Using PHP SimpleXML to manipulate itunes compatible RSS/ Podcast XML (work around)

Posted: June 13th, 2012 | Author: | Filed under: PHP | Tags: , , , , , | No Comments »

PHP’s SimpleXML is very easy to use and is perfectly suited to generate and update mundane things like Postcast RSS.

To create an XML object from an RSS file in PHP. All you need is to do to use the simple_loadxml_file command. eg

$xml = simple_loadxml_file('rss.xml');

. To change attributes is very easy, you only need to typecast the variable name and point to the new value eg

(string)$xml->channel->pubDate = date(DATE_RFC822);


Everything is all fun and games until you get to the iTunes podcast specifications. For pocasts, Apple has added a few special tags that have the itunes: prefix. eg owner, name, email, category etc. The problem is not with the words but with the ‘:’. XML uses colon symbol to specify a namespace, which in turns causes SimpleXML to get confused when it is processing the iTunes specific tags. If you use a command like addChild to add an itunes:author tag eg

$rssitem->addChild('itunes:author', $rssauthor);

It will be rendered as

<author>Joe Bob</author>


For generating a Podcast feed, I am assuming you will be updating the feed from an existing file instead of generating it from scratch every time it needs updating. I suggest you save the XML file into 2 copies, one for internal / coding use and one for public podcast XML. In the private one, you will use SimpleXML as is and generate tags with iti_ prefix instead of itunes: prefix eg

<iti_author> Bob</iti_author>

instead of

<itunes:author> Bob</itunes:author>

. After you have processed and saved the XML object, use str_replace(‘iti_’, ‘itunes:’, $xmlfile) to replace the tags and that will be the public XML feed file.

After entering all the info into the XML file, you would need to run it through the DOM object to clean up the entry, it makes the XML readable. Here is the snippet of the code:

$dom = new DOMDocument('1.0');
$dom->preserveWhiteSpace = false;
$dom->formatOutput = true;

This way is much quicker than trying to get SimpleXML to work with not quite conforming specifications of iTune’s XML.


Recipe: How to compile your own Deb package.. a Pidgin example

Posted: June 5th, 2012 | Author: | Filed under: Debian, Linux Mint, Ubuntu | Tags: , , , , , , | No Comments »

Recently I switched my communication machine from XP to Linux Mint. However I find Pidgin 2.10.2 which comes with Linux Mint Debian a tad unreliable. I thought I would make my own deb package, based on the latest distribution source.

Objective: Create Debian packages or .deb for private consumption from any source code.

Assumptions: You have superuser (su/sudo) privileges on the machine you want to make the Debian package.

Preparations (Getting the tools you need):"Make sure source is selected"

  1. Make sure you have “Source code” option checked in your Update Manager (Linux Mint specific)
  2. Check in /etc/apt/sources.list there is a deb-src testing main contrib non-free entry.
  3. Run apt-get update and apt-get upgrade to make sure you have the latest OS
  4. Get the build tools
    • sudo apt-get install autotools-dev
    • sudo apt-get install build-essential
  5. Get the Debian specific build tools
    • sudo apt-get install dh-make
    • sudo apt-get install devscripts

Get the source code and dependencies

  1. Grab the source code from:
  2. Uncompress the source code tar -xvf pidgin-2.10.4.tar.bz2
  3. Get the required dependencies sudo apt-get build-dep pidgin, this grabs the dependencies for the version that is in the repository, most of the time it should be enough for . releases. If you need anything extra, remember if you will need extra libraries via apt-get, remember to get the ones that have the -dev suffix

Configure the source code

  1. Run ./configure –help in the source directory to familiarize yourself with what options there are. In my case I found I want to add –enable-cyrus-sasl to enable the SASL feature.
  2. Run the Debian specific tools (this will create a few files that are needed to create the .deb package and they will be stored in the debian subdirectory in the source directory)
    1. dh_make -e -f ../pidgin-2.10.4.tar.bz2
    2. dpkg-depcheck -d ./configure –enable-cyrus-sasl Pay attention to the output of the required packages (Select them and Copy them)
    3. Modify control file in debian subdirectory. Append the required packages listed to the end of line 5 which starts with: Build-Depends:. Separate each package name with a comma. You can also fill in the URL of the package, licensing etc etc. These attributes will show up when you install the package via the software installation program eg GDebi, Synatpic etc

