Building an Open Source PVR: Step Two – Software

So in my quest to replace my Mac-based PVR I wanted something lightweight that could be controlled via a remote. I had issues with my current setup when a keyboard or a mouse just had to be used, and I wanted to avoid that. Since this system would be dedicated to the PVR, I didn’t want to install anything that wasn’t necessary.

This left me two options: Kodi (formerly XBMC) and MythTV. I decided to try out Kodi via the OpenELEC project. OpenELEC aims to create a very lightweight instance of Kodi that can be installed (and probably even run) from a USB stick. Sounded like just want I needed.

The easiest way it install OpenELEC is to create a bootable install USB stick. This is pretty easy, if you read the instructions correctly. I actually spent a lot more time on this than I needed because of a failure to do so. Once you download the image you need (I used the new bundled “generic” version which works with Intel-based devices as well as most others), you insert your USB stick and then run the “create_livestick” command. You pass a parameter to that command which indicates the path to the USB stick, i.e. /dev/sdX where X is the drive letter.

This is where I screwed up. I could easily tell that the stick I used was mounted on /dev/sdh1, so that’s what I used. The problem was by adding the “1” I was specifying a partition and not the whole drive. It took me an embarrassingly long time to figure out what I was doing wrong.

Once the stick was created, I just booted the Intel NUC with it and followed the on-screen instructions. Pretty soon I had a working OpenELEC system.

Now let me stress that OpenELEC is not designed as a dedicated video recorder. It is designed to run Kodi which is a media center, so most of its functions are aimed at managing libraries of media and not recording television. The menu is organized by media type:

You have a Pictures menu, and if you have the PVR add-ons installed, a TV menu item. Videos are movies, whereas TV Shows are media files that have been identified as TV Shows (different than things you have recorded on your PVR).

Then you have your Music files, any Programs you have added to the system (as in software programs) and the System menu itself.

The system information screen gives you a read-only overview of the system, including memory usage and frames per second.

To actually change things you need to go to the configuration menu:

You can add media sources via pretty much every network protocol currently in use. As I have a couple of UPnP servers on my home network I used that format, but I found that when I added new content the system wouldn’t pick up the changes. So I installed an add-on to update my library but it didn’t help:

I searched but couldn’t find any way to get the changes to show up. There is a menu that comes up when you hit the left arrow that is supposed to update the library but it wouldn’t work for me. Since my UPnP servers can also serve files over SMB, I tried that and it not only fixed the issue but opened up a whole new level of coolness.

You can scan for TV Shows in your media files, and when you do Kodi will try to “scrape” information off of the Internet for such things as artwork and episode synopsis. You have to have your library named in a particular fashion (which I do) but then it is pretty automatic:

This didn’t happen when I was using UPnP.

This is all well and good, but I still get a lot of content through Over the Air (OTA) television broadcasts and the whole purpose of this exercise was to get that working. In order to add PVR functionality to OpenELEC you need to install add-ons. This usually consists of a “backend” application that does all of the heavy lifting with respect to video capture and encoding, and a “frontend” or client application that connects with the backend and displays the video. I specifically chose more powerful hardware as I wanted both features on the same unit.

First I needed to install the backend, which is a piece of software called “Tvheadend“. It was a little hard to find in the menus as it is a “service” and not a normal add-on, so you have to find the “services” section of the add-ons menu:

and then you can find and enable your services:

Like most add-ons within Kodi, you will have an “information” screen:

and a configuration screen:

The configuration screen comes into play when you set up the Electronic Program Guide (EPG) but I’ve reserved that for a separate post.

To access the Tvheadend software, you have to browse to it via http://[openelec-server]:9981. That would be a different URL, of course, if you installed it on a server other than the OpenELEC box. This is where it got difficult as most of the documentation on-line is out of date and the menu options have changed. I’ll post what I did in the hope that it might help someone else out.

First, you want to go to the Configuration tab:

You don’t have to do anything on the “General” tab if you don’t want to, but you do need to see a TV capture device on the “DVB Inputs” tab:

If you have chosen a supported capture unit, it should be displayed here. If not you’ll need to either figure out why it isn’t or get another unit. My Kworld UB435-Q showed up with support for both DVB-C and ATSC formats. Since I am interested in OTA broadcasts in the United States, I chose to enable the ATSC interface as the other is used for cable, which I don’t have.

Note in this screenshot that there is a Network entry called “OTA”. This was not there when I first enabled the interface. I had to go and set it up on the “Networks” tab and then add it.

