« January 2007 | Main | March 2007 »

Rainy Brighton

February 26, 2007

One of the things I have been missing lately is to be out for a whole day looking for photo opportunities.

At the moment I have a bit more spare time on my hands now that my wife is in Brazil for work (she took our little one with her). So last Sunday I finally got a chance for photography while on a day trip to Brighton, England.

That day I was met with typical South East England weather: heavy rain, sunshine and strong winds changing every 40 minutes.

brighton seaside and rain1/320s F/5.6, 20mm F/2.8

During one of these heavy rains I took shelter under the Madeira Drive arcade. The sun was shining from far West and because it was getting late the sun was characteristically yellow.



Prime Minister Tony Blair responds to my signature

February 24, 2007

big brother societyEarlier this week I received a semi personal e-mail response from the UK Prime Minister Tony Blair. Here is an open response it.

Last week I signed an online petition to "Scrap the planned vehicle tracking and road pricing policy" in the UK.

The UK government has proposed a plan to replace road tax and petrol duty with road charging. In the scheme you would pay up to £1.30 per mile you drive.

The cost per mile would be variable so that heavily congested roads could be taxed more. "Black boxes" would be installed in vehicles to track their position and determine correct road cost.

The intention to monitor and track every movement of every vehicle in the UK is a very sinister thing to do.

Some argue that the intention is good but what matters is the reality. In reality there will be mistakes and blunders and there will be missuses from various government organizations.

Mr Blair keeps tellings to us what he thinks is the best way to do things. I believe that instead he should be representing us by acting on what the people he represents want.

Almost 2 million citizens have voiced their opinion and they don't want this scheme in place. If you disregard children and the elderly, 2 million is a noticeable proportion of the voting population.

So please Mr Blair, listen to the people that voted you in and scrap the planned vehicle tracking and road pricing policy!

Photo credit: Ynr



Happy New Year of the pig

February 18, 2007

So I was on a walkabout close from Trafalgar Square, London and noticed an amazing amount of people in the streets.

There was a performance on and everywhere red decorations and signs of Happy New Year.

Last time I had seen this kind of celebration for the Chinese New Year was in Singapore many, many winters ago.

I reckoned the best action would be in the actual China Town so I headed towards it.

Many of the major streets between Trafalgar Square and China Town were closed of for motor traffic and it was a spectacular feeling walking around these famous streets like it was in Disneyland.

There were several crowd control measures in place like one way pedestrian streets which made it a bit tricky but I made it to the golden gate in the end.

Most of the shops and restaurants had cabbage and red envelopes hanging from their doors.

Several processions with Chinese lions were performing the traditional lion dance to usher in the new year.

The lion would dance in front of the store front and like a curious cat inspect the package. It would capture the package, spit out the cabbage but keep the red envelope with money.

Suddenly the stewards started pushing people around me into different directions because two of the lions were about to have a show down right where we were standing. This turned out to be great fun and gave splendid close up views of the acrobats hiding in the lion costumes.

Call it a pig, a boar or a hog; I wish you a very red and happy new year!

PS The lions kiss at 1:15



To talk or not to talk

February 17, 2007

shop liftingThe other evening I was shopping for a few quick groceries at our local corner shop.

While browsing among the chicken fillets and beef steaks, a gentleman appeared next to me.

He was well dressed and well groomed and opted for the premium beef steak. He then hesitated for a moment and added the premium chicken fillet to his shopping.

I went off to the check out and noticed him choosing among the vegetables by the exit.

He gave me a quick and casual look and then went straight out; clearly without paying.

For a while I was considering whether I should be a good citizen and quickly notify the staff about this. I concluded that it wasn't my job to police the shop and that the shop surely has CCTV which may or may not have caught it on tape.

Neither do I know the circumstances behind the man's actions and I was not going to judge him for them. Somebody else will do that (Karma, God, whathaveyou).

What would you have done?

Photo credit: Fanboy29



Oral-B Braun 9500 Triumph DLX Electric Toothbrush review

February 07, 2007

Braun Oral B Professional Care Triumph 9500 DLXIn Sweden there is a saying that goes "A Dear Child has Many Names" and were that true, this electric toothbrush would be very loved indeed.

Call it OralB, Braun, PC9500, Professional Care or just Triumph, I found it to be well designed, doing a great job but ultimately not a £169 (recommended street price) worth of job.

The brush uses oscillating action as in opposite to ultrasound action. I researched the issue for 5 minutes before the purchase and found reports that oscillating action is more effective so opted for it.

Four different brushing modes are available. They are all just different combinations of speed and pauses. Soft mode is lower speed, Clean mode is the standard fast mode, Polish is a mode where speed keeps increasing and decreasing and Massage is a pulsed mode.

The novelty of the different modes wore off very quickly and the brush is now always in Clean mode.

While brushing you teeth, the brush signals you every 30 seconds with a short pulse. After 2 minutes it switches itself off.

