Matthew's Weblog

First step was getting the MythFrontend to work on my mac… I downloaded the newest version, ran it, gave it the configurations needed, and it would repeatedly silently die. After trying to get a 0.21 build to work, I finally figured out how to run an application from the command line (no error messages! Argh!) and was able to see that there was a version mismatch. Downloaded 0.20-fixes and it worked great, first time. Three hours gone… sigh.

Moving on to the AppleTV…

Used the original appletv install documentation on the mythtv site

It went pretty well, directing me to an engadget article about upgrading appletv hard drives, showing how to dissasemble the appletv and back up the contents of the hd.

 dd if=/dev/disk1 of=/Users/mps/AppleTV.img bs=1024k

to check status, new terminal window and “kill -INFO [8636, PID of the dd process]”

then moving over various files:

cp -p /Users/mps/Downloads/Patchstick/Patchstick/atvloader/AwkwardTV.frappliance/Contents/Resources/sshd /Volumes/OSBoot/usr/sbin/
chmod +x /Volumes/OSBoot/usr/sbin/sshd
cp -p /Users/mps/Downloads/Patchstick/Patchstick/ssh/ssh.plist /Volumes/OSBoot/System/Library/LaunchDaemons/
defaults delete /Volumes/OSBoot/System/Library/LaunchDaemons/ssh Disabled
mkdir /Volumes/OSBoot/System/Library/Frameworks/OSXFrames
cp -pr /System/Library/Frameworks/Kerberos.framework /Volumes/OSBoot/System/Library/Frameworks/OSXFrames/.
cd /Volumes/OSBoot/usr/libexec/
cp /usr/bin/ssh* ../../usr/bin/
cp /usr/libexec/sshd-keygen-wrapper ../../usr/libexec/
cp /usr/libexec/sftp-server ../../usr/libexec/

when I tried to “cp /usr/libexec/ssh* ../../usr/libexec/” I got:
“cp: /usr/libexec/ssh-keysign: Permission denied”

so somehow there was a strange source permission issue… I didn’t sudo it because the docs said it wasn’t really needed.
then fixing perms:

sudo chown 0:0 sshd-keygen-wrapper
chmod 755 sshd-keygen-wrapper
sudo chown 0:0 sftp-server
chmod 755 sftp-server
cd ../../usr/bin/
sudo chown 0:0 ssh*
chmod 755 ssh*

and then it says we’re done and to test ssh. However, I don’t want to be transferring 100mb of MythFrontEnd over wireless if I don’t have to… so:

tar cf ~/MythFE.tar -C /Applications/ MythFrontend.app

(yes, there’s a space before the MythFrontend.app, and I don’t know why… I’ll read the tar man page someday) [edited: read the man page, it's to change to that directory before running the tar command. Handy.]

cp MythFE.tar /Volumes/OSBoot/

(might be lost, but then again might save me time later)

So then comes the test… connecting with SSH:

$ ssh -1 frontrow@appletv.local
Protocol major versions differ: 1 vs. 2
$ ssh  frontrow@appletv.local
Unable to negotiate a key exchange method

so, according to another page on the site this is because the ’sed’ that I used on sshd-keygen-wrapper was missing a space. However, the drive is back in the appletv so grrrrr.

Next step: build a patchstick. Gathered everything, ran the Leopard script and it says happy.

No boot. Rats. Since I had to use a USB-SD adapter instead of a regular USB stick, maybe it’s not bootable.

