-customizable combinations of speech and/or braille. Written in python, it provides a way for blind, low vision, dyslexic, etc. people to do all the things we all take for granted. Filing taxes, checking when the next bus is leaving, or simply earning a living.

The problem is that while this program is so essential to so many peoples lives it has only one (1) developer, Joanmarie Diggs of Igalia open source consultancy.

We’re going to fix that.


We’re going to raise $100,000 to hire two full time contractors to fix all the outstanding bugs  tracked by Orca.


We’re going to find programmers and have them work on this either full time or part time, to continue to improve Accessibility in:

  • Orca
  • Speech Dispatcher
  • Thunderbird
  • Gecko
  • Evolution
  • LibreOffice
  • Java (and its Atk Wrapper)
  • GnuCash
  • AbiWord
  • Audacity
  • and any other apps and toolkits that need help


We’re going to raise the profile of Accessible Computing in every software project so that support is included from the start, contributing documentation, putting people in touch with advisors, telling our friends that Orca and Sonar exists, recording new voices, and generally making Orca not just better but, ten times better

So please spread the word, on social networks #FundOrca, contact every celebrity, entrepreneur, or personality you know. Please support this campaign.


Edit: Updated to add developer information as per Stomme poes, comments below.
Edit2: Updated to add comments by Joanmarie Diggs.

Posted in General | 3 Comments

Installing Citrix Reciver on Ubuntu 13.04/chrubuntu

I just installed ChrUbuntu on my Acer C7 Chromebook and of course it’s time to install Citrix.

Get the application from the citrix website.
Select the deb format, and in my case the 32bit version.
Open with Ubuntu Software Center
Enter the root password

And we get the old classic “SSL error 61”
SSL error 61

The SSL Error 61, is now easily fixed by copying the certs into the correct directory

sudo cp -v /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/

That was it.

Posted in citrix | 1 Comment