Tyrannosaurus Debt

Courtesy of Rodney Graves @ Say Anything...

Technorati Sucks

h9zjb4qnxy

Well after researching this issue all over the Internet, and sending support tickets, all I get from Technorati is total silence and my opinion of them is that as an aggregator and traffic driver, their methodology and support absolutely blow.

The quote below is all I ever get and the support forums? There's not even a single link or button to make my own post there about this problem and every single post thread there is marked solved/closed/whatever and are dated months old.

I get the feeling that Technorati has no interest in doing what they do correctly. Given unequal application of their system, it gives the appearance of at the very least stupidity and laziness if not selective listing choices.

This is exactly why I never bothered with Technorati before.

We have identified a problem with the URL submitted for claiming:

http://suitepotato.blogspot.com

This may be for a number of reasons. Please review possible reasons below.

1.

Please check and make sure the URL you are trying to claim is the front page of your blog as a browser would link to it. If the URL submitted was different, please try updating the URL and submitting the claim again.
2.

If you\'ve verified the claim URL is correct and your blog is reachable by browser, it may be that the URL has been flagged by Technorati as matching a pattern for spam blogs, or the blog software being used is not recognized by Technorati\'s web crawler. In this case we ask you contact technorati support and supply the following info:
* Please include the following error code: 402
* URL you are claiming
* The name of your blog
* Your contact info
* What blog software you are using (if known, e.g. Wordpress, Drupal, Movable Type, etc.)
* A short description of your blog and the type of content you like to write about.
* Does your blog have a RSS feed? Please see if you can supply us with an example URL of your feed.

That text snippet at the top? Their vaunted scripts can't fucking detect it no matter how it is posted here, and if they do, they can't use it. I could write better code to search text in Applesoft Basic over twenty-five years ago. I could write better in Python within a week of starting to learn it. I could do better work with regex a week after using Linux the first time.

The word?

FAIL

Thanks for nothing Technorati.

Drool… Network Techie Heaven…

Now all I need is this, a good superhardened tough laptop, docking station, and I’m ready to go… and a lot of money.

Stupid Network Tricks: GMail via Tor

While the accessing of the GMail web interface via Tor in Firefox with Torbutton installed seems simple enough, you might prefer to use an email application with GMail, in which case it might seem a bit harder.

Here’s how.

Install Stunnel which you get here. Once you have, find in Start | All Programs | stunnel | Edit stunnel.conf which on selection opens Notepad with the stunnel.conf file ready.

Insert these lines:

[SMTP Gmail]
accept = 127.0.0.1:25
connect = smtp.gmail.com:465

[POP3 Gmail]
accept = 127.0.0.1:110
connect = pop.gmail.com:995

and then File | Save and you’re done there. DO NOT run Stunnel from the Start Menu or it is going out straight from your IP.

Instead, using SocksCap which you already downloaded and installed earlier, you start that and go to File | New… and here’s the values:

Profile Name: Stunnel by Tor (or whatever you prefer)

Command Line: "C:\Program Files\stunnel\stunnel.exe"

Working Directory: "C:\Program Files\stunnel\"

and click OK.

From within SocksCap you now run Stunnel AFTER starting Tor from the Vidalia Control Panel. I suggest letting it run a few minutes to build a few circuits before starting Stunnel.

Now simply aim your email application at Stunnel. Where you enter your POP3 server, user 127.0.0.1 and the same IP address for your SMTP server. Enter your GMail account user and pass information and save everything.

What this does is to cause your email application to send standard POP3 and SMTP traffic at Stunnel which receives it and relays it to GMail’s servers which only use SSL but many email applications don’t, and does it via SocksCap's redirection towards Tor.

This saves you from trying to get SSL functioning on the email application, which while it might work almost certainly won’t be SOCKS aware and thus will be unable to be directed at Tor. IF your email application IS SSL aware, then theoretically you could start it within SocksCap and cut out Stunnel. Of course, many aren’t and for those who don’t want to dick around with the SSL stuff and just insert the easiest values to use, then this method works.

