October 10, 2009
I have a good friend learning Linux, and I’m trying to help him along as best as I can. Normally, I’d ask him to open up port 22 and start SSH, giving me a user account to log in. However, his connection is via satellite internet, and there’s some funky routing and NAT going on from the provider’s side. He doesn’t have a true external IP, and hence, can’t forward that port.
Enter reverse SSH. With reverse SSH, I had my friend use SSH to forward one of my local machine’s ports back to his own machine’s port 22. Then, I connect to my own machine via that tunnel which allows me to connect to his. It sounds more complicated than it is.
From the firewalled machine, connect to another host. This can be any machine that both parties have access to with an SSH account.
$ ssh -R 2022:localhost:22 firstname.lastname@example.org
Once the user has connected, from the remote.example.com machine, you can SSH back to the firewalled host, like this:
$ ssh username@localhost -p2022
You’re connecting to port 2022 on your localhost, which is a tunnel back to the firewalled client’s SSH server on port 22.
That’s all there is to it.
June 10, 2009
Over the weekend, VaServ and its subsidiary companies were hacked, resulting in many machines losing data. Lots of clients were left with virtual servers that had been completely wiped. Many of those folks were also lacking working backups… myself included, for this particular machine.
Wondering how to proceed, I began searching Google and other engines for cached versions of my site. I was in luck! Almost all of my content had been indexed and cached by Google! The only question was how to efficiently import that data back into my WordPress installation and get up and running again.
Enter Warrick. Warrick is a utility written in Perl that scrapes the cached content from Google, Yahoo, Live Search, and the Internet Archive. What it finds is downloaded and saved as static html.
Sadly, none of the images on my site were present in any of the available caches. It had only been up a few months and was indexed well, but the images just hadn’t been saved anywhere else. Luckily, I still had local copies of the theme and images used in posts; I was able to upload that content again.
Also note that using Yahoo as a cache source appears to be broken right now. Warrick was receiving nothing but 500 errors when trying to retrieve content via Yahoo’s cache. Specify which cache sources to use like this:
warrick.pl -r -wr g,ia http://example.com/
My technique was to set up a site with just the static content that Warrick was able to retrieve. Then, I recreated the WordPress installation in another location, uploaded the media, and began copying and pasting content back into WordPress. When I was satisfied, I replaced the static site with my newly recreated WordPress installation.
The whole process took only about an hour. Luckily, I had the theme and images saved elsewhere, otherwise I would have been out of luck.
If you’ve lost your data to a server crash or a hack, all is not lost! Good luck!
See Warrick’s download and information page for all the available options.
October 3, 2008
Walking to lunch today, I passed this dummy on Mount Vernon Avenue in Alexandria. Later, I heard that the bailout bill finally passed. How appropriate.
September 8, 2008
Sometime last year, Microsoft released an ad campaign with fake newspaper headlines from a periodical called the “The Highly Reliable Times”. With today’s news about the London Stock Exchange having a 7 hour outage I had to think back and laugh.
“London Stock Exchange Chooses Windows over Linux for Reliability”
Here’s the Reuters story, and the Slashdot link.
August 11, 2008
Whether on call or on site, the system administrator can always use another way to care for his or her systems. With the emergence of the App Store and its multitude of available tools, it’s now possible to get some productivity boosting admin-fu on your phone, without breaking that pesky EULA and jailbreaking your kit.
Here, in no particular order, are 5 must-have apps for the admin iPhone toolkit (and a couple just for fun).
While still missing a few essential features, pTerm is an iPhone port of PuTTY. SSH is my killer iPhone app, and while pTerm isn’t quite as nice as the terminal emulator and OpenSSH available on a jailbroken iPhone, it comes quite close. Telnet, SSH, and raw TCP are available through this app. Perfect for checking whether that service is running on a particular port, or logging in for a quick service restart. The version downloadable as of today doesn’t yet have support for Escape or Tab, but the upcoming upgrade will. ($4.99)
For those of you who require graphical access to your servers or desktops, Mocha VNC (in both lite and full version varieties) provides this on your touch screen. It offers 8-bit and 24-bit color, as well as authenticated sessions. While it can be tough navigating a traditional desktop scaled down on your iPhone screen, it might just come through for you in a pinch when nothing else is available. (Free for Lite / $5.99 for Full)
This is the Swiss Army Knife of your collection. I was so excited to see MobileFinder available on the App Store; it had previously only been available on a jailbroken iPhone. Now that it’s gone legit, this may very well be the most powerful tool in your box. MobileFinder is a simple file explorer and FTP server for your iPhone or iPod Touch. Upload to, download from, and even open directly on the iPhone. It has support for PDFs, MS Office and iWork documents, video, sound, just about everything. Upload other tools (even Windows executables) in your kit to your device, and you’ll never need to carry a USB key again. ($1.99)
If you’re in a Windows world, WinAdmin is your iPhone RDP client. WinAdmin offers multiple concurrent sessions using a Safari-like multiple page interface. Strangely, WinAdmin doesn’t yet support sending Control-Alt-Delete keys. We’re assured that’s coming soon… ($11.99)
If you work with PostgreSQL, you might find MobileCan to be handy. It’s a query tool with one-touch access to many common tasks and has a built in server manager for connecting to all your databases. It’s the iPhone version of OilCan. ($7.99)
Ever crawl under that dark desk or behind a server rack to find you can’t read the lable on that red ethernet cable? Whip out your iPhone and light up your workspace with the iPhone’s bright screen. There are a few flashlight utilities available on the App Store; the free one titled simply “Flashlight” works best for me. (Free)
This one’s just for fun. After you’re through putting out the fire, relax and read some news from the Sourceforge network — slashdot, freshmeat, thinkgeek, linux.com, and of course, sourceforge.net news. (Free)
Have you got an indispensible iPhone app to suggest?
