Today, I upgraded my wireless router. Not because it was broken, but just because it was there, you know?
When Linksys was its own company, it did a very cool thing. It based some of its devices on the Linux operating system, which made it very easy for enterprising young folks to do the same. Fast forward a few years and now you can take a third party operating system and place it on your Linksys wireless router.
I've been reading about the excellent DD-WRT package for some time now. This afternoon, I found the time to give it a try. (Actually, I was just running out of excuses to do yardwork, and this fit the bill nicely.) In less then an hour, I had downloaded the software, flashed the router, and re-configured it to use my existing SSID and network information. While, it doesn't compete with Apple's 300, it does have quite a few interesting features. It brings a lot of new ideas to the home broadband router area. It can update your DDNS information, host your PPTP VPN session, provide a full SSH management login, and keep its time current with any NTP server. My favorite feature is probably the ability to increase the power of the radio so my devices downstairs can get a better connection.
Anyway, let's just say that I'm impressed. I've even considered using it to replace my custom-built Debian firewall that currently guards my home network. If you want to give it a try, it supports much more then just Linksys, so visit this page to see if your device is supported. If yours isn't and you are ready for an upgrade, you can pick up the very nice Linksys WRT54G for around $50.
Saturday, October 27, 2007
Saturday, October 20, 2007
Connect to your home network (SSH)
In my last post, I discussed how I keep track of my home IP address so that I could connect from "outside", whether I'm at my parent's house, traveling, or in a coffee shop.
Now, if you are going to connect from the typical open wireless access that you will find at a coffee shop, then you should be thinking about the security of the information you pass to your home network. It is incredibly easy to eavesdrop on your web session on an open wireless network. There are, as always, multiple ways to connect home securely. I will show you a couple of different ways to do it.
From here on out, this post will reference a Mac system that is connected directly to the Internet without any sort of firewall in the middle. Next week, I'll do a similar post for those of you gutsy enough to connect your Windows system directly to your external connection.
On my home system, I have configured the SSH server to allow traffic from my internet connection. I can then connect to that from a Windows, Mac, or *nix system. When making the SSH connection, I choose the options to allow tunneling. This allows me to then connect to my home system while "tunneling" through the secure SSH connection.
From the Mac system that you are currently sitting at, the command you would use to do this is (all one line):
ssh -L 5931:localhost:5900 username_on_home_system@my_home_system.dyndns.org
By running this command, you are attempting to login to your system at home using an account named "username_on_home_system". Once you authenticate successfully, you instruct SSH to connect port 5931 on the system sitting in front of you to port 5900 on your home system.
Once you have successfully made this connection, then you can use a remote desktop application like RDP (for Windows) or VNC (for Windows, Mac, and lots of other systems). I use VNC on my home system, so that is why I chose the port number 5900 when connecting SSH. To connect to my home system, I use a VNC client like Chicken of the VNC and configure it to connect to the local systems sitting in front of me.
It may seem odd to be trying to connect VNC to the system that you are currently sitting at, but keep in mind that the SSH program is going to forward anything you send to your local port 5931 to the port 5900 on your system at home. If you've done everything correctly, you should be looking at your home desktop, and it will be completely encrypted while doing so! Now, you can launch programs on your home system just as if you were sitting there.
I hope you find this helpful. It can be complicated, but your privacy and security are well worth taking the time to figure it out. If you have questions, leave a comment for me and I'll do my best to help you out.
Now, if you are going to connect from the typical open wireless access that you will find at a coffee shop, then you should be thinking about the security of the information you pass to your home network. It is incredibly easy to eavesdrop on your web session on an open wireless network. There are, as always, multiple ways to connect home securely. I will show you a couple of different ways to do it.
From here on out, this post will reference a Mac system that is connected directly to the Internet without any sort of firewall in the middle. Next week, I'll do a similar post for those of you gutsy enough to connect your Windows system directly to your external connection.
