rejon is Jon Phillips.

[ Photo by-nd Traveling Mermaid. Listening to New Orleans "Second Line" music inspired me to write this today. Re-route around your problem! ]

I’m sick of the Great Firewall that filters and irregularly blocks some Internet traffic. Right now this takes the form of blocking Facebook and Twitter, two services many in the world are using (aka, addicted to). A growing number of people are using these services as well. I’m asked daily by people in China how to get these sites. At this point, with the blockage of sites continuing up till the big October 1, 2009 numerologically significant date for some, but insignificant to many in the world, I must post my setup. It is cobbled from parts and suggestions from many including Andrew Lih, Kees Cook and Asheesh.

The generic way to describe this setup is to use an ssh tunnel + socks proxy as an option, or secondary connection, for sending your traffic over a secure channel to another server outside of the country you live, but using the much faster non-tunneled connection for the majority of your network traffic. I keep my Ubuntu-based laptop setup without a system-wide proxy or tunnel, and then only use my ssh tunnel + socks 5 connection for particular websites through the Firefox web browser with the Foxy Proxy add-on which selects a proxy based upon a specified-pattern. I also send all bittorrent traffic over my tunnel because bittorrent trackers are irregularly blocked and poisoned in the country I part-time live. Don’t worry, its not that scary to use!

As an ode to New Orleans, I’m going to call this a Second Line SSH/Socks Tunnel (SLST).

I’m posting the first brain dump on my setup here for all, but am copying the main steps for each setup to my wiki so that others can help correct or update my steps if I left out some piece, or if my mac and windows terminology is off. I helped setup Matt’s setup on his crappy windows laptop yesterday, and everything seems to work.

Linux/Unix Generic

Easy

1. Open a terminal
2. Use your webhosting account, or external server that has SSH (secure shell) capability. You need to have a username, password and hostname for your account for the following steps.

   Here is a quick example:

   ssh -D 1080 username@hostname.com

   Here is the variant I use which adds compression, and not logging into your server (aka, only forwarding ports). The command also prints out information about what is connecting. I love to see the output that shows all this working which the -vv option provides:

   ssh -vv -CND 1080 username@hostname.com

3. Then enter your password when prompted.
4. Install Mozilla Firefox on your system.
5. Install the add-on, FoxyProxy.
6. Follow the instructions for setting up FoxyProxy here: http://foxyproxy.mozdev.org/configuring.html or with pictures, but blocked by the GFW. The crucial step is to add the hostname as localhost and the port as 1080 in the Manual Proxy Configuration. Also, make sure to select SOCKS 5 proxy. I also add to foxyproxy’s global settings to “Use SOCKS proxy for DNS looksups.” The GFW is notorious for poisoning DNS lookups (aka, your looking for domain names that match IP numbers). Egad! Oh, make sure to name your proxy something like localhost SLST or localhost SSH + Socks Tunnel.
7. To route all your web browsing traffic to your SLST, then you can select the mode in foxyproxy to use your proxy for all urls.
8. More advanced is to “Use proxies based on their pre-defined patterns and priorities”. Here is an example of the lines needed for facebook, youtube, and twitter. For each URL Pattern, make sure the pattern is enabled, name it what you want, then add the below pattern after the colon to the :URL pattern:” field. Make sure the Whitelist and Wildcards radio buttons are selected.

   URL Pattern: *.youtube.com/*
   
   URL Pattern: *.facebook.com/*
   
   URL Pattern: *.twitter.com/*
   

9. Add more patterns to sites you find blocked. Its pretty simple to copy the handiwork above for any other sites you find blocked.
10. Save your patterns and foxyproxy, and try to visit youtube, facebook, twitter, and other patterns you setup.
11. If this doesn’t work, file some comments here or on the my wiki page. This isn’t a super simple setup for some and I might have made mistakes in my brain dump. The key pieces will fail if you don’t have SSH access, or if you don’t setup your foxyproxy correctly.

Advanced

The setup I run involves the above easy setup, but I used the following autossh-based script I titled, local_ssh_tunnel. I used autossh because it keeps the ssh connection alive through closing/suspending my laptop, dodgy wireless reception and other general bugs that harm one’s net connection.

