Top
Search
Subscribe
Connect with Keith
Twitterfeed

What's Happening?


Amazon.com
Barnes & Noble
Lulu.com

It's not for everyone, but if you like verse (or poetry or whatever you want to call it), take a look at this collection I put together a while back.

Sunday
Mar102013

Raspberry Pi and Secure Browsing

DateSunday, March 10, 2013 at 10:28AM |

There's already a lot of great information on the web about the Raspberry Pi and projects you can build with it. This post is not intended to be a detailed tutorial, but rather a collection of links and references to the resources that I used to build my own VPN gateway.

I finally received my Raspberry Pi in the mail this week. If case you're not familiar, it's a tiny (almost credit-card sized) computer. It was conceived as a low cost personal computer that could be mass produced cheaply to provide comuting opportunities, particularly in education, where they might not have otherwise existed. I ordered my Model B from Allied Electronics. Since release they've been pretty much perpetually on back order, but I got mine about 6 weeks after ordering.

The basic Model B comes with just the computer board and attached connection ports. I made a list of the things I would need prior to receiving the Pi in the mail. Most of the cables and connectors can be ordered with the Pi, but I just scrounged through my cable & gadget caches to come up with most of what I needed.

 

  • 5V Micro-USB Power Cable
  • HDMI <-> HDMI cable
  • Ethernet Patch Cable
  • USB Keyboard
  • USB Mouse
  • SD Card
  • Case

 

The Power Cable. I had one of these laying around from an old Motorola Bluetooth headset charger. HDMI cable? Check. I always have plenty of those around because they're so cheap from MonoPrice that I buy more than I need. Patch cable? I've accumulated more of those over the years than I care to think about... including a nice 50-footer that I could use to connect to my router/switch from the guestroom (where the Television is) temporarily. An old Apple USB keyboard did the trick nicely along with my wireless Logitech mouse that I use when traveling. I bought a 4GB SD card at Best Buy using my Reward Points so it was, in effect, free to me.

The Case

That left just the case. I looked online... a lot. I saw a lot of cases. There are some amazing and impressive designs out there. That said, I couldn't justify spending $20 on a case for a $35 computer. That's like buying a $20,000 car cover for my JEEP. So for the short-term I settled on the Punnet printable case. This will help prevent any accidental short circuits while also keeping some of the dust bunnies at bay. Also, because the device will be located on a shelf in my network "closet" aesthetics aren't really an issue.

I downloaded the PDF from Squareitround

http://squareitround.co.uk/Resources/Punnet_net_Mk1.pdf

printed on some colored (red, of course) construction paper and set about cutting and folding. The finished prodcut turned out quite agreeable and the board fit nicely inside.

The OS

To install the Raspbian (Raspberry Debian, get it?) OS onto the SD card, I first downloaded the "Wheezy" image from the Raspberry Pi downloads page and verified the image checksum (what's the point of setting up a secure VPN if you don't know your source OS is legit?).

http://www.raspberrypi.org/downloads

 The eLinux wiki has good instructions for preparing the SD card and loading the image. I used section 4.4 for a "mostly graphical" process from my Macbook Pro.

http://elinux.org/RPi_Easy_SD_Card_Setup

The Connections

It was time to bring everything together and fire up the Pi. I connected the USB power supply, Apple keyboard, wireless mouse, HDMI cable to the guestroom television and a nice long patch cable to the router in the closet. The little board sprang to life.

The first boot launches RasPi Config. Good details can be found here: http://elinux.org/RPi_raspi-config. Most importantly, change the default password! I'm planning to expose this machine to the outside world. It's absolutely critical that it not use the default password. Also, enable SSH to allow remote access for administration.

Even though the machine will be sitting "headless" in the close, I wanted to see the Raspbian desktop at least once, so I booted it up the GUI to have a look. It's slow by modern desktop standards, but given it's tiny size it's still incredibly impressive to see a full functioning Linux desktop running from such a small device. For my use case it won't matter anyway because I won't be booting to the desktop.

