Author Archives: zo0ok

Working OpenVPN configuration

I am posting my working OpenVPN server configuration, and client configuration for Linux, Android and iOS. First a little background.

I have an OpenWRT (14.07) router running OpenVPN server. This router has a public IP address and thanks to dyn.com/dns it can be resolved using a domain name (ROUTER.PUBLIC in all configuration examples below).

My router LAN address is 192.168.8.1, the LAN network is 192.168.8.*, and the OpenVPN network is 192.168.9.* (in this range OpenVPN-clients will be given an address to their vpn/dun-device). I run OpenVPN on TCP 1143.

What I want to achieve is
1) to access local services (like ownCloud and ssh) of computers on the LAN
2) to access internet as if I were at home, when I have an internet access that is somehow restricted

The Server
Essentially, this OpenWRT OpenVPN Setup Guide is very good. Follow it. I am not going to repeat everything, just post my working configurations.

root@breidablick:/etc/config# cat openvpn 

config openvpn 'myvpn'
	option enabled '1'
	option dev 'tun'
	option proto 'tcp'
	option status '/tmp/openvpn.clients'
	option log '/tmp/openvpn.log'
	option verb '3'
	option ca '/etc/openvpn/ca.crt'
	option cert '/etc/openvpn/my-server.crt'
	option key '/etc/openvpn/my-server.key'
	option server '192.168.9.0 255.255.255.0'
	option port '1143'
	option keepalive '10 120'
	option dh '/etc/openvpn/dh2048.pem'
	option push 'redirect-gateway def1'
	option push 'dhcp-option DNS 192.168.8.1'
	option push 'route 192.168.8.0 255.255.255.0'

It is a little unclear if the last three options really work for all clients. I also have:

root@breidablick:/etc/config# cat network 
.
.
.
config interface 'vpn0'
	option ifname 'tun0'
	option proto 'none'

and

root@breidablick:/etc/config# cat firewall 
.
.
.
config zone
	option name 'vpn'
	option input 'ACCEPT'
	option forward 'ACCEPT'
	option output 'ACCEPT'
	list network 'vpn0'
.
.
.
config forwarding
	option src 'lan'
	option dest 'vpn'

config forwarding
	option src 'vpn'
	option dest 'wan'
.
.
.
# may not be needed depending on your lan policys (2 next)
config rule
	option name 'Allow-lan-vpn'
	option src 'lan'
	option dest 'vpn'
	option target ACCEPT
	option family 'ipv4'

config rule
	option name 'Allow-vpn-lan'
	option src 'vpn'
	option dest 'lan'
	option target ACCEPT
	option family 'ipv4'
.
.
.
# may not be needed depending on your wan policy
config rule
	option name 'Allow-OpenVPN-from-Internet'
	option src 'wan'
	option proto 'tcp'
	option dest_port '1143'
	option target 'ACCEPT'
	option family 'ipv4'

iOS client
You need to install OpenVPN client for iOS from the app store. The client configuration is prepared on your computer, and synced with iOS using iTunes (brilliant or braindead?). This is my working configuration:

client
dev tun
ca ca.crt
cert iphone.crt
key iphone.key
remote ROUTER.PUBLIC 1143 tcp-client
route 0.0.0.0 0.0.0.0 vpn_gateway
dhcp-option DNS 192.168.8.1
redirect-gateway def1

This route and redirect-gateway configuration makes all traffic go via VPN. Omit those lines if you want direct internet access.

Android client
For Android, you also need to install the OpenVPN client from the Store. My client is the “OpenVPN for Android” by Arne Schwabe. This client has a GUI that allows you to configure everything (but you need to get the certificate files to your Android device somehow). You can watch the entire Generated Config in the GUI and mine looks like this (omitting GUI and Android-specific stuff, and the certificates):

ifconfig-nowarn
client
verb 4
connect-retry-max 5
connect-retry 5
resolv-retry 60
dev tun
remote ROUTER.PUBLIC 1143 tcp-client
route 0.0.0.0 0.0.0.0 vpn_gateway
dhcp-option DNS 192.168.8.1
remote-cert-tls server
management-query-proxy

Linux client
I also connect linux computers occationally. The configuration is:

client
remote ROUTER.PUBLIC 1194
ca ca.crt
cert linux.crt
key linux.key
dev tun
proto tcp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nobody
group nogroup
verb 5
# redirect-gateway local def1
log log.txt

Here the redirect-gateway is commented away, so internet traffic is not going via VPN.

