Suddenly I found myself standing in the storage/utility room. And I had no idea why I was there. “Peter, you need to set the table! Get back on track!” – I told myself.

So I went back into the kitchen. Looked at the table: What was missing? Ah, drinks. OK, glasses, plastic cup for my daughter, pitcher of water – check. “Hey, I’d like a Coke”, so I opened the fridge. No Cokes. Should probably put some in the fridge for next time I want a Coke. I went to the utility room, and suddenly it hit me: That is what I was doing in the storage room! Getting Cokes for the fridge!

Man, I think I’m… What was it? … Yes, I’m getting older!

Being a techie, I really can’t accept a watch that isn’t accurate. The accuracy of a quartz-crystal based watch is the minimum. I wish I could get a Rolex, Omega or other really nice looking watch, but I just can’t accept the accuracy I’ll get from a watch like that. So all the beautiful Swiss watches are out for me. But there are alternatives:

I have a Certina DS-Action  quartz watch (shown right) and a Casio PRW 2000T

and I love them both for different reasons. The Certina DS-Action is just so beautiful. The Casio PRW 2000T is feature-packed.

I love how the Casio is Radio Controlled. That gives me sub-second accuracy! As much accuracy as my eyes can follow. Fantastic! Is this server’s NTP working? Look at my wrist. I can trust that. I’m afraid I can’t go back. That is why I’m wearing the Casio almost all the time now. But it isn’t as nice looking.

Basically there are three makers of Radio Controlled watches. Junghans, Casio and Citizen. I haven’t yet found a radio controlled watch that I like the looks of. The closest was Junghans Aviator. It looks really nice on picture, but when my friendly watch shop ordered it so I could see it, it just wasn’t as nice. It is really thick:

It has what I’m looking for: A analog+digital watch that is good looking and radio controlled. Only it isn’t that good looking

Other nice watches I like:

BOSS Orange it is nice looking, but not radio controlled.

Braun BN0087 It looks sorta nice, but is a bit old-school.

Then there is Maximilian 5402M-3 and Gardé both of which are almost nice…

I bet there’ll be more… Here is a nice list of radio controlled watches and manufacturers. Gadgets… I spend more time than I care to admit looking for gadgets. I spend a lot of time surfing for watches. Its a mess!

And in addition, the courses are free!

Thanks, Coursera and participating universities for making this possible.

Check it out! There are courses in:

All provided by professors from top-notch univerities in the US.

I’ve only tried the Cryptology course, but it rocks!

Peter

Yeah, right. Now I ask you, dear reader: How long do you think it’ll be before this is also used to find the mythical pedophile nazi-terrorists  too? I guess that’s ok too, right? But how long before they dig in and allow this to be used by the police to find:

• Illegal parking
• Speeding
• People collecting social benefits they shouldn’t be collecting (Danish: “Sociale Bedragere”)
• People they want to check up on and keep track of, just for good measure.
• Continuously monitor who associates with conspicuous people, a.k.a before-mentioned pedophile nazi-terrorists.
• Keeping lists of who participated in which public demonstrations, just for good measure.

And how long before the tabloid press start revealing that reality-star du-jour has spent the night at another reality-star du-jour?

This is a slippery slope. Here in Denmark, we have a “child pornography filter”. Originally that was for child pornography only. But it evolved into blocking The Pirate Bay (because it was proven that pirates are terrorists?), other file-sharing sites and drug spam sites. Its well on its way to being turned into a general purpose SOPA-like censorship filter.

And make no mistake. This is ideal for putting in a database: Who-was-where-when.

Imagine that Hitler gained power today, and measures like these were in place: “Ah, the opponents (I’m sure he’d call them terrorists) met at Freedom Lane nr 17 on Oct 17 at 19.00. Arrest anyone who parked within 15min/200m from this time/place”.

I am scared, actually. Primarily that most people don’t give a damn. Because they think they haven’t got anything to hide.

In the figure above, the Remote Server could be any TCP or UDP service in the remote network. My personal itch was to access SNMP agents in a remote network.

About 10.0.0.1 and 10.0.0.2: You’ll need to choose a network that isn’t being used in either side of the link. I’ve chosen the 10.0.0.0/24 network here but you can choose whatever makes sense to you. Just make sure it isn’t already used on either side.

First, we’ll set up the SSH VPN, and then we’ll add the networking trimmings (NAT and routes) so we can access the entire remote network from the SSH client. Finally I’ll also briefly cover PPP over SSH (a similar solution) which could be handy in some situations. Regardless, you’ll need root access on both SSH client and SSH server machines. And of course you’ll need SSH access to the SSH server!

SSH VPN

Following a good resource, it is really rather simple.

First on the server, make sure that /etc/ssh/sshd_config contains the PermitTunnel yes setting, or you’ll get an error like: channel 0: open failed in the following.

Now, from the SSH client:

sudo SSH_AUTH_SOCK=$SSH_AUTH_SOCK ssh -w 0:0 root@server

That establishes the tun0 devices in both ends. Now we need to configure them. On the server:

ip link set tun0 up
ip addr add 10.0.0.2/32 peer 10.0.0.1 dev tun0

On the client:

ip link set tun0 up
ip addr add 10.0.0.1/32 peer 10.0.0.2 dev tun0

ifconfig on both client and server should show that you’re up and running. Test it like this from the client:

$ ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_req=1 ttl=64 time=13.1 ms
64 bytes from 10.0.0.2: icmp_req=2 ttl=64 time=13.7 ms
.....

Now the SSH VPN is up and running. What this means is you’ll be able to access any resource on the SSH server, but not yet everything in the 192.168.0.0/24 network.