All the rest of the configuration I could do "remotely" via SSH. I chose a suitable static IP address on my internal network and added a DHCP reservation so I'd be able to predictably find the device on the network.

The VPN

For setting up the VPN, I followed the excellent guide at Scott Jordan's blog: http://unvexed.blogspot.com/2012/08/how-to-set-up-real-encrypted-vpn.html. His instructions are clear and concise and everything worked as expected.

It's worth noting (and it came up in the comments on the above blog) that PPTP VPN has been compromised by way of attacking the MS CHAP v2 Key Exchange. If you want to know more, read Moxie Marlinspike's excellent write up here : https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/. It's not a trivial attack in that it still takes a great deal of compute power and/or time, but you should be aware of it.

The Dynamic DNS Address

To make sure you can access this server from where you are, you'll need to ensure that even if your router reboots and your WAN IP address changes, that you can still look it up by DNS name. I've previously used DynDNS and their Pro package is exactly that type of service.

The SSH Tunnel

In case you missed it, I wrote some time ago about connecting via an SSH Tunnel to provide for privacy. Now, with the Raspberry Pi, that's even easier to do. The same blog has another easy to follow article detailing how to configure and use the Pi as an SSH Tunnel endpoint.

http://unvexed.blogspot.com/2012/08/how-to-use-raspberry-pi-as-secure-web.html

As mentioned there, I added 443 as a listener port to allow me access back to my Pi even when the default SSH port has been blocked. This should be allowed almost anywhere. In fact, anyone blocking port 443 is basically telling me that they don't want me to use their network.

Securing the SSH Connection

Since the Pi is now exposed to the Internet and using the default "Pi" username, I wanted to dial up the security a bit and prevent a possible brute force password attack. I did this by enabling two-factor authentication in the form of SSH keys. The following video gives a nice tutorial on how to set it all up.

http://www.youtube.com/watch?v=QVvcGb8GjVU

Accessing the VPN

I setup VPN on my laptop (as well as the wife's) using the instructions in Scott Jordan's blog referenced above. Setting up access on our iPhones and iPads was even easier. Just navigate to Settings > General > VPN and create a new PPTP VPN connection.

Conclusion

That's it. It took some hand-drawn sketches to explain to the wife when, where and why she should be using these secure connections, but I think she gets it. And as an added bonus, we can now access our Drobo fileserver at home from anywhere.

AuthorR Keith Smith | CommentPost a Comment | Reference14 References |
tagged , , , , in , , ,
Monday
Mar042013

Incomplete iPhone Sync

DateMonday, March 4, 2013 at 8:33PM |

This past Saturday I had an appointment at the local Apple store to have them take a look at my iPhone 5. Lately the lock button has been less than responsive, sometimes taking several presses before it responds. The employee that helped me, Tiffany, was super friendly. She asked what was wrong and after I explained it, she took the phone, pressed the lock button and counted 1... (nothing) 2... 3... 4... and it finally responded. She said, "OK. Let me get you a new phone".  That was it. Fifteen minutes later my new phone was restored from my iCloud backup and my apps were downloading.

But after returning home and connected the phone to my MacBook Pro I ran into an issue that I'd first seen last year with my iPhone 4 and iOS 5.  But now, it's an iPhone 5 and iOS 6.1.2. The phone would start the syncing process, but would stall indefinitely at "Waiting for items to copy". I was patient. I waited. I took a nap. I watched TV. Hours later and it was still the same. The last time I'd had the issue, there were voice memos that I'd recorded on the phone and deleting those caused the sync to complete.

I checked the for voice memos on the phone but there were none. I searched online and found some suggestions. Most involved connecting the phone, turning off automatic sync. disconnecting the phone, restarting iTunes, connecting the phone, running diagnostics (an option I didn't see in iTunes 11.0.2) or resetting warnings and trying again.