Certificates
The easy-rsa package and instructions in the OpenWRT guide above are excellent. You should have different certificates for different clients. One certificate can only be used for one connection at a time.

Better configuration?
I dont say this is the optimal or best way to configure OpenVPN – but it works for me. You may prefer UDP over TCP, and may reasons for running TCP are perhaps not valid for you. You may want different encryption or data compressions options, different logging options and so on.

Nodejs v0.12.0 on (unsupported) PowerPC G4

Nodejs can not be built for a G4 processor (PowerPC 7455, as found in pre-Intel Apple hardware) because of a few missing CPU instructions. IBM has made a Power/PowerPC-port of V8 (the JavaScript engine of Nodejs), but it does not work with the G4.

However, there is a quite simple workaround that can probably work for other unsupported platforms (PowerPC G3) as well, but ARMv5 failed.

This solution is to emulate a supported (i386) CPU using Qemu. Qemu is capable of emulating an entire computer (qemu-system-i386) or just emulate for a single program/process (qemu-i386). That is what I do.

I am running Debian 7 on my G4 computer, which comes with an old version of Qemu. It is old enough to not support the system call ‘futex’ (system call 240). My suggestion is to simply use debian backports to install a much more recent version of qemu.

# Add to /etc/apt/sources.list
deb http://http.debian.net/debian wheezy-backports main

# Then run
$ sudo apt-get update
$ sudo apt-get -t wheezy-backports install qemu-user

Now you can use the command qemu-i386 to run i386 binaries. Download the i386 binary linux version of nodejs and extract it somewhere. I extracted mine in /opt and made a symlink to /opt/node for convenience. Now:

zo0ok@sleipnir:~$ qemu-i386 /opt/node/bin/node 
/lib/ld-linux.so.2: No such file or directory

Unless you want to build your own statically linked nodejs binary, you need to get a few libraries from an i386 linux machine. I put these in /opt/node/bin/lib:

zo0ok@sleipnir:/opt/node/bin/lib$ ls -l
total 3320
-rw-r--r-- 1 zo0ok zo0ok  134380 mar  3 21:02 ld-linux.so.2
-rw-r--r-- 1 zo0ok zo0ok 1754876 mar  3 21:13 libc.so.6
-rw-r--r-- 1 zo0ok zo0ok   13856 mar  3 21:06 libdl.so.2
-rw-r--r-- 1 zo0ok zo0ok  113588 mar  3 21:12 libgcc_s.so.1
-rw-r--r-- 1 zo0ok zo0ok  280108 mar  3 21:11 libm.so.6
-rw-r--r-- 1 zo0ok zo0ok  134614 mar  3 21:12 libpthread.so.0
-rw-r--r-- 1 zo0ok zo0ok   30696 mar  3 21:05 librt.so.1
-rw-r--r-- 1 zo0ok zo0ok  922096 mar  3 21:08 libstdc++.so.6

For your convenience, I packed them for you:
https://dl.dropboxusercontent.com/u/9061436/code/linux-i386-lib.tgz
These are from Xubuntu 14.04.1 i386. The original symlinks are eliminated and the files come from different lib-folders. I packed exactly what you need to run the precompiled node-v0.12.0 binary.

Now you should be able to actually run nodejs:

$ zo0ok@sleipnir:~$ qemu-i386 -L /opt/node/bin/ /opt/node/bin/node --version
v0.12.0

To make it 100% convenient I created /usr/local/bin/nodejs:

zo0ok@sleipnir:~$ cat /usr/local/bin/nodejs 
#!/bin/sh
qemu-i386 -L /opt/node/bin /opt/node/bin/node "$@"

Dont forget to make it executable (chmod +x).

Performance is not amazing, but good enough for my purposes. It takes a few seconds to start nodejs, but when running it seems quite fast. I may post benchmarks in the future.

Nodejs v0.12.0 on Debian ARMv5/QNAP

I have written before about building NodeJS for ARMv5 (a QNAP TS-109 running Debian). Since nodejs 0.12.0 just came out, of course I wanted to build this version – but that did not go so well.

Just standard ./configure and make gave me this error after a while.

