Writings

Remembering the Line Ride

- For Fun - 3 Comments

I spent the holidays at Disneyland this year with my girlfriend and my family. We stood in numerous lines for hours on end during the busiest week of the year, waiting to see Disney’s take on classic rides such as the Haunted Mansion and Small World.

Their take was fantastic, but this post is not about that.

Standing in line for the Haunted Mansion, listening to people murmur about how agonizing the lines were, it dawned on me that not everybody understood nor appreciated the true origins of these amazing amusement parks. My sister certainly didn’t know, and neither did my girlfriend.

You may not either, so allow me to share a bit of history.

Back to the middle ages

Much of what we’ve come to enjoy in amusement parks originated from fairs in the Middle Ages [1]. The food, the shows. They were further inspired over time by other events and inventions throughout the centuries that followed. One of the innovations in amusement technology that really sparked the modern era of amusement park rides was a classic mechanical ride, the steam-powered carousel, built by Thomas Bradshaw at the Alysham Fair in 1861 [2].

The problem with technological innovations is that they overshadow the simpler pleasures that came before them.

The Line Ride

Long before the carousel, in 1733, people enjoyed a simpler tradition. The humble fairgrounds in those days were unlike the marvels we have today, but were still full of events for children and adults of all ages.

One of the most beloved traditions in those days was known as the Rope Line Ride, or the Line Ride for short. Long lines of rope, attached to tall stakes in the ground, would be laid out in all sorts of patterns, forming paths for the kids to traverse. Common patterns included the spiral, the back-and-forth, and the weave.

Participating in the Line Ride was simple. A person would start at one end, following the line, seeing where it took them (by a garden, perhaps, or a wall of funny drawings), eventually coming out on the other side.

Remember, these were the days when Kick the Can and Hoop Rolling were the rage. The Line Ride was so popular that it was often nearly full of people, but this gave them time to socialize and join together in the admiration of their surroundings.

Evolution of the Line Ride

Times change, as they often do. While once a fun and common attraction, the younger generations began to grow weary of the Line Ride. In 1861, Thomas Bradshaw, the aforementioned inventor of the steam-powered carousel, forever changed the Line Ride by making it a means to an end. He put the carousel at the very end of the Alysham Fair Line Ride.

Now, instead of simply enjoying the Line Ride for what it was, people were passing through it, with great impatience, just to get to the all-new steam-powered carousel.

A new tradition was born. The Line Ride no longer became an attraction itself, but rather simply the Line, a way to control the flow of people leading up to an attraction. This was seen as a very controversial change in its day — after-all, the Line Ride was a tradition going back over a hundred years — and with it came a distrust of the newer attractions by the older generations. Of course, time passed, and the Line became the norm.

The spirit carries on

While often forgotten as an attraction, the Line Ride’s spirit remains today in our terminology and our parks. We’re all familiar with celebrities walking down the rope line, or hearing about people “working the rope line.”

And, of course, the long, grueling lines leading up to the popular attractions at amusement parks and carnivals around the world.

Remembering the Line Ride Read More »

Breaking back into your network with the Synology Web UI

- Security and Privacy, Today I Learned, Writings - 5 Comments

Have you ever left town, or even just took a trip to the coffee shop, only to find that you’re locked out of your home network? Maybe you needed a file that you forgot to put in Dropbox, or felt paranoid and wanted to check on your security cameras, or you just wanted to stream music. I have…

The end of a long drive

Last night, I arrived at my hotel after a 4 hour drive only to find my VPN wasn’t working. I always VPN in to home, so that I can access my file server, my VMs, security cameras, what have you. I didn’t understand.. I was sure I had things set up right. You see, I recently had my Xfinity router replaced, and had to set it up to talk to my Asus N66U, but I was absolutely sure it was working. Almost sure. Well, I thought it was working…

So I tried SSHing in. No dice. Hmm.. Any web server ports I exposed? Guess not. Maybe port forwarding was messed up somewhere?