Compiling and Packaging

  • Run dpkg-buildpackage -rfakeroot to start the package compile

There is a good chance you will run into errors like below

If some of these files are left out on purpose then please add them to
POTFILES.skip instead of A file 'missing' containing this list of left out files has been written in the current directory.
Please report to
if [ -r missing -o -r notexist ]; then \
exit 1; \
make[2]: *** [check] Error 1
make[2]: Leaving directory `/home/username/pidgin-2.10.4/po'
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory `/home/username/pidgin-2.10.4'

dh_auto_test: make -j1 check returned exit code 2
make: *** [build] Error 29
dpkg-buildpackage: error: debian/rules build gave error exit status 2

In cases like this you will need to add the missing files to the file POTFILES.skip in the /po subdirectory. Since POTFILES.skip has been edited, you will need to run dpkg-source –commit to make the commit the change in file. It will create a patch and ask for a filename, just put in any filename that strikes your fancy. Rerun dpkg-buildpackage -rfakeroot afterwards.

References: How to create a .deb package

If your iMac i3 won’t power up…

Posted: January 16th, 2012 | Author: | Filed under: Mac | Tags: , , , , , , , | No Comments »

I had recently upgraded my iMac to 10.7 but I didn’t realise I should have cleared the PRAM and NVRAM. After a while, I noticed the iMac won’t power up after a shutdown. Removing the power cord as per Apple Support doesn’t do crap. Since the machine wont’ power up I can’t execute Command-Option-P-R either.

I consulted the iFixit guide on how to remove PRAM battery.. for PC people it is the battery that stores the BIOS setting. For the iMac, the battery is stored in literally the belly of the beast. It is one of the last pieces you get to after you have completely disassembled the iMac. After planning the disassembly, I realised that the power supply is one of the first pieces you remove. I took it out, discharged the caps, replaced it back into the iMac, I reasoned if it doesn’t work, I am back to square one..

Voila.. the iMac powered up. It is still rather cumbersome, the LCD cable is REALLY delicate.. I thought this might help someone who might be in the same situation as I was.

More Netatalk Debugging and Solutions

Posted: August 24th, 2011 | Author: | Filed under: Mac, netatalk, Time Machine, Ubuntu | Tags: , , , , , , , | No Comments »

I had to reinstall my Ubuntu system because my Seagate drive died of a horrible and quick death. I replaced the drives with WD Greens. Since the Seagate had a SMART error, bad sectors were growing every second, basically the data on the OS drive was spinning to pieces.

When I reinstalled netatalk; I installed the self compiled netatalk package (that was mentioned previous). However I encounter the following error:

afpd {cnid_dbd.c:314} (E:CNID): dbd_rpc: Error reading header from fd (db_dir /var/dbd/AppleDB/tm): Connection reset by peer
afpd {cnid_dbd.c:400} (E:CNID): transmit: Request to dbd daemon (db_dir /var/dbd/AppleDB/tm) timed out.

That is relatively simple. I just had to make sure the dbpath in AppleVolumes.default exists.

Another error message I got:

afpd {volume.c:1907} (W:AFPDaemon): volume "usr" does not support Extended Attributes, using ea:ad instead

I made sure cnidscheme is set to dbd and ea is set to sys in AppleVolume.default.

:DEFAULT: cnidscheme:dbd ea:sys

Netatalk manual’s coverage on AppleTalk.default.

Creating a Debian VirtualBox VM

Posted: January 7th, 2011 | Author: | Filed under: Debian, Mac, Virtual Box | Tags: , , , , , , , , | No Comments »

In the past, I used to use Parallels 5 for my VM needs (and I still do). Recently I have found out that in order to install the Parallel Guest Tools on the latest Ubuntu (10.10); I have to upgrade Parallels from version 5 to 6. Since Ubuntu updates every 6 month, it means that there is a good chance that I have to update Parallels every year on order for the latest version of Ubuntu to work. I have decided to check out VirtualBox and see how well it works with my Development environment.

