Miscellaneous (RSS)

Opening networks using SSH Tunnels

Disclaimer - This post outlines how you can 'open up' firewalls to give you access where network administrators may not want you to go. Please realise that when applying these workarounds in a company you may be breaching corporate policy and  end up in serious trouble.

The problem: Sometimes you end up in an environment where you don't quite have the liberal network access that you enjoy, let's say, at home. Network ports for services you have come to rely on such as Remote Desktop, Skype or MSN Messenger, have been closed for whatever reason. Sometimes for good reasons such as security, sometimes for sad reasons such as public WiFi access points that only want to offer you limited access.

The solution: Enter SSH (Wikipedia definition), which allows you to set up secure encrypted connections between machines. Most people may think SSH is just a glorified secure replacement for good old Telnet, but it has much more tricks up its sleeve, most notably a way of tunneling multiple connections for different destination ports over a single port. Sorry if this sounds confusing, it is the best way I can describe it.


Light at the end of the tunnel?

Before going into more detail and installation instructions, a quick discussion of the kind of problems you can solve using SSH tunneling. First and foremost, if you have no access at all to a network then SSH is not going to help you. All you need for SSH to work is a single open port.

Example 1: Accessing your home PC via remote desktop. One of my friends recently started a new job for an insurance underwriter. Unfortunately he cannot access his home PC via Remote Desktop as the company blocks port 3389. He can solve this by installing SSHD (server application) on his home PC to listen on a port he can access, e.g. port 443 or any other outgoing port that is not blocked by the company firewall. He can then use SSH (client application) to setup a connection from his work PC to listen on a port, e.g. 13389 and connect it to the Remote Desktop port (3389) on his home PC.

Example 2: Accessing a company server from the public Internet. Another friend's retarded boss has not paid the ADSL bill, which results in him having to use a fallback network connection that does not allow any connections to the internal network from the public Internet. The solution to his problem is to setup SSHD (server application) on his home PC and configure his home firewall to allow public access on port 22 (SSH) and one other port that will be used to set up a tunnel. He can then use SSH (client application) to setup a tunnel from his home PC to his office PC.

Installation: SSH and all related utilities originate, like so many network utilities, in the Unix domain. Fortunately most of these extremely useful Unix / Linux utilities have been ported to Windows as part of the excellent Cygwin project. Installation instructions for Cygwin including full instructions for setting up the OpenSSH SSHD Server are available here.

Once everything has been installed you can either use a user friendly Windows Utility such as Putty to setup tunnels or use the SSH command line utility. My personal experience with Putty is that it is an excellent terminal client, but that it is a bit sensitive to network hiccups when tunneling connections. Since I switched to the SSH command line utility things have been more stable.

To set up the tunnels for the above mentioned Example 1 use these settings:

  • replace HOME_PC with the public IP-number of your home PC
  • replace USER with the name of a user with login privileges on your home PC, e.g. Administrator.
  • Install OpenSSH on your home pc as described previously.
  • On your office pc start BASH from the Cygwin group and type the following command to setup the tunnel:

       ssh -p 22 -C -L 13389:localhost:3389 USER@HOME_PC

This sets up an ssh connection on the standard port 22 to the SSHD running on the home pc. Once the connection has been established it creates port 13389 on the OFFICE_PC, which maps to the remote desktop port (3389) on the localhost SSHD is running on. The -C flag enables compression, which will give you a nice speed boost.

You can now connect to your home pc by opening the Remote Desktop Client on your office PC and typing localhost:13389. If you get a message that you cannot open a session to localhost then apply this workaround.

If port 22 is blocked then you can setup SSHD to listen on a different port. This setting is stored in C:\Program Files\Cygwin\etc\sshd_config (I have installed Cygwin in 'c:\progra~1').

That is all for now, I am not sure if this clarifies anything, but I hope it will be useful. This posting just scratches the surface of what you can do with SSH. Some of the other highlights are: using SSH as a SOCKS proxy, setting up multiple tunnels with one command, setting up reverse tunnels (-R switch) etc etc.

A similar article, focused on connecting to hosts outside of the corporate network using Linux can be found here. When using Cygwin 99% is the same as Linux anyway.

 

posted Tuesday, August 29, 2006 1:03 AM by jritmeijer with 521 Comments

Sysinternals swallows the red pill

Mark Russinovich and Bryce Cogswell, founders of Sysinternals and Winternals, developers of possibly the most useful free and commercial utilities for Windows, have finally shamed Microsoft into buying them.
 

