My VPN Service Showdown

You need to determine what things are important to when when looking for a VPN Service.

Features I wanted:

  1. reasonable P2P allowances
  2. support for pfSense
  3. speed, ideally 80-100% of my bandwidth capability
  4. streaming video, eg, Netflix or Amazon Video not blocked

I am less concerned about:

  • company location, ie, if the company is US-based
  • logs, since all services shy away from keeping logs

I imagined that I may use some online-service (eg, Netflix) which wouldn’t work correctly, so I also setup another wifi network which bypasses all VPN connections.

My Top Service

Mullvad

I like Mullvad a lot. The pricing is very simple at $5/mo and there isn’t any long-term commitment necessary to get that pricing (ie, no need to pay for a full-year up front). I switched to a different server and was getting consistent 100-110 Mb/s download.

Signing up is dead simple. And the installation on pfSense seemed to be one of the easiest as well.

Mullvad also has port-forwarding capabilities. Unfortunately it didn’t help with my Plex issues.

Tested Services

Private Internet Access

I used a friend’s PIA account for this. Initially the speeds were great at around 110-120 Mbps, but after a few days they would drop to 5 Mbps and never recover.

ExpressVPN

ExpressVPN was decent. Their server speeds were consistent but pretty slow. On average, I was getting only 1/2 of my regular bandwidth.

The look of the website is clean, but I found it difficult to find out how to actually install their desktop software.

NordVPN

Separate server choices for P2P. Crazy number of US servers ! (but I don’t know where they are)

Downloaded software directly from their website. After launch it notified me that there were updates ! (Hmm, that’s bad ! The download should have already been the latest version.)

NordVPN had relatively higher speeds – definitely over 70-80 Mbps. However, it was hard to consistently test with testmy.net.

Their pfsense configuration was much more complex, including special DNS configurations which no one else had. My browsers would hang while surfing, etc. I seemed to be because the DNS queries took awhile to work – for example, on the command line I would ping a server. The first two responses would be icmp errors, then the ping would go through and would resolve the IP address.

iVPN

(to try)

IPvanish

This was the first VPN service I tried, however at the time I didn’t yet have my pfSense router. The service seemed good, so I’d like to try it again.

Vypr

(to try)

References

  • https://thatoneprivacysite.net/simple-vpn-comparison-chart/
  • https://www.top10vpn.com/top10-lists/
  • http://www.top10bestvpn.com/
  • https://www.bestvpn.com/best-vpn-services/

Auto Connect to VPN on Boot & Login in MacOS Sierra

I added VPN connectivity to my network and I wanted to make sure the connection to the remote VPN was always running. One way to do this is to use AppleScript to check the connection status. The problem I had was that the AppleScripts that I found no longer worked with MacOS Sierra.

After some digging, I got it to work. Here’s my script:

Modifications

Change the variable myVPN to the name of your network connection. Here mine is VPN (dallas).

Also modify the return value if you want the time between checks to be longer or shorter. Here I’ve set mine to 15 seconds.

References

These are the some of the pages that I started with. The instructions for script generation and auto-boot still apply. So you can still reference them for those other tasks:

  • http://osxdaily.com/2016/08/10/auto-connect-vpn-mac-boot-login/
  • https://www.maketecheasier.com/auto-connect-vpn-mac-startup/

Some other tech references which helped:
* https://www.cyberciti.biz/faq/mac-osx-applescript-run-shell-script/
* “on idle” reference

DMC Corona UI – Awesome widgets for Corona SDK

I’m happy to announce the release of my new library DMC Corona UIWidgets for Corona SDK. It’s been a couple of months in the works and now I feel it’s stable enough for others to use. I put together the following screencast to give some insight into what it can do.

The library is comprised of Widgets, Styles and Controls.

Many of the Widgets, like Text or TextField, wrap other OpenGL or platform-native objects to make them behave more consistently and without a doubt give them a lot more Awesome. Some of their important core functionality is based around concepts learned from Adobe Flex.
The other items like the ScrollView and TableView are evolutions based on both code I’ve written in the past and ideas from the UIKit API from Apple iOS.
All of the components are style/theme-aware.

The Styles represent a powerful way to manage style properties and can be linked together to form an inherited cascade of style goodness. There are a couple of ways in which they can be organized, and putting everything into a single location or into full themes is really easy.

The Controls, like Navigation, are totally new and again borrow a lot of lessons from iOS. This one alone saves me from writing a lot of navigation code for complex projects. There are more cool Controls still to build.

Even though some of the ideas are from iOS, I spent a lot of time thinking about WWCD (What Would Corona Do) as I think the Corona API is one of its many strong points. At times this required more coding to ensure this complex system was easy to use. I think the result is a good blend of the two worlds.

