WebRTC – A viable alternative to Skype

webrtc_logoSkype for Linux 4.3 and upwards requires the use of PulseAudio, which has caused discontent amongst those Linux users who do not use PulseAudio. Although I do use PulseAudio, I recently found out about WebRTC, an API (application programming interface) for browser-based communication offering most of the functions provided by Skype, namely: voice calling, video chat, text chat, file sharing and screen sharing. The official WebRTC site states:

WebRTC is a free, open project that enables web browsers with Real-Time Communications (RTC) capabilities via simple JavaScript APIs. The WebRTC components have been optimized to best serve this purpose.

Our mission: To enable rich, high quality, RTC applications to be developed in the browser via simple JavaScript APIs and HTML5.

WebRTC was originally released by Google but is now a draft standard of the World Wide Web Consortium, and is supported by Chrome, Firefox and Opera browsers. Several commercial Web sites offer WebRTC-based communications to fee-paying customers, but I thought I would try WebRTC by using one of the so-called ‘demo’ WebRTC pages. AppRTC is a WebRTC demo page which can be reached from a link on the official WebRTC site, but I prefer Multi-Party WebRTC Demo by TokBox which offers a more polished experience with better features. Both are free to use and viable substitutes to Skype for video chatting (one-to-one or conference).

So, how do you actually use WebRTC-based sites? Below is a quick guide to get you going.

Text and video chatting

Open the following URL in Chrome or Firefox:

https://opentokrtc.com/

Enter a Room Name that is likely to be unique. I used ‘fitzchat’ (without the quotes), but you can use any name you want.

The other party or parties can do the same thing, i.e. they enter the same Room Name as you, and you will all become connected.

Alternatively, to send an e-mail invitation to someone, click on the URL at the top of the pane on the right-hand side (which is Invite: https://opentokrtc.com/fitzchat in this example, as I chose to name the Room ‘fitzchat’). The partially visible pane at the right-hand side of the browser window will slide into full view when you click on it.

That’s all there is to it. You should see a video window showing each party, and they should see the same. Each party should also be able to hear the other parties. In the top right-hand corner of each video window is an icon (microphone for you; speaker for each of the other parties) which you can click on to mute/un-mute that party.

Click on the partially visible pane at the right-hand side of the browser window. Notice the ‘chat bar’ at the bottom where you enter commands and chat text. Read the grey instructions listed near the top of the pane:

Welcome to OpenTokRTC by TokBox
Type /nick your_name to change your name
Type /list to see list of users in the room
Type /help to see a list of commands
Type /hide to hide chat bar
Type /focus to lead the group
Type /unfocus to put everybody on equal standing

For example, to give myself a meaningful name instead of the default username Guest-0120e48c which was given to me automatically, I entered the following:

/nick Fitz

Screen sharing

I found that screen sharing already works well in Chrome 36.0.1985.125 but is not yet supported in Firefox 31.0. It will be supported in Firefox 32 or 33, apparently, or you can already use Firefox Nightly providing you add the appropriate preferences via about:config.

To be able to share screens in Chrome, I had to perform two steps: enable a Chrome flag and install a Chrome extension. The two steps, which do not need to be repeated, are given below (see Ref. 1).

To enable screen sharing in Chrome, do the following:

  1. Open a new tab or window in Chrome.
  2. Copy the following link: chrome://flags/#enable-usermedia-screen-capture and paste it in the location bar.
  3. Click on the ‘Enable’ link below ‘Enable screen capture support in getUserMedia().’ at the very top of the screen.
  4. Click on the ‘Relaunch Now’ button at the bottom of the page to restart Chrome.

To install the screen sharing extension in Chrome, do the following:

  1. Launch Chrome and click on the Menu icon.
  2. Click on ‘Settings’.
  3. Click on ‘Extensions’.
  4. Click on ‘Get more extensions’ and search for ‘webrtc’.
  5. Download ‘WebRTC Desktop Sharing’.
  6. This places an icon to the right of the URL bar in Chrome.

To share your screen or just a window, do the following in Chrome:

  1. Click on the ‘Share Desktop’ icon to the right of the URL bar and select either ‘Screen’ or the window you wish to share.
  2. Click ‘Share’.
  3. When sharing has started in a new Chrome window, select the URL of the relevant tab in that window and send it to the other parties via the chat pane on the right-hand side of the first browser window.

To stop sharing, click on ‘Stop sharing’ and click on the ‘Share Desktop’ icon to the right of the URL bar to get it to return to displaying the ‘Share Desktop’ icon instead of the || (Pause) icon.

File sharing

I did not bother to try file sharing using WebRTC, but there are various Web sites you can use to do that. One such is ShareDrop, and googling will find others.

Caveats

Chrome 36.0.1985.125 and Firefox 31.0 were used in this trial (I did not try Opera). I found that video chat worked faultlessly when both parties were using Chrome, and when both parties were using Firefox. However, when one of the parties was using Firefox and the other was using Chrome, I could not see myself in one of the video boxes in the browser window (although I could see the other party in the other video box in the browser window). Furthermore, there was a grey bar across the middle of the video images in the AppRTC demo, whereas the Multi-Party WebRTC Demo video images were normal. Other than those two issues, the experience was smooth and straightforward. My recommendation would therefore be to use Multi-Party WebRTC Demo and for all the parties to use the same browser, be it Chrome or Firefox. If you want to share your screen or a window, the logical choice at the moment would be Chrome.

References

1 LiveMinutes Blog – Beta Testers: How To Activate Screen Sharing!

Installing and using the Pipelight browser plug-in with Firefox 30 for Linux

pipelight-logoI use Gentoo Linux (~amd64) on my main laptop. Although I do not use Netflix or any of the other streaming video services that require the Microsoft Silverlight browser plug-in, I do need to use a browser with the Silverlight plug-in to access an office Intranet site. So I was interested in installing the Pipelight plug-in.

Although Pipelight works with most of the Silverlight test sites I have found on the Web, I cannot get it to work with the above-mentioned office Intranet site, which is why I ended up installing Firefox for Windows and Silverlight in WINE (see my previous post). Anyway, below I explain how I installed and configured Pipelight 0.2.7.1 and Firefox 30.0 for Linux. Even if you use a different Linux distribution to me, almost all of this post will still be relevant; only the package installation commands will differ.

Google Chrome 34 and onwards does not support NPAPI, so Pipelight does not work any more with Chrome. Actually, Mozilla has disabled some NPAPI support by default in Firefox 30: with the exception of the Flash plug-in you have to explicitly give permission for plug-ins to be activated via Click-to-Activate (also known as Click-to-Play). You can configure how Firefox Click-to-Activate behaves via Open menu > Add-ons > Plugins (choose either ‘Ask to Activate’, ‘Always Activate’ or ‘Never Activate’). See ‘Issues related to plugins – 4.1 Click to Play in Mozilla browser versions 23 and above‘ on the mozillaZine Website and ‘How to always activate a plugin for a trusted website‘ on the Mozilla Support Website.