This took me a rather long time to figure out. You need to tell the Network what multiplexers to use, and it looks like you would need to add them individually under the “Muxes” tab. It turns out that there are a number of pre-defined muxes including one for North America ATSC called “United States: us-ATSC-center-frequencies-8VSB” so I just chose that for my “OTA” network:

Once I associated it with my adapter in the “DVB Inputs” tab, I had a list of television channels:

Tvheadend is pretty cool on its own. If you notice on the screenshot there is a “play” button next to the channel name and if you click it you get a stream that will play on your computer. We recently had a bad weather day and I worked from home, and I was able to keep the local news up in a window while I worked. I haven’t really explored all of the features of Tvheadend, but once I got to this point it was time to head back to OpenELEC and set up the frontend client.

Going back to the configuration menu and looking through the Kodi add-ons, there is a section called “PVR Clients”:

I wanted the Tvheadend HTSP client:

Just like the backend, there is an information screen:

and a configuration screen:

In this configuration screen, you have to point to the Tvheadend backend, which in my case is on localhost.

If you get to this point, then you should see a new “TV” menu item:

You can watch live TV:

But the main reason I wanted a PVR was to time shift and store TV programs so that I could a) skip the commercials and b) make sure I didn’t miss anything. This requires access to the Electronic Program Guide and I could not figure out how to get it to work. I spend days worth of my limited free time working on this. The forums and the existing documentation were not much help.

I got so frustrated that I based the system and installed Mythbuntu – an Ubuntu-based distribution that focuses on MythTV in the same fashion OpenELEC focuses on Kodi. I figured that since MythTV was designed to be a PVR from the start, it might be easier.

There were a number of differences apparent right away. Mythbuntu is huge compared to OpenELEC. It includes a number of things that just aren’t required. It was, however, easy to install, and building on my newly earned knowledge with OpenELEC I was able to navigate the initial setup easily. I found that the MythTV documentation was slightly better than OpenELEC/Kodi/Tvheadend, but I still hit snags.

The first was that MythTV wouldn’t recognize the Kworld tuner I was using. It did, however, see the EyeTV tuner from my Mac-based install. But using it and having it scan for channels turned up nothing. The channel scan seemed to complete as expected but nothing was discovered.

I spent another day’s worth of free time trying to get that to work, but I gave up pretty easily. I wanted to use the Kworld tuner and possibly sell the EyeTV unit, so it bothered me that it wasn’t recognized. Plus, Mythbuntu just wasn’t the lightweight install I wanted, so I decided to go back to OpenELEC.

I did finally get the EPG working, but I’m going to reserve that story for the third and final post in this series. Once that happened I could see the guide in OpenELEC:


Is it perfect? No. The OpenELEC TV frontend is pretty limited. While I can schedule a show for recording through the EPG by setting a “timer”, I have not found a way through the GUI to record a whole series. I can do it through the Tvheadend web interface by selecting the show in the EPG and choosing “Record Series”:

and then it will show up on the “Timers” section of OpenELEC:

You can access saved recordings through the menu as well:

but it frustrates me that there doesn’t seem to be a way to delete the recording once I’ve seen it. I have to do that through the Tvheadend web page.


Overall I’m happy with my new OpenELEC Kodi install. There are a large number of add-ons that I haven’t explored yet, and perhaps I’ll have the time one day. When I was younger and got a new piece of technology I would try out every single feature. Now I tend to do the bare minimum I need to have a viable solution and then stop. (grin)

If you don’t care about OTA television then OpenELEC is a breeze to set up. The only issue I see is that there are a number of closed solutions, such as Google’s Chromecast and Amazon’s FireTV that do pretty much the same thing, at least with respect to video, and they cost about as much as a nice meal versus several hundred dollars.

But I like OTA television. Between it and other services I have like Netflix and Amazon Prime Instant Video, I always have something to watch. Plus, OTA HDTV signals aren’t compressed like those from cable and satellite providers, so the quality is excellent.

This experiment to create an open source PVR both emphasizes the good and the bad about free software. I consider myself pretty technically savvy but I had a lot of issues getting this to work. But I also learned a whole lot about four open source communities (OpenELEC, Kodi, Tvheadend and MythTV) and how OTA television actually works. My PVR is not some magical black box but a tool that I can control and manipulate to my benefit.

Technology is key to personal freedom and ceding the understanding of how it works to third parties can be dangerous. I know it sounds silly to sow fear about something as trivial as the ability to record “The Big Bang Theory“, but rarely does societal change happen in a huge way all at once. It is more a series of small things, chipping away at our freedoms over time, and getting this to work just made me feel like, at least in my life, that I was making a difference.