Also, it helps familiarize yourself with using Stunnel to use SSL with non-SSL-aware applications AND do it with Tor.

Stupid Network Tricks: Freenet over Tor

UPDATE: THE PROBLEM IS THAT FREENET IS JAVA BASED AND IS CALLED BY A PROGRAM THAT INVOKES THE JAVA VM. ON INVOCATION THE SPAWNED JVM IS WITHIN SOCKSCAP'S WORLD AND CANNOT COMMUNICATE PROPERLY AND DIES ALMOST IMMEDIATELY.

STILL WORKING ON WHICH PART CAN BE SOCKSIFIED AND WHICH CANNOT.

WILL UPDATE THIS IF/WHEN I FIGURE IT OUT.

IGNORE THIS FOR NOW...
FREENET SERVICE IS DYING WITHOUT NOTICE IN LOGS AND RESTARTING ITSELF OUTSIDE OF SOCKSCAP'S NOTICE
THEREFORE THE NEW SPAWN IS COMMUNICATING DIRECTLY
AM WORKING ON THIS RIGHT NOW

Yes, you can.

First, you will need SocksCap. You can get SocksCap by doing a search for it on Google. Permeo’s site is down and they may be moribund but you can get it online still.

Second, I assume you’ve already got Tor. The easiest place to get it is right here.

Okay, once Tor/Vidalia/Privoxy are running, and Tor has connections built (wait about ten minutes after starting it to make sure it has solid connections) you want to get Freenet operating over it. You get Freenet here of course.

Okay, with all three installed, making sure Tor is up and connected solidly, start SocksCap and go to File | Settings… and set up the proxy with the SOCKS server at 127.0.0.1 and port 9050 which is where Tor/Privoxy are listening by default. Select SOCKS Version 5 and click on Resolve all names remotely. There’s no username and password so selecting that is not needed.

Now in SocksCap select File | New… and for the Profile Name, select whatever you wish but Freenet would be an obvious good choice. For the Command Line, use this:

"C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe" -t "C:\Program Files\Freenet\wrapper.conf"

all on one line and use:

"C:\Program Files\Freenet\"

for the Working Directory and that INCLUDES the quotation marks as Windows’ DOS doesn’t understand spaces and long filenames and so needs quotes for them to work.

Where did I get them? I got them from the service that Freenet installs. The executable entry for the Freenet service gives that Command Line with the minor variation that it invokes the command switch –s but that switch does not exist. If you execute that wrapper-windows-x86-32.exe file in DOS, it tells you the –t switch is the service creator. DON’T try to run it as a console app by using –c as it will instead try to spawn it unsuccessfully over and over.

Once you click OK you merely have to select it and click the Run button and now Freenet will be operating via SocksCap’s magic across the Tor network.

Why do this? Obfuscation and misdirection have their uses in maintaining privacy.

Important Addendum: Go to Control Panel | Services and find the Freenet service. Open it up and change from Automatic to Disabled. If you don't do this, it will start up on system start and Freenet connections will be coming direct from your IP instead of over the Tor network.

Stupid Network Tricks: Smoothwall, SSH and the Smoothwall Proxy

So maybe you’re behind a firewall at work that stops your web browsing freedom and yet has not locked down your machines so much that you cannot change proxy settings. Or maybe you can’t on Windows/MSIE but you can use Firefox on a thumb drive. If you can set a browser to use a proxy, maybe you can’t get to it on the public Internet. Maybe you wouldn’t want to because of a lack of user control.

Here’s how to do it.

First, you need to be using Smoothwall. I prefer the current version 3.

Smoothwall has the capability of being interacted with via SSH. Even better, it defaults to a port other than 22 so it may not be blocked where you are at the time you want to reach it.

You need to remember to allow open access to the port it uses so at the web based admin screens you want Networking | External Access and there you create a rule for TCP protocol, the SSH port you’re using, and source can be all unless you’re only connecting from very specific networks. Make sure to enable the rule and save it.