Ah HA! I could reach my wonderful Synology NAS’s web UI. If you haven’t used this thing, it’s like a full-on desktop environment with apps. It’s amazing. Only thing it’s really missing is a web browser for accessing the home network (get on this, guys!). After spending some time thinking about it, I devised a solution to get me back into my home network, with full VPN access (though, see the end of the story for what happened there).

Christian’s step-by-step guide to breaking in with Synology

No more stories for now.

To get started, I’m assuming you have three things:

  1. Remote access (with admin rights) to your Synology NAS’s web console.
  2. A Linux server somewhere both sides can log into remotely (other than your local machine, as I’m assuming yours isn’t publicly connected to the network).
  3. A local Linux or Mac with a web browser and ssh. You can make this work on Windows with Putty as well, but I’m not going into details on that. Just figure out SSH tunneling and replace step 7 below.

All set? Here’s what you do.

  1. Log into your NAS and go to Package Center. Click Settings -> Package Sources and add:
  2. Name: MissileHugger
    Location: http://packages.missilehugger.com/
  3. Install the “Web Console” package and run it from the start menu.
  4. Web Console doesn’t support interactive sessions with commands, so you’ll need to have some SSH key set up on your linux server’s authorized_keys, and have that key available to you. There’s also no multi-line paste, so you’ll need to copy this key through Web Console line-by-line:

    Locally:

    $ cat ~/.ssh/id_dsa

    On Web Console:

    $ echo "-----BEGIN DSA PRIVATE KEY-----" > id_dsa
$ echo "<first line of private key>" >> id_dsa
$ echo "<second line of private key>" >> id_dsa
$ ...
$ echo "-----END DSA PRIVATE KEY-----" >> id_dsa
$ chmod 600 id_dsa
  5. Establish a reverse tunnel to your Linux box, pointing to the web server you’re trying to reach (we’ll say 192.168.1.1 for your router).

    Remember that Web Console doesn’t support interactive sessions, or pseudo-terminal allocation, so we’ll need to tweak some stuff when calling ssh:

    $ ssh -o 'StrictHostKeyChecking no' -t -t -i id_dsa \
      -R 19980:192.168.1.1:80 youruser@yourlinuxserver

    The ‘StrictHostKeyChecking no’ is to get around not having any way to verify a host key from Web Console, and the two -t parameters (yes, two) forces TTY allocation regardless of the shell.

  6. If all went well, your Linux server should locally have a port 19980 that reaches your web server. Verify this by logging in and typing: 
    $ lynx http://localhost:19980
  7. On your local machine, set up a tunnel to connect port 19980 on your machine to port 19980 on your Linux server. 
    $ ssh -L 19980:yourlinuxserver:19980 youruser@yourlinuxserver
  8. You should now be able to reach your router. Try it! Open your favorite browser and go to http://localhost:19980
  9. Clean up. Delete your id_dsa you painfully hand-copied over, if you no longer need it, and kill your SSH sessions.

Epilogue

While this worked great, and I was able to get back in and see my router configuration, I wasn’t able to spot any problems.

That’s when I realized my Mac’s VPN configuration was hard-coding my old IP address and not the domain for my home network. Oops 🙁

Hope this helps someone!

Breaking back into your network with the Synology Web UI Read More »

I Invented Port Knocking

- Projects, Security and Privacy, Writings - 15 Comments

Let me tell you about something that’s been bothering me for a while.

I invented Port Knocking. No, really. In 2002.

According to portknocking.org, it was invented by Martin Krzywinski in 2003. I’m not here to debate that he didn’t come up with the idea separately, and choose the same names (it’s a pretty good name for the technology). But I do want to make it clear, for the record.

Wait, hold on, what’s Port Knocking?

Oh, got ahead of myself there.

Port Knocking is a security method where you can cloak a network completely (close all ports or put them in stealth mode) and yet still allow access from any computer in the world, by way of a sequence of “knocks” on a predefined list of ports.

The server can specify a list of ports (say, 53, 91, 2005, 2131, 7) and monitor to see if there are attempts to open them. If an outside computer accesses each of these ports in sequence, without hitting any other ports, and within a time period, the server can open a select set of ports (separate from the knock list) to that IP address only.

