rabble rabble rabble

Almost everybody at some point has looked up at the stars in amazement.  Don’t you wish you could see them better?  Here’s a list of sites where you can find some new amazing ways to look at the stars from your own computer…

• NASA.gov – of course NASA would have great pictures :)  They also have video available.
• NASA’s Picture of the Day - a wide variety of both space and science related videos and pictures that include a detailed description with many reference links for each piece of media.  They just celebrated their 15th anniversary on June 16th!
• Gigagalaxy.com – fantastic page that lets you zoom in on composite pictures of our galaxy.
• HubbleSite.com – photos specifically taken by the Hubble telescope
• HiRISE – Courtesy of the University of Arizona, they specialize in very high resolution pictures of anywhere but earth
• Spitzer.caltech.edu – images specifically from the Spitzer telescope at California Institute of Technology
• Mars Rover @ Caltech.edu – Images from both Spirit and Opportunity on Mars (be sure to click on “Raw Images” on the left)
• Space.com – has a wide variety of space related pictures setup in multiple galleries
• ESA.int – pictures from the European Space Agency
• Reddit’s bmgoau compilations – This Reddit.com user posted some great links to both very high res pictures and a clip from the epic IMAX film, Cosmic Voyage.
• SkyImageLab.com – Tired of looking at these on your computer?  Want to see them on your wall?  You can buy posters of many quality space pictures here, many of which can be found at NASA’s Pic of the Day.
• NASA Earth Image of the Day – and finally an inverse of the first link: images of earth, from space!

I’m sure there’s more out there – feel free to post your links in the comments!

EDIT: The Gateway to Astronaut Photography of Earth is worth checking out as well!

If you’re stuck in an area with no internet connection except your Android phone, you can use your phone as a proxy for your laptop’s internet connection.

Setup on Android

First, you need to enable USB Debugging by going to Settings/Applications/Development/ and clicking the checkbox.  Be sure to plug your Android device into your computer with the USB cable.

Next, you need to install Proxoid.  You can do this by searching the market on your phone, or scanning the barcode to the right.

The final step is to open up the application, and check the “Start/Stop Proxoid” box.

Tethering the Phone

The first thing you need is the Android SDK.  Download it and extract the contents into /opt/android/

As root, create the file /etc/udev/rules.d/90-android.rules
with these contents:

SUBSYSTEM=="usb", ATTRS{idVendor}=="0bb4", MODE="0666"

Now as root, create the file /usr/sbin/tether
with these contents (or download it here):

#!/bin/bash
/opt/android/tools/adb kill-server
/opt/android/tools/adb start-server
/opt/android/tools/adb devices
/opt/android/tools/adb forward tcp:8080 tcp:8080

Make sure you make the file executable:
chmod 744 /usr/sbin/tether

Finally, run the program tether as root.

If you’re having issues, try running each command in the tether file individually so you can see any error messages.

If you don’t setup the “Run as a service” section below, type

killall adb

as root to disconnect your tether.

Setting up the proxy in Firefox

Go to Edit/Preferences/Advanced/Network/Settings…

Under the HTTP Proxy, type “localhost”, and under Port type “8080″ so it looks like the screenshot below:

Hit “Ok” twice to get out of your Preferences window, and you should be good to go!

Optional: Make it a service in Arch Linux

You can do this in other Linux distros as well, but for Arch you can download this file to /etc/rc.d/tetherd.

As root, chmod it as such to make it executable:

chmod 744 /etc/rc.d/tetherd

Now you can start tether automatically as a service by putting it in your rc.conf file, or manually by typing:

/etc/rc.d/tetherd { start | stop | restart }

Enjoy!

Further Reading

• Linux-Magazine.com Article on Tethering your Android
• Proxoid Website
• Android SDK
• Create a custom init.d script
• Setup Proxoid with Windows XP

Most people find themselves accessing the internet from somewhere besides their home, and often times there are restrictions on the network that disable some protocols, or maybe block some websites you’d like to see.  An easy way to get around this is to forward your web session over an ssh session.  This can be done in any OS… the only requirement being that you have an ssh server setup outside of the network you are currently on.  The port I’ve chosen (8080) is arbitrary – you can choose anything above 1024.