Now then, when you ssh to your external IP address, which may be dynamic and I highly recommend dyndns.org to get a dynamic DNS entry as Smoothwall has a client that can keep it update when your ISP changes your IP, you need to be able to redirect traffic through Putty.

Yes, Putty is the easiest to use. Connection | SSH | Tunnels is the place in the Putty session set-up. There you need not check either of the top boxes. Just enter your tunnels.

Now then Smoothwall has a web proxy that when on and not in transparent mode answers on port 800 by default. So you create a tunnel by entering 800 in the Source port field or whatever number you want your local machine to listen on for proxy incoming, and then enter the IP address of the LAN SIDE Ethernet port of the Smoothwall and NOT the public IP or anything like that and you make it with a colon and 800 as in 192.168.1.1:800 in that field.

When you get the SSH session going, you are going to be doing SSH from wherever you are to the WAN side Ethernet port, and the SSH server will be taking in your tunnel from Putty and aiming your proxy traffic at port 800 on the Ethernet interface and as far as Smoothwall is concerned, it is as if it came from your home LAN.

You will now appear to be communicating from home even while at work or a friend’s house. The IP seen will be that of your home connection, so keep your nose clean and play nice, but have fun.

Stupid Network Tricks: SSH on Windows

Go here to find out about installing SSH on Windows in the first place.

Now go here to find my reply on getting “strictmodes yes” in ssh’s conf to work on Windows or read my copy below. After all, I did write it.

I found that in order for StrictModes yes to work on Windows XP Home edition, there is a simpler way of making the permissions correct than rebooting to safe mode.

First, the account you're doing the set-up from must be an admin acct if it isn't the one you're setting up for, and second, the acct you're setting up for must be an admin. For instance, let's call the acct we're setting up for "spike".

As you said, spaces are not well handled by this code. I found putting the home directory just off of c:\ was the best thing. I also decided to go with the .ssh notation so frequently used and so:

c:\spike\.ssh

Which is where the authorized_keys file must go. BUT, and here is the EXTREMELY HUGE ROSEANNE BARR SIZED BUT, you MUST NOT do it willy-nilly. I tried Windows Explorer AND at the command prompt. Both times it failed. Rebooting to safe mode was no help despite hours of messing with the permissions. What I found worked was much much simpler.

Once password based authentication is working for that acct, you log in to the server as that acct. Once at the prompt in Putty, you change directory to c:\ and then mkdir spike and cd spike and then mkdir .ssh. Now you've made those folders SOLELY as the userid in question and NOT as the system acct or the admin acct you may have been logged into Windows with.

Next trick, you take advantage of inheritance and change your directory in the Putty session window to wherever you made the authorized_keys file. Then copy authorized_keys c:\spike\.ssh\ and it copies to it. Now, thanks to inheritance that defaults on file and folder permissions under XP Home on NTFS, the folders AND the authorized_keys file will have the appropriate permissions.

DO NOT BY ANY MEANS modify those folders or that file from anywhere but within Putty, logged in as the userid in question. ANY other userid modification can cause it to change permissions and break StrictModes yes. At least, that's the way it has been behaving so far.
To test, I run Putty against the OpenSSH service running on the same machine by pointing at localhost.
Of course, having NTFS as the filesystem is also a must for this to work at all.

Also, to make it look in the home directory, edit the registry to make home c:\ and then use:
AuthorizedKeysFile /home/%u/.ssh/authorized_keys
Which in the example I gave would cause it to look in c:\spike\.ssh\authorized_keys. StrictModes yes should now work.

I also added this follow-on.

I forgot that you should also try using CACLS.EXE from c:\ and then you should get something like the following using my "spike" userid example.

C:\>cacls spike
C:\spike BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
CREATOR OWNER:(OI)(CI)(IO)F
BUILTIN\Users:R
BUILTIN\Users:(OI)(CI)(IO)(special access:)
GENERIC_READ
GENERIC_EXECUTE
BUILTIN\Users:(CI)(special access:)
FILE_APPEND_DATA
BUILTIN\Users:(CI)(special access:)
FILE_WRITE_DATA

This is the state of permissions on my home directory with my current setup and StrictModes yes is working fine with it.

