Wednesday, April 28, 2010
HTTPS-Tunnel
The place I dwell for ~10 hours a day 5 days a week has a strict firewall (includes blocking DNS requests) and HTTP(S) proxy server , hence all freedom accessing home machine is foregone. I tried immediately httptunnel, but encountered some problems with corporate HTTP proxy (which is squid, by the way), although the simulated environment worked flawlessly. Having spent several days with inconvenient home tweaking with following workplace verifications which elicited no resoltiion, I nearly succumbed to some custom designed tunnelling code, but the day was saved with an insight from a work colleague (actually his younger brother).
I never knew about this capability of sshd which once again proves to be the most vital and indispensable tool in networking utensils stash (sharing its crown space with tcpdump). The picture depicts the network layout:
Preconditions:
1) ISP must not block 443 port (which is usually the case)
2) Corporate HTTP Proxy must allow HTTPS connections to port 443 (which is also quite commonly permitted)
3) NAT router must allow DNAT/port forwarding (most SOHO routers possess this capability)
Elements configurations:
#ssh -p 443 -D:1080 user@ssh-server
This would trigger creating ssh stream to external host ssh-server (DNS resolution is done by Corporate Proxy) through HTTPS (corkscrew does this part with HTTPS CONNECT) and opening private SOCKS5 proxy server for ingress connections. At this stage all clients which support SOCKS5 server can connect unobstructed to the internet, but with one constraint - they must support DNS resolution via SOCKS (which is disabled in Firefox by default and caused me some minutes of cursing while observing blank tcpdump port 1080 and deaf DNS queries via default IP route, pondering about stupidity of Firefox developers). The stupid one was eventually me of course:
Beware that Firefox restart is required!
Opera does not support SOCKS5 proxy per ser, but solution exists with another SOCKS-ing (which I don't actually need, so will omit verbosity for now).
Eventually, to make the whole process automatic and avoid ssh connection interactivity hassles (one cannot put stdin-ing application into background), I could not think of anything more simple than using screen (not the display):
1) Create public key for SSH-SOCKS5-Server with empty passphrase
2) Copy public key to the SSH-Server login user authorized_keys
3) write a small script to loop the ssh connection to the SSH-Server
4) Have a script executed with screen:
/usr/bin/screen -d -m -S proxy1080.screen proxy1080.sh
I have it in the /etc/init.d start/stop script to be executed automatically at reboot.
I never knew about this capability of sshd which once again proves to be the most vital and indispensable tool in networking utensils stash (sharing its crown space with tcpdump). The picture depicts the network layout:
1) ISP must not block 443 port (which is usually the case)
2) Corporate HTTP Proxy must allow HTTPS connections to port 443 (which is also quite commonly permitted)
3) NAT router must allow DNAT/port forwarding (most SOHO routers possess this capability)
Elements configurations:
SSH-Server:
/etc/etc/sshd_config:
Port 22 # this is to access ssh via default port
Port 443 # this is for https-tunelling
SSH-SOCKS5-Server:
The HTTPS-encapsultating software corkscrew must be installed~/.ssh/config:
Host ssh-server
ProxyCommand /usr/local/bin/corkscrew $http_proxy $http_port %h %p
#ssh -p 443 -D:1080 user@ssh-server
This would trigger creating ssh stream to external host ssh-server (DNS resolution is done by Corporate Proxy) through HTTPS (corkscrew does this part with HTTPS CONNECT) and opening private SOCKS5 proxy server for ingress connections. At this stage all clients which support SOCKS5 server can connect unobstructed to the internet, but with one constraint - they must support DNS resolution via SOCKS (which is disabled in Firefox by default and caused me some minutes of cursing while observing blank tcpdump port 1080 and deaf DNS queries via default IP route, pondering about stupidity of Firefox developers). The stupid one was eventually me of course:
Firefox:
url: about:config
network.proxy.socks_remote_dns user set boolean trueBeware that Firefox restart is required!