1. In Ubuntu (or other distro), install autossh through synaptic or your favorite package manager. In Gentoo, emerge autossh should do the trick.
2. Open a file such as /home/USERNAME/bin/local_ssh_tunnel

   #!/bin/bash
   
   #
   # local_ssh_tunnel
   #
   # use proxy to connect to localhost no port 1080
   #
   
   SERVER=USERNAME@HOSTNAME
   
   # 1080 is standard port
   PORT=1080
   
   if [ "$1" != "" ]
   then :
       SERVER="$1"
   fi
   
   AUTOSSH_GATETIME=0 AUTOSSH_PORT=20000 AUTOSSH_DEBUG=1 \
   autossh -v -CND 1080 $SERVER
   

3. Save the script.
4. Run the following command:

   chmod 700 /home/USERNAME/bin/local_ssh_tunnel

5. I then set the above script to run as a startup application inside of gnome in a terminal. In Ubuntu you can set this by doing the following steps.
6. Navigating to upper left-corner Application Icon > System > Preferences > Startup Applications
7. Clicking Add
8. Then filling out the fields:

   Name: BACKGROUND SLST (Second Line SSH/Socks Tunnel)
   Command: xterm -e /home/USERNAME/bin/local_ssh_tunnel
   Comment: Runs SLST in the background in terminal window
   

9. Click Save
10. Close the startup
11. If you want this immediately, you can run /home/rejon/bin/local_ssh_tunnel inside of a terminal window.
12. Now, you can just leave the above open in the window and AUTOSSH will make sure to keep your ssh connection alive.
13. Then start on step 4 above in the Linux/Unix Generic section.

Windows

There is already a great guide for setting this all up in windows. I used it yesterday. Just remember to replace the HOSTNAME with your host and to use the port of your choosing. I use 1080 because its the standard port for this operation and generally not restricted for this activity on most systems.

Here is another guide, which is even better, but has pictures. I will merge my steps with this guide now:

1. Follow steps at for graphically setting up SLST until the setting up Firefox section, making sure to replace HOSTNAME, USERNAME and the port for the one of your choice.
2. Then start on step 4 above in the Linux/Unix Generic easy section for setting up Firefox with the correct settings.

ASIDE: Here is also another guide, which is helpful explaining the basic concepts in one page, but blocked by the GFW.

Mac OS X

Easy

Since Mac OS X is a Unix-based variant you can do the easy steps above. The crucial difference is that many don’t know where one might find Mac’s terminal in step 1.

1. Navigate to a finder window
2. Then navigate to the Utilities folder
3. Double-click the terminal to be able to enter commands
4. Continue with step 2 in the easy steps above

Advanced

Setup a SLST setup not on the command line, but using the SSH Tunnel Manager graphical application. I cannot find a graphical guide to doing this. One of the great things about using AUTOSSH in the Linux/Unix/Generic advanced guide is that it keeps the connection alive through suspend, or internet outtages. There should be an option to keep-alive the connection in the SSH Tunnel Manager. Regardless, please visit the Wiki page for this article to add any notes here about graphical setup for Mac OS X to accomlish the tasks I setup here.

Conclusion

The crucial steps that I’m not really including is that you need to have some SSH capable server outside of the jurisdiction that is irregularly filtering the Internet. If you have a linode, slicehost, mediatemple, or dreamhost hosting account (which is also my ranking of best hosts in order) for your website, put that extra bandwidth to good use! That is what I helped Matt do so he can use his matthope.org external server as an external lifeline outside of here! You should do the same!

And, note this is much better than an unsecure proxy, using some shifty free proxy server that might go offline at anytime, faster than using Tor, and gives one the flexibility to surf raw and, or, secure.

Many have blogged about this type of setup. I wanted to spread the news to all the people I know, hopefully get someone to translate this into Chinese, and generally get this out of my mind so the next time I’m asked how to get onto to Facebook or through the GFW, I can point someone here, or you can pay me to set it up. #haole! Oh, and this guide is useful everywhere in the world, in Iran, North Korea or even the United States.

Yang Tao is revving up the ole DorkbotBJ that Deegan and Sleepy started in Beijing. The next event is Friday, July 24th, 2009 from 7:30 – 9:30. Here is some lovely text about the event and the presenters. I’m helping promote. Word has it that some Laoban 1.0 might make it over for the later part of the evening video and audio mixing. Sure, why not!

Here is more about Marula and Rez:

新的1期的dorkbot BJ的聚会将在大山子酒仙桥北路环铁艺术城 A-188 的marula和她的朋友们的工作室举行。之前他们想谈论关于processing的创作而目前我接到的邮件说他们正在设想1个不同的话题需要等2天。在7月24日的下午5点半开始将会有1辆mini bus 在 798门口等候截至的时间在7点在这个时间内不间断的运送我们的朋友们。

这个party的主要的演讲时间在晚上7点30到9点30 之后就是纯酒局了。。。。

［marula是1个vj和视觉艺术家 Rez是1个新媒体艺术家］

[英文翻译:sususuper]
The upcoming Dorkdot Bj meeting will be hosted in CORE Lab, Huan Tie art zone No. A-188, a new and unknown multimedia laboratory in Huantie where artists try out, develop, research and promulgate digital and audiovisual culture. Everyone with an interest in “doing strange things with electricity” [music, video art, software development, mechanical engineering, circuit bending, interactivity, anything...] is invited to come along and check out and participate in lively discussion. From the Core labs crew, Marula and Rez will talk about some projects that they are currently developing in this moment, and anyone can explain what they’re up to, show their projects, promoting related activities, requesting help or thinking about the next Dorkbot. Maybe Processing? Arduino?

On 24th July between 5:30 pm and 7 pm, a mini-bus will drive those waiting at the front door of 798 [front door = entrance N.2] (4th Rd of Jiu Xianqiao). The event starts at 7:30 pm and will go until 9:30 pm. After that, it’s totally drink time… have fun and also, for the most braves, we can go to the “outside” with the projector and the computers. Summer is even for geeks! [Don't forget the mosquito killer]

Ms. Marula is a VJ and visual effects artist. Rez is a New Media Artist.

UPDATE: You can track these events at Douban and Facebook (that is if you can get through the GFW!).

Head over to DorkbotBJ blog for maps to the space and more details.

Finally, Cleverpig and I worked out the schedule so that I will be speaking a the upcoming Beijing Open Party on July 25, 2009 between 13:00~17:30 at Thoughtworks in Beijing.

For those not in the know, Beijing Open Party is a (mostly software) hacker gathering where all are encouraged to participate, hack on some software, give quick presentations to stir up conversation. Its free! Come out, connect with others and have a good time! (NOTE: This might also be another good place to have a spontaneous #bjtweetup).

Here is my topic:

Making Computing Real: Fabricatorz and the Laoban Soundsystem 2.0

I’ve spent the last 6 years heavily on-line. I have collaboratively built several
projects including Inkscape, Open Clip Art Library, Open Font Library,
the Create Project, and worked for Creative Commons for 3 years. Most
recently I fundraised for (and spoke at) a conference I
help put on, Libre Graphics Meeting 2009. Still, with all these
projects, some part of me has felt frozen like a stone. Whether its my
soul, body or creativity, I made the leap to make computing real.

Through the creation of the open company, Fabricatorz
(http://fabricatorz.com) I decided to make real objects in addition to
virtual projects in order to move computing beyond the confines of the
virtual terminals we all stare at so dryly. While my previous projects
built on-line communities, how does one apply the virtual and open
methodologies to off-line projects. The Laoban Soundsystem 2.0, being
built in Guangzhou, China in a speaker factory from custom designs, is
a physical sound system that produces full range audio from 6000 watts
of amplified power to create “real” experiences. These events may be
electronic music festivals, parties, experiments, contemporary art
music, or simply the soundsystem existing as a respected object.

While this presentation appears as a denial of the previous work I’ve
done, it is an enriching experience of transformation. While the
Laoban Soundsystem 2.0 is a real set of massive objects, it also is
part of computing culture. All plans, released under a Creative
Commons Attribution-ShareAlike 3.0 license, were designed with CAD
software for CNC computer controlled cutting and manufacturing. The
speaker boxes were engineered to not only be Chinese, but to be
functional superior technology. And, with the CC license, the speakers
are available under, legal shanzhai copying and manufacture are
possible. Anyone may build or modify our speakers DIY (do it
yourself). Through each event Laoban does, the project website
(http://fabricatorz.com/laoban) will track on-line traffic. Microblog
posts about laoban will be highlighted in addition to sponsors who
have contributed towards the creation of the Laoban Soundsystem.

The Fabricatorz Open Company
http://fabricatorz.com

The Fabricatorz, Laoban Soundsystem Project
http://fabricatorz.com/laoban