As “side projects” to this endeavor, I re-vamped my documentation site from an aging wiki server to a sleek, modern static-website (old is new again!) which has many benefits one of which is being blazingly fast. I also put a build system in place (snakemake) to help wrangle all of the updates to the modules in the DMC Libraries (now over 40+).

There’s more work to be done for sure, but I think we’re off to a really good start. 🙂

Enjoy !

~ dmc

Should you get an Amazon Echo ?

The Amazon Echo is a high-quality device in both its form and function. For my interests in the Echo, I thought that the special price of 99$ for Prime Members was a bargain. For others I think it’s going to have to do a lot more, especially to justify the intended regular price of 199$.

I’ve been using my Echo for over a week and I like having it around, but should you get one at 99$ ? Well, if what you’re looking for in the Amazon Echo is:

  • A personal assistant
    Right now the Echo has limited capabilities which consist of a small set of actions for a handful of categories – music, lists, information, weather or time. If you like technology and during the day you make lots of searches/queries in at least one of those categories then I would consider it. Otherwise, the Echo’s novelty is likely to fade quickly.

    Simply determine if any of your most-accessed mobile apps fit into the categories above. I find that I use Echo mostly for its music and news broadcasts and often ask help with weather, my shopping list, and timers. Similarly, I already have corresponding mobile apps which I use on a daily basis.

  • Bluetooth speaker
    The Echo works really well as a Bluetooth speaker and has no trouble filling a large room with good quality sound. Playing bass-heavy music, like hip-hop or dance music, on the highest volume didn’t produce any obvious distortion. But even at 99$, I think that purchasing the Echo as just a speaker is a hard sell considering the likelihood another one on Amazon could outperform Echo for half that price.

    However, if the prospect of having the additional personal-assistant functionality is remotely interesting, then I’d consider it. What you’ll experience at least once when you use Echo, like when setting up your Bluetooth connection, is how easy it is to use technology when your voice becomes the UI.

    I’ve never owned a Bluetooth speaker before, but now I use Echo to play audio from my iPhone or iPad when using apps like Pandora or Newsy. I prefer the enhanced sound quality, plus it’s cool that I can still control the volume with my voice.

  • Tech street-cred
    If you’re a technophile, a hard-core developer or someone that likes to play with cutting-edge technology then the Echo is for you. It’s already a very robust piece of technology which offers a glimpse of the future and will help you to re-imagine personal computing. However, to ensure a lasting relationship, refer to the guidelines I mentioned above in Personal Assistant as they still apply… at least until Amazon releases a dev kit.

I can envision a day that this type of technology plays a huge part in personal computing, but there’s a long road ahead before we’re there. So if you’re still on the fence about the Echo then you should probably sit out for awhile and wait until the technology matures.

Generating Random Session IDs

For any online service you must login so you can gain access to your stuff. So that you only have to put in your password once, the website must maintain a special unique character sequence called a session key to know that you have already authenticated.

There is a problem with these keys, however, if they are not truly random. This is detailed in a paper I stumbled upon entitled Brute-Force Exploitation of Web Application Session IDs by David Endler. It covers ways in which these keys can be “hacked” because they are not unique, but rather follow some sequence which can be guessed. He lists some major websites which he was able to get access to information that should have been private.

The paper got me thinking about how to generate random session keys, so I created some quick Python scripts using Twisted which demonstrates my solution. (This was my first time using Twisted, so it’s very possible that there is a better way to structure the code).

Solution

The character buffer in the server is used to generate new keys.

To fill the buffer:

  1. Create a list of websites which themselves deliver random web pages (eg, wikipedia)
  2. Select a website from random and ask for a random page
  3. Grab the data within the HTML body tags and put that string in the character buffer
  4. When the buffer needs more data, go back to 1.

To generate X number of keys:

  1. Grab two random lengths of the character buffer. Use one to re-seed the random generator and the other as the basis for the new session key. Create the session key using MD5 and the key seed
  2. Update() the current MD5 session key using a generated random character / string
  3. Add that key to the buffer.
  4. When the key buffer needs more keys, go back to Step 1. For every Y number of keys generated, go back to Step 0.

Notes

We don’t use a new seed for each MD5 session key because the buffer will be emptied too quickly. Of course, the settings for the buffer size, etc could be tweaked.

Performance

Running the server code on my Mac Mini (2.16GHz Dual Core) and 5 clients on another machine, I was able to service ~8000 keys/sec (~750 million keys/day).

Conclusion

My experiment satisfied my curiosity and answered the questions from my own project.