Please, for more details and hints about this (especially about the different approaches to root and SSH) see the good resource.

IP Masquerade (NAT) and routes

The goal is that we want to access any equipment in the remote 192.168.0.0/24 network without having to make any changes in the remote network. That is done with IP Masquerading on the server side and appropriate routes on the client side (see diagram above).

To set up, do this on the server side (assuming the remote network is accessed with eth0):

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Now, on the client side:

route add -net 192.168.0.0/24 tun0

That should be it! You can access all of the remote 192.168.0.0/24 network from the SSH client as if you were locally connected. Repeat this route command for all routes in the remote network you need access to.

DNS

If the remote network has its own DNS server, add its IP address to /etc/resolv.conf and you’ll be able to access them by name too.

SSH VPN alternative: PPP link over SSH

If for some reason the SSH VPN doesn’t work for you (e.g. old SSH version or you can’t enable the PermitTunnel yes setting), then you might want to use PPP over SSH instead. This requires the ppp package.

sudo /usr/sbin/pppd noauth 10.0.0.1:10.0.0.2 pty \
“SSH_AUTH_SOCK=$SSH_AUTH_SOCK ssh -t -e none root@server /usr/sbin/pppd passive noauth”

The tricky part here is that you can’t enter a sudo password on the remote side. ( I don’t think so anyway ). So you’ll need to be able to either log in directly as root (which is fine if you’re using SSH keys), or have sudo set up to not require a password for pppd. I chose the former.

Now you’ll have a ppp0 interface on both sides already configured with IP addresses and everything. Just continue to the “IP Masquerade (NAT) and routes” part (use ppp0 instead of tun0 though)

More information

Keep in mind, that if all you have is SSH (which runs over TCP), performance is going to be problematic. See Why TCP Over TCP Is A Bad Idea. That is part and parcel with the SSH-only access and therefore unavoidable regardless of solution.

I found all my information in man pages and here:

• SSH_VPN – Community Ubuntu Documentation
• NAT with Linux and iptables – Tutorial (Introduction)
• Nardol: Quick and Dirty VPN with pppd and ssh

Last, I wish sshuttle would do the trick, but for UDP it doesn’t quite do the job yet and requires a newer kernel.

We’re out looking for a house to buy, and for me getting the afternoon and evening sun on the terrace during summer is so incredibly important. This way, I don’t have to take the real-estate agent’s word for where the sun goes down in the summer and whether the trees will create shade on the terrace. I can check it myself. Über-cool!

The graphics are laid out on top of my phone’s camera image, so given the image to the right I can see that on July 9th (almost mid-summer) the sun clears the wall just after 7pm before it goes down at 8:52pm.  A little before that it will be obstructed by the wall in the background though. All visible on one screen.

I guess this could be handy for photographers too, but for buying a house this is indispensable. What surprises me is how all the real-estate agents that I’ve shown it to were blown away by it (or so they pretended ) but had never seen or heard about something like that before.

Have fun with it!

There is no doubt that PDF is superior, if you’re going to print the document, but if you’re going to read it on-screen, I don’t even know where to begin listing why PDF sucks. But I’ll try. My top gripes are:

• It is a different environment. My web browser buttons, extensions, history don’t work. Selecting text works differently. Searching works differently. Right-clicking, cut’n'paste all work differently. It’s a completely different environment from that page I came from. Why?
• I’m served a “individual page metaphor”, rather than a “continuous page” one. Why do I have to see headers and footers for what would be separate pages if I were to print it?
• PDF files tend to misbehave on Ubuntu/Linux. That is likely not a problem for you.

I realize that I’m passionate and emotional about this issue. So I googled “pdf usability studies“. Yeah, right. Thankfully the first relevant hit was PDF: Unfit for Human Consumption (Jakob Nielsen’s Alertbox on useit.com). I don’t always agree with Jakob Nielsen (I mean http://www.useit.com is perhaps usable, but man is it ugly!) Mostly, though I got links to PDF files containing the conclusions of usability studies on all sorts of other things. So not all usability experts seem to hate PDF files. On the other side of the coin, way down in the list was PDF usability: Debate and reality on acrobatusers.com. I guess it isn’t surprising that somebody on acrobatusers.com likes PDF files!

Jakob Nielsen mentions usability studies and research and quotes from some of them, but I’m wondering if there is other, independent studies or research – not loud opinions like this one! Of course I’m hoping for links that confirm my point of view, but really I’d like to know what “people” think.

A newspaper article [lang="da"] looks back at what people liked and disliked about what the previous government did.

I have trouble believing, much less understanding, that 68% consider increased surveillance to have had a positive effect for Denmark, 16% believe the effect to be neutral and 16% believe it to be negative.

Wow. The people who believe that our society is better off when the government monitors us more out numbers people like me 4 to 1? Yikes. Has nobody read 1984 or seen Das Leben der Anderen? Doesn’t anybody remember DDR or the Soviet Union? Perhaps China will open source the great firewall too, so we can install it here!

I’m a little sad today about this.

Edit on 2011-10-20. Oh no, it keeps getting worse [lang="da"].

This is a big deal (at least in my book) because it demonstrates that the NSA does not believe in security by obscurity.

It is a common misconception that open source is inherently less secure than commercial or closed source software, exactly because hackers supposedly can’t inspect the code to find weaknesses. The flip side is, of course, that you also have fewer white-hat eyeballs looking to find, report and fix weaknesses. Apparently, the NSA aggrees!

Thanks to the Userfocus Usability Newsletter for the link. The site also has lovely 32 Pictures To Help You Appreciate The Awesomeness Of Nature but I better let you go now .