In my original designs, before opening the ports after a successful knock sequence, an authentication port would be opened at a predefined port, which the client would have to access, exchanging credentials, before the ports would be open.

And why the controversy?

First, some history.

In mid-2002, I was 18 and interested in security, amongst other things. Along with writing code for Pidgin (then Gaim), and a couple other projects, I was fooling around with firewalls and such.

I had this idea one morning while in the shower to add another layer of security. I really wanted to be able to completely close off my network, but still access it when out of town. I can’t tell you how it came into my head. Just a moment of inspiration. I wasn’t even really looking for another project, just brainstorming, but I liked the idea too much. I started writing code and made it work.

It was a while before I discussed it publicly on my old blog on Advogato. There are many posts, but I’ll highlight a couple here, where I introduce what I was working on:

The blog is full of lots of old teenage angst, so ignore most of it, but I spend the next few weeks going over my progress, answering questions from people who are asking for more information, etc. I was very open about it.

At one point a couple months later, I realized this was stupid. I had a good idea. I should patent it. I took it down for a while. This was after I had already put up the sourcecode, though, and many people had it.

Now, in retrospect, I should have made this into a full-on open source project and gained the recognition myself, continued development. But I was too busy with other things and didn’t really want another major product on my hands. I remember at one point I thought, “maybe I can sell this to a security company, or patent it!”

And since then…

One day, I opened a magazine and saw “port knocking” on the cover. My heart skipped a beat. Somebody wrote an article on my port knocking! I opened the magazine and read through it. “Invented by… Michael Krzywinski? What?!” I re-read to make sure. It was all my terminology, my methods. I was floored.

By that point, he made a name for himself as the inventor. And again, I’m not trying to discredit him, because he very well may have come up with the same thing separately. But it stung, because I had a great idea, a year before he wrote a paper on it, and I didn’t promote it the way he did.

Lesson learned

This is one of those life lessons. You always regret what happened, but you use it to make better decisions in the future. These days, I’m happy working on some awesome products. My day job at VMware and my highly successful code review software, Review Board (for which we’ve recently started a company).

Now, if I have a good idea, I make sure it’s heard, and demonstrated, far and wide. Truly great ideas don’t really come that often, so when you have one, make sure you do something with it, or you may end up regretting it for years to come.

I Invented Port Knocking Read More »

Sentience discovered in the Linux kernel

- Open Source - 19 Comments

Ladies and gentlemen, after much experimentation, I have made a remarkable discovery. Perhaps the very first case of a sentient AI has been discovered, sitting right under our noses, in the Linux Kernel. With such a complicated codebase that has evolved greatly over the years, there are certainly more surprising places for it to spring up, but it’s still quite unexpected.

And where, specifically, has this sentience manifested itself? The suspend/resume code.

See now, like many of you, I’ve dealt with the instabilities of suspend/resume. I’ve considered it to just be buggy, unreliable, and possibly incompatible with my hardware. That is, until I realized that there’s a pattern. One that began to make a sort of sense.

A couple months back, I gave suspend/resume another shot, and to my surprise it worked. I figured that Ubuntu 10.04 finally fixed it, but it still wasn’t perfect. I still noticed problems.

The first thing I noticed was that when I unsuspended at work, I couldn’t use my volume keys. Everything else was fine, but my laptop’s volume keys didn’t register as a key press on anything. If I suspended again and brought it back home, the keys would work fine. If I suspended at home and resumed at home, I wouldn’t have the volume key problem. Weird, but just buggy, right?

It was a couple weekends ago when I suspended my laptop to take it somewhere. It wouldn’t suspend at all. Just hard-locked. This continued until the week, when it worked again. Last weekend? Same problem, couldn’t suspend. Monday, it worked fine.

It was then that I realized suspend/resume was breaking deliberately! See, my laptop feels more comfortable at home, less so at work but it tolerates it (with some complaining), but absolutely doesn’t want to leave during the weekend. It’s like a cat that just wants to be in a familiar environment, selfishly vying for your attention through mischievous acts. Look at it hard enough and the pattern emerges. It’s undeniable.