I updated an existing Pipelight ebuild so that it will install the latest version of Pipelight (0.2.7.1) via a Portage local overlay. You can download the new ebuild from Gentoo Bugzilla Bug Report No. 481596 (see Comment 40). I can only get it to merge by using the -binary-pluginloader USE flag. [Update August 18, 2014: The package is now in the main Portage tree, at least for ~amd64]

Installation

Install Firefox if it has not already been installed:

root # emerge firefox

Install Pipelight (installation fails unless I disable binary-pluginloader):

root # USE="-binary-pluginloader" emerge pipelight

Install WINE with the Compholio patches:

root # USE="pipelight" emerge wine

As you can see below, I have wine-1.7.21 and pipelight-0.7.2.1 installed.

user $ eix -I wine
[I] app-emulation/wine
Available versions: 1.2.3^t (~)1.3.28^t 1.4.1^t 1.6.1^t 1.6.2^t (~)1.7.0^t (~)1.7.3^t (~)1.7.4^t (~)1.7.8^t (~)1.7.9^t (~)1.7.10^t (~)1.7.11^t (~)1.7.12^t (~)1.7.13^t (~)1.7.14^t (~)1.7.15^t (~)1.7.16^t (~)1.7.17^t (~)1.7.18^t (~)1.7.19-r1^t (~)1.7.20^t (~)1.7.21^t **9999^t {+X (+)alsa capi cups custom-cflags dbus dos (+)fontconfig +gecko gnutls gphoto2 gsm gstreamer jack (+)jpeg lcms ldap +mono mp3 nas ncurses netapi nls odbc openal opencl +opengl osmesa (+)oss +perl pipelight (+)png +prelink pulseaudio +realtime +run-exes samba scanner selinux (+)ssl test +threads +truetype (+)udisks v4l +win32 +win64 xcomposite xinerama (+)xml ABI_MIPS="n32 n64 o32" ABI_PPC="32 64" ABI_X86="(+)32 (+)64 x32" ELIBC="glibc" LINGUAS="ar bg ca cs da de el en en_US eo es fa fi fr he hi hr hu it ja ko lt ml nb_NO nl or pa pl pt_BR pt_PT rm ro ru sk sl sr_RS@cyrillic sr_RS@latin sv te th tr uk wa zh_CN zh_TW"}
Installed versions: 1.7.21^t(13:39:36 06/07/14)(X alsa cups fontconfig gecko gphoto2 gsm jpeg lcms mp3 ncurses nls openal opengl perl pipelight png prelink pulseaudio realtime run-exes scanner ssl threads truetype udisks v4l xinerama xml -capi -custom-cflags -dos -gstreamer -ldap -mono -netapi -odbc -opencl -osmesa -oss -samba -selinux -test -xcomposite ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_X86="32 64 -x32" ELIBC="glibc" LINGUAS="en pt_BR -ar -bg -ca -cs -da -de -el -en_US -eo -es -fa -fi -fr -he -hi -hr -hu -it -ja -ko -lt -ml -nb_NO -nl -or -pa -pl -pt_PT -rm -ro -ru -sk -sl -sr_RS@cyrillic -sr_RS@latin -sv -te -th -tr -uk -wa -zh_CN -zh_TW")
Homepage: http://www.winehq.org/
Description: Free implementation of Windows(tm) on Unix
.
user $ eix -I pipelight
[I] www-plugins/pipelight
Available versions: (~)0.2.3[1] (~)0.2.6[2] (~)0.2.7.1[2] {adobereader +binary-pluginloader flash foxitpdf grandstream installation-dialogs npactivex roblox shockwave +silverlight static unity3d}
Installed versions: 0.2.7.1[2](21:57:35 10/07/14)(silverlight -adobereader -binary-pluginloader -flash -foxitpdf -grandstream -installation-dialogs -npactivex -roblox -shockwave -static -unity3d)
Homepage: http://fds-team.de/cms/index.html https://launchpad.net/pipelight
Description: A browser plugin which allows one to use windows-only plugins inside Linux browsers.
.
[1] "sabayon" /var/lib/layman/sabayon
[2] "local_overlay" /usr/local/portage

Now update the dependency-installer script and enable the plug-in:

user $ sudo pipelight-plugin --update # sudo has to be used for this command only.
user $ pipelight-plugin --enable silverlight

Applies to AMD ATI GPUs only: My main laptop has an AMD ATI HD 5850 GPU, and hardware acceleration causes Firefox to hang when the Pipelight plug-in is enabled, so I have to disable hardware acceleration:

user $ cp /usr/share/pipelight/configs/pipelight-silverlight5.1 ~/.config/

Edit the Pipelight configuration file:

user $ nano ~/.config/pipelight-silverlight5.1

In order to force GPU acceleration uncomment the line:
overwriteArg = enableGPUAcceleration=true

In order to disable GPU acceleration (even if your graphic driver is probably supported) uncomment the line:
overwriteArg = enableGPUAcceleration=false

Instead of disabling GPU hardware acceleration in the Pipelight configuration file (pipelight-silverlight5.1), I could have instead done it each time I launch Firefox by entering the following command:

user $ PIPELIGHT_GPUACCELERATION=0 firefox

But I prefer to be able to enter just the following command:

user $ firefox

or to launch Firefox from the as-installed entry for Firefox in the Desktop Environment’s launcher menu.

After launching Firefox for the first time, a series of pop-up windows will show that the Silverlight plug-in is being installed. Once the final pop-up window has closed, install the Firefox extension User Agent Overrider (do not install User Agent Switcher or any other user agent selection extension for Firefox), click on the down-arrow of the User Agent Overrider icon in Firefox and select ‘Windows / Firefox 29′ from the pull-down menu. I also selected ‘Preferences…’ and added another user agent string to the end of the list:

# Custom
Windows / Firefox 15: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1

Check that the plug-in is installed correctly

Enter about:plugins in the Firefox Address bar to check which plug-ins are installed, their version and current state.

Use the Pipelight diagnostic page to check the plug-in is working.

Pipelight options

To see what commands the Pipelight plug-in supports, enter the following command in a Konsole/Terminal window:

user $ pipelight-plugin --help

Further information

Below are some links to Silverlight tests and other information regarding Pipelight and Silverlight.

Silverlight test pages

Silverlight Version Test

Bubblemark animation test

Silverlight Project Test Page | Deep Zoom

Silverlight DRM Test (Select ‘No DRM’ because the following bug report says that the Silverlight DRM test at the aforementioned Web page is broken and Microsoft will not fix it: Bug 762056.)

Becky’s Silverlight Test Site

Microsoft Silverlight – IIS Smooth Streaming Demo

Experience IIS Smooth Streaming

Silverlight Project Test Page | Deep Zoom Tag Browser

Microsoft Case Studies

Silverlight Demos

Here is an article on Netflix’s intention to dump the awful Silverlight plug-in:
Netflix to dump Silverlight, Microsoft’s stalled technology

Background information on the Pipelight project

This presentation was made by the Pipelight developers:
Pipelight – Windows browser plugins on Linux

Useful pages on the Pipelight Web site

Pipelight | News

This page, about selecting a User Agent String that will work, is important to read if you’re having problems:
Pipelight | Installation – User Agent

Background reading on User Agent Strings

How to Change Your Browser’s User Agent Without Installing Any Extensions

The IE10 User-Agent String

You can find out your current user agent string by using the following link:
What’s My User Agent?

Alternative to using Pipelight

If you still have trouble viewing Web pages that use Silverlight, you might like to try an alternative approach: use Firefox for Windows and the Silverlight plug-in in WINE. See my previous blog post Installing Firefox for Windows and the Silverlight plug-in in WINE.

Installing Firefox for Windows and the Silverlight plug-in in WINE

I use 64-bit (~amd64) multilib Gentoo Linux on my main laptop, and had been using successfully Version 0.2.3 of the Pipelight browser plug-in in 64-bit Firefox 29.0.1 for Linux to access an office Intranet Web site that uses Microsoft Silverlight. However, after installing 64-bit Firefox 30.0 for Linux recently I found that Mozilla has removed NPAPI support by default in Firefox 30, and Web sites using Silverlight would no longer load.

