Maxims, rules of thumb and other observations on human cognition and sociocultural affectations

This will be added to on an irregular basis...
  • What is said to humans directly is received with skepticism and considered with dubiousness while that which is heard in passing, especially that which most conforms to their mentality or prejudices, is readily believed.
  • Humans have a certain cognitive latency between exposure to new information or experiences and the ability to think dispassionately and intellectually about it.
  • Humans have a certain cognitive spectrum starting with the moment of exposure to new information or experiences and ending with some point at which the thing is effectively "in the past" for them.
  • This cognitive spectrum is linked to the emotional process often referred to as shock, anger, denial and acceptance.
  • The more and faster information or experiences are presented to people and the closer the quarters and the lesser the distance between people, the more their early reactions in the passionate emotional stage are reflected back to them in the manner of responses to those reactions from others in light of those responses.
  • The more outrages which are suffered without sufficient time to allow emotional bleed-off, the farther the bar for subsequent reaction and outrage are pushed, and the more further events must progress before reaction and outrage.
  • It is possible for serious detriments to eventually sit below this threshold for long enough for their damaging effects to build and multiply until their entire society undergoes some reactive convulsion.
Bookmark and Share

Monday, June 29, 2009

Technorati Sucks

h9zjb4qnxy

Well after researching this issue all over the Internet, and sending support tickets, all I get from Technorati is total silence and my opinion of them is that as an aggregator and traffic driver, their methodology and support absolutely blow.

The quote below is all I ever get and the support forums? There's not even a single link or button to make my own post there about this problem and every single post thread there is marked solved/closed/whatever and are dated months old.

I get the feeling that Technorati has no interest in doing what they do correctly. Given unequal application of their system, it gives the appearance of at the very least stupidity and laziness if not selective listing choices.

This is exactly why I never bothered with Technorati before.


We have identified a problem with the URL submitted for claiming:

http://suitepotato.blogspot.com

This may be for a number of reasons. Please review possible reasons below.

1.

Please check and make sure the URL you are trying to claim is the front page of your blog as a browser would link to it. If the URL submitted was different, please try updating the URL and submitting the claim again.
2.

If you\'ve verified the claim URL is correct and your blog is reachable by browser, it may be that the URL has been flagged by Technorati as matching a pattern for spam blogs, or the blog software being used is not recognized by Technorati\'s web crawler. In this case we ask you contact technorati support and supply the following info:
* Please include the following error code: 402
* URL you are claiming
* The name of your blog
* Your contact info
* What blog software you are using (if known, e.g. Wordpress, Drupal, Movable Type, etc.)
* A short description of your blog and the type of content you like to write about.
* Does your blog have a RSS feed? Please see if you can supply us with an example URL of your feed.



That text snippet at the top? Their vaunted scripts can't fucking detect it no matter how it is posted here, and if they do, they can't use it. I could write better code to search text in Applesoft Basic over twenty-five years ago. I could write better in Python within a week of starting to learn it. I could do better work with regex a week after using Linux the first time.

The word?

FAIL

Thanks for nothing Technorati.

Sunday, June 28, 2009

Drool… Network Techie Heaven…

Eight Monitor Display _ Quad Gemini 24TW

Now all I need is this, a good superhardened tough laptop, docking station, and I’m ready to go… and a lot of money.

Saturday, June 27, 2009

Stupid Network Tricks: GMail via Tor

While the accessing of the GMail web interface via Tor in Firefox with Torbutton installed seems simple enough, you might prefer to use an email application with GMail, in which case it might seem a bit harder.

Here’s how.

Install Stunnel which you get here. Once you have, find in Start | All Programs | stunnel | Edit stunnel.conf which on selection opens Notepad with the stunnel.conf file ready.

Insert these lines:

[SMTP Gmail]
accept = 127.0.0.1:25
connect = smtp.gmail.com:465

[POP3 Gmail]
accept = 127.0.0.1:110
connect = pop.gmail.com:995

and then File | Save and you’re done there. DO NOT run Stunnel from the Start Menu or it is going out straight from your IP.