In file included from ../deps/v8/src/base/atomicops.h:146:0,
                 from ../deps/v8/src/base/once.h:55,
                 from ../deps/v8/src/base/lazy-instance.h:72,
                 from ../deps/v8/src/base/platform/mutex.h:8,
                 from ../deps/v8/src/base/platform/platform.h:29,
                 from ../deps/v8/src/assert-scope.h:9,
                 from ../deps/v8/src/v8.h:33,
                 from ../deps/v8/src/accessors.cc:5:
../deps/v8/src/base/atomicops_internals_arm_gcc.h:258:4: error: #error "Your CPU's ARM architecture is not supported yet"

This was quite expected though, since earlier versions (v0.10.25 was the last I built) did not build that easily. So I forced armv5t-architecture and tried again:

export CFLAGS='-march=armv5t'
export CXXFLAGS='-march=armv5t'
make
...
Segmentation fault
make[1]: *** [/home/kvaser/nodejs/node-v0.12.0/out/Release/obj.target/v8_snapshot/geni/snapshot.cc] Error 139
make[1]: Leaving directory `/home/kvaser/ndejs/node-v0.12.0/out'
make: *** [node] Error 2

It took almost 7 hours to get here. I stopped compiling and started reading instead.
It seems:

  • V8 is not supported on ARMv5 anymore (last supported version was 3.17.6 I think)
  • Building V8 as a shared library is not very easy
  • Even if I manage to build 3.17.6 as a shared library, there is no guarantee
    it would work with nodejs v0.12.0
  • Just replacing the v8 directory of v0.12.0 with an older version of v8 and hope everything just builds and runs perfectly seems… unlikely (but I have not tried and failed, yet)
  • The Raspberry Pi, with its ARMv6 CPU, is supposed to work with v0.12.0, but a little hack is required at this time (RPi 2 with ARMv7 seems safe)

The good thing is that nodejs (v0.10.29) can be installed in Debian 7 (wheezy) using backports. This is a rather nice and consistent way to install software not already in Debian Stable.

It is, after all, not strange that V8 is not maintained for an architecture that has not FPU. JavaScript uses 64-bit floats for all numbers, including integers.

Qemu Failed too
I tried running nodejs in Qemu (which works for a PowerPC G4), but this failed:

kvaser@kvaser:/opt/node-v0.12.0-linux-x86/bin$ qemu-i386 -L . ./node 
./node: error while loading shared libraries: rt.so.1: ncanoot  penrshaoed cbjeit f: No such file or directory

This is the actual result – not a copy-paste-mistake… so I believe something (byte order?) is seriously wrong.

Bad OS X performance due to bad blocks

An unfortunate iMac suffered from file system corruption a while ago. It was reinstalled and worked fine for a while, but performance degraded and after weeks the system was unusable. Startup was slow, and when on, it spent most time spinning the colorful wheel.

I realised the problem was that the hard drive (a good old rotating disk) had bad blocks, but this was not obvious to discover or fix within Mac OS X.

However, an Ubuntu live DVD (or USB I suppose) works perfectly with a Mac, and there the badblocks command proved useful. I did:

# badblocks -b 4096 -c 4096 -n -s /dev/sda

You probably want to make a backup of your system before doing this. Also, be aware that this command will take long time (about 9h on my 500GB drive). The command tests both reading and writing to the hard drive. It restores the data, so for a working drive it should be non-destructive. I work with 16MB chunks because reading and writing default 512 bytes is slower.

On my first run, about 250 bad blocks were discovered.
On a second run, 0 bad blocks were discovered.

The theory here is that the hard drive should learn about its bad blocks, and map around them. The computer is now reinstalled and it works very fine. I dont know if it is a matter of days or weeks until the drive completely breaks, or if it will work fine for years now. I will update this article in the future.

Finally, if you have a solid state drive (SSD)… I dont know. I guess you can run this a lot on a rotating drive without issues, but I would expect it to shorten the life of an SSD (but if it has bad blocks causing you problems, what are your options). For a USB-drive or SD-card… I doubt it is a good idea.

Conclusion
To be done…

Read OpenWRT reject log (with fwreject)

I configured the firewall on my OpenWRT router to reject outgoing traffic (LAN to WAN) by default, and then explicitely allow protocols and ports as needed. By configuring the firewall to log rejected packages I could identify what legitimate traffic was blocked, and open up the firewall. However, the default logging to the syslog is not particularly easy to read (neither using command line or a web browser). Also, the log is mostly full of other log lines, the log lives very short time (just a few minutes) to not waste memory on the router, and the log lines contain information not needed.

I understand there are powerful products to gather logs on central log servers and analyze them there. I did not want that, but rather a simple web interface directly on the router.

I asked for a simple tool on the OpenWRT forum, no result.

So, I wrote my own tool, fwreject, and published documentation and binaries on DropBox.

