Followup: using VLC on the Apple TV to play media files stored on a local server

Now that VLC allows Apple TV to play stored media files, Apple TV is now a “twofer” that can replace either a Roku for streaming or Kodi for the playback of media files. As a bonus, Apple TV permits Apple-specific things like Airplay and access to iTunes purchases.

Apple TV remote control

The VLC developers did a good job of adapting the VLC interface and options to the “ten foot interface” paradigm with a remote control. Before we go any further, let’s talk about the Apple TV 4th generation’s remote control: it relies on a touchpad area at the top of the remote control that allows for gestures and swiping with your fingers, and its touchpad surface is clickable like a mouse. This is useful for “scrubbing” which is a technical term for moving the slidey thing to different parts of the media file.

File listing limitations

There is only one style available for the presentation of media files, as a set of rectangles, some with cover art, showing file names such as “show 1080p S01E11…mkv” with the title shortened to fit. Depending on how a file is named, this can cut off important information, such as the episode number.

Subtitles shown by default

If subtitles exist within a media file or externally as a subtitles file in the same directory, VLC will always show the subtitles by default. This can be annoying. In order to play a file with subtitles disabled, tap lightly on the touchpad to show the progress bar, then swipe down to show the subtitle menu while video keeps playing.

Subtitle download feature [Update: 20180816 subtitle download fixed at some point since this post]

The VLC “Track Selection” menu has an option to download subtitles for video files from an Internet service.

A pause bug has been fixed.

[Update: 2018/04/07 VLC on Apple TV has been updated and a bug in the pause/resume feature has now been fixed.] I am now able to recommend VLC on Apple TV as a replacement for Kodi as a media player for video and audio files stored on a local network file server.

Update 2018/03/27: You may find the following post of interest: “Streaming or downloading video files from a home network server to an iPad using VLC

Using VLC to play media files stored on a local file server

VLC is free software that is able to play most audio or video files, and can access those files from a local file server on a network.

I’ve used VLC for a long time, first on Windows and Linux laptops, then on my iPad, on my Android phone, and most recently, as an app on the Apple TV media player.

When I use VLC on my iPad, I either copy the file to VLC’s data area using its own built-in web server, or I access the content by connecting to a share on a local file server.  The server does not technically have to be local: I was able to mount a drive over a vpn connection from a hotel room while on vacation, but in practical terms, the server should be local, that is, on the same local Ethernet or wifi network as the device running VLC to play back its content.

I was able to run VLC on a laptop, and browse and play video files stored on a local file server, while using my Android phone as a remote control using a vlc remote control app.

I have just received an advance birthday present – a new Apple TV 4th generation media player (1080p 32GB). The Apple TV media player has the ability to load apps from the App Store, including VLC. (The Apple TV device will probably get its own blog post soon.)

I was pleasantly surprised that the VLC app on the Apple TV allowed me to browse and stream video and audio files stored on a Samba share (Windows-style network drive) on my home Linux server.

Update 2018/03/27: You may be interested in this post: “Followup: using VLC on the Apple TV to play media files stored on a local server,”

and this post: “Streaming or downloading video files from a home network server to an iPad using VLC

Creating a VOIP PBX telephone server with Asterisk and FreePBX

One of my current projects is the configuration of a new telephone server running Asterisk and FreePBX.

The copper landline telephones of our past have been mostly replaced by cell phones, and to a lesser extent, Voice over IP (VOIP) technology, which uses Session Initiation Protocol to connect desk telephone to a server running the Asterisk PBX software, whether it be local or external. Consumers typically order 1 or 2 VOIP “landlines,” but business offices still have a large number of desk telephones still in use.

I come to Asterisk VOIP from the the perspective of an old web hosting guy. So to me, Asterisk for telephone servers is analogous to an Apache web server for web pages, or to a qmail/vpopmail toaster for email.

There are several subsystems that work together to create a telephone server:

  • The server’s operating system, typically Linux for a VOIP server.
  • The Asterisk VOIP server and associated plugins.
  • The FreePBX web interface program.
  • An external “trunk” that completes telephone calls at a service provider over the Internet.
  • A set of “routes” that determine how calls are directed between local telephones, or to one or more external termination providers based on least-cost routing.
  • A set of extensions, which include extension numbers, passwords, voicemail boxes, and rules on things like call forwarding.
  • A set of Inbound Voice Routing (IVR) rules that create voicemail menu choices by touchtone.
  • A set of recordings used by the mailboxes and IVRs.

I have the luxury of having an existing system to which I can refer. The existing system uses CentOS, Asterisk, and Elastix HTML GUI.

Although the original server was deployed 9 years ago, the desk phones in the office have all been replaced recently with Cisco SP504G phones.

