Archive for the ‘Tech’ Category

SSH-over-HTTPS for fame & profit

Tuesday, April 18th, 2017

In the past, I’ve discussed using SSH to circumvent restricted networks with censoring transparent proxies, but that relied on the restricted network allowing free SSH access on port 22 (what we call in the industry – the single network requirement for getting work done).

Unfortunately, there are restricted networks that don’t even allow that – all you get is the transparent censoring HTTP proxy (which has recently became the case with the free Wi-Fi on the Israeil Railways trains).

But fortunately for us, there is still one protocol which they can’t block, they can’t proxy and they can’t man-in-the-middle  – or else they’d break the internet even for people who only read news, search google and watch YouTube – that is HTTPS.

In this article I’ll cover running SSH-over-HTTPS using ProxyTunnel and Apache. The main consideration is that the target web server is also running some other websites that we can’t interrupt. The main content is based on this article by Mark S. Kolich, but since it only covers using plain HTTP and in addition to some simple changes in the example configurations I also wanted to cover getting an SSL certificate, here’s my version of the tutorial:


Googlephobia Paints The World Red

Saturday, June 4th, 2016

This is an open letter to Chris Fisher from Jupiter Broadcasting (and friends) regarding the recent tirade against Google “winning” the court battle against Oracle for the use of the Java APIs.

A short summary for the uninitiated:

After Oracle bought Sun including their Java implementation, they sued Google who implemented (some of) the Java APIs for use in the Android operating system, for copyright infringement in some source code, copyright infringement on the API definitions themselves and a couple of software patents they held about how to implement some Java behavior. Round one: Some source code was ruled infringing, APIs were found non-copyrightable  and patents were found not-infringing. Round two: A federal court (that normally rules on patent issues) held the ruling of copying (for Oracle) and patents (for Google) but ruled APIs copyrightable and Google infringing on that. Third round: a jury found that Google’s use of the Java APIs was fair-use and no damages should be awarded.

After the last jury decision, there was a lot of back and forth on the internet, notably one Ars Technica article (“op-ed”), by an Oracle lawyer claimed that the result boils down to nullifying any and all open source licenses:

if you offer your software on an open and free basis, any use is fair use.

Then we come to Chris Fisher – as the host of his Linux Action Show podcast, he has spoke out against Google many times in the past, but this tirade in the discussion of the Oracle vs. Google action in the most recent Linux Action Show #419, really demonstrates well the extents of his Googlephobia (LAS #419, 0:46:42):


Script Day: Cloud-init for MS-Windows, The Poor Man’s Version

Thursday, August 20th, 2015

Cloud-init is a Linux technology that allows easy setup and automation of virtual machines. The concept is very simple – the VM infrastructure provides some way of setting some custom data for each virtual machine (many providers call this “user data”), and when the operating system starts the cloud-init service reads that configuration, loads a bunch of modules to handle various parts and let them configure the system. As a user it is very convenient – you write a setup scenario using the variety of tools offered by cloud-init, you can store the scenario in a source control to allow to develop the scenario further, then just launch a bunch of machines with the specified scenario and watch them configure themselves.

The situation is much worse on the MS-Windows side of the fence: want to have an MS-Windows server configured and ready to go? Start a virtual machine, connect to is using RDP and Next, Next, Finish until your fingers are sore. Need to deploy a new version? either retrofit an existing image (again, manually) and risk deployment side effects, or do the whole process again from scratch.

Here’s a script to try to help a bit with the problem – at least on Amazon Web Services: a poor man’s cloud-init-like for MS-Windows server automation.


The sorry state of the autonomous car discussion

Monday, May 25th, 2015

English: Google driverless car operating on a ...As can be evident across the web (for example in this article), the current discussion fueled by Google’s self driving car news and a the possible development plans of other small and large companies is often concerning itself with the morals of a software driven car(1). Which is, frankly, unfortunate.

I think that the only people that should be really bothered by all this talk of “who should the autonomous car kill (in case of an accident)” discussion are the programmers hard at Google and other companies, who are suddenly held to a much higher moral standard than expected of programmers who are responsible, today, to hundreds of lives in each instances – such as programmers for railway systems and passenger jets flight control software.

When you look at the problem from the perspective of autonomous transport control software, that is right now being used to safely transport millions of humans daily, its obvious that the main concern of the designers is to have quantitatively better response (more consistent and faster, in that order) than a human, for adverse situations, but qualitatively better – that is, the systems will not pretend to make decisions morally better than a human would do at any given situation, just perform better on the exact same actions that the human it replaces will have taken anyway.

So when a Google self-driving car programmer comes answer to the “trolley problem” or the “fat man problem” discussed in the linked article, they should not be held to a higher moral standard than the average driver, because that is who they are replacing.


