brentashley

I’ve been using openSSH (Secure Shell) a lot lately – it’s definitely my Tool Of The Year this year.

Of course, SSH provides a commandline interface to your machine just like telnet, but with certificate-based security. That in itself would be great, but SSH’s ability to do secure tunneling, port and X11 forwarding and secure copying make it a veritable swiss-army-knife in your utility toolkit.

My home network is connected to the net via cable modem. I have a perl script that monitors my external ip address and notifies Zoneedit‘s DNS servers if it changes, providing me with dynamic dns. This allows me to get into my network. I don’t want to provide open access to my network though, so I firewall off everything except one obscure port. On that port I expose the sshd secure shell daemon running on my linux box.

Wherever I am on the net, I can connect to my linux box with ssh (usually with the Windows ssh client, PuTTY) and get a shell prompt. (I keep downloadable copies of PuTTY.exe and vncviewer.exe available to me on my public server for quick access – they’re pretty small downloads with no installation or dependencies).

If I want to connect to any of my home machines via VNC or HTTP or whatever, all I have to do is specify a port on the workstation I’m on and have PuTTY forward that port through the ssh tunnel and out to a port at the other end, either on the terminating linux box, or forwarded to any machine it can reach. I fire up VNC, point it to localhost with the right port number, and PuTTY and sshd take care of the rest.

If I like, I can keep this static PuTTY/sshd tunnel going, and then go to another machine on this remote network, connect to the local port on the PuTTY machine and have it forwarded securely through the tunnel and out to a different remote machine on my home network. The mind boggles.

Say I’m running KDE under Mandrake Linux on my laptop and shelling around on my linux box via ssh – if I run Konqueror, it starts up on the home linux box as a kde program, and throws its X11 display to my laptop across the tunnel. On my laptop, the konqueror window opens, but I’m browsing the home machine remotely!

If I want to connect to my the hosting company that hosts blogchat and send a bunch of files back and forth in a secure manner (as opposed to FTP for instance), I can use SCP (secure copy) or WinSCP, both of which talk to sshd on the remote end to do entirely secure copying between machines.

Tim was consulting at a client a couple of weeks ago and found he couldn’t access some things at nonstandard ports. So, he SSH’d to an intermediate point out on the net where he had permissions, and set up a tunnel via there to the services he wanted to consume.

I have a client whose two computers I can only reach from my home due to a firewall rule. From elsewhere, I ssh to my home, and then from that commandline, ssh into the client. I can actually set up doubly-redirected ports through the mess of tunnels if I want. Powerful stuff.

I was at a client last week where we were inside their network but needing to test their application from the outside to test PIX and RADIUS authentication. I grabbed PuTTY and vncviewer.exe, shelled home and started two vnc sessions, one on my linux box and one on the Win2k box, ran 4 different browser versions and used tcpdump and windump to sniff the traffic – all through the one ssh tunnel.

It’s been a long time since I’ve run across something so indispensable.

So Mozilla‘s on Version 1.0 Release Candidate 3 now. Not version 0.991 or 0.992 or 0.993, but the third trial-balloon-final-release-sort-of-but-not-really.

I remember my Dad telling me one June day when I was a kid that today was February 126th. I assured him it was June and not February and that February only had 28 or 29 days, but he explained that a project his company was working on was due at the end of February and it still wasn’t ready, so they’d decreed that February wasn’t over yet. I think February had about 250 days that year.

Dammit, apparently Linux has this 497-day uptime bug. What a piece of crap. I never had that problem with Windows…

I’m reading David Weinberger’s Small Pieces Loosely Joined, an enjoyable insightful commentary into the social impact of the internet.

David has a kids’ version of Small Pieces that reads very well for 10-15 yr olds. As one of the online comments says:

[the kids version is] Like a scalemodel (clue) train

I’m at one of those awkward passes, where I’ve got so many things lined up to do that I’m at an impasse where to start. I’ve just been sitting here frozen in front of the keyboard, my mind swimming with the daunting array of tasks ahead of me. Time to kick my butt into gear.

One of those things is to get some blogging flowing again. I’ve always leaned towards blogging only when I have something to say rather than forcing a regular blurb out perhaps before one is ready. There’s a middle ground to that though, I suspect, where I encourage myself to seek blog inspiration in order to whet my appetite for a good rant or discourse, thus keeping up the flow.

I guess it’s my duty to link to a few people too, and quote lots of stuff I’m sure you’ve all seen elsewhere anyhow, lest I get branded a narcissistic snob by the demablogues who contend that there are right and wrong ways to blog, and those who open their blog at the little end are deserving of pejorative labels.

From BayswaterFarm[ via scripting.com]:

Tolerance is all very well, but how does a tolerant society tolerate the intolerant?

That just about sums up the popular misunderstanding of Pim Fortuyn’s views.

I assume you’ve been following the Pim story, and have read Adam’s thoughts.

Tim’s been doing some programming with RSS and learning a thing or two.

Not to get behind, I’m working with Scott Johnson on some RSS stuff and wrote a test harness for a routine to clean up the descriptions in a feed, removing or escaping html, truncating description size, etc.

I’ve been following the debate about whether Jenny should truncate her feed., so it occurs to me it doesn’t matter any more whether she does or not. As long as I use my new handy-dandy RSS cleansing proxy, I can control it myself.

I’ve saved a piece of Scott’s feed as an example since he’s got some html in it and his entries are long. Here’s the raw feed

If you use my cleanser, you get this result

The feed parameter of course is required. I’ve added optional parameters too –

limit sets the byte limit to truncate the feed at, or 0 for all of it. defaults to 500 bytes

method allows you to specify whether you want all tags removed from the feed (remove) or just have ampersands escaped so it doesn’t mess up your aggregator output or cause script security concerns (amp). Defaults to remove.

More examples: limit to 50 bytes, amp method

I’ll leave this available for a day or two, but after that, you’ll have to do it yourself – I don’t need the entire world’s RSS calls proxied through my server.

I recently had a remote scripting support question about Netscape to which I responded:

You don’t say what version of Netscape. If it’s 4.x, I don’t even have it
loaded any more, so I can’t debug it at all. It’s time to let it break and
force people to wake up and get a decent browser.

The response I received said (edited for clarity):

The version I use is 4.79. The application has to be compatible with every browser.

No it does NOT have to be compatible with EVERY browser. Are you making it work with Lynx? Are you making it work with Spyglass Mosaic 1.0? Are you making it work with Cello? Are you making it work with Netscape 2.0? Of course not. They’re all irrelevant to web applications. So too is NS4.x but it won’t ever lay down and die as long as people keep propping it up with superhuman hacks.