Comments on Society, Technology, and Life

So now ISPs in the US want to cap data transfers after years of unlimited use. And charge overages. It seems they want to kill the internet to me... Now I know all the arguments, I've read DSLR for years. ISPs are oversubscribed etc...

I understand that ISPs can't provide dedicated bandwidth to every user at anything like costs that home users will pay. What I don't understand is how caping is going to help. Caping doesn't alleviate conjestion - network management/QoS/throttling does. Personally I'm ok with QoS during heavy use times. I understand that if everyone is on at once, the net will slow down for everyone. Caps don't propose to try and slow down access during heavy use, they will just front load the slowdowns at the beginning of the month before everyone has used up their caps.

The worst part of course is some ISPs claiming to cap at 5GB. This is insane - I'll go back to dial up and get more data, and pay less every month. Most of my bandwidth use is in background moving of files / e-mail. Much of my other use is forums - mainly text. Oh, and I use Opera so I can of course deal with slow internet. $10/month is going to drop my bill, and back to lowest phone plan... just for the net. So they go from $100 a month to $30 a month... real way to make money or deal with internet use.

I'm also ok with the arguments that users who use more should pay more, but if we're going to do that, what's good for the goose is good for the gander - i.e. lets bill by the GB. No $45 a month to start, lets have an equivelent line fee (maybe up to $10 to keep DSL going) and some real cost of GB / month. Maybe up to $1.50 / GB though that sounds like highway robbery, it's what we pay at work, so probably reasonable to get the bandwidth out to the rural area. However, I will need a couple things - one a official billing bandwidth meter, like I get with the electric company, and a way to block stuff I don't want, like port scans, from spending my money. Maybe something like the telephone where you don't pay for incoming calls or the like...

Anyway, 5GB is absolutely useless for the internet now adays, and I think will lead to more unpatched computers etc... Bad all around.

I was listening to a Talk of the Nation podcast from NPR today, and they were talking about an interesting idea. As we all know, Politics often seems to end up with the inexplicable occuring on the national stage. Partially it's the system, I think there have been many discussions pointing out the problems with our Electoral system. But there's another problem, and it's not "the system".

The big problem is identified in "The Big Sort" and elsewhere online as well. It's simply that people like hanging out with like minded people. We like other people like us. And it's not really an amazing insight at all - why wouldn't you want to hang out with people who like the same hobbies, books, games, TV shows et cetera... More obviously, what would you do with a group who was into something that you cannot stand or at best find terminally booring?

The problem of course is slightly more subtle. I can offer an anectadote. I don't listen to the radio. I can't stand the ads or the runs of music I hate. So I listen to podcasts or CDs. This leaves me with an interesting problem though. When I've gotten tired of a band, or there's a dry spell in podcast topics I care about, how do I find out about a new band?

To take this back around to politics, if you're hanging out with people who agree with you politically, and are going online to the sites that you agree with, you end up in a similar echo chamber. So, first, you don't know alternate points of view (and I'm not talking the two major parties. Many people have never heard of Ron Paul, or only know Ralf Nader as the person who lost Gore the election). So you have two or poentially only one worldview you can see issues through. You never get to critically evaulate your positions, and you never even know some positions exist.

Then you end up being forced to pick one of the two parties, and take the bad with the good. You may end up taking a position on Abortion that you don't like for a position on the economy you think is the most important. You end up picking a "Team".

The final endgame is you end up not understanding why people might pick another team. And then how can you ever find political common ground when you can't comprehend why people are following a different team.

Well, after not being on except at work for 2 months, I'm back, with a new, better PC. And as part of that, I've evaulated my necessary software. Some suprising things have changed in the 2 years since I built my last PC. Some of my old "must-have" software is gone, much remains. Security has changed quite a bit in recent years, as has my experiance working in a "real" IT job doing real Systems Administration.

