Tag Archives: time

Watching IPlayer outside the UK

Tor is an anonymising network which allows people living in restrictive regimes to access the internet with relative impunity. If you know what you are doing you can use it to give yourself a UK IP address and watch BBC telly via IPlayer. This article tells you how to achieve same.

Why use Tor over other solutions? – Because it’s free, and because it won’t contain ads or malware, being an Open Source program.

What does this do? – It uses Tor’s Browser Bundle to connect the included web browser through UK only Tor exit nodes, which fools BBC IPlayer into thinking you are in the UK. The actual streaming still goes direct to your real IP address through Flash Player, so don’t use this if you want to remain hidden/anonymous, as it will definitely give you away!

My particular circumstances are that I am an English expat living in Ireland, but even though I can watch BBC channels through Sky or Freesat, the BBC block Irish IP addresses from IPlayer.

The steps are:-

  1. Download and extract Tor’s browser bundle.
  2. Manually copy the flash plugin into the Tor browser plugin directory.
  3. Enable plugins in Vidalia.
  4. Edit Tor’s config to only include UK exit nodes (preferably those with good bandwidth)

Using schroot instead of LXC containers

So, I have been using LXC to host my server services for a period of time, with a view to keeping things portable should I need to change provider. It’s very good in that it’s integrated into the Linux kernel and in Ubuntu at least it’s not too difficult to setup, however there are a number of problems with it.

First and foremost, every time the container operating system upgrades anything to do with init scripts, it won’t boot any more, so you are forced to hold back packages with varying amounts of success. Secondly, there does seem to be some overhead running things in an LXC container, and thirdly it isn’t as portable as it could be i.e. there is no live migration. and you will have to change config files if you move hoster to reflect you new IP address.

As I’m not selling containers as VPS, I only need to run 1 server instance, and therefore don’t really need containerisation at all, enter schroot. Schroot is like chroot without the hassle and with added flexibility, in a nutshell it will mount and start everything correctly for you to the point where you can automate startup and running of services in the chroot, it doesn’t suffer from init script borkage since the init system isn’t used at all, and it’s more portable as networking is irrelevant to a chroot (it simply uses the hosts networking).

Ok so where to start, well if you are already using LXC you can use the directory your container is stored in. I opted to move mine to a sane location before starting, in the interests of convention and easy administration. So, I created a “schroot” directory in the /home directory i.e.

 mkdir /home/schroot

Continue reading Using schroot instead of LXC containers

Postfix and network biopair interop: error reading x bytes from the network: connection reset by peer

Lately I have been getting “network biopair interop: error reading x bytes from the network: connection reset by peer” in my mail server logs, and my email client unable to send. My email client is Thunderbird configured to send via TLS. Googling the error doesn’t reveal very much other than it’s probably a transient network error/problem, or a broken TLS implementation at the client end, and that developers can be snooty. This is the second time I’ve had the problem. The first time I just disabled TLS and enabled CRAM-MD5 password authentication, so at least the password is sent encrypted. Today I decided to get serious, and find an ultimate answer to the problem.

Trawling through the various mailing lists reveals that “network biopair”, whatever that is, has been removed from Postfix as of December 2010, v2.8. Admittedly a bit of a long shot, I decided “what the hey” upgrading to Postfix 2.8 isn’t going to make things any worse, and it may sort the problem out.

The next problem then was how to upgrade to version 2.8, my mail server runs as part of an LXC container. Upgrading LXC containers is difficult because new versions of upstart, udev, ifupdown et al like to recreate device nodes, change init scripts and what not. Assuming you’re able to successfully complete the upgrade you will still probably be left with a container which doesn’t boot properly, or at all. I was hoping to stay with Lucid Lynx in the container, until support runs out, in the hope that the LXC boys would have made upgrades smoother by then, but how could I easily update to version 2.8 without either running from source, or running the gauntlet of the container upgrade? Further googling revealed that version 2.8 is available via backports so in /etc/apt/sources.list I added the following line and upgraded:-

deb http://ie.archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse

It’s too early to say whether the problem is completely fixed. If it isn’t I will remove this post!

Improve response in Ubuntu Desktop

I came across recently, as you do, an option to maximise the performance of my lowly OCZ Core V2 SSD in Ubuntu. Apparently the kernel goes to quite extreme lengths (in terms of using CPU cycles) to avoid doing seeks. With a “standard” hard drive this is desirable because the time it takes the head to move to the correct location is more costly. Seeking is irrelevant as far as an SSD is concerned and using extra CPU time only serves to reduce I/O performance. Happily there is an option to tell the kernel that you are using a non-rotational media for a specific drive designation i.e. sda, sdb, etc. and therefore maximise SSD performance.

