Timed Access on Routers Supporting IPTABLES (aka “Parental Control”)

With two teenagers in the house and important exams always on the horizon, I needed to limit access to the Internet, particularly when they should be sleeping! Many parents will be familiar with this scenario – you say goodnight and then you hear the familiar “ping” as a Facebook/Instagram/SMS/… notification goes off on their phone. Not good.

I’m currently using OpenWRT on my Linksys WRT-1900ACS v1 router which doesn’t have this sort of access control built in. After much research, I started playing around with IPTABLES rules and hit a snag in that whilst new connections would be rejected, existing connections could keep opening links on the same website – as my youngest watches lots of gaming videos on YouTube, this wasn’t a solution.

Then in a stroke of luck, I stumbled across these 2 rules (which need to be placed in /etc/firewall.user):

iptables -I INPUT -m time --kerneltz --timestart 22:30 --timestop 08:00 -m mac --mac-source xx:xx:xx:xx:xx:xx -j REJECT
iptables -I FORWARD -m time --kerneltz --timestart 22:30 --timestop 08:00 -m mac --mac-source xx:xx:xx:xx:xx:xx -j REJECT

the –kerneltz switch means local time – without it, the times are UTC. You will need to replace xx:xx:xx:xx:xx:xx with the MAC address of the device you wish to control.

I tested this watching a YouTube video and it stopped when the rule triggered.


This should work with any router that allows you to configure IPTABLES manually or in the GUI.

VestaCP and Centos 7 Issues

I’ve been using VestaCP for about a year now ever since I switched from Hostgator to a VPS with OVH.

Today I upgraded the VPS OS to Centos 7 as VestaCP now supports that version as of v0.9.8 release 15.

Two problems became apparent immediately, one of which caused the CPU load to be consistently more than 1. Both are simple configuration errors to fix.


ClamAV caused the CPU to run amok. The error logs showed that it could not control /var/run/clamav/clamd.sock and checking this showed that the file and the directory (/var/run/clamav) had the wrong owner.

Stop the service from trying to start from the VestaCP control panel and then log into your server via ssh. Now set the ownership of both the directory and the file to clam:clam – if the socket file doesn’t exist you can create it with touch and then set the ownership.

Upon restarting the service you should see the CPU load drop dramatically.


For some reason VestaCP’s installer puts a link to a configuration file for Apache in the nginx config. This stops the service from starting which is why no websites are served!

Edit /etc/nginx/conf.d/vesta.conf and comment out the line ending in /httpd.conf (there are only 5 lines in the file so it won’t take long).

The service should now start.


Centos – http://www.centos.org
VestaCP – http://www.vestacp.com
OVH – http://www.ovh.com

Removing album art from MP3s isn’t easy

Over several years, I’ve been slowly converting my music collection to MP3’s using Lame.

One of the things that bugged me was all the extra space taken up by embedded album/cover art. Given the size of my collection, I need the files to be as small as possible so I can pack as much as I can onto my MP3 players and mobile phone.

Looking around the web, I found that most Linux users recommended using eye3D (this is a cross platform app written in Python). I used this for a long time, but today I discovered that eye3D just removes the ID3 tag and leaves the binary art file still embedded which was not what I’d expected.

I then spent a fruitless few hours searching for a command line tool which would actually strip this data, as I’m not prepared to load hundreds of albums into a GUI program to do this as it would take ages and I’d die of boredom – and some well known ones actually make the file size bigger not smaller! So thinking laterally I looked at Lame’s switches and discovered that “–ti” embeds a graphic in the MP3 file. Yes, I know I said I wanted to remove the binary but my thinking was that if this was proving difficult (as it was), why not embed a small graphic instead? I found a tiny, 26 byte GIF file online here.Unfortunately it is a “non-standard” GIF so not all tag readers can cope (Lame can) so then I ran eye3D to remove the ID3 tag so everyone is happy.

It works really well – on a 2.5Gb test of 289 songs, it saved over 35Mb which is not to be sniffed at.

However …

Having uploaded some albums to my phone, I discovered that the –ti switch in Lame deletes all the other tags so I had no information about artists, albums, songs etc. So it was back to the drawing board …

I ended up hacking together some Perl code (see below) which passes through a directory working on any MP3 files it finds. If you pass a second parameter, it saves the ID3 tags to memory then deletes the complete set from the file including the album art – result! It then calls Lame. I’m sure this code could be optimised as my coding is very rusty, but it does the job.

