I’ve jailbreaked the touch to get some extra applications on it, I’ve now got email, google maps, games and more… The only issue I still run into where to find an open WiFi connection when travelling around. As there is no bluetooth or any other connectivity besides WiFi you are stuck. That was untill I found the solution!

What about creating an adhoc WiFi network between 2 devices namely my phone (which has got WiFi) and the touch. The only problem here is that network sharing over WiFi is disabled on the blackjack. But with some help I’ve got it to work and I can now surf the internet and email over the 3G connection of my blackjack using the touch. It’s almost like having a 3G iPhone !

the guy that helped me out also wrote a great guide on how to do this yourself. You will need a touch, a Windows mobile 6 phone with 3G and WiFi and some time to spend. Hope you will like it as much as I’m enjoying my new found connectivity…

I guess the new owner of the network isn’t keeping up with maintenance. I hope it wasn’t too much of a problem to you…

The biggest issue for me was that for the first time I found out that I could not reach the help-desk of my provider (Demon). It normally was one of the best providers with a tech-savvy help-desk. But that’s history now with the takeover by our national telco KPN. There is currently a shortage on good quality ADSL broadband providers due to the consolidation that is going on in the consumer market. I still can’t afford a business DSL line, that is very expensive. It’s cheaper to co-locate a mini and get a cheap, unreliable broadband connection at home. I wonder how many mac-mini’s, external disks, routers and power-supplies I can fit in a 1U 19″ rack.

Securing SSH, I found out, is actually not that hard. There is a configuration file /etc/sshd_config which when tweaked can help a lot !

I will go through some of the options you’ll want to change if you want to use SSH:

Protocol
The default installation of OpenSSH allows both SSH version 1 and version 2 connections. Version 1 is known to suffer from security vulnerabilities, and it is strongly recommended that only version 2 be used. To disable version 1 connections use

Protocol 2

Disable root access
To disallow the root user to login, add/uncomment the line

PermitRootLogin no

Only allow specific users
By default, all users who have local accounts on the system are permitted to login through SSH. This is not necessary and only provides attackers with more possibilities for an attack. Users with permission to SSH to the systems should be clearly defined and SSH configured to only allow access to those users.

AllowUsers <usernames>
DenyUsers <usernames>

• <usernames> is a list of usernames separated by spaces
• Usernames can contain * and ? as wildcards
• user@host format can be used; it specifies that the given user is allowed/denied only from the host specified

Passwords
To prevent users with no password (this should never be the case) access to the system add/uncomment this line:

PermitEmptyPasswords no

This are the simple ones, there are more elaborate schemes, that will secure your system a lot better. Hope you found it useful. I you know other options/settings that will help please leave a comment or post in the forums.

Other resources on SSH

• Check out these articles from 2004 at the O’Reilly MacDevCenter.
• MacGeekery: Basic OS X Security
• For general security tips check out the whitepapers from Corsaire

I’m still struggling with parenthood and version 2 of the ISP in a box still has a problem somewhere which I’m sure I had solved but somehow due to all the attention loss I have forgotten what it was about.

When I read Matthew Mullenweg (of WordPress fame) blog entry about OpenDNS I was a bit sceptical. I wouldn’t think speed improvements where possible, the DNS provided by my ISP should be the quickest solution. But to my amazement there was a speed increase when I switched the DNS servers on my Mac. Not much but is was notable and that is enough for me, until I get my own DNS server I’m using OpenDNS.

The added bonus is they promise to prevent phishing and do spell checking. I haven’t had phishing emails for some time so I can’t tell you if that works but the spell checking is great. They correct the typo’s in the domain name you enter in your browser. Try it yourself and find out it is very easy to use they have the the settings you need to change on your local Mac or on your Airport well documented. The best thing it is all for free as well. Hope you like it as well as I did.

This makes it very easy to profit from the ever cheaper connection fees of broadband. To switch to another provider you need to wait till one or two months to end of your contract term (mostly a year) and start shopping around. Get that second phone-line, use it to connect the new ISP. When it is up and running transfer the DNS entries to the new IP address (this usually takes up to 24 hours to go through all DNS servers). After a day or two you can disconnect you old connection and terminate the contract.

I am possibly going to do this myself as my ISP has been bought by a large telco who is infamous for high connection fees. The details of the new contracts we are getting will be published in august, which means I still have time to decide. I’ve been looking around for alternatives that would provide a reliable connection without to many expensive services and found many. But reliability of an is something that is hard to find out so I have been lurking in newsgroups and forums of the ISP’s to see how many complaints there are on connectivity.

I knew that there are service providers that will provide you this service but at a cost. But today I got pointed to a service provider that will provide you this basic for free. You can find them at http://www.rollernet.us. Just register at their site for a free account to be able to setup your service. You can look at this page to tell you how it works.

All you need to do is change one line in the /etc/postfix/master.cf file, change the line:

smtp inet n - n - - smtpd

into

2525 inet n - n - - smtpd

and restart your mailserver to start receiving your email on port 2525.

I wanted to let you know that I have no connection to the Roller Network LLC. Just wanted give you some info to let you run your own mail server when your ISP is blocking port 25. If you know of other service providers providing this service for free let me know and I’ll list them here as well.

A guy named Ken Collins has used 3 mac mini’s and 2 external hard-drives to setup his own NOC (network operations centre). He is talking about some of the services I wanted to include as well like DNS, external disks and automated back-up. I will follow his blog from now on to see if there is anything interesting I can learn. I hope that besides talking about his efforts he will write about how he did it in more detail so that we can learn more from his efforts.

The fun thing is I just ordered the same two external hard-disk enclosures from
NewerTechnology to be used for my own server. I want to use them to create a raid 1 configuration to be used for the server as the boot-able drive with extra partitions for backup purposes. Will let you know when they arrive and how they perform.

The standard firewall is blocking all interfaces with the same configuration. I would like that to be different, blocking most traffic from the internet and allowing everything from the internal network. I’m not a FreeBSD, Unix or Terminal guru and manually configuring ipfw and natd is a bit daunting. I’ve read many web-pages that tell you how to do it like this one from Frederik. While I end up with a perfect working firewall which blocks everything I require and allows the internal network. I’m unable to get that and Internet sharing (with natd and such) working together. I’m getting desperate and think about ending it all by buying an Airport Extreme base station and let that do all the firewalling and port forwarding.

The standard firewall and internet sharing do their work as they are supposed to but one thing still lacking for me was port forwarding for my bit-torrent downloads. I like to download the publicly available torrents (not copyrighted stuff), like software and tv-shows. I really like to watch NerdTV from Robert X. Cringely. It’s much nicer to download stuff via bit-torrent, it’s much easier to the one providing the files and not hog is bandwidth.

But today I found a solution that allows me to forward the bit-torrent ports from my mini server to my mini desktop. Internet sharing uses natd with some default configuration which I don’t know how to change. But I can kill the running natd process and replace it with my own.

What I do is find out if it is running by using ps -x | grep natd and copy the command-line that appears to the clipboard. Then kill the natd process by issuing a sudo kill <process id>. I then start it up again with the command-line I copied to the clipboard and add the following options behind it:

-redirect_port tcp 10.0.2.2:6881-6999 6881-6999 -redirect_port udp 10.0.2.2:6881-6999 6881-6999

This will redirect all incoming bit-torrent traffic coming in on my mini server and forward it directly to my desktop. The desktop has the ip-address of 10.0.2.2 and you need to change that to your situation. This will increase the speed at which the torrents are downloading significantly.

Still I will keep looking and try to find a proper setup as described above. If someone has some pointers please let me know.