Continue reading Improve response in Ubuntu Desktop

Iptables-apply or how to avoid unnecessary site visits when changing firewall configuration

Today’s post is definitely of the short and sweet variety. I happened across the file list for iptables the other day and noticed a binary I had not come across before “iptables-apply”. Iptables-apply is a script that applies firewall rules and then waits a configurable amount of time, for user input, to confirm the changes were successful. In other words if you aren’t a perfect admin (who is right!) and manage to accidentally lock yourself out by putting an iptables rule in wrong, iptables-apply will automatically revert back to the previous set of rules and you’ll get access again.

Could’ve saved me literally some diesel over the past few years that one!

From the iptables-apply man page:

iptables-apply   will  try  to  apply  a  new  ruleset  (as  output  by
iptables-save/read by iptables-restore) to iptables,  then  prompt  the
user  whether the changes are okay. If the new ruleset cut the existing
connection, the user will not be able to answer affirmatively. In  this
case,  the  script rolls back to the previous ruleset after the timeout
expired. The timeout can be set with -t.

This has the advantage over Shorewall in that Shorewall will only keep existing connections open when new rules are applied. If you happen to lose connectivity, tough luck, Shorewall will obediently block further connections on your borked firewall.

Remove residual config files in Ubuntu – A one liner

I have spent literally hours over the last year or two searching for an elegant way to remove configuration files left over from package installs, in a command line environment, with Ubuntu.

Googling would provide a frustrating list of solutions that would either involve installing extra packages, using a complicated command line, or script, solutions that I would never be happy with and would “redo” the search again, each time I wanted to perform the same task, in the hope of finding something better.

In the end Aptitude and Xargs were my friends. Without further ado ….

Continue reading Remove residual config files in Ubuntu – A one liner

The perfect linux laptop (well nearly) – Dell Inspiron 1750

For the last 6 months my Samsung laptop backlight has been flickering at me randomly and indiscriminately. Having had enough if this cyber “water” torture I finally relented and decided to buy a new laptop. As my customers always have good experiences with Dell equipment I decided I should take my own advice and buy from them. Running Ubuntu and already owning a entry level SSD I decided I didn’t need anything flashy but it had to have a decent amount of memory for running a Vista Virtual machine as and when the need arose. It would also need a 17″ screen as working in lots of SSH sessions at the same time is a pain for me with anything smaller.

I basically went for the base spec Inspiron 1750 except with 4 GB of memory and I have to say it is the best Linux experience I’ve had so far with a laptop. Everything pretty much worked straight away with a minimum of fuss.

Ok so onto the things I had to do.

Continue reading The perfect linux laptop (well nearly) – Dell Inspiron 1750

Howto share your mobile broadband connection in Windows XP

First of all I’m assuming you have your HSDPA modem installed and working. Secondly you really need to have Windows firewall enabled. Thirdly, and by no means least, you should consider why you want to do this and what you are trying to achieve. Internet connection sharing is unstable in Windows XP and often breaks in such a way that you have to disable and re-enable it and even then it may not work. If you a looking for something reliable that will work every time you should consider reinstalled your PC/laptop with Ubuntu or some other Linux distribution and sharing the connection from there.

Continue reading Howto share your mobile broadband connection in Windows XP

The importance of a minimal firewall.

I have long been an avid user of the well known interface to iptables – Shorewall. Of late though I have suspected it is slowing my network down. I once decided to see what actual iptables rules it was creating and ran “iptables -L”. There was a lot of output and I wasn’t sure was all of it necessary. It niggled away at the back of my brain for the last few months, and I decided yesterday it was time to do something about it.

I first looked at another “user-friendly” interface that would perhaps give me more control and proper ipv6 support, so I installed Firewall Builder. However it seemed quite complex and after spending some time trying to get to grips with the interface I decided it would be easier to type the rules in manually and anyway that would be the only way I was 100% sure everything in there was needed.

I familiarised myself with the Packet Filtering HOWTO and thought the easiest thing to do would be use “iptables-save” to copy the existing Shorewall rules into an iptables friendly format. The resultant file was 9k long and appeared to have a lot of user defined chains for no good reason. It also didn’t make good use of the multi-port option for tcp connections and therefore there were dozens of rules where there only needed to be one.

Continue reading The importance of a minimal firewall.