To create a basic Debian VirtualBox image:

  1. Grab the latest netinst image
  2. For typical development use, I don’t think one will use more than 8GB of disc space.
  3. Use the Guided hard disc setup and use the whole drive
  4. Deselect everything else and only install Standard System
  5. Install GRUB to your bootloader
  6. Go through the system setup and reboot
  7. Install OpenSSH server by apt-get install openssh-server
  8. Run apt-get upgrade
  9. Run apt-get update
  10. Do a ACPI Shutdown via the Machine menu or run shutdown now
  11. Edit the VM’s Settings via the Oracle VM VirtualBox Manager
    I typically set:

    • Hardware clock in UTC time. This is to make sure that clocks are in sync so things like ssh won’t misbehave.
    • Disable Audio
    • Change Network -> Adapter 1 -> Attached to: Bridged Networking
    • Disable the Ports (both serial and USB)
    • Leave Shared Folders option unset, I just use SSH for everything.
  12. Reboot, Login
  13. Run ifconfig, the ip address will now be in your home network’s subnet (for me it is So you can ssh into the machine via ssh username@ipaddress
  14. Shutdown again and select Export Appliance under File in the VirtualBox Manager. Now, whenever you need a debian vm, you just have to import the appliance. At this stage. I also highly recommend you take a snapshot of the image before you do any tinkering.
  15. Start the machine again, if you want to give the vm a static IP run nano /etc/network/interfaces

    allow-hotplug eth0
    iface eth0 inet dhcp

    with (IP Address and Gateway adjusted to taste)

    iface eth0 inet static

    Run /etc/init.d/networking restart

  16. Next time, you can start the Virtual Machine via commandline by using VBoxHeadless -startvm “machinename”

Receipe for Compiling and Installing FreeRADIUS 2.1 on Debian 5 from source

Posted: January 6th, 2011 | Author: | Filed under: Debian, freeRADIUS, Virtual Box | Tags: , , , , , , , , , , , | No Comments »

With the advent of virtualization, I prefer to have virtual machines that perform one and only function.
So instead of having one server that would be my RADIUS, file server etc. I rather have several virtual machines each performing one task.
To setup a FreeRADIUS server from source on a Debian server:
First install Debian:

  1. Grab the latest netinst CD from
  2. Install the base installation (I think 3GB of disc space will be more than enough).
  3. Run apt-get update and apt-get upgrade to make sure you have the latest version.
  4. Edit the network configuration which is located /etc/network/interfaces
  5. Install sudo
  6. Install openssh-server, so that you can ssh into the machine remotely.
  7. Save and Shutdown the VM.
  8. Replicate the VM via your virtualization software. We will use one copy to compile from source, and the other one to install.

Second, configure, compile and create the Debian packages.
Since we are using this as a one off compile machine, we will compile as root.

  1. Grab the latest stable FreeRADIUS source code from the website
  2. apt-get install bunzip2
  3. apt-get install fakeroot
  4. apt-get install dpkg-dev (this will get all of the development environment)
  5. apt-get build-dep freeradius (this will grab all the libraries required for compile). Unlike the official instructions libssl-dev is automatically downloaded.
  6. apt-get install quilt
  7. run ./configure in the source directory
  8. run make to compile
  9. fakeroot dpkg-buildpackage -b -uc

Now you should have the following one directory up.


Third, install and configure your FreeRADIUS machine.