All in all this took a lot longer to resolve that I expected. In total I’ve probably spend about 12 hours on it – most of which was research and the testing and re-testing various code fragments as I began to understand how the Perl module MP3::Tag worked – the examples on CPAN are not as comprehensive as they might be. Still I got the result I was after so it was time well spent.



use File::Find::Rule;
use MP3::Tag;

local $cmd;
local $f, $image, $Art;
local $mp3, $title, $track, $artist, $album, $comment, $year, $genre;

if ( $ARGV[0] eq "" ) {
print "\nFormat is MP3Compress <file/directory> []\n\n";

if ( $ARGV[1] eq "" ) { $Art = 0 }
else { $Art = 1; }

my $rule = File::Find::Rule->file->name("*.mp3")->start($ARGV[0]);
while ( my $image = $rule->match ) {
  if ( $Art ) {
    $mp3 = MP3::Tag->new("$image");
    ($title, $track, $artist, $album, $comment, $year, $genre) = $mp3->autoinfo();

    # delete tag completely from MP3 file to remove album art then create new one
      title => $title,
      track => $track,
      artist => $artist,
      album => $album,
      comment => $comment,
      year => $year,
      genre => $genre}
    ); # Updates tags

$f = "\"$image.mp3\"";

$cmd = "mv \"$image\" $f;lame -V5 $f \"$image\";rm $f";


Testing Twitter Apps for Android

I’ve had my HTC Hero now for about 3 weeks and I’ve already flashed it to @nprussell‘s excellent VillainROM 3.x (Android 2.1 “beta”).

As some of you may have noticed, I’ve become a bit of a convert to the whole Twitter phenomenon – very late to the party I know but hey …! Anyway I’ve been trying to find a decent Twitter app for the Android which I liked as I have several accounts and I wasn’t thrilled with the default HTC Peep which is single account only.

So my criteria started as just “find a multi account app, preferably free so I can play” which led me to …


This is a great app with a very clean interface and very easy to read being black text on a white background – now that I require glasses this is important to me for obvious reasons.

Seesmic has been my default app from day one but I never felt truly happy with it. In all honesty it’s a bit boring to look at, but it gets the job done and that is really all that matters.

But like a magpie, I decided to look for something more shiny and so onto …


You may have seen a tweet from me recently  that I’d got a free copy of Tweetcaster for publishing the tweet saying I’d got the free copy (if you see what I mean). Actually I felt very cheated as all one gets is the free, adware supported version whereas I (and others from what I can see) believed that I would receive the paid for Pro version.

Anyway this is a very pretty app and works as it should. But I returned to Seesmic fairly quickly as a) you have to wait ages for the splash page to disappear so you can see the tweets and b) I could read more tweets per page  than Tweetcaster which puts an advert at the bottom of the screen blocking a tweet. Yes you can close it, but it annoyed me so I uninstalled it.


Next came Swift which is now owned by Hootsuite, the brilliant web based client that I use (you can schedule tweets which is incredibly useful). I’m sorry to say that I didn’t like this at all – for me even worse that HTC Peep. A small status bar at the top with icons which were too small for my not too fat fingers. Uninstalled rapidly. Oh and single client only, which had I realised initially meant that I probably wouldn’t have installed it to start with.


I read a rave review about Twicca this morning and decided to give it a go despite the fact that it is only a single account app – and I wasn’t disappointed.

This is a super app with a very clever user interface. The black background can be a bit tiring to read but that won’t bother many people I’m sure. One thing I love is the ability to set Twicca up so that particular tweeters that you follow can be colour coded with a vertical bar beside their tweet. This is fantastically useful if, like me, you are waiting for a particular announcement for some such event/person to appear in the time line.

The downside is that this is a single account app and it feels a little rough around the edges still – hardly surprising as it is published as a beta version. But if it had been just a wee bit better, I’d have settled for this and used HTC Peep for my work a/c as that account isn’t used as much. I’m sure that development of Twicca will continue apace and if/when they go multi-account I’ll be back to do an extended test. This is staying on my phone so the Market can tell me when there is an update.