That got me thinking. What other possible instances of AI have we been misconstruing as bugs or random glitches? All those inter-connected street lights that occasionally shut off as you walk underneath them? Maybe they’re just shy, or they hate you. Maybe NES cartridges just found being blown stimulating.

So remember guys. Windows suspend/resume may work just fine. Mac too. But Linux’s suspend/resume isn’t a buggy pile of crap. It’s an intelligent buggy pile of crap, that just wants to be loved.

Sentience discovered in the Linux kernel Read More »

Racism, Sexism, and now Prop 8

- Writings - 26 Comments

I found out this evening, to my dismay, that my site was littered with “Yes On Prop 8” banners. Now, for those who live outside California and haven’t been following this, Prop 8 is a measure designed to introduce an amendment to the California constitution to ban gay marriage, basically ensuring that certain people would never have the same rights as others in this state.

Now I normally try to stay away from politics on my blog, but I want to talk about two points.

First, I don’t mind banners on my site that are designed to sell a product. People generally understand that an ad for an online web service or a product of some sort is not necessarily endorsed by the site it’s running on. Ads are everywhere and most people generally get that it’s provided by an ad service, and just ignore them.

What bothered me about the Yes On Prop 8 ads is that it felt as if I’m endorsing Prop 8. Somehow, it feels wrong to me. I’m not morally outraged about Sun Microsystems wanting to sell a server system or Microsoft wanting to sell an office suite. I am outraged about Prop 8. Products are fine to advertise on my site. Controversial freedom-limiting propositions I’m completely against are not.

I look back in our history and see that by and large, our generation is regretful of how we’ve mistreated people in the past. Shooting Native Americans used to be fine. Stripping away their rights and making them unequal was socially accepted. It was completely understood that if you’re black, you’re property. If you’re a women, you had no rights to vote and your opinion didn’t matter.

I like to think we’ve come a long way from that. People pride themselves on how we’re more mature now. Black, white, red, men, women. It doesn’t matter. This is the land of the free, the land of equality. So why is it that it’s still okay to discriminate against someone because their love of someone makes you feel uncomfortable?

It’s okay to not feel comfortable with gay marriage. A lot of people don’t. But do you feel more comfortable being part of a group of people that knowingly discriminated against another group, stripped them of certain rights that you yourself enjoy, simply because something you don’t have to deal with on a daily basis makes you feel uncomfortable to think about? Are you going to be okay with the thought of your grandkids or your great-grandkids feeling embarrassed because of how you voted, like how you feel about your great-grandparents’ racism? How much is preventing marriage for two people who love each other, in order to feel less uncomfortable, worth to you?

The Yes On Prop 8 advertisements often show the clip with the mayor of San Francisco saying “It’s going to happen, whether you like it or not!” It’s a good strategic clip for them to have chosen, as it can be interpreted as him saying “you have no say, we’re forcing gay marriage on all of you.”

I see it another way. I see gay marriage being inevitable not as an attack, but as the inevitable rise in tolerance that, over time, we’ve come to develop in this country. As a country, we don’t have the best track record of tolerance to new things, but we always mature in the end. This is not the last time we’ll face such mass intolerance and the limiting of rights of a group of people, just as this will not be the first time that we as a people will overcome our fears and begin to see us all as being equal.

So this is important. It’s not just about your level of comfort with those who live a different lifestyle. It’s about equality. It’s about overcoming personal fears. It’s about making an effort to keep this country on a path of freedom. Because if we start going back to our old ways of discrimination and fear, all we’re doing is regressing and limiting the rights of others out of some fear of the world spiraling into chaos. We’ve worked to abolish racism. We’ve worked to abolish sexism. The world is still here. We can do this again.

Vote no on Prop 8.

Racism, Sexism, and now Prop 8 Read More »

Random friend seeking on Google Talk?

- Social Networking - 11 Comments

Has anybody else noticed this?

