Tue, 25 Dec 2007

Sending mail from a laptop

I often find myself on what I would call "hostile" networks: They allow only very limited Internet access, like by blocking port 25 so I can't connect to my mail server. Maybe for you, you're never on filtered Internet access, but your home ISP doesn't let you send mail out when you're not at home, but you want to send email directly from your laptop anyway.

Just do what I do! Let me explain.

Summary

inetd listens on port 125
Connections to it go through an SSH tunnel that executes "nc localhost 25" on some mail server
(Optional) A real MTA runs on the laptop, so that I can send mail when offline; when mail delivery fails temporarily, Postfix queues the message until I get back online.

Justification

Easy. Apps can be configured to use localhost port 25 (or port 125) with no password.
Correct: Postfix (when using 25) handles sending mail when offline, and reattempts delivery for me.
Secure: Encryption all the way through the network, with the icing on the cake that this all looks like SSH, so nosy networkers near your laptop can't even see that's what you're doing.

Implementation in Three Steps

Step 1: ssh tunnel

This is the hardest part. To make things simple, I create a dedicated user on each end.

On the remote server (server)

[me@laptop] $ ssh me@server
[me@server] $ sudo adduser tunnelendpoint
[me@server] $ sudo su - tunnelendpoint
[tunnelendpoint@server] $ mkdir .ssh

On the local machine (laptop)

[me@laptop] $ sudo adduser tunnelclient
[me@laptop] $ sudo su - tunnelclient
[tunnelclient@laptop] $ ssh-keygen -t rsa # make it passwordless
[tunnelclient@laptop] $ cat .ssh/id_rsa.pub | ssh tunnelendpoint@server 'mkdir -p .ssh ; chmod 0700 .ssh ; cat >> .ssh/authorized_keys'

On the remote server

[me@server] $ sudo su - tunnelendpoint
[tunnelendpoint@server] $ nano -w .ssh/authorized_keys

You'll see a key that starts with "ssh-dss". Before that, add this string and leave a space before "ssh-dss":

command="nc localhost 25",no-X11-forwarding,no-agent-forwarding,no-port-forwarding

(Note: "nc" is in the netcat package.)

On the local machine (laptop)

[tunnelclient@laptop] $ ssh tunnelendpoint@server
220 rose.makesad.us ESMTP Postfix (Debian/GNU): "every tragedy is a beauty that has passed"

Hooray! If you see a reply like mine that starts with "220", then all is well.

You're done with the hard part. Now the easy parts.

Step 2: inetd

[me@laptop] $ sudo aptitude install openbsd-inetd

Now edit /etc/inetd.conf to have this line:

127.0.0.1:125 stream  tcp     nowait  tunnelclient    /usr/bin/ssh    -q -T tunnelendpoint@server

Now restart the inetd (sudo /etc/init.d/openbsd-inetd restart) and test it:

[me@laptop] $ telnet localhost 125 
220 rose.makesad.us ESMTP Postfix (Debian/GNU): "every tragedy is a beauty that has passed"

Step 3: Postfix (optional)

This is my favorite part, but it's only necessary if you plan to send email when you're not connected to the Internet.

Just install Postfix, and add this to /etc/postfix/main.cf:

relayhost = 127.0.0.1:125

Restart Postfix and you should be set. Try sending some mail!

Closing

I was inspired by a Debian Administration post, except I had my own ideas about the best way to do it. I still like my way best.

One problem with the above approach is that it requires root on "server". It would be possible to do the ssh tunnel thing without using a separate "tunnelendpoint" account, but instead to add that key to your regular username.

[/note/sysop] permanent link and comments

Mon, 24 Dec 2007

Git repository for Qtopia

(Cross-posted at http://qtopia.net/modules/newbb_plus/viewtopic.php?topic_id=593&forum=1 and on the OpenMoko device owners list).

In order to make it easier to track updates to the Qtopia 4.3.1 snapshots, I made a git repository out of them.

What I'm doing is, automatically (every night), untarring the snapshots into a git repository at git://git.asheesh.org/qtopia_snapshot.git , which is readable in a gitweb at http://git.asheesh.org/?p=qtopia_snapshot.git .

Note that many snapshots contain the same contents; the automatic script only commits if the snapshots contains some new data.