June 30, 2008
After searching a bit for a worthwhile flash MP3 player suitable for a large collection, I finally came across something that works well. The problem with most of the freely available players is that most require a playlist to be created in XML or .pls format beforehand. That’s not what I wanted. I want to be able to browse my sizable collection and pick and choose what to listen to on a whim.
Music Browser allows you to do just that. The only thing you need to do, after setting up a PHP capable web browser of course, is edit index.php and add the path to your collection. That’s it. You now have a browseable player for your home collection.
- PHP 5.2 FastCGI
With some home connections, it’s necessary to run on an alternate port as many ISPs traditionally block incoming port 80. I chose 8080, forwarded via my router, leading to a password protected root. Just drop musicplayer in place, edit index.php with your collection’s location, and you’re good to go.
June 17, 2008
I switched back to my ISP’s nameservers after getting fed up with OpenDNS. I love the idea of OpenDNS and thought I would like the service a lot. Turns out that it ended up pissing me off far more than any generic service, but that rant is for another post. One thing OpenDNS does have in common with my ISP (and apparently many others), is its helpful results page served to you when a domain is not resolved.
For a varying definition of helpful, that is. According to what has been standard practice and is indeed in the DNS RFCs, when a DNS server is queried for a non-existent domain, it should return a “not found” response.
mshade@gobot:~$ ping idontexist.com
ping: unknown host idontexist.com
It’s quickly becoming common practice to instead redirect these unsuccessful queries to a landing page with search results of the keywords in the hostname or the hostname itself. What’s wrong with this? I can think of a few problems off the top of my head. Some are simply a matter of convention and expectations, while others are technical. Here is a short list:
- Standard tools break when an unresolved hostname would normally be detected, instead receiving the IP of the web proxy used to display these helpful results.
- Troubleshooting DNS problems becomes harder.
- When I enter an invalid domain, the error is obvious. I don’t want to click your search results, or have my entry auto-corrected transparently. I want to see that error.
- Modern browsers already suggest solutions to common errors when entering URLs, even suggesting addresses previously visited.
- The landing pages are usually ad-filled and contain irrelevant search results anyway.
- The internet is not only for browsers. Though the majority of traffic may be browser driven, DNS servers are supposed to be application neutral.
I’m sure there are others that I’m missing at the moment, and I’m sure there will be arguments as to the benefits of this behavior. When it comes down to it though, this just feels like yet another bastardization of the internet and another piece of useless hand-holding designed to dumb down the net and make money off ads served by users’ mistakes.
June 8, 2008
Two weeks ago, a good friend and I were chatting about what features would make life easier in our day to day jobs of web design and system administration. Among what we discussed was the ability to edit remote files in VIM without having to open a remote shell to the system in question. We were thinking of things like the FUSE system and Fish protocol, but weren’t aware anything was out there already. Folks on GNOME or KDE can just open a fish://, sftp://, or scp:// session in their file browser and edit directly with a GUI editor. Those of us who work mainly in command line, however, are left with simple SSH. Not that SSH is much of a hassle — It’s not. But for those times when a quick edit is all that’s necessary, wouldn’t it be nice to just reference the file directly?
As luck would have it, serendipity reared its head a couple of days ago while I was chatting with a coworker. It turns out that recent version of VIM already include this functionality! Here’s all you need to do:
$ vim scp://hostname.example.com//path/to/file.txt
Or, if you need to connect as a different user:
$ vim scp://email@example.com//path/to/file.txt
If you need to specify an alternate port, use the familiar colon (:) syntax:
$ vim scp://firstname.lastname@example.org:5757//path/to/file.txt
That’s all there is to it! The file is read into VIM from the remote system, if it exists. Then, you are free to make changes. When you save, changes are written to the remote system. This helps cut down on bandwidth and lag on slow connections. For more information, see the posting at vim.org.
June 8, 2008
I was heading over to IMDB to check out the listing for This Film Is Not Yet Rated when I spied an advertisement for anti-wrinkle cream. The first frame was a very old, very, very wrinkled lady. I had an idea of what was coming next, but didn’t want to believe it.
Bravely, I rolled over the image to confirm my fears…
You can’t be serious! The best cosmetic surgeons on Earth couldn’t turn that first lady into what you see here.
What’s worse, however, is if this stuff really works — no man is safe from the cougars in the back alleys and bars…