There are, of course, many tweaks that can be made. Send me the code changes to your favorites and I’ll include them.

“Click to download the client server files.”:/downloads/code/HTTP-Session-Key.zip

Resources

How to build and install the Metakit DB for Python on MacOSX

Ever since I used it years ago on a geek-project for my Zaurus, the Metakit DB has always been a favorite of mine. I had the chance to use it again on another personal project and this time on MacOSX. Unfortunately, the prebuilt binaries on the Metakit site are for older versions of MacOSX, so I had to build it myself.

Normally one would simply follow the “Metakit installation instructions”:http://www.equi4.com/pub/mk/, but they are old and didn’t work correctly with 10.5 Leopard. I scraped enough information together from the Internet to get it working, but I had to do a lot of research. To save others the same hassle, I have put together all of the changes and put them here in their entirety:

Building Metakit

Make sure you have Xcode installed on your system before starting.

Get the latest source from the “Metakit downloads page”:http://www.equi4.com/pub/mk/. At this time the latest version is @metakit-2.4.9.7.tar.gz@.

Uncompress the archive in a work directory and run the following commands:

Note: Your Python install might be in a different location. If so, give the @–with-python@ arg the proper value.

“Fat” binary setup

If you need this to run on the PPC architecture you will need to make a couple of modifications to @./builds/Makefile@ after running @configure@, otherwise you can skip this step and build the binaries with @make@.

Find @CXXFLAGS = $(CXX_FLAGS)@ and change to the following:

Find @SHLIB_LD = g++ -dynamiclib -flat_namespace -undefined suppress@ and change to the following:

Build the binaries

Run your typical @Makefile@ commands:

Installing Metakit

Rename the shared library which is now in the @./builds@ directory:

And copy the following files to @/System/Library/Frameworks/Python.framework/Versions/2.5/Extras/lib/python@ (be sure to adjust the path name for your version of Python):

Testing Metakit

At this point you should have a working system and ought to be able to run the following command in a Python shell without issue:

Enjoy !

h3. Resources

  • “Metakit for Python website”:http://www.equi4.com/metakit/python.html

  • “helpful instructions from www.ospace.net”:http://www.ospace.net/wiki/index.php/ServerHowTo

Freezing away my Nokia woes

The biggest problem which still plagues my Nokia 6600 is that the phone is difficult to turn on after it has been turned off. When I try to turn it on the backlight will illuminate, but the boot sequence stops there (eg, the Nokia symbol won’t show, etc).

…I won’t go into too much detail about why I decided to put my phone in the freezer, though the seed was planted after a conversation with my friend Simon regarding my phone issues.

…A couple of days later, I was ready to try and reformat the internal memory to see if that would cure my reboot problems. I turned off the phone to start the process, but I then remembered that I had forgotten to synchronize the latest changes in my address book with my computer.

…Just to make sure it wasn’t a fluke, I turned the phone off and on several times and it booted without any problems (though the display/CPU were a little sluggish because of the cold).

In the end I was able to make a final backup and do a synchronization before I started doing other radical fix-it things with my phone.

As final words I will say that there was a little more condensation buildup on the phone than I felt comfortable with only because moisture and electronics don’t mix. So midway through the process I started to put the phone in a plastic Zip-lock bag and squeezed out most of the air to keep the condensation to a minimum.

Nokia 6600 Resurrection

I have reason to believe that my mobile phone is dying, but I hope not. I bought my Nokia 6600 about 1.5 years ago and, up until 2.5 weeks ago, it has been a very dependable phone.

Symptoms

• The Message application crashes every time when trying to display the ‘My Folders’ area of Messages. I get the error “App. closed mce !”.

• The phone won’t boot up when I put in a freshly recharged battery, though the backlight will come on like it’s trying. Sometimes it takes 20 attempts before the Nokia logo will appear (the logo signals that the phone is booting up). Also I’ve found that, when there are these startup problems, the phone won’t charge when the power adapter is connected directly to it.

The interesting thing is that once I am able to get the phone to boot, it will continue to run like normal until the battery is drained. However, if the phone is switched off when the battery starts to drain, the phone will never boot back up with that battery. The phone will also charge the battery when in this situation.

Possible Causes

I think there are two things going on:

• Old batteries

I’m starting to think that my two batteries are getting old and don’t have the maximum voltage that for which they are rated. I have the original and also bought a spare almost exactly one year ago from Malcomwireless.

I theory is that that the phone the circuitry can’t power up unless there is sufficient voltage. Consequently it takes several tries to get the phone to turn on.

I wish that I had my voltmeter handy to test this.

