The network is reliable

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

In the spring of that year, my travels brought me upon a previously undiscovered civilization. The people called themselves Ossians, and they lived in an isolated collection of villages in a remote part of South America.

Being remote as they were, their level of technology was understandably primitive. But I was surprised by the locals’ recent obsession with new forms of communication. It all started, they told me, when one of them discovered that by attaching a rope between two clay pots and stretching the rope taut, a voice uttered into one side could be heard on the other. (I neglected to tell them that even as a boy I had done this very thing with tin cans.)…

New Computer #2 – Dana

The other week I built Tiffany2, New Earth‘s new media centre computer. She’s well-established and being used to watch movies, surf the web, and whatnot, now, so I thought I’d better fulfil my promise of telling you about my other new smaller-than-average computer, Dana, whose existence was made possible by gifts from my family over Christmas and my birthday.

Dana‘s size and power-consumption is so small that it makes Tiffany2 look like a bloated monster. That’s because Dana is a DreamPlug, an open-architecture plug computer following in the footsteps of the coveted SheevaPlug and GuruPlug.

A dreamplug (seen here with a two-pin power connector, which helps to give you a sense of its size).

The entire computer including its detachable power supply is only a little larger than the mobile telephones of the mid-nineties, and the entire device can be plugged straight into the wall. With no hard disk (it uses SD cards) and no fans, the DreamPlug has no moving parts to wear out or make noise, and so it’s completely silent. It’s also incredibly low-power – mine idles at about 4 watts – that’s about the same as a radio alarm clock, and about a hundredth of what my desktop PCs Toni and Nena run at under a typical load.

I’ve fitted up mine with a Mimo Mini-Monster 10″: a dinky little self-powered USB-driven touchscreen monitor about the size of an iPad. Right now the whole assembly – about the size of a large picture frame – sits neatly in the corner of my desk and (thanks to the magic of Synergy) forms part of my extended multi-monitor desktop, as well as acting as a computer in her own right.

Dana's Mimo Mini-Monster touchscreen: Dana herself is completely concealed behind the screen.

So on the surface, she’s a little bit like a wired tablet computer, which would seem a little silly (and indeed: at a glance you’d mistake her for a digital photo frame)! But because she’s a “real” computer underneath, with a 1.2GHz processor, 512MB RAM, USB, WiFi, and two Ethernet ports, there’s all kinds of fun things that can be done with her.

For a start, she provides an ultra low-power extension to my existing office development environment. I’ve experimented with “pushing” a few tasks over to her, like watching log file output, downloading torrents, running a web server, reading RSS feeds, and so on, but my favourite of her tasks is acting as a gateway between the rest of the world and my office.

A network diagram showing the layout of the computer networks on New Earth. It's more-complex than your average household.

While they’ve come a long way, modern ADSL routers are still woefully inadequate at providing genuine customisability and control over my home network. But a computer like this – small, silent, and cheap – makes it possible to use your favourite open-source tools (iptables, squid, sshd, etc.) as a firewall to segregate off a part of the network. And that’s exactly what I’ve done. My office – the pile of computers in the upper-right of the diagram, above – is regulated by Dana, whose low footprint means that I don’t feel bad about leaving her turned always-on.

That means that, from anywhere in the world (and even from my phone), I can now:

  1. Connect into Dana using SSH.
  2. Send magic packets to Toni, Nena, or Tiffany2 (all of which are on wired connections), causing them to turn themselves on.
  3. Remotely control those computers to, for example, get access to my files from anywhere, set them off downloading something I’ll need later, or whatever else.
  4. Turn them off when I’m done.

That’s kinda sexy. There’s nothing new about it – the technologies and standards involved are as old as the hills – but it’s nice to be able to do it using something that’s barely bigger than a postcard.

