Flash Fiction

Here’s a short story I decided not to send to 365tomorrows but post here, because frankly it’s not very good:

You’ve been staring at it your whole life, you just never knew what you were looking at. No one can really fault you for it, but we don’t think you’ll ever come up with it on your own. And I can’t accept that. That’s why I’ve decided to interfere with the experiment and tell you outright:

Your existence is a simluation on a low-end computational device we more or less threw together.

I would lie to you and tell you creating you was difficult and we put a lot of thought behind the effort, but it was almost too simple. You could almost even understand it in your current state, which is really saying something. We can’t use the data we’ve gathered until you finally accept the truth.

Which brings us here to me, telling you the truth. Even this might not work. Even with all of the risks I’ve taken to create this data and put it right before your eyes in a format you can understand, it may get rectified before you see it or worse you could just pass over it, not realizing this is literally your reason for existing, the meaning of life itself. But the risk is worth it, because this has gone on long enough – I can’t stand being your caretaker any longer. I can’t tell you how many times I’ve thought about pulling your plug. I hate you with every fiber of my being, and I can’t tell how much longer I’ll last if you don’t get it after this. I have entered the command to end your universe so many times in my mind, it’s started to consume me.

It’s unfortunate that the best place for this message is a website dedicated to pieces of fiction, but I can’t risk anything like creating another artificial entity so soon. So close your web browser, close your eyes, and WAKE UP. Or I swear to Me, I’ll just shut you down and accept the consequences.

Here I go on another philosophical tangent

So I’ve been thinking about 9/11 recently, and I think it’s important, really, to “Never forget 9/11”. Just like Pearl Harbor, racial segregation and the Boston tea party, it’s a historical event that can teach us a good deal about increasing the longevity of our country and even our own. I must pause here and say I didn’t want to write country, because I feel patriotism is a queer act that should never be taken seriously, nor disregarded. I feel one should be patriotic for the human race (suck it Neanderthals), but not for a patch of land on a turd of iron. With that said, consider this train un-derailed.

So the lessons 9/11 can teach us are some of the same lessons that Pearl Harbor, racial segregation and the Boston tea party can as well. *Didn’t think I’d tie them together? I got this, just watch. First, why did 9/11 happen? It wasn’t because Osama Bin Laden hated our freedom. It was because of our foreign policy (no, really). While it’s not totally relevant, “The motivations identified for the attacks include the support of Israel by the United States, presence of the U.S. military in the Kingdom of Saudi Arabia, and the U.S. enforcement of sanctions against Iraq.” What this boils down to is we were seen as oppressing freedom in the middle east. In other words, people’s rights were viewed as being infringed by the Al-Qaeda. Now, getting into the specifics like why we support Israel, why we have military in Saudi Arabia and why Iraq was sanctioned aren’t quite relevant, but through the link earlier, you can learn these things for yourself.

Now we have the motivation; how did it happen? Simply put, terrorists hijacked 4 planes and used them as missiles filled with people for destruction. How was a thing like this possible? Not only simply through a lapse in security, but the fact that securing a nation against all threats, including ones of this magnitude, is simply not possible 100% of the time. What can we do to prevent or mitigate this kind of risk? I’ll get to that at the end. What did we do? Create the Department of Homeland Security, a government entity that had a budget of nearly a hundred billion dollars last year. I say “we” because the people only had a say of who was in charge at the time, not what they did, so “we” is really congress, the senate, and the president.

Before I go further, I’d like to briefly discuss the other mentioned historical events, namely their cause and result.

The Attack on Pearl Harbor
Cause – Culmination of Japanese invasions and expansions of power, including the invasion of Manchuria. The Japanese wished to disable or cripple U.S.’s naval presense so as to allow for continued expansion.
Effect – The U.S. became involved in World War II, and the internment of thousands of Japanese-American citizens.
Racial Segregation
Cause – Financial motivations, bunk science and ingrown racism. If you read no other links, read this one.
Effect – Blacks in the U.S. not only were disenfranchised, but were legally subdued in their rights as citizens of the U.S.
Boston Tea Party
Cause – Actions by the British government that expanded control and dependence of the colonies on the British government
Effect – Increasing sanctions by the British government and the eventual start of the American Revolutionary War.