On my home system, I have configured the SSH server to allow traffic from my internet connection. I can then connect to that from a Windows, Mac, or *nix system. When making the SSH connection, I choose the options to allow tunneling. This allows me to then connect to my home system while "tunneling" through the secure SSH connection.
From the Mac system that you are currently sitting at, the command you would use to do this is (all one line):
ssh -L 5931:localhost:5900 username_on_home_system@my_home_system.dyndns.org
By running this command, you are attempting to login to your system at home using an account named "username_on_home_system". Once you authenticate successfully, you instruct SSH to connect port 5931 on the system sitting in front of you to port 5900 on your home system.
Once you have successfully made this connection, then you can use a remote desktop application like RDP (for Windows) or VNC (for Windows, Mac, and lots of other systems). I use VNC on my home system, so that is why I chose the port number 5900 when connecting SSH. To connect to my home system, I use a VNC client like Chicken of the VNC and configure it to connect to the local systems sitting in front of me.
It may seem odd to be trying to connect VNC to the system that you are currently sitting at, but keep in mind that the SSH program is going to forward anything you send to your local port 5931 to the port 5900 on your system at home. If you've done everything correctly, you should be looking at your home desktop, and it will be completely encrypted while doing so! Now, you can launch programs on your home system just as if you were sitting there.
I hope you find this helpful. It can be complicated, but your privacy and security are well worth taking the time to figure it out. If you have questions, leave a comment for me and I'll do my best to help you out.
Sunday, October 14, 2007
Connect to your home network (Dynamic DNS)
Ever been at work or at a friend's house and wanted to log into your home connection? Know the IP address off the top of your head? Well, if you're like me, then you probably don't remember it. Even if you write down your current address, it will likely change on you by the time you need it.
To make this easier, your ISP will assign you a dedicated IP address. This will allow you to always have the same address and make it easier to connect to your home network. Problem is, they will want to charge you a monthly fee for the privilege.
Fortunately, there is a free service available to make it possible to get by without a dedicated address. The concept is called Dynamic DNS and the website that I use that offers this service is called DynDNS.
Basically, the way that this works is that a central party keeps track of your computer's IP address. By downloading a special client to your computer, you can configure it to send an update to DynDNS whenever its address changes. This allows you to use DNS to easily recall the exact address that your home computer is using at any time. DynDNS is easy to setup with the hardest part being choosing which of the 80 domain names that you want to use.
This should allow you to find your home network on the Internet. Next, I'll cover how I securely connect and encrypt all communications to my home network.
Part 2, SSH
To make this easier, your ISP will assign you a dedicated IP address. This will allow you to always have the same address and make it easier to connect to your home network. Problem is, they will want to charge you a monthly fee for the privilege.
Fortunately, there is a free service available to make it possible to get by without a dedicated address. The concept is called Dynamic DNS and the website that I use that offers this service is called DynDNS.
Basically, the way that this works is that a central party keeps track of your computer's IP address. By downloading a special client to your computer, you can configure it to send an update to DynDNS whenever its address changes. This allows you to use DNS to easily recall the exact address that your home computer is using at any time. DynDNS is easy to setup with the hardest part being choosing which of the 80 domain names that you want to use.
This should allow you to find your home network on the Internet. Next, I'll cover how I securely connect and encrypt all communications to my home network.
Part 2, SSH
Sunday, October 7, 2007
Run a Windows application on your Mac
I decided to try out a product called Parallels the other day. I did this because I love my Macs, but I also love Quicken for Windows. I had heard about Parallels from a number of places, but figured now was the time to give it a try.
After installing it and installing Windows XP as a guest VM, I got to really see what was so special about this product.
The feature of Parallels that I really liked is called Coherence. With the Coherence feature enabled, it becomes very seamless when running a Windows application on your host OSX operating system. You no longer have to "swap" between the two operating systems. You can now have the Windows shell natively embedded into your OSX environment. For a peek at what this looks like, check out the image below.
