Slow Cruisin’

These days Bikerpapa often needs to doctor computers for the clueless secretaries in a remote site about 300 miles away. It’s too far to drive and too expensive to fly for minute IT problems, so Bikerpapa wants to experiment with a VPN solution that allows him to sit at home and fix things right away for those secretaries when something goes wrong. If certain problems can be taken care that way, then Bikerpapa can save his company some travel expenses. And the secretaries get their problems solved much faster, too. Best of all, Bikerpapa can sit at home and diagnose problems with a good cup of latte in his hand. Slow cruisin’ indeed.

The thought of using VPN occurred to me when the remote site finally got a broadband satellite internet connection last week. After some casual usage, I thought it was still a bit slow compared to normal ADSL in the cities but the speed is probably adequate for VPN sessions consisting of low bandwidth tasks such as firing up ssh shells on remote servers that reside on the remote site’s LAN.

In this guide Bikerpapa sets up a remote client to gateway VPN using Mac OS X Tiger 10.4 and the Linksys RV042 VPN router. Since Bikerpapa has never setup a VPN before, he encountered many pitfalls along the way. Now that I’ve got something basic working, I hope this guide that might be of use to some clueless VPN soul somewhere using the same OS and hardware.

• Hookup the VPN router with a real IP address: the Linksys manual doesn’t mention jack about this, but it is extremely important that the VPN router get a real IP address (i.e. an IP address reachable directly from anywhere on the internet) from the ISP instead of the usual 10.0.1.* or 192.168.1.* address obtained by DHCP from a ADSL/Cable Modem with NAT enabled. If your ISP requires PPPoE to establish a session, make sure it is your VPN router doing the PPPoE connection. This case requires you to have installed your ADSL modem running “Bridge mode” (instead of “Router mode”) beforehand. Of course, you will also need to enter the necessary PPPoE info (username, password) into your VPN router. (Don’t worry about the VPN settings just yet. Read on.)
• Which VPN client on Mac OS X? To establish VPN tunnels between a client computer running Mac OS X, and RV042, you need a VPN client on Mac OS X that is capable of doing either IPsec (not the same thing as L2TP over IPsec) or PPTP, since those are the only two VPN protocols that RV042 supports.
  • PPTP: The good news is that PPTP is supported by Apple in Mac OS X Tiger’s Internet Connect application. The bad news is that to use PPTP your Mac client computer must not be hidden behind a NAT gateway in order for it to work. Also PPTP is less reportedly less secure than IPsec but for the road warrior who is not likely to establish a VPN connection 24/7 it is probably OK.
  • IPsec: VPN Tracker ($90 USD) by equinux supports IPsec. (A 30-day trial version is available.) The good news is that your Mac client can be behind a NAT gateway and still work, thanks to IPSec. The bad news is that VPN Tracker is quite pricey for what it does, but probably because there isn’t much competition out there. (Hint to Mac developers!). But I do want to give equinux credit for simplifying the VPN process; the setup is a snap because equinux provide easy-to-follow setup guides for many different VPN routers.

  Update: IPsec: IP Securitas 3.0 also works, albeit one needs to play around with the setup to get the software working with RV042. Right now the program is in release candidate and the good news is that it is donation-ware. VPN Tracker is much easier to setup and the phase 1/2 negotiation process seems much faster than IP Securitas 3.0. But once IP Securitas connects, it works fine and that is what I recommend for now since it is free. (I do recommend a donation to keep the authors motivated.)

• Setup VPN router and Mac for PPTP: In RV042’s VPN->PPTP Server tab, click on Enable PPTP Server. Then enter a username/password pair below. Afterwards, fire up your Mac client’s Internet Connect program, add a VPN (PPTP) setting and configure the exact same information you just entered in RV042. Remember, your Mac client mustn’t be behind a NAT router for this to work.
• Setup VPN router and Mac for IPsec: Assuming that you are using VPN Tracker, please follow the helpful online guide released by equinux on this subject. If you are using IP Securitas 3.0, you can still follow the VPN Tracker guide to set the RV042, then make the following settings in the software as follows:

  General:
  Remote IPsec Device: remoteserver.ip
Local Side Endpoint Mode: Host
Local Side IP Address:
Remote Side Endpoint Mode: Network
Remote Side Network Address: (e.g.) 192.168.1.0
Remote Side CIDR: 24


  Phase 1:
  Lifetime: 8 hours
DH Group: 768(1)
Encryption: DES
Authentication: MD5
Exchange Mode: Aggressive
Proposal Check: Strict
Nonce Size: 16


  Phase 2:
  Lifetime: 8 hours
PFS Group: 768(1)
Encryption: check DES/3DES/AES 256/AES 192/AES 128
Authentication: check HMAC MD5


  ID:
  Local Identifier: FQDN ( (e.g.) enter "vpntracker" in the blank textbox)
Remote Identifier: Address
Authentication Method: Preshared Key
Preshared Key: (e.g.) secretkey


  DNS:
  Use default values

  Options:
  Check only the following: IPSec DOI / SIT_IDENTITY_ONLY / Initial Contact / Generate Policy / Support Proxy / Request Certificate / NAT-T: Disable

Notes:

• The RV042 features a built-in PPTP server but you need to install the latest firmware. (Firmware version 1.3.7.10 or later.)

Questions:

• Can RV042 reside behind a NAT router and VPN would still work?

Apple iPhone

Now that the Apple iPhone is announced for June release, three questions still need to be answered before I am ready to plunk down $499 or more:

• First, how well does iPhone support the various character encodings? This being an Apple product, my guess is that it will at least support Unicode (UTF-8), with several basic typefaces such as Lucinda Grande that offer glyphs for many different languages. A little murkier is whether the limited memory footprint of iPhone would support the display of non-Unicode encodings which are quite popular in many languages: just take a look at your PC browser’s character encoding menu to see what I mean. (For example, Japanese characters in many websites and email clients are usually encoded in the following but Unicode: SJIS, EUC or ISO-2022-JP.) It would seem unlikely that Apple can fit most of the encodings used by most languages into iPhone. The best solution would be for Apple to let iPhone users download and install the character encodings they need.
• Second is the usability of the software keyboard; the demo on Apple’s website shows it to be thumb-based like a Blackberry. With no tactile feedback I still have reservations about the keyboard’s actual usability and efficiency, and wonder how stressful it would be to type fairly long emails and notes on the device.
• Third, how would the software keyboard to be modified to support text-input for Asian and other languages that cannot be easily input using latin alphabet such as Traditional Chinese or Thai? Would it be some sort of finger-recognition software, or something else? I am eager to see how Apple would solve these problems for such users.

The language support is the biggest gripe I have with these so-called smart phones at the moment. For example my Nokia E70, bought in HK, only supports the display and text-input of Chinese and English. But it does not allow me to install other language fonts such as Japanese for proper display of non-Unicode email and web pages, not to mention text-input as well. If the Apple iPhone can provide better multi-language support for users, I will be the first one to bite!

This post joins the millions of “Hotmail Sucks” posts. My reasons:

• No tools offered by Hotmail to export contacts into csv or vcard files
• No POP3 email support for non-Microsoft email clients
• No auto-forwarding to another email address

In effect, hotmail.com want to make it difficult for you to switch webmail providers, because the above features make it easy for email users to lessen dependence to just one provider. But it is because of such flexibility that I use Gmail. I want to be able to import and export contacts to and fro my computer to my webmail. I want to download and backup my webmail in my computer. I don’t need it now but there might be a day when I want to enable automatic forwarding of my webmail to another email address. Gmail does all these things, Hotmail doesn’t at all.

On top of that, one can force Gmail to send email in Unicode (UTF-8). For people who write in multiple languages in one email, that is the only way to go. I couldn’t find this setting in Hotmail. So, Hotmail sucks!

Yesterday I went on a one day business trip to a city almost 300 miles away. Time was limited so I flew. On the return trip I was pretty exhausted so I was asleep for the most part, but woke up right before the landing.

I was sitting on the left aisle 66B on an airbus A300 with mostly 2-4-2 seating in economy. Now I noticed that I naturally look out the window during landing. I also noticed that lots of people sitting in front of me and not on the window seats also looked out one side or the other during landing. Hmm… but why?

The night lights aren’t particularly spectacular around the airport (it’s in the boonies anyway) so my theory is that people who look out the window during landing are scared. They are scared of the sudden bump when the rear landing gear touches down. I know I dread that surprise moment so I like to look out just to see when I can expect the shock and noise in the cabin that comes with the bump, especially if the pilot is not skillful or the weather conditions are rough.

On the other hand, good pilots know how to stall the plane just seconds before touchdown. It’ll feel like the plane is floating over the runway for eternity, then the rear landing gear skims over the tarmac gently until the traction grips the tires completely, causing little vibration and noise. If one was taking a plane in Brazil, such a nice landing would be awarded with claps and cheers throughout the cabin.

Another idea: now with networked entertainment consoles installed in every seat in many airlines, perhaps they should allow passengers to rate the landings real time like Olympic diving competitions.

Fagor CR-1000

The Fagor CR-1000 is a very simple pump-driven espresso machine.

Features

• up to four cups filter holder and glass carafe
• steam nozzle for frothing of milk
• a modal knob selecting whether you want espresso or steam or off
• inexpensive; I paid about $50 USD for it

Verdict
If you love espresso and your home enjoys visits from an occasional espresso-loving guest or two this is just the machine. The unit does not have any high tech programmable features, just a simple modal knob on the right. Turn it one way to have the unit brew espresso (about 5 minutes for 4 cups); turn it the other to froth some milk with the steam nozzle. It will probably outlast those fancy $500+ espresso machines with LCD interfaces and computers.

So far I have run some high-grade Brazilian beans and New Mexico beans through the unit and tasted fine, either as is or in latte form. But I don’t have any other unit to compare it to so I can’t offer any comparison reviews just yet. My upstairs neighbor has an Italian stovetop espresso that I can probably borrow to compare tastes. Eventually I would like to try out a La Pavoni or a Presso though!

The only problem with this unit is its small capacity (4 small cups of espresso at a time). Also, the steam nozzle of CR-1000 is of a bent design so that one cannot use a measuring cup that is too deep, hence limiting the amount of milk that can be frothed each time. If you often make espresso/lattes for more than four people then a bigger unit with the ability to store and grind beans would be a godsend.

Finally took the time out to migrate my spam-laden Movable Type site to wordpress.com. I am also officially out of blogging semi-retirement.

For a while I debated paying Movable Type for their latest version 3.x. The MT 2.6 that I was using for my previous blog was last of the free MT installations and I thought I should at least give their latest paid version a try. But then I am convinced not running my own blog installation for the reasons 1) having to do my own upgrade everytime is not fun anymore, 2) and the time wasted on such drivel can be better spent on family or watching Doraemon DVDs.

And here are the other advantages of WordPress.com:

1. free (for the most part)
2. for the author of the blog, effortless shifting between editing mode and viewing mode in the same browser window
3. dashboard and the posting editor is well designed and thought out; preview in the editing window is great!
4. multiblog, multiuser
5. they upgrade new versions for you, saving you time
6. seems to be effective in dealing with spam comments
7. simple to use, yet feature rich
8. AJAX effects works great on Firefox - like those slick google apps
9. good selection of themes

Happy re-blogging to me!

So the Nikon F3 is on my list of tools for a wandering photographer. But a SLR camera body is useless without lenses.

Many people prefer travelling with zoom lenses, because one zoom lens nowadays can double (or even triple) as three prime lenses, thus saving weight and space in their travel bags. The downside for zooms are that they are not great in low light situations because their designs call for a smaller max. aperture. So if one uses films in the ISO 100 to 400 range, handheld speeds of 1/30 sec or less at max. aperture are the norm at around dawn and dusk (the period of the day with most dramatic light), but photos taken at such speeds, handheld, are subject to the dreadful vibrations. One can also use a tripod, except it is a bore to carry.

If you like to take pictures around dusk and dawn but don’t like lugging a tripod, then prime lenses with maximum F2.0 apertures are your best friend. Since I use a F3, which is a manual focus body, I like to pair it up with the following manual (AI-S) Nikkors: 35mm F2.0, and 50mm F1.8. They all have wonderful optics, and are inexpensive and plentiful in the used market, and they all share 52mm filters. Best of all, they are all compact and I won’t get shoulder pain after a day of shooting.

And to round out the wide and medium telephoto ends of my arsenal, I usually take the 24mm F2.8 and 105 F2.5 with me as well. These are less suitable for low light situations due to the smaller max aperture, but they are also lightweight and share 52mm filters.

So here they are:

24mm f2.8

35mm f2.0

50mm f1.4

105mm f2.5

Here is where it gets fun. If I just want to take 3 lenses for street photography, I would choose the 24mm, 50mm and 105mm. If I want to shoot portraits, then I would go for the 50mm, and 105mm. If I only want a lens for a day out but don’t have any subject in mind, I would pick the 35mm. But my ultimate kit for travel photography would be 24mm, 35mm, 50mm and 105mm.

Nikon F3

I own quite a few cameras, but one that deserves honorable mention here goes to the Nikon F3 as the ultimate camera for wanderlust.

To begin, the F3 - Nikon’s flagship for most of the 80s - is built tough, its controls simple and easy to manipulate (with the exception of the ISO setting when the flash is mounted), and its feature set more than adequate for the travel photographer. It also looks quite good.

You will find a fair share of war stories regarding the durability of the F3 on the internet. Mine is no different; I have dropped it by accident a couple times; as a result, it has a few dents on the body, but that has never stopped it from working. Looking inside, you will find a horizontal-travel cloth-shutter curtain that can be found in Leicas as well. These shutter curtains are known for their reliability, and Nikon F3’s shutter reportedly has a MTBF (mean time between failure) of 150,000 shots. To put things into perspective, if I shoot a roll of film a day it would take about 11 years to reach the MTBF.

The camera - perhaps because it was released in the early 80s - does not get loaded with unnecessary bells and whistles. You get to control the shutter speed, aperture, and focus. Should you need help with exposure you can always shift to the A (aperture-priority) mode in which the camera decides the best shutter speed for the selected aperture. I also use the depth of field preview quite often, which is well-placed and can be activated almost instantly with my middle finger. You will have to advance the film after each shot (using the silky smooth winder shaft). When you finish a roll there is no motor to help you rewind (unless you use the motor drive - which I don’t.) But I consider that a plus because you don’t need to waste battery power and for travel photography it is not important for me to have automatic film rewind.

But what I find best about the F3 is the finder. It’s bright, and offers great eye relief (i.e. my eyes do not need to be touching the eyepiece in order to see the entire screen) and has 100% coverage. Hence the finder makes it quite easy to focus, even with wide angle lenses. Enough cannot be said about the importance of having a good finder; it really makes a difference in my photography. Face it; if a finder stresses your eyes after ten minutes of photo-taking then what are the chances of getting a good picture after that?

All of this in a very manageable size and weight is perhaps what makes the F3 one of the best cameras for traveling. Sure there can be improvements but none that would hinder my photography: the flash socket, should you need to add a flash, is awkwardly placed. My style calls for a spot meter, but thanks to the F3’s 80/20 evaluative algorithm when placed in A mode, it can be used as a rough spot meter with some thinking. Finally, F3’s dependence on batteries may be inconvenient but that’s why I always keep spares. As it is the camera hardly consumes the battery; a pair of LR44 (about $2 to $3 USD) will last me a few months of regular shooting. Keep another pair of backup LR44 and that would cover at least half of year of shooting, if not more.

If I ever had the money I would not mind trying the Leica M viewfinder cameras, known for their quietness and unobtrusiveness but as it is the Nikon is a much cheaper alternative (a nice used F3 body can be found around $500) and Nikon lenses cheaper still than its counterpart (yet not in terms of quality.) Within the Nikon product line itself I find the FM3A - which employs a hybrid electronic mechanical shutter - very attractive for wanderlust but its finder is inferior to the F3 in terms of coverage and eye relief.

If my F3 does give up - however unlikely - you can count on me to buy another F3 to replace it.

A funny op-ed piece that has made me come out of blogging retirement.

I found the federal agent in the living room, listening to the phone messages. When I asked how he hacked my PIN, he laughed. He said not to worry about what specific agency he worked for, because everything was all very fluid now.

Link

Just a few hours ago I managed to get myself intoxicated with lots of red wine, so I am now extremely motivated to speak my mind on Katrina.

To begin with, I have not seen much of the tragedy on TV. All the info I have gotten came from websites or newspapers. I trust that my sources did not mislead me.

So I can now see clearly that, even in my intoxicated state, that the White House and its policies have failed to protect the US of A. They are too damn obsessed with terrorism, Iraq, and tax cuts for the rich. George Bush’s creation of the so-called Homeland Security department in which the FEMA got folded into is a big cosmic joke. I have been told that the head of the FEMA, this Michael Brown dude, used to toil with Arabian horses before his current job and did not have much experience in emergency planning and response. Even if he did, the reduced powers of FEMA - as it is now a footnote within the Homeland Security department - would be impotent to the effects of Katrina thanks to extra fatty layers of bureaucratic crap. And how did Brown get the job in the first place? Bush nominated him for the job because Brown was a friend of a friend. Democracy at work.

I have also learnt that the White House had bulked at the price tag the past couple years for rebuilding the Louisiana wetlands coastal area, which would have buffered some of the deadly effects of the waves on New Orleans driven by category 4 and over tornados such as Katrina.

And to see that vice prez Cheney’s old company Halliburton was hired to do some rebuilding efforts in New Orleans? I just don’t know what to say anymore… God bless America? Opps, I meant Intelligent Design bless America.