Windows

Download putty, and type the name of your ssh server in the Host Name field.  Now select (Under “Category:”) Connection/SSH/Tunnels.

Under source port, enter “8080″ and select “Dynamic” under that.  Next, hit “Add”, which should add “D8080″ under “Forwarded Ports”.  Now hit open, and login to your machine.

Finally, you need to setup Firefox to go through your proxy.  Go to: Tools/Options/Advanced/Network/Settings…

Enter “localhost” under the SOCKS Host and “8080″ under the Port.  Make sure that SOCKS v5 is selected under that.

Hit “Ok” a couple times to get out of your configuration windows, and you’re good to go!

Linux/Mac

Now things are a little simpler under Linux/Mac.  All you need is ssh.  Simply type in terminal:
ssh -D8080 username@host.com

And set your browser’s proxy settings like we did above for Windows.

Further Reading

• SOCKS on Wikipedia
• Forwarding specific ports on Linux/Mac
• Setup an SSH Server in Windows
• Setup an SSH Server in Ubuntu
• Configure your Linux SSH server

While many people enjoy using their GUI, sometimes it is just not efficient to do so.  Or maybe you don’ t have the resources to load an X-Window manager… So  I present to you some very useful programs that don’t need X.

System Tools

• htop – like top (processes monitor), but with colors and an improved interface
• iftop - instead of monitoring processes, it monitors your ethernet devices and displays connection speeds and average transfer rates
• mkisofs and cdrecord - make an ISO and then burn it to disc!
• screen – a terminal multiplexer that allows you to manage virtual terminal sessions within your one session.  Think of it as multiple desktops for the terminal.
• smbstatus – if you run a Samba server/share on your machine, you can see here who’s connecting to it and what files they have open
• wireless-tools – gives you a couple programs including iwconfig and iwlist that make it easy to connect to a wireless AP through terminal
• wpa_supplicant – needed if you want to connect to a WPA encrypted AP with the wireless-tools.  Here’s a quick tutorial.

Internet

• finch – chat with your friends (or enemies) with this terminal version of Pidgin
• irssi - an amazing slick little IRC chat client
• lynx and elinks – both are text based web browsers so you can cruise the web without those pesky graphics
• mutt – read your Gmail (or other mail) from the terminal.  Mutt supports IMAP, POP3, and SSL Certificates, among other things.
• rtorrent - this torrent client is great for sending to the background with screen, and even watches folder for new torrent files.  Check out this user guide for help.

Media

• mplayer/mencoder- did you know that it was not only a media player, but that you could convert video, audio, or even rip dvds?  Doh!
• moc - gives you a nice ncurses interface for playing music on your terminal
• ushare – share your media with your Xbox 360 or PS3.  There’s also a web and telnet interface you can use once you’ve started the program.

Be sure to check the man pages for all the features these programs offer!  And don’t forget to explore the programs that are already on your machine – you’d be surprised and what’s there already.

Further reading:

• CLI-Apps.org
• Wicked Cool Shell Scripts
• tuXfiles – Linux command line introduction
• CLI Cheat Sheet #1
• CLI Cheat Sheet #2
• GNU Linux CLI Introduction
• LinuxCommand.org

While this specifically refers to an ASA5505, many Cisco devices will use the same code.  I will be focusing on the code specific to the VPN, but you can find the whole process here on the Cisco website:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/site2sit.html

Overveiw

Here is an example of the configuration lines needed for a site-to-site VPN:

hostname(config)# isakmp policy 1 authentication pre-share
hostname(config)# isakmp policy 1 encryption 3des
hostname(config)# isakmp policy 1 hash sha
hostname(config)# isakmp policy 1 group 2
hostname(config)# isakmp policy 1 lifetime 43200
hostname(config)# isakmp enable outside
hostname(config)# crypto ipsec transform set FirstSet esp-3des esp-md5-hmac
hostname(config)# access-list l2l_list extended permit ip 192.168.0.0 255.255.0.0 150.150.0.0 255.255.0.0
hostname(config)# tunnel-group 10.10.4.108 type ipsec-l2l
hostname(config)# tunnel-group 10.10.4.108 ipsec-attributes
hostname(config-ipsec)# pre-shared-key 44kkaol59636jnfx
hostname(config)# crypto map abcmap 1 match address l2l_list
hostname(config)# crypto map abcmap 1 set peer 10.10.4.108
hostname(config)# crypto map abcmap 1 set transform-set FirstSet
hostname(config)# crypto map abcmap interface outside

Next I will explain the config part by part, with links in case you’d like to actually learn the details.