By updating Pipelight to Version 0.2.6 and changing the user agent string — see ‘Firefox UserAgent Switcher list‘ — I was able to browse in Firefox 30.0 for Linux only some of the Web sites that use Silverlight, but the aforementioned Intranet Web site would no longer load and displayed the following error message instead:

It appears the browser you are using to access this site is unsupported. Please use one of the following browsers …

· Internet Explorer 8.0

· Internet Explorer 9.0

· Internet Explorer 10.0

If you are using one of these browsers and you are still seeing this message, please contact company support.

I tried changing Firefox’s user agent string to the following, which I found from the post ‘Firefox UserAgent Switcher list‘:

Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0

That user agent string allowed the Intranet’s Web page to start loading, but a window popped-up displaying the error message shown below and Firefox stopped responding (froze).

Error reading Localization file

[Xml_UnexpectedTokens2]
Arguments: Content-Type,”,’,4,18
Debugging resource strings unavailable. Often the key and arguments provide
sufficient information to diagnose the problem. See http://go.microsoft.com/fwlink/?
linkid=106663&Version=5.1.30214.00&File=System.Xml.dll&Key=Xml_UnexpectedTokens2

After trying various user agent strings without success I decided to install 64-bit Firefox 30.0 for Windows and the 64-bit Silverlight plug-in in WINE. The 64-bit Firefox 30.0 for Windows installed successfully and I could launch it and browse the Internet. However, I found that the 64-bit Silverlight plug-in would not install (according to a message in the Silverlight Installer window, installation of the plug-in crashed at 82% complete), so I then installed 32-bit Firefox 30.0 for Windows with the 32-bit Silverlight plug-in, and that worked. Below I list the steps I used to install and configure 32-bit Firefox 30.0 with the 32-bit Silverlight plug-in in WINE (which, in my installation, was compiled to support both 32-bit and 64-bit Windows applications).

Installation and configuration of 32-bit Firefox for Windows and the Silverlight plug-in

1. I used a Web browser to download the file ‘Firefox Setup 30.0.exe‘ from the Mozilla Firefox Web site to the /home/fitzcarraldo/Downloads/ directory. The Mozilla Web site offers a choice of localised versions, so I downloaded the installer for Firefox for Windows in British English.

2. I opened a Konsole window and entered the following commands:

$ cd
$ export WINEPREFIX=$HOME/.wine-firefox
$ export WINEARCH="win32"
$ winecfg # Set Windows Version to Window 7.
$ cd ./.wine-firefox/drive_c/
$ wget http://winetricks.org/winetricks # Download winetricks so I can install Windows fonts.
$ chmod +x winetricks # Make winetricks script executable.
$ ./winetricks # Launch winetricks and install Windows fonts.
$ cp /home/fitzcarraldo/Downloads/Firefox\ Setup\ 30.0.exe .
$ wine Firefox\ Setup\ 30.0.exe
$ env WINEPREFIX="/home/fitzcarraldo/.wine-firefox" WINEARCH="win32" wine /home/fitzcarraldo/.wine-firefox/drive_c/Program\ Files/Mozilla\ Firefox/firefox.exe # Launch Firefox and download the Silverlight installer.

N.B. Keep the Konsole window open and use it to enter all the commands listed in this post.

Notice that I downloaded and launched the excellent winetricks script so that I could install some Windows fonts that Firefox for Windows might need to use. When the winetricks window opens, all I needed to do was:

  • Select ‘Select the default wineprefix’ and click ‘OK’
  • Select ‘Install a font’and click ‘OK’.
  • Select ‘allfonts’ and click ‘OK’.
  • Optionally, if you have an LCD monitor and you would like to enable subpixel font smoothing, select ‘Change Settings’ then ‘fontsmooth=rgb’ and click ‘OK’.

3. I used the 32-bit Firefox for Windows Web browser to download the Silverlight plug-in installer to the /home/fitzcarraldo/Downloads/ directory. The files downloaded were Silverlight.exe and Silverlight.exe:Zone.Identifier which were both downloaded when I clicked on the ‘Click to Install’ button on the ‘Get Microsoft Silverlight‘ Web page and I then moved them from the directory /home/fitzcarraldo/Desktop/ to the /home/fitzcarraldo/Downloads/ directory.

4. I exited Firefox for Windows and installed the Silverlight plug-in:

$ cp /home/fitzcarraldo/Downloads/Silverlight* .
$ wine Silverlight.exe # Now install 32-bit Silverlight.

5. Then I launched Firefox for Windows again to configure the User Agent:

$ env WINEPREFIX="/home/fitzcarraldo/.wine-firefox" WINEARCH="win32" wine /home/fitzcarraldo/.wine-firefox/drive_c/Program\ Files/Mozilla\ Firefox/firefox.exe

I entered ‘about:config‘ (without the quotes) in the Address bar and added a new preference named general.useragent.override containing the following string (it is a User Agent string for Microsoft Internet Explorer 10.6 in 32-bit Windows 7):

Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0

N.B. This is the user agent string I used to get a specific office’s Intranet Web site that uses Silverlight to load in the Firefox 30.0 for Windows browser. You may need to use a different user agent string for the particular Web site you want to load. Use a search engine to search the Web for suitable user agent strings for the specific Web site you wish to browse. I have seen various user agent strings given for Netflix, for example, so you may have to try several to find one that works for you.

Alternatively, rather than using about:config you could install a Firefox extension such as User Agent Switcher and the associated ‘useragentswitcher.xml‘ file (see the ‘Firefox UserAgent Switcher list’ reference above for details of how to install), which would allow you to add, edit and select user agent strings more easily. An alternative to User Agent Switcher is the Firefox extension User Agent Overrider which may give you better results than User Agent Switcher on some Web sites that use Silverlight. I have tried it and it enables me to view the Silverlight test pages on the Web (I selected ‘Windows / Firefox 29′ from the User Agent Overrider pull-down menu).

6. I also made sure that plugins.click_to_play is set to ‘true’ (it should be by default) and I gave permission to Firefox to use the Silverlight plug-in on the relevant Web site I wish to use (Open menu > Add-ons > Plugins). See ‘Issues related to plugins – 4.1 Click to Play in Mozilla browser versions 23 and above‘ on the mozillaZine Website and ‘How to always activate a plugin for a trusted website‘ on the Mozilla Support Website.

Launching Firefox for Windows correctly in Linux

To launch Firefox for Windows from the command line you will need to enter either of the following commands:

$ env WINEPREFIX="/home/fitzcarraldo/.wine-firefox" WINEARCH="win32" wine /home/fitzcarraldo/.wine-firefox/drive_c/Program\ Files/Mozilla\ Firefox/firefox.exe

$ env WINEPREFIX="/home/fitzcarraldo/.wine-firefox" WINEARCH="win32" wine C:\\windows\\command\\start.exe /Unix /home/fitzcarraldo/.wine-firefox/dosdevices/c:/users/Public/Start\ Menu/Programs/Mozilla\ Firefox.lnk

Alternatively, you can set up a Desktop Configuration File (.desktop file) on your Desktop and/or an entry in the Desktop Environment’s launcher menu. In my case, WINE took care of doing both of those during the installation of Firefox for Windows, and it used the standard Firefox icon. I just needed to edit the entry’s command for launching Firefox, to make it match one of the commands listed above.