Opera does not support SOCKS5 proxy per ser, but solution exists with another SOCKS-ing (which I don't actually need, so will omit verbosity for now).
Eventually, to make the whole process automatic and avoid ssh connection interactivity hassles (one cannot put stdin-ing application into background), I could not think of anything more simple than using screen (not the display):
1) Create public key for SSH-SOCKS5-Server with empty passphrase
2) Copy public key to the SSH-Server login user authorized_keys
3) write a small script to loop the ssh connection to the SSH-Server
4) Have a script executed with screen:
/usr/bin/screen -d -m -S proxy1080.screen proxy1080.sh
I have it in the /etc/init.d start/stop script to be executed automatically at reboot.
Monday, April 26, 2010
Articulation
Even worse, I observe the similar idiosyncrasy with the Russian too, though it appears at much later stage of the prolonged continuous verbal usage. The distinction is that subliminal command of the native language pronounciation is virtually impossible to fracture, so deep it is inbread that the brain manages to perserve its sound pattern. Unfortunately it is not same case with articulation which steadily degrades and given enough time becomes a conversation barrier.
The remedy is quite trivial. Pump it up with excersizes. It may not cure this flaw completely, but will shift the fatigue barrier much furher beyond the original "time to noise" ratio. And then apply Pareto rule for the conversations: 80% of thoughts should be expressed in 20% of time. The rest is just a babble.
Thursday, April 08, 2010
IH: Android TV
The following may sound as a prejudiced rant, so the foreword warning sign implicitly blinks right now...
To the right there is a picture of the TV Set with a small integrated generic PC. I emphasize that it's not an embedded controller, which is effectively also PC platform nowadays, but the generic PC.
This TV set runs Android and smells more of a hype than the real attraction.
The first point has architectural reasons that values a higher priority personally for myself. The modularity of logically independant and replacable components is the key in complex structures and systems. It pertains not only to the ephemeral software world where I constantly dwell and which taught me this lesson numerous times with harsh consequences and brilliant insights. Majority of technological industries dealing with multitude of heterogenous objects reveal the same outcome in their designs and architectures. The hardware area, being more precise, consumer electronics, being even more precise, home consumer electronics also complies to this law, although to a less scale.
The second point is price for the value ratio. What applications can this platform run in 2 years? The new and upgraded existing services will require more and more performant platform to execute them and the life span of existing hardware components manifest this trend more than evidently with piles of obsolete gadgets and boards acumulated in every house. Aging tape, CD, DVD recorders and players, PDA-s, generic desktops and laptops. Especially old computers, the first victims of gaping pace of the computational power hunger. The only stubborn survivor of this hecatomb is TV-set due to its unique functional disposition: visual representation of the information from different modules, let it be VHS tape recorder, DVD player, computer, TV signal. The last functionality was originally the major core feature which rapidly dimishes at present with ubiquitous digital sattelite, cable and iptv recievers.
When I was young and stupid (traditional self-rectifying intrdocution to the further ego-boosting paraphrase), I was seduced by that time profound technical arguments of the TV+VHS recorder Monoblock - sinlge power unit and no wires. The VHS unit obviously got obsolete quite quickly and manifests itself as an overpriced useless non-detachable lump of plastic on top of the TV bulk. The TV-set as an image device still performs its tasks obediently and this only confirms my opinion and unintelligent choice at that past time.
The idea to integrate the generic PC into everthing is not justified and only spices up the price of the device. I have a clear distinction between embedding and integration. Embedded platform is something of the real value to the hardware unit. Examples are "Intelligent Refrigerator", "Intelligent Washing Machine", more down to earth "Firewall/Router". Integration is undividable coupling of logically independant units into the single unit creating a "blackbox". With integration come the limitations which are unavoidable due to constraints imposed by the development and research efforts. The super modular TV-set where you can replace in the future the CPU or upgrade the memory sounds too expensive. When one module of the blackbox expires and its functionality deprecates, the price/value ratio promptly jumps up.
