Iota is one of my chosen cryptocurrencies to follow

It's crypto crazy out there.  I'm kicking myself as I watched the launch of Bitcoin and thought to myself that this cryptocurrency is going to revolutionise the world. But did nothing.  Similarly, I thought Apple at $16 in ~ 1996 would be a good price to buy in at.  Unfortunately I didn't buy.  For starters international trading wasn't so easy and my mate told me not to invest based on emotions (I loved Apple and hated Microsoft).

So I'm a little late to this party.  However the numbers investing in crypto is only in the low millions.  And with the advent of new coins, tokens or other cryptos still launching (sorry, I'm not familiar with all terminology yet), there is still plenty of scope.  Infact I don't think this will settle down any time soon.

I aim to discuss more about crypto over time.  I'm only going to write a short post for now with the intention of getting some 'free' IOTA for blogging about the site - http://iotaprice.com/.  At least I hope there is any left.  Its a great crypto so I'm not that worried if all I get is kudos for my actions.

I'm pursuing IOTA as I believe it is one of the stand out cryptos.  I'll expand on these points over time (to reinforce or to show how I was wrong):

•  Bitcoin fails as a currency due to problems discussed in many other places, including the cost of transactions, the time to complete a transaction, the throughput of transactions and the energy cost associated
• IOTA does not have any of these problems - free and quick transactions, thousands of transactions per second and can be done very cheaply
• Discussed at https://www.iotasupport.com/whatisiota.shtml
• As a true potential cryptocurrency it will surpass bitcoin in value.  It has a long way to go so there is plenty of potential growth, making it a good investment.

More to come ...

Blog revived

I'm moving from workpress blog I was running under my own domain to this.  More posts will appear shortly...

Mac Address book not saving custom phone formats

I wanted to setup phone number formats in my Address Book but they wouldn't save.  Its not a permissions problem and there was some weird behaviour where I could add one row but not a second.

Like any good hacker / developer / software engineer I went under the hood and changed the preferences directly.

• Close AddressBook
• Open a terminal (I recommend iTerm if you get into the terminal often)
• cd ~/Library/Preferences
• Open com.apple.AddressBook.plist
• You'll need XCode installed as this is where the .plist editor is now
• Navigate to ABPhoneFormat-PhoneFormatter
• Click the '+' to add a row (or right-click and choose 'Add Row')
• Type the format.  For Australia I added the following:
• 1. 04## ### ###

• 2. 0# #### ####

• Open AddressBook, go to Preferences.. and under Phone you should see your new formats

Connecting to my Hover IMAP email from work which blocks ports

background

My work blocks ports so I cannot access my personal email except through my provider's ridiculous webmail. Specifically I use Thunderbird and want all the features such as nostalgy to easily move my email to folders.

issues

1. Well there is the major "work blocks ports" issue. You need to setup an ssh tunnel to a trusted server that forwards traffic to the IMAP (or POP3 if that's your thing) ports. That trusted server for me was my home server. In the example below its my home server and I'm super aware of security threats which may not be an issue with an external server.
   
2. Hover, my domain name and email provider uses a mechanism where you point your IMAP client to mail.hover.com with the login being user@domain and it redirects to mail.<domain>. This prevents easily setting up SSH tunnels as I don't know how to setup an ssh tunnel that handles this redirection. Looking through Hover's management console for my domain, I found that the forwarded to address is mail.<domain>.com.cust.<secret>.com

Solution

1. Open external ports on home network that map to port 22 ssh (internal). Typically do not use 22 as your external port as it is a security hole, but use a port in the thousands such as 5555. You may actually want to decide on the ports and not open them until you've determined your work's gateway IP address and configured your network to restrict (only ssh) traffic to be from there. You open ports through your modem and router.
   