Borrowed a 512mb stick from a friend and re-created the patchstick. It works! OK, so I can now SSH into the appleTV. Next step, being able to do anything

Following the instructions, I went to make the disk read-write:

mount -o remount,rw /dev/disk0s3 /
/dev/disk0s3 on /: Operation not permitted

No dice. From the awkwardTV description:

 The user "frontrow" has complete sudo privileges. To be root, do sudo -s and put in the password again

which says to me that the original guide is probably out of date. As if we hadn’t already discovered that. So, I’m going to take the rest of the steps with a grain of salt…

root@appletv# mkdir /etc/mach_init.disabled
root@appletv# mv /etc/mach_init.d/ripstop.plist /etc/mach_init.disabled

Add the following to /etc/rc.local (create this file if it doesn’t already exist):

/sbin/kextunload -b com.apple.driver.AppleTCOWatchdog

Well, the read-write instructions worked OK, but vim and su didn’t — looks like Leopard strikes again. That means the well-intentioned line about adding to rc.local didn’t work easily since there’s no editor, and now I have to find vi somewhere else so it will work. Instead I went with the lazy method described on the watchdog detail page:

echo "/sbin/kextunload -b com.apple.driver.AppleTCOWatchdog" >> /etc/rc.local

which worked. Huzzah for Echo. Timezone time…

echo "/bin/ln -sf /usr/share/zoneinfo/US/Pacific /etc/localtime" >> /etc/rc.local

Erg. Big stopsign as my ATV is now rebooting after a few minutes. Not the 58 seconds described in the Watchdog writeup, maybe ATV2 is different… reverting…

-bash-2.05b$ sudo mv /etc/rc.local .
Password:
-bash-2.05b$ ls
Desktop         Library         Music           Pictures        Sites
Documents       Movies          MythFE.tar      Public          rc.local
-bash-2.05b$ ls /etc/mach_init.disabled/
ripstop.plist
-bash-2.05b$ sudo -s
bash-2.05b# mv /etc/mach_init.disabled/ripstop.plist /etc/mach_init.d/

so the ripstop.plist is back in place and rc.local is hidden. Waiting now to see if that stops the rebooting. It did.
OK, so moving to install nitoTV (after downloading it to my local downloads, and since there’s no unzip on the ATV) since it claims to kill the watchdog in 2.1:

mac$ tar cvf ~/nitoTV.tar -C /Users/mps/Downloads/ nitoTV.frappliance
mac$ scp nitoTV.tar frontrow@appletv.local:~

atv$ sudo -s
atv# tar xvf nitoTV.tar
atv# mv nitoTV.frappliance/ /System/Library/CoreServices/Finder.app/Contents/PlugIns
atv# ps -ax | grep Finder
atv# kill [Finder PID]

Restarting Finder takes a while… interesting. Wow. That was a long time. Then reboot, then to safe mode, then to reboot again, then long startup but it worked. Sorta. No nitoTV visible anywhere. Fail.

Back to searching for a fix. OMFG there’s a different link to the same version of nitoTV that has an installer. Deep cleansing breath. Now deep cleansing code:

ATV$ cd ~
ATV$ rm -rf nitoTV.frappliance/
ATV$ sudo rm -rf /System/Library/CoreServices/Finder.app/Contents/PlugIns/nitoTV.frappliance/

Cleaned. Now to push the new installer version out there (I changed the folder name after unzipping since I dislike dealing with spaces on the command line):

mac$ tar cvf ~/nitoTV.tar -C /Users/mps/Downloads/ nitoTV_Take_Two
mac$ scp nitoTV.tar frontrow@10.0.0.219:~
ATV$ tar xvf nitoTV.tar
ATV$ cd nitoTV_Take_Two/
ATV$ sudo ./installme
installer: Package name is nitoTV 0.4.8
installer: Installing onto volume mounted at /.
installer: The install was successful.
Restarting Finder...