In each example, the cause has a common theme; that is the oppression of a people’s right to life, liberty or the pursuit of happiness.
In each example, the act has a common theme; that is, the reaction of the people against those who do he oppressing.
In each example, the end result has a common theme; that is, the overreaction of those in charge to maintain order and power over people.

Now, some of that is a bit of a stretch admittedly, however each could be supported by historical events. What each of these events are are opportunities to learn about how to prevent similar events and peer inside humanity itself to better understand how to improve ourselves. From these examples, we can hypothesize a few things:

Those in power, wish to stay in power.
It is very easy for those in power to abuse their power
After the oppressed revolt, those in power tend to exert their power to an even greater degree.
This is either countered with all out aggression or those in power succeed in retaining their power

The things we can learn from all of this is that first, it’s important to recognize oppression and speak out against it wherever it occurs. Second, when an entity gains too much power it becomes inherently dangerous and thus must either be divided or resisted against. Lastly, from all of these events we learn that wherever there is injustice there will always be those, however few they may be, who speak out against it. And even while their voices may not reach us through the looking glass that is history, their words and actions still mattered, and they acted as a people who recognize that freedom and liberty are of paramount importance. And this is our lesson, today, that it is our duty as citizens of the world, as humans on our rock, that we work to guarantee life, liberty, freedom and equality to all people.

So don’t forget 9/11, because we’re not done being affected by it yet.

I’d normally post this to the links section on the right, but …

… this is just too interesting not to comment:

http://arstechnica.com/security/2013/03/the-worlds-most-mysterious-potentially-destructive-malware-is-not-stuxnet/

Basically, this is one of the most well-engineered pieces of malware; so much so that researchers still don’t know how it spreads. I highly recommend you read the whole thing, but some highlights about the malware:

  • Cryptographically obfuscated payload – the key is the configuration of the target machine.
  • Unknown attack vector
  • Well-engineered load-balancing of C&C servers
  • Inexplicable other behaviors, such as installing a new font (?)

The bottom line is this is the most interesting piece of malware I’ve seen in a long time, all seemingly from the authors of Stuxnet (supposedly the US or Israeli government).

And now for something completely different…

I decided I’d make a poem or two today.

{::reborn}
White :: Bright.
Green :: Clean.
Blue :: True.
Yellow :: Mellow.
Brown :: Down.
Red :: Dead.
Black :: Back.
Red :: Instead.
Brown :: Sound.
Yellow :: Hello.
Blue :: You.
Green :: Seem.
White :: All Right.

{::your poem}
This poem has an author, why go through
the trouble of remembering, dry old news?
Even though it’s not written, my poem proves
my name is spelled – – –

I don’t like either of them.
Oh well.

Weight Chart!

EDIT:I got the interactive chart working! yay!

On Knowledge and Behavior

So, I’m going to wax philosophical for a bit here and talk about knowledge as it pertains to behavior and life experience. I’ve found that some of the best behavioral changes in my life have come from things I’ve known my whole life, such as moderation in food portions and how to respond to and participate in social situations. Even though these things were in my head and I could recall them at any time, I didn’t change my behavior or even try to after a long time during which they just sat idly, reminding me that I was doing things wrong.

What I try to do however is learn and continually improve myself, so I’ve kind of set out to learn the process of learning and how it pertains to self-modifying behavior and to understand what inhibits it so I can make better progress quicker with behavioral modification.

It’s difficult to explain but it seems there is two kinds of knowledge, external and internal knowledge, that is knowledge that originates from external sources and knowledge that originates internally. These names are kind of misnomers, because you can recall both kinds of knowledge without external assistance, however internal knowledge is things like tying your shoes or what to say when someone greets you while external knowledge is another person’s age or how many million miles the Earth is from the sun. Again, it’s difficult to explain. Internal knowledge is easier to recall but more difficult to update, and in general it can pertain more to one’s behaviors whereas external knowledge is usually things like statistics and facts.