• Memory issues

I initially thought that the crashing Messages application was due to the fact that I had saved too many messages in the ‘My Folders’ area on the external memory card. Even though I had over 300 messages in a single folder, this doesn’t seem like a lot because the phone has a somewhat ‘modern OS’ on it – Symbian Series 60. I checked the manual for folder limits, but there was nothing written.

All this seemed to have happened all at once.

Conclusion

I will rebuild it – better, stronger, faster.

Hacking the front page to display my blog entries

h3. The problem

I wanted the home page of my web site to show my blog entries and also be a little more dynamic by displaying other related content.

The default @index_html@ page for my blog software, Quills, does display the current entries, but from what I read online there was no great solution to get its default page to show at the root.

Plan B was to replace my generic @index_html@ page with one which would query the Quills weblog object for all of its entries and then display them one at a time. I wanted to use one of Plone’s built-in user-addable types for the script but as far as I can tell they are only used to display formatted text and won’t execute any code. I finally used the Zope Management Interface (ZMI) to add a single Zope Page Template (ZPT) called @index_html@.

h3. Understanding how Plone draws a page

I read several chapters in the book The Definitive Guide to Plone to figure out how to proceed, but the one which gave the most pertinent information was Chapter 7 – Customizing the Main Template.

In short, Plone has a special Zope Page Template (ZPT) at @/your_plone_site_folder/portal_skins/plone_templates/main_template@ which contains the HTML and special markup used to render the basic structure of each page in the site. Among other things, the markup defines regions within the page called @define-slots@. These slots are filled in by an object as it is being rendered for view in the browser. Using a master template like this assures that the site has a consistent page layout.

Within this master template there are slots defined for different sections of the HTML like @head_slot@, @css_slot@, @column_one_slot@, and @content@. Some examples of these slot definitions follow. Notice that they can be within different types of tags.

When you are rendering your ZPT, you define the areas which will “fill” these slots and place the pertinent content within them. These areas are appropriately called @fill-slots@. Here are some examples:

There are other things to know about how a page gets rendered, but this is the basic idea.

h3. Creating the page

With @define-slots@ and @fill-slots@ in mind, I created my ZPT at the root of my Plone site called @index_html@ so I could start hacking. For my purposes I was only interested in changing the fill-slot @main@ so I defined my fill-slot like above and put some bogus content in it to make sure I was on the right track. I filled out the rest of the code with guidance from examples in the book, other code in the Plone @portal_skins@ area as well as in the Quills product directory.

h3. Getting the entries

The Quills file @/Zope/Products/Quills/WeblogArchive.py@ had two methods defined which return a list of blog entries – @getEntries()@ and @getLazyEntries()@. The difference being that the latter only returns the catalog search objects, so it’s fast but the data which can be displayed is limited to the metadata definitions in the @portal_catalog@. I was hoping to get the full text of the entry so initially used @getEntries()@, but it turned out to be too slow.

h3. Keeping with the site look

Next I wanted to use as much of the site style sheet as possible too keep the look consistent. Most of the important entries are in the main style sheet which is found at @/your_plone_site_folder/portal_skins/plone_styles/plone.css@.

h3. Extras

I added this page to the site RAM Cache since this is the front page and the entries don’t change very often. ZMI > Cache Tab > Cache Object Using RAM Cache > Save Changes. Easy.

I also hacked together an RSS icon and feed in the h1 title.

h3. Things to update

My page works, but I should tidy up some of the CSS and change the design to be a little more interesting. I also have hard-coded the name of my weblog object instead of using the @portal_catalog@ to find it for me.

You can click here to download the template.

Ho Hum on the Apple front, but I still want a Mini

I am glad that Apple has upgraded the Mac Mini with the new Intel processors because I wanted to get one to use as my web server. Awhile back I read something which stated that Python runs slower with FreeBSD on a Mac. I can’t remember if it was a combination between the language/processor or language/OS, though I’m hoping for the former. The latter would mean that the processor change wasn’t going to help the bottleneck in the multi-threaded environment (or whatever the issue happened to be). Now that the upgrades are a reality perhaps I can dig into the problem again and see if it’s is no longer an issue.

The performance of Python is important because my web server of choice is Zope and it’s written in Python. Within the next year I’d like to have my web sites on a hosted server instead of sharing space, and I’d rather it be running on a Macintosh. I like the idea of having a Mac because they’re easier to administer when you’re not a system administrator in real life. On the other hand I’d hate to buy a Mini and have it sitting in a dark colocation somewhere with no one to fully appreciate its classy exterior. It would better serve me running Front Row, sitting on top of my entertainment center right next to my Airport Express, and then I could ship a “Dull” to the data center.