One of the comments in a story about Seesmic I recently read mentioned Touiteur. Having a French name, I almost felt honour bound to take a look. And I’m really glad I did. It has a great user interface and can be very colourful if you choose. I must confess I was almost 100% sure that this was going to be my app of choice (it came down to this and Twicca for me) but I was niggled by the fact that I could either have everyone’s tweets in graduated gray (not unattractive at all) or they could be colour coded automatically by the app so that each tweeter was allocated a colour which was used for all their tweets. To my eyes this looked garish, and I kept harking back to Twicca’s feature of choosing to colour an individual tweeter, i.e. I choose who I want coloured.

Then, miraculously, LevelUp Studio delivered an update to Touiteur a couple of hours ago and I went digging in the settings to see what had changed. And I stumbled across how to colour code a single tweeter. Yippee! It was almost certainly there in the original version I downloaded and I was being blind, but I don’t care as I have it working now 🙂


My first surprise was just how many good Twitter apps there are for the Android. I’m confident that anyone should be able to find an app that meets their needs.

My second surprise was how clever these apps are becoming with respect to the user interface. Twicca is leading the way here but Touiteur and Tweetcaster aren’t far behind.

But my keeper is Touiteur for the time being. But as I said, I’m still monitoring Twicca so Touiteur can’t afford to rest on it’s laurels.

My Blog Has Been Hacked
and What I Did About It

I don’t know about you but I don’t look at my own websites very often. Create a new page or blog post, check it looks OK and move on.

So imagine my surprise and horror when I was checking all my blogs after updating to the latest version of WordPress to discover that this blog had been well and truly hacked. What was interesting was what the hack did which is why I’ve decided to share this with the world rather than bury my head in shame.

When you loaded this site, everything looked normal for about 5 seconds and then you were redirected to another site via what looked like a couple of intermediate/proxy servers. When I first spotted this, I was taken to the listing page for a Chinese TV company which rather shook me as it is not as if my blog is mega popular (I wish!).

Given that in a former life, I founded and ran a very large UK based ISP, I’m used to dealing with hacks such as this. So I fired up an FTP client and logged into my hosting account to see what I could see. I wasn’t expecting to find much in all honesty as I reckoned that any halfway decent hacker would make sure that the date and time stamp on any changed files was the same as the original so as not to arouse suspicion. Having said that, I have seen instances of what we called “script kiddies” who changed things for fun and didn’t care what traces they left behind. Anyway, as I suspected, nothing obvious.

So then I logged into WordPress and decided to change from the K2 theme (1.08 RC) I was running to the default to see whether the hack was theme related or WordPress core specific. And the site worked so the finger was pointing at the K2 theme.

Now that I knew I could stop the hack immediately, I put the K2 theme back and had a play with the site. That was when this hack became interesting. If I clicked on a link within a topic (I have Twitter Tools installed so this was easy to do), I was correctly taken to the linked page. I had just reloaded my blog when the phone rang, and when I looked back, I had been redirected to the link I had just chosen. Further testing showed that this hack always redirected the site to the last clicked link. I’ve not seen this before but I thought/think it was rather neat in a sick kind of way.

Anyway I’ve now upgraded to the latest version of K2 (which was long overdue) and changed the passwords on all my sites as a precaution.

You have been warned!

Resuscitating my HTC Blue Angel

This is a simple story of how I resuscitated my 5 year old O2 XDA IIs.

For many years now I have been re-flashing the ROM on this wonderful PDA/phone. People with iPhones and Androids etc look at my “brick” in astonishment whenever I bring it out to update my calendar or whatever but for me, it has been one of the best investments I’ve ever made. Indeed I have a brand new Orange SPV M2000, still boxed, sitting in a cupboard waiting to be fired up when this one finally breaks beyond repair. Sad I know but …

So why did it need resuscitating in the first place? Well the screen started to look as if it was cracked. I took it with me when the family went tobogganing in the big snow dump we had 2 weeks ago and when we got home I noticed that there was a patch of pixels in the middle of the screen which looked stuck. I ran a pixel unsticker utility overnight but this didn’t make a difference.  So new screen time. Fortunately a friend had given me his old i-mate PDA2K which was in a sorry state but which had a very clean screen. So following the instructions I found on the XDA Developers wiki, I proceeded to swap the screens over. Unfortunately it turns out that there are 2 different types of screens so the swap over didn’t work. Not a major problem – I just dropped the whole of the i-mate innards into my XDA case.

