Archive
Using a La Fonera as a sandbox SSID to provide safer access for visitors in the office
I was chatting with Ali Ebrahim over IM and mentioned to him that the La Fonera was quite useful as a quick mechanism to provide a sandbox SSID for visitors to his office who wanted to connect to the Internet. I’d like to elaborate on the exact mechanism
Offering access via the office WLAN or even via a wired connection opens up the risk of having an external entity access to an office’s internal network. I’ll leave it to your imagination as to what could possibly go wrong here (virus infection, internal file shares visible etc).
Whilst it is always possible to deny any form of Internet access to a visitor, it is possible via a La Fonera not only to provide access but at the same time be secure.
You may rightfully ask
Won’t it require the visitor/guest to be a fonero , that is run La Fonera/Fonera+ at his/her home/office so that he could connect to our office’s FON Access Point ? This may preclude the majority of visitors to an office
The answer is
- Use the Friends and Family mechanism available by logging in on the FON User Zone.
The Friends and Family mechanism in the FON User Zone enables a fonero to setup local users on his FON Access Point with an associated password. This username and password is specific to that FON Access Point. You just need to setup one username/password. Multiple users can connect to that FON Hotspot via that username/password. I recommend modify the captive portal page to inform people about the username/password. The La Fonera defaults to having the bandwidth limited to 512 Kbit/sec to the Internet for connections made via its FON_whatever SSID. Connections made to the public SSID FON_whatever are on a separate VLAN and users cannot see any open shares on the office network.
Thus with this mechanism, one could allow access to the Internet to visitors/guests in an office environment by having them connect to the open FON_whatever SSID and still have them separate from the office internal network. You should keep your private SSID secure using WPA2 and use a difficult to guess password. It’s best to change the default password which is the serial number of the La Fonera as well as the default private SSID which is MyPlace
BTW, If you are using FON, I really recommend the Devicescape Connection Manager. It makes connecting to FON Hotspots pretty much a no-brainer. I really wish providers like Y5Zone and PCCW in Hong Kong would work with Devicescape and get their hotspots supported in the system. I’ve seen a number of their customers asking in the forums how to get Devicescape working with such hotspots. I’m also looking forward to a proper iPhone Devicescape app when Apple officially allows it
A brief interlude with Yahoo Pipes
Friend and fellow jamaat member Ali Ebrahim recently setup an instance of the Venus RSS aggregator to create Planet Bohra. He had pulled the twitter feed for mumineen.org but my grief was that when I clicked the link from inside Planet Bohra, I would be sent to the twitter page and not to the final destination.
I thought I would have to hack Planet to get around this. Thinking for a few minutes, I realised that maybe I should munge the twitter feed via Yahoo Pipes and started playing around with it (I had never used Yahoo Pipes before).
A short while later, I had something which did the trick and Ali was able to incorporate into Planet Bohra.
I should try and get together with Ali and see if we can do something more interesting via Yahoo Pipes.
Got one year free access to Encyclopedia Britannica
Found out via this post on Techcrunch, that Encyclopedia Britannica was now free for bloggers and those bloggers accepted into the program can provide direct links to articles within Britannica and its available to their readers in its entirety.
I applied into the program and got accepted and I thought I’d link to what Britannica writes about my community Dawoodi Bohras and compare that to what is available via Wikipedia.
Gaining control of your phone via HongKong's Unsolicited Electronic Messages Ordinance
It’s been a hassle being interrupted at the most inconvenient time by a tele-marketeer in Hong Kong who calls at every hour conceivable.
A couple of months ago, I came across this page at OFTA’s (Office of the Telecommunications Authority) website which described the procedure for registering a telephone number in the do-not-call registry.
It’s been peaceful ever since. So to all my readers in Hong Kong, if you haven’t done so, register your telephone numbers at the earliest.
Generating cache-friendly URLS for parallel image loading
The use of parallel image loading to improve page load time has been documented in multiple places. One of the key things to understand when one is using this technique is to always generate the same URL for the same static asset even if it resides on a different page.
This will allow the end-user to take advantage of HTTP proxy caches.
