Monday, March 16, 2009

How to access the BBC Iplayer feed from another country

How to access the BBC Iplayer feed from another country

This post is designed specifically for the formula 1 feeds from Iplayer however since it has been written before these are even publiclly availible, I have tested this method in recent weeks primarillary on Top Gear and it has worked with about a 90% hit rate.

This method is not a simple or quick and easy fix. It takes some decent technical knowledge to implement and it is now at this point that I suggest that if you are not overly technical you should not really proceed.


This method uses TOR an anonimity network designed to route packets securly through multiple nodes throughout the internet

That pic describes the basic principles behind the routing of TOR it will bounce all your communications through 3 different nodes before getting to the end destination. All traffic between the nodes is completely encrypted and the whole point behind TOR is that it is near on impossible to determine where a packet originated.

You can read more on it here

The important part for BBC’s Iplayer is the exit node(that is the last node before being routed again onto the public network) we will need to force this to be in the UK. Once that is completed it will appear that we are just residing in the UK like all legimate users of Iplayer.

Tools needed

Vidalia -

This file contains all the software you need to use TOR, it has a graphical control panel, a privacy proxy, and a firefox plugin.

Install proceedure

I am running a beta of Windows 7 so I can not confirm that this will work on every other platform however I see no reason why it won’t.

Download the file above

Run the installation for Vidalia selecting all the default options.

Go to Start -> Run
C:\Windows\system32\Notepad.exe C:\Users\matt\AppData\Roaming\Vidalia\torrc

This will then open a window with the TOR configuartion file

Later I will describe exactly how to source the information to put into here as it does change over time

All that needs to be done now is the following 2 lines added to the bottom of the file

ExitNodes 0000000000Marauder, anonion, anotherlink, colinwillsdorkyahoo, gigatux, znodetor, humph

StrictExitNodes 1

The first line for exitnodes describes 7 known exit nodes in the UK that I have tested to work with the BBC Iplayer

The second line forces TOR to always use these even if a better path is availble (A better path for TOR will most likley not use a exit node in the UK). Save the file.

Open up the Vidalia control panel (It is an onion icon in the taskbar) by right clicking on it in the taskbar and selecting control panel. Click Stop TOR and then once that has completed click Start TOR by this stage it should have read in the new configuration file and will now use the UK exit nodes.

We now need to configure TOR button within Firefox to make sure it works correctly. The TOR button will be loctaed in the bottom right hand coner of the firefox window with red text TOR Disabled right click on this then click on preferences. The settings chosen here are NOT the most secure settings for TOR and I would recommend not using these for if anonimity is your only goal on the internet. However for the purposes of using Iplayer these are the settings that I have found work best.

Once this is setup all you need to do to turn TOR on is left click on the TOR Disabled button this will change it to TOR Enabled.

You should leave TOR disabled at all times except when starting up the Iplayer as web browsing through TOR is very slow and it should only be used as needed.

Watching the content

With TOR disabled go to find the show that you want to watch and click the play button. You will then be presented with a screen like this

At this point you need to enable TOR and refresh the page, TOR will disable the refresh button so you need to click on the URL and push enter.

You need to be patient at this point as it may take 4 – 5 minutes for the next screen to appear

At this point Click the big Click to play button in the middle of the screen it will take quite a while to buffer up and begin playing the content. Make sure you are patient.

Once the content starts playing pause it and left click once on the TOR Enabled button. After about 10 seconds you will see it change back to TOR disabled. At this point I normally let it buffer the feed for about 1 minute before clicking play. You are now able to watch the feed using your native internet connection. Normally this works pretty smoothly from here in Australia even though I have a pretty slow internet connection.


This setup is using only a very limited amount of exit nodes in the UK that may come and go or be blocked by the BBC over time. I will try and post regular updates if I find any issues with new working exit nodes. This method is generally a lot harder for the BBC to dectect that just a simple proxy so should be mostly ok.

Tuesday, July 17, 2007

A smokers look back in time

Well I need to admit to what appears to be one of modern society’s most carnal sins. I am a smoker. It seems that in western nations we are the most actively discriminated minority there is.