  1. Transfer the FreeRADIUS *.deb files from the compiling machine to the deployment machine.
  2. You can shutdown and delete the compiling virtual machine now.
  3. Create a directory for the Certificate Authority (I use /ca)
  4. Copy the the files: xpextensions, client.cnf, server.cnf, ca.cnf and bootstrap from the raddb/certs directory to the /ca directory
  5. Install Openssl by issue the following command apt-get install openssl openssl-blacklist ssl-cert libltdl3 libperl5.10
  6. Edit the *.cnf files and create the required certificates
  7. Note the path of the server certificate and keys, also the location of the ca certificate
  8. Run openssl dhparam -out dh 2048 in the ca directory (note the path)
  9. Also run dd if=/dev/urandom of=random count=2
  10. Install mysql (optional, or any database backend) by using this command: apt-get install mysql-server, libmysqlclient15-dev
  11. Install libpcap0.8 (optional)
  12. Install the deb files in the following order via dpkg -i package.deb command:
  13. libfreeradius2_2.1.10+git_amd64.deb
    freeradius-mysql_2.1.10+git_amd64.deb (or postgres version)
  14. Edit the eap.conf file in the /etc/freeradius directory and put in the variables gained from Step 7.
  15. Create a freerad user and freerad group
  16. Add this 2 commands in the /etc/init.d/freeradius file:
    mkdir -p /tmp/radiusd
    chown freerad:freerad /tmp/radiusd

    Somewhere before the statement test -f $PROGRAM || exit 0 should be fine (mine is around line 23). This is for the option to verify the client certificate, the option to do that is located in eap.conf.

  17. Add an entry into the clients.conf which indicate the IP of your AP where TLS requests will be coming from, the ipaddr variable is the ip address of your AP. The secret has to be the same as the secret set on the AP. The secret is completely unrelated to anything else, so you can have a random phrase. It is between the AP and the FreeRADIUS server. It is not required anywhere else.
    client wifi {
            ipaddr =
            secret = mysecretisnosecret
    #       shortname = linksys
            nastype = other
  18. Setup mysql (ie set root password etc), then run admin.sql, nas.sql, ippool.sql, schema,sql and cui.sql in the /etc/freeradius/sql/mysql
  19. Setup the user radius‘ password and add the pertinent information to /etc/freeradius/sql.conf
  20. Add a test user sqltest with password testpassword, attribute Cleartext-Password, op == in the radcheck table
  21. Do your clean up ie create ssh keys for remote logins etc.


  1. Stop any running freeradius servers by /etc/init.d/freeradius -stop
  2. Run radius server in debug mode: freeradius -X (note captialised X)
  3. Open another ssh window and issue radtest username password localhost 1812 testing123
    It should return something simliar to this:

    Sending Access-Request of id 28 to port 1812
      User-Name = "username"
      User-Password = "password"
      NAS-IP-Address =
      NAS-Port = 1812
    rad_recv: Access-Accept packet from host port 1812, id=28, length=26
      Framed-IP-Address = (your ip)

    NAS-IP Address is the address that the machine managed to resolve your IP from.

  4. If the FreeRADIUS server is not receiving your request from your AP. eg You initiated 802.1X authentication but the AP reports the server is not responding AND there is no activity shown on the screen of freeradius -X. Reset the AP!

Additional Reading:

How to setup MacOSX 10.6 for freeRADIUS TLS or WPA2 Enterprise access

Posted: January 6th, 2011 | Author: | Filed under: freeRADIUS, Mac | Tags: , , , , , , , , , , | No Comments »

Apple’s documentation for TLS access is rather thin on how to use generate certificates etc. for freeRADIUS. Here are some quick instructions.
First, the guest machine must generate a certificate request.

  1. Go to Applications -> Utilities -> Keychain Access
  2. Under Keychain Access -> Certificate Assistant -> Request a Certificate from a Certificate Authority…
  3. Fill in the info, give them your CA Email Address (the one that is in your ca.cnf file)
  4. Either Save or Email (however if a guest is visiting your house and doesn’t have wifi nor cell access, it could be a problem!).
  5. Once you have transfered the request to your server issue the command (substitute guestname with what ever you like, in my guest.cnf, I have set the lifetime of the certificate to 1 day:
    openssl ca -config guest.cnf -policy policy_anything -out guests/guestname.crt -extensions xpclient_ext -extfile xpextensions -infiles guestname.crt
  6. Return the ca.crt (if your guest is a frequent visitor or a close friend) and guestname.crt

Setup 802.1X or WPA2 Enterprise access on the guest’s machine:

  1. Open Keychain Assistant (if you have closed it)
  2. Click the user’s keychain, if the padlock is closed, click on it.
  3. Drag the certificates generated above into the keychain
  4. Optionally: Click on the Trust tab and select Always Trust (Assuming you do no evil!)
  5. Quit Keychain Assistant
  6. Open Preferences -> Network
  7. Select Airport -> Advanced..
  8. Select 802.1X tab
  9. Create a new User Profile via the + icon on the lower left hand corner of the window.
  10. Give the profile any name you like
  11. Check the TLS box under Authentication
  12. Click on Configure Trust
  13. Select the Certificates tab
  14. On the lower left hand corner, click on the + and select Select Certificate From Keychain
  15. Click OK and the window will close
  16. Select the SSID from the Wireless Network: drop down list
  17. Select WPA2 Enterprise from the Security Type: drop down list
  18. Click OK and you will be back in the Network window
  19. The profile name should appear now next to 802.1X
  20. Click on Turn Airport On
  21. The 802.1X should automatically connect, if not click on the Connect button
  22. To disconnect, click on Disconnect or Turn Airport Off.

Additional Reading:
Apple’s Resources with pretty pictures.

Solutions to freeRADIUS TLS “Certificate Compatibility” Issue

Posted: January 6th, 2011 | Author: | Filed under: freeRADIUS | Tags: , , , , , , , , , , , , , | 1 Comment »

Christmas and New Years celebration came and passed in a blur! I had quite a few parties at my place over the holidays and in this day and age guests often wants to have access to your wifi network. Instead of giving away my PSK, I have decided to try freeRADIUS and assign each guests a day TLS certificate instead.

freeRADIUS is a very configurable system. However, it also means for the uninitiated the configuration files are quite daunting. I highly recommend setting a system using any virtualization software and keep snap shots at each step.

When I first researched how to setup freeRADIUS, I followed instructions like this. I didn’t grasp the importance of correct SSL certificate generation, and the wrong configuration options will cause problems down the line.

Everything went smoothly until I started to sent TLS requests for authentication. When running under debug mode I encounter:

WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x34567a5d346e47c0a8c did not finish!
WARNING: !! Please read
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Sending Access-Challenge of id 0 to port 2050
  EAP-Message = 0x010100060d20
  Message-Authenticator = 0x00000000000000000000000000000000
  State = 0x34567a5d346e47c0a8c

If everything works, it should also show:

  Sending Access-Accept of id 0 to port 2050
  Framed-IP-Address :=
  MS-MPPE-Recv-Key = 0x2abc7be1c8bfdcf2214bb36a983b1ccbebf38f3ce03a30a71fe01c1e0d5a6148
  MS-MPPE-Send-Key = 0x5d218788c3c05366d75af398a722525fed8f1bae97d002a32fa92e2daf878444
  EAP-Message = 0x010100060d20
  Message-Authenticator = 0x00000000000000000000000000000000
  User-Name = "godwin"

I have to say the responses on the freeRADIUS meesage list and wiki sites are rather terse. They don’t really tell you wants wrong, so what’s wrong is the certificates were formatted incorrectly and won’t generate the Sending Access-Accept message which means that the connection has been made. (Obvious once I know what to look for but since it is not an explicit error message, it takes a while to figure it out). In the end, I finally figured it out. The certificate generation instructions changes quite often and the website I was referencing from was for an older version!

Here is what you want to do in an ideal situation.
1. Install OpenSSL
2. Do not configure OpenSSL yet!
3. Install freeRADIUS
4. Figure out which freeRADIUS version you are using (for me it is 2.1.10).
5. I would either go to github (the website that hosts the freeRADIUS source code), or your source directory.
6. Copy bootstrap (which is a script that will configure your ca if you want), all the cnf and xpextensions file put it in your Certificate Authority file (assuming you are cheap like me and going to self sign and be your own Certificate Authority).
7. The certificate generation commands are in bootstrap script, so study it.
8. Edit the cnf files, I have also created a guest.cnf file so it will generate 1 day passes.

For me here are the commands I used to generate the certificates (this works for version 2.1.10). I kept my cert files in /ca directory.