So, what's new? New hardware - Gone SATA finally. XP installs fine. New ASUS mobo - Striker II formula. I'm also back in the Intel camp after what, 8 years? Core 2 Quad 6600 - nice chip, cheap, overclockable. Still nVidia though, 9800GTX 512MB - screaming video card. Great for my 24" widescreen, once I get that installed (have to clean my desk...). I'm also moving to a RAID-Z2 storage array I've built, so 2 of my HDs are out of my PC, with more to follow if all goes well. Looking at 5TB storage once done. On OpenSolaris! Hopefully is SOLID!

Software:
NOD32 - never thought I'd say it, but gone. Lost in the AV-Comparitives, costs $$.
Antivir - IN! Free, rates as good in everything I've seen (and in personal use) as NOD32, so why pay? Plus still just an AV, not trying to be a web proxy (NOD32 v3 sucks for using a third party firewall).
Outpost - Gone. v3 was OLD and newer versions DID NOT get good reviews. After months of testing, Comodo Firewall Pro 3 is solid currently, has HIPS (something I was sad to see go with the death of Process Guard) and really fills in for blocking trojans and just controlling your PC well.

Those are the big changes. Oh, and Opera 9.51 is out and I'm lovin it!

There seem to be many areas of confusion and disagreement regarding what the Constitution is about. They seem to have been going on about as long as it has existed. Today I was reading a slashdot discussion regarding Bloggers and Anonyminity. I do not expect I have anonomyity here - I say generally where I'm from, I use this nick on many boards. It probably isn't hard to figure out who I really am. However, I don't think I'm going to say anything particularily radical.

The constitutional part is going on around here: http://yro.slashdot.org/comments.pl?sid=378199&cid=21564069 look up and down, there's more, but that's a good list.

The question I have is why would someone like ArcherB (796902) agree with a position that weakens individual power, and passes that up to the Government? By default? I'm all for the Government running certain things, but I think they ought to be legislated fairly. I don't agree with the idea that if it's not prohibited in the Constitution, the government can do it.

This seems the wrong way to look at it. The Constitution seems to obvously be a whitelist of government power, not a Blacklist of protected rights. In fact, in the most blacklist part, the Bill of Rights, ammendment 9 and 10 seem to say that plainly, little or no interpetation needed.

So why would any sane individual support government unchecked on any issues the founders did not think of 200 + years ago? They had to be writing as a whitelist that could be added to (ammendments) as things came up. Anything less seems like casting a 2ed D&D Wish spell with our real life government. You'll always get screwed.

Now that I am working in IT managing a diverse network of devices, I've aquired some experiance with what might work and might not work across those devices. One thing I've noticed is you can spend a LOT of money on various multi access tools to get some idea of what's going on with your Windows, Linux, and MacOSX machines, plus you might have Solaris, AIX, HP-UX or BSD machines. Fun.

Now, I haven't had the ability to compare various commercial offerings beyond looking at their documentation as each is quite expensive. But for those of you without oodles of dollars, I have identified, and used with some success some FLOSS tools. Some of these are really quite mature, some are usable with great potential. For some reason, many of these seem to come from France.

I could talk for some time on various tools, but for now I'll just lay out what I was looking for, and what I've (well, the team I'm on) have done.

We wanted something that would work across Linux, Windows and MacOSX. More is great, but those were important - we wanted to consolidate our management tools, not increase them. We already have management for each platform separately except for inventory of some sort, so that's were we started - inventory. And there is a great package of two projects that does this nicely, and has a useful package deployment tool as well.

OCSNG + GLPI. The "names" for the two projects.
ocsinventory-ng.org
glpi-project.org
So, you have to have OCSNG - you can layer GLPI on top if you want. OCSNG has clients that run on your machines, and check back to the server every so often, we use 1hr intervals. This isn't a problem as we only have it do stuff every 24 hrs, and you could of course increase this if you wanted.

With OCSNG you get a great database of what's on your machines - what hardware, OS, service pack, software, and even username (if someone is logged in when the inventory runs). So right away you have all this info programatically gathered. It also supports deploying software to Windows and Linux (though we only use it on Windows right now for that).