Instead, using SocksCap which you already downloaded and installed earlier, you start that and go to File | New… and here’s the values:

Profile Name: Stunnel by Tor (or whatever you prefer)

Command Line: "C:\Program Files\stunnel\stunnel.exe"

Working Directory: "C:\Program Files\stunnel\"

and click OK.

From within SocksCap you now run Stunnel AFTER starting Tor from the Vidalia Control Panel. I suggest letting it run a few minutes to build a few circuits before starting Stunnel.

Now simply aim your email application at Stunnel. Where you enter your POP3 server, user 127.0.0.1 and the same IP address for your SMTP server. Enter your GMail account user and pass information and save everything.

What this does is to cause your email application to send standard POP3 and SMTP traffic at Stunnel which receives it and relays it to GMail’s servers which only use SSL but many email applications don’t, and does it via SocksCap's redirection towards Tor.

This saves you from trying to get SSL functioning on the email application, which while it might work almost certainly won’t be SOCKS aware and thus will be unable to be directed at Tor. IF your email application IS SSL aware, then theoretically you could start it within SocksCap and cut out Stunnel. Of course, many aren’t and for those who don’t want to dick around with the SSL stuff and just insert the easiest values to use, then this method works.

Also, it helps familiarize yourself with using Stunnel to use SSL with non-SSL-aware applications AND do it with Tor.

Thursday, June 25, 2009

Stupid Network Tricks: Freenet over Tor

UPDATE: THE PROBLEM IS THAT FREENET IS JAVA BASED AND IS CALLED BY A PROGRAM THAT INVOKES THE JAVA VM. ON INVOCATION THE SPAWNED JVM IS WITHIN SOCKSCAP'S WORLD AND CANNOT COMMUNICATE PROPERLY AND DIES ALMOST IMMEDIATELY.

STILL WORKING ON WHICH PART CAN BE SOCKSIFIED AND WHICH CANNOT.

WILL UPDATE THIS IF/WHEN I FIGURE IT OUT.


IGNORE THIS FOR NOW...
FREENET SERVICE IS DYING WITHOUT NOTICE IN LOGS AND RESTARTING ITSELF OUTSIDE OF SOCKSCAP'S NOTICE
THEREFORE THE NEW SPAWN IS COMMUNICATING DIRECTLY
AM WORKING ON THIS RIGHT NOW



Yes, you can.

First, you will need SocksCap. You can get SocksCap by doing a search for it on Google. Permeo’s site is down and they may be moribund but you can get it online still.

Second, I assume you’ve already got Tor. The easiest place to get it is right here.

Okay, once Tor/Vidalia/Privoxy are running, and Tor has connections built (wait about ten minutes after starting it to make sure it has solid connections) you want to get Freenet operating over it. You get Freenet here of course.

Okay, with all three installed, making sure Tor is up and connected solidly, start SocksCap and go to File | Settings… and set up the proxy with the SOCKS server at 127.0.0.1 and port 9050 which is where Tor/Privoxy are listening by default. Select SOCKS Version 5 and click on Resolve all names remotely. There’s no username and password so selecting that is not needed.

Now in SocksCap select File | New… and for the Profile Name, select whatever you wish but Freenet would be an obvious good choice. For the Command Line, use this:

"C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe" -t "C:\Program Files\Freenet\wrapper.conf"

all on one line and use:

"C:\Program Files\Freenet\"

for the Working Directory and that INCLUDES the quotation marks as Windows’ DOS doesn’t understand spaces and long filenames and so needs quotes for them to work.

Where did I get them? I got them from the service that Freenet installs. The executable entry for the Freenet service gives that Command Line with the minor variation that it invokes the command switch –s but that switch does not exist. If you execute that wrapper-windows-x86-32.exe file in DOS, it tells you the –t switch is the service creator. DON’T try to run it as a console app by using –c as it will instead try to spawn it unsuccessfully over and over.

Once you click OK you merely have to select it and click the Run button and now Freenet will be operating via SocksCap’s magic across the Tor network.

Why do this? Obfuscation and misdirection have their uses in maintaining privacy.