Many thanks to the people behind OpenELEC, Kodi, Tvheadend and their communities for making this possible.

Important Security Issue with OpenNMS

It is said that “given enough eyeballs, all bugs are shallow”, which is true, but the tricky part is finding enough eyeballs, especially useful ones and not the ones in that jar in Blade Runner.

Recently, an end user reported a rather severe security issue with OpenNMS.

The process that serves up the “Categories” section on the front page of the web interface is called RTC (for Real Time Console). The database queries that create the availability numbers on that page can be expensive in terms of resources, so the RTC daemon was created to periodically query the database and then cache the results so that lots of users wouldn’t create an undo load on the system.

We use a tool called Castor to process XML data within OpenNMS. Due to a bug in Castor, if Castor discovers an error when processing an XML file, it can throw an exception that includes the contents of the file.

This is very useful when the files relate to OpenNMS and you are trying to debug them, but you don’t exactly want the contents of /etc/shadow or /etc/passwd displayed indiscriminately. That’s exactly what this exploit allows.

Since the default username and password for the RTC user is “rtc” and exists on every system, a malicious person could use that information to obtain the contents of any file on the system. Note that as far as the OpenNMS application is concerned, the RTC user has very limited permissions, but this is caused by an issue with Castor and it has just
enough permissions to trigger it.

This has been reported as our first ever CVE: CVE-2015-0975

The best fix is to upgrade to OpenNMS 14.0.3. If, however, you are unable to upgrade soon, you can edit the Spring security file to limit requests from RTC to just the localhost, which should mitigate most of the issue. Full instructions and files can be found on the wiki.

To summarize, all versions of OpenNMS prior to 14.0.3 contain a bug where *anyone* with access to the webUI (port 8980 on the OpenNMS server) can retrieve any file that is on the system. While this isn’t the end of the world, it definitely could be considered bad and should be addressed.

Using an XML Parser

You know when the XML nerds say not to use regular expressions to parse XML? They’re right.

As part of a less is more project, we wanted to remove the tags from all of the OpenNMS event files. We spent much of the morning playing with a number of methods to find and replace with empty space those tags, and we failed. We came close a couple of times, but then some weird aspect of formatting (tags that spanned multiple lines, some with spaces and some without, etc.) would foil it.

Then I found out about xmlstarlet. We installed it and ran:

xml ed -L -d "/events/event/alarm-data" [filename]

and it just worked. Pipe that bad boy through find and you are good to go.

While I don’t think the option exists, it would be cool if instead of deleting the tag we could just comment it out, but that doesn’t seem to be currently possible.

Oh Nos! My Wireless Stopped Working!

I just had something a little scary happen, so I thought I’d share it in case anyone else hits this problem.

I’m in Portland for OSCON and suddenly the wireless networking on my laptop stopped working. The wireless status showed as “off” but it wouldn’t turn on. I’m running Linux Mint Debian Edition (LMDE) and no interfaces were showing up.

Now, one thing I like about open source is I always tend to learn something when trying to solve a problem. A quick search on my phone introduced me to the “rfkill” command:

# rfkill list
0: phy0: Wireless LAN
	Soft blocked: no
	Hard blocked: yes

For some reason, the interface was “Hard blocked”. I then figured out what must have happened.

I was trying to bring up a shell to diagnose another issue. On Linux this tends to be ALT+CTL+Fx where the function key chosen is the virtual terminal you want (i.e. F1 for the first one, F2 for the second, etc.). On my normal keyboard, which is an old Apple keyboard, the function keys default to softkeys and you have to hold down the Fn key to actually trigger F1, F2, etc.

This is not the case with my laptop, so when I hit Fn+F2 it turned on “airplane mode”. This was causing the hard block.

I hit it again:

# rfkill list
0: phy0: Wireless LAN
	Soft blocked: yes
	Hard blocked: no
1: hci0: Bluetooth
	Soft blocked: no
	Hard blocked: no

And then turned off the soft block:

orcrist interfaces.d # rfkill unblock 0

And it fixed my issue:

orcrist interfaces.d # rfkill list
0: phy0: Wireless LAN
	Soft blocked: no
	Hard blocked: no
1: hci0: Bluetooth
	Soft blocked: no
	Hard blocked: no

It would have really sucked to be on the road and have some serious software issue to repair with no network access, so I was extremely relieved to figure this out.

2014 Dev Jam – Day 4

First let me interrupt this blog post with a special announcement. A rather onerous security bug was discovered in OpenNMS that would allow any authenticated user to access pretty much any file on the system.

We felt it was bad enough to actually create a fix in the 1.10 branch as well as in the current stable, 1.12, so please consider upgrading at the earliest possibility.