Postscript

Regarding the file Silverlight.exe:Zone.Identifier that was downloaded when I downloaded the Silverlight installer (Silverlight.exe), I had never come across such a file type before but have now found out what it is:

File that contains metadata describing the security zones associated with another file; generated automatically when a file is downloaded from the Internet or received as an email attachment; often created by Internet Explorer.

See the article .ZONE.IDENTIFIER File Extension for details.

You can therefore forget about the Silverlight.exe:Zone.Identifier file (if one even exists in your case). The important thing is to download the Silverlight installer, which is a single .exe file.

Bypassing a corporate Web filter when using the command line

or ‘How to bypass a corporate Web filter and download YouTube videos via the command line’

One of the offices where I work uses a Web filter to block access to certain sites, such as YouTube. However, sometimes it is necessary to view blocked Web sites for work purposes. For example, these days a lot of companies or individuals post product reviews on YouTube that are useful for work purposes. In such cases I have used Tor to access the blocked sites in a Web browser such as Firefox, Chrome, Konqueror etc. See my post How to install and use Tor for anonymous browsing or to access country-restricted content from another country for details of how to set up and use Tor with a Web browser.

But sometimes I need to access blocked Web sites from the command line. For example, today I needed to download a YouTube video for work purposes, and I wanted to use youtube-dl to do it. The solution was simple…

First I launched vidalia and polipo as explained in the above-mentioned post on Tor, then I launched another Konsole/Terminal window and entered the commands shown below:

$ # First find out what resolutions are available for the video I want to download:
$ youtube-dl -F https://www.youtube.com/watch?v=T3Rr4CUoTSQ
Setting language
T3Rr4CUoTSQ: Downloading webpage
T3Rr4CUoTSQ: Downloading video info webpage
T3Rr4CUoTSQ: Extracting video information
[info] Available formats for T3Rr4CUoTSQ:
format code extension resolution note
140 m4a audio only DASH audio , audio@128k (worst)
160 mp4 192p DASH video
133 mp4 240p DASH video
134 mp4 360p DASH video
135 mp4 480p DASH video
136 mp4 720p DASH video
17 3gp 176x144
36 3gp 320x240
5 flv 400x240
43 webm 640x360
18 mp4 640x360
22 mp4 1280x720 (best)
$ # Now try to download the video at the resolution I want:
$ youtube-dl -f 22 -o Clevo_W230ST_overview.flv https://www.youtube.com/watch?v=T3Rr4CUoTSQ
Setting language
T3Rr4CUoTSQ: Downloading webpage
T3Rr4CUoTSQ: Downloading video info webpage
T3Rr4CUoTSQ: Extracting video information
ERROR: unable to download video data: HTTP Error 403: Forbidden

As you can see above, the corporate Web filter blocked youtube-dl from downloading the video.

So I informed the shell session about the local HTTP proxy (polipo) running on my laptop, by assigning and exporting the environment variable http_proxy using the following syntax:

export http_proxy=http://server-ip:port/

which in my case meant the following (refer to my article on Tor):

$ export http_proxy=http://127.0.0.1:8123/

and then I was able to download the video from YouTube despite the corporate Web filter:

$ youtube-dl -f 22 -o Clevo_W230ST_overview.flv https://www.youtube.com/watch?v=T3Rr4CUoTSQ
Setting language
T3Rr4CUoTSQ: Downloading webpage
T3Rr4CUoTSQ: Downloading video info webpage
T3Rr4CUoTSQ: Extracting video information
[download] Destination: Clevo_W230ST_overview.flv
[download] 100% of 100.23MiB in 05:50
$

Useful Reference: How To Use Proxy Server To Access Internet at Shell Prompt With http_proxy Variable

Can Linux cope with 24 Hours of Happy?

I enjoyed Pharrell Williams’ feel-good songs in ‘Despicable Me‘ and its sequel, ‘Despicable Me 2‘. ‘Happy‘, a very catchy ditty he wrote for the sequel, also features in the World’s first 24-hour-long music video, ‘24 Hours of Happy‘, shot in and around Los Angeles and released on 21 November last year. The song is played a total of 360 times over the duration of the video, each 4-minute take featuring a different person or persons dancing (improvised) along streets, in petrol stations, through Union Station, in a church, around a school, in a moving school bus, around a supermarket, in a bowling alley, and so on. Each 4-minute performance was filmed in one take using Steadicam, and the location at the end of each take segues into the next take. You see the sun rise; you see the bright sunlight of the morning and the warm sunlight of the afternoon; you see the sun set; you see the twinkling city lights at night. The concept is simple yet brilliant.

Clips from some of the takes were used to create the 4-minute official music video for ‘Happy’, so you can watch that on YouTube to get a flavour of the takes, although it does not do justice to the full video.

Williams appears in a different take every hour on the hour, and a few other takes have celebrity cameos, but the vast majority of the participants are unknown extras of all ages, races, shapes, sizes and looks. To quote Williams talking to the Los Angeles Times: “We wanted all humanity in there, not just the model-types you might expect.” Some are good dancers, others not so good. But they all have one thing in common: they’re having fun, so they look good. The joy is infectious, and I found myself watching far longer than I would have expected, having to return to the site again and again. Half the fun is watching the bystanders.

When you open the ’24 Hours of Happy’ site, the take that was in progress at the current time of day starts playing from the beginning. However, you can drag the pointer around the clock dial and watch any take from the 24-hour period. There are also buttons you can click on to jump between takes or to jump to each take featuring Williams. The yellow on-screen controls can be made to disappear by not moving the mouse pointer for 5 seconds.

Still from 24 Hours of Happy, showing on-screen controls

Still from 24 Hours of Happy, showing on-screen controls

The Web site is well-designed and fun to use, so I was not surprised it was voted ‘Site of the Month‘ and ‘Site of the Year Users’ Choice‘ by AWWWARDS, and voted ‘Site of the Month‘ and ‘Site of the Year‘ by TheFWA.

It’s impossible to list them all, but a few of my favourite takes are:

01:36  Very perky woman with ponytail.
05:28  Jogger who has to keep pulling his shorts up!
08:24  Woman on roller skates.
09:52  Very cute little girl.
09:56  Woman with some groovy moves.
10:40  Woman in Union Station. Some of the bystanders are particularly amusing.
11:16  Man with cast on foot.
11:20  Boy with an Afro.
11:36  Three groovy old ladies.
11:44  Chubby guy with style.
12:36  Woman with some groovy moves.
13:32  Dancing couple in pink.
14:20  Two cool guys in dinner jackets inside and outside Union Station.
15:00  Pharrell Williams in a church with a gospel choir.
19:04  Woman with a lizard puppet. The lizard does the lip-synching!
19:36  Guy on stilts.
23:40  Woman with LED hula hoop (love it!).

If you want to start viewing a take made at a specific time of day, you can append the time to the URL, like so:

http://24hoursofhappy.com/09h53am

Obviously I think ’24 Hours of Happy’ is fabulous, but why am I discussing it in a blog predominantly about Linux? Because Firefox 27.0.1 (32-bit) running in Windows 8.1 (64-bit) on my new Acer Aspire XC-600 micro-tower PC (dual-core Intel Pentium G2030 @ 3 GHz & 3 MB cache, 4 GB DDR3 RAM) handles ’24 Hours of Happy’ at 720p with ease, but the story is very different on my main laptop running 64-bit Gentoo Linux with KDE (quad-core Intel Core i7 720QM @ 933 MHz & 6 MB cache, 4 GB DDR3 RAM). Both machines are on my home network, connected to the Internet via high-bandwidth broadband (FTTC).