Brilliant yes/no? (Excuse the pun)

Yes and no as it happens. I managed to snap off the lug on the side of the phone to control the volume (not a major problem as this can all be handled by the ROM software anyway). The weirdest thing was that the ring tones were so quiet I couldn’t hear the phone when it was in it’s case.

So firing up my registry editor for Windows Mobile (the brilliant CeRegEditor) I went poking around and came across this registry setting:


The value of AttenuationCategory was set to 5. It should be set to 2. Now it’s back to it’s normal loud self.

So far so good. But there was one other thing that bugged me. I stopped having a pay monthly contract and went PAYG last year as 90% of my calls are incoming (I’ve just switched to giffgaff ). Several PAYG SIMs have settings in contacts to allow you to check on your balance etc. These kept showing up in my PDA address book which was annoying. So poking around again in the registry turned up


and setting the value of ShowSim to 0 (zero) sorted that out.

In the words of that annoying meerkat, “simples”!

Insidious Mobile Directory Enquiries Service

A new directory enquiries service has recently launched here in the UK called 118 800. It will allow you to ask for someone’s mobile number.

Most people, I suspect, feel that their mobile is their very private domain and don’t want it invaded by cold callers. It’s bad enough when that happens on one’s home telephone.

I’d heard about this service before but thanks to the weekly email I receive from Money Saving Expert (an excellent service for finding the best deals on insurance, utilities), I learnt just how insidious this service is. If you’ve ever forgotten to opt out when signing up for an online service (or offline come to that) and provided your mobile number, the chances are that this service will have bought your details and added you to their database.

But all is not lost! You can opt out! Don’t forget to do your partner’s phone and particularly those of any children you might have as many (most?) kids phones are registered to a parent and so outside the rules governing contacting minors. 118 800 have a removal page here.

I strongly recommend that you take action now!

Is a software flaw worth a life?

For about 18 months I’ve been a very happy user of VAServ’s cheap and cheerful VPS platform. The control panel was called LXAdmin (later renamed to Kloxo). A major series of security bugs was found a few weeks ago, and last Sunday the security company that identified the bugs decided in their wisdom to publish the bug list online because they had not had a response to their emails to LXLabs.

Well the sky fell in, and the fall out has been very painful. VAServ lost just about everything: over 100,000 domains taken off line while they tried to fix the break-in/security breach(es). For this company the pain is awful as they have been forced to be acquired (as far as I understand the email I received) by their UK datacentre partner who supplied man power to help out. I doubt the owner, who spent years building his company up, received very much if anything for it.

I lost all my domains. The reason you are seeing this is because I was forced to move to Hostgator to try and get my domains back up and running – I’m one of the lucky ones in that I had full backups of all my sites, both SQL and themes/plugins etc. Not everyone will have been so lucky.

Which brings me to the unfortunate owner of LXLabs who sadly appears to have committed suicide on Monday.

Is a software flaw, no matter how serious, really worth a life?

Joining the Netbook Revolution

I’ve joined the Netbook Revolution and become a network road warrier in the process!

I’ve bought an Advent 4211 from my local Currys electrical store. Linux was quickly installed using Fluxbox as my window manager – this was easy as the Advent is a rebadged MSI Wind so there are lots of helpful articles all over the ‘net.

It fits inside a canvas shoulder bag I bought years ago and never used, along with an A4 jotter pad and all the other paraphernalia I need for meetings so I’m recycling too. Talk about feeling smug as I set off each day!

So now instead of permanently being behind on email, I can stay on top of it on trains, buses, planes etc etc. And with a Huawei E220 bought on eBay (as I know it is Linux compatible) and a cheap-as-chips PAYG data card from T-Mobile, I’m truly a mobile warrier!

Watching cricket under floodlights

Last night I took my wife and our 2 small boys to Lord’s to watch Middlesex play Kent in a Twenty20 Cup thrash – and Middlesex did indeed get thrashed by 60 odd runs.

But the floodlights, being used for the first time if I heard the announcer correctly, were fantastic and watching them rise slowly before play kept my boys amused for ages.

Great work MCC – now I can’t wait for the Twenty20 World Cup to begin in a few weeks time!