OS X Internet Connection Sharing

Creating a wireless ad-hoc network on a MacBook

Just another reason why I love my Macbook: We arrived at a new Hotel today, and although both Aimi and I needed to use the Internet, there was only one network port. I wondered how difficult it would be to share my Internet Connection with her via the Mac’s wireless interface, but as with most things on the Mac, it turned out to be incredibly simple.

  1. Go to System Preferences > Sharing > Internet Sharing
  2. Choose share your connection from Built-in Ethernet to computers using Airport
  3. You may optionally want to click Airport Options to add WEP encryption or change the network name.
  4. Tick the Internet Sharing checkbox to enable it. By default, the network will be named after your computer’s hostname. E.g. mine is called paul-macbook

Fixing the backspace key with OS X and Linux Screen

Here’s the problem: You ssh in to a linux system from your Macbook’s terminal and join a shared “screen” session. Instantly your backspace key stops working as a backspace key and becomes a forward delete key, resulting in those annoying “Wuff Wuff” messages at the bottom of your terminal.

Well I found a solution to this tonight. Simple do the following:

  1. Go to Terminal > Preferences > Settings> Advanced
  2. Tick Delete sends CTRL – H

Et voila. It should be fixed.

Changing the Sent Items folder in OS X Mail

We have a linux IMAP server that uses “Sent” as the default name for it’s Sent Items folder. However, at least in my case, the OS X Mail app seemed to expect the folder to be called “Sent Items”.

To set the Sent folder to be pointed at the correct Sent Items folder, you must select that folder from the account tree, and then select Mailbox > Use This Mailbox For > Sent.

It took me a while to work this out, so I have posted here for future reference.

How to show Wireless Network Connection Speed in OS X

It took me a while to find out how to do this on our iMac, so I thought I would blog it for future reference. If you want to find out what speed your wireless network is connected at on a Mac, you can do this with the “Network Utility”.

  1. Go to Finder
  2. Press CMD + SHIFT + U to open the Utilities Folder (or navigate there through Applications)
  3. Open Network Utility
  4. From the info tab, select the network you are interested in.
  5. The link speed will be shown in the interface information window.

The link connection speed is highlighted

Using Xserve Server Monitor with localhost

Our new XServe arrived today and one of the first things I decided to test out was the Server Monitor application. From the Server > Configure Local Machine I set up a static IP address on Port 1 of Lights Out Management interface, but when I tried to connect to this from Server Monitor, it failed with the following error:

4/10/08 5:49:33 PM: Failed to contact server

The strange thing was that I could connect to it from another mac on our network. So I then tried to connect to localhost instead (127.0.0.1), and this immediately worked!

Secure browsing on an insecure network – the easy way!

In my post yesterday, I talked about how to securely browse the web on an insecure Internet connection. The method I used was to install a proxy server (squid) on a trusted machine and ssh tunnel to it. However, one of my developers, Andy, kindly pointed out to me that there is a much easier way – just use SSH’s dynamic port forwarding as a SOCKS proxy.

To create the tunnel:

ssh -D 3128 [email protected]

To configure OS X to use the proxy, go to System Preferences > Network > Advanced > Proxies

OS X SOCKS Proxy Settings

Tick SOCKS Proxy, and specify the server as 127.0.0.1 port 3128, then click OK and Apply on the following screen, and that’s all you need to do!

Secure browsing on an insecure network with my Macbook

UPDATE: There is a much easier way to achieve a secure tunnel/proxy that doesn’t require squid to be installed. I’ve blogged it here. The method described on this page may be useful if you want to log the pages you visit. Also, if you wanted to block out ads, you could swap out sphinx for another proxy such as privoxy.

I’m currently on holiday in Avoriaz in France, and I’m browsing the Internet via an open wireless hotspot. Given how easy it is to intercept traffic on an open wlan, this could have posed a bit of a security problem as a lot of the website admin panels I access (including my blog’s wordpress admin) are in an insecure (http) area.

However, there is a solution that ensures that all my traffic (not just https) is encrypted, at least until it gets back to a more trusted part of the Internet.

The solution involves setting up a proxy server (squid) on a trusted server somwhere (e.g. a datacentre, or your home or office) and then connecting to this server via an SSH tunnel.

For this particular howto you will need the following:

  • An Apple laptop running OS X 10.5 (Leopard)
  • A Linux server (preferably running Centos / RHEL) in a trusted location

Installing Squid on your Linux Server

Firstly install squid using your desired package manager… I have a Centos 5 server, so I’m going to use yum:

[root@pablo ~]# yum install squid

Next, edit the squid config to allow any local ips that might be listening on that server:

[root@pablo ~]# vim /etc/squid/squid.conf

I added a line to allow my servers public ip. NB, at this point we aren’t permitting your laptop’s IP, only the local IP addresses on your server.

acl localhost src 127.0.0.1/255.255.255.255
acl localhost src 87.124.70.62/255.255.255.255

Now setup the runlevels for squid so that it starts when your server starts:

[root@pablo ~]# chkconfig squid on

If that worked, it should be set to on for run levels 2,3,4 and 5:

[root@pablo ~]# chkconfig --list squid
squid 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Finally start squid if it isn’t already running:

[root@pablo ~]# service squid start

Setting up your laptop to use the secure proxy

To get the laptop using our secure proxy, we must do two things. Open an ssh tunnel to the proxy, and then setup Safari (or your browser of choice) to use this proxy for any required connections.

To setup the secure SSH tunnel from port 3128 on your laptop to port 3128 on the squid server, just run the following command:

paul-macbook:~ paul$ ssh -L 3128:localhost:3128 [email protected]

Then all you need to do is configure Safari (or Firefox) to use port 3128 on your local machine as its proxy, and all traffic will be routed via this secure tunnel before being re-routed to the rest of the Internet. Of course, this won’t secure your browsing from then on, but you can at least be sure that it is not being intercepted by fellow users of the wifi hotspot.

So click on the Safari Menu at the top of the screen, and then click preferences (or press CMD + ,) This will open up the Safari preferences. Make sure you have the advanced tab open.

Safari Advanced Settings Menu

On this menu, click the Change Settings button next to Proxies. This will take you to the System Preferences Proxy menu.

OS X Leopard Proxy Settings

Select the protocols you wish to enable the proxy for (in my case I just chose HTTP), then fill out the proxy server address, which is 127.0.0.1 (localhost) and the port, 3128.

And that’s it! You should now be able to browse the web as if you were using your Linux server directly. This method has the added advantage that it can be used to bypass geographic ip based restrictions, as it makes you appear to be where you server is located.

Downloading iPlayer MP4 streams on Linux

Last week, the BBC made their iPlayer content available for the iPhone, and by doing so they unwittingly made all their content available to download DRM-free as an MP4 stream.

The process is simple; change your browser’s user agent to replicate an iPhone, then you will be able to view and download the mpeg 4 videos.

Download MP4 iPlayer videos in 2 steps

In this example I am going to use wget to download the files via the command line.

1. First you need to lookup the URL for the MP4 stream. The easiest way to do this is to use a web tool that extracts program information from an iPlayer URL (e.g. Eastenders). Paste the iPlayer URL you want to download into the search box on that page and submit, then right-click download the MP4 video and copy the url.

2. Now fire up a terminal and run wget, replacing the URL with the URL you copied from the first step:

wget --user-agent="Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3" http://www.bbc.co.uk/mediaselector/3/auth/iplayer_streaming_http_mp4/b0094z1j

An alternative method is to use this ruby script, which takes an iPlayer URL directly and does everything for you.

BBC Reaction

So far the BBC haven’t said a lot about this revelation. Currently, their official line is as follows:

The BBC iPlayer on iPhone and iPod Touch is currently in beta, which enables the BBC to pick up on these issues and find a solution that ensures the content is delivered to users in a secure way before the service is rolled out

According to their technology blog, they will be posting a fuller response in the next few days. My hope is that they don’t do a u-turn on the MP4 format. If any staff from the BBC Media team read this post, here is my message to you:

Dropping the DRM from your mp4 streams for the iPhone is a fantastic step forward, so please embrace it!

Using an open standard will allow license paying users of any platform to enjoy the content they have a right to view, with minimal additional development costs to yourselves.

There is no DRM when people save shows on Sky+ or their video / dvd recorders (or even straight to their computer via a DTV tuner), so why cripple the iPlayer service with it?

At the very least you could make your in-house productions available on MP4 to all, whilst you get the third party producers on board.

Macbook Air brings iPhone’s multitouch to a laptop

Steve Jobs announced a new Macbook for their laptop line up during his keynote speech at the Macworld Expo today. The Macbook Air will be the world’s thinnest notebook, but even though it’s small in size, it’s not short on features:

  • Aluminium case
  • Illuminated keyboard with ambient light sensor to auto detect darkness
  • 5 hour battery life (with wireless enabled)
  • Multi-touch (iphone style) Touch pad
  • Wireless 802.11N networking (up to 250mbps)
  • Bluetooth 2.1 + EDR (up to 3mbps)
  • Just 1.94 cm thick and 1.3 kg total weight (just over half the weight of current macbooks)
  • Fits in an A4 envelope? (or the US equivalent)
  • LED backlit screen for lower power consumption
  • Optional 64Gb solid-state drive.

Macbook Air
You can buy the new Macbook Air for £1199 from Apple’s online store or pay a whopping £829 more for the SSD version!.

T Mobile lock in = no iPhone for me….. yet

I’m pretty jealous… Brendan picked up his new iPhone yesterday and has been flashing around the office all day.

iPhone

I have been telling myself since the iPhone launched that I would wait until the 3G version (hopefully) comes out next year, but after seeing Brendan effortlessly read his e-mails, speedily tap out text messages, listen to his iTunes library and read his visual voicemails on a beautifully huge touch-sensitive screen…. I just couldn’t wait.

So I phoned T-Mobile:

“I want to cancel my account to get an iPhone with O2… how long is left on my contract?”

“You’ve still got 8 months I’m afraid sir….”

“Really, that long? How much to buy myself out of the contract?”

“It will be 322 pounds sir.”

“Oh, can I downgrade to a lower tarrif?”

“Not until month 11 sir”.

So T-mobile have decided for me. If I could have bought out my contract for say, £100 then I might have done it but £300 (plus £269 for the phone itself) is just too much. Looks like I’ll be waiting for the 3G iPhone 2 after all.