On my laptop, the latest available versions of Firefox (27.0) and Opera (12.16_p1860-r1) for Gentoo, both 64-bit, do not even complete loading the ’24 Hours of Happy’ site: the black progress bar at the bottom of the home page stops about 7/8th of the way across the page and the KDE Network Monitor widget shows there is no network activity. Clearing Firefox’s Web content cache or increasing the cache’s size to 1 GB make no difference. Konqueror 4.12.2 (configured to use the WebKit browser engine rather than the KHTML engine) loads the site and plays it quite well at 720p to start with, but eventually video becomes choppy and I notice a lot of spawned kio_http processes. The KDE Network Monitor widget shows a continuous 3600 Kib/s data stream, which does not stop when I exit Konqueror. Numerous kio_http processes are spawned and remain after I exit Konqueror, and the 3600 KiB/s activity on the network only ceases when I kill all the kio_http processes. The number of spawned kio_http processes increases if I drag the pointer around the clock to select different takes, and the page just displays ‘LOADING’ ad infinitum if I do this several times. To be fair, if I do this a lot in Firefox running in Windows 8.1, I can get Firefox to stall too. I thought I’d try a lightweight browser and installed NetSurf (3.0-r1), but that couldn’t even render the title on the home page, let alone begin to load the video.

So, does ’24 Hours of Happy’ play nicely in your Linux installation? If it does, what hardware, distribution, desktop environment, browser and quality (360p, 480p, 720p or 1080p) are you using?

Fixing a problem with received video in Skype when using the AMD Catalyst (FGLRX) driver in Linux

Some users of Skype for Linux have reported that the bottom half of the received video image is corrupted in installations that use the closed-source video driver for ATI GPUs (the AMD Catalyst proprietary Linux driver, also known as the ‘FGLRX’ driver). One user described the lower half of the video image as “covered in small coloured squares like a chequer board”.

From what I have read in a few forums, it seems the problem does not occur when the open-source Radeon driver is used. My own experience corroborates that: I use the Radeon driver on one of my laptops, and received video in Skype is fine.

My main laptop has an AMD ATI Mobility Radeon HD 5650 GPU and I am using the Catalyst driver under Gentoo Linux. In this case there was a problem with received video in most Skype sessions. Either of the following effects usually occurred:

Snapshot 1 - Extract of received video image in Skype, showing an example of the corrupted image

Snapshot 1 - Extract of received video image in Skype, showing an example of the corrupted image

Snapshot 2 - Extract of received video image in Skype, showing another example of the corrupted image

Snapshot 2 - Extract of received video image in Skype, showing another example of the corrupted image

As shown in Snapshot 1, the lower half of the received video image was covered in a grid of thin green lines with areas tinged with purple, blue or green, whereas there was no grid of lines in the upper half of the image but some areas were tinged with red or blue.

As shown in Snapshot 2, the lower half of the received video image was covered in a grid of thin red lines, with a purple tinge in some areas, whereas there was no grid of lines in the upper half of the image, which looked reasonable but had some red-, green- or blue-tinged areas.

In all cases Skype’s thumbnail of my Webcam’s video image looked fine, and the person on the other end of the call said the video image received from me looked fine too.

Because of a bug in a previous version of the Catalyst driver a few years ago — see my blog posts Playing QuickTime videos in Firefox and Chromium + XVideo bug in AMD Catalyst 11.11 and 11.12 driver and AMD Catalyst for Linux driver 12.2 fixes the XVideo bug that crashed X.Org Server 1.11.x — I happen to know that Sykpe uses X11 overlays with the XVideo extension (xv), rather than using the OpenGL renderer (gl) or X11 with the SHM extension (x11). This made me wonder whether the use of XVideo with the Catalyst driver was causing the current problem. Unlike media players such as MPlayer and VLC, it is not possible to configure Skype to use gl or x11 instead of xv, so I thought it would not be possible to test whether the use of gl or x11 instead of xv would make a difference. Until, that is, I came upon a ‘trick’ posted by openSUSE user queequeg in 2009 during the period when an earlier version of the Catalyst driver had the aforementioned bug:

Skype Video Workaround for ATI

Anybody trying to make a video call with Skype and ATI fglrx drivers has had problems due to Skype using the “xv” video mode with the driver can’t handle. For anyone interested that is affected by this, there is a workaround:

1. Run the xvinfo command and look at the number of xv sessions available. Some cards have only 1, some have as many as 4. This is the number of xv occurances that the card can do at one time.
2. “Use up” all these xv sessions by opening videos in your favorite video player making sure to use xv for the video output. The videos can then be paused.
3. Once this (or they) are open, skype can be started and will default to X11 video and work properly with video calls.

I know this is a goofy way to get around this issue, but until fglrx can handle xv or skype allows an option to choose X11 for video render, I don’t know of any other way to do it.

(From what I hear, the 11.1 fglrx drivers can handle xv, but I haven’t confirmed this.)

So I tried his work-around. I had to launch four media players in order to use all available XVideo sessions. Lo and behold, when I launched Skype and made a video call the received video image was perfect. So it appeared that the Catalyst driver is not able to handle well the XVideo output from Skype. However, playing and pausing four videos every time I want to make a video call in Skype would hardly be practical, would it? And that is not the only downside: when I maximised a Firefox window during the Skype video call, my laptop spontaneously rebooted (I assume the X.Org server crashed).

I did also wonder whether just disabling compositing would solve the problem, so I disabled KWin Desktop Effects, but that didn’t make any difference.

I had also read in several forums that enabling or disabling the TexturedVideo and/or VideoOverlay options in the xorg.conf file have an effect on the video image produced by the Catalyst driver, but I could not find a post mentioning the use of either of those options to fix the specific problem I was seeing. So I decided not to pursue the xorg.conf route.

In my searches of the Web I came across a post somewhere that mentioned using GTK+ UVC Viewer (guvcview) to adjust video properties and improve video in Skype. I thought guvcview was only for adjusting the video image from a Webcam connected to my machine, i.e. adjusting the outgoing video image, and would not have any effect on received video. Nevertheless, I decided to install and launch guvcview to see if I could adjust both incoming and outgoing video properties. To my surprise, guvcview appeared to have fixed the problem with the received video. These are the steps I followed:

  1. I launched Skype and started a video call. The received video image had a grid of thin red lines and purple/green/blue tinting (similar to Snapshot 2).
  2. I Installed guvcview using the package manager.
  3. I launched guvcview in a Konsole (terminal) window. After guvcview created the file /home/fitzcarraldo/.config/guvcview/video0 and checked various video and audio settings it exited because my Webcam was being used by Skype (‘libv4l2: error setting pixformat: Device or resource busy‘).
  4. I clicked on the Webcam icon in the Skype call window, to turn my Webcam off.
  5. I launched guvcview again. The lower half of the received video image in Skype changed from a grid of thin red lines to a continuous green-coloured band, and the upper half of the image now looked reasonable but still had some red- or blue-tinged areas (see Snapshot 3 below).
  6. Snapshot 3 - Extract of received video image in Skype after I launched guvcview again

    Snapshot 3 - Extract of received video image in Skype after I launched guvcview again

  7. On the ‘Image Controls’ tab in the ‘GUVCViewer Controls’ window I changed the video frequency from 60 Hz to 50 Hz then back to 60 Hz again. I was just tinkering, and I believe this had no bearing on the outcome.
  8. I clicked on the ‘Quit’ button in the guvcview window to terminate the application.
  9. I clicked on the Webcam icon in the Skype call window to turn on again the Webcam, and the received Skype video image changed to a perfect image (see Snapshot 4 below).
  10. Snapshot 4 - Extract of received video image in Skype after I turned on again my Webcam in Skype

    Snapshot 4 - Extract of received video image in Skype after I turned on again my Webcam in Skype

It appears that guvcview had an effect on the received video image in Skype, although, if it did, I do not understand how. To check if the fix was permanent I ended the Skype video call, signed out of Skype and quit the application, rebooted and made a new Skype video call. The received video image in Skype was again perfect. I even deleted the guvcview configuration file and repeated this check, just in case the configuration file was somehow being used even though I had not launched guvcview, but the received video in yet another Skype video call was still perfect. I also clicked on the Webcam icon in the Skype call window several times during each call in order to turn my Webcam off and on several times; the received video image of the other person remained perfect.

