zhasper2.0

Simple task: set up my wrt-54g (run­ning open­wrt) with miniupnpdlinuxigd so that “Back To My Mac” works[1].

miniupnpdlinuxigd: trivial. Click a few but­tons to enable it, done. I tried miniupnpd first; but althought it ini­tially looked good, I couldn’t get it to work consistently.

How­ever, that’s when I start get­ting the MobileMe pre­fpane telling me that BTMM couldn’t start because “Your DNS server isn’t respond­ing”. A little bit of search­ing on Google finds me pages like this one, which baldly state that “Back to My Mac isn’t com­pat­ible with dnsmasq.”

Well, dear inter­nets, I’m here to tell you that you are wrong. BTMM is per­fectly com­pat­ible with dns­masq. Sure,openwrt’s default set­tings don’t work, but that doesn’t make the two incompatible.

It did take me a while to fig­ure out what was going on. The clue also came from Apple’s for­ums, which told me to do this:

betelgeuse:~ james$ echo "show State:/Network/BackToMyMac" | scutil
<dictionary> {
  zhasper.members.mac.com : <dictionary> {
    ExternalAddress : 143.211.101.234
    StatusMessage : GetZoneData failed: _afpovertcp._tcp.username.members.mac.com.
    AutoTunnelExternalPort : 4500
    StatusCode : -65554
    LLQExternalPort : 5353
    RouterAddress : 192.168.0.1
    LastNATMapResultCode : 0
  }
}

The vital clue was the StatusMes­sage, which tells you exactly which DNS lookup failed. The import­ant thing is that the host­name starts with an underscore.

Take a look at the dns­masq man page, spe­cific­ally the filterwin2k option. Once upon a time, SRV records (and records with under­scores) really were a sign that you had win2k machines on your net­work. Once upon a time, “trig­ger­ing dial-on-demand links” was actu­ally some­thing to be wor­ried about. Those times are long past.

I turned this option off (vi /etc/dnsmasq.conf, add a # at the start of that line to com­ment the option out, save the file, and run /etc/init.d/S65dnsmasq to restart the ser­vice). As expec­ted BTMM now works fine. Well, as fine as you could expect.

[1] I’m ideo­lo­gic­ally opposed to all things UPnP, and BTMM in par­tic­u­lar. What’s the point of hav­ing a fire­wall if you’re going to allow everything inside to poke so many holes in it it may as well not be there? There’s noth­ing BTMM can give me that a small fire­wall hole (to allow SSH on a non-standard port) + ssh port­for­ward­ing can’t give me in a more con­trolled way — and without shelling out $$$ to Uncle Steve, too. Nevertheless…

I just bought myself a QNAP TS-409 Pro from Sky­comp. Very happy with both the device and Sky­comp so far.

How­ever, the ini­tial setup was a struggle.

The device has a very lim­ited openwrt-style firm­ware. Very, very lim­ited: it con­tains the bare min­imum func­tion­al­ity to be able to boot­strap the device with a more cap­able OS once you have disks installed.

The doc­u­mented way of doing this is via a “QuickIn­stall Wiz­ard”, that comes on a provided CD in Mac and Win­dows fla­vors. I only have Macs on my home net­work, so the win­dows fla­vor wasn’t useable for me. The Mac fla­vor is… inter­est­ing. I ran into the prob­lem described here: In short, the full firm­ware isn’t pushed until after the drives are ini­ti­ated; but the Wiz­ard gets stuck at the “Ini­tial­iz­ing drives” stage, so the full firm­ware is never pushed.

I got around it using these instruc­tions — they’re described as being “For linux”, but as it just uses basic tools like tel­net and ftpd, it will work on any *nix.

Some notes:

• Obvi­ously, had to enable file shar­ing via FTP on my mac first. Did this under “Shar­ing” pre­fpane, “File Shar­ing”, “Share files and folders using FTP”. As the warn­ing states, this involves trans­mit­ting your user­name and pass­word in cleartext: only enable this if you’re con­fid­ent you’ll only be trans­mit­ting them across a safe net­work. Bet­ter, use a username/password you cre­ated just for this pur­pose; which has no spe­cial priv­ileges, and which will be turned off as soon as you’re done.
• Out of the box, the device listens for tel­net con­nec­tions on port 13131. User­name and pass­word are “admin”.
• Once you’ve suc­cess­fully updated the firm­are and rebooted, you won’t find a tel­netd on 13131 any more. THIS IS NOT AN ERROR, DON’T PANIC. Instead, you’ll find an sshd listen­ing on port 22.
• You’ll also find a web inter­face listen­ing on port 8080. If you visit that, you can start the pro­cess of set­ting up the device.
• It may be help­ful to have let the wiz­ard run at least to the “Ini­tial­iz­ing drives” stage at least once. After I thought I knew what I was doing I switched to a new set of disks and tried again; and this time the hard drives weren’t moun­ted at all, so I couldn’t go through the doc­u­mented process.

