Using Expect to SFTP a file

Because of technical limitations on a pair of platforms I’m using at work, I am unable to set-up key-based SFTP or SCP to transfer files between the pair of them, so I knocked together this short script using the TCL based Expect language.

There’s no error checking here, which isn’t great, but as a quick-and-dirty script to SFTP files to a box which needs the password each run… it works! :)

Talk Summary – Sandstorm: The Future Of Self-Hosting?

Format: Website tabs. An ad-hoc walkthrough of installation documentation and using Sandstorm. (Partial repeat of a previous talk at OggCamp ’15). Beanbags and a small number of chairs. 20 attendees.

Slides: None

Video: None

Slot: Day 1 (Saturday), Slot 1 (10:30-11:00)

Notes: Covered installing from curl | bash and mentioned PGP signing of installer. Covered installing apps and creating your own (might have confused people on this point). Demonstrated using apps with my own server, and installing apps too. Several follow-ups about why sandstorm and constraints in what to install it on, also about updates.

GPG Encrypting files using a keyserver

Another “at work” post!

I’ve been generating files which need to be distributed via a file server, but need to be encrypted using GPG (the open source PGP application). Rather than managing keys for a large number of users, instead, I have a text file with the user names in, and a batch file. Please see the below gist for details :)

Installing Symantec Endpoint Protection (SEP) on Ubuntu 14.04

At work we use Symantec Endpoint Protection, and in a lab, I was asked to confirm whether we could install it on our Ubuntu 14.04 servers. This took a few hops to get it installed, so I figured, I’d publish how I got it working, to save some other poor soul the trouble :)

Firstly, add the webupd8team’s Java PPA and update the repository cache: sudo add-apt-repository ppa:webupd8team/java && sudo apt-get update

This gives you the ability to install the Java 8 installer: sudo apt-get install oracle-java8-installer

This should download the install files, but for some reason, I was struggling to download it (the install script seems to struggle with downloading the actual .tar.gz file from Oracle), so I manually followed the link to, accepted the license, and placed the file in /var/cache/oracle-jdk8-installer/ and then re-ran the above apt-get install line.

— Note: This above issue was because I was running a caching proxy, which somehow doesn’t play nicely with this script. Turn off your proxy – should be all good :)

Next I had to install the Java Cryptography Extension which I got from the Java SE page. I placed this file in /tmp/ (the filename is the one Oracle use) and replaced the files in /usr/lib/jvm/java-8-oracle/jre/lib/security with the ones from the extracted archive with this line: cp -b /tmp/UnlimitedJCEPolicyJDK8/*.jar /usr/lib/jvm/java-8-oracle/jre/lib/security.

The SEP client also has a dependency on the 32bit version of GLibc. I installed this with sudo apt-get install libc6-i386

I was then, finally, able to install the SEP client by unpacking the installer zip file, and running sudo bash -i from the path I’d unpacked the zip file in.

Not very complicated, I guess!

— Sources:


The importance of saying something – in memory of Lindsey

Today, I said goodbye to a friend. Not a best-of-friends friend, but just a friend, a colleague, a someone-to-chat-with-as-we’ve-both-got-5-minutes friend.

We used to work in the same office, 10 or so years ago, she had been there longer than I and she would teach those who were following the same path she was on. She was a patient and good teacher, I seen to recall. A year or so passed, I moved site, changed roles, but when I came back to the site, I’d try to catch up. It didn’t often work out, but I tried. She had a son a couple of years before me, so I went to her for advice a few times, and it helped knowing she’d followed a similar path.

A few years ago, she was diagnosed with cancer. She did well, fought it off. I only found out near to the end of her treatment, and it didn’t feel right to say anything… after all, we didn’t speak often and, well, I didn’t really know what to say. I mean, what can you say when it’s nearly all over?

I saw she’d beaten it, and I was happy, but again, I’d not said anything when she was fighting it, and so now, what can you say when you’d not said anything when it mattered. I liked some photos and positive messages she’d written on Facebook, I hoped it was enough, to let her know I was happy she was OK.