There is only one strong opposing argument to modular designs. It is usability. I refrain from denying that in consumer electronis this is important and sometimes the paramount requirement. But for web browsing I'll prefer to use Mouse+Keyboard on Laptop connected to the TV-Display, for media viewing including TV channels my choice is MediaServer tuned for the high-rate gpu intensive graphics connected probably to multiple TV-Displays via HDMI switch, for Telemetry monitoring (like temperature, alarm sensors and powermetering) I choose embedded platform, for data storage I vote for the NAS and so on. This approach does have its own drawbacks and disadvantages, but it grants me design diversity, interoperability and architectural coherence.
P.S. In order to dispell the haze of condescending snobbing of the previous rant, I'll mention the device I find the real value in the future Home Automation network. It may not look obvious, but the fact that it is designed for the clear purpose, with enought flexibility and corresponding performace capacity, besides being a generice PC inside, it may only be spoiled (at least for me) by the possible price tag. And no, iPad and "Alikes" are not the same and don't compete with it.
To the right there is a picture of the TV Set with a small integrated generic PC. I emphasize that it's not an embedded controller, which is effectively also PC platform nowadays, but the generic PC.
This TV set runs Android and smells more of a hype than the real attraction.
The first point has architectural reasons that values a higher priority personally for myself. The modularity of logically independant and replacable components is the key in complex structures and systems. It pertains not only to the ephemeral software world where I constantly dwell and which taught me this lesson numerous times with harsh consequences and brilliant insights. Majority of technological industries dealing with multitude of heterogenous objects reveal the same outcome in their designs and architectures. The hardware area, being more precise, consumer electronics, being even more precise, home consumer electronics also complies to this law, although to a less scale.
The second point is price for the value ratio. What applications can this platform run in 2 years? The new and upgraded existing services will require more and more performant platform to execute them and the life span of existing hardware components manifest this trend more than evidently with piles of obsolete gadgets and boards acumulated in every house. Aging tape, CD, DVD recorders and players, PDA-s, generic desktops and laptops. Especially old computers, the first victims of gaping pace of the computational power hunger. The only stubborn survivor of this hecatomb is TV-set due to its unique functional disposition: visual representation of the information from different modules, let it be VHS tape recorder, DVD player, computer, TV signal. The last functionality was originally the major core feature which rapidly dimishes at present with ubiquitous digital sattelite, cable and iptv recievers.
When I was young and stupid (traditional self-rectifying intrdocution to the further ego-boosting paraphrase), I was seduced by that time profound technical arguments of the TV+VHS recorder Monoblock - sinlge power unit and no wires. The VHS unit obviously got obsolete quite quickly and manifests itself as an overpriced useless non-detachable lump of plastic on top of the TV bulk. The TV-set as an image device still performs its tasks obediently and this only confirms my opinion and unintelligent choice at that past time.
The idea to integrate the generic PC into everthing is not justified and only spices up the price of the device. I have a clear distinction between embedding and integration. Embedded platform is something of the real value to the hardware unit. Examples are "Intelligent Refrigerator", "Intelligent Washing Machine", more down to earth "Firewall/Router". Integration is undividable coupling of logically independant units into the single unit creating a "blackbox". With integration come the limitations which are unavoidable due to constraints imposed by the development and research efforts. The super modular TV-set where you can replace in the future the CPU or upgrade the memory sounds too expensive. When one module of the blackbox expires and its functionality deprecates, the price/value ratio promptly jumps up.
There is only one strong opposing argument to modular designs. It is usability. I refrain from denying that in consumer electronis this is important and sometimes the paramount requirement. But for web browsing I'll prefer to use Mouse+Keyboard on Laptop connected to the TV-Display, for media viewing including TV channels my choice is MediaServer tuned for the high-rate gpu intensive graphics connected probably to multiple TV-Displays via HDMI switch, for Telemetry monitoring (like temperature, alarm sensors and powermetering) I choose embedded platform, for data storage I vote for the NAS and so on. This approach does have its own drawbacks and disadvantages, but it grants me design diversity, interoperability and architectural coherence.