I tried the various recommendations without success. The sync still wasn't finishing, but this time the message was different; "Waiting for changes to be applied". Progress? Not really. It still seemed like the sync was mostly working, it just wasn't finalizing as expected. I don't sync with the computer that often anyway so it was more of an annoyance than a real problem. Still, I just don't like it when things don't complete neatly.

I opened up the phone settings in iTunes again. The Music tab showed that "Sync Voice Memos" was unchecked. I changed the Library view to Music, clicked the Playlists tab and then selected the Voice Memo smart playlist. Sure as hell, there were three items that had checkmarks next to them. This shouldn't be an issue (they're not getting sync'd anyway, according to the other setting, right?). I unchecked them and started another sync. Ta-da! It completed quickly and with no errors.

Now I've now gone through and cleaned up my voice memos. Most were junk that I no longer needed anyway. I don't know why this seems to be a recurring theme with Voice Memos and failed syncing. But, even though it was my original suspect, I wasted a lot of time trying other things before going back to double-check the voice memo items within iTunes.

AuthorR Keith Smith | CommentPost a Comment |
tagged , , in , ,
Monday
Jan142013

Install XBox360 Elite Hard Drive in a Slim

DateMonday, January 14, 2013 at 1:17PM |

WARNING: Disassembling your XBox360 and/or installing unapproved accessories will void your hardware and support warranty and may even get you banned from XBox Live. If this concerns you, don't do it... just go buy the official MS add-on hard drive and sleep well. I am not responsible for any loss or damage as a result of following these instructions. Do so at your own risk.

Recently my XBox360 Elite decided to crap out on me. I guess I've been luckier than a lot of folks as this is only my second unit as it was a replacement for a Red-Ring-Of-Death'd original white model. But, it's from early 2007 and has decided to randomly lockup so (after some basic troubleshooting) I figured it was time to upgrade to one of the Slim models.

Since I already have a 120GB hard drive in the Elite (and that doesn't seem to be the source of my problems), I decided to purchase one of the "4GB" Slim combos rather than the 250GB kit. At the time I purchased, I could get the 4GB combo with controller, Kinect, and 2 games for the same price as the 250GB unit with only a controller.

Also, I don't use a lot of the hard drive storage anyway since I usually play only 1 or 2 games at a time and rarely download video. If you're a heavy media user that likes to keep a lot of games installed, the 250GB HD model is probably a better idea for you.

Before purchasing, I'd read from other sources online that this was possible and it seemed pretty straightforward so I figured I'd give it a shot. WARNING... AGAIN, this will void your warranty and from some things I've read can get you banned from XBoxLive. These instructions are for educational purposes only.

  1. Press the clip on the Elite Hard Drive module and remove it from the console.
  2. Using a T6 driver, remove the 4 silver screws on the bottom of the case that hold the case together. One of these screws is under a Microsoft hologram. Buh-bye (expired) warranty.
  3. Separate the two halves of the case being careful as the release button is now free to fall out.
  4. Using a T10 driver, remove the 4 black screws holding the silver cover. If you don't have a T10 (I didn't, you can use a flat screwdriver that fits; just be careful not to strip the head of the screw).
  5. Pull the top half of the silver cover away from the rest of the hard drive case.
  6. Slide the hard disk forward (bend down the front of the case that is in the way) and disconnect the SATA connectors.

Halfway there!

Some folks had suggestions for wedging stuff into the opening on the Slim to keep the hard drive from moving around. I opted to buy an empty HD case from Amazon for < $4.00 so I wouldn't have to worry about the hard drive coming lose if the unit is bumped or moved.