 
Congratulations to both, it is my understanding that although some of the free utilities may be rebranded, they will remain free.
 
posted Tuesday, July 18, 2006 5:35 PM by jritmeijer with 0 Comments

Resolving slow Windows shutdown problems

Although my computer is not suffering too much from this, I have had problems in the past with Windows needing minutes rather than seconds to shut down. I know for a fact that some of my friends are suffering from this problem.
 
It is easy to blame Windows, but the problem is actually caused by applications running on top of the OS that are not behaving properly.
 
But there is hope, IntelliAdmin is reporting about a free Microsoft application that runs in the background and deals with cleaning up the mess that applications leave behind.
 

 
posted Tuesday, July 04, 2006 12:32 PM by jritmeijer with 31 Comments

Disabling the annoying XP Automatic Update Nagging dialog box

It is that time of the month again where Microsoft has issued yet another 'Genuine Windows, kill all piracy' update via Windows Update. This is not a problem to me as I have a fully registered and official copy of XP Pro.
 
Unfortunately, whenever Windows Update downloads and installs patches it always insists on rebooting. Although I am pretty sure it is possible to patch things without requiring a reboot, I am kind of OK with it.
 
However, what I am definitely not OK with is the evil focus stealing dialog box that pops up every ten minutes asking me to reboot the system. I am a bloody busy man and I'll reboot whenever I want to, not when Microsoft wants me to.
 

 
I can get really worked up about the utterly moronic manner this has been implemented in, but rather than ranting and blowing my top I thought I'd sort it out once and for all.
 
There are multiple ways to disable this dialog. The 2 most common ones are:
  1. Temporary: Stop the service that controls the 'box of evil' by issuing the command listed below. This is only temporary as after the next reboot the service will be started again, which is a good thing.

        net stop wuauserv
     
  2. Permanent: Turn off the 'nag me' function using the group policy editor by performing the steps outlined below:

    Start -> Run -> gpedit.msc -> Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update -> Re-prompt for restart with scheduled installations.
A more complete description, including screenshots and a lot of yelling and ranting, is available on the excellent Coding Horror blog.
 
posted Wednesday, May 31, 2006 8:29 AM by jritmeijer with 376 Comments

Pimp up your PocketPC

After my initial disappointment with Windows Mobile 5 I have grown used to it and prefer my new MDA Vario over my old MDA compact, which I have decided to auction off on eBay. ActiveSync 4.1 is still a big problem though, but hopefully its problems will be addressed in a future release.
 
Now that I have grown used to the various features and shortcomings I have decided to Pimp-up my phone with some useful utilities and eye candy. It is always tempting to install everything and the kitchen sink, but I prefer to keep things simple.
 
Shortcomings I needed to address were the following:
  • The pink T-Mobile theme, this really had to go. Last time I checked I had a girlfriend. I find it difficult to understand why T-Mobile insists on these colours for phones that are mainly aimed at men.
  • I prefer to launch my most frequently used applications from the today screen so I needed solution for that as well.
  • Finally in order to keep things responsive I prefer to close the applications I don't use so I needed a good task manager.
The results can be seen below. The first screenshot is the hideous T-Mobile theme, the second is the default Windows Mobile 5 theme and the third is what my current phone looks like. 
 
 
With a little help from my friends (Baudewijn, Elliot) I found the perfect combination of utilities.
 
Unlock phone: In order to upgrade your OS, and potentially switch to a different provider in the future, you need to unlock the phone. An application and simple instructions are available on the excellent xda-developers website. (Make sure you register and login or you will not see the downloads).
 
Upgrade OS: The next step was to completely replace the OS and all the T-Mobile default settings. This can be achieved by upgrading the ROM with the latest version from i-mate. The upgrade and simple instructions can be found on the xda-developers site.
 
Speed up the CPU: In order to be able to run Skype the CPU needed to be overclocked from 180Mhz to 240Mhz. Luckily a Russian team had already created a simple utility that can be downloaded from xda-developers as well.
  
Launch applications: To make it possible to launch applications from the start screen I installed iLauncher. This is a cheap commercial tool that offers additional extras as well such as the coloured battery meter at the top of the screen.
 
Task manager: Elliot recently installed Wisbar Advanced with a wicked Vista theme. After seeing this I naturally needed to do the same. The advantage is that it comes with an excellent task manager. A small modification was made to the PocketPC Vista theme to switch the font from black to white. Download it here.
 
If you want an iPAQ to play around with these tools then pick up a cheap one here
posted Sunday, March 19, 2006 2:48 PM by jritmeijer with 2 Comments

Windows mobile 5 phones. You may want to give these a skip for a while

I have been an avid user of smartphones over the last couple of years. I started with a Nokia 7650, possibly the first real smart phone other than the massive Nokia Communicator, then moved to Sony Ericsson's P900 followed by an MDA Compact running Windows Mobile 2003 SE.
 