Not that most people see a need to get SSH to a Windows machine running such that they can do at a command prompt everything they could do at a DOS prompt, but you never know.

This way, you can set your config on that machine to require a key and not allow passwords.

If you want, farther down is this:

So you want to use SFTP with Ipswich WS_FTP Pro... (well, you might...)
(This is for version 9.01 btw...)
First, go into WS_FTP Pro.
Options...
SSH
Client Keys
Create...
Then, Export and name your key how you like and then go into WordPad and look at the .pub file you exported.
This is how the Ipswitch WS_FTP Pro key will look when exported and viewed in WordPad:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "Created by Ipswitch WS_FTP Pro"
(key gibberish)
(more key gibberish)
(yet more key gibberish)
(even more key gibberish)==
---- END SSH2 PUBLIC KEY ----
This is the correct format for a Unix box running OpenSSH. It isn't correct for OSSHfW.
Note the "==" at the end of the key. That is EXTREMELY important to have. Actually, you only really need the one “=” near as I can tell but why take chances I figure.
This is how it should look in the authorized_keys file for OpenSSH for Windows:

ssh-rsa (all the key gibberish in one line)== wsftp

You need the entire thing on ONE line, ONE return at the end, ONE key per line. The space and then the wsftp is my choice to identify the line as being my remote WS_FTP key. You could call it “susan” if you wanted.
So go to the copy of authorized_keys you left where you built it before copying within the SSH session and then edit it, putting in the key in the above format. When done, you should have something like this:

ssh-rsa (all the first key gibberish in one line)== spike
ssh-rsa (all the sftp key gibberish in one line)== wsftp

Once the editing is done, SSH in as before and go to the directory where your proper authorized_keys file is sitting and issue the command “rename authorized_keys authorized_keys.bak”, without using the quotes of course. Go to the directory where the edited authorized_keys is and copy it to the directory you were just in and then get out of the SSH session and go to Services in Windows and restart the OSSHfW service. Now restarted, it should have that key in its config.
Now you can go to WS_FTP and set up the site. This is what you need in addition to the address of the site and account information.

Site Options
Advanced
Server Type SFTP/SSH
Remote Port (the one you run OSSHfW on)
SSH
SSH Keypair (the key you created)

Try it out now and you should be able to SFTP using the key login. I generated the keys at work, e-mailed the public key to myself and when I got it at home, edited it and added it to my file and restarted the service. Next day it worked like a dream.

I use it to transfer files downloaded at work to my home machine and it works fine. The most important thing to remember is that the key generated by with the Export function to the .pub file must be correctly edited. “ssh-rsa”(space)”key gibberish here”==(space)”your identifier here” is the format and it goes ALL ON ONE LINE, each key on a separate line.

Well, there you go. Next up, Tor, Stunnel, SocksCap, and Freenet among other stuff.

Obama the Standalone Complex President

This is from a post I made at SayAnythingblog.com.

If you want more information on the standalone complex basics…

It took me a bit, but I realized why Obama’s effortless glide to power was so familiar.

chris:

For starters, the expectation of Obama is phenomenal as he is attacking several inherited crisis, and not only that he seems to be living up to the hype.

Not even close. Your wishful thinking is getting in the way of your intellectual grasp of current events, and recent history not to mention human psychology and social dynamics.

The "expectation of Obama" is what can be considered a second-order standalone complex.

In a first-order standalone complex, one or more events presented to the public capture the public's imagination or weigh on their subconscious in such a way as to cause certain like minded enough individuals to attempt to follow or copycat a nonexistent original inferred by those events or ideas presented, or even specifically mentioned.

In a second-order standalone complex, the mechanism devolves to inference made from the first-order. In this case, we spent EIGHT YEARS with near saturation media coverage of Bush in a way that was radically at odds with reality. Instead of Bush as he actually was, they presented the news with positioning, slanting, and basically told the public what to think about him.