The nice thing about it's deployment technology is it's a pull from the client. So no firewall issues or insecurity on the remote machines. They use SSL to authenticate the commands, though the download is in the clear. And it works great on laptops, because if the client isn't on the network when you set the deployment, no problem. It just picks it up the next time it's on and starts the install. Same for desktops if users have incorrectly turned them off at night.

This is great for a current snapshot of the machine, but what if you want to track changes? GLPI is the answer - it integrates with OCSNG and reads in the database every 5 mintues or so. GLPI also supports software license tracking, network layout modeling (though this is entirely manual)- help desk ticket tracking + knowledge base/FAQ and plugins for more.

GLPI isn't as mature as OCSNG (which is at v3.0.1 or so even if it's NG v1.0.2 or so), it's at 0.68.3 - but mostly it's entirely useable for hardware/software inventory, location etc tracking. I expect you could use it as a helpdesk ticket tracking as well, but we already use RT so...

Finally, you might say - this is great, I know what I've got out there, where it is (with some data entry) and I can push software. How do I track if it's actually on in near real time though? What do I do with my switches etc?

Well, the answer is ZenOSS Core.
Zenoss.com

Pretty easy setup, great community support, and full commercial support if you really want to spend money. This does full SNMP monitoring of v1 & v2 SNMP. But so what, lots do SNMP... It also supports WMI monitoring, so the same box can monitor our Windows Services! This is big. Plus, it does nice graphing for performance monitoring if you use the free SNMP Informant on Windows, and set up your permissions on your linux boxes. It scales to 4,000+ machines if you've got the RAM. It supports multiple distributed monitors(not that you'd need that unless you have a truly huge network).

It does full e-mail alerting + event reaction, that is you can have it fire off an e-mail, and have it restart the service remotely + e-mail you the problem has already been fixed! You can build really complex alerts and hirearchies of notifications if you want.

If you're looking to update or possibly change how your deployment and monitoring works, FLOSS is looking more and more attractive with the responsive communities, open standards and of course free and commercial pricing and support.

I have to just use IE on SL so I can host these files.

Here's the tentative code for the installer:

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.2.0.1
 Author:         jp10558
 Version:        1.1
 Script Function:
Install updater and set scheduled task.

#ce ----------------------------------------------------------------------------
local $answer, $directory, $success
$answer = FileExists("C:\Program Files\proxy\Proxomitron.exe")
If $answer Then
$directory = "C:\Program Files\proxy"
$success = _InstallProxUpdater($directory)
Else
$directory = FileSelectFolder("Cannot find Proxomitron, please browse to the install directory.", "",4)
$success = _InstallProxUpdater($directory)
EndIf
If $success Then
MsgBox(48,"Install Failed!", "The installer was unable to download the necessary files.")
Else
MsgBox(0,"Setting Scheduled Task","Enter the password for the prompted account")
RunWait(@ComSpec & " /c " & 'schtasks /create /sc WEEKLY /TN ProxUpdate /TR "' & $directory & '\ProxUpdate.exe /ST 08:00:00')
$answer = MsgBox(4,"Settings","Do you want to be prompted before an update is installed?")
If $answer = 6 Then
IniWrite($directory & "\version.ini","Version","Auto","0")
Else
IniWrite($directory & "\version.ini","Version","Auto","0")
EndIf
$answer = MsgBox(4,"Install Succeeded","Would you like to run the updater?")
If $answer = 6 Then
Run($directory & "\ProxUpdate.exe",$directory)
Else
EndIf
EndIf

Func _InstallProxUpdater($dir)
local $success, $success1
SplashTextOn("OperaMOD Proxomitron Filterset", "Downloading and Installing Updater.", 250, 40, -1, -1, 0)
$success = InetGet("http://www.mediamax.com/jp10558/Hosted/public/Update/ProxUpdate.exe",$dir & "\ProxUpdate.exe",1)
$success1 = InetGet("http://www.mediamax.com/jp10558/Hosted/public/Update/version.ini", $dir & "\version.ini",1)
SplashOff()
If $success = 0 or $success1 = 0 then
return 1
Else
return 0
EndIf
EndFunc

EXE on MediaMax: Installer

So, the new version of Streamload - named MediaMax . . . doesn't support Opera. My disappointment, and distress know no bounds. I've been with Streamload for almost 6 years now. And in most of that time, a contented Opera user. The last version even went so far as to create a Java applet for batch uploads for FireFox and Opera users.