After surveying options in the marketplace, it was clear that this private little PBX server with 20 clients was only costing C$50/mo. in recurring telecom, vs C$450 for an outsourced solution, based on a few quotes from vendors. So a new build would have to take place.

There are several ways to set up, including virtual appliance images and several installation ISOs that can create a pre-packaged server with much of the configuration work pre-done.

A package called the “FreePBX Distro” is actually a re-packaging of CentOS 7, with Asterisk, plugins, and FreePBX GUI all automatically installed.

There is still a significant amount of work to do, but so far I have been able to configure a “backhaul” connection uses IAX2 between the server and a service provider that will terminate (complete) calls to the outside world. I was able to connect a Cisco SP504G desk phone to make a SIP connection to an extension account on the telephone server, and I was able to make a phone call using that desk telephone to a cell phone answered by a colleague.

More work ahead, especially in terms of the creation of IVR rules and recordings. I plan to test the server with a test phone number, then when it is ready, switch over the main number and all of the desktop phones over a weekend.

Even in an age where office workers use their cell phones for most calls, an Asterisk telephone server can allow for the forwarding of calls based on a touch tone menu to an extension or department that can forward to an outside telephone line.

Reformat an old computer with Linux to function as a home server

If you have an older Windows PC (minimum 64bit with at least 2GB RAM), you can reformat it with Linux to function as a home server.

This is only an overview

This post is intended to provide an overview of what is possible. Over time, I will be posting detailed information on how to implement each of these steps. For detailed steps on how to install OpenVPN server software, see my blog post on the subject.

A home server running Linux can perform several functions:

File server

A home Linux server can be setup to run file sharing using a free program called Samba, which makes the Linux server act as a Windows-style file share, accessible via Windows or MacOS, and of course, Linux desktops. You can stream movies stored on your home server to your iPad over wifi using VLC media player, creating your own private Netflix.

VPN server

With a port forwarded on the router to point to the home server, a free program called OpenVPN can be installed and set up to provide remote secure access to the home network. For example, if you forgot a document on one of the computers in your home, you could connect via the VPN to your home server, then become part of your home network from a remote location, able to browse files and connect to desktops within the home network. There are OpenVPN client applications available for Windows, MacOS, Linux, Android, and iOS.

LAMP web server for testing, programming

You can configure a home web server to host Linux/Apache/MySQL/PHP (LAMP) web pages, allowing you to play with the same technology used by large web hosting operations. You can learn a great deal by installing a server and configuring each of its services. This learning experience will give you insights and make you a better administrator of the productized services you manage via web hosting and VPS providers.

A home LAMP server can be used for development of new websites and web-based programs, then deployed on a VPS or shared web host on a web hosting provider for production use with the public.

You can make the server visible to the public Internet by forwarding a port on your router. You can assign a semi-permanent web address to your server by using a service like no-ip.com.

Nextcloud image management application

Nextcloud is a free image management application that runs as a LAMP web site. Nextcloud can take the place of Google Images, or Apple’s iCloud storage: at least for the management of image and media files. By running your own image management application on your own home server, you maintain your privacy, while making files available for computers within your home network and from outside, via the Internet. Nextcloud client apps are available for Android and iOS.

Vision of an inflatable tunnel over Ste-Catherine St. punctured

Montreal has a busy downtown street called rue Ste-Catherine, lined with stores, boutiques, restaurants, and bars. Montreal also has decades of deferred infrastructure work on which to catch up. Somebody came up with the novel solution of covering 3.7KM (1.7 miles) with an inflatable structure 3 storeys tall. The new mayor canceled the project.

The Montreal Gazette has the story

Here is the picture:

Montreal cancels proposed inflatatable 3 storey tunnel
Montreal cancels proposed inflatable 3 storey tunnel

 

A corrected procedure for the installation of OpenVPN on Fedora 27

note 2020/01/26: there is a more recent and corrected version of this post:

https://blog.gordonbuchan.com/blog/index.php/2020/01/27/installing-openvpn-server-on-fedora-31/

Fedora 27 is a close cousin of CentOS 7, which is actually Fedora 19. Most of the documentation for server-centric stuff is still targeted at CentOS 7. Some topics, like how to install and configure OpenVPN, are poorly documented.

I was pleased to find this link, a tutorial on how to install OpenVPN on Fedora 26:

https://chichivica.github.io/2017/08/02/Install-OpenVPN-on-Fedora-26/

I found this guide to be useful, but found myself taking notes on corrections to the procedure. Unable to contact the author of the howto, I offer the procedure with minor corrections here. Note that my procedure was done on Fedora 27.

