Category: Main

Categories
Government Main Politics

Capitalism is pro-markets; corporatism is pro-business

I can empathize with the Occupy Wall Street protestors, but my perception is that many of them misunderstand the cause of their pain. They naively blame capitalism; they should blame corporatism.

Corporatism is the alliance of government and business. It happens on the left (think Solyndra), and on the right (think military-industrial complex), in the Federal government (think bipartisan bailout of GM) and in local government (think Utah naming April 5, 2010 “Cafe Rio day”.)

Corporatism is pro-business. Specific businesses get government subsidies, above-market-rate contracts, or special recognition.

Capitalism is pro-market. The consumer decides whether to favor GM or Ford; Cafe Rio, Costa Vida, Bajio, or Chipotle.

I loved Phil Windley’s post today on how Occupy Wall Street and the Tea Party, though they seem like polar opposites, actually share a disdain of corporatism and ought to work together to fight it.

Image source: James Sinclair

Categories
Main Tech Unix Work

Script to enable/disable SOCKS proxy on Mac OS X

I’m working in a coffee shop today. I used SSH and SOCKS to browse the Internet securely, but today I decided to take it a step further and automate the process with a shell script. Here’s the script, for what it’s worth:

#!/bin/bash
disable_proxy()
{
        networksetup -setsocksfirewallproxystate Wi-Fi off
        networksetup -setsocksfirewallproxystate Ethernet off
        echo "SOCKS proxy disabled."
}
trap disable_proxy INT

networksetup -setsocksfirewallproxy Wi-Fi 127.0.0.1 9999
networksetup -setsocksfirewallproxy Ethernet 127.0.0.1 9999
networksetup -setsocksfirewallproxystate Wi-Fi on
networksetup -setsocksfirewallproxystate Ethernet on
echo "SOCKS proxy enabled."
echo "Tunneling..."
ssh -ND 9999 MYHOST.macminicolo.net

Instructions:

  1. Save this to a file. I saved it to “/Users/richard/bin/ssh_tunnel”.
  2. Make it executable and run it. 
    $ chmod a+x /Users/richard/bin/ssh_tunnel
$ /Users/richard/bin/ssh_tunnel
  3. It creates an SSH tunnel to my dedicated server at macminicolo.net and routes Internet traffic through that server.
  4. Hit Control-C to quit. The proxy is disabled. No need to fiddle with Network Preferences manually.

UPDATE March 18, 2011: I haven’t tried it, but Sidestep appears to be a free Mac OS X app that will enable SSH tunneling automatically when you connect to an insecure network.

Categories
How To Main Tech

Script to enable/disable DMZ on Linksys and Verizon routers

Your home Internet router gives you some protection against direct attacks on your computer by keeping your home network safely encapsulated. Each of your home computers can access the Internet (this is called NAT), but no outsider can access your computers directly. Outsiders only see the router. However, sometimes you want your computer to be “fully” online. Enter the “DMZ” feature of your router. Your router’s DMZ allows one of your computers to be fully exposed to the Internet (for better or worse).

Reasons to enable your DMZ:

  • Access your files while away from home.
  • Serve web pages from your computer.
  • Make BitTorrent transfers faster. BitTorrent transfers are usually faster when your computer is directly exposed to the Internet.

For my work at FamilyLink.com, I develop directly on my local machine. While working on our Facebook application, I need to allow Facebook servers to directly access my machine. (When you use a Facebook app, you’re accessing Facebook’s servers and Facebook servers are, in turn, accessing the developer’s server via a callback URL. While working on our Facebook app, Facebook directly accesses my local machine.) This requires me to open my machine to the DMZ.

Reasons not to enable your DMZ:

  • Your computer is more likely to be hacked
  • Your private data is more likely to be accessed

If you enable your DMZ, know which services are enabled on your machine and which files and data are being shared. There may be files you’re comfortable sharing on your local network that you wouldn’t want to share with the world. Only enable the DMZ as long as necessary.

Enabling the DMZ can be a pain — logging into your router and navigating to the correct setting — so I wrote the following Ruby scripts to make it easy. The first worked with the Linksys router I had. (I believe it was a WRT54G.) To use, fill in your router’s IP address and password, and your computer’s hardware address, then type “linksys_dmz.rb on” or “linksys_dmz.rb off” at the command-line. The script looks up your computer’s hardware address in the table of local IP addresses so the IP address can safely change from time to time.

#!/usr/bin/env ruby
# linksys_dmz.rb

router = '10.1.1.1'
user = 'admin'
pass = 'your_password'
hardware_address = '00:23:6C:00:00:00'

leases = `curl -su #{user}:#{pass} http://#{router}/DHCPTable.asp`
leases.scan(%r{'([^']+)', hardware_address}) do |m|
  ip_address = m[0].strip.to_s
  last_digit = ip_address.split('.').last
  if $*[0] == 'open' || $*[0] == 'on'
    post_values = "submit_button=DMZ&change_action=&action=Apply&dmz_enable=1&dmz_ipaddr=#{last_digit}"
    print "Opening DMZ to #{ip_address}\n\n"
  else
    post_values = "submit_button=DMZ&change_action=&action=Apply&dmz_enable=0"
    print "Closing DMZ\n\n"
  end
  `curl -su #{user}:#{pass} -e http://#{router}/DMZ.asp -d '#{post_values}' http://#{router}/apply.cgi`
end

Last year I switched to Verizon FIOS, which came with its own wireless router, so I had to write a new script. Again, fill in the password, then type “verizon_dmz.rb on” or “verizon_dmz.rb off” in Terminal. (This script assumes a 10.1.1.* network. Change it to 192.168.1.* if that’s what you have.)