And Finder did indeed restart – holy MACKEREL there’s a new entry. Reading the notes (wow, what a concept) it says it looks in /Users/frontrow/Applications for the apps… but that’s not where I put MythTV. So:

atv$ cd ~
atv$ mkdir Applications
atv$ mv /Applications/MythFrontend.app/ ./Applications/
mv: rename /Applications/MythFrontend.app/ to ./Applications/MythFrontend.app/: Read-only file system [ed: whoops, the installer tweaked my earlier settings]
atv$ sudo -s
atv# mount -o remount,rw /dev/disk0s3 /
atv# mv /Applications/MythFrontend.app/ ./Applications/

and presto! it appears in the Applications list within Nito. However, it dies fast. That’s OK, I know more about it now… having retrieved 10.4 versions of the files:

mac$ scp /Users/mps/vim frontrow@10.0.0.219:~
mac$ scp /Users/mps/nano frontrow@10.0.0.219:~
mac$ scp /Users/mps/su frontrow@10.0.0.219:~

atv# mv vim /usr/bin/
atv# mv su /usr/bin/
atv# mv nano /usr/bin/
atv# ln -s /usr/bin/vim /usr/bin/vi
atv# vi ~/.mythtv/mysql.txt
bash: /usr/bin/vi: Bad CPU type in executable
atv# nano
bash: /usr/bin/nano: Bad CPU type in executable

Well, curses! And here I thought we were going to work now… cleaning up again.

atv# rm /usr/bin/vi
atv# rm /usr/bin/vim
atv# rm /usr/bin/nano
atv# rm /usr/bin/su

So that means it’s not as easy as I thought… going back to the source disk:

mac$ sudo pax -r -p e -z -f /Volumes/Mac\ OS\ X\ Install\ Disc\ 1/System/Installation/Packages/BSD.pkg/Contents/Archive.pax.gz './usr/bin/vim'
mac$ sudo pax -r -p e -z -f /Volumes/Mac\ OS\ X\ Install\ Disc\ 1/System/Installation/Packages/BSD.pkg/Contents/Archive.pax.gz './usr/bin/nano'
mac$ sudo pax -r -p e -z -f /Volumes/Mac\ OS\ X\ Install\ Disc\ 1/System/Installation/Packages/BSD.pkg/Contents/Archive.pax.gz './usr/bin/su'
mac$ scp /Users/mps/usr/bin/vim frontrow@10.0.0.219:~
mac$ scp /Users/mps/usr/bin/nano frontrow@10.0.0.219:~
mac$ scp /Users/mps/usr/bin/su frontrow@10.0.0.219:~
atv# mv vim /usr/bin/
atv# mv su /usr/bin/
atv# mv nano /usr/bin/
atv# ln -s /usr/bin/vim /usr/bin/vi
atv# vi ~/.mythtv/mysql.txt

Ladies and Gentlemen, we have an editor! Of course, for some odd reason vi isn’t accepting my keyboard arrow mappings, so we shift to nano…

nano ~/.mythtv/mysql.txt

Update the settings. Restart the ATV. Pick the MythFrontend.app – and no joy. Found another page on AwkwardTV that references the fonts issue mentioned on the MythTV HowTo, trying those steps:

mac$ scp /Library/Fonts/Trebuchet\ MS* frontrow@10.0.0.219:~
mac$ scp /Library/Fonts/Arial* frontrow@10.0.0.219:~
mac$ scp /System/Library/Fonts/Geneva.dfont frontrow@10.0.0.219:~

atv$ sudo su
su: initgroups failed: Operation not permitted [grrrr, guess this isn't as easy as it should be]
atv$ sudo -s
atv# mv Arial* /Library/
atv# mv Trebuchet\ MS* /Library/
atv# mv Geneva.dfont /System/Library/Fonts/
atv# shutdown -r now

Wait for reboot… go to the app… we have a setup screen! Many notes say it’s easier to set it up from VNC than on the remote, so next step is setting up VNC.

atv# echo 71463E00FFDAAA95FF1C39567390ADCA > /Library/Preferences/com.apple.VNCSettings.txt
atv#  sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setvnclegacy -vnclegacy yes
sudo: /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart: command not found