I wrote these set of simple PHP functions to demonstrate how one could incorporate this when generating the container HTML page for a website which uses parallel static asset loading
<?php
function path_to_origin_suffix($path,$NUM_ALIASES=2)
{
/** Take hex value of md5 of $path. Get the ord value of the last
hex char. Output it mod $NUM_ALIASES
**/
if (1 == $NUM_ALIASES)
return 0 ;
$hex = md5($path);
return ord($hex[31]) % $NUM_ALIASES;
}
function make_url($path,$scheme="http",$origin="static.example.org")
{
/**
Add leading slash to $path. Generate suffix to append to basic
hostname
basic hostname is the phrase before the 1st '.' in $origin
Output a fully qualified URI encased in double quotes ""
**/
$pos = strpos($path,'/');
if ($pos === FALSE || $pos != 0) {
$path = sprintf('/%s',$path);
}
$suffix = path_to_origin_suffix($path);
$array= explode('.',$origin,2);
$host = "$array[0]$suffix.$array[1]";
$abs_href = "$scheme://$host$path" ;
echo "\"$abs_href\"";
}
function test() {
echo make_url("/here/is/foobar") , "\n" ;
echo make_url("here/is/foobar"), "\n" ;
echo make_url("/there/is/foobar") , "\n" ;
echo make_url("/there/was/never/a/foobar"), "\n" ;
echo make_url("/please/mee/it/54"), "\n" ;
}
//test();
?>
<html>
<head><title>Parallel Static Asset Loading</title></head>
<body>
<img src=<?make_url("/john/rambo.gif")?> />
<img src=<?make_url("here/was/john/rambo.gif")?> />
</body>
</html>
Hope this helps
Impact of OpenDNS on CDN services particularly when used in Asia
At work, I am testing a CDN service run by Panther Express. I have been asking various colleagues and friends to run pings,traceroute and send me some HTTP response headers to analyze which Panther POP gets picked up where
Whilst working with a colleague in our Manila office, I found that he was being redirected to a Panther POP in San Jose California instead of being redirected to either a Hong Kong or Singapore POP as I expected.
I asked him for his /etc/resolv.conf entries and when he sent those to me, I found that one of the entries was that of OpenDNS dns cache. Whilst I truly appreciate OpenDNS’s work particularly its PhishTank system and API which we also use as part of SURBL, I think Asian users should understand that if they use OpenDNS then their DNS traffic leaves from the US and Content Delivery Networks like Akamai, Limelight, Mirror Image, Panther Express will route them to their US POP’s instead of their Asian POP’s
Once my colleague removed the OpenDNS entry, he was routed to the Asian POP for Panther Express
Joi Ito, Pindar Wong in discussion with me about Creative Commons in Hong Kong
On Monday 21st January 2008, I got a few hours notice that Joi Ito who wears many hats amongst which he is the Chairman of Creative Commons, board member of Mozilla Foundation, board member of SanrioDigital whose staff I work closely with regularly was visiting Outblaze’s offices.
Whilst Joi caught up with SanrioDigital staff members, Pindar Wong an Internet pioneer in Hong Kong who co-founded the first licensed ISP in Hong Kong dropped by to share a few words with Joi. The discussion amongst us veered towards the issues facing bringing Creative Commons to Hong Kong and I’ve blogged about on the Outblaze blog.
Towards the end of our discussion, I send a shout out to lawyers specializing in intellectual property to review the draft of the localized Creative Commons license for Hong Kong so if you are my reader who fits that profile I hope that you will do the right thing
It’s a bit wierd though watching yourself on YouTube though. How do you think I fair ?
In a digital world, what does it take to scrap CD's ?
25 million pounds or
50 million US dollars
That’s what it takes EMI according to this article in the Financial Times
Read it and be flabbergasted
network logging via djb's multilog
Had this recipe stuck in an old email somewhere, hope this helps someone else
The attached run files are required for the server who captures logs and the client which will send the logging data request.
Server
#!/bin/sh export PATH=”/usr/local/bin:$PATH” setuidgid remoteloguser tcpserver ip-addr-of-server listen-port-on-server multilog ./log
Client
#!/bin/sh export PATH=”/usr/local/bin:$PATH” 4>&1 | tcpclient ipaddr-of-server listen-port-on-server 6<&0
How to get PHP5 with GD enabled with JPEG/PNG on x86-64
I was trying to figure out why on CentOS 5.0 box on x86-64, I was unable to get GD support in PHP 5.2 for libjpeg and libpng. Lots of googling and looking through the PHP bug list and I finally worked out the magic invocation so for posterity (ie search engine’s sake) here it is
On an x86-64 environment ensure that you have the following configure options
-with-jpeg-dir=/usr \
–with-png-dir=/usr \
–with-libdir=lib64
Yusuf Goolamabbas 