It’s not clear from the doc­u­ment­a­tion, but the device cre­ates a RAID-1 seg­ment 500Mb in size on each disk you insert (/dev/md9 in my case), and mounts this on /mnt/HDA_ROOT. This is where con­figs for the device, pack­ages you install, and so on are stored.

The device can handle mul­tiple raid­sets — although with only 4 disks to play with, you’re not likely to end up with >2 sets. In my cause I cur­rently have 3 1Tb drives in a RAID-5 set, and a single 500Gb disk sit­ting on its own.

I was in the super­mar­ket get­ting some laun­dry powder last night and noticed some­thing really strange: every single brand of con­cen­trated laun­dry powder was advert­ising on their pack­aging the fact that they’re about to be relaunched in a new ver­sion. The new powders are all going to be 2x as con­cen­trated, and most brands made a big deal out of the fact that the new pack­aging will there­fore be half the size.

Golly. Every brand? All at once? All decid­ing to redo their for­mu­la­tion, redo their pack­aging, and retool their man­u­fac­tur­ing plants, all with identical changes to for­mu­la­tion and pack­aging, all at the same time? Unpossible!

You’d almost think that every brand of powder was actu­ally exactly the same, made at the same plant, and just pack­aged slightly dif­fer­ently. But that would surely never happen!

Lind­say did an excel­lent blog post yes­ter­day titled “Everything old is new again”, about the re-emergence of multi-dimensioned databases.

Great title, but just to prove his point, it applies even bet­ter to a post he shared on Google Reader a few days ago, writ­ten by Kurt Schrader and titled “Liv­ing in a Post Rails World”. To quote that post:

I think that the Ruby world is even­tu­ally going to end up in a model like this, writ­ing small simple apps that all talk to each other, and can be replaced or upgraded at any time.

<snip two paragraphs>

All of my hard/long run­ning logic is well tested, encap­su­lated, and most likely run­ning in little agents on the wire.

Sound famil­iar? It should. Kurt has re-discovered the same prin­ciples that the Holy Fath­ers of Unix dis­covered, over a quarter of a cen­tury ago. Doug McIl­roy, circa 1978:

(i) Make each pro­gram do one thing well. To do a new job, build afresh rather than com­plic­ate old pro­grams by adding new features.

(ii) Expect the out­put of every pro­gram to become the input to another, as yet unknown, pro­gram. Don’t clut­ter out­put with extraneous inform­a­tion. Avoid strin­gently colum­nar or bin­ary input formats. Don’t insist on inter­act­ive input.

Later, he sim­pli­fied it:

This is the Unix philo­sophy: Write pro­grams that do one thing and do it well. Write pro­grams to work together. Write pro­grams to handle text streams, because that is a uni­ver­sal interface.

Of course, Henry Spen­cer said it the best:

Those who don’t under­stand UNIX are con­demned to rein­vent it, poorly.

Some hints about using the Google Sync for iPhone. These will prob­ably also apply to the Win­dows Mobile sync — but I’ve not used that, so I’m not sure. I’m going to say “iPhone” con­sist­ently — but the same will apply to an iPod touch as well (mod­ulo the things that involve a 3G con­nec­tion, of course).

• BACK UP YOUR DATA. Really can’t stress this enough. The pro­cess of set­ting up the sync WILL WIPE ALL YOUR CONTACTS AND CALENDARS. Back up first.
• You can choose up to 5 cal­en­dars (not includ­ing your primary cal­en­dar) to sync. 
  • If you have a gmail/googlemail account, visit m.google.com/sync on your iPhone, fol­low the prompts, and you’ll be able to choose up to 5 addi­tional cal­en­dars to sync.
  • If you have a Google Apps account, visit http://google.com/m/a/«domain.com», then click “More” and then “Sync”. For this to work, your domain admin­is­trator will have to have enabled Google Sync for your domain first.
  • [update]It’s been poin­ted out to me that Apps users can actu­ally access the sync set­tings from m.google.com/sync. Click on “Google Mobile” on the bot­tom left-hand corner of the page, and you’ll be taken to a page  with lots of icons for dif­fer­ent Google ser­vices. Scroll down and make sure there’s a link that says “Not in United States?”. If it lists another coun­try, click it and change your con­try to the United States — this won’t work in any other coun­try. Once you’ve changed that and you’re back at the page with ser­vice icons, find the “Google Apps user?” but­ton, and enter your domain into the popup. You’ll now have icons for your Apps domain — includ­ing a Sync icon. Click it, and once again just fol­low the dir­ec­tions from there.[/update].
• I have one Google Apps account for work and one per­sonal Google Apps account. How­ever, the iPhone only allows me to set up one Exchange account, so I have to pick which of the two I’m going to sync, right? Wrong! I’ve shared my per­sonal cal­en­dar with my work account, giv­ing it “Make changes to events” per­mis­sions. I’ve then set up my work account to sync with my iPhone, and chosen my per­sonal cal­en­dar as one of the addi­tional cal­en­dars to sync.
• If you go with the default setup, it will sync both Cal­en­dars and Con­tacts. This is almost cer­tainly not what you want. It does have the bene­fit of push­ing changes to con­tacts straight into the cloud — but it also has the effect of break­ing the sync between your Google con­tacts and your Address Book. That is — assum­ing you used to sync the two — which a lot of people did not, due to Google’s con­tacts man­ager being rather broken. How­ever, it’s easy enough to set the sync to Cal­en­dar only. If you look at step 13 of the offi­cial instruc­tions, you’ll see both Cal­en­dar and Con­tacts selec­ted. If you choose to sync only Cal­en­dar, Con­tacts will still be synced with Address Book by iTunes whenever you sync your iPhone. If you’ve chosen to sync Address Book with Google Con­tacts as well, that will still hap­pen too.
• You can sync cal­en­dars with both an Exchange and MobileMe cloud at the same time; but as soon as you enable one of them, you can’t sync cal­en­dars with iTunes any more. You can only have one MobleMe account and one Exchange account.