Oops, broke. OK, looking for VNC instructions for a Take2 version (scroll down on that page):

atv# cd ~
atv# sudo dd if=/dev/disk0s2 of=recovery.dmg bs=1m
atv# sudo hdiutil mount recovery.dmg
atv# sudo hdiutil mount /Volumes/Recovery/OS.dmg
atv# cp -pr /Volumes/OSBoot\ 1/System/Library/CoreServices/RemoteManagement/ /System/Library/CoreServices/RemoteManagement
atv# cp -pr /Volumes/OSBoot\ 1/System/Library/Perl/ /System/Library/Perl/
atv# cp -pr /System/Library/Perl/Extras/5.8.6/ /System/Library/Perl/5.8.6/
(already created the VNCSettings.txt file above, if you skipped that do it now)
atv# /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setvnclegacy -vnclegacy yes
atv# /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users frontrow -privs -all -restart -agent -menu
atv# /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/MacOS/AppleVNCServer

… but it keeps running in your SSH session, so that’s not 100% ideal. Well, tradeoffs… I can afford another SSH session

So I downloaded Chicken of the VNC to get access. It worked pretty well, but then the screensaver took over and I couldn’t see what I was doing. Rebooted the ATV and went to the screensaver, turned it to “Never”. After all, I turn off my TV, not let it burn energy just for the heck of it.

OK, so I can’t get the remote to work now. Monkeyed around with trying to get a local keyboard working and no luck there either. I’m stymied. Time to ask on the forums.

multiple numbers, no roaming… sounds like it just needs some growth, early adopters, and polish.  Slick idea.

Wow, I was putting together my MythTV machine and it was OK until I had to get my remote front-end working. Because of the WAF, I selected a small machine – the Hauppage MediaMVP. What I didn’t recognize was that the documentation for getting it running… umm… stinks. Or at least is severely misleading (http://www.mvpmc.org/ mvpmc-HOWTO-singlehtml.html, not linked so you don’t try and use it. I should have noticed when it used software 13 versions old.). Or is really hard to find. So here’s my trials and tribulations and fixes, for anyone who is doing it.

Add to Ubuntu (Feisty Fawn) to get the mvpmc code loaded:

apt-get install atftpd tftp
mkdir /tftpboot
chmod a+rwx /tftpboot
export TFTPBOOT=/tftpboot
cd /tftpboot/
wget http://downloads.sourceforge.net/mvpmc/dongle.bin.mvpmc-0.3.3?modtime=1169 586056&big_mirror=0
ln -s dongle.bin.mvpmc dongle.bin.mvpmc-0.3.3
ln -s dongle.bin.mvpmc-0.3.3 dongle.bin.mvpmc

but then I was shocked to find that while the config files for inetd were created, there was no inetd. So…

apt-get install xinetd tcpd
apt-get install nfs-common nfs-kernel-server
cd /etc
e exports
ls /media/hdb1/mythtv/recordings/
/etc/init.d/nfs-kernel-server start
/etc/init.d/nfs-common start
update-rc.d nfs-kernel-server defaults

and then it wouldn’t read the config file. Time to add the setting to have xinetd use inetd.conf…

e /etc/init.d/xinetd
add in flag: -inetd_compat

I learned that the instructions on mvpmc.org are pretty specific to the first generation of the machine, the H1. However, those aren’t made any more… and once I got into trouble, each piece turned out to be challenges with the version. I’ve got an H3. For that, you need a special service that whispers magic incantations into the ear of the MVP. It also needs a significantly different guide… and after searching and searching (has VLC notes for future) and searching (supersweet detail, enough to choke on and more, which also gave me the link to…) I finally stumbled across on http://mvpmc.wikispaces.com/ and started getting more progress on MythTV setup… well, almost…

e mvpboot.pl

and I then went spelunking into mvpboot.pl and mvprelay.c -

perl -MCPAN -e shell
install Net::Interface
apt-get install initrd-tools gcc
dd if=dongle.bin.mvpmc-0.3.3 of=dongle.bin.ver bs=1 count=40 skip=5

So once again I’m thrilled by Debian/Ubuntu and their dependencies… as well as the prompts (when you run a nonexistent program, Ubuntu now suggests packages to install that provide the command you’re trying to use… very cool). But I hate how I rely on them, because I thought once I actually installed GCC that it would work. I finally was googling and found I was still missing one big piece:

apt-get install build-essential

and now all the compilation stuff worked and Perl was happy. Argh!