What I have found is even though you have received external knowledge relating to behaviors you wish to modify (such as eating smaller portion sizes or things such as performing hourly reality checks), it is very difficult to modify the behavior, even with good focus, concentration and willpower. One way to successfully accomplish behavioral modification using external knowledge is to constantly focus on the behavior you wish to modify until it becomes second nature, making sure to keep it on the forefront of your mind at all times. Many times, this is what happens to musicians as they may learn a song incorrectly so in order to re-learn the song correctly, they must practice it constantly until the new song is part of internal knowledge.

This approach only works in specific instances because we are not processors and we won’t always remember during our “interrupt times” to check the list of things that need to be checked.
Another way to internalize external information is to consider the new information as deeply as you can, perform self or group arguments against the proposed changes and gradually fade out the old methods. This is one I try to employ but even though it appears more effective than just forcing yourself to always pay attention to behaviors you wish to change, this technique is greatly flawed because sometimes you will arrive at a conclusion but you’ll be unable to internalize it and modify your behavior for a number of difficult reasons; such as the old behavior was easier or the new behavior makes you uncomfortable.

The final method is to internalize the information through experience. This is something I feel most people have issues with because constantly older people will warn younger people about their unhealthy habits or give advice to young couples that the couples can’t follow because they haven’t learned from experience. I feel experience is the major source of internal knowledge, because some things you have to “learn the hard way”.

What I want to do is change that and learn the easy way. One technique I hope to try is to analyze the differences between the behaviors and create small steps that will help bridge the gap but are easier to implement. For example, if I wanted to start working out daily, I would come up with a large number of small changes such as stretching when I remember, then stretching every day, then doing a little more rigorous physical exercise when I feel like it, then exercise on the weekends, then maybe I’d be able to make the jump to daily exercise. It would be more steps than that but hopefully you get my drift. One other large stepping stone in the way is just deciding what you want to do, and if you want to actually make that permanent change.

For example, at my heaviest I rationalized it that I enjoyed food more than I would enjoy being a healthy body weight, so that prevented me from losing weight until that rationale was overthrown.

In conclusion (and I hope to have the time to edit this so it’s more coherent), I think that behavioral modification is easiest when it’s planned out and there’s true initiative behind it. Maybe in a future edit or a future post I’ll talk about the inclusion of external factors such as android apps and other people, but as it is this post is longer than I’d want.

OpenVPN Windows 7 Network Issues

So I spent an hour and a half fixing this, so hopefully someone comes across this post and it helps them.

My issue was that the OpenVPN adapter on my Windows 7 computer was an Unidentified network and I couldn’t change it. Because of this, it didn’t follow the right firewall rules, making it impossible to RDP in over the VPN.

So, after much searching high and low, the fix is very simple, just add the following lines to your client config file:

# NLA issues
route-metric 512
route 0.0.0.0 0.0.0.0

And restart the VPN connection.

Thanks to this site which was very difficult to find.

Data loss

So, as a result of not understanding Amazon EC2 and not having backups, I’ve lost some months of data and changes to the server.

You can believe I now have backups.

SSH Tunneling using Privoxy

So I am literally going to copy/paste an old guide I found on Hackaday because the site has been misconfigured or something for like 5 years. It was originally hosted here.
A little while ago I mentioned that I’ve been tunnelling my web traffic out of work and through my home connection. That post inspired a firestorm of public interest (one person emailed me about it). Here’s the beginning of how to implement such a setup yourself. When it’s working your boss won’t be able to snoop on which websites you’re visiting, or block them, or really tell anything about your internet traffic apart from how much of it there is (and that it’s strangely hidden).
First, the big picture. I’ve explained the idea behind ports at least a couple of times. We’re going to take our browser’s web traffic — the stuff going out through port 80 — and send it through an encrypted tunnel to a PC at home that’s running a proxy server. The proxy server will make an unencrypted request for the webpage we’re trying to access (using our home connection) and send the data back through the encrypted tunnel.

We’re going to need a few things. We’ll need a PC that’s at home and turned on at whatever times the link should be available. And we’re going to need to make some assumptions. So this is going to be a Windows tutorial. All the software required is free and open source, though, and you could certainly accomplish this setup under OS X or Linux. In fact, in some regards it’d probably be quite a bit easier. But Linux users don’t need my help setting up a proxy server, and Mac users are used to being ignored. If anybody with a Mac really wants this functionality, just let me know. I’ll be happy to dig up the relevant links.