So there you have it: when using an AMD ATI GPU and the Catalyst driver, it seems that guvcview can be used — at least in my case — to eliminate the type of image corruption in received Skype video shown in Snapshots 1 and 2. So, if you are also using the AMD Catalyst for Linux driver and are experiencing a similar problem, try guvcview. It might just do the trick.

‘Server not found’ by browser at launch

I haven’t had any significant Linux problems or new requirements in the last few months, hence no new posts here. My last real problem was back in June 2013 when I rolled my Gentoo installation to latest using Portage and found that, whenever I launched Firefox, it displayed the ‘Server not found’ page and I had to click ‘Try Again’, and then Firefox displayed the expected Web site. From then onwards, Firefox would work as expected until I exited the application. Thunderbird was also unable to access e-mail servers on the first attempt after it was launched. The same thing happened in Sabayon Linux when I rolled to latest using Entropy a couple of days later. Anyway, here is how I fixed the problem in both distributions.

First I used Wireshark to see what was going on, and it transpired that Gentoo (and Sabayon) was sending an IPv4 request followed quickly by an IPv6 request, but the reply to the IPv6 request was being received first and was a ‘server not found’ message since my ISP does not support IPv6 and my router apparently does not handle IPv6 requests correctly. Gentoo (and Sabayon) then used an IPv4 address when I clicked ‘Try Again’ in the browser window, and thereafter Firefox always dispayed the expected Web sites.

I should point out that IPv6 is enabled in the kernels I use and I’ve never before had to disable IPv6 in Firefox (or system-wide) on the affected laptops. So why the change in functionality, I wonder?

With Wireshark capturing packets, when I launched Firefox I was seeing a server failure message indicating “AAAA” (IPv6) instead of “A” (IPv4). To stop this happening I could have chosen any one of the three following solutions:

1. I could have used about:config in Firefox (and Config Editor in Thunderbird) to change the value of network.dns.disableIPv6 to true instead of false.

2. I could have disabled IPv6 system-wide by editing /etc/modprobe.d/aliases.conf and uncommenting the line “alias net-pf-10 off“.

3. I could have forced the getaddrinfo() function in glibc to make the IPv4 and IPv6 requests sequentially rather than in parallel.

Just for the fun of it I chose the third option on a couple of my laptops, and, as they use NetworkManager, this is how I did it:

fitzcarraldo@aspire5536 ~ $ su
Password:
aspire5536 fitzcarraldo # cat /etc/resolv.conf
# Generated by resolvconf
domain home
nameserver 192.168.1.254
aspire5536 fitzcarraldo # cd /etc/NetworkManager/dispatcher.d/
aspire5536 dispatcher.d # touch 06-dhclientoptions
aspire5536 dispatcher.d # nano 06-dhclientoptions
aspire5536 dispatcher.d # cat 06-dhclientoptions
#!/bin/bash
echo "options single-request" >> /etc/resolv.conf
aspire5536 dispatcher.d # chmod +x /etc/NetworkManager/dispatcher.d/06-dhclientoptions
aspire5536 dispatcher.d # # Now I disconnect then reconnect to the network
aspire5536 dispatcher.d # cat /etc/resolv.conf
# Generated by resolvconf
domain home
nameserver 192.168.1.254
options single-request
aspire5536 dispatcher.d #

As you can see above, I added a two-line Bash script 06-dhclientoptions in the directory /etc/NetworkManager/dispatcher.d/ that appends the line “options single-request” (without the quotes) to the contents of the file /etc/resolv.conf. The addition of the line “options single-request” in resolve.conf causes the getaddrinfo() function in glibc to make the IPv4 and IPv6 requests sequentially rather than in parallel. With this change, Firefox and Thunderbird no longer have a problem accessing the Internet the first time they are launched.

From “man 5 resolv.conf” under “options”:

single-request (since glibc 2.10)
sets RES_SNGLKUP in _res.options. By default, glibc performs IPv4 and IPv6 lookups in parallel since version 2.9. Some appliance DNS servers cannot handle these queries properly and make the requests time out. This option disables the behavior and makes glibc perform the IPv6 and IPv4 requests sequentially (at the cost of some slowdown of the resolving process).

single-request-reopen (since glibc 2.9)
The resolver uses the same socket for the A and AAAA requests. Some hardware mistakenly sends back only one reply. When that happens the client system will sit and wait for the second reply. Turning this option on changes this behavior so that if two requests from the same port are not handled correctly it will close the socket and open a new one before sending the second request.

I had to use NetworkManagerDispatcher to add the line “options single-request” to /etc/resolv.conf because NetworkManager overwrites /etc/resolv.conf if you edit it manually.

UPDATE (February 4, 2014): As I have recently seen the line “options single-request” occurring more than once in the file /etc/resolv.conf I now recommend /etc/NetworkManager/dispatcher.d/06-dhclientoptions consists of the following:

#!/bin/bash
if grep -q "options single-request" /etc/resolv.conf; then
    exit
else
    echo "options single-request" >> /etc/resolv.conf
fi

Synchronise your Gentoo Linux clock with an Internet time server

There are a number of ways to synchronise Gentoo Linux with a time server on the Internet. Here I look at a few alternatives.

ntp-client

ntp-client and the NTP daemon ntpd are installed when you install the package net-misc/ntp. Although I have read on some Web sites that /etc/init.d/ntp-client should be added to the default runlevel in order to read the time from an NTP server (once-only, during start-up), this in fact does not work because usually the network connection is not up by the time the ntp-client initscript runs. Bear in mind that ntp-client does not run continuously; it syncs once with an external time server if there is a network connection, and that’s it.

NetworkManager Dispatcher

If you are using NetworkManager, an elegant solution is to use NetworkManagerDispatcher to restart ntp-client in order to resync your system clock every time a network connection comes up. This is my favoured solution for laptops; see further on for how to configure your machine to do this.

cronjob

Another way would be to create a cronjob to run periodically the ‘/etc/init.d/ntp-client restart‘ command or the ‘ntpd -q‘ command (the -q option means “set the time and quit”).

Wait a while after start up

A ‘quick-and-dirty’ method, which I have used sometimes to synchronise a laptop’s system clock every time it boots, would be to delay running ntp-client until the network is up by putting e.g. the command below in a file 10_ntp-client.start in the directory /etc/local.d/ (10 seconds is usually enough time for a wired or wireless connection to my home network to be established):

#!/bin/bash
sleep 10s && /etc/init.d/ntp-client restart

Don’t forget to make it executable:

# chmod 744 /etc/local.d/10_ntp-client.start

NTP daemon

Regarding the NTP daemon, it is possible to configure this from the command line, rather than via a Desktop Environment GUI, to run at start-up and continue running to adjust your system clock. The command:

# rc-update add ntpd default

will add the daemon’s initscript to the default runlevel so that it is launched automatically at the next startup, and the command:

# /etc/init.d/ntpd start

will start the daemon running right now.