It is really a powerful, clean way to implement better usability of the guest environment. You can even go farther with cross-launching applications between the two environments, but that just isn't something I'm all that interested in. My goal is to use Quicken for Windows on my Mac and this Parallels is a great way to do it!
The drawback... Have plenty of physical memory. The Mac Mini that I was running this on has 1G of memory and that was just not quite enough for a pleasurable VM experience. Swapping back and forth between the guest environment and the host environment was very noticeable and almost unusable. I'm very familiar with VM technology, both at home and at work, so I'm confident that this was not a problem with Parallels. It just takes more then 512M of memory for each operating system (the guest and the host) to run smoothly, and any VM product has to deal with this.
After installing it and installing Windows XP as a guest VM, I got to really see what was so special about this product.
The feature of Parallels that I really liked is called Coherence. With the Coherence feature enabled, it becomes very seamless when running a Windows application on your host OSX operating system. You no longer have to "swap" between the two operating systems. You can now have the Windows shell natively embedded into your OSX environment. For a peek at what this looks like, check out the image below.
It is really a powerful, clean way to implement better usability of the guest environment. You can even go farther with cross-launching applications between the two environments, but that just isn't something I'm all that interested in. My goal is to use Quicken for Windows on my Mac and this Parallels is a great way to do it!
The drawback... Have plenty of physical memory. The Mac Mini that I was running this on has 1G of memory and that was just not quite enough for a pleasurable VM experience. Swapping back and forth between the guest environment and the host environment was very noticeable and almost unusable. I'm very familiar with VM technology, both at home and at work, so I'm confident that this was not a problem with Parallels. It just takes more then 512M of memory for each operating system (the guest and the host) to run smoothly, and any VM product has to deal with this.
Monday, October 1, 2007
Backup Gmail Data
I ran across an interesting post the other day about making a backup of your email that is hosted by Google. The original author did a good job with instructions, so I won't repeat them here. I will note that I needed to a couple of things differently to make this work on my Mac.
First of all, fetchmail was already available on my Mac. (Don't you just love that OSX is really Unix? I do.)
Secondly, when configuring the .fetchmailrc file, I added a couple of things:
Okay, so my .fetchmailrc file looks like this now:
Upon running fetchmail, it downloads a few hundred messages at a time. My Gmail currently has about 1800 messages, so this will take a while to download, but that's fine. My intent here was to get a copy of my mail on my own hard drive just in case my relationship with Google ever fell through. I'll schedule this nightly via cron and in a week or two, I'll have a copy of everything.
First of all, fetchmail was already available on my Mac. (Don't you just love that OSX is really Unix? I do.)
Secondly, when configuring the .fetchmailrc file, I added a couple of things:
- and wants mda "/usr/bin/procmail -d %T" - The default behavior of fetchmail is to try and forward the mail that it downloaded to your systems SMTP service. In my case, I had never intended for my desktop machine to receive mail directly, so this was not enabled. The first time I ran fetchmail, it choked and died at this step. By adding the "mda" option, you direct fetchmail to deliver the mail locally to your default system mailbox. This will be a file that matches your username in the /var/mail directory. You can view it with a texteditor or by using the command 'mail' when you are in the Terminal.
- keep - I added this keep option so that I don't need to use the "-k" option when running the fetchmail command. Not sure why the original author didn't do this.
Okay, so my .fetchmailrc file looks like this now:
poll pop.gmail.com with proto POP3 and options no dns
user 'you@gmail.com' there with password 'itsasecret' is 'YourOSXUsername' here and wants mda "/usr/bin/procmail -d %T" options ssl keep
Upon running fetchmail, it downloads a few hundred messages at a time. My Gmail currently has about 1800 messages, so this will take a while to download, but that's fine. My intent here was to get a copy of my mail on my own hard drive just in case my relationship with Google ever fell through. I'll schedule this nightly via cron and in a week or two, I'll have a copy of everything.
Subscribe to:
Posts (Atom)