 

 

  1. Place the hard drive into the bottom (larger) piece of the hard drive case; It will fit controller side down and the screw holes will align neatly onto the plastic posts inside the case.
  2. Snap the top of the hard drive case into the bottom.
  3. Disconnect the power from the XBox360 Slim.
  4. Press the latch on the right side of the Slim and release the hard drive access cover.
  5. Insert the hard drive into the Slim until it stops with a firm click.
  6. Replace the access cover.
  7. Reconnect the power to the XBox360 Slim.
  8. Power on the Slim
  9. Go to Settings > System > Storage and verify that your Hard Drive is recognized.

After doing this, I was prompted to delete my Cloud Storage Cache... and voila... 120GB XBox360 Slim with all my old profiles and saved games intact.

AuthorR Keith Smith | CommentPost a Comment |
tagged , in , , ,
Wednesday
Jan092013

The Poker Gods Are Angry

DateWednesday, January 9, 2013 at 10:13PM |

It's been a few weeks since we had enough people to get a home poker game together. Tonight was the first time in over a month and I was looking forward to playing.  There were 8 of us and we'd played 17 hands and were still in the first blind level (25/50) when this happened...

UTG called 50, UTG+1 called 50, UTG+2 called 50 and it's to me. I looked down at a couple of rags

I'm already getting 4.5:1 and likely more than that with the action behind me, so I decided to call and try to make a hand I could get paid on. Seat 8 to my left calls, button calls, SB calls, BB checks the option.  Family pot 50x8 (400).

Flop

3rd nuts! Pretty much a gin flop after splashing around with 4-high. SB checks. BB checks. UTG checks. UTG+1 bets 200. UTG+2 (We'll call her "C") raises to 400. UTG+3 (to my right) calls the 400.  OK, I don't want to let this get out of hand and let the open-enders and two-pair hands draw cheap.  I make it 1200. It folds all the way back around to "C". I can see that she's thinking of just calling the 1200, but after a few seconds she announces "All In". With 2500+, she has me covered.  The player between us folds.

The biggest problem with playing speculative hands like the one I'm holding is that you'll often be faced with difficult, marginal decisions after the flop. You have to be confident in your post flop abilities or else you'd just stick to premium hands. This wasn't quite one of those tough situations because, as previously mentioned, I flopped the 3rd nuts. "C" is an ABC player and there's 0% chance she's holding any combination of 48.  So, she's either got 89 and I'm drawing stone-dead to a backdoor flush or she's got 88, 77, 66, 55, 67, or 65 (any bigger pocket pair she would have raised pre-flop) and I really doubt she'd play 88 that fast here.

I'm a huge favorite over those 2-pair hands (~4:1) and a good favorite over the sets (~2:1).

I thought for a minute or so just because I've been running so bad lately and running into so many coolers that every big pot has me spooked. I finally called and "C" tabled:

OK, 2:1 favorite for all my chips... here we go...

 

Good night, Nurse.

AuthorR Keith Smith | CommentPost a Comment |
tagged , in
Saturday
Jan052013

The Facebook Rule

DateSaturday, January 5, 2013 at 10:30AM |

Actually that should be "rules", or at least a single rule that really has two parts. There are two primary conditions that govern my Facebook connections.

1. I must know you IRL (in real life) to send or accept a friend request.

If we're not already friends or acquaintances outside of FB, we're not Facebook friends; that's what Twitter is for.

2. I must have known you IRL for at least 6 months.

It's cool that we have mutual friends and maybe even met at a party or event, but let's not rush into anything. FB friends (like handguns) require a waiting period. If we still know each other and interact after 6 months, we can close the FB friend deal.

I've stuck to these rules for the past few years without exception. Prior to that, there were a handful (<10) of connections that would not have passed these criteria. So, I have a very few FB "friends" that I don't know in real life. All of these are either friends of friends, extended family, or connections from KYWilderness.com (the web forum that I co-admin). It has worked well for me and I plan on sticking with it.

How about you? Do you have any guidelines for who you will or will not accept as FB friends?

AuthorR Keith Smith | CommentPost a Comment |
tagged in ,
Page 1 2 3 4 5 ... 17 Next 5 Entries ยป