Hat tip to Martin Laercher for reporting it.

Wednesday marked the halfway point in the week, and everyone seems to be in a good groove. With everyone able to work together in person, a lot of nifty things are getting done, including an upgrade to the latest version of Drools Expert.

The integration of OpenNMS with Drools allows for very powerful alarm correlation, and by migrating to Drools 6.0.1 it just got more powerful.

Wednesday also marked the day of the Twins game. For the past two years we’ve taken everyone to the Twins ballpark to watch a major league baseball game. It’s a beatiful place for baseball:

although they usually stuck us in far right field. Also, for the last two games the Twins played the Royals, and lost both times.

This year they put us in far left field:

and the Twins faced the Brewers. Since Milwaukee is close to Minneapolis there were a lot of Brewers fans in the stands, but the home team pulled it out for the win.

We got our name on the big board, too, which was cool, and Jeff was quick enough to catch a picture.

Mail to accounts being blocked

Just a heads up that I found out today that mail from our mail server is being rejected by mail servers.

One of my mail users was sending a message to a friend and it bounced with:

host[] said: 550 SC-001
(SNT0-MC4-F38) Unfortunately, messages from weren’t sent.
Please contact your Internet service provider since part of their network
is on our block list. You can also refer your provider to (in reply to MAIL
FROM command)

So I dutifully contacted our ISP for the mail server, ServerBeach, as well as hotmail. The ServerBeach folks (awesome as always) replied in minutes and said that the IP is not on any other blacklist, so I had to deal directly with hotmail. I got a reply from hotmail that the issue couldn’t be automatically mitigated, so I had to fill out another questionnaire on-line, and I assume I’ll have to wait a couple of days for it to be addressed.

The funny part is that I looked through our logs, and we’ve tried to send exactly five e-mail messages today to hotmail addresses. Two were to the legitimate address that started this whole process, and three were to addresses like:

which appear to be spammers trying to register on our wiki. The wiki replies and requires an additional action in order to register, and I assume it is this mail traffic that is causing the problem. Note that all of our mailing lists are handled by Sourceforge so this only affects mail from the wiki, project members and employees of OpenNMS.

I think it is pretty ironic that the reason my mail server is being blocked by hotmail is that spammers from hotmail are trying to register on our wiki.

Update: Surprise – I got a rather quick reply from hotmail:

My name is Amrita and I work with the Hotmail Deliverability Support Team.

Your IP ( was blocked by Hotmail because Hotmail customers have reported email from this IP as unwanted. I have conducted an investigation into the emails originating from your IP space and have implemented mitigation for your deliverability problem. This process may take 24 – 48 hours to replicate completely throughout our system.

Digger and the Hugo Awards

Okay, no OpenNMS or open source content today, but since most free software geeks also like fantasy and science fiction literature I figure this might be of interest to the three people who read this blog.

One of the highest honors a writer of this genre can receive is a Hugo Award. They are given out every year by the World Science Fiction Society at their annual convention. This year I learned that anyone attending the convention can vote for the Hugo Award winners. I thought it was something like the Academy Awards where only other people in the business could vote. I was wrong. Better yet, I learned that by becoming a supporting member, anyone can vote even without attending the convention.

How great is that?

This is important to me, since a friend of mine, Ursula Vernon, has had her graphic novel series Digger nominated in the “Best Graphic Story” category. I think it would be awesome if someone who lives in Pittsboro, North Carolina, won a Hugo Award. Plus, her work is pretty fantastic on its own. And if Patrick Rothfuss can pimp out his editor, I can pimp out my friend.

Before I lose more readers with another “TL;DR” post, I just want to encourage anyone with a love of science fiction and fantasy to sign up as a supporting member and to vote. It’s US$50, but you get digital copies of most of the nominated work (DRM-free, and no, don’t ask me for a copy). If you bought just the “Best Novel” nominees it would be way more than fifty bucks, and you get exposed to amazing shorter work that rarely finds a market.

I always like to be an informed voter, so I am making a dedicated effort to read all of the nominees. Well, except for “Best Graphic Story” since my mind’s made up on that one. (Well, and Betsy Wollheim for “Best Editor – Long Form” since I trust Patrick’s judgement)

Digger is about a wombat. Wombats are marsupials native to Australia that dig extensive tunnel systems. The story starts out with our heroine digging (as wombats are wont to do) but she gets lost and emerges in a world both like and unlike her own. In an attempt to find her way back home, she enlists the help of a talking statue of the god Ganesh, unintentionally partners with a childlike shadow being (who gets her out of a couple of tight places involving hyenas) and listens to the prophecies of an oracular slug.