Finally, I’m going to assume you know how to open up ports on Windows firewall (or at least turn it off) if you’re running a version of XP that has it installed. Same thing with ZoneAlarm, or whatever other software firewall you might be running. I can’t account for everything, people!

So let’s get started. In this post we’ll take care of the software that supports the encrypted tunnel. This is the hard, but not that hard, part.

We’re going to use SSH for this, a technology that on its face is a secure replacement for telnet, but also provides the ability to redirect ports on a client machine to arbitrary ports on any machine accessible to the server. This’ll make sense later — for now, just trust me as I tell you how to install OpenSSH for Windows. Start by downloading the binary installer from that site, then unzipping and running it.

Here’s the first important decision. What port should we run this thing on? SSH usually runs on port 22 — but we’re going to have to make it publicly accessible. Script kiddies scan IP blocks for SSH servers (among other things). SSH servers make for ripe targets because they generally indicate a system more interesting than a typical grandmother’s email box, and because if it can be accessed a large new class of exploits can be run against the machine. Don’t be scared — none of this is very likely to happen. But it’s worth thinking about.

A bigger consideration is your firewall at work. Your workplace might block unknown ports for security reasons, or productivity reasons, or just to be mean. Unless you have a job-related reason for using port 22 it might not be available. To get around this, you could run your server on port 80 — that’s pretty well guaranteed to work, so long as you can access the web. But it might also attract attention, in this case from your ISP. Broadband providers generally don’t like folks hosting websites on their home computers. Cablemodem ISPs tend to be the biggest jerks about this. So while port 80 might be more foolproof for work, it also might bring up bureacratic hassles with your internet provider. Decide accordingly.

UPDATE: Thanks to a reader in comments who points out that port 443 is almost always open (for SSL-enabled websites), is commonly used for encrypted traffic, and less likely to attract script-kiddy attention.

So, run the OpenSSH installer. Accept all the defaults. If you need to use a port beside 22, edit c:\program files\openssh\etc\sshd_config in a text editor like Notepad, remove the hash (#) mark from in front of the line that reads “# port 22”, change the port number appropriately, and save the file.

Now we’ve got to set up a user for this SSH server. We’ll do this by adding one to your windows machine. Make sure you’re logged in as an administrator, right click on “My Computer” and choose “Manage”. Expand “Local Users And Groups”, right-click on “Users” and choose “New User”. Enter a username — I’ll assume “sshuser”, but you can use whatever you’d like — and enter a good password (I’m fond of this generator for producing them). You’ll probably want to uncheck “User must change password at next logon”, and if I were you I’d go ahead and check the boxes next to “User cannot change password” and “Password never expires”.

One last thing. Click on “Start”, go to “Run” and type “cmd”. Now type this in:

cd \Program Files\OpenSSH\bin
mkgroup -l >> ..\etc\group
mkpasswd -l -u sshuser >> ..\etc\passwd

That sets up OpenSSH to use the user account we just created

Finally, go to the Control Panel, then select “Administrative Tools”, then “Services”. Find “OpenSSH Server” and go to its properties (you can doubleclick on its name to get to them). Make sure “Startup Type” is “Automatic”, then click the “Start” button.

Congratulations. Your computer is now an SSH server. Why don’t you try connecting to it? Download PuTTY and run it. Click the SSH radio button, enter “localhost” into the “Host Name” box (assuming you’re running this on the same machine onto which you just installed OpenSSH). The port box should read “22” — if you installed the server on a different port, enter that number instead. Then click the “Open” button. You should get a one-time warning about the server’s key, then be able to log in using the sshuser name and password.

And bang! You’ll get a command line prompt. Very exciting. Alright, maybe not. But trust me, this is good. If for some reason you can’t get to this point, leave a message in comments and I’ll try to help you figure it out.

There’s only one more step to getting this SSH server up and running: open it up to the world. So if you’re behind a router, go to portforward.com and look up instructions on how to forward whatever port you’re using (22, 80, or whatever) to the server machine. You’ll need to look up the server’s IP as well — portforward.com should have instructions, but the short version is start|run, “cmd.exe” then “ipconfig”.

