Behind a firewall, freedom lost and taken back

Everybody is behind a firewall. This is what “Internet access” means today. I'm sure that this is what makes some people (or, more likely, corporations) happy – no peer to peer connections, no file sharing, no interaction between computers over the Internet. To use the Internet means to browse web pages and check your email, period.

This is what struck me when I moved to a new apartment during my studies abroad. I plugged my laptop into a socket in a wall, and started to check my email and browse web pages. Surprise came, when I tried to log to the server via SSH. ssh_exchange_identification: Connection closed by remote host, said the message. What? My server closed a connection when I tried to log in? After a short research, it appeared to me that I was literally cut out from the Internet, except for WWW browsing and checking email. No listening to multimedia streams, no CVS checkouts, no Internet telephony, no Bittorrent (or any other peer-to-peer software), no on-line gaming, no instant messaging and last but not least – no SSH access to anywhere!

It was supposed to be an apartment with an Internet connection. Being behind a firewall, inaccessible from outside and not being able to use anything but web pages and email – this is not what I would call an Internet connection.

Who has done that to me and why? Short research over the local network showed that I was behind a Microsoft Internet Security and Acceleration (ISA) Server. So some Danish admins decided to reduce the usability of Internet in order to… what? Increase the security? There was one surprise. Skype, currently a hip and cool Internet telephony software, went on-line as usual. With all other applications down, Skype was the only survivor. It turned out that Skype fools the ISA server that it's accessing some secure web pages, while it in fact was sending text messages and voice. Apparently, it was designed to fight such a circumstances.

It didn't take me long to figure out that I can use the same technique to connect via SSH to one of my servers, from which I could access all the others. Few days later I learned on how to establish connections to other servers for chosen services. Next, I created myself a multi-purpose SOCKS proxy and I could instruct many of my applications to use it. This solved most of the problems. One day I decided to buy a webcam, to do videoconferencing with friends and co-workers. I looked at vSkype's website, but it's Windows-only. For videoconferencing, there is Gnomemeeting, which supports h.323 protocol and can connect to Netmeeting and Myphone on Windows and ophoneX on Mac. Unfortunately, h.323 can't connect through SOCKS, so I had to look for another solution. My webcam was still mounted on top of my laptop's display, looking at me sadly. The final breakthrough came with reading the Firewall-Piercing HOWTO. Since then I was able to assign new and shiny public IP address to my laptop, which brought me back to the full membership of the global network. Videoconferencing works perfectly and my webcam is used a lot!

This story proves that trying to cripple users by restricting access to Internet services is not effective and can be overcome. Neither does it increase security. Users are still being attacked by programs they receive in mail attachments and download from web sites. This story also shows, how sad is the reality of today's Internet. What is the user's experience? “Internet” means web pages and e-mail only…

Five IMs

Five instant messaging and internet communications program in my systray is what I ended up after trying to find out, which one is the best. I have: Gnomemeeting, Psi, Gaim, Skype and Gnu Gadu 2. I tried to recall passwords for all of my accounts and it turned out that I have eleven instant messaging accounts. Five of them on jabber servers. Looks like I'm a very online guy.

Timestamp in Derby

I got a response from Derby mailing list. The timestamp substraction is present in 10.1 version of Derby, so it means that the feature was added after Derby went open source. I wonder if transition from 10.0 to 10.1 is smooth, i.e. without dump/restore and database re-creation.

Automatic mixer settings

How to set up a mixer for internet telephony from a Linux box? Even though mixer settings are not complicated, I’ve seen people having problems, not being albo to set up their microphone for audio capture. Mixer have lots of elements and most of them irrelevant (seen the same things on Mac? just two keys on the keyboard for volume adjustment). If you need to set up your mixer for talking over the internet, like Gnome Meeting or Skype, you can try this script:

#!/bin/sh
amixer set PCM 85% unmute
amixer set Master 85% unmute
amixer set External unmute
amixer set Capture 100%
amixer set Mic 0% mute cap
amixer set 'Mic Boost (+20dB)' unmute

It will set up playback and recording. I’m using device names (Mic, PCM, Master) from my sound card, I hope that yours will be the same.

The actual device names on your system will be probably different, but you can list yours and change them accordingly. You can list your controls with “amixer scontrols” for simple controls and “amixer controls” for the full list.