I have all kinds of ideas for future projects with Dana. It’s a bit like having a souped-up (and only a little bigger) Arduino to play with, and it’s brimming with potential. How about a webcam for my bird feeder? Or home-automation tools (y’know: so I can turn on my bedroom light without having to get out of bed)? Or a media and file server (if I attached a nice, large, external hard disk)? And then there’s the more far-fetched ideas: it’s easily low-power enough to run from a car battery – how about in-car entertainment? Or home-grown GPS guidance? What about a “delivered ready-to-use” intranet application, as I was discussing the other day with a colleague, that can be simply posted to a client, plugged in, and used? There’s all kinds of fun potential ideas for a box like this, and I’m just beginning to dig into them.

New Computer #1 – Tiffany2

This weekend, I integrated two new computers into the home network on New Earth. The first of these is Tiffany2.

Tiffany2 is a small "media centre" style computer with an all-in-one remote keyboard/mouse.

Tiffany2 replaces Tiffany, the media centre computer I built a little under four years ago. The original Tiffany was built on a shoestring budget of under £300, and provided the technical magic behind the last hundred or so Troma Nights, as well as countless other film and television nights, a means to watch (and record and pause) live TV, surf the web, and play a game once in a while.

The problem with Tiffany is that she was built dirt-cheap at a time when building a proper media centre PC was still quite expensive. So she wasn’t very good. Honestly, I’m amazed that she lasted as long as she did. And she’s still running: but she “feels” slow (and takes far too long to warm up) and she makes a noise like a jet engine… which isn’t what you want when you’re paying attention to the important dialogue of a quiet scene.

Tiffany and Tiffany2. Were this a histogram of their relative noise levels, the one on the left would be much, much larger.

Tiffany2 is virtually silent and significantly more-powerful than her predecessor. She’s also a lot smaller – not much bigger than a DVD player – and generally more feature-rich.

This was the first time I’d built an ITX form-factor computer (Tiffany2 is Mini-ITX): I wanted to make her small, and it seemed like the best standard for the job. Assembling some of her components felt a little like playing with a doll’s house – she has a 2.5″ hard disk and a “slimline” optical drive: components that in the old days we used to call “laptop” parts, which see new life in small desktop computers.

Examples of six different hard drive form factors. Tiffany2 uses the third-smallest size shown in this picture. The computer you're using, unless it's a laptop, probably uses the third-largest (picture courtesy Paul R. Potts, CC-At-SA).

In order to screw in some of the smaller components, I had to dig out my set of watchmaker’s screwdrivers. Everything packs very neatly into a very small space, and – building her – I found myself remembering my summer job long ago at DesignPlan Lighting, where I’d have to tuck dozens of little components, carefully wired-together, into the shell of what would eventually become a striplight in a tube train or a prison, or something.

She’s already deployed in our living room, and we’ve christened her with  the latest Zero Punctuation, a few DVDs, some episodes of Xena: Warrior Princess, and an episode of Total Wipeout featuring JTA‘s old history teacher as a contestant. Looks like she’s made herself at home.

(for those who are sad enough to care, Tiffany2 is running an Intel Core i3-2100 processor, underclocked to 3GHz, on an mITX Gigabyte GA-H61N-USB3 motherboard with 4GB RAM, a 750GB hard disk, and DVD-rewriter, all wrapped up in an Antec ISK 300-150 case with a 150W power supply: easily enough for a media centre box plus some heavy lifting if I ever feel the need to give her any)

A Small World Conspiracy

I keep getting caught up on small world coincidences, since I started working at the Bodleian Library last week. I know about selective biases, of course, and I’ve always said that coincidences happen nine times out of ten, but this is really starting to feel like some kind of amazing conspiracy that I’ve somehow wandered into.

The most recent chain of connected coincidences is also probably the most impressive. But to explain it, I’ll need to take you back in time by almost three years. Back in the summer of 2008, I went to BiCon for the second time, accompanied by Claire and Matt P. Among the various other things we got up to, we met a young lady called Ann (who, if I remember rightly, got along very well with Matt).

This morning I received an email from Ann. It turns out that she works in the Bodleian Libraries: she’s likely to be one of the very users who it’s now my job to provide training and technical support to! She saw my photograph in the newsletter I mentioned in my last blog post and looked me up: small world! I emailed back, suggesting that we get together for a drink after work, and she agreed: great! She also asked if she could bring a friend along, a colleague from the library. Sure, I said, sounds good.