Important Addendum: Go to Control Panel | Services and find the Freenet service. Open it up and change from Automatic to Disabled. If you don't do this, it will start up on system start and Freenet connections will be coming direct from your IP instead of over the Tor network.

Stupid Network Tricks: Smoothwall, SSH and the Smoothwall Proxy

So maybe you’re behind a firewall at work that stops your web browsing freedom and yet has not locked down your machines so much that you cannot change proxy settings. Or maybe you can’t on Windows/MSIE but you can use Firefox on a thumb drive. If you can set a browser to use a proxy, maybe you can’t get to it on the public Internet. Maybe you wouldn’t want to because of a lack of user control.

Here’s how to do it.

First, you need to be using Smoothwall. I prefer the current version 3.

Smoothwall has the capability of being interacted with via SSH. Even better, it defaults to a port other than 22 so it may not be blocked where you are at the time you want to reach it.

You need to remember to allow open access to the port it uses so at the web based admin screens you want Networking | External Access and there you create a rule for TCP protocol, the SSH port you’re using, and source can be all unless you’re only connecting from very specific networks. Make sure to enable the rule and save it.

Now then, when you ssh to your external IP address, which may be dynamic and I highly recommend dyndns.org to get a dynamic DNS entry as Smoothwall has a client that can keep it update when your ISP changes your IP, you need to be able to redirect traffic through Putty.

Yes, Putty is the easiest to use. Connection | SSH | Tunnels is the place in the Putty session set-up. There you need not check either of the top boxes. Just enter your tunnels.

Now then Smoothwall has a web proxy that when on and not in transparent mode answers on port 800 by default. So you create a tunnel by entering 800 in the Source port field or whatever number you want your local machine to listen on for proxy incoming, and then enter the IP address of the LAN SIDE Ethernet port of the Smoothwall and NOT the public IP or anything like that and you make it with a colon and 800 as in 192.168.1.1:800 in that field.

When you get the SSH session going, you are going to be doing SSH from wherever you are to the WAN side Ethernet port, and the SSH server will be taking in your tunnel from Putty and aiming your proxy traffic at port 800 on the Ethernet interface and as far as Smoothwall is concerned, it is as if it came from your home LAN.

You will now appear to be communicating from home even while at work or a friend’s house. The IP seen will be that of your home connection, so keep your nose clean and play nice, but have fun.

Stupid Network Tricks: SSH on Windows

Go here to find out about installing SSH on Windows in the first place.

Now go here to find my reply on getting “strictmodes yes” in ssh’s conf to work on Windows or read my copy below. After all, I did write it.

I found that in order for StrictModes yes to work on Windows XP Home edition, there is a simpler way of making the permissions correct than rebooting to safe mode.

First, the account you're doing the set-up from must be an admin acct if it isn't the one you're setting up for, and second, the acct you're setting up for must be an admin. For instance, let's call the acct we're setting up for "spike".

As you said, spaces are not well handled by this code. I found putting the home directory just off of c:\ was the best thing. I also decided to go with the .ssh notation so frequently used and so:

c:\spike\.ssh

Which is where the authorized_keys file must go. BUT, and here is the EXTREMELY HUGE ROSEANNE BARR SIZED BUT, you MUST NOT do it willy-nilly. I tried Windows Explorer AND at the command prompt. Both times it failed. Rebooting to safe mode was no help despite hours of messing with the permissions. What I found worked was much much simpler.

Once password based authentication is working for that acct, you log in to the server as that acct. Once at the prompt in Putty, you change directory to c:\ and then mkdir spike and cd spike and then mkdir .ssh. Now you've made those folders SOLELY as the userid in question and NOT as the system acct or the admin acct you may have been logged into Windows with.

Next trick, you take advantage of inheritance and change your directory in the Putty session window to wherever you made the authorized_keys file. Then copy authorized_keys c:\spike\.ssh\ and it copies to it. Now, thanks to inheritance that defaults on file and folder permissions under XP Home on NTFS, the folders AND the authorized_keys file will have the appropriate permissions.