Xubuntu on Unsupported MacBook

Last week I wrote about installing Mac OS X Mavericks on my MacBook 2007 (MacBook 2,1). That went fine… but… for a computer I mostly use in my lap, in the living room, no decent Internet Video performance (like YouTube) feels disappointing (it was not good before I upgraded to 10.9 either).

So, I decided to install Xubuntu on it. First the conclusions:

  1. Xubuntu runs nicely on the MacBook2,1.
  2. Video works fine, much better than on Mac OS, and also suspend/sleep, audio, WiFi seems perfect. I have not tried the webcam.
  3. I ended up using Xubuntu 14.04.1, the 32-bit i386 edition.
  4. Booting and partitioning is not trivial.
  5. International Apple Keyboards are always a challenge in Linux.

Now to the details.

Xubuntu version
The 32-bit EFI and 64-bit CPU that causes problems for current versions of Mac OS is also an issue for Xubuntu. I downloaded and burnt DVD-isos to try different versions. The 64-bit Xubuntu does not boot easily but the 32-bit versions are just fine. For a computer with 2.5Gb RAM as I have, the practical disadvantages of running it in 32-bit mode instead of 64-bit are insignificant.

A nice thing with Xubuntu is the Live-mode; you can start the DVD and test the full system before deciding to install. Of course performance when starting applications suffer. I first installed 14.10; the Live system worked perfectly, but I had video problems (screen was black after system was completely started) after installation and decided to try 14.04.1 instead, which worked just fine. Since 14.04 is a long-term-release it might just be the better choice anyway.

There used to be x64-Mac-images, that fixed the 32-bit-EFI-64-bit-kernel problem but they are not available anymore.

Finally, I think it is quite safe to assume that you will be fine with Ubuntu, Kubuntu or Lubuntu if you prefer them to Xubuntu.

Keyboard issues
I have a Swedish keyboard on my MacBook, and the AltGr (just named Alt on the Mac) does not work out of the box. This cause problems to type particularly the following characters: @$|[]\{}~.

I found it best to just use Generic 105-key PC keyboard and standard Swedish layout. After that a little xmodmap-hack is required.

Put the following in a file called .Xmodmap in your home directory:

keycode 64 = Mode_switch
keycode 11 = 2 quotedbl at at
keycode 13 = 4 dollar 4 dollar
keycode 16 = 7 slash bar backslash
keycode 17 = 8 parenleft bracketleft braceleft
keycode 18 = 9 parenright bracketright braceright
keycode 35 = dead_diaeresis dead_circumflex dead_tilde dead_caron

The first row maps the left Alt ley of my keyboard to something called Mode_switch. The other rows indicate what happens when pressing the buttons 2,7,8 and 9.

The following information from “man xmodmap” was useful in finding the above solution:
Up to eight keysyms may be attached to a key, however the last four are not used in any major X server implementation. The first keysym is used when no modifier key is pressed in conjunction with this key, the second with Shift, the third when the Mode_switch key is used with this key and the fourth when both the Mode_switch and Shift keys are used.

The internet is full of sources telling to use ISO_Level3_Shift. It did not work for me and the above manpage told me exactly what I needed to know.

There are also sources telling you other names than .Xmodmap (like .xmodmaprc , .xmodmap), that also do not work.

Before you are ready to write your .Xmodmap file you can test one by one:

xmodmap -e "keycode 64 = Mode_switch"
xmodmap -e "keycode 11 = 2 quotedbl at at"
xmodmap -e "keycode 13 = 4 dollar 4 dollar"
xmodmap -e "keycode 16 = 7 slash bar backslash"
xmodmap -e "keycode 17 = 8 parenleft bracketleft braceleft"
xmodmap -e "keycode 18 = 9 parenright bracketright braceright"
xmodmap -e "keycode  35 = dead_diaeresis dead_circumflex dead_tilde dead_caron"

The command xev is very useful to find out what keycode corresponds to a physical key on your keyboard.

Partitioning – The hard way
From the beginning, before ever playing with Xubuntu on the computer, I had the following partitions:

1: EFI (small, hidden in Mac OS)
2: Mac OS 10.9 System
3: Mac OS 10.7 System
4: Apple boot (small, hidden in Mac OS)

When I first installed Xubuntu I deleted partition 3 and replaced it with three partitions:

3: biosboot (small, required by EFI)
5: Linux SWAP (4GB)
6: Linux /

That was ok. But when I later deleted those partitions from Mac OS X because I thought that was more safe, the Apple boot partition (#4) disappeared. If it was this thing then perhaps it is ok. Mac OS still boots.