This lunchtime I sorted out some of my holiday entitlement for the rest of this academic year. I booked off a few days for a Three Rings “code week” in the summer, and a couple of days around the time that I’ll be moving house next month. One of these days clashed with a meeting that I’d had planned with the Web/Digital Officer of one of the libraries (I’m doing a grand tour of many of the libraries that comprise the Bodleian, in order to meet all the relevant people), so I sent an email to this staff member to ask if we could reschedule our meeting to another time.

“Okay,” they said, “But I think I’m meeting you in the pub in 90 minutes anyway…”

It turns out that the person whose meeting I’ve asked to reschedule is the friend of the person who recognised me from the staff newsletter, having originally met me three years ago. Out of all of the people (I’m not sure how many exactly – it’s probably in the staff handbook I haven’t read yet – but I’ll bet it’s a lot) that are employed by this, the largest university library in the UK, what are the odds?

How To Use SSH Tunnelling To Allow Services To Pass Through A Firewall

[this post has been partially damaged during a server failure on 11 July 2004; with the exception of the images, it was recovered on 13 October 2018]

Paul has been stuck with a problem of late – he’s now living in university accomodation, and he’s found that he can’t connect through the university firewall to his external mail server. I advised him that it’s possible to set up an ‘SSH Tunnel’ (through central.aber.ac.uk) to fix this problem, but he hasn’t met with much success (see his blog entry for more details). In any case, here’s my investigation (and solution) to the problem.

How To Use SSH Tunnelling To Allow Services To Pass Through A Firewall
In my example, I’m going to try the opposite to what Paul is trying to achieve. I’m going to try to allow my POP3 e-mail client to get access to the university e-mail server (pophost.aber.ac.uk). As things stand, this server is on the other side of the university firewall, and is inaccessible from outside. The server central.aber.ac.uk, however, is accessible from both sides of the firewall. So what I’ve got is this (yes, I know that this is a gross oversimplification):

As you can see, connecting from my home PC is futile:

C:\Documents and Settings\Dan>telnet pophost.aber.ac.uk 110
Connecting To pophost.aber.ac.uk...Could not open connection to the host, on por
t 110: Connect failed

But if I SSH-in to central.aber.ac.uk…

central:~ $ telnet pophost.aber.ac.uk 110
Trying 144.124.16.40...
Connected to pophost.aber.ac.uk.
Escape character is '^]'.
+OK mailsplit Oct 2000 ready

So, what I need to do is to tell my SSH client to connect to central.aber.ac.uk, and forward specific traffic through the firewall to the mail server. Here’s what I needed to know:

(a) A free TCP port number on my own computer from which I can virtually ‘pipe’ the connection. Most numbers over 1024 are fine. I chose ‘9110’.
(b) The name of the mail server – ‘pophost.aber.ac.uk’.
(c) The TCP port to which I wanted to connect – the standard port for a POP3 mail server is ‘110’.
(d) My user name on a server which: (1) I can connect to; (2) can connect to the server specified in (b). It happens to be ‘dlh9’.
(e) The name of the server specified in (d) (i.e. ‘central.aber.ac.uk’).
(f) My password on the server. Like I’m going to tell you that.

The syntax is:

ssh -L (a):(b):(c) (d)@(e)

I’m using the non-commercial version of SSH Secure Shell Client, so here’s what happens:

C:\Documents and Settings\Dan>"\Program Files\SSH Secure Shell\ssh2.exe" -L 9110
:pophost.aber.ac.uk:110 dlh9@central.aber.ac.uk
dlh9's password:
Authentication successful.

At this point, I’m ready to go. Look what happens when I connect to port 9110 on my own computer, now…

C:\Documents and Settings\Dan>telnet localhost 9110
+OK mailsplit Oct 2000 ready

I could simply point my e-mail program at the ‘mail server’ at localhost:9110, and I’d be able to collect my university e-mail (so long as my SSH connection remained open).

Hopefully this guide will help some folks out there who are struggling with this kind of thing, and in particular, help Paul.