Earlier this week it was time to upgrade so I ordered a free MDA Vario, which comes with Windows Mobile 5.

The advantages, when compared to my previous MDA Compact, are that this unit has a built in WiFi card, contains a slide out keyboard and runs Windows Mobile 5. Note that I list Windows Mobile 5 as an advantage, more about that later. The disadvantages are that it only has a 200Mhz processor, the MDA Compact runs at 400Mhz, and that it runs Windows Mobile 5 (WM5).

I was very excited about moving to WM5 as WM2003SE was not really an OS designed for a phone. Way too many clicks and operations were necessary to perform even the most basic tasks. Being able to operate the phone with just one hand (god knows what the other hand is doing) is very important for a mobile phone, probably because you need the other hand to constantly reset the unit because it has crashed or become completely unresponsive.

In the last day I had to reset the phone at least 5 times. Not because I was doing anything special, I was just using the basic functionality. Great, let's see how we can make it worse...

Ah, here is how to make it worse, connecting it to a computer makes it a lot worse for both the computer and the phone. For some reason, probably a good one, Microsoft changed the way WM5 phones work with ActiveSync, Microsoft's syncing software.

I deal with a lot of Windows Mobile 2003 devices (dozens, if not hundreds) and ActiveSync has always worked flawlessly, without exception. It was fast and there was really very little that could go wrong, well done Microsoft. Unfortunately even Microsoft admits that ActiveSync in combination with WM 5 can be quite the nightmare.

I hardly ever need to restart my Windows XP machine, it is rock solid and I love it, in a platonic kind of way. In the last day I had to reset it at least as often as my new phone. ActiveSync is attempting to pair the phone, but more often than not it fails....miserably.

I managed to find the source of the problem, on Microsoft's "we are guilty page" it is stated that amongst many other things they have problems with USB hubs. USB HUBS! I have never seen anything fail with USB hubs and I use many different USB devices, all through a hub, but somehow Microsoft has managed to *** it up.

Sigh, so now every time I need to plug in my phone to sync or charge it I need to go all the way to the back of my machine, unplug another USB cable and plug this one in. Great.

 

Anyway, there is plenty more wrong with it, but I am starting to ramble. This is getting boring. To be continued...

posted Thursday, March 02, 2006 1:09 PM by jritmeijer with 0 Comments

Windows Live Messenger beta 2 invites available

The 2nd beta release of Messenger (Live) 8 is out. It is a lot less ugly then the previous one and hopefully it doesn't leak 1GB a day like it used to.
 
At this moment you can only use the application when you are invited. Luckily I have a large number of invites available so leave a message on my personal blog when you are interested.
 
Update: The ads displayed in the lower pane are eating CPU time, switch to the useless Video Carousel (Tools / Options / General) to reclaim your CPU cycles or minimise your messenger window.
posted Thursday, March 02, 2006 10:52 AM by jritmeijer

Fujitsu Personal Shopping Assistant...THIEVES!

When I founded MCRL a couple of years ago the main product we were focusing on was the PSA, the Personal Shopping Assistant. We generated a lot of headlines and even managed to sell it to two different super market chains, but it was never deployed in massive quantities.
 

Even though we did not get much back for our hard work, we managed to make quite an impact on the retail industry by demonstrating the product on all major trade shows. Both Wincor Nixdorf and IBM are marketing similar products now that the market has matured. Today I found out via a press release on the Microsoft Website that Fujitsu is now also marketing a similar product.

I am not bitter, but it is quite interested that all parties who are now offering these products visited our offices over the last couple of years to 'partner' with us. Haha, I can laugh about it now.

I have to admit that I did not invent the concept of the PSA as a number of companies have been experimenting with the concept, unsuccessfully, since the early 1990's.

Some of my friends are still working on similar devices, however they focus more on handheld PDA units.

posted Wednesday, March 01, 2006 2:53 PM by jritmeijer with 0 Comments

A look into an automated warehouse

I have been working in high-end retail automation for many years, architecting the most fantastic portable touch screen gadgets, RFID solutions and really Really big and profitable e-commerce websites. After a while you start to think that you have become really important because your products are generating so much press coverage (With Claudia Schiffer in Time.com, ComputerWeeklylink, link, link...etc.).
 
Then you come across a web page like this one that shows you the inside of a fully automated warehouse and you quickly realise that the part of a retail organisation that is not customer facing is at least as important, if not more so, than the customer facing side.
 