1) First of all install necessary dependencies

sudo dnf install openvpn easy-rsa

2) Copy rsa scripts to the home folder

mkdir ~/openvpn-ca

cp -ai /usr/share/easy-rsa/3/* ~/openvpn-ca
cd ~/openvpn-ca

3) According to this start a new PKI and build a CA keypair/cert

./easyrsa init-pki
./easyrsa build-ca nopass

4) Build Server certificate, key

./easyrsa build-server-full server nopass

5) Build Client certificate, key

./easyrsa build-client-full client01 nopass

you can omit nopass on steps 3,4,5 if you need to

6) Generate a strong Diffie-Hellman keys

./easyrsa gen-dh

7) Generate HMAC signature to strengthen the server’s TLS integrity verification capabilities

openvpn –genkey –secret pki/ta.key

8) Before openvpn server setting up we need to put appropriate keys ca.crt ca.key server.crt server.key ta.key dh.pem into /etc/openvpn/server/keys folder

sudo ln -s ~/openvpn-ca/openssl-1.0.cnf ~/client-configs/

sudo cp ~/openvpn-ca/pki/issued/server.crt /etc/openvpn/server
sudo cp ~/openvpn-ca/pki/private/server.key /etc/openvpn/server
sudo cp ~/openvpn-ca/pki/private/ca.key /etc/openvpn/server
sudo cp ~/openvpn-ca/pki/ca.crt /etc/openvpn/server
sudo cp ~/openvpn-ca/pki/dh.pem /etc/openvpn/server
sudo cp ~/openvpn-ca/pki/ta.key /etc/openvpn/server

9) Now we need to set up the server itself, firstly copy configurations

sudo cp /usr/share/doc/openvpn/sample/sample-config-files/server.conf /etc/openvpn/server

10) Modify several lines in that configuration file

sudo nano /etc/openvpn/server/server.conf

add these lines at the end of the file:

key-direction 0
auth SHA256
remove ; symbol to uncomment following lines

user nobody
group nogroup

10a) [optional] In order to Redirect all traffic Through the VPN, remove ; from the following lines:

push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 208.67.222.222”
push “dhcp-option DNS 208.67.220.220”

10b) [optional] Adjust port and protocol if you don’t wish to use default:

port 443
proto tcp

and if you have server.crt and server.key with the different name point to them here:

cert myservername.crt
key myservername.key

11) Allow IP Forwarding. This is fairly essential to the functionality we want our VPN server to provide.

sudo nano /etc/sysctl.conf
and drop a line there

net.ipv4.ip_forward=1
activate that:

sudo sysctl -p

12) Set up firewalld to work with OpenVPN

sudo firewall-cmd –permanent –add-service openvpn
sudo firewall-cmd –permanent –add-masquerade

13) Now we are going to set up our systemd service.

sudo ln -s /usr/lib/systemd/system/openvpn-server\@.service /etc/systemd/system/multi-user.target.wants/openvpn-server\@server.service

sudo ln -s /etc/openvpn/server/dh.pem /etc/openvpn/server/dh2048.pem

server corresponds with the configuration file name in /etc/openvpn/server such as server.conf. So if you have myserver.conf you have to replace server with myserver

14) Now we are ready to start OpenVPN service

sudo systemctl -f enable openvpn-server@server.service
sudo systemctl start openvpn-server@server.service

15) enter in /etc/rc.d/rc.local (reminder: chmod 755 rc.local):

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o enp3s0 -j MASQUERADE
(where enp3s0 is the name of your ethernet device)

Done! We successfully deployed our OpenVPN server, and we are ready to move on and set up the client

Client setup

As you remember we already generated client01.crt and client01.key at step 5. Now we need combine them with our general Certificates of Authority in order to build client config file.

1) First of all we need generate Client Configurations. Let’s create client-configs directory and prepare with the keys

mkdir -p ~/client-configs/files
cd ~/client-configs

we are actually going to omit these instructions, we have re-coded our batch file under client creation to avoid this issue:
# mkdir ~/keys
# cp ~/openvpn-ca/pki/ca.crt ~/client-configs/keys
# cp ~/openvpn-ca/pki/ta.key ~/client-configs/keys
# cp ~/openvpn-ca/pki/private/client1.key ~/client-configs/keys
# cp ~/openvpn-ca/pki/private/client1.crt ~/client-configs/keys

2) Next we need to copy base configuration from examples

cp /usr/share/doc/openvpn/sample/sample-config-files/client.conf ~/client-configs/base.conf

3) Open this file in your text editor

nano ~/client-configs/base.conf

4) and modify as following

remote server_IP_address 1194
# place your server address here
proto udp
# update with specified protocol
next uncomment (by removing leading semicolons)

user nobody
group nogroup

NB: If you are using CentOS, change the group from nogroup to nobody to match the distribution’s available groups
and comment out the lines because we place them directly in client’s config

#ca ca.crt
#cert client.crt
#key client.key

add these lines at the end of the file:

auth SHA256
key-direction 1

5) Next, we will create a simple script to compile our base configuration with the relevant certificate, key, and encryption files. This will place the generated configuration in the ~/client-configs/ files directory.