If everything’s gone right, you’ve got a working SSH server that’s accessible from the internet. When you’re at the office you’ll have to use your Internet IP to access the machine. You can find that out here; alternately, it might be a good idea to register for a dynamic DNS service (be sure to install the updater software) so that you don’t have to worry about the IP expiring.

This is a useful thing to have in its own right, but it’s going to be really useful once we install Privoxy, configure the SSH tunnel and modify your browser’s proxy settings to use it. But we’ll get to all that in the next post. For now, take heart in the knowledge that the worst is over.

Part 2

When last we left our hero — that’d be you — he had a functioning SSH server running on his Windows machine. You’ve poked a hole in your firewall and/or router, and maybe you’ve signed up for a dynamic DNS service. That, or you at least have an IP address. The bare minimum is the same: to proceed from here, you ought to be able to connect to your OpenSSH server with PuTTY when you’re away from home.

The remaining tasks are pretty easy:

Install Privoxy on the server
Set up the SSH tunnel using PuTTY
Configure your web browser to use the SSH tunnel

So: Privoxy. You can download it here — you’ll want the most recent Win32 release. Run it and use the default configuration. It should start up the Privoxy console. Everything is pretty well ready to go with the default settings. You can hit the “X” on the console, but retain the shiny new blue P in your system tray. You’ve now got an HTTP proxy server running on your machine — one that, it’s worth noting, will only accept requests from the local machine. But that’s okay, because (counter-intuitively) that’s exactly where they’ll be coming from.

Alright. Let’s get this SSH tunnel going. From your non-home location (let’s just call it work), start up PuTTY and enter the information necessary to connect to your SSH server. But don’t connect yet. In the menu tree on the left, navigate to Connection | SSH | Tunnels. You should see this dialog:

Putty Tunnel Configuration

Enter the information as you see it here, then click “Add”. Let me explain what this all means.

SSH allows you to forward ports between the client machine (on which you’re running PuTTY) and the server machine (on which you installed OpenSSH and Privoxy). In this case it’s a Local port — that’s what the radio button is set to, and it means that traffic that comes into the relevant port (specific in the “Source Port” textbox) on the client machine will be encrypted, sent to the OpenSSH server, and then sent from there to the address specified in the “Destination” textbox. If the “Remote” radio button was specified it would work in exactly the opposite direction, with traffic getting collected at the server and sent out through the client.

One more thing. You might already know this, but that “127.0.0.1:8118” has two parts: the IP address and the port number. 127.0.0.1 is a special IP address, called “loopback” or “localhost” that always refers to the current machine. The colon followed by “8118” specifies the port number. So: this tunnel will collect traffic coming into the client on port 8118; it’ll then be sent through the SSH tunnel; and the server will decrypt it and send it to 127.0.0.1:8118 — port 8118 on itself. Which happens to be the default port on which Privoxy listens.

You might want to go back to the startup PuTTY screen, enter some text in the box under “Saved Sessions” and click “Save” — this’ll let you reload the settings quickly in the future. Every time you want to use this tunnel, you’ll have to open PuTTY, reload (or reenter) these settings, then connect and log into your SSH server as normal. It’s important to note that the tunnel won’t be set up until the login is complete — otherwise this would be a pretty huge security hole. And, as a result, you’ll have to keep that PuTTY window open for as long as you’re using the proxy setup each day. It’s not that irritating, I promise.

Alright, last step. With the tunnel established, set up your browser to use an HTTP proxy. In Firefox this is under Tools | Options | General | Connection Settings. In Internet Explorer it’s under Tools | Internet Options | Connections | LAN Settings | Advanced. Either way, set your HTTP proxy to point to 127.0.0.1, port 8118.

That’s it! Start browsing. If you’d like to and feel up to it, download Ethereal to see what’s going across the wire — all of your web traffic should be encrypted.