Interesting, thanks for the excellent article Anand.
posted Saturday, February 18, 2006 12:28 PM by jritmeijer with 1 Comments

Maintaining server changelogs

Sometimes the most simple solutions are the best, which is why I always insist that system administrators keep a changelog of every change made to a server. Again, this sounds like common sense, but it is my experience that this is not done unless a company enforces this policy.
 
The principle is simple, you create a changelog-servername.txt file somewhere on a part of the filesystem that is regularly backed up. You then place a shortcut to this file on the administrator's desktop and use notepad to maintain it everytime a change is made to the configuration of the server. Add the date and the initials or full name of the person making the change so it is easy to troubleshoot (blame someone) when problems occur.
 
An abstract of one of our servers looks as follows:
 
07/02/2006
==========
JR: Added new FTP user for public use in xxxxxxxx
 xxxxxxx / xxxxxxxxx
Installed VMWare server after deleting the standard VMWare Workstation
 
20/12/2005
==========
BM: Added new user: xxxxxxxxxx /xxxxxxxx

18/12/2005
==========
JR: Installed final VMWare 5.5 and latest windows patches.
New user: xxxxxxxx / xxxxxxxxx
 
...
 
Note that any sensitive information has been replaced with 'xxxxxxxxxx'.
posted Wednesday, February 15, 2006 1:00 AM by jritmeijer with 0 Comments

Ground breaking task management tool

In this exciting world of AJAX, WEB 2.0, Web services, RSS etc you must wonder, what is next?

Today I want to discuss an interesting service offered by Microsoft. Although it doesn't natively support any of the before mentioned internet technologies it has the added advantage of being supported by all modern operating systems using third party clients. It even integrates with Windows Desktop Search as well as offline files.

What amazing technology am I talking about? Windows Notepad, that is what I am talking about.

This sounds all very witty, but lets be serious. Notepad is a pretty weak excuse for a plain text editor, but it is available on every Windows machine and it launches fairly quickly.

The main purpose I use Notepad for is task management. Sure, the Outlook / Exchange combination can track tasks, so can Microsoft Project and I am sure there are plenty of web based services that offer this functionality as well.

But, to be honest, the majority of these applications are complete overkill for day-to-day use as most task lists are just plain, one dimensional, lists of text based items.

I am always amazed how poorly people manage their own tasks, specifically ad-hoc tasks that don't belong to a specific larger project or task. I was struggling with this as well in the past, especially when I needed to manage myself during development when I had to remember many little tasks and ideas. So what I started doing was maintaining this list in a plain text file and when I was done with a task I put a 'V' in front of it, stared with satisfaction at the screen at another job well done AND finished and moved it to the top of the document just in case I wondered what the heck I have been doing the last couple of days.

An abstract from my current list looks as follows:

v - Accept all changes in the documentation

v - List other iPAQ models in Google

v - Quote to Lamonaca

- Infosheet 2.1
  Waiting for feedback Mike

- Whitepapers

- Road map

Net result? When you ask me something, it WILL get done. Nothing is conveniently forgotten. The problem however is that I expect the same from others, which is an extreme source of frustration to me. For this reason I started tracking dependencies on other people in the same document as well, fantastic!

Common sense? Yes! Common practice?..... Not to my knowledge. I feel like a complete idiot for writing this article, but apparently proper task management is a well kept secret.

BTW, I also list the tasks for my iPAQ & GPS Bargain website in this tool. Pfew, I was wondering how to plug that in this article.

posted Wednesday, February 08, 2006 8:00 AM by jritmeijer with 14 Comments

Oh noooo! Bugs in Windows Desktop Search

As stated in a previous blog entry, I am really in love with Windows Desktop Search (WDS). Unfortunately there are a couple of
bugs in the product that cause me to moan a lot. Luckily moaning is one of my favourites activities.

Soon after I started using WDS (actually MSN Desktop Search) I found a number of annoying bugs and reported them to Microsoft. To my surprise these, in my opinion simple bugs, have not been fixed after several months.

The bugs are as follows:

  • Disabled subfolders are still indexed: Like most people I store my data exclusively on the server, even when I am offline (I obviously use the excellent, but equally buggy, offline files functionality of XP). Naturally I want to index these files as well so I manually add the path to the folders on the server that I want to access. Several sub folders contain archived files and other garbage that I don't want to pollute my search results with. The WDS user interface allows me to exclude these sub directories, unfortunately the indexer completely ignores this and just indexes everything, which brings me to the next bug.
  • Instant search results window does not show paths of similarly named documents: This functionality was actually included in a previous version, but it seems to have been removed. Because the index ignores my instruction to exclude certain folders that contain archived files it shows duplicate filenames. In a previous version you could hover the mouse over the filename to show the path the file is located in. This however is no longer possible so it is completely unclear which file you are opening when you click on it.
  • File is removed from index when in use: It seems that when a file is in use, e.g. I just opened an Excel spreadsheet, and the indexer is trying to hit that file then the file is removed from the index because it cannot access the contents. This is obviously very annoying as I am more likely to search for the files I have recently worked on.
  • Deleted emails are not removed from the index: When an email is deleted, either by hand or via a client-side spam filter, then the message is not removed from the index and still shows up in search results. I did not check, but this may also be the case for deleted or moved files.