  1. that is, immediately after the “ooh, technology is so awesome” debate []

How to circumvent the free Wi-Fi content filter, for fame & profit

Monday, May 18th, 2015

I’m very grateful for the free Wi-Fi on the train, the coffee shop or the municipal free Wi-Fi, but the content filter they have on their proxies is sometimes really weird – for example it may blocks one of my favorite podcasts website (the Jupiter Broadcasting network) under the category “streaming media” even though they don’t actually host their video files, but they do let through YouTube and Facebook (where most cat videos are posted these days). So apparently Israeli Rail has an aversion to streaming media so they won’t let me send an email to a small podcast, but I can watch all the cat videos I want. Weird. Also, most VPN services are blocked by default, so no help will be coming from that way(1).

So, to fix that, here’s a small workaround using an external proxy – this is rather simple, but it does assume you have all kinds of tools that most users won’t have just lying around – but if you’re a Linux geek you should do just fine.


  1. I’ve checked the OpenVPN ports are blocked, as well as all web-based proxies I could find, such as FoxyProxy and Hola. I’ve encountered in the past a weird VPN software that does not use standard UDP or TCP sockets, but instead using GRE packets and I have no idea if that would work, but I’m assuming it won’t as well. []

Why Microsoft Will Not Extend Windows 7 End-Of-Life

Sunday, July 13th, 2014

[This is mostly a summary of a discussion on Google Plus, that you can find here]

Recap: The world (or at least clueless tech journalists) was surprised to learn (once they bothered to look it up) that Microsoft will not extends Windows 7 end of “mainstream support” – which is scheduled for January 2015 (about 6 months from now). This was all planned way in advance – Microsoft basically committed to end “mainstream support” in 2015 by not releasing any service pack for Windows 7 since the beginning of 2010, instead they want people to move to the next version of their software. In most normal software markets, this is a no-brainer – who have heard of a Macintosh user still clinging to Mac OS X 10.7? or an Adobe Photoshop user who refuses to upgrade past CS3? But instead you now hear calls for Microsoft to extends Windows 7 an artificial life line, like it did with XP.

And here’s why XP will never happen again:


Microsoft vs. No-IP and the failure of the US legal system

Wednesday, July 9th, 2014

There is one thing that really troubled me about the Microsoft dynamic DNS fiasco that no one seems to talk about, which I really wanted to raise, but first here’s a short recap for those not in the know: Microsoft “cyber-security” department convinced a US federal court to issue an order to transfer 22 internet domains owned by the popular No-IP dynamic DNS service into their custody, in an attempt to remove specific hosts under those domains that are supposedly used as malware control centers.

The issue I have is very simple – under what conditions can it be possible for a private company, to ask a court to transfer ownership of a property from another private company? This sounds seriously like private policing and somehow it is endorsed by the judicial system ?!? Under what authority can something like this be allowed?

This situation is massively more grievous because the court order was given “ex-parte” – legalese for “without the other party appearing to defend itself”, but even if everything was over the table and in the clear, and the defending lawyer incredibly incompetent, what kind of argument a private entity can offer to get a court to simply transfer control of another private entity?(1).

  1. except obviously arguing that the property was stolen, which is clearly not the case []

Code Spaces break-in lessons: using your infrastructure provider for backup is a single point of failure

Monday, June 30th, 2014

Summary of the events of the Code Space break-in: Code Spaces was hosting their services on Amazon Web Services VPS infrastructure. An attacker managed to gain access to their AWS administration console account and after his demands for ransom were not answered, proceeded to delete all the data in the account.

The disaster recovery plan for Code Spaces was based on having machine images and data backups stored in AWS, everything was gone, and Code Spaces basically had to shutdown.


Canonical announced a new display server – Mir, and it is good for the consumer

Tuesday, March 12th, 2013

Canonical have last week announced that they are developing their own display server to replace the ubiquitous X display server, a project called Mir, and the shit storm has begun anew(as what happened after Unity, Ubuntu Touch and other Canonical announcements). Contrary to popular belief, I think that this happening is a good thing for the Linux community in whole.

There are many reasons why I think this is good, most are not really concrete technical things, but I can list a few:

  • X11 is showing its age. There were some internal efforts to modernize it (e.g. kdrive which have mostly merged into the existing code) and some external efforts to replace it (Fresco and Wayland to name a few), but none have made much of an impact on the current state of Linux display.
  • From first look, Mir is a modern code base written in C++11 and Boost, which I like.
  • Diversity is generally a good thing.

If we go over the last point in a bit more depth, I think we can see why Mir would generally be a good thing for Linux developers and users and why people should stop being negative.


What is Windows XP for you?

Friday, January 25th, 2013

I just “love” this quote from this PC-Magazine article:

… the amazingly enduring Windows XP—easily Microsoft’s most successful enterprise product ever…

Which is a really cock-eyed way to look at the operating system market, which completely ignores purchasing decisions by millions of users world-wide. A better description of Windows XP might be:

The last reasonably well-made operating system that Microsoft made

Users aren’t migrating from Windows XP because its so good(1) – they keep using Windows XP because every later OS is really bad.

  1. hint: it isn’t []

Spam prevention powered by Akismet