ISAKMP Policy

hostname(config)# isakmp policy 1 authentication pre-share
hostname(config)# isakmp policy 1 encryption 3des
hostname(config)# isakmp policy 1 hash sha
hostname(config)# isakmp policy 1 group 2
hostname(config)# isakmp policy 1 lifetime 43200
hostname(config)# isakmp enable outside

These lines establish that:

• It is the first policy to be processed
• The VPN will be established using a pre-shared key, which we will define later.
• The encryption will be 3DES (commonly verbally referred to as “triple-des”)
• The hash used will be SHA
• The Diffie-Hellman group will be Group 2
• The lifetime is 43200 seconds
• ISAKMP is enabled on the outside interface

The key point here is that both parties in the VPN must use the same standards for their policy.  You can find all of the options on Cisco’s website.

Further reading:

• Wikipedia’s Diffie-Hellman page
• Wikipedia’s ISAKMP page
• Wikipedia’s Cryptographic hash function page
• Cisco’s Diffie-Hellman Group 5 page

Transform Set

hostname(config)# crypto ipsec transform set FirstSet esp-3des esp-md5-hmac

This line creates a set of standards called “FirstSet” that uses 3DES for encryption and MD5 for authentication.  Both parties must use identical transform sets for communication to occur.  Your options for encryption and authentication are exactly the same as ISAKMP, except with slightly different syntax.  You can find all of the options on Cisco’s website.

Access List

hostname(config)# access-list l2l_list extended permit ip 192.168.0.0 255.255.0.0 150.150.0.0 255.255.0.0

Here you define who is allowed to access your network once the VPN is established.  The list is named “l2l_list”, and it allows the subnet 192.168.0.0/16  (your side) to access 150.150.0.0/16 (their side).  The site you are establishing a VPN with should enter a similar line with the IP ranges switched, for example:

hostname2(config)# access-list l2l_list extended permit ip 150.150.0.0 255.255.0.0 192.168.0.0 255.255.0.0

Further reading:

• Wikipedia’s Subnetwork page
• IP Subnetting Tutorial
• Cisco’s IP Addressing and Subnetting page
• IPCalc – online version of the linux tool

Tunnel Groups

hostname(config)# tunnel-group 10.10.4.108 type ipsec-l2l
hostname(config)# tunnel-group 10.10.4.108 ipsec-attributes
hostname(config-ipsec)# pre-shared-key 44kkaol59636jnfx

Next we create the tunnel group, which is a container for your connection and security settings.  The IP 10.10.4.108 is where you will be connecting to, and ipsec-l2l specifies that it will be a LAN-to-LAN.  If you were creating a remote access connection, you would type ipsec-ra.  Your pre-shared key should be something random, NOT what is shown here.  Think of it as a password, and treat it as such.  If you cannot think of a key, check out this password generator.

Crypto Maps

hostname(config)# crypto map abcmap 1 match address l2l_list
hostname(config)# crypto map abcmap 1 set peer 10.10.4.108
hostname(config)# crypto map abcmap 1 set transform-set FirstSet
hostname(config)# crypto map abcmap interface outside

Finally, we create the crypto map.   Similar to the ISAKMP policy, you can specify a name like “abcmap” and set a process priority, which in this case is 1.  The peer needs to be the same IP as specified in your tunnel-group above.  Here is where we implement our transform-set as well, and finally set it to our outside interface.

Conclusion

Make sure you write it to memory:

hostname(config)# write memory

If you mistype a command and need to remove it, simply type “no” before the command and re-enter it.  If you’d like to see all the specific options for any particular command, just type a question mark and your Cisco device should list them for you.  Such as:

hostname(config)# crypto map ?

You can view the current list of active VPNs with the following command:

hostname(config)# show vpn-sessiondb (remote|l2l|svc)

For Remote, LAN-2-LAN, or SSL VPN Connections accordingly.

Have fun!