The digital battery indicator is really handy to see how much juice there is left in the brush and will save you from half-finished brushing sessions. At the moment our battery refuses to charge to more than 50% but I hope this will improve with more usage.

braun-Oral-B-Professional-Care-Triumph-9500-DLX-kit.jpgThe box contains all of two brush heads; one for whitening action and one for flossing like action. In addition the box contains the Oral-B Braun 9500 Triumph brush, a sleek charger, a base to rest your brush in and a handy travel case which fits the brush and two brush heads. Oh yeah, there is a manual as well :-)

The price of the Oral-B Braun 9500 Triumph ranges from online prices of £70 to a high street price of £169. I find this price difference a bit worrying as it suggests that the product is over valued. If you are keen on this top of the range dental hygiene equipment, don't spend any more than £70 on it!



HOWTO: Free Secure web browsing and access to home network using OpenVPN

February 03, 2007

Public WiFi access points are getting more and more common making it easier to browse the Internet and read your emails on the run. Unfortunately tools to capture or manipulate such open traffic are getting very mature and easy to use.

Windows Remote Desktop and VNC/RealVNC are two very convenient ways of connecting to your home desktop from anywhere in the world. Unfortunately once you enable public remote connections then any person or hacker can also try and connect.

I'll admit that I am a bit late to the game but I have finally found a solution and managed to implement it.

It is called OpenVPN and has all the benefits of open source software: supported by a large community, you can inspect or improve the code, it is free, you can audit the security and much more. As a bonus it is also supported on many different operating systems.

In a nutshell OpenVPN consists of a server part which runs on a computer (or compatible router) on your home network and a client part which runs on remote machines. You use the same software for both parts; it is just the configuration that distinguishes a server from clients.

Once the remote machine has connected to your machine at home, all Internet traffic is tunneled (sent) securely to the machine and then out on the public Internet.

Instant messaging, emails, web browsing, document transfers, video conferencing, VOIP, anything and everything will be transparently encrypted and forwarded to your machine at home.

Any hacker listening to your traffic on the public WiFi will from then on just see 2048 bit encrypted traffic and any hacker wanting to connect to your home computer will require a signed certificate resigning on your home computer (unlikely).

Download
I'll assume you are using Windows in which case the OpenVPN GUI is a great addition to the OpenVPN and you should download both at the same time (choose openvpn-2.0.9-gui-1.0.3-install.exe).

Install
Run the installers (with admin privileges) and choose the default installation locations.

Configure network settings (bridge)
OpenVPN will install a new network device (TAP-Win32 Adapter V8) which is used for the encrypted traffic.

On the server machine you will have to bridge the TAP-Win32 Adapter V8 with whatever network adapter you are using to connect to the network (most likely LAN).

Select the two network adapters in Network Connections, right click and choose bridge connection. This could take up to 45s but after that your Internet connection should function normally. If it doesn't, you may have to modify the bridged connection with whatever settings your LAN connection had previously.

The good news is that you don't need to bridge adapters on the client machines.

Create keys and certificates
OpenVPN is based on PKI (public key infrastructure) for session authentication and you will need to create several certificates and private keys for connecting to the OpenVPN server.

First you will create your own CA (Certificate Authority) certificate and use it to sign your (one) server and (many) client certificates. You will also need to generate a file with Diffie hellman parameters.

The README file in the easy-rsa folder explains this very well and provides several batch (.bat) files to automate this.

One advice would be to create private keys WITHOUT a password. You do this by selecting a blank (none) password when the script asks for one.

Configure server
OpenVPN comes with sample server and client configuration scripts in the sample-config directory. Copy the server script over to the config directory and customise it for your environment. Below are some of the most important settings:

port 1194 # The default OpenVPN port
proto udp # more efficient than TCP but not always available for clients
;dev tun # you will not be using this
dev tap
dev-node OpenVPN # or whatever you renamed it to in Windows Network Connections
ca ca.crt
cert <server machine name>.crt
key <server machine name>.key
dh dh1024.pem
;server 10.8.0.0 255.255.255.0 # you will not be using this
server-bridge <gateway ip> 255.255.255.0 <start client ip> <end client ip> # Eg 192.168.0.1 255.255.255.0 192.168.0.60 192.168.0.70
push "redirect-gateway" # This will forward ALL client internet traffic over the encrypted channel to your home
client-to-client # if you want the different connected remote machines to see each other and be able to exchange files
keepalive 10 120
cipher BF-CBC # Blowfish encryption. Use DES-EDE3-CBC for ultimate security
comp-lzo # compression on
persist-key
persist-tun
status openvpn-status.log # Monitor this log file for any problems
verb 3 # use verb 6 for diagnostics

Configure clients
client
;dev tun # you will not be using this
dev tap
dev-node OpenVPN # or whatever you renamed it to in Windows Network Connections
proto udp
remote <server IP or host name> <port number> # The public IP of your
OpenVPN server
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert <client machine name>.crt
key <client machine name>.key
cipher BF-CBC # Must be same as on the server
comp-lzo
verb 3

Improve security
On server:
port 51002 # Use a high number (>10,000 for higher security)
max-clients 1 # Limit this to how many remote machines you expect to connect
cipher DES-EDE3-CBC # Triple-DES for ultimate encryption
tls-auth ta.key 0 # An additional layer of protection, the effect is a bit like using a firewall. Generate it with openvpn --genkey --secret ta.key. Use 1 in client configurations
;client-to-client # Do no allow client to client connections

On client:
ns-cert-type server # Easy-rsa automatically creates server certificates with this flag
tls-auth ta.key 1

If you have any questions feel free to leave a comment and I'll see if I can help you out!