Note: to be consistent with the portion of this document above, I should really use ~ instead of /home/desktop in the section below. However that is how I run it:

nano ~/client-configs/make_config.sh

#!/bin/bash

# remember to run easyrsa build-client-full clientid nopass

# First argument: clientid

KEY_DIR=~/openvpn-ca/pki
OUTPUT_DIR=~/client-configs/files
BASE_CONFIG=~/client-configs/base.conf

cat ${BASE_CONFIG} \
<(echo -e ‘<ca>’) \
${KEY_DIR}/ca.crt \
<(echo -e ‘</ca>\n<cert>’) \
${KEY_DIR}/issued/${1}.crt \
<(echo -e ‘</cert>\n<key>’) \
${KEY_DIR}/private/${1}.key \
<(echo -e ‘</key>\n<tls-auth>’) \
${KEY_DIR}/ta.key \
<(echo -e ‘</tls-auth>’) \
> ${OUTPUT_DIR}/${1}.ovpn

make the file executable:

chmod 700 ~/client-configs/make_config.sh

6) Execute that file with client01 input parameter

Note you must first run the client creation from step 5 in the server setup. A repeatable procedure for client creation is as follows (using client02 as token):

cd ~/openvpn-ca

./easyrsa build-client-full client02 nopass

cd ~/client-configs

./make_config.sh client02

If everything went well, we should have a client02.ovpn file in our ~/client-configs/ directory

7) Now that file can be used on the client machine

sudo dnf install openvpn
sudo openvpn –config client02.ovpn

The problem with prequels, retcons, and canon in recent Star Trek productions

I believe that Star Trek producers have made 3 choices since 2001 that have damaged the franchise:

  • Star Trek Enterprise
  • JJVerse / Kelvin Timeline
  • Star Trek: Discovery

Star Trek Enterprise

Problem: prequel

All story lines have to account for known (by the audience) future canon. And the tech? Well, I can imagine how that meeting went down: “let’s just throw tech out the window, and buy all of the LCD flatscreens we can find.” So now we have a prequel with some better tech, like LCD screens, however our engines and weapons are a generation smaller and less effective. Great. Progress in reverse, with anachronisms.

JJVerse / Kelvin Timeline

Problems: alternate timeline, technology, costume and makeup, recycling existing characters out of context.

Starting in 2009, a series of 3 movies branded as Star Trek, but set in an alternate timeline where a random angry bad dude from 20 years in the future shows up and takes a misguided revenge by blowing up one of the 2 most important planets in a federation with a powerful military, and yet, insufficient orbital defenses.

Strangely, the producers felt the need to find alternate versions of characters in this alternate time line. In the other shows, each ship had a different crew with new characters.

Oh, and who decided to throw out consistent post-80s canon and change the look of known alien species? Oh, and if a portable transporter can send a person directly to a distant planet, why bother having a navy of spaceships?

Star Trek: Discovery

Problems: distribution strategy, prequel, technology, costumes and makeup

There is a lot to like about Star Trek: Discovery. It tries to balance between respect to canon and “let’s put on a show.” I would say that Discovery does this selectively. In terms of historical continuity, it tracks within the political and military facts of the timeline 10 years before Kirk’s taking command of 1701. The Enterprise is actually mentioned tangentially as the flagship. Discovery has completely abandoned any kind of technological continuity. It seems to have decided to simply be as advanced as current CGI allows, without fealty to “previous” design. And continuing on that theme, costumes and makeup for known aliens are different, and suspiciously close to JJVerse.

Can this be fixed?

Star Trek: Discovery will continue for some time. My guess is that CBS’s attempt to strong-arm US viewers to buy CBS all access will fail, and that there will only be a 3rd season of Discovery to make syndication easier, and its serial storytelling arc and dark mood make it unlikely to do well on reruns, although future Netflix binge-watchers may disagree.

Michael Dorn has been shopping Captain Worf. That project assumes a consistent TNG universe, post-Nemesis. That is where we should be going, people.

Suggestions

We need a post-Nemesis TNG canon sequel with updated costume and tech.

If producers wanted to start with 30 year olds for a new cast, they could at least put them 16 years after Nemesis, and show us an updated TNGverse, but with a new crew and slightly different tech and slightly updated culture.

My second elevator pitch is Federation Vice, set in the post-Nemesis TNG universe, but with civilians and criminals and a bit of Section 31: sort of a not-corny DS9.