bjørn / beorn / 白熊

Even simpler way to ssh through a firewall

In his article Jacky explained how to easily drill holes through to ports on machines behind a firewall. What I normally want is to have ssh access to machines behind firewalls, allowing me to do scp, and easily ssh in without a stupid stop-over on the firewall machine.

I came across this solution that does exactly that. After the super-simple set-up I’m able to do:

The day the podcasts died

Richard noticed that Feedburner has been blocked in China. This is terrible news as a lot of blogs and podcasts are using feedburner! No wonder half my podcasts suddenly stopped working. Let me know if you find a work-around (besides using Tor for everything).

Public wifi - how could it get so bad?

Warning: This is a rant.

With wifi came the promise of being online (almost) anywhere, but due to incompetent or misdirected implementation and management, it’s pretty much a patchwork of extremely unreliable networks. My experience is that there’s a 30-40% chance of actually being able to get online at an access point.

In the case of wireless access points (AP) owned and operated by cafes/restaurants, they are:

• often connected through a patchwork of bad power, telephone, and network cables, usually piled on top of each other next to the cash register to ensure a reboot every cash register kachink
• using a cheap and buggy access point that freezes up every 30 minutes
• unencrypted/open, and long since discovered and overloaded by P2P freeloaders
• configured to the same channel as the other 10 access points around, causing “mysterious” packet loss of 50%+
• configured with the same SSID (e.g., linksys) as the other 10 access points around, making actual selection a stroke of luck
• practically unmanaged. It’s always better to just go over and try to fix it yourself if something’s wrong; if you ask the staff they’re usually completely clueless, and will try to call someone almost as clueless, before finally you’ve spent a good hour helping them just get the thing working.

In the case of commercial access points, while they’re more professionally installed and run, the access and management systems kill the experience. Here are typical problems:

• Filtering of everything but port 80 (web) - goodbye IMAP, IRC, etc. I can’t do any work when all I can do is browse (yeah, I know I could set up a tunnel over port 80, and I may have to start doing that sigh).
• You have to first go through a “home made” web application to register and sign in, which you often can’t due to bugs on the web application preventing you from registering;
  • failure to localize phone numbers or addresses
  • missing web pages
  • 500 server errors
  • failure to send SMS or email registration messages
• Worst of all, there doesn’t seem to be anyone monitoring or receiving these server errors; if there were, I wouldn’t be hitting them nearly as often.
• If you’ve managed to sign in, you can expect to be suddenly locked out if you close your laptop and open it again since your old session hasn’t expired, and they have “smart” sessions.

I have yet to find a good web application like this. In my opinion they should be banned altogether. The internet is not the same as the web, so just requiring you to go through such a manual and unreliable system to get online is insane.

If I have to guess, I would have to guess that these systems are designed, implemented, bought, and managed by incompetent people as well, people that:

• Don’t understand or value simplicity and reliability, always erring on making things too complicated and thus unreliable
• Think the web is the Internet, so they don’t see anything wrong in “breaking” the Internet by disabling everything but the web
• Think you can just build-and-forget, relying on (expensive) customer bug reports (that often have an unhappy ending) instead of proactively managing and fixing problems

What works?

I have been using wifi extensively in a few places around the world (Beijing, Hong Kong, Budapest, Singapore, San Francisco), and the only wifi access points I’ve seen that work are those that are free and run by clueful coffee shop or restaurant owners that know to:

• invest in robust cabling, and put the AP out of harms way
• invest in proper training of staff, and howto material
• invest in proper installation that
  • sets the access point SSI to something unique, the name of the venue is perfect as well as good advertisement
  • configures the access point to use a channel that doesn’t conflict with other nearby access points
  • changes the admin password to non-default one (most amateur access points do not)
  • adds encryption (WPA is the only secure thing these days)
• change the WPA password every day (using a hex key), and has it written down on a piece of paper they can hand out to guests
• advertise wifi availability and instructions for getting online prominently

In addition, for laptop users, it’s also always good to have power sockets around.

Python 3000 alpha 1 released!

Guido just announced it Time to experiment.

Blueprint, a CSS framework

Tired of fighting with browsers on CSS issues regarding layouts, styling of buttons, or generating print versions? Then you’d probably be interested in the Blueprint CSS Framework which I discovered via Mark Boulton. It’s getting great reviews, looks to have a lot of promise… and by a fellow Norwegian to top it off. Check the tutorial for a good introduction.

Finding Python packages

Although easy_install might be sufficient to install a Python package (aka egg) onto your system, it doesn’t help you find available packages or see what you have on your system. Most package managers does, so this was a bit surprising. I was frustrated enough that I started looking at what it would take to make one. I came so far as to create a little utility built on top of setuptools that downloaded the Python Package Index (aka cheeseshop, aka PyPI) using httplib2 with caching.

Searching for pypi using this utility I saw a couple of packages, including one called yolk that promised to be a “Command-line tool querying PyPI and Python packages installed on your system.” Great! Saved me a lot of work.

Yolk not only allows you to search PyPI using yolk -S <name>, it also gives you a way to query the packages that you have installed on your system using yolk -l. I’ve NEVER seen this before for Python eggs, so it was quite fun. Yolk doesn’t cache stuff from the PyPI, however, so that’s a bit of a downer for us living in bandwidth-challenged areas like China.

If you wonder, yolk is a word play on “egg yolk“, which is the yellow part of the egg. Python packages as done by setuptools are called eggs, thus the name.

By the way, httplib2, although not part of the standard library, is quite a bit better than urllib2 or httplib, and apparently the only way to easily make HTTP requests that use HTTP methods besides GET and POST; i.e., PUT, DELETE, HEAD, etc, as required by REST. It also exposes a very feature-complete client-side cache, so you can do:

I hope the standard library cleanup project that is planned for Python 3000 includes this module, and updates it so that it can support file-like interface to reading, not just returning a string like it does now. A compatibility module with the old http/url modules would be cool too.

Slides from “Django Master Class” at OSCON

At OSCON 2007 Jacob Kaplan-Moss, Simon Willison, and Jeremy Dunck held a Django Master Class. Jacob just posted the slides on the web, and it contains a few goodies, like:

• testing strategies
• testing support in Django
• dumpdata
• templatetags introduction
• custom model fields
• OpenID (which seems to be on Simon’s mind a lot lately)
• a cool example using jQuery to do Ajax-style client-side form validation based on conditions set in the Django model(!)
• deployment options for high-performance sites
• Geo Django + PostGIS for geo-coordinate manipulation