DO NOT BY ANY MEANS modify those folders or that file from anywhere but within Putty, logged in as the userid in question. ANY other userid modification can cause it to change permissions and break StrictModes yes. At least, that's the way it has been behaving so far.
To test, I run Putty against the OpenSSH service running on the same machine by pointing at localhost.
Of course, having NTFS as the filesystem is also a must for this to work at all.

Also, to make it look in the home directory, edit the registry to make home c:\ and then use:
AuthorizedKeysFile /home/%u/.ssh/authorized_keys
Which in the example I gave would cause it to look in c:\spike\.ssh\authorized_keys. StrictModes yes should now work.

I also added this follow-on.

I forgot that you should also try using CACLS.EXE from c:\ and then you should get something like the following using my "spike" userid example.

C:\>cacls spike
C:\spike BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
CREATOR OWNER:(OI)(CI)(IO)F
BUILTIN\Users:R
BUILTIN\Users:(OI)(CI)(IO)(special access:)
GENERIC_READ
GENERIC_EXECUTE
BUILTIN\Users:(CI)(special access:)
FILE_APPEND_DATA
BUILTIN\Users:(CI)(special access:)
FILE_WRITE_DATA

This is the state of permissions on my home directory with my current setup and StrictModes yes is working fine with it.

Not that most people see a need to get SSH to a Windows machine running such that they can do at a command prompt everything they could do at a DOS prompt, but you never know.

This way, you can set your config on that machine to require a key and not allow passwords.

If you want, farther down is this:

So you want to use SFTP with Ipswich WS_FTP Pro... (well, you might...)
(This is for version 9.01 btw...)
First, go into WS_FTP Pro.
Options...
SSH
Client Keys
Create...
Then, Export and name your key how you like and then go into WordPad and look at the .pub file you exported.
This is how the Ipswitch WS_FTP Pro key will look when exported and viewed in WordPad:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "Created by Ipswitch WS_FTP Pro"
(key gibberish)
(more key gibberish)
(yet more key gibberish)
(even more key gibberish)==
---- END SSH2 PUBLIC KEY ----
This is the correct format for a Unix box running OpenSSH. It isn't correct for OSSHfW.
Note the "==" at the end of the key. That is EXTREMELY important to have. Actually, you only really need the one “=” near as I can tell but why take chances I figure.
This is how it should look in the authorized_keys file for OpenSSH for Windows:

ssh-rsa (all the key gibberish in one line)== wsftp

You need the entire thing on ONE line, ONE return at the end, ONE key per line. The space and then the wsftp is my choice to identify the line as being my remote WS_FTP key. You could call it “susan” if you wanted.
So go to the copy of authorized_keys you left where you built it before copying within the SSH session and then edit it, putting in the key in the above format. When done, you should have something like this:

ssh-rsa (all the first key gibberish in one line)== spike
ssh-rsa (all the sftp key gibberish in one line)== wsftp

Once the editing is done, SSH in as before and go to the directory where your proper authorized_keys file is sitting and issue the command “rename authorized_keys authorized_keys.bak”, without using the quotes of course. Go to the directory where the edited authorized_keys is and copy it to the directory you were just in and then get out of the SSH session and go to Services in Windows and restart the OSSHfW service. Now restarted, it should have that key in its config.
Now you can go to WS_FTP and set up the site. This is what you need in addition to the address of the site and account information.

Site Options
Advanced
Server Type SFTP/SSH
Remote Port (the one you run OSSHfW on)
SSH
SSH Keypair (the key you created)

Try it out now and you should be able to SFTP using the key login. I generated the keys at work, e-mailed the public key to myself and when I got it at home, edited it and added it to my file and restarted the service. Next day it worked like a dream.

I use it to transfer files downloaded at work to my home machine and it works fine. The most important thing to remember is that the key generated by with the Export function to the .pub file must be correctly edited. “ssh-rsa”(space)”key gibberish here”==(space)”your identifier here” is the format and it goes ALL ON ONE LINE, each key on a separate line.

Well, there you go. Next up, Tor, Stunnel, SocksCap, and Freenet among other stuff.