As a side note, the Verizon router was a bit of beast to automate. It uses a hashed signature to try to enforce JavaScript-enabled browsers. Writing this script required using TamperData, Charles Proxy, and a lot of trial and error to discover which POST data were necessary.

I use this script to open the DMZ before working on our Facebook app, then I close it when I’m done for the day. Eventually, it’d be nice to find a way to enable the DMZ remotely — maybe via email or something.

#!/usr/bin/env ruby
# verizon_dmz.rb

require 'rubygems'
require 'mechanize'
require 'digest/md5'

user = 'admin'
pass = 'your_password'

localhost = `ifconfig`.scan(/inet (\d+\.\d+\.\d+\.\d+).*broadcast 10.1.1.255/).join
router    = localhost.gsub(/\d+$/,'1')

begin
    agent = Mechanize.new
    page = agent.get("http://#{router}:81")
rescue Exception
    abort "Unable to connect to Verizon Router! Check the IP address."
end

form = page.forms[0]
auth_key = form.fields.find {|f| f.name == 'auth_key'}.value
form.fields.find {|f| f.name == 'user_name'}.value = user
form.fields.find {|f| f.name == 'md5_pass'}.value = Digest::MD5.hexdigest(pass + auth_key)
form.fields.find {|f| f.name == 'mimic_button_field'}.value = 'submit_button_login_submit%3A+..'
form.method = "POST"
form.submit

post = {
    'dmz_host_cb_watermark' => '1',
    'dmz_host_ip0' => localhost.split('.')[0],
    'dmz_host_ip1' => localhost.split('.')[1],
    'dmz_host_ip2' => localhost.split('.')[2],
    'dmz_host_ip3' => localhost.split('.')[3],
    'active_page'  => '9013',
    'mimic_button_field' => 'submit_button_login_submit%3A+..',
}

if $*[0] == 'open' || $*[0] == 'on'
   post['dmz_host_cb'] = '1'
   puts "Opening DMZ to #{localhost}"
else
    puts "Closing DMZ"
end

agent.post('/index.cgi', post)
Categories
Family Main Programming Tech

FamilyLink.com + Kynetx: How websites could be better with your family

I’ve been playing around with Kynetx.com technology. I think it has a lot of cool potential for helping FamilyLink.com users see who their relatives are across multiple websites.

For example,

  • What if you could see your FamilyLink.com relatives directly in Facebook?
  • If you knew which LinkedIn users were your relatives, would you be more likely to do business?
  • If you knew which Twitter users were your relatives, would you be more likely to follow them?
  • If you discovered that a comment on a political news story with which you strongly disagreed was from a relative, would you be more careful how you responded?

Here’s a demo video:

Categories
Business Entrepreneurship Main Programming Tech

Reminiscing about Provo411.com and Scraping the Course Catalog

One of my first web development projects and biz partnerships with Brian Stucki was Provo411.com. We were roommates at BYU and conceived of a website where students could share events — parties, concerts, football games, etc. We were already in our beds for the night when the idea came, but we couldn’t go to sleep before buying the domain. I think it was the first domain I ever bought. It was September 2002.

I developed a calendar in PHP and wrote a few scripts to scrape byucougars.com and retrieve the sports schedules. I also developed a WML app so Brian and I could add events to the calendar from our pre-iPhone mobile phones. I recall being at a party in south Provo, in a former dental office, and using my Nextel phone to add the party to Provo411. If you go back far enough, you can see events on the calendar. My brother Alan did the artwork.

I always wanted Provo411.com to have a course schedule alert system. Perhaps students would pay $3 to receive an email or SMS alert when hard-to-get classes had an opening. It shouldn’t have been hard technically, but the publicly available course catalog isn’t updated in real-time. I could have scraped the authenticated course catalog on Route Y, but BYU might have objected and it’d be a fragile business model.

My brother Michael recently came home from his mission and started school at CSN. The business classes he wanted were full, so I put the old “course schedule alert” idea to the test with some new tools — Ruby and Mac OS X’s speech. Here’s what I came up with:

#!/usr/bin/env ruby

# a list of course call numbers to check
call_numbers = %w{ 46405 46407 46409 46411 46415 46413 53252 53254 53256 53258 53260 53262 53268 53270 53272 53274 46423 46435 53276 46443 }

# auth_token obtained via Firefox+TamperData while my brother logged into CSN
auth_token = "123456789012345"

say "Checking"

call_numbers.uniq.sort.each do |call_number|
    c = `curl -si -d CONVTOKEN=#{auth_token} -d AUDITT=N -d CALLT=#{call_number} -d CONTINUE=Continue "https://bighorn.nevada.edu/sis_csn/XSMBWEBM/SIVRE04.STR"`
    print "Call number #{call_number}: "
    if (c =~ /<p class="p5">([^< &#93;+)<br\/>/m)
        if $1.strip.empty?
            puts "May have openings\n"
            3.times {say "Michael, class number #{call_number} may be open!"}
        else
            puts "#{$1.strip}\n"
        end
    else
        puts "could not find message"
        say "Help. I cannot access the C S N website."
        return
    end
    sleep 5
end

# Ouput an audible message via Mac OS X's speech function
def say(message)
    `say "#{message}"`
end

We set this to run every 15 minutes on the living room iMac, and we turned up the volume. Every 15 minutes we could hear “Checking” from the computer. A few hours later we heard the script announce that a class had opened up. Michael, I’m still waiting for my $3.