But in the forced "upgrade" to MediaMax, I may have to leave Streamload due to it's now useless nature. I cannot access my Hosted files. I cannot use it to distribute my Proxomitron filterset as when I try and click on different places in my account, nothing happens.

Why oh why do sites feel the need to throw away a working interface - one that works nicely across many browsers, and design one that only works on one (or two). The suprising thing is the main supported browser seems to be FireFox - IE has issues that are slowly being resolved.

And apparently Streamload no longer want's the money of Opera users. Which is sad, as their new MediaMax XL software made me interested in using Streamload for automated online backup. Especially with the great prices. But it's not very useful if I can't access the site.

I hope Opera software can do something to talk to the Streamload team. I will wait around for a couple months - it's only $10 a month. But I haven't been using Streamload for much lately, just prox and some small off site storage. It may be time to move on.

An upshot is there is a new windows application that does let me access the site, and do backups and such - nice - but still windows only.

By now, every geek has heard of darknets of one level sort or another. It always comes up regarding P2P, and the people who insist on using bittorrent for illegial content (which, btw, is stupid as it advertises who you are and what you have moreso than many other possibilities).

I'm not really interested in talking about how to P2P, but I am interested in talking about how to have somewhat tracking/spy resistant communications. Especially in the US, with the latest suggestions about tracking the entire web to try and create "terrorist" heuristics. It seems that at least for the near future, the US is going to continue handing the terrorists victories through abridging civil liberties and spying on its own people any way they can. So this seems a timely topic.

We all know I use proxomitron - that goes a long way towards taming the wider internet. But it does nothing to hide the slow/not changing identifier - my IP address. There are several solutions, with varying degrees of cost and difficulty. Probably everyone knows about cgi proxies - often the fastest and cheapest method to hide from the sites you browse. Another, faster choice is services like Anonymizer.com, but you have to pay there. Either of these is sufficient to foil tracking by sites you visit as long as you aren't logging in (which makes the whole practice mostly moot, unless you are trying to build an online psudopersona), assuming that you are already using something like proxomitron to sanitize the web.
1
A better, and free choice that gets lots of press now adays thanks to the EFF is TOR. It not only is sufficient to hide you from the sites, but provides some level of survelliance resistance as well. Of course, it's not perfect, as everyone who cares knows what's a TOR outproxy (Onion Router in their terms) and so will know you're hiding from them. Also, the content is in clear text till it hits TOR, so there's various things that can be done at that level as well - that is, the content provider is still sticking out their neck however you slice it, and the nice person running an outproxy may be as well. And TORs a pain as it's a SOCKS proxy, so you have to chain in privoxy or use socks cap or some crap to get it to work. I really fail to understand quite why TOR is a SOCKS proxy, as it seems they only want to carry web traffic (see the official request not to use P2P/bittorrent over TOR).
2
Next down the line is the venerable Freenet - which is so secure and anonymous - you mostly can't get anything over it. I find that much of the time, the flagship sites listed on the console are unreachable. However, if they ever sort this out (and their glacial update procedures) they will likely be the best for anonymous information distribution. It doesn't do any outproxying, every piece of content in in-network, and the data transferring is designed to thwart traffic analysis as well as maintain data for some time even after the originator of the data goes off net. Currently, you need to devote much of a machine to it, as well as many days for it to get integrated into the net. Also, you do have to store data on your machine, and forward that data. You don't get to choose (or know) what data is on your PC.
3
One that has become my current favorite, and is less well known is I2P. What's interesting is that it's more of a real time netork like TOR, with internal sites and services using cryptographic IDs. So you really don't know who you're talking to, and the data going out takes a different route than the data coming back. It supports anon IRC, E-Mail, Sites, Blogs, and in-network Bittorrent. If you're going to use bittorent, you ought to run it over I2P in network, where it's welcomed, rather than pushing it over TOR where they are trying to block it. Instead of stupid mixed encryption schemes for different clients, just use I2Ps built in bittorrent, Azureaus with the plugin, or write a plugin for the client of choice. This would solve both the current traffic shaping issue, but also some of the anonyminity problems.

