I was getting tired of ssh'ing through bastion hosts to get to devices on my lab test network from my laptop when at home, so I googled for "ssh proxy." The best option in the first 10 results turned out to be a program I wrote, called sshuttle. Duh.
Anyway, I initially discarded that option because I haven't maintained sshuttle for a long time and it didn't work with newer versions of MacOS. Looking closer, however, it turns out that someone has picked up maintenance (and you can get it from https://github.com/sshuttle/sshuttle) and it now works great on the latest MacOS, in fact.
Then all you have to do is use the Chrome Secure Shell extension to port forward eg. port 2222 to a real Linux box (in my case, the lab bastion host) on the corp network, and run:
sshuttle -vNHr localhost:2222
The -H auto-discovers hostnames from /etc/hosts (and other places), while -N auto-discovers local subnet routes that match the lab network.
After that, you can ssh "directly" to any of the attached hosts.
I'm slightly boggled that open source has turned out to be so useful. I should abandonware my projects more often! (*)
(*) Hah, like I could do it more often
Always remember: we are the people who, left unchecked by ourselves or by society, would produce Linux on the Desktop.
Okay, that was unexpected: "Samsung Pay will work in stores that support NFC payments, but its big trick is a technology called MST (Magnetic Secure Transmission), which it picked up with the acquisition of a company called LoopPay. MST lets your phone with Samsung Pay emulate an actual physical card swipe, meaning it can work at virtually any payment terminal where you can swipe a card."
So I guess they're using a relatively high-powered electromagnet to confuse the magnetic head in a magstripe reader, from a short distance away. Kind of a neat trick, though since it would inherently be one-way communication, I wonder what the reliability level would be like. (It also has essentially zero chance of ever working in a world of chip-enabled cards.)
I went on a ski trip. It was raining so I pretended to be on a ski trip but actually looked out the window at a mountain while writing this program.
Its early code name was "curse", which is short for "curses-based wifi monitor for when you're angry about the low quality of your ski resort hotel wifi," but I think I'll rename it to "wifitop."
Still needs some work (and column labels) but I think it's pretty neat already. Columns are: MAC address, is_access_point, RSSI, num_tx_packets, tx_rate_histogram, num_rx_packet, rx_rate_histogram, last_packet_type.
This is disturbingly similar to a plan I've been considering, which I call the "buddy system" (because it sounds better than "suicide pact"). In my idea, you get your wifi repeaters to check in with each other (pretending to be fake clients) to try to reach the Internet. If nobody successfully checks in for a while through you, you take yourself offline in the hope that someone else can cover for your failure.
This one's a little easier but I bet it works.
Wow! I honestly thought we were decades away from this. Looks like maybe only years away. http://www.sciencealert.com/a-canadian-province-is-about-start-giving-everyone-a-universal-basic-income
"On the upside, you might get a fully-paid close-up view of the world’s diverse legal systems—including lawyers who are really adversarial!"
What's one thing you do really well that you plan to continue doing?
Predicting bad outcomes 3 years in advance.
Suggested bizspeak for wifi teams:
"I'm going into powersave for a bit. Send me a WoW if you need anything."
"I'm going to toss you an aggregate. Just let me know afterwards which parts you didn't understand."
"Yawn. This presenter's rate control is way too conservative."
"I'm just sending out probes here. It's okay if you don't answer, as long as you're not invisible."
"Come on, everyone, we need to get back on channel!"
"It's all hidden nodes with you."
"When's the next beacon? I've got an IE I need to send, stat!"
"Their radios are have just always been on different bands, you know?"
"Jeez, relax, my receiver is getting desensed."
"Is your antenna gain too high? Look at the big picture."
"I don't think their coding scheme has enough FEC, if you know what I mean. "
"Don't worry, that person has above average receiver sensitivity; they'll get it."
"I just don't feel like I'm getting airtime fairness lately."
Apparently, "How do you feel about 'every man for himself?'" is not the correct answer to, "Do you want to join the building evacuation team?"
If you think I get annoyed by my CPE blinky lights not blinking in unison, you should see how I feel about my phone buzz and web Calendar notification for the same meeting being 15+ seconds apart, on two supposedly NTP-synchronized machines.
"Ultimately, you can buffer everything forever; so you have perfect reliability, and a 99%ile latency of The Lifetime Of The Universe, which is basically using a lot more resources to, for all practical purposes, drop something on the floor."
5 years at my job
That's 4.67 years longer than I expected to last.
Once upon a time, I read an article with an apocryphal story of someone who had been working at Apple a long time (5 years?). He/she ended up in an elevator with Steve Jobs and mentioned this fact. Steve supposedly said something dismissive about how if you're still doing the same thing after five years, you've failed. Does anyone have a link to that?
Some real-world wifi data
I personally don't really like watching talks online. In case you're like me (or want additional detail that didn't fit in 24 minutes), you can also download my slides (pdf), including extensive speaker notes.
So I guess online retailers have some kind of natural ability to run cloud computing services.
Cloud mDNS, I'll call it. It'll be just like mDNS, except it won't be multicast, it won't work, and its information won't be up to date. Also the latency will be at least hundreds of milliseconds because, you know, cloud.
Called FiOS about my weird problem with 10-15% packet loss only in the upstream direction. The person on the phone was able to do some kind of test remotely to identify (without me saying it first) that yes, the problem was on the wired link, in the uplink direction, and that it was a problem that they know about and can probably fix without a truck roll. So I guess FiOS has some diagnostic tools too.
Of course, then I thought, if they know about and can diagnose this problem remotely, why didn't they just do that and fix it for me in the first place?
But then I thought, well, we don't either.
ssh+2FA to all your machines, anywhere, without opening firewall ports.