Replacement bed slats

I have a bad habit of diving on to my bed, and unfortunately, most times I do this I end up snapping one of the wooden slats that supports the mattress. After I had snapped about 4 of them I thought I should order some replacements, but that turned out to be more difficult than I would have expected.

First I wrote to my bed’s manufacturer, Limelight beds. They completely ignored me! So then, I phoned Bedstar, which is the website where I ordered the bed from. They promised to send some replacement slats out free of charge, but they must have forgotten as none ever arrived.

So in the end, after a bit of searching around the web, I found a forum post where a lady called Wendy from Bishop Beds, had said that she could supply replacement wooden sprung slats. A quick call to them (Wendy even answered on a Sunday) and I found out that they sold the slats for £3 each, and if you order 10 you get free delivery.

I think this is a great example of how companies can use the Internet to get leads. Wendy has been pro-active with helping people answer their bed related queries on a forum, and now her company is going to get another sale as a reward for her efforts. OK so it’s only £30 this time, but I will definitely consider them next time I need a bed!

Great work Bishops Beds.

Upgrading to WordPress 2.5 with subversion

The quickest way to upgrade wordpress is via subversion. Assuming you had already installed your blog via subversion then you can upgrade using the following steps:

Backup your database
Since the wordpress db contains only MyISAM tables, you can backup with a simple file copy.

cd /var/lib/mysql
cp -Rp wordpress/ wordpressBACKUP

Switch to the latest subversion url
Just run the svn switch command. This will add, update and delete scripts as required to bring you to the latest version.

cd /path/to/your/blog
svn switch

Run the upgrade script
Finally, run the wordpress upgrade script, which upgrades the database and anything else it might need to do. Simply visit

Secure browsing on an insecure network – the easy way!

In my post yesterday, I talked about how to securely browse the web on an insecure Internet connection. The method I used was to install a proxy server (squid) on a trusted machine and ssh tunnel to it. However, one of my developers, Andy, kindly pointed out to me that there is a much easier way – just use SSH’s dynamic port forwarding as a SOCKS proxy.

To create the tunnel:

ssh -D 3128

To configure OS X to use the proxy, go to System Preferences > Network > Advanced > Proxies

OS X SOCKS Proxy Settings

Tick SOCKS Proxy, and specify the server as port 3128, then click OK and Apply on the following screen, and that’s all you need to do!

Secure browsing on an insecure network with my Macbook

UPDATE: There is a much easier way to achieve a secure tunnel/proxy that doesn’t require squid to be installed. I’ve blogged it here. The method described on this page may be useful if you want to log the pages you visit. Also, if you wanted to block out ads, you could swap out sphinx for another proxy such as privoxy.

I’m currently on holiday in Avoriaz in France, and I’m browsing the Internet via an open wireless hotspot. Given how easy it is to intercept traffic on an open wlan, this could have posed a bit of a security problem as a lot of the website admin panels I access (including my blog’s wordpress admin) are in an insecure (http) area.

However, there is a solution that ensures that all my traffic (not just https) is encrypted, at least until it gets back to a more trusted part of the Internet.

The solution involves setting up a proxy server (squid) on a trusted server somwhere (e.g. a datacentre, or your home or office) and then connecting to this server via an SSH tunnel.

For this particular howto you will need the following:

  • An Apple laptop running OS X 10.5 (Leopard)
  • A Linux server (preferably running Centos / RHEL) in a trusted location

Installing Squid on your Linux Server

Firstly install squid using your desired package manager… I have a Centos 5 server, so I’m going to use yum:

[root@pablo ~]# yum install squid

Next, edit the squid config to allow any local ips that might be listening on that server:

[root@pablo ~]# vim /etc/squid/squid.conf

I added a line to allow my servers public ip. NB, at this point we aren’t permitting your laptop’s IP, only the local IP addresses on your server.

acl localhost src
acl localhost src

Now setup the runlevels for squid so that it starts when your server starts:

[root@pablo ~]# chkconfig squid on

If that worked, it should be set to on for run levels 2,3,4 and 5:

[root@pablo ~]# chkconfig --list squid
squid 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Finally start squid if it isn’t already running:

[root@pablo ~]# service squid start

Setting up your laptop to use the secure proxy

To get the laptop using our secure proxy, we must do two things. Open an ssh tunnel to the proxy, and then setup Safari (or your browser of choice) to use this proxy for any required connections.

To setup the secure SSH tunnel from port 3128 on your laptop to port 3128 on the squid server, just run the following command:

paul-macbook:~ paul$ ssh -L 3128:localhost:3128

Then all you need to do is configure Safari (or Firefox) to use port 3128 on your local machine as its proxy, and all traffic will be routed via this secure tunnel before being re-routed to the rest of the Internet. Of course, this won’t secure your browsing from then on, but you can at least be sure that it is not being intercepted by fellow users of the wifi hotspot.

So click on the Safari Menu at the top of the screen, and then click preferences (or press CMD + ,) This will open up the Safari preferences. Make sure you have the advanced tab open.

Safari Advanced Settings Menu

On this menu, click the Change Settings button next to Proxies. This will take you to the System Preferences Proxy menu.

OS X Leopard Proxy Settings

Select the protocols you wish to enable the proxy for (in my case I just chose HTTP), then fill out the proxy server address, which is (localhost) and the port, 3128.

And that’s it! You should now be able to browse the web as if you were using your Linux server directly. This method has the added advantage that it can be used to bypass geographic ip based restrictions, as it makes you appear to be where you server is located.

Downloading iPlayer MP4 streams on Linux

Last week, the BBC made their iPlayer content available for the iPhone, and by doing so they unwittingly made all their content available to download DRM-free as an MP4 stream.

The process is simple; change your browser’s user agent to replicate an iPhone, then you will be able to view and download the mpeg 4 videos.

Download MP4 iPlayer videos in 2 steps

In this example I am going to use wget to download the files via the command line.

1. First you need to lookup the URL for the MP4 stream. The easiest way to do this is to use a web tool that extracts program information from an iPlayer URL (e.g. Eastenders). Paste the iPlayer URL you want to download into the search box on that page and submit, then right-click download the MP4 video and copy the url.

2. Now fire up a terminal and run wget, replacing the URL with the URL you copied from the first step:

wget --user-agent="Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3"

An alternative method is to use this ruby script, which takes an iPlayer URL directly and does everything for you.

BBC Reaction

So far the BBC haven’t said a lot about this revelation. Currently, their official line is as follows:

The BBC iPlayer on iPhone and iPod Touch is currently in beta, which enables the BBC to pick up on these issues and find a solution that ensures the content is delivered to users in a secure way before the service is rolled out

According to their technology blog, they will be posting a fuller response in the next few days. My hope is that they don’t do a u-turn on the MP4 format. If any staff from the BBC Media team read this post, here is my message to you:

Dropping the DRM from your mp4 streams for the iPhone is a fantastic step forward, so please embrace it!

Using an open standard will allow license paying users of any platform to enjoy the content they have a right to view, with minimal additional development costs to yourselves.

There is no DRM when people save shows on Sky+ or their video / dvd recorders (or even straight to their computer via a DTV tuner), so why cripple the iPlayer service with it?

At the very least you could make your in-house productions available on MP4 to all, whilst you get the third party producers on board.