Note that, by default, the NTP daemon won’t correct, all in one go, a time difference between your system clock and the remote NTP server if that difference is above a certain size. However, if you want to override the default behaviour, i.e. allow the NTP daemon to make a large first adjustment to the system clock, you can set the environment variable NTPD_OPTS in the file /etc/conf.d/ntpd as follows:

NTPD_OPTS="-g"
# The -g option enables ntpd to make large adjustments.

This would mean that you would not need to run ntp-client before ntpd. However, if you run ntp-client automatically — either once after start-up or periodically — then that would be good enough for the typical Desktop user, and could be an alternative to having a continuously-running NTP daemon. Nothing stops you doing both if you want, of course.

Updating the hardware clock

If you make clock_systohc="YES" in the file /etc/conf.d/hwclock then the time in the system clock will be written to the BIOS (CMOS) clock (a.k.a. hardware clock) when you shut down your PC.

How to configure NetworkManager Dispatcher to synchronise the system clock only when a network connection is made

If you’re using a machine that is permanently connected to a network, running the NTP daemon makes sense. But what if you have a machine that is not always connected to a network when it is powered up? I have a laptop and I don’t want the NTP daemon running all the time. But I would like my laptop to synchronise with an external time server once after start up when I connect to the Internet. NetworkManager has a handy tool called NetworkManager Dispatcher for doing just this.

If you have installed NetworkManager, you’ll find there is an initscript /usr/portage/net-misc/networkmanager/files/NetworkManagerDispatcher. Copy it to the directory /etc/init.d/ and give it the necessary restrictive permissions:

# cp /usr/portage/net-misc/networkmanager/files/NetworkManagerDispatcher /etc/init.d/
# chmod 744 NetworkManagerDispatcher

Then create a shell script called e.g. 99_ntp-client in the directory /etc/NetworkManager/dispatcher.d/ to be run by NetworkManagerDispatcher when a network connection is established, containing the following code:

#!/bin/bash

INTERFACE=$1 # The interface which is brought up or down
STATUS=$2 # The new state of the interface

case "$STATUS" in
    'up') # $INTERFACE is up
        echo "System time before starting ntp-client:" > /home/fitzcarraldo/ntp-client.txt
        date >> /home/fitzcarraldo/ntp-client.txt
        echo "Starting ntp-client:" >> /home/fitzcarraldo/ntp-client.txt
        rc-config restart ntp-client &>> /home/fitzcarraldo/ntp-client.txt
        echo "System time after starting ntp-client:" >> /home/fitzcarraldo/ntp-client.txt
        date >> /home/fitzcarraldo/ntp-client.txt
        ;;
    'down') # $INTERFACE is down
        # Check for active interface and down if no one active
        if [ ! `nm-tool|grep State|cut -f2 -d' '` = "connected" ]; then
                echo "Stopping ntp-client at:" > /home/fitzcarraldo/ntp-client.txt
                date >> /home/fitzcarraldo/ntp-client.txt
                rc-config stop ntp-client &>> /home/fitzcarraldo/ntp-client.txt
        fi
        ;;
esac

Make the root user the owner of the script, and only allow the root user to write to it and execute it:

# cd /etc/NetworkManager/dispatcher.d/
# chown root:root 99_ntp-client
# chmod 744 99_ntp-client

Then add NetworkManagerDispatcher to the default runlevel so that it will be launched every time you boot your machine:

# rc-update add NetworkManagerDispatcher default

As the package net-misc/ntp installs both /etc/init.d/ntpd and /etc/init.d/net-client, users could optionally add the NTP daemon ntpd to the default runlevel too if desired, which would provide continuous, incremental adjustments to the system clock once net-client has done its one-shot adjustment each time a network comes up:

# rc-update add ntpd default

But users who don’t leave their PCs on for days on end — or who use laptops — can ignore the above step and just stick with the NetworkManagerDispatcher and net-client solution, whereas users who leave their machines on for days or weeks on end can also use the NTP daemon to keep the system clock in sync in between the times when ntp-client has synchronised.

Don’t forget to delete ntp-client from the start-up level if you are using NetworkManagerDispatcher to run it:

# rc-update del ntp-client

Notice that the script /etc/NetworkManager/dispatcher.d/99_ntp-client logs some information in a text file ntp-client.txt in my home directory which I can check. Here is an example of what ntp-client.txt contains after I select a network (or it is selected automatically) following start up of my laptop:

System time before starting ntp-client:
Sun Jun 3 19:24:08 BST 2012
Starting ntp-client:
Restarting init script
* Setting clock via the NTP client 'ntpd' ...ntpd: time slew +0.067178s
[ ok ]
System time after starting ntp-client:
Sun Jun 3 19:24:17 BST 2012

As you can see above, the ntpd command was executed once by NetworkManagerDispatcher and made a small adjustment to the system time on my laptop.

Replacing ntpdate with ntpd in ntp-client

Just for the fun of it, I changed /etc/conf.d/ntp-client to use the command ntpd instead of ntpdate, even though the ntpdate command works fine. Anyway, here’s my /etc/conf.d/ntp-client file these days:

NTPCLIENT_CMD="ntpd"
NTPCLIENT_OPTS="-g -q"

I have added the -g option so that the ntpd command can make large adjustments to the system time if it is way off the actual time. This is useful at the beginning and end of Daylight Saving Time, or if you dual boot with Windows. Here is an example of the former when I powered up my laptop the morning after the clocks changed from BST to GMT at the end of Summer 2010:

$ cat /home/fitzcarraldo/ntp-client.txt
System time before starting ntp-client:
Sun Oct 31 09:37:23 GMT 2010
Starting ntp-client:
Starting init script
* Setting clock via the NTP client 'ntpd'...ntpd: time set -3600.122381s
[ ok ]
System time after starting ntp-client:
Sun Oct 31 08:37:30 GMT 2010

You can specify the NTP server or NTP server pool in the file /etc/ntp.conf, but the default server pool already specified in that file should work. Note again that, when ntpd is run with the -q option, it synchronises the system clock once and terminates, i.e. it is not running as a daemon.

How to install and use Tor for anonymous browsing or to access country-restricted content from another country

Some people want to browse the Web in complete anonymity. One tool for doing that is Tor. However, there are other reasons for using Tor. For example, when I am travelling in a country where the government blocks certain Web sites (or blocks accessing content on certain Web sites), or when I am travelling overseas and certain Web sites back home will not let me view content (e.g. TV shows), I use Tor. Note that some Web sites are now clever enough to detect that you are accessing them via a proxy and could be overseas, so even Tor will not gain you access to media on some Web sites back home. Anyway, it’s still worth trying Tor to see if it works in your case.

For an overview of the installation and configuration procedure, see Running the Tor client on Linux/BSD/Unix. Below I will explain how to install and use Tor in Gentoo Linux.

Before you use Tor, it is useful to check your current IP address. Several Web sites will tell you your current IP address; here is the site I usually use: http://whatismyipaddress.com/

1. Install Tor:

# USE="tordns" emerge -1v tor

(Actually, the more-recent versions of the tor package don’t require that USE flag but I’ve left it in as it does no harm.)