Even cooler with I2P is it has outproxies to the web, and freenet, and tor. So you can get that 24/7 freenet connection fast, without running it on your PC. The downside is no file downloads - sites only, no frost etc. The upside? You can see the sites pretty quickly.
4
A final choice, which I reject for several reasons, is the build your own darknet like the rumored MetaNet (which seems to have existed, and may still exist) and it's decendant, anoNet.

The pros to anoNet is it's a full VPN, implemented with OpenVPN. That's basically it.

The major cons are as follows: You have to setup and implement a VPN connection, and you need to then get on IRC in-network, connect with someone (or skip that, and have someone invite you) to become a full peer and be able to use most network services. Then you have to set up OSPF or BGP routing on your node.

Once you get all that done, you have a shadow internet. How cool, right? Well, not really cause you just have all the issues of the internet in a supposedly hidden net. How are you anonymous? Well, it depends on your routing, but inside the network, everyone has a pretty much static IP that you could trace back to. etc...

Final Point

Anyway, right now, I'd look at what I want to do, and keep an eye on I2P and TOR. Freenet still has a lot of promise, but the big issue is it's performance. Maybe 0.7 will do something to fix that.

I've talked about specific important software before - specifically proxomitron and Hamachi. Other useful software I've only mentioned in passing. This post will be about the in between software - software I want to expound a little on, but not dedicate a whole post to (yet). I may eventually break out some of the programs to their own posts with more information. I'll be editing this post as I get time to add more software, or find new ubercool software.

I want to start with freeware:

SIW.exe - for those of you who cried when Everest Home was discontinued, here's an answer. This program is actually somewhat easier to use for certain diagnostic tasks than Everest Ultimate 2006 - specifically, figuring out what that crazy "unknown" device or PCI device in Device manager actually is. I also find this better than Unknown Device Identifier(UDI) because it uses the same bus/device/position (whatever, like that) that Device Manager's properties does, unlike UDI. It also doesn't add an ad shortcut to your desktop.


Next: The current freeware replacement for the Start Menu for me - Find and Run Robot. This thing is so fast if you remember the names of the programs you want to run (and they are mentioned in the start menu). Press a hotkey, start typing, when it lists the program you want, tap the # to the left of it, and bam. Never browse through a 3 column long start menu again!

Next: KeyWallet - great password management that is browser agnostic (and program agnostic) and unlike Opera's wand, you can see your passwords if you forget!

Lastly: VNC (over Hamachi of course). I can't really talk up this free remote control program. With Hamachi, it's secured easily, and punches through many firewalls and NAT routers. Also, it works on Windows, MacOS, and Linux so you're not doing 5 different things. With Hamachi, you have set IPs so it's not any harder than LogMeIn, and you're not paying a monthly fee, or relying on some other party not to pry into the datastream. Now, Hamachi does need a server for the connection, but the keys never go to the server, the final connection is PTP, and they have no idea you're running a remote desktop. The best thing though is you could get UltraVNC, which has an encryption plugin, but then you lose out on NAT traversal.

Process Explorer. This provides a useful version of Task Manager. It can replace Task Manager. It should. Want to easily check up on the latest GDI leak in Opera? Or the memory usage? OR CPU time? Want to change the priority of some software? All in one screen here, and smartly laid out.

For payware, there are a couple standouts:

Trillian Pro is just an amazing IM program. I really like it. The only downside is only one person can use it, so if you have people who constantly use your PC for IM, it's not an option. I of course, don't, and don't recommend letting anyone use your user account for IM what with the worms and such now adays. Give them a limited guest account with GAIM instead.

GetRight is a really good download manager, which has always tried to work with Opera, and the new version looks like it will be even better at it with "proxy" based interception. Once you buy Getright or the upcoming GetRight Pro - you get free updates for life. The tech support is amazing, they don't do form letters. It can take a while to get a response, but the responses are usually competent, and actually fix stuff.