2. Find out your home WAN static ip address (if you have dynamic IP I haven't thought about the solution for this as I believe your work network admins need to be able to specify an IP address rather than a DNS. If it is the latter then you could use Dynamic DNS).
3. Request work to open their network to allow connections to your WAN IP and the ports you have opened (or will open). Tell them you run ssh servers at home. Request from them the work gateway IP address you will be connecting from.
4. As security measures at home, update your hosts.allow, hosts.deny and sshd_config (unix, linux, macosx - don't know about Windows) to only allow:

• network traffic to ssh from work gateway ip (done in hosts.allow and deny) - see http://serverfault.com/questions/207381/how-to-restrict-ssh-login-to-a-specific-ip-or-host/207387#207387
  
• only allow given ssh users to log in (done in sshd_config) - see http://serverfault.com/questions/216502/restrict-access-to-ssh-for-one-specific-user
  

1. At work open an ssh tunnel for your IMAP traffic - you'll need to type your home ssh login password. Use a *nix/Mac OS X terminal or Putty under Windows:
2. ssh -T -N -L 3993:mail.<domain>.com.cust.<secret>.com:993 @ -oPort=5555
3. This is saying to connect to <home wan ip>:5555. The local port at your local site (work) is 3993 and it maps to the remote port 993 at mail.<domain>.com.cust.<secret>.com. This local (3993) to provider's port 993 is done via your ssh server at home (ie. ssh tunnel).
   
4. Set your email client (I use Thunderbird) to use the local port you setup as your IMAP (or POP3) port - I used 3993 in my example.

Comments and questions welcome.

Mac OS X, ssh and X11 forwarding

Well it was my turn to go through this struggle. Once you have problems you'll see that so many others have had problems with getting ssh public key ("no password") connections and then X11 forwarding working. Next I'll get port forwarding through ssh working. That can be the subject of a later post.

Here are my notes for problem solving.

References

• man ssh_config
• man sshd_config
• Mac OS X man ssh
  
• http://www.stocksy.co.uk/articles/Mac/ssh_on_mac_os_x/
• DYHR.com - How to enable X11 Forwarding with ssh on macosx
  
• Or see Google search for "macosx ssh" - there are millions of pages on how to do this

Troubleshooting
Permissions

• Permission on ~/.ssh/authorized_keys OR ~/.ssh/authorized_keys2 needs to be 0600

Found at http://ubuntuforums.org/archive/index.php/t-477374.html, http://www.macosxhints.com/article.php?story=20080424055927442

• Permission on ~/.ssh needs to be 0700

Found at http://sial.org/howto/openssh/publickey-auth/problems

X11 forwarding

• I had to remove the references in home.bashrc that sets $DISPLAY as the sshd does that

Found at http://dyhr.com/2009/09/05/how-to-enable-x11-forwarding-with-ssh-on-mac-os-x-leopard/

Local machine, hostname, ssl / https would hang

I am trying to put lessons I've investigated and learnt up, not only as a record for myself, but also to help others. The web has solved so many of my problems and I want to pass on anything i know that can help.

I am a Mac user (Mac Mini running Mac OS X 10.5.7 currently).

I run JSPWiki WebApp through the Tomcat server and have the security policy set to https (SSL) for logins and editing. My server is kanga.local (Bonjour) and it has the IP address of 10.0.1.5.

When I connect from any other local machine I'd log in straight away (go to http address and 'login' and 'pw' form would come up immediately). When I connected to it via the server using the server name (kanga.local) the browser would sit there saying "connecting to kanga.local" and sometimes eventually got there to the login screen (over https). It was unusable like this. If I put in localhost instead it would get to the login screen but logging in (post OK) then would revert to kanga.local and once again it would take forever.



Things I tried to work out what was going on (aswell as Google):

• dscacheutil (Directory Services) showed me that Kanga.local had multiple IP addresses
  

bsmith@kanga RCS $ dscacheutil -q host -a name kanga.local
name: kanga.local
ipv6_address: fe80:8::21c:42ff:fe00:9
ipv6_address: fe80:8::225:ff:fef8:3034

name: kanga.local
ip_address: 10.37.129.2
ip_address: 10.211.55.2
ip_address: 10.0.1.5

• traceroute - returned a result instantly and showed it took 1 hop so didn't help me at all
  

bsmith@kanga RCS $ traceroute -p 8443 kanga.local
traceroute to kanga.local (10.0.1.5), 64 hops max, 40 byte packets
1  10.0.1.5 (10.0.1.5)  0.403 ms  0.057 ms  0.081 ms