On July 1st all Victoria smokers were told we are no longer welcome in Pubs and Clubs. Well a beer and a smoke has always gone hand in hand for me so it is horrible to be sent outside in the cold to smoke. This last weekend it was about 5C outside where hundreds of drunk smokers were crowed on the streets and balconies fulfilling their additions.

Being stuck outside made me want to remember the good times. On that note it is time to view some of the best smoking ads ever made.



"A winston tastes good like a smoke should"

"More doctors choose Camel"

"Thinking mans filter a smoking mans taste"

I have no idea what this one was about

"To a smoker its the taste of kent"


And just to present both sides of the story here is a non smoking ad

Monday, July 16, 2007

Drink Driving Case Tomorrow

Ok I am very excited. As I mentioned a few months ago I lost my license for drink driving well tomorrow is the first hearing. I know that in the Victorian legal systems the chance of getting a result tomorrow is basically non existent.

It is far more likely that this will be the hearing to decide when the mention date will occur that decides when the motion date will be. A whole lot of money wasted on this stupid system just to get us nowhere. Oh well I am still excited because it will be the first step in the process over and done with.

I would like to also shout out my lawyer S. P. Hardy if you ever have any sort of traffic offenses in Victoria Australia you should check out his site it details everything you should do when handling it.



Long time no Post

Ok well I need to say sorry. I had all of these good testing blogs planned and then work just ran away and became overly crazy. It has now been almost 2 months since the last blog. It was something that I was really enjoying and I want to keep doing it.

Watch this space there will be some more interesting content in the next few days


Sunday, May 13, 2007

Longhorn server NIS Authentication

Longhorn server NIS Authentication

Well as a follow up to my last piece, which got linked to by iqubed, I wanted to show that Microsoft had done some good work with their interoperability since previous versions of Windows Server. I had a good look at the NFS and NIS services which I believed would provide me with the features that I used in the past through the Active Directory Authentication and hopefully with out the hassle involved with them.

However just installing the NIS services was a pain and after a total of 6 reboots Longhorn informed me that there was something stoping the installation; however I did not let me know how I could fix this at all.

root@odin749:~# ypcat passwd




After beating my head against a wall for quite a while I was able to work everything out. NIS wasn’t installing because I didn’t have enough hard drive space left on the box and that was stopping everything from proceeding.

The biggest problem I found with the installation was that all users will need to change their passwords before they will work through NIS, since the first time it maps it only sends random values for the passwords.

With NIS I am able to solve the problems that No active directory gives me and use my Windows Passwords for various unix applications such as Apache, Squid and Dovecot.

Thursday, May 10, 2007

Longhorn server and Ubuntu Active Directory Authentication

Longhorn server and Ubuntu do they still play together?

The best feature of Samba is being able to join an Active Directory domain and authenticate against for desktop logins, web applications and almost anything else you can think of that requires a user name and password. In the past I have used the Winbind authentication for email over POPS and IMAPS and found the features to be fantastic for any business that operates in a heterogeneous environment.

Microsoft have just released Longhorn Server Beta 3 which offers a fairly big change from previous windows server versions in the way it approaches network management with a large focus on role based servers. There real question however is can linux boxes still join and authenticate against Active Directory domains running at Native Longhorn Server levels. Well the answer a non surprising NO!

I spent around 8 hours trying to get this to work based on previous working configurations that I had for windows 2003 nothing worked at all

Below is a quick look at the configuration that I had which failed to work

I started with a stock standard Ubuntu 7.04 install and a base install of Longhorn Server beta 3 you can review my configurations below. Based on what I have found I believe that Microsoft have changed some major parts of Kerberos since the standard encryption for windows didn’t work. When I changed this to Auto negioation I was able to get a ticket however when I attempted to add the computer to the domain I continued to get different Kerberos errors.

#first step

odin749@odin749:~$ sudo su -


root@odin749:~# apt-get update

root@odin749:~# apt-get dist-upgrade

#enable remote login

root@odin749:~# apt-get install ssh

#Install Samba

root@odin749:~# apt-get install samba

#Install Winbind

root@odin749:~# apt-get install winbind

#Install Kerboras

root@odin749:~# apt-get install krb5-clients krb5-user


root@odin749:~# vi /etc/krb5.conf


default = FILE10000:/var/log/krb5lib.log


ticket_lifetime = 24000

default_realm = ASTECH.COM

default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc

default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc



kdc =

admin_server =

default_domain = ASTECH.COM


[domain_realm] = ASTECH.COM = ASTECH.COM


root@odin749:~# vi /etc/samba/smb.conf


workgroup = ASGUARD


security = ADS

password server =

domain master = No

idmap uid = 500-1000

idmap gid = 500-1000

template shell = /bin/bash

winbind separator = +

winbind use default domain = Yes

root@odin749:~# testparm

Load smb config files from /etc/samba/smb.conf

Loaded services file OK.