I used to have a messy messy setup involving Span­ning Sync pulling all my Google Cal­en­dars into iCal; then using Mobile Me to push them into the cloud; then using the iPhone’s Mobile Me sync to pull them onto the phone. Many mov­ing parts, 3 dif­fer­ent sync stages for some­thing to go wrong. Only works if you have a per­man­ently online machine that can be doing the trans­la­tion between the Google cloud and the Apple cloud. I’m much hap­pier with this dir­ect sync.

[update]About the con­tact sync thing. See, you only get the option to sync your Address Book and your Google Con­tacts vis­ible in iTunes if you’re syncing con­tacts with your iPhone. If you’re syncing con­tacts with the cloud, you’re not syncing with your iPhone, so you don’t get the option. If you do use Google Con­tacts, that means that the cloud and your iPhone are both up-to-date — but your desktop is not.

If you really want instant syncing between your phone and your desktop, turn on cloud-syncing of your con­tacts. If you’d prefer to keep your phone, desktop, and the cloud all in sync, turn off cloud-syncing, and let iTunes handle the sync instead. [/update]

[update 2009-09-09] As of Snow Leo­pard, it’s no longer neces­sary to have an iPhone/iPod in order to get Address Book <-> Gmail Con­tacts syncing. So, it’s now per­fectly pos­sible to have your iPhone cloud-syncing your con­tacts AND have your Mac also cloud-syncing. To turn it on on your Mac, just go into the Address Book’s pref­er­ences and look under the Accounts tab.[/update]

[update]Facebook Events? Magic­ally pushed into your iPhone cal­en­dar? Easy!

Go to your Face­book Events page. On the top left (below the blue Face­book bar; above the big word “Events”) you’ll see “Export Events”. Click on that link, and you’ll get a popup with a long URL. Copy this URL.

Next, go to your Google Cal­en­dar. Click “Set­tings”, “Cal­en­dars”, “Import Cal­en­dar”, “Add By URL”, and paste that URL into the box.

Now visit the Sync Set­tings page, and choose your new Face­book cal­en­dar as one of the 5 to import. Now if you RSVP to any events in Face­book, that event will appear in your Google Cal­en­dar and your iPhone.[/update]

At first glance, I assumed that this was related to the hor­rible fires in Vic­toria. Nope, just advert­ising. Well done SMH!

Stilgher­rian takes weekly nom­in­a­tions for “Cnut of the Week”. Tra­di­tion­ally the gong goes to Stephen Con­roy, for his increas­ingly futile attempts to hold back the (largely ima­gin­ary) tide of pae­do­philes sweep­ing over the internet.

Unfor­tu­nately I believe this week’s spot has already been claimed. How­ever, I’d like to make an early nom­in­a­tion for next week.

Steve Turner, assist­ant sec­ret­ary of the Pub­lic Ser­vice Asso­ci­ation of NSW, said … the blame did not lie solely with the Gov­ern­ment as “any com­puter sys­tem can be hacked … even Amer­ican defence force computers”.

[update 12/2/2009] Nope, there hadn’t been a Stilgher­rian Live for a while. There is now though, so con­sider this a nomination[/update]

Read­ing the draft Exec­ut­ive Order order­ing Guantá­namo Bay deten­tion facil­it­ies to be closed, one minor para­graph jumped out at me:

© The indi­vidu­als cur­rently detained at Guantá­namo have the con­sti­tu­tional priv­ilege of
the writ of habeas cor­pus. Most of those indi­vidu­als have filed peti­tions for a writ of
habeas cor­pus in Fed­eral court chal­len­ging the law­ful­ness of their detention.

If that was the entirety of the order, it would be a huge step for­ward for people still imprisoned there — they’ll be able to force the gov­ern­ment to jus­tify their impris­on­ment, a right that was con­sist­ently denied to David Hicks and the other detainees.

You can read the whole order from a link at the bot­tom of the ACLU’s press release.

You know you’re read­ing a web­site tar­geted at Amer­ic­ans when you see phrases like this:

Fire­fox is par­tic­u­larly strong in Europe, the area over which the EU has oversight.