So maybe if you join me in moaning about these bugs then maybe, maybe they are given some priority.

Oh yeah, Cheap iPAQ and GPS bundles here!

posted Saturday, February 04, 2006 3:11 PM by jritmeijer with 0 Comments

Using Bluetooth GPS on PocketPC - Would Apple have designed it this way

First of all a major disclaimer; although I quite often focus on functional and technical defects in software, the only reason I do this is because I actually use the software and, at least to some degree, admire it.

Right, so what do we have to moan about today? Well, today it is pairing PocketPC devices with Bluetooth GPS units. For me, and possibly most readers of this blog, this is a relatively simple process as we are....well..... technical. However, imagine you are my dad or, god forbid, my mum, who has finally listened to his son and decided to start using a car navigation system in order to save the marriage. They pick up a top of the line iPAQ and Bluetooth GPS unit at a bargain as well as a copy of the excellent TomTom car navigation software and then find out they somehow need to let the GPS unit ('the what?') talk to the PDA (again, 'the what!').

I have put together a visual guide and to my surprise and utter disgust it takes at least 38 clicks in 4 different applications to setup a Bluetooth GPS connection.

As an ex graphics designer using Apple Macs who happily switched to Windows I can only wonder, how would Apple have designed this process?

posted Sunday, January 29, 2006 10:20 AM by jritmeijer with 0 Comments

Disabling the annoying ActiveSync Guest dialog

If you are a casual PocketPC user then you are probably not aware of this, but when you are a PocketPC developer or you work with a number of different devices then you don't want to create a profile for every device or even be asked for it every time you plug a cable into a device.

Apparently it is too much effort for Microsoft to put a checkbox in the 'Options' dialog so I have created a small application that allows you to toggle the visibility of it.

The application is very simple, all it does is put a 0 or a 1 in the following registry key.

         SOFTWARE\Microsoft\Windows CE Services\GuestOnly

If the application is started without a command line a user interface will be displayed. If true or false is specified on the command line then no user interface will be displayed and ActiveSync's guest dialog box will be enabled or disabled.

The application can be downloaded here. It has only been tested with ActiveSync 4.1.

Another shameless plug, have you heard about the guy with the cheap iPAQs?

posted Sunday, January 15, 2006 12:21 PM by jritmeijer with 56 Comments

The joy of shortcuts in Windows Desktop Search.

If I could give only one award to a piece of software a year (believe me, I am giving many ;-) the winner for 2006 is Windows Desktop Search by a large margin. I haven't performed any measurements, but it must have increased my productivity by at least 10%. I hardly ever use the Windows File Explorer, Outlook search or even the Start menu any more. I search through my email archive at least 10 times a day, which now happens at the blink of an eye.

Anyway, enough praise, on to my latest discovery in this fab piece of software, shortcuts. I have known for a while that it is possible to add shortcuts using the '@' command, but I never had the time to look into it. Today I did and from now on I will probably stop using my Internet Explorer Favorites as well.

  • Create shortcut to my bug tracking system: @bugs,http://somehardtoremembereurl.com/bugtracking
  • Create shortcut to my helpdesk system: @helpdesk,http://somehardtoremembereurl.com/helpdesk 
  • Create shortcut to my home dir on server: @home,\\server01\home\j.ritmeijer
  • Create shortcut to important project: @GolfMate,\\server01\projects\customername\GolfMate
  • Create shortcut to Photoshop: @Photo,C:\Program Files\Adobe\Photoshop CS\Photoshop.exe

I can now invoke any of those shortcuts by just typing in the shortcut name without the '@' character and pressing enter.

Life is good......for now.

Right, before I forget, a shameless plug. I have recently got hold of a large number (and we are talking really large numbers here) of refurbished and new iPAQ 4150 devices including Bluetooth GPS modules, extended batteries, SD cards and lots of other extras. I am selling them at a huge discount of over £200. They are selling quite well, so get them while you can. For those who don't know, the 4150 model is the best iPAQ ever made.

 

 

posted Tuesday, January 10, 2006 1:19 PM by jritmeijer with 0 Comments