P.S. In order to dispell the haze of condescending snobbing of the previous rant, I'll mention the device I find the real value in the future Home Automation network. It may not look obvious, but the fact that it is designed for the clear purpose, with enought flexibility and corresponding performace capacity, besides being a generice PC inside, it may only be spoiled (at least for me) by the possible price tag. And no, iPad and "Alikes" are not the same and don't compete with it.
Wednesday, April 07, 2010
USW: valgrind schnell debugging
Vor kurzem Ich habe einer Fehler begegnet dass Ich koennte nicht schnell begreifen wohin es erscheinet. Es wurde wie ein SIGILL oder ein SIGBUS Absturz aufgewiest. Ich hatte fast deutlich Verdacht dass irgendwo die Dereferenzierung passiert oder Speicherueberschreibung. Ich war shon sehr naehe zum Zustand wann Ich fuehlte bereit gdb auszufuehren, sonst damals Ich erinnerte mich von valgrind und seiner Moeglichkeit Speicherluecken rasch herauszufinden.
Die Ergebnis von dem erste Ausfuehrung war erstaunlich. Valgrind zeigte der Stapel von dem Function wo Anwendung absturzte und momentan Ich entdeckte den Shuldige von dem schnellem Guck auf Quellkod.
Die Ergebnis von dem erste Ausfuehrung war erstaunlich. Valgrind zeigte der Stapel von dem Function wo Anwendung absturzte und momentan Ich entdeckte den Shuldige von dem schnellem Guck auf Quellkod.
Monday, March 29, 2010
Zwecklos ?
地下鉄 爆発
---
Ich habe geliest dass nur 10% von Menschen starker und mobilisiert bekommen nach dem heftig Stress, ungefaehr 10% stabil und unwechselbar bleiben, sonst die Uebrig die Verhalten veraendert, manchmal grundsatzlich. Letzte Jahre Ich beobachte mehr und mehr von lebensgefaehrliche Ereignissen, als Schweininfluenza Schwellen, U-Bahn Attentatanschlagen. Im Innern Ich betrachte schwache Immunitaet Antwort, Tachykardie, dauernd Kopfschmerzen, schon ueblich allerzeit ungesund Zustand. Die Seele ist vergiftet von Ihnen. Und es wird sogar schwerer zu werden im Zukunft.
Was ist die Loesung? Weiterleben und kapmfen. Die Leben ist nicht etwas sakral und einzigartig wie Religionen vesuchen ueberall zu ueberreden und zu betruegen. Die Leben ist nur ein Zelle von die Evolutionstrom. Dieser Strom ist selbst ziemlich blind - es handelt sich mit Evolutiongezetzen welche auf Stochastische Raten eingerichtet. Die Zweck ist ein Mutation zu erledigen einer neuer Mensch zu verfassen. Immer starker und kraeftiger als vorheriger besonders im Psychische Nevau. Dass wurder seiner Chance ergaenzen immer gefahrliche Umgebung zu kampfen und zu ueberleben. Die Geschichten zeigen deutlich an dass Gnostisher, Intellektueller und Psychischer Gewalt besiegt jeder anderen Gestalten als Physicalisher oder Reicher.
Dass bringt man zum Einsicht von dem Zweck den einzige Menschleben - ansammeln genug Potential (einer Integral von unterschieliche Bereichen mit reicher Isomorphismus und sematischer Verbindungen), verbessern sich zum maximum Grenzen ob zu deiner direkt nachster Generation uebermitteln. Deiner Sonn. Mit deiner Zucht er kann besser und machtiger aufwachsen die Welt zu veranderen und nicht von Welt verandert geworden sein.