To generate the CA (I picked 1825 days which is 5 years because I think it is reasonable, adjust to taste.):

openssl req -config /ca/ca.cnf -new -x509 -extensions v3_ca -keyout /ca/private/ca.key -out /ca/certs/ca.crt -days 1825

To generate the Server keys: (The first command generates a request, then the last one signs it)

openssl req -config server.cnf -new -nodes -keyout private/server.key -out server.csr -days 1825
openssl ca -config server.cnf -policy policy_anything -out certs/server.crt -infiles server.csr

Use openssl verify -purpose sslserver -CAfile /ca/certs/ca.crt /ca/certs/certificatename.crt to verify your certificates were generated correctly.

Add the file locations into your /etc/freeradius/eap.conf file.

Now you can get your guests to generate their certificate requests. You will use the following command to sign their certificate and return to them.

openssl ca -config guest.cnf -policy policy_anything -out guests/guest.crt -extensions xpclient_ext -extfile xpextensions -infiles request.crt

launchctl Tutorial

Posted: December 5th, 2010 | Author: | Filed under: launchctl, Mac | Tags: , , , , , , , , , , , , , , , | No Comments »

launchctl allows users to start / stop applications that is typically processed via launchd. (MacOS’s equivalent of cron).

launchctl command configurations are stored as XML formatted .plist files located in directories /System/Library/LaunchAgents or /System/Library/LaunchDaemons for system wide start items, for user specific items the plist files are stored in ~/Library/LaunchAgents or ~/Library/LaunchDaemons directories.

Agents or Daemons?
An agent is a program that requires access to specific users’ information. A daemon is a program that runs in the background and requires generally no input from any user.

For more a comparison between Agents and Daemons refer to this Apple technote.

What is in a .plist?
A .plist file must contain at the very least the keys Label, ProgramArguments array and a key to tell launchd how the application is run eg KeepAlive, RunAtLoad for one time operations. or StartonMount, StartInterval, StartCalendarInterval for repeating occurrences.

A complete dictionary of all the property keys can be found here. A few things it can do is to monitor modified paths (via the key WatchPath), HardResourceLimits etc.

Here is an example for com.companyname.agentorapplicationname.plist, which runs the application full/path/to/binary every 60 seconds:

< ?xml version="1.0" encoding="UTF-8"?>
< !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" \

<plist version="1.0">
  <key>StartInterval 60</key>
  <true />

launctl operations

Command Description
launchctl list Lists the PID, status and name of loaded processes
launchctl list Output the runtime information (eg. PATH) of
launchctl start Starts
launchctl stop Stop
launchctl loads -w /path/example.plist Loads a process by its plist filename
launchctl unloads /path/example.plist Stop and unload a process by its plist filename
submit -l labelname -p /path/eg/binary -o /path2/stdout -e /path2/sterr Manually run binary under the label labelname with to specified stdout and sterr devices/files

How to start / stop AppleVNCServer via command line properly!

Posted: December 2nd, 2010 | Author: | Filed under: Mac, VNC | Tags: , , , , , | No Comments »

The recent versions of Apple MacOSX (10.5+) come with built in VNC Server which allows users to remote access the Mac graphically. With 10.5 there is a weird bug in the VNCServer, where in mid session, the process will increases its CPU load from a typical ~1 – 10% to 60%+ and locking up the session while it is at it. Typically AppleVNCServer can take about 25% CPU time on a G5 during normal Window dragging etc.

One can terminate the thread brutishly by issuing the command ps -ax | grep AppleVNCServer to find the offending PID and then kill it. The AppleVNCServer will restart assuming your Screen Sharing option is turned on.

However one can also do it elegantly via the launhctl interface.

The actual AppleVNCServer binary is buried in /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/. However it is controlled via the /System/Library/LaunchAgents/

AppleVNCServer doesn’t seem to accept any runtime flags.

To see if it is actually running run launchctl list.

To STOP a run away AppleVNCServer process: launchctl stop
To START AppleVNCServer via command line: launchctl start

If you reach this far, I assume you also know how to remote access a mac via ssh.