I then started fighting my drive definitions… I had partitioned my three drives in a marvelous way, redundancy for the OS and big space for the media:

Mirrors on drive 1 and 2:

• 100mb – /boot
• 2gb – swap
• 28gb – /

One big XFS drive (3) for media:

• 400gb – /media

except it appears Ubuntu uses /media for its mount space, and somehow my brain didn’t register that. So when the folder was there, I thought it would have my big space… but no. Fought with fstab a while and eventually got it so the last drive moved to /mediafiles and all started working.

Now the shiny stuff. MVPMC can stream music from a central server, too…

apt-get install slimserver

and it didn’t work that well when I put it in. All I could get was a statement from Live365 that I wasn’t logged in. Shockingly, when I went to the SlimServer instructions and did some basic configuration it worked. Who’da thunk it?  I also had to chmod 777 to get it to read the media… I’ll clean that up later.

Other MythTV bits:

apt-get install mythweb mythmusic mythvideo mythplugins ogle mplayerapt-get install vlc videolan-doc

Followed the instructions on setting up vlc. It also said I needed mpslave to use aacPlus or Real Audio streams… right now I don’t need that bad enough to do the work. It’s not working yet, so I’ll have to poke it more later.

What remains? Glad you asked…

• For some reason the network connection is running at 10mb Half Duplex. Since it happens with other computers on that drop I think it’s a switch or wire problem.
• mplayer on my mvpmc only shows streaming radio successfully from live365 and the other XML is having parsing errors.
• slimserver is cataloguing AAC files from iTunes but not playing them, even the unencrypted ones
• I have to set up playlists and my local radio stations as m3u links so we can use them also… should be easy, just has to be done…
• I want to get the ReplayTV and Filesystems menu items to not display, which should be doable according to the commandline argument writeup but it somehow isn’t.
• Live TV isn’t running yet (but we almost never watch live TV so I don’t care much)
• Get VLC working
• Clean up the /mediafiles/music chmod 777 hack
• Oh yeah, and getting it working with remote systems so I can drive the other two TVs. I’m going to see if I can get my hands on an AppleTV to get a richer interface for the Myth frontend and still have iTunes playback work for the stereo… that might be better for music playing. Not to mention then it will have HDMI or composite video which would be very good if we upgrade our TVs anytime in our life… sigh.

I wanted to have my server with X installed but not starting, and found a handy tool rcconf from a discussion about how to keep X from running automatically.  It handles the startup alterations for you, kind of like chkconfig in redhat.

Technorati Tags: ubuntu, xwindows, rcconf

A friend of mine, Bill, found out that his password had been mailed to him in plaintext from his ’shiny, new 401k’ and he wrote about the disconcerting experience of a financial services company being careless with security. Having worked in a financial services company, I can only say that the troubles he encountered are not that bad… you should have seen some of the sausage in the factory I worked in.

That said, Bill violated a crucial rule of security and he needs to learn it as much as the Schwab folks need to learn their own lessons:

Never, never, never depend on someone else to provide your security.

Bill “used one of his common passwords”… and you shouldn’t have any of those. A common password is a common vulnerability, especially because you can’t know how companies will protect your passwords or your data — as he unfortunately learned. To avoid this, you can use a desktop application (such as the free Password Safe, originating from Bruce Schneier’s Counterpane Labs) or a browser plug-in (such as Password Hasher or Secure Login or any of the other 48 listed on the addons site) or the Mac’s built-in Keychain app so you can generate random passwords and never, never reuse them. Personally, I’ve been using Password Safe for years.