Directory Opus - this is what a file manager *should* be. Directory Opus : Windows Explorer :: Opera : Internet Explorer. Seriously. Turbocharge your filemanagement with the sort of built in power and customizability you've come to expect from Opera in your internet browsing.

Process Guard - The second chance to decide if you really wanted to run that new program. While it doesn't provide any real advice like competing products, it doesn't talk to the mothership every time you run someting, reporting every thing you run. It doesn't auto allow something the mothership thinks is "ok". It asks you to make the decision. And, even better, the programs you just can't figure out how to take out of autorun? just say deny always, and they never start up again. Plus, prevent any software from killing other programs you don't authorize. No more worries about inept AV terminate protection - this is hard core.

NOD32 - the AV of champions. Of course, because you're using Opera behind proxomitron(you are right?), you only need it as an on-demand scanner to check your downloads prior to running them. Best part is with advanced settings, it also finds spyware with a right click option (well both at once). Something I have yet to successfully get Spysweeper, AdAware personal or Spybot to do. I'd much rather scan a compressed file before running than try and clean up my machine later.



I feel like MS should get off their @ss and read this list. Half of the stuff I use is basically to replace windows components with stuff that's actually useful. For shame. Expecially because I can't remove the crap that MS foists on us.

So, I link in my sig, and often suggest you try out Proxomitron, but what is it? How do you use it? Simply put, it is a filtering proxy. It uses regular expressions arranged as filters to do a mass find and replace on HTML pages as they come onto your PC. Groups of filters are called filtersets. There are several maintained filtersets currently, the biggies are Sidki's, and Grypen's. I maintain an Opera focused modification of Grypen's set for forum members - or anyone really.

Get it here: See the last post I've made in the thread below

Watch for updates here: http://my.opera.com/community/forums/topic.dml?id=76301&abc=&page=5&skip=200&show=&perscreen=50

I've figured out that straight links seem to work now to mediamax, even in Opera, so it's ok.

It's pretty simple really, all you do is set it as a proxy for Opera. To do this, go to tools -> preferences, advanced tab, network leaf, and click on proxy servers. In HTTP, put host as localhost and port as 8080. You can chain proxomitron to another proxy, to do so, double click on the tray icon (the green triangle) click proxy, and input the information in this form

host:port

ok out, and hit file -> save. Then that will be setup for you.

One thing is important, lots of things Proxomitron does uses text files called blocklists. They are accessable by right clicking on the tray icon, and selecting edit blockfile. To speed things up, you can add things via the add to blockfile choice.

The big thing is all the files are under the lists subdirectory in Grypen's set, and most of the things you would edit would be in the proxy\Lists\Grypen_Lists\User directory. Backing that up before an update might be a good idea, if you add any sites to a whitelist to allow cookies, or to bypass filters. Even better might be a compare between the old list and the new one. Specifically, look at the allowcookies list, it has what I consider to be sites I want cookies set from, you may want to change that, or clear it alltogether.


I try to update this filterset when I accumulate a few decent changes, but that means updates can be frequent or sporadic. Most updates aren't critical, so just grab a new one when you feel like it.

To update my filterset - just back up any blocklist entries you made (Mostly in User-Include-Exclude and Bypass), turn off proxomitron, and extract the proxy folder from the rar file over your install folder. Shortcuts should work unless you have changed the folder name. Dump in any saved enteries.

One word of caution with User-Include-Exclude. A specific site can only be listed ONCE.

Update (4/28/2006): More and more updates are actually additions to blocklists, so my previous suggestion of just saving the old lists can cause certain changelog entries to not actually happen, as you remove the changes. I highly recommend creating a section in any blocklist that you have edited to keep your edits in so you can easily copy them in on an update, and still get all the updates listed in the changelog.

To do this, just put something like this in:
#My Additions
entry1
entry2
entry3
#End My Additions

and put it at the end of the blocklist for easy copy/paste.

Lastly, feel free to ask questions or for help in the above Proxomitron thread.