I always choose manual partitioning, and to install the Linux Bootloader (GRUB) on the Linux root partition (/dev/sda6). I have no idea what happens if it is installed on another partition, and particularly not on /dev/sda itself.

rEFInd – The hard way
The recommended way to boot Xubuntu on a Mac is to use rEFInd. Apples EFI-implementation is not supposed to be very competent at booting other systems. So I installed rEFInd (0.8.4) using the install.sh script from Mac OS X. Very easy, and it worked right away. Problems started later.

My first installation of Xubuntu was 14.10, and as mentioned above it had video problems. So I reinstalled 14.04.1 instead of 14.10, same partitioning, and everything was fine. Except rEFInd displayed TWO linux systems as well as Mac OS to boot. This disturbed me enough to decide to delete all traces of Xubuntu and reinstall.

I ended up in the following situation:

  • I have not managed to get rid of the last Linux-icon in rEFInd.
  • I have ended up with a partly broken rEFInd, it displays the error message:
    Error: Invalid Parameter while scanning the EFI directory
  • rEFInd does not boot Xubuntu.
  • I can not uninstall rEFInd as described in its site, by removing the directory EFI/refind, because it does not exist (there are just some rEFInd config files in the EFI directory).
  • I read that efibootmgr can be used form Linux to clear parts of NVRAM, but it is not supposed to have much effect on a Mac anyways. And I failed to use efibootmgr on Live-Xubuntu.

The rEFInd errors actually disappeared by themselves after I had used (started) Mac OS a few times.

Partitioning and rEFInd – the Easy way
I think you will be safe if you do:

  1. Make empty space on the disk, after the Mac OS partitions.
  2. Install rEFInd from Mac OS
  3. Install Xubuntu 14.04.1 i386 (32-bit), let Xubuntu install side by side and take care of partitioning and boot devices

This finally worked for me. My partition table is now:

Number  Start   End    Size    File system     Name                  Flags
 1      20,5kB  210MB  210MB   fat32           EFI system partition  boot
 2      210MB   120GB  120GB   hfs+            Customer
 3      120GB   120GB  1049kB                                        bios_grub
 4      120GB   317GB  198GB   ext4
 5      317GB   320GB  2651MB  linux-swap(v1)

Conclusion
Xubuntu on a MacBook mid 2007 (MacBook2,1) rocks. Better than Mavericks. But dual booting and rEFInd is not completely predictable. The good thing is that it is not very easy to end up with a complete unbeatable computer at least.

Install Mac OS X 10.9 on unsupported MacBook

I have a MacBook Mid 2007 (more technically named MacBook2,1) that officially can not be upgraded beyond Mac OS X 10.7 (Lion). It is however possible to install Mac OS X 10.9 (Mavericks) on it with quite good success and not too much effort.

System information with Mavericks

System information with Mavericks

I want to first write what does not work:

  1. Sleep mode – not working at all – leave on or shut down
  2. The build-in web camera – “works” but not as it did in 10.7, I think
  3. YouTube-video (etc), works occationally (now worse than in 10.7, my experience)

What you need:

  1. A USB Memory, 8GB or larger
  2. Mac OS X Mavericks (i had the install/upgrade Application that I had myself
    downloaded on another Mac, from App Store, when I upgraded it from 10.8 to
    10.9. I always keep these for possible future use.)
  3. SFOTT: I used version 1.4.4 which is currently the latest stable
  4. Audio/Video-drivers from here. Warning, this is one of
    these horrible download pages where you don’t know where to click to get
    the right thing, and what gives you spyware. You should get the file
    mac-mini-mavericks.7z. Discard anything else without opening.
    The 7z-file can be opened with StuffitExpander, that already comes with
    Maverick

Making a bootable USB-drive
You first need to use SFOTT to create your bootable USB-drive (it is called “key” in SFOTT). You simply double-click on SFOTT on a Mac where you both have your Mavericks Install App and your USB-drive. SFOTT is a self guiding menu-driven application. It will take some time to make all the settings in SFOTT (it took me perhaps 15 minutes), but it was self-explanatory and not very difficult. Use the autorun mode to create the drive.

Recovery Scenario
When you install a Mac OS upgrade there is a risk your Mavericks system will not boot. When upgrading from 10.9.0 to 10.9.5 like I did, it will not boot. My impression (after reading different sources) is that this recovery is needed when upgrading from 10.9.0 (or 10.9.1 / 10.9.2) but not later. Nobody knows about 10.9.6 of course, because it is not out. Minor upgrades to applications or security upgrades should not cause need to recovery.