• ifconfig. I found the post at disable-your-network-connections (www.mactricksandtips.com) and its suggestion to view the active network interfaces worked and I could see there were multiple interfaces using the IP addresses dscacheutil showed:

bsmith@kanga RCS $ ifconfig
lo0: flags=8049 mtu 16384
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
   inet 127.0.0.1 netmask 0xff000000
   inet6 ::1 prefixlen 128
gif0: flags=8010 mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863 mtu 1500
   ether 00:25:4b:b3:d6:20
   media: autoselect status: inactive
   supported media: none autoselect 10baseT/UTP  10baseT/UTP  10baseT/UTP  10baseT/UTP  100baseTX  100baseTX  100baseTX  100baseTX  1000baseT  1000baseT  1000baseT 
en1: flags=8863 mtu 1500
   inet6 fe80::225:ff:fef8:3034%en1 prefixlen 64 scopeid 0x5
   inet 10.0.1.5 netmask 0xffffff00 broadcast 10.0.1.255
   ether 00:25:00:f8:30:34
   media: autoselect status: active
   supported media: autoselect
fw0: flags=8863 mtu 4078
   lladdr 00:25:4b:ff:fe:b3:d6:20
   media: autoselect  status: inactive
   supported media: autoselect 
en2: flags=8963 mtu 1500
   inet6 fe80::21c:42ff:fe00:8%en2 prefixlen 64 scopeid 0x7
   inet 10.211.55.2 netmask 0xffffff00 broadcast 10.211.55.255
   ether 00:1c:42:00:00:08
   media: autoselect status: active
   supported media: autoselect
en3: flags=8963 mtu 1500
   inet6 fe80::21c:42ff:fe00:9%en3 prefixlen 64 scopeid 0x8
   inet 10.37.129.2 netmask 0xffffff00 broadcast 10.37.129.255
   ether 00:1c:42:00:00:09
   media: autoselect status: active
   supported media: autoselect

• iStat Menus is a system monitoring tool that shows Network Interfaces. I noticed that it shows the interfaces that ifconfig shows. And when I bring an interface down it can no longer be seen in the iStat menu.

What I wondered was why the Network System Preference didn't do the same as ifconfig. Then I realised it does!. This would have saved me alot of time if I'd realised it.

Go to Network Preferences and you'll see listed down the left-hand, what are ultimately network interfaces. This picture shows the en2 interface active:




Now select the interface you want to turn off and select 'off' in the Configure drop-down.

And it will be disabled. It seems to take a couple minutes to ripple through the system. And I had to close the current Firefox tab and open a new one.



If this doesn't work then you'll need to use ifconfig to turn off the network interfaces as per Disable your network interfaces (Mac Tricks and Tips blog):

sudo ifconfig en2 down
sudo ifconfig en3 down

JSPWiki RCSFileProvider exception

I've been using JSPWiki for atleast 5 years now. One problem I've had which I've just worked out is an RCS exception (when using the RCSFileProvider to version pages) that frankly pissed me off! It seemed to come up and for no reason. It looks like:


JSPWiki has detected an error

Error Message
RCS checkin failed
Exception
com.ecyrd.jspwiki.providers.ProviderException
Place where detected
com.ecyrd.jspwiki.providers.RCSFileProvider.putPageText(), line 430

If you have changed the templates, please do check them. This error message may show up because of that. If you have not changed them, and you are either installing JSPWiki for the first time or have changed configuration, then you might want to check your configuration files. If you are absolutely sure that JSPWiki was running quite okay or you can't figure out what is going on, then by all means, come over to jspwiki.org and tell us. There is more information in the log file (like the full stack trace, which you should add to any error report).

And don't worry - it's just a computer program. Nothing really serious is probably going on: at worst you can lose a few nights sleep. It's not like it's the end of the world.


The problem for me was that I was previously running Tomcat as root and since then have started running it as user www (a user that has no admin rights to any other part of the server thus reducing likelihood of security issues). And root had the page locked. The solution is simple.

* For page do the following when you try and edit and save a page and the above error is shown.
** For example the page is "useful_commands" which has the corresponding RCS file "useful_commands.txt,v"


$ cd /where/wiki/pages/are/attachments
$ sudo rcs -u useful_commands.txt,v # this unlocks the page owned by root - use sudo -u if not root (see next)
$ sudo -u www rcs -l useful_commands.txt,v # this locks the page as www (tomcat running as www)
Now hit refresh in your browser and the changes made should be saved


Alternatively you could unlock any files locked by root with an:


sudo rcs -u *v


But I've not tried this. I assume on files not owned by root it will do nothing. I leave the verification to you as an exercise!