And then, a few months ago I saw she was back at Christie’s Hospital. She was having more scans. A few weeks later, I was back at the old site and (fortunately) bumped into her. We chatted like old times, shared some war stories about our kids and then she asked if I knew she was back in for treatment. I’m happy to say I was able to say I knew, but I didn’t say much, just that I hoped it all went well and that she was looking good. We didn’t talk for long, but I’m glad we did.

A few weeks ago, the posts from my friend began to change. The posts, still optimistic, were now about a legacy, about pictures, about blankets, and about spending time together. There were pictures of breaks and holidays. I could tell that the outlook had changed… But what could I say? The happy pictures got likes, and again, I hoped that was enough.

And then, I saw a post, my friend had passed away. And it hit me, I’d never really said anything that mattered.

Today, I went to her funeral. Her husband greeted me at the wake, by name. He remembered me, maybe from Facebook, maybe from their wedding. I don’t know. But, he knew me in a room full of people. And eventually, I choked out that sometimes you want to say something, and he replied that there were no words sometimes.

I am glad I went today, if only to know that in some way, I finally managed to say something, even if it wasn’t really enough.

And I realised that, but for the whim of God, or, should you not believe like that, then, on the wheel of chance we call life, this fate that fell on her could fall on any one of us. It could be my wife, my child or even me. It could be my brother, or his family. It could be my neighbour, or another colleague… anyone. And in that case, could I still say nothing? I hope I can find at least something, next time, to say.

Rest in peace, Lindsey. My best wishes to your husband and son, to your sister and mother, and to the friends you have left behind, in a world a little less brighter.

Setting up a Google Play Music uploader for Linux Servers

I like having an online music server. At home, I use a Logitech Media Server (formerly Squeezebox Server) [1] and run my several O2 Jogglers around the house with the “Squeezeplay OS” [2] images to play music from that server, but when it comes to an Android tablet (or Android phone), there’s not that joined-up thinking from Logitech (although you can just about cobble it together using a few 3rd party apps [3]), but what I do like is the Google Play Music service.

Google Play Music [4] was the first product from the Google Play team after they rebranded to “Google Play”, and I pretty quickly got interested in it. I installed the Google Play Uploader [5] on my home server, and uploaded all my music (apparently, I’m up to 12,000 tracks, but I think there are some duplicates there!) but what to do about the rest of the family? Well, until just recently, it didn’t matter. Jules has no interest in playing music on her phone or tablet, and Daniel, well, he’s 3-and-a-bit.

Since pretty early on, he’s been all over our tech – initially just using whatever apps we had installed on Jules’ and my phones, then Jules’ tablet (I was, and still am, pretty cautious about him using my tablet as it’s an Asus TF300T [6] which cost quite a lot of money, and I keep toying with the idea of installing some other OS – like Firefox OS [7] or Ubuntu Touch [8] on there and can’t if it’s wrecked), and now he’s pretty comfortable with browsing YouTube or the Play Store, although he knows not to click on adverts and can’t install anything that costs anything.

In the last couple of months, since he’s been really learning how to spell, he’s been asking how to spell the names of his favourite films (“Oliver!”, “Frozen” and “The Polar Express” primarily) to get the film clips up in YouTube, or to play snippets from the soundtracks of the films… which got me thinking. I can’t really do much about the films (not yet at least!), but perhaps I could set up Google Play Music with the soundtracks he listens to… but I already have one account sync’ed with Google Play Music from my media server…. how do I get his stuff set up on there?

Essentially, Google Play Music Uploader is a GUI application that can’t be started in the CLI (which kinda makes sense from a simplicity perspective), but as I’m already running one instance of the application on my media server, I can’t start up a second one, so what do I do?

Well, as it turns out, there’s actually a python library for interacting with Google Play Music’s upload and download applications called “gmusicapi” [9], and this couples with a really nice wrapper gives me a CLI utility I can run in a CRON job on my media server.