Over the past several months, I’ve had a few people add me to their Google Talk account, claiming they want to make friends. The conversations start simple enough, asking basic “getting to know you” questions. Nothing seems too prying, and it certainly doesn’t seem like a bot. However, in each case, something doesn’t fully seem to add up, or maybe I’m just being paranoid. Either the person doesn’t remember how they found my address, or they claim they were just trying random addresses. Some people are from India, some from the US. However, they never seem to be able to find a picture when requested. They look and look but never manage to find one, and then suddenly have to go.

I’ve IM’d with a couple of them for a few days, a week, just to see if they were going to ask any questions indicating they were looking for specific information, but they haven’t really.

I’d feel bad if these were actually real people just “looking for a friend,” as they’ve said, but the fact that nobody can seem to give me a good reason for how they got my info concerns me, as does the behavior about a picture. Have other people seen this? Is it some new kind of weird spam/info gathering attempt? Or what?

Random friend seeking on Google Talk? Read More »

5 ways to make Twitter work for you

- Social Networking - 5 Comments

I’m a big fan of Twitter, the social presence site that’s been getting a lot of buzz lately. It’s an idea that was almost too easy. Provide a way for people to say what they’re doing right now. Allow other people to see it, in a semi-controlled manner. It’s kind of like away/available messages on MSN, AIM, Google Talk, etc., but separated from the actual IM accounts and put in a central place.

Now, Twitter as a lazy form of blogging seems silly to many people who just don’t want to share what they’re doing every minute with the world. Fortunately, Twitter’s power is in its simplicity, and it can be useful in other ways. Here’s five ways you can make Twitter work for you.

  1. Status reports

    Like many people, I’m supposed to submit a weekly status report to my manager describing what I’ve done in the week. I typically start writing it up on the day it’s due, trying hard to remember everything I’ve done. Sometimes I’m good and actually write these down as I go along, but then I spend too much time organizing it on paper, when I should be doing that when I prepare the actual status report.

    Alternatively, I could use Twitter to record things as I do them, and then look over my archive or at an RSS feed of my activity when I begin to prepare the status report. Entering data into Twitter is quick and easy, and it gives you enough room for a short description while at the same time limiting what you need to say. So in the end, you have a nice summary of your week.

    Depending on how public you want it, you could even inform other co-workers of your Twitter account, making it easier for people to know who’s working on what. Not long ago I posted a Twitter update about something I was doing and a co-worker immediately came in and asked about it. Pretty useful.

  2. Keep organized at conferences or events

    When at conferences or some sort of large gathering, it’s easy for people to get out of sync with each other. Dinner appointments may be missed, people may end up in different talks, or whatever. The solution I’ve been personally using in the past is to try to catch everybody on IRC or IM, or just call/text message the people involved. However, this can be a pain and can involve a lot of micro-management.

    Instead, get people to create Twitter accounts and add each other as friends. Set up SMS notification and communicate through Twitter posts. You can send a quick “This conference is ending in 10 minutes, so let’s meet at McDonalds for lunch at 2:30” post to inform everybody of the current plans. You don’t even need access to a computer, as you can send updates via SMS as well. For most phone services, sending this one SMS is going to be cheaper and easier than sending SMS messages to multiple people, so there’s a net win here.

    You can apply this to parties or to school as well.

  3. “Note to self…”

    How often have you thought of something you need to do or something to remember for later, or even a neat piece of info that you know you’re going to forget? I’d say a lot of us aren’t organized enough to have a central place for these notes. I typically use post-its, but those become disorganized quickly, and by the time I think about it later, I’ve lost the note.

    Give Twitter a try for anything of the “Note to self” variety. You can refer back to these notes later in your RSS reader or your Twitter archive page.

  4. News updates and release announcements

    Many projects maintain a news update or release announcements listserv or RSS feed, but Twitter is a pretty good alternative as well. Many people check their Twitter page throughout the day or are in some way notified (via a program or SMS message) when someone posts to Twitter. Take advantage of this by creating an account for your project and posting whenever there’s a new release. It might get to your users faster.

    A couple examples of projects making use of Twitter in this regard include WordPress and 30Boxes.