Cool huh?

The comics are available online, but I plan to buy the printed volumes. I am rationing them, one a month (I just ordered Volume 2 from Amazon). Check them out and then remember to vote! I also want to point out that the other nominees involve teams of people – Ursula both writes and illustrates her work – so that should be worth some extra consideration.

As far as the other Hugo Award categories, I’m working my way through the “Best Novel” nominees. The one to beat will be George R.R. Martin’s A Dance with Dragons which is the fifth book in the Song of Fire and Ice (Game of Thrones) series. I pre-ordered this and read it the day it came out and I wasn’t disappointed, so while it is a bit cliché it has my vote at the moment.

I just finished Embassytown by China Miéville last night. I enjoyed Kraken, but didn’t like this one as much. It starts off a lot like Stephenson’s Anathem, with a lot of linguistics that don’t make a lot of sense until you just plow through it for fifty pages or so. Unlike Anathem it is much more a book focused on the link between language and thought. Like pizza, when Miéville is good he’s really good and when he’s bad he’s still pretty good, I did enjoy the book and read the second half pretty much in one sitting, but if I am honest with myself I didn’t enjoy it nearly as much as A Dance with Dragons.

Tonight I start Leviathan Wakes by James S. A. Corey. I’ve never read anything by him but perhaps since he has two middle initials he can give Martin a run for the money. (grin)

UPDATE: Leviathan Wakes is awesome. At the moment it is my choice for the Hugo Award. I read it as non-stop as I could.

In part it was due to the writing style. “James S. A. Corey” is the pen name of a pair of authors, one who worked for George R. R. Martin. There is Martin DNA all over this book. It starts off with a rather brutal and shocking scene, but then they don’t return to it for several hundred pages. Every chapter is written from the point of view of one of the two main characters (although in third person) and most end in cliff hangers which makes you want to read the next one.

I ordered Caliban’s War, the second book in the series, halfway through this one.

Although this may make me sound a little like Harlan Ellison who, in his dotage, seems to be claiming to have written every science fiction story, I find myself making comparisons between any modern space opera that involves genetic mutation with Donaldson’s Gap series, Leviathan brings enough uniqueness and style to the genre that I’m certain I’ll devour the series.

OpenNMS and the Leap Second Bug

While this may be pretty old news for most, but I figured I’d post something about it anyway.

At midnight the morning of July 1st, an extra second was added to “official time” in order to keep clock in sync with the Earth’s rotation. This had a negative impact on certain machines, especially Linux machines running Java.

Since most OpenNMS installs are on Linux machines and it is written in Java, this could negatively impact OpenNMS performance.

We had one support ticket opened that was caused by this problem. In this case, OpenNMS was being run as a VM guest and it was the host machine that needed to be rebooted in order to clear the problem. The symptoms involved the CPU being pegged at 100% and OpenNMS never starting.

New OpenNMS Book – in English!

As we start work on the English language OpenNMS book, which is turning into a rather large undertaking, imagine my surprise when I found out that one has already been written.

Yes! Amazingly, you can get an OpenNMS book for about US$0.50 a page containing content scraped from Wikipedia. While I’m not about to drop US$63 to see this for myself, I just wanted to warn everyone that the publishers of this “book” have absolutely no relationship with the OpenNMS Project and I, in no way, have endorsed it.

Betascript is a an imprint of VDM Publishing which is known for repackaging content from Wikipedia, and the latter reports that a Swiss newspaper “described VDM’s practices as controversial and bordering on deception”. This book will consist of the Wikipedia pages for OpenNMS, Network Monitoring, Network Management and FCAPS. Save yourself the money and just click and print them yourself.

At the moment, the only “real” OpenNMS book is in German. This English language book should be avoided. I am working with Amazon to see what our options are for getting it removed.

Somebody's Watchin' You

My news sites are heating up about the discovery of a database created by iOS on iPhones that track everywhere you go. While no malicious intent has been uncovered (the information doesn’t seem to go anywhere), one has to wonder why Apple added it and what the ultimate purpose could be. Also, I’m curious as to why Apple never disclosed this to their users.

Using an application called iPhoneTracker, the data can be extracted and displayed. I’ve been pretty busy, it looks like.

Note: I love that the developers of the app also tell you how to access the data directly, for the truly paranoid.

While I love my iPhone, I am pretty certain that it is the last Apple phone I will own. I just can no longer ignore the privacy issues, and although I am far short of abstaining from carrying a phone altogether, and am becoming much more of a freetard than I’ve been in the past.