The wrapper is called gmusicapi-scripts [10], which contains 3 utilities –, and the key to this –

You need to install a few libraries. On my Ubuntu 14.04 system, I needed to run:

sudo apt-get install python-pip avconv-tools
sudo pip install gmusicapi
sudo pip install docopt

Once you’ve got this, you can get the tools themselves like this:

git clone

This will give you a folder called gmusicapi-scripts in which is – the first time you run it, it’ll ask you to visit a web page in order to register the client. Click “OK” to approve the library having access to Google Play Music. This is a pretty spartan page, and ends up with a grey text box containing a string. Copy the contents of that box back into your terminal, and hey-presto, you get it working…

Well, sort of. For me, because I’d not set Daniel up with Google Play Music yet, I needed to set up his account first. I didn’t realise this (I thought, just going to the web page the script points you to will get you access, but it doesn’t because they need to vet which country you’re accessing from…) and the script didn’t tell me that (it just kept saying “Not Subscribed” [11])

Anyway, once it’s done you run

~/gmusicapi-scripts/ /path/to/file.mp3

( 1/1) Successfully uploaded /path/to/file.mp3

If you’ve got multiple users, you can rename ~/.local/share/gmusicapi/oauth.cred to ~/.local/share/gmusicapi/SomeOtherName.cred and then run

~/gmusicapi-scripts/ -c SomeOtherName /path/to/file.mp3

Subsequent passes will prompt you to authenticate the next account as you go, and then you can rename them as appropriate.

[1] Logitech Media Server (formerly Squeezebox Server):
[2] “Squeezeplay OS”:
[3] a few 3rd party apps: I got it working on my TF300T by combining and
[4] Google Play Music:
[5] Google Play Uploader:
[6] TF300T:
[7] Firefox OS:
[8] Ubuntu Touch:
[9] “gmusicapi”:
[10] gmusicapi-scripts:
[11] “Not Subscribed”: I raised a bug, but the lead developer said it seemed obvious to him that you have to set it up first… not disputing that for the first pass, but a nice message would have been good :)

Some notes about Ethernet over Power

I messed around a bit with my network tonight, in order to set set up my Ethernet-over-power (AKA Powerline Networking), and I figured out some things which, while they may not be useful to many of you, this is a bit of a prompt for the next time around.

1) The manager application runs under Windows only (although apparently, there are github repositories where you can get and build a linux application which even lets you set QoS aka Quality Of Service and other such fun things – I’ve not tried them, so I can’t recommend them). If you’ve got more than a matched pair of these, then you’ll need to run the application. I didn’t try running it in a virtual machine – I kept the supplied Windows OS from when I bought this machine specifically for purposes like this.

2) Not all models reset in the same way. If you can’t get them all to reset, connect to them with a CAT5 cable, go to the “Privacy” tab, select “Public network” which will reset it to “PowerLineAV”, and then select “Local computer”. You should then be able to browse across them all.

3) Not all models come with a “password” (sometimes referred to as a DEK). In this case, you also have to plug into these devices to set up their security. If they do have a password, it’ll be entirely in upper case, and even though the application shows numeric characters, in the 4 devices I received, they were all alphabetic-only strings of 16 characters, separated by hyphens.

4) Once you’ve got them all set to “PowerLineAV”, typed the passwords in for the models which have them, you can now set a community wide network password. This could be used to set up several logical segments, but realistically, it’s going to be one flat network :)

I can’t think, offhand, of anything else I need to say right now, but it’s been pretty interesting setting this up, so… hope you enjoyed it!

Starting EC2 instances using PHP

I run a small podcast website called It runs on Dreamhost because they offer unlimited storage and bandwidth, but while it’s a great service for storage, it’s not really useful for running a batch process because long running processes are killed regularly (in my case, building the cchits podcasts on a daily basis).

As a result, I built an EC2 instance which I trigger every day using a cronjob. Previously, I used the “AWS CLI tools”, but as this uses a Java Virtual Machine, it was taking an awful lot of resources just to spin up an instance, and Dreamhost kept killing the task off. As a result, I found the AWS PHP SDK, and coded up this little snippet to spin up the EC2 instance.