  5. Record your travels

    I often take a lot of pictures when travelling, but forget exactly what I did on what day. Makes it harder to write about it later or associate meanings to the pictures when I finally go to upload them.

    Given Twitter’s ability to post via SMS, it’s easy to make brief notes about your trip as you go. Others can see how your trip is progressing, and you can use those notes later to document your trip better.

For those who know me and use Twitter, feel free to look me up or add me. I’ll be posting a few other tricks I’m experimenting with in a future post, such as how to tag your Twitter posts and separate them into multiple RSS feeds.

Other interesting Twitter reads:

  • Twitter Lingo – Controlling Twitter through SMS
  • Twitterholic – List of the top 100 users of Twitter in order of number of followers
  • RSS2Twitter – Auto-converts RSS feeds to Twitter posts
  • Twitter Tools – Several tools, clients, mashups, and plugins for working with Twitter

5 ways to make Twitter work for you Read More »

Watching you watching me watching you

- Security and Privacy - 9 Comments

We live in a new, very public age. While most of us didn’t quite grow up with the Internet, it’s been a major part of our lives. To these new generations of kids, a world without the Internet belongs only in the history books. It’s made the world closer and more open in many ways. This comes at a price of course.

Ever since the book “1984” was published, many people have been strongly concerned about their privacy and keeping “Big Brother” from knowing every detail of their lives. “Big Brother” is typically thought of as being the government, but that’s not necessarily true these days. While it’s quite possible that our lives are being monitored more closely by government agencies, “Big Brother” is really closer to you than you think. It could be your friend, your parents, somebody across the world. And is this really a bad thing?

We put out so much personal information these days, often times without really thinking about it. A lot of us seem to have a need to share our lives with the world.

Blog posts about the recent developments in your life or in that of someone close to you. Pictures uploaded to Flickr, complete with timestamps and information showing exactly where the picture was taken. Discussions on a public forum. Presence information on IM accounts showing when you’re at your computer, your mobile phone, how long you’ve been idle, and what your current away state is. Twitter updates saying what you’re doing right now and what you have been doing over the past several days. Complete social relations maps showing who you know and how. Online videos showing you and your family at a gathering. Nearly all of this indexed and easily searched by anybody anywhere in the world at any time.

There’s all kinds of information about us out there, and a lot of people are watching, probably more than you’d suspect. Some guy 500 miles away may know you better than your neighbor does. Now, this is all information we choose to put out there. You’d don’t have to have a blog, or use IM, or put your pictures up somewhere, but you probably do, and your kids most certainly will.

Is this bad? I don’t think most people involved see it as a negative thing, and hopefully most are aware of how much personal information they’re leaking. People usually just consider it as a normal part of being in a wider net community. Posters on LiveJournal or Planet GNOME know they’re not only talking to specific communities but to the world. It brings people from all over closer together. Friendships develop, ideas are born, knowledge is spread. These are all good things. On the flip side, some people you’d rather avoid are going to pay close attention to you. You may never know and you may never be impacted, or you may end up needing a restraining order. It’s all part of being in a community, right?

If we’ve come to accept this, should we really be worrying so much anymore about “Big Brother?” Afterall, aren’t we all playing that part to some degree? Do you think a government is really more of a personal threat to you than some random guy that reads your blog and watches your Flickr gallery, or is it really a higher authority that you should worry about? In the end, is this more of a benefit to people, bringing us all just a bit closer together, or a danger?

Discuss.

Watching you watching me watching you Read More »

Re: Subverting Subversion

- Source Code Management, Today I Learned - Leave a Comment

I used to use the same trick Rodney Dawes describes in Subverting Subversion. Yes, it was very annoying to have to set everything from a file every time, or from stdin.

Ah, but there’s a better way, and people new to SVN seem to somehow miss this valuable command.

$ svn propedit svn:ignore

Up comes your editor, just as if you opened .cvsignore. You can now safely nuke your .cvsignore files. This is a useful command, so write it down until it’s burned into your brain.

Re: Subverting Subversion Read More »

Scroll to Top