'winbind separator = +' might cause problems with group membership.


Press enter to see a dump of your service definitions


root@odin749:~# vi /etc/nsswitch.conf

passwd: compat winbind

group: compat winbind

shadow: compat

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 wins

networks: files

protocols: db files

services: db files

ethers: db files

rpc: db files

netgroup: nis


root@odin749:~# vi /etc/pam.d/common-account

account sufficient

account required

root@odin749:~# vi /etc/pam.d/common-auth

auth sufficient

auth required nullok_secure use_first_pass

root@odin749:~# vi /etc/pam.d/common-password

password required nullok obscure min=4 max=50 md5

root@odin749:~# vi /etc/pam.d/common-session

session required umask=0022 skel=/ect/skel

session required

session optional


root@odin749:~# mkdir /home/ASTECH


root@odin749:~# kinit administrator@ASTECH.COM

kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials



root@odin749:~# kinit administrator@ASTECH.COM

kinit(v5): KDC has no support for encryption type while getting initial credentials

root@odin749:~# vi /etc/krb5.conf


default = FILE10000:/var/log/krb5lib.log


default_realm = ASTECH.COM

dns_lookup_realm = false

dns_lookup_kdc = false

ticket_lifetime = 24h

forwardable = yes



kdc =

admin_server =

default_domain = ASTECH.COM


[domain_realm] = ASTECH.COM = ASTECH.COM


pam = {

debug = false

ticket_lifetime = 36000

renew_lifetime = 36000

forwardable = true

krb4_convert = false


root@odin749:/var/log# kinit administrator@ASTECH.COM

Password for administrator@ASTECH.COM:

kinit(v5): Clock skew too great while getting initial credentials

root@odin749:/var/log# kinit administrator@ASTECH.COM

Password for administrator@ASTECH.COM:


root@odin749:/var/log# klist

Ticket cache: FILE:/tmp/krb5cc_0

Default principal: administrator@ASTECH.COM

Valid starting Expires Service principal

05/04/07 23:59:09 05/05/07 09:59:02 krbtgt/ASTECH.COM@ASTECH.COM

renew until 05/05/07 23:59:09

Kerberos 4 ticket cache: /tmp/tkt0

klist: You have no tickets cached

root@odin749:/var/log# net ads join -U's password:

[2007/05/05 00:01:22, 0] utils/net_ads.c:ads_startup(289)

ads_connect: No such file or directory

Wednesday, May 2, 2007

I know I am late but - 09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C009-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C0

I know I am late but - 09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C0

Well I just got home from work and it appears the whole internet has gone CRAZY. Crazy in a frenzy of unison against DRM and the MPAA, Digg users today showed the power of the internet and how censorship in the internet age just doesn’t work.

I must say I first heard this news in the most unlikely of places on the forums there users were busily talking about how the power of the internet has prevailed. I have spent the next three hours reading through posts on digg, Slashdot and many other various blogs. I must say that this reaction from the community has been very encouraging and something like this has been brewing for a very long time. The legal beaucracies just cannot silence the collective mass of geeks everywhere who have created the technology for people to get their ideas expressed and heard by millions of people in a matter of seconds.

For those who don’t know the key above is the main AACS(the content scrambling system) used for the DRM of both Bluray and HD-DVD. In mid February the forum users managed to crack a software player for HD-DVD which after some very careful disassembly led them to the main code allowing users to build tools similar to the famed DeCSS this will allow users to make backups of their purchased content and play both HD-DVDs and Blurays on Linux.

The articles on Digg have been voted for by users over 55000 times making this the most popular topic ever on that site. Google for me turns up 21000 links which must not include all the sites that have been put up over the day. This information must now count as public knowledge which would nullify any legal action over the people posting it.

Please if you read this share this as much as possible.