---
Ich habe geliest dass nur 10% von Menschen starker und mobilisiert bekommen nach dem heftig Stress, ungefaehr 10% stabil und unwechselbar bleiben, sonst die Uebrig die Verhalten veraendert, manchmal grundsatzlich. Letzte Jahre Ich beobachte mehr und mehr von lebensgefaehrliche Ereignissen, als Schweininfluenza Schwellen, U-Bahn Attentatanschlagen. Im Innern Ich betrachte schwache Immunitaet Antwort, Tachykardie, dauernd Kopfschmerzen, schon ueblich allerzeit ungesund Zustand. Die Seele ist vergiftet von Ihnen. Und es wird sogar schwerer zu werden im Zukunft.
Was ist die Loesung? Weiterleben und kapmfen. Die Leben ist nicht etwas sakral und einzigartig wie Religionen vesuchen ueberall zu ueberreden und zu betruegen. Die Leben ist nur ein Zelle von die Evolutionstrom. Dieser Strom ist selbst ziemlich blind - es handelt sich mit Evolutiongezetzen welche auf Stochastische Raten eingerichtet. Die Zweck ist ein Mutation zu erledigen einer neuer Mensch zu verfassen. Immer starker und kraeftiger als vorheriger besonders im Psychische Nevau. Dass wurder seiner Chance ergaenzen immer gefahrliche Umgebung zu kampfen und zu ueberleben. Die Geschichten zeigen deutlich an dass Gnostisher, Intellektueller und Psychischer Gewalt besiegt jeder anderen Gestalten als Physicalisher oder Reicher.
Dass bringt man zum Einsicht von dem Zweck den einzige Menschleben - ansammeln genug Potential (einer Integral von unterschieliche Bereichen mit reicher Isomorphismus und sematischer Verbindungen), verbessern sich zum maximum Grenzen ob zu deiner direkt nachster Generation uebermitteln. Deiner Sonn. Mit deiner Zucht er kann besser und machtiger aufwachsen die Welt zu veranderen und nicht von Welt verandert geworden sein.
Saturday, March 20, 2010
USW: Verstopfung
Fuer einige Zeit Ich habe mit einner "abscheulich" Fehler im USW-Projekt gekriegt und konnte es nicht loesen. Deiner Verfahrung hat wie einer Verstopfung aufgewiest und natuerlich Ich verdachte die Grundsatz des Anschluess liegt in Mutex verloren Entlassung. Nach studelang Untersuchung Ich koennte es noch nicht entdecken warum und wo es der Entlassung ueberspringen. Und wie immer, der Hilfe kommt von dzen-kalt Beobachtung des Kod:
Die Iterator ist verwirrt. Es startet von usw_cluster[UHP_DHP] und versucht bis usw_cluster[UHP_BHP] streiten, was ist nicht Ich beabsichtige. Aber die Aufweisung des Fehler ist sehr getruebt.
vector<UHPPeer*> UHP_Cluster::get_dhp_cluster() { usw_mtx.acquire(); vector<UHPPeer*> v; for(map<int,UHPPeer*>::iterator it = usw_cluster[UHP_DHP].begin(); it != usw_cluster[UHP_BHP].end(); it++) { UHPPeer* uhp = ((*it).second); v.push_back(uhp); } usw_mtx.release(); return(v); }
Die Iterator ist verwirrt. Es startet von usw_cluster[UHP_DHP] und versucht bis usw_cluster[UHP_BHP] streiten, was ist nicht Ich beabsichtige. Aber die Aufweisung des Fehler ist sehr getruebt.
Friday, March 05, 2010
Mittelerde
Aus meinem Fenster der Orthanc ist sichtbar und bisschen nach links im Entfernung, der gewaeltiger Barad-dûr Tuerme mit dem rote Auge auf Gipfel.
Die Farbe entspricht die Seeleverfassung.
Die Farbe entspricht die Seeleverfassung.
andreyk