When Mavericks fails to start you need to “re-Patch” using SFOTT. I installed Mavericks on a separate partition, side-by-side with Lion, so when Mavericks failed to start my computer automatically started Lion instead and I could run SFOTT in Lion to re-Patch my Mavericks system.

If you can not do side-by-side you can start from your SFOTT-key (which you still have) and instead of installing Maverick you start the Terminal application. Find the SFOTT.app on the key, and find SFOTT.sh inside SFOTT.app. Run SFOTT.sh and you can re-Patch your broken Mavericks system. I did the entire procedure on my working Mavericks just to test it, and it seems fine.

There is if course no true guarantee that a future Apple upgrade will not break everything completely.

Installing Mavericks
Installation of Mavericks from the USB-drive is very standard. To start the computer from the USB-drive, hold down the “alt”-key (not Apple-key, not ctrl-key) while starting the computer. Choose SFOTT and proceed normally. After about an hour you should have a clean 10.9.0 Mavericks with network/wifi working. Video will work, but with problems (try Safari, and you will see), and Audio will not work.

Upgrade Mavericks
I used App Store to upgrade Mavericks to 10.9.5. That works just fine, until Mavericks fails to start (I ended up in my old Lion system on a reboot, if you have no other system installed your computer with probably just not start). This is where you need to recover your system using SFOTT.

Fixing Audio and Video
The 7z-file I referred to above contains Audio and Video drivers. You run the application “Kext Utility” and the you drag the contents of the folder Extensions into the Kext Utility, and it will install the drivers. There is a folder with “optional wifi drivers”, I have not installed those because wifi has been fine all the time for me.

The MacBook2,1 has Intel GMA950 Video, and there are no supported 64-bit-drivers for Mavericks. The drivers I suggest you to install are supposed to be drivers from a public beta of 10.6 (Snow Leopard) that Apple once released. They seem to work quite fine for me though. And not installing them is worse.

I suggest you upgrade to 10.9.5 before fixing Audio and Video. I guess a later Apple-upgrade could break Audio and Video and require you to reinstall drivers.

Problems booting the SFOTT key
I first created the SFOTT key using the SFOTT beta (that is also supposed to work with Yosemite), and I used System Preferences/Startup Disk (in Lion) to start the installion. This failed and my computer just started up in Lion.

I then created the SFOTT key using 1.4.4, AND i restarted the computer holding down the alt-key. This worked. This key also later worked when I used System Preferences/Startup Disk (in Mavericks) to choose startup drive.

Driver Problems
There are open source Audio drivers called VoodooHDA. I installed those ones with success, but audio volume was low. I tried to fix with no success. Later I found the drivers I referred to above and that I recommend.

I found another download for what was supposed to be the same Video Drivers. But the Kext-utility did not work, and I installed the drivers by copying them directly into /System/Library/Extensions and this gave me a broken unbootable system. I don’t know what went wrong, but I recommend the drivers I linked to.

Video/YouTube Performance
Some videos seem to play perfectly, others dont. I had problems with 10.7 too.

Background and about SFOTT
There are several Apple computers that can run 10.7, that have a 64-bit processor, but that can not officially run 10.8 or later. There are a few issues:

  1. Video Drivers – and in the case of my MacBook2,1 the unofficial ones mentioned
    above may be good enough
  2. 32 bit EFI. Even though the computer has a 64 bit processor, the EFI, the
    software that runs before the Installer/Operating system, is 32 bit, and not
    capable of starting a 64-bit system.
  3. Mavericks does not believe it can run on this hardware.

As I understand it SFOTT installs a little program that 32 bit EFI is capable of starting, and that in turn is capable of staring a 64 bit system. Also, SFOTT patches a few files so Mavericks feels comfortable running on the unsupported hardware.

You can do all of this on your own without SFOTT. SFOTT “just” makes this reasonably easy.

There are plenty of forums, tools and information about running Mac OS X on unsupported hardware (also non-Apple-hardware: a Hackintosh). Those forums of course focus a lot on problems people have.

Yosemite
It is supposed to be possible to install Yosemite in a similar way. SFOTT has a beta release for Yosemite. For my purposes going to Mavericks gave me virtually all advantages of an upgrade (supported version of OS X, able to install latest Xcode, etc).

Conclusion
In the beginning of 2015, it is not that hard to install Mavericks on a MacBook Mid 2007, with a quite good result. I have pointed out the tools and downloads you need and that will work.