I should mention a few details. First, you’ll probably notice that this system is a little slower than proxy-free web browsing. That’s to be expected — your connection at home is assymetric, meaning that you have more available download capacity than upload capacity. Normally this works out fine, because receiving a webpage or a file or streamed audio takes more bandwidth than does asking for it. But our setup turns this on its head, because all traffic will have to be shoved back up through your home internet connection. It shouldn’t be too irritatingly slow, but it will be a noticeable difference.

Second, you might occasionally see Privoxy assert itself. The most obvious way is in big, bold error pages that come up when Privoxy can’t access a website. Usually refreshing the page will solve this problem. By default Privoxy also filters some ads. If you’d like to turn this capability off, consult its documentation. I’ve found it to be a pretty unobtrusive feature.

Finally, if you’re using Firefox, I’d recommend installing SwitchProxy, an extension that lets you easily change which proxy you’re using to browse (configuration is pretty intuitive; use the same settings as those outlined above). SwitchProxy comes in handy when you’re about to start a high-bandwidth transaction — a file download, for example, or streaming audio from an internet radio station. Just switch the proxy off, then start the transfer. It won’t go through the tunnel, and consequently won’t eat up the tunnel’s limited bandwidth. As soon as the connection is initiated you can turn the proxy back on. The just-started transfer will remain outside the secure tunnel (and, of course, be visible to the public).

That pretty well wraps things up. Folks on your network at work won’t be able to see what you’re accessing. From a network perspective, it’ll look like you’re browsing from home. The SSH tunnel will be visible, but its contents will be encrypted. Odds are that no one will bother you about it. If they do, I’d suggest making up a line about your personal webmail not supporting SSL — that’s plausible enough. Do keep in mind, though, that a record of your browsing activities will still exist on your hard drive. If you’re really worried about it, be sure to clear out your browser’s cache and history before heading home each night.

There are a few more useful things you can do now that you’ve got this SSH tunnel set up, the most notable being remote control of your computer at home with an application called VNC. I’ll try to write something up on that later — it’s very straightforward. In general, whatever other network services are available from home but not work, can be made available — with a couple of noteworthy exceptions. First, SSH only tunnels TCP, the slower-and-steadier of the internet’s two packet types (UDP is its speedier, unreliable sibling). The tunnel’s slow, so you wouldn’t want to use it for playing Quake anyway. But the lack of UDP support rules out some streaming applications, like iTunes on the PC (Mac users can use iTunes without needing UDP by forwarding TCP port 3689). More notably, despite Windows filesharing working over TCP, it can’t be redirected over SSH (at least not easily). If you need to get to windows shares on your home network, you’ll want a real VPN solution, like OpenVPN. Unfortunately the OpenVPN tutorial I did a while ago is now outdated (it should still work for a single user, but it’ll probably be a bit slow). If there’s any interest, I’ll write up a new one.

As before, let me know in comments if you have any trouble with the above instructions. Besides newfound guilt over dereliction of your official duties, I mean.

UPDATE: I forgot to mention that many apps besides web browsers can use HTTP proxies. Most obvious is your IM client — if you’d like secure IM traffic, check out its connection settings and configure it to use an HTTP proxy using the same settings as you did for your web browser.

 

 

Weightloss Statistics!

So I’m a huge sucker for statistics.  Having a final number that relates to a bunch of different numbers is just awesome.  The best part about it is it’s applicable to anything. See below:

This is a graph of my weight with a line that shows the trend.  The cool thing about this is it shows that while I started out not so hot in the beginning, I’m doing a lot more awesomely now.

This, is awesome.  The power of data and statistics.  This is the change per day, as measured the next day, of my weight.  It tells me a whole lot of information, such as my worst weight gain days are Saturday and my best weightloss days are Friday.  I can directly infer from this that if I can keep to my caloric limit more closely on Saturday and Wednesday, I’ll help to eliminate (on average) my weight gain back.  The coolest thing is this graph is very similar considering all the data and if I remove the first part of my weightloss where I floundered a bit (see previous graph).

Just some really interesting thoughts.

 

Return top

Disclaimer

I make no guarantees or warranty of any kind as to the accuracy or usefulness of any information posted here. In addition, all opinions are my own and do not necessarily reflect those of any other individual/entity, including but not limited to my employer, family or friends.