Jacques' Brain Drain

This is an outgrowth of a post I was making on Violet Blue’s blog which was too technical and not enough sexual (It’s a sex blog). The topic was firewall piercing.

For an overview of the topic, you might like this Wikipedia article.

I was going to write something back, but while her site is about sex and technology, I think that my response had too much technology, and not enough sex.

This is turning into a mini-howto on basic and advanced firewall piercing. While I do think that this is important for people who are worried about their privacy online, I also think that this discussion needs to happen elsewhere and not clutter up a sex blog with too much tech-talk.

For an SSH tunnel, I was thinking more along the lines of this:
ssh user@example.com -L localhost:8888:127.0.0.1:8888

Then running a tinyproxy instance bound to the localhost (127.0.0.1) address of the ssh server on port 8888. Set your web browser to use 127.0.0.1 port 8888 as your web proxy, and you’re done. Personally, I would recommend combining this with something like FoxyProxy, which would allow you to easily switch Firefox between normal and tunneled communications. This approach gives you a clean tunnel anywhere SSH is sold. (Coffee shops, most airports…)

If you’re dealing with a really draconian set of rules, you could use a listener on some port of the ssh server, and run httptunnel ( http://www.nocrew.org/software/httptunnel.html ) on both ends, and encapsulate the SSH connection in http (web) traffic. This can even be set up to work through a web proxy server.

On the server, this is run as:
hts -F localhost:22 8443

The client side configuration looks like this:
htc -F 8022 ssh_server.example.com:8443

The ssh tunnel is brought up with:
ssh -p 8022 user@127.0.0.1 -L localhost:8888:127.0.0.1:8888

(Note: those are all 1-liners)

For bonus points, put the httptunnel instance on port 80 of the ssh server, so as to make life more difficult for censors. This can be done by replacing the “8443″ port numbers with “80″ in the example above.

For double bonus points, run a recursive DNS resolver on the machine, and replace tinyproxy with Dante. That gives you arbitrary dynamic port forwards on the far end for any application that either (a) supports socks(4/5), or (b) is socksified. Dante can be found at
http://www.inet.no/dante/ , and a windows Socksifier can be found at http://www.freecap.ru/eng/ . Socksifiers are nice for handling windows application that expect a direct connection to the Internet – but are not needed for Firefox, and any other applications that have been compiled to run natively with socks.

For triple bonus points, run openvpn in tcp mode through a httptunnel. Using this option, you can dump ssh and the proxy altogether, and run arbitrary protocols. It does, however, require a bit more work on the destination (server) end.

Edit: Fixed typos in example

When writing and computers come together, you often come to a very strange place. On one hand, any rational person trained in how computers work and how to work with them knows, almost instinctively, that bits are far more ephemeral than words on paper. On the other hand it is equally clear that digital works can, in theory, express a permanence that is unsurpassed in recorded history. The difference depends on your definition of permanence.
It is obvious to nearly everyone that it is far easier to damage a disk drive, for example, in a way that completely prevents data recovery than it is to damage a book or manuscript to the same extent. Manuscripts exist in museums and libraries today which have survived fires, floods, physical damage of various types, being repeatedly dropped, shipped all over the world, and stored for hundreds of years – sometimes in horrible conditions. The important thing to remember is that these texts, after this type of treatment, are still readable. Destroying bits is a simple process. If I fail to pay my hosting bill for a few months, this server will be shut down, and the disks will be overwritten with data from another client. At that point, all but the most extensive recovery efforts would be completely futile.
Read the rest of this entry »

After two days of this experiment, I’m already noticing some changes to my approach. Mainly, I’m shooting on manual far more often than I had been previously. I find that when I’m not focusing on the subject of the photograph, I am more free to focus on the process. When I can concentrate on the lighting, the timing, the aperture and many other aspects of the picture – rather than focusing more directly on the object of the picture, I have an opportunity to improve my craft. Having a good subject for a picture is only part of the process – the craft aspects are important too – and this has helped so far.

Note: Yes – the pictures are online. No, they aren’t in my Picasa photo albums.

Starting today, I’m planning a bit of an experiment. Since I haven’t made my photography a priority in recent years for a number of reasons, I’m trying something that’s eerily similar to NaNoWriMo — that is, I’m trying something that has a focus on quantity rather than quality. For the next 24 days, I’m planning to shoot and post at least 24 frames a day. They won’t be good pictures – that’s not the purpose of this exercise. Instead, it’s an exercise in mindfulness – to change the approach to this art from a position of scarcity to a position of abundance. What will be interesting is to see what the results are.

The pictures from Donna’s wedding are up on my photo page. Slideshow is below the fold.
Read the rest of this entry »