Scenarios for GNoSR

I found a beautiful little route for Train Simulator on Workshop: GNoSR. Unfortunately, since the route is not “Final” it is not possible to upload scenarios to it, to Workshop.

I created a scenario for GNoSR, and perhaps there will be more in the future. The scenario is downloadable as an .rwp-file, which is installed with the utilities.exe-program in the railworks folder. As always, please report any problems with the scenario, otherwise I can not fix it.

Scenario 1: Mixed Train to Heith
Drive a mixed train to Heith, stopping at all stations and picking up freight wagons along the way. Duration: 60 minutes. Download: Mixed Train To Heith.

Scenario 2: Petroleum Freight
Drive a heavy freight train with Marine Fuel from Heith to Portbyvie. Duration: 70 minutes. Download: Petroleum Freight.

Dependencies
There should be no additional dependencies or requirements apart from those of GNoSR (Woodhead Line, Western Lines of Scotland and Falmouth Branch). Please let me know if you have problems with this.

Other versions
I consider making other versions of the same scenario, perhaps with the Robinson O4, the Standard 2MT or the 3MT Jinty. But I may not bother if I get no interest whatsoever in the original.

UKTS
It seems the route and scenarios are available on UKTS. I personally find UKTS to be too much work and too many dependencies. My scenario is for the Steam version of the route, and I want people who just use Steam to have some fun with GNoSR.

Scenarios for other routes
Granfield Branch

Very simple REST JSON node.js server

I want to build a modern web application (perhaps using AngularJS) or some mobile application, and I need to have some working server side to get started. There are of course plenty of options; .NET WebApi, LAMP, MongoDB, NodeJS + Express, and many more. But I want it stupid simple. This is tested on Linux, but everything should apply in Windows too.

I wrote a very simple REST/JSON server for node.js, and this is about it (source code in the end).

How to run it
Presuming you have nodejs installed:

$ node simple-rest-server.js

It now listens to port 11337 on 127.0.0.1 (that is hard coded in the code).

Configure with Apache
The problem with port 11337 is that if you build a web application you will get cross site problems if the service runs on a different port than the html files. If you are running apache, you can:

# a2enmod proxy
# a2enmod proxy_http

Add to /etc/apache/sites-enabled/{your default site, or other site}
ProxyPass /nodejs http://localhost:11337
ProxyPassReverse /nodejs http://localhost:11337

# service apache2 restart

You can do this with nginx too, and probably also with IIS.

Use from command line
Assuming you have a json data file (data99.json) you can write to (POST), read from (GET) and delete from (DELETE) the server:

$ curl --data @data99.json http://localhost/nodejs/99
$ curl http://localhost/nodejs/99
$ curl -X DELETE http://localhost/nodejs/99

If you did not configure apache as proxy as suggested above, you need to us the :port instead of /nodejs. In this case 99 is the document id (a positive number). You can add any number of documents with whatever ids you like (as long as they are positive numbers, and as long as the server does not run out of memory). There is no list function in this very simple server (although it would be very easy to add).

Using from AngularJS
The command line is not so much fun, but AngularJS is. If you create your controller with $http the following works:

function myController($scope, $http) {

  // write an object named x with id
  h = $http.post('http://localhost/nodejs/' + id, x)
  h.error(function(r) {
    // your error handling (may use r.error to get error message)
  })
  h.success(function(r)) {
    // your success handling
  })

  // read object with id to variable x
  h = $http.get('http://localhost/nodejs/' + id)
  h.error(function(r) {
    // your error handling
  })
  h.success(function(r) {
    x = r.data
  })

  // delete object with id 
  h = $http['delete']('http://localhost/nodejs/' + id)
  h.error(function(r) {
    // your error handling
  })
  h.success(function(r)) {
    // your success handling
  })
}

I found that Internet Explorer can have problems with $http.delete, thus $http[‘delete’] (very pretty).

What the server also does
The server handles GET, POST and DELETE. It validates and error handles its input (correctly, I think). It stores the data to a file, so you can stop/start the server without losing information.