2. Install Vidalia:

# cd /usr/portage/distfiles/
# wget --no-check-certificate https://www.torproject.org/dist/vidalia/vidalia-x.y.z.tar.gz
# USE="tor" emerge -1v vidalia

Use the current version x.y.z of the vidalia package in the package manager and https://www.torproject.org/dist/vidalia/

3. Install Polipo:

# emerge -1v polipo

4. Download polipo.conf

# cd /etc/polipo
# wget --no-check-certificate https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf

Edit April 21, 2013: The above URL is now:

https://gitweb.torproject.org/torbrowser.git/blob_plain/ae4aa49ad9100a50eec049d0a419fac63a84d874:/build-scripts/config/polipo.conf

5. Edit it and change proxyPort = 8118 to proxyPort = 8123

6. Copy it to /etc/polipo/:

# cd /etc/polipo
# cp /etc/polipo/config /etc/polipo/config.bak
# cp polipo.conf config

7. Configure Firefox:

Edit > Preferences > Network > Settings

Manual proxy configuration:

HTTP Proxy: 127.0.0.1 Port: 8123
SSL Proxy: 127.0.0.1 Port 8123

SOCKS Host: 127.0.0.1 Port 9051
SOCKS v5
No Proxy for: 127.0.0.1

8. Run Vidalia and then configure it:

$ vidalia &

a) Settings > Sharing

Select ‘Run as a client only’

b) Settings > Advanced

Select ‘Use TCP connection (ControlPort)’
Address: 127.0.0.1 9051

Tor Configuration File:
/home/fitzcarraldo/.vidalia/torrc

Data Directory:
/home/fitzcarraldo/.tor

c) Click on ‘Edit current torrc’ and make it:

# This file was generated by Tor; if you edit it, comments will not be preserved
# The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it
ControlPort 9051
ExitNodes {gb}
Log notice stdout
SocksListenAddress 127.0.0.1
StrictNodes 1

Note that I have specified “{gb}” above so that I am perceived by Web sites to be browsing in the UK even if I am in another country. But you can use a different country code if you want Web sites to perceive you are in another country. For example, “{us}” would make it look as if you are browsing in the USA.

9. Run Polipo:

$ sudo polipo

10. Surf to http://torcheck.xenobite.eu/ to check that you are now using a Tor exit node.

11. Surf to http://whatismyipaddress.com/ to check that your IP address has changed.

Why can’t I access a specific Web site?

Is there one specific Web site that you can never access? That always causes your Web browser to stall when you click on a link to that site or enter the site’s URL in the browser’s address bar? Perhaps it’s an Internet banking site? You don’t have trouble with other sites, just this one particular site or perhaps just a couple of sites?

The chances are that this problem is caused by what is called a ‘black hole’ router somewhere between you and that site. For the technical explanation of a black hole router, see e.g. the article Black Hole (networking).

I experienced this precise problem a couple of days ago with the popular Web site IMDb. The old Gateway Solo 9300 laptop I was using has no built-in networking hardware so I use a couple of CardBus cards for wireless and wired network access. The Linksys WPC54G (EU) v7.1 wireless notebook adapter works fine but, irrespective of the Web browser, I could not access the IMDb Web site; the browser always stalled when trying to load the site. I discovered I also had the same problem with my bank’s Web site.

I could ping other sites by IP address and by domain name, but pinging the IMDb site never received a reply (and it still doesn’t, even after the fix explained below which allows browsing of the site).

I also experienced this problem several years ago under Windows XP when trying to access the Amazon UK Web site, using an MTU that I had incorrectly set to a value smaller than possible. The problem this time was due to a correctly-set MTU. In both cases, the two MTUs are smaller than a router somewhere en route to those sites wanted to handle.

BACKGROUND

Bear with me while I explain how the problem arose, as it’s relevant (and useful) information.

I had just installed Sabayon Linux on the laptop and got the wireless network connection up, and the first thing I then did was to launch Firefox. With an MTU of 1500 for wlan0, Firefox would only load Google (and that, only intermittently). All other sites would stall. So I used the following command iteratively in order to find the MTU for this hardware, which is 1464 (the maximum packet size in bytes that does not fragment + 28 bytes):

# ping -M do -s packet_size_in_bytes http://www.cisco.com

e.g.

# ping -M do -s 1472 http://www.cisco.com

I just varied the packet size in the ping command until “Frag needed and DF set” was not displayed.

I can reduce the MTU to 1464 as follows:

# ifconfig wlan0 mtu 1464

I could make this permanent by adding an entry (mtu_wlan0=”1464″) to the file /etc/conf.d/net, but I chose instead to make it permanent by adding the above ifconfig command to the file /etc/conf.d/local. This (correct) MTU works fine for all sites I have visited so far except for two, which just stall the browser: IMDb and my bank’s Web site.

I also have a Belkin F5D5010 CardBus Network Card (wired Ethernet) for the laptop. It works fine with an MTU of 1500, and there is no problem accessing the IMDb Web site in Firefox. So, apparently, the MTU is the problem when using the wireless network connection. Now let’s look at the solution…

THE SOLUTION

Well, in the case of Windows it is possible to edit the Registry to solve the problem of network ‘black holes’. But what do you do in the case of Linux? It turns out that the kernel /proc file system provides an easy way to enable and disable TCP MTU Probing by changing a value in the ‘file’ /proc/sys/net/ipv4/tcp_mtu_probing. A value of 0 = disabled; 1 = enabled when a black hole router is detected; 2 = always enabled.

This is what my laptop had in that ‘file':

# cat /proc/sys/net/ipv4/tcp_mtu_probing
0

So all I needed to do was:

# echo 2 > /proc/sys/net/ipv4/tcp_mtu_probing

and, bingo, a browser can access IMDb and my bank’s Web site without a problem. To make it permanent, I just added the above command to the file /etc/conf.d/local so that it is executed every time I boot the laptop. Here is what my file /etc/conf.d/local looks like now:

# Here is where you can put anything you need to start
# that there is not an init script for.

local_start() {
# This is a good place to load any misc programs
# on startup (use &>/dev/null to hide output)

# START OF MY ADDITIONS
# The Linksys CardBus card does not work with a MTU greater than 1464:
ifconfig wlan0 mtu 1464
# Enable TCP MTU Probing in order to deal with black hole routers:
echo 2 > /proc/sys/net/ipv4/tcp_mtu_probing
# END OF MY ADDITIONS

# We should always return 0
return 0
}

local_stop() {
# This is a good place to unload any misc.
# programs you started above.

# We should always return 0
return 0
}

UPDATE (May 13, 2011): OpenRC 0.8.0 and later in Gentoo and Sabayon Linux no longer use the file /etc/conf.d/local but instead require the commands to be in files in the directory /etc/local.d/. So I created a file /etc/local.d/01network.start containing the following lines:

# The Linksys CardBus card does not work with MTU greater than 1464:
ifconfig wlan0 mtu 1464
# Enable TCP MTU probing to deal with black hole routers:
echo 2 > /proc/sys/net/ipv4/tcp_mtu_probing

and made it executable:

# chmod +x /etc/local.d/01network.start

UPDATE (April 11, 2012): If “echo 2″ does not solve the problem, try “echo 1″ instead. The possible values are:

0 Do not perform PLPMTUD (Packetization Layer Path MTU Discovery)
1 Perform PLPMTUD only after detecting a ‘blackhole’.
2 Always perform PLPMTUD.

Follow

Get every new post delivered to your Inbox.

Join 49 other followers