He also offers great tips for websites to make their applications more secure, like not asking for really constant, common, data like mother’s maiden name. The other option is to not answer with an expected response. Mother’s maiden name? Istanbul. Honeymoon location? Jones. And so on…

Never trust someone else’s security.

Technorati Tags: security, password, firefox

More quick reference links to apache goodness: mod-rewrite and virtual hosts overview. Next step, hooking up the rewrite so my old-format links with multiple blogs point to the new-format post URLs. sigh.

Wordpress is simple, but it still isn’t psychic.

And I also found that Redhat has a nice overview of named for those of us still learning BIND.

I finally got the MU installation working the way I desire, though it ended up requiring some code hacking. Why? For some reason, the wpmu-settings file strips out “www.” before evaluating the blog… and when it did that and redirected, it found my Apache redirect… which sent it back to www, which stripped… and so on.

It ended up being a very easy fix… comment out two lines and bingo! the code works how I expected. But it took hours of searching because the code somehow thinks a “www” subdomain should be handled differently than any other subdomain. I disagree, and once I remove the “www” restriction in the admin tool, I expect the code to behave consistently.

I finally found the solution on a couple of the WPMU forum threads where others had the same problem — I simply wasn’t searching for “www” because… well… why would that subdomain be handled any different than all others I was using?

I also found a link to a multisite manager which could eliminate a bunch of the multi-domain manual database work I was doing. I’m downloading it and will have to play with it later when I have free time…

…thank goodness. OK, on to the next challenges… how to adapt the theme(s) to the new 2.x code, and then to run the theme security scanner…

used Stray Quotes since it appears to be more maintained. Now I just have to actually get updated themes and then add it in again…

Also, I got closer to the everything-running-multidomain (though not with multiple URLs to the same blog, and I may fall back on apache redirects) thanks to a discussion thread with Dr. Mike and then a recipe from cafespain for making multiple domains work:

1. edit the Domain server for the domainname you are interested in and add a CNAME record for something like blog.domainname.com which points to your WPMU installation.
   eg. I added the CNAME blog.clearskys.net to the clearskys.net DNS settings and set it to point to cafespain.com
2. Create a blog in your WPMU installation – it doesn’t matter what you call it for now – use the existing admin system to create it.
3. Add a record in wp_site with the the domain of the new blog. eg. in this case clearskys.net and set the path to /
4. Duplicate the wp_sitemeta entries for your new site (insert into wp_sitemeta (site_id, meta_key, meta_value) SELECT x, meta_key, meta_value FROM wp_sitemeta WHERE site_id = 1 (change x to the id of the new site record created at step 3.
5. Modify the record for the blog you created in wp_blogs and change the domain to the CNAME you created in step 1 (in this case blog.clearskys.net) and change the site_id to the id of the site record in step 3.
6. Modify all the records in wp_xx_options (where xx is the record number of your blog in step 5) that have the domain path, so that it is the same as that set in step 5 (blog.clearskys.net).
7. Wait a bit for the DNS changes to propagate and access the website at blog.clearskys.net, voila one wordpress blog, with it’s own domain running off an installation of WPMU at a different one.

There’s some discussion of issues with administration of blogs on other domains farther down after that recipe, but we’ll burn that bridge when we come to it.

Notes on getting mu working…

From David Yin, a tip on adding Ubuntu mod-rewrite:

To install mod_rewrite, “sudo a2enmod rewrite”

The site-add dialog doesn’t let you do both subdirectories and subdomains, though I can’t see why not.  It also restricts you to a 4-character subdomain, but you can alter that within the database and it doesn’t seem to cause any problems. Not yet.

I’m also trying to figure out how to have both subdomains and subdirectories, and/or how to have multiple subdomains that point to the same blog.  Still in process… let me know, Noble Reader, if you have any tips.