What the server does not do
In case you want to go from prototyping to production, or you want more features, it is rather simple to:

  1. add function to list objects
  2. add different types of objects
  3. let the server also serve files such as .html and .js files
  4. use MongoDB as backend
  5. add security and authentication

The code
The entire code follows (feel free to modify and use for your own purpose):

/*
 * A very simple JSON/REST server
 *
 * http://host:port/{id}       id is a positive number
 *
 * POST   - create/overwrite   $ curl --data @file.json http...
 * GET    - load               $ curl http...
 * DELETE - delete             $ curl -X DELETE http...
 *
 */
glHost    = { ip:'127.0.0.1', port:'11337' }
glHttp    = require('http')
glUrl     = require('url')
glFs      = require('fs')
glServer  = null
glStorage = null

/* Standard request handler - read all posted data before proceeding */
function requestHandler(req, res) {
  var pd = ""
  req.on("data", function(chunk) {
    pd += chunk
  })
  req.on("end", function() {
    requestHandlerWithData(req, res, pd)
  })
}

/* Custom request handler - posted data in a string */
function requestHandlerWithData(req, res, postdata) {
  var in_url  = glUrl.parse(req.url, true)
  var id      = in_url["pathname"].substring(1) //substring removes leading /
  var retcode = 200
  var retdata = null
  var error   = null

  if ( ! /^[1-9][0-9]*$/.test(id) ) {
    error   = "Invalid id=" + id
    retcode = 400
  }

  if ( ! error ) switch ( req.method ) {
  case "GET":
    if ( ! glStorage[id] ) {
      error = "No object stored with id=" + id
      retcode = 404
    } else {
      retdata = glStorage[id]
    }
    break; 
  case "POST":
    try {
      glStorage[id] = JSON.parse(postdata)
      writeStorage()
    } catch(e) {
      error = "Posted data was not valid JSON"
      retcode = 400
    }
    break;
  case "DELETE":
    delete glStorage[id]
    writeStorage()
    break;
  default:
    error   = "Invalid request method=" + req.method
    retcode = 400
    break;
  }

  res.writeHead(retcode, {"Server": "nodejs"})
  res.writeHead(retcode, {"Content-Type": "text/javascript;charset=utf-8"})
  res.write(JSON.stringify( { error:error, data:retdata } ))
  res.end()

  console.log("" + req.method + " id=" + id + ", " + retcode +
    ( error ? ( " Error=" + error ) : " Success" ) )
}

function writeStorage() {
  glFs.writeFile("./db.json",JSON.stringify(glStorage),function(err) {
    if (err) {
      console.log("Failed to write to db.json" + err)
    } else {
      console.log("Data written to db.json")
    }
  })
}

glFs.readFile("db.json", function(err, data) {
  if (err) {
    console.log("Failed to read data from db.json, create new empty storage")
    glStorage = new Object()
  } else {
    glStorage = JSON.parse(data)
  }
})
glServer = glHttp.createServer(requestHandler)
glServer.listen(glHost.port, glHost.ip)
console.log("Listening to http://" + glHost.ip + ":" + glHost.port + "/{id}")

Installing Citrix Receiver 13.1 in Ubuntu/Debian

The best thing with Citrix Receiver for Linux is that it exists. Apart from that it kind of sucks. Last days I have tried to install it on Xubuntu 14.10 and Debian 7.7, both 64-bit version.

The good thing is that for both Debian and Ubuntu the 64-bit deb-file is actually installable using “dpkg -i”, if you fix all dependencies. I did:

1) #dpkg --add-architecture i386
2) #apt-get update
3) #dpkg -i icaclient_13.1.0.285639_amd64.deb
  ... list of failed dependencies...
4) #dpkg -r icaclient
5) #apt-get install [all packages from (3)]
6) #dpkg -i icaclient_13.1.0.285639_amd64.deb

Step (1) and (2) only needed in Debian.

selfservice is hard to get to start from the start menu. And selfservice gets segmentation fault when OpenVPN is on (WTF?). So for now, I have given up on it.

npica.so is supposed to make the browser plugin work, but not much luck there (guess it is because I have a 64 bit browser). I deleted system-wide symbolic links to npica.so (do: find | grep npica.so in the root directory).

#rm /usr/lib/mozilla/plugins/npica.so
#rm /usr/local/lib/netscape/plugins/npica.so

Then I could tell the Citrix portal that I do have the Receiver even though the browser does not recognize it, and as I launch an application I have choose to run it with wfica.sh (the good old way).

keyboard settings can no longer be made in the GUI but you have to edit your ~/.ICAClient/wfclient.ini file. The following makes Swedish keyboard work for me:

KeyboardLayout = SWEDISH
KeyboardMappingFile = linux.kbd
KeyboardDescription = Automatic (User Profile)
KeyboardType=(Default)

The problem is, when you fix the file, you need to restart all Citrix-related processes for the new settings to apply. If you feel you got the settings right but no success, just restart your computer. I wasted too much time thinking I had killed all processes, and thinking my wfclient.ini-file was bad, when a simple restart fixed it.