They turned George Bush the man and president into George Bush the social concept. The social concept of him they presented was nearly that of the Christian anti-christ. He was presented as larger than life in everything he did and all of it was negative. He was presented as the supreme bungler, the master liar, the ultimate puppet of Cheney, the lord of the Sith of presidents, the least competent president ever, and all that. Whenever the MSM did not infer it, they turned to the usual left-wing adversaries to give them tv and newsprint time to say it directly.

On top of this they filled the blogosphere (and how I hate that name) with their mass movement. They attempted to foment social insurrection and in testament to the public's understanding that their natures and desires are closer to conservatism than socialism, resisted such that it failed to become an overt phenomenon and became a subversive one instead.

The left's attempt at crafted populist revolt instead led to the formation of the first-order complex by creating the image of Bush that never was. However, as humans go, they tend towards dualistic thinking and the more extreme an archetype becomes the more an opposite implied archetype becomes certain.

Messiah, not messiah, Christ, anti-christ, Bush, Not Bush.

Until Bush was not up for re-election acting on the impulse to follow the standalone complex was resisted because it was not academic. Voting him out at the second election had to be balanced against those he was running against and the public was only four years into it so their resistance was high.

Bush being reelected freed the standalone complex. Bush was no longer available so whoever was going to win was going to be Not Bush. Humans as I said think in binary terms and they are associative. Bush -> Republican. Not Bush -> Democrat.

A secondary first-order standalone complex happened among the Democrats with Obama who was the unknown quantity and Hillary who was the known one. There's Hillary and Not Hillary. Obama was carefully presented as being on every side of every issue, thus giving no fixed points to rankle and annoy the Democrat primary voters. Hillary had an existing history. She was not easily faked. Obama was whatever people wanted to believe he was since they knew nothing else.

Thus we saw Obama picked by Democrats to be Not Hillary and later to be Not Bush. We elected an implied archetype, one that was implied in our own minds by the inferred one created around Bush through omnipresent meme transmission.

That is the central problem for Obama. Even if he suddenly got religion as it were and went conservative, he still is not going to be able to live up to the ideas people have of him. Obama the President and human is not Barack Obama the phenomenon. He cannot be what he does not know to be and he is so many things to so many people.

Just as with anyone who'd claim to be the messiah, the mantle and all the sociocultural baggage that goes with it always colors the perception of whoever wears the mantle. Obama is wearing a mantle primarily defined around not being Bush, and secondarily as the answer to everyone's angst over all the things they were induced to feel and think. After all, humans are just plain mortal beings. They know nothing beyond what their senses tell them. Whether they want to or not, they tend to believe what is heard in passing and overwhelmingly.

That overwhelming leftist slant of the media is the undoing as no one taking on the mantle they created can ever live up to it. They've overplayed this badly and created no exit strategy for it because they did it by accident. If this had been crafted in some Machiavellian plot, a wise architect would have left some approachable and relateable human foibles in the construction so that people would have a pause in their pursuit of belief that the Not Bush was everything Bush wasn't and nothing that Bush was.

Finally, they badly screwed up in making this personal. The archetype was Bush versus Not Bush. Not Republican versus Democrat. The public learns what is put to them inevitably. Such as personalization in politics. As Obama makes more and more mistakes which he must as I said, the disappointment in Obama for the position of Not Bush will grow. The assignment of Not Bush to Obama in the minds of the public will decline. As Bush recedes due to lack of appearance on the scene fresh in their view, the Not Bush construct will fade as well. Obama will be left as the guy in charge and have no mythical ideas about him to shield him from the cold hard reality that he is not competent much less morally worthy of the job of President of the USA.

More to come as soon as I can...

Just been very busy with other interests of late. Replaced a car, started biking and lost 20 pounds, busted my knee, started designing some stuff, working on PC tune-ups, trying to get some Hebrew practice in...

I suggest sayanythingblog.com if you want something to look at right now. I've been over there a bit, more than anywhere else, just because politics has bit me for the moment as well.

Anyhow, will get back to posting as soon as I can write something up.