My current primary interest in the Qtopia GPL edition is for my HTC Universal, which runs it very nicely including sleep and wake-up, SMS, and voice calls. My interest in the git repositories lies from wanting to publish a modified version of Qtopia that's easy to merge changes into as Trolltech updates their code. I'm sure there are Neo1973 users who would like to hack on the Trolltech code or have an easy source repository from which to get updates.

http://www.handhelds.org/moin/moin.cgi/Qtopia is where I'll be posting any is where I'll be posting any updates I have. If you're working on a fork of Qtopia, I'd love to give out git commit access so you can publish a branch on my git if you like.

Similarly, if people want to publish their Qtopia-based applications in a git repository, just ask me!

[/note/software] permanent link and comments

Linux on Unmodified Xbox

Here's a conversation I had with Lisa moments ago, mostly by accident:

<paulproteus> http://forums.xbox-scene.com/lofiversion/index.php/t71173.html <paulproteus> Er, that was meant for someone else. <paulproteus> I mean, you're welcome to read it, too. <paulproteus> It's actually interesting if you ask me why. (-; <lisaig_> Why? <paulproteus> Kevin Rose (supposedely) from TechTV (a then-famous, well, tech TV show) is looking for a co-founder of the Linux On Unmodified Xbox project, "lou-x". <paulproteus> That co-founder (supposedly; it's hard to figure who's actually who, but this one's credible) replies, "We got smoked by the Xbox-Linux project." <paulproteus> I came into the LOU-X project in late 2002 and donated bandwidth from JHU and a wiki I ran, and by mid 2003 preferring to help Xbox-Linux. <paulproteus> Actually, maybe my stint with LOU-X lasted only a month or two.

[/note/xbox-linux] permanent link and comments

Sat, 22 Dec 2007

Starting fetchvoicemail

I'm starting a new project called "fetchvoicemail". The idea is to have a little app that dials my voice mail, saves the messages, and extracts the metadata from the remote bot, and saves it all to local storage. That way I can write whatever UI I want on top of it. Think of it as POP3 for voicemail.

It seems there is already a commercial service that does this called "GotVoice Premium" that was reviewed by PC World.

So far, I'm in experiment and read mode. All I've yet discovered is that if you mess with ALSA settings, you make something strange happen so that your microphone doesn't actually record anything....

[/note/projects/fetchvoicemail] permanent link and comments

Tokyo Thursday

At the start of the summer, I read an article by a journalist who successfully worked for his U.S.-based company while wandering South America for a month. No one knew that when he interviewed them over Skype, he said, he was thousands of miles away.

That sounded pretty good, so I wanted to try it. I was invited to speak on behalf of Science Commons, and Herbert had been to Japan but I hadn't, so I thought that this trip to Tokyo would be a good one to start with. Some basic notes (more later, hopefully):

Weekends are really useful. If you're working in the daytime, you'll miss out on lots of great things that can only happen in the afternoon.
You'll miss people from home. Some of them might miss you too, but you'll have less way of knowing that.
Plans are useful. Guide books that have walking tours with lists of places to go, marked on the map of the walking tours, are immensely helpful.
Seeing people takes time. If you're lucky (or if you're smart), you can arrange to see people in places you actually wanted to go in the first place. Maybe you can do what I'm doing today, which is (hopefully) seeing an act of a Kabuki play somewhere before meeting up with people, or maybe you can manage to chat with people as you walk through some nice park. Otherwise, be aware that you're adding to the places you have to go see.
Speaking French is fun, and it's one of the few activities where if people compliment you don't have to feel bad accepting the compliment.

Just before and after committing to my plane tickets, as I remarked that I was leaving Tokyo on a Saturday, I wondered, Maybe I should extend this so I have the weekend in Tokyo. The big lesson from this trip is, Yes, you need weekends. You weren't really able to use the weekend of the conference, and you could have predicted as much way earlier.

[/note/working-vacation] permanent link and comments

Fri, 21 Dec 2007

On marriage

Life advice:

<micah> also I cant figure out what the point of marrying or tattos are <micah> i get lover's strength from marrying i guess, but thats weak <stew> i think i assumed that tatoos were for charm, but I don't know what charm really does for you

[/scribble/marriage] permanent link and comments

Fri, 14 Dec 2007

Beautiful attacks

In Python, if you use smart libraries like SQLObject, SQLAlchemy, and Kid, you can't generate invalid SQL or HTML, so you're not vulnerable to SQL injection, cross-site scripting, and other attacks derived from input validation problems.

Unless you're really smart: