I just discovered the gvpr transformation language that comes with graphivz. Up until now, I spend far too much time manipulating dot graphs for various reasons. gvpr is an awk like language to manipulate dot graphs. It seems pretty complete, and allows you to do a lot of simple operations in one line. One small example is to split a graph in its connected components in many graphs, one per file.

The one line is :

ccomps -x dominators.dot | gvpr -f split.gvpr

where ccomps is a tool (that is also part of the graphivz suite) that computes connected components of a dot graph. The option -x creates a digraph for connected component (by default it creates a graph with a lot of subgraphs). The results of this command is piped to gvpr that is the graphivz language interpreter. The program itself is very simple :

BEGIN { int n; }
BEG_G {
  n = nNodes($G);
  if ( n > 2 ) writeG($G,$G.name); 
}
END {}

for each graph, if the graph has more then two nodes, write the graph in a file. and voila !

We live in a nat-ed / firewall-ed world. Almost all DSL providers don’t give public IPs and when the do, they are often behind a draconian firewall. In this context having an emergency remote shell, despite not fast and not public is very handy. A simple way to solve this problem it to create a hidden server on the tor network and the access the shell from anywhere in the world without caring of change of IPs, routing, dns or anything else.

On debian you can just install tor from the official repository. Since Tor is not available in ubuntu (but it is available on debian), we need to get it directly from the tor website. There is a nice write-up on the ubuntu site : https://help.ubuntu.com/community/Tor . And these are the details on the tor website.

So we add this to apt.sources

deb http://deb.torproject.org/torproject.org lucid main

and the we aptitude install tor .The package will install and run by default the tor daemon. Next step is to edit /etc/tor/torrc to add the proxy server.

HiddenServiceDir /var/lib/tor/ssh/
HiddenServicePort 22 127.0.0.1:22

Remember also to install the openssh-server server if you don’t have it already. And this is it. In the directory /var/lib/tor/ssh/ you will find a file with the hostname on the TOR ring that you have to use to connect to you new hidden server.

On the client side we need to aptitude install connect-proxy. It’s a simple tool to tunnel ssh through a socks5 connection. Now you are ready to test. In your ~/.ssh/config you can simply add something like

Host *.onion
ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p

and then ssh-way youronionhost.onion server . The connection will be veeeeery slow since you are going through different layers of encryption and indirection. You should also check the hostid of your server before connecting and dropping in a pub-key as you should never trust your friendly TOR providers (US govt, Chinese gvt, Iranian govt, etc …).

For emergency is actually pretty handy. For anything else if will make you die of boredom …

Update

Ahhh . It seems I’ve assumed that since TOR was not available on ubuntu, this was the same on debian. Tor is definitely available on debian, but not on ubuntu. Blah… check before asserting wrong information ! Post fixed.

I love titles with plenty of buzz-words :)

After a bit of google-ing I finally found the right combination of tools that fit my needs. Luckily they are all packaged for debian and well documented. Auto-configure your network is an old topic. There are plenty of articles and howtos. Moreover the gnome NetworkManager already solves many problems alone. But since I don’t use NetworkManager I tried to find a solution that works well with wicd.

The “right” combination for me so far is to use guessnet and ifplugd to handle my wired connection and use Wicd for the wireless network. In theory, you can go for a fully automated solution using guessnet and wpa_supplicant, but I find much better to hide all the complexity of wpa_supplicant and just use a simple - and unobtrusive - UI to handle my wireless.

First thing is to convince Wicd to leave alone my wired connection. This is pretty easy since Wicd wont touch your wired interface if it finds an entry in /etc/network/interfaces for it. Moreover to selecting always switch to a wired connection when available will make Wicd to leave alone you routing tables even if there is a wireless connection available that is marked as automatically connect to this network.

Second you need to install guessnet and ifplugd

aptititude install guessnet ifplugd

I’ve noticed that the default settings for ifplugd work pretty well except for the -q option that sometimes lives my interface configured even if I’ve been disconnected for quite a while. Using ifplugd default, I re-obtain an address every time the cable is plugged-in, maybe causing a small delay in some occasion, but I prefer waiting that de-configuring the interface by hand.

Guessnet needs a tiny bit of work. The debian package has already nice defaults that you can copy directly in your /etc/network/interfaces.

# Use guessnet
mapping eth0
        script guessnet-ifupdown
        map default: dhcp
        map timeout: 3
        map verbose: true

iface interface inet manual
        test missing-cable
        pre-up echo No link present.
        pre-up false

# By default, perform DHCP
iface dhcp inet dhcp

These will make sure you avoid long timeouts and you leave the interface configured even if no cable is connected.

Now you have to add one entry per network that you want to configure:

iface home inet dhcp
        test1-peer address 192.168.0.30 mac 88:43:e1:xx:xx:xx

For example to use dhcp on your home network (and of course run any if-up / if-down script as you like). Or :

iface work inet static
        address  192.168.0.1
        netmask 255.255.255.224
        gateway  192.168.0.234
        dns-search buuu.org
        dns-nameservers  192.168.0.30
        test peer address 192.168.0.1 mac 00:1e:xx:xx:xx

to set a static address at work. Guessnet is nice and well integrated with ifupdown. Very flexible and documented. I had however the impression that from time to time the documentation I found on the net was not in sync with the latest release…

I’ve also noticed that a component of guessnet is not in the package anymore. Guessnet-scan is a small program that will output a stanza to be used with ifupdown based on values sniffed on the wire. This is a kinda of extreme / hackish way to get connected but i reckon a nice tool to have. Hopefully it will make it back in the package sometimes soon…

ps: first post on debian planet !

” I know you think you understand what you thought I said but I’m not sure you realize that what you heard is not what I meant” — Alan Greenspan

The second workshop I attended at the open word forum was about the involvement of the free and open source community in natural disasters. Quite frankly I didn’t know anything about these efforts and I was amazed by the level of commitment of this community.

The first speaker introduced sahana that is a FOSS disaster management system. The Wikipedia has a page about its story and development. Mark Prutsalis introduced the role of free software and crowd-sourcing in recent years highlighting its strengths and flexibility compared to government agencies. In particular sahana and the people from crisis common played a big role in the first days of the relief efforts during the Haiti earthquake early this year.

Another important player is the ushahidi community. The build a number of tools that are increasingly used to connect poeple during natural disasters, monitor political elections, diseases, fires, etc. It’s clear that build awareness among people and empower them with these kind of tools can really give back to the community a voice that was long lost in the global village. And there are many projects that go in this direction.

On really important components of these technologies is openstreetmap. Differently from other commercial map providers, and thanks to free licenses and open standards, openstreetmap allowed to visualize and organize the over-growing information that can be collected through crowd sourcing. In this context open standard plays a really important role giving the possibility to exchange information and to easily mashup new different sources in some useful way.

Another nice effort is the to build tools is lead by the Crisis Common community. Last week they organized a Crisis Camp in Paris. Unfortunately I could not attend, but I really applause the effort and the spirit of such gatherings.

Last link I want to give is about NGO in a Box. Despite not directly related to crisis management and crowd sourcing, this kind of tools are certainly a terrific help to the humanitarian aid community and it definitely worth mention them.