Our first Nitrox dive didn’t go as well as it could have This was definitely a learning dive.
First, SDUA gave us aluminum 80 tanks. I hate AL 80′s, they end up floaty instead of sinky at the end of the dive. That’s why we have high pressure steel 80′s. They start off sinky and end up less sinky.
But we (Jess and I) did get to analyze them at the shop using an Oxycheq analyzer. Good experience. One of the tanks didn’t have as much O2 in it as we wanted so we got it topped off before we left. Awesomeness #1.
Once we got to The Shores we unloaded all the gear and I spent the next 30 minutes trying to find a parking spot. Not so much fun, but it worked out. We re-tested the tanks before we finished gearing up and saw that there was as much as 0.5 percentage points of difference between Steve’s brand new analyzer and the Oxycheq at SDUA. Interesting, but not significant since we always round up (32.1% → 33%) for safety.
We then neglected to put enough extra weight in our pouches to deal with the aluminum tanks being lighter. Mistake #1.
The swim out was fine, there were 3 – 5 ft. waves that we got lucky timing. Getting our fins on and swimming out was just peachy. Once we were out I had a little trouble sinking, getting all the air out of my dry suit resolved it. Jess had quite a bit of trouble getting the air out of her dry suit and couldn’t sink well at all either. When diving aluminum tanks you should sink like a rock at the begging of a dive. Mistake #2.
Jess had to go back up and I went up with her, being a good buddy. Steve popped up and suggested that we just swim down a bit to get under and we’d be fine. We listened to him. Mistake #3.
Once we were down and swimming with the group we got separated as I was checking out a giant flounder. Mistake #4.
Jess was having a really hard time staying down and I didn’t fully realize when she was trying to show me that she was getting low on air. It wasn’t until we were at 40 ft, going back in that I saw she was down to 650 psi. Mistake #5.
At that point we started going up as slowly as we could, but without enough lead it didn’t really work out and we ended up making that rapid ascent you see at the end of the graph. Nothing we could have done about it #1.
Luckily, because of the extra oxygen in the tank our ascent was from the equivalent of around 30 ft on a 60 ft dive. We didn’t have much nitrogen in us at all.
We made it back all right, we weren’t bent and don’t expect to be. We got really lucky and this was quite the wake up call for us. I think we’ll both be better divers from here on out because of this experience.
So I think I got this thing configured to start putting the RSS/ATOM feeds through FeedBurner now. I’m not really sure since I’ve only got the one machine to test on right now. If you’ve got an RSS/ATOM feed and it’s not working, please let me know!
Strobist points out that Midwest Photo Exchange is having a big Kingston CF/SD card sale! I just ordered two CF 8GB Ultimate 133X cards. After rebate that’ll set us back $60/card.
Long story short, you guys end up with some really good deals on compact flash (and SD) cards. Unfortunately the rebates are U.S. only, there is a limit of two per household and they have a limited amount of cards. So, early bird gets the worm. And get those U.S. citizenship applications in ASAP.
How cheap? How ’bout 8gb CF for $49.95 after rebate? (And 4gb for $23.50 AR.)
After my last post about using OpenWRT, and OpenVPN to transform a $50 wireless router (the Linksys WRT54G) in to a $150 wireless router and VPN end-point I’ve had requests for more technical details. Below you’ll find an accurate description of how I accomplished this task. I don’t promise these instructions are the best or the easiest. They’re certainly not the most eloquent, nor the most succinct. However, the steps below did work for me. With a little luck they’ll work for you as well.
One further note: this is not to be undertaken lightly. Solid UNIX experience is required to follow these procedures. As I said, this is probably not the easiest path to travel. I simply worked the way I know how: with SSH, scp, and vi. If you aren’t comfortable with those three words, or don’t know what they are, look for another tutorial. I’ve failed you and I’m sorry. I firmly believe you can accomplish this task through OpenWRT’s web interface; I just didn’t bother.
Step 1: Check your hardware
Examine your wireless router carefully. Make note of brand, make, model, and if applicable, hardware version. The OpenWRT wiki has an extensive hardware compatibility matrix. My router is a Linksys WRT54G v1.1, a very well supported model. Apparently using the reset button on the back will have disastrous effects; I’ll have to keep that in mind.
Step 2: Download OpenWRT and upgrade your router firmware
I chose the latest stable version of OpenWRT: 0.9 (white russian). You can find a list of downloads on the OpenWRT website. Linksys makes firmware updates available from time to time. Normally these are in response to security issues. As such, they provide a simple administration page for uploading new firmware images. Uploading the OpenWRT file via this administration page is all that’s required.
I should point out that this is the most critical part of the procedure. There is a non-zero possibility of you doing irreparable harm to your router. This is termed “bricking it” since your devices ends up as functional as a brick if things go horribly wrong. While it’s highly unlikely this will happen you should be aware of the risk.
Your router will reboot once and come back up with all the settings you had before. You shouldn’t notice any interruption in service. It even keeps the old administrative password. The administrative password is assigned to root as well. Use this password when you ssh to the router.
Step 3: Install extra packages
This isn’t strictly VPN related. Skip this section if you’re satisfied with your current wireless network.
I wanted to use WPA2 (vs. WEP) for wireless encryption. My MacBook Pro supports WPA2 natively and Jess has a copy of Windows XP SP2 that can do it as well. The only issue was the router: the old firmware didn’t support it. Obtaining WPA2 support was simply an issue of finding the right package, nas, and installing it. Installing it couldn’t be simpler: ipkg install nas. Alternatively you can install this package through the web front end by going to System → Installed Software → Available Packages.
If you don’t know what tcpdump is you can safely skip this paragraph. Being a network geek I find that having tcpdump available can make life easier while diagnosing problems. A tcpdump package for OpenWRT is available: install it the same way as other packages, ipkg install tcpdump or via the web interface.
Step 4: Install OpenVPN on the router
ipkg install openvpn, or through the web interface. There’s apparently a web interfaces for OpenVPN, but I’ve not worked with it. This step concludes software installation on your router.
Step 5: Install OpenVPN scripts somewhere else and generate certificates
Having a UNIX-like machine available is very handy at this point. My MacBook Pro would work well. We also have a FreeBSD machine we can use (it hosts this site!). There might be a way to this using Windows, I simply don’t know how.
Since I already had OpenSSL installed on my FreeBSD machine I downloaded the full OpenVPN package and extracted the shell scripts that make life easier, they’re in the easyrsa directory. I’ve repackaged just the shell scripts and made them available. Be sure to edit the vars file and change the last few lines.
There are a few steps to this:
Run vars: . ./vars
Clean up: ./clean-all
Create a Certificate Authority (CA): ./build-ca
Create a server key & certificate: ./build-key-server server
Use TCP port 443 since that should be available on every network — it’s the port used for secure websites!
Tell OpenVPN where the CA, server cert, server key, and Diffie Hellman files are.
Define the subnet that will be used on the inside of the VPN tunnel. Notice that I picked a subnet I don’t expect to be commonly used.
Push two routes to the client making it easy to get to our two hosts (the mac mini and the tank robot.)
Use the normal compression settings
Use a CRL file to house revoked certificates.
Run as an unprivileged user so that in the case of an attack, control of the wireless router isn’t immediately granted.
Next you’ll need to upload certain files: the CA certificate, the DH file, and the server cert/key. Once it’s configured, get it running by creating a start-up script. It should look about like this:
Start the server by running the script with a single “start” argument. It won’t be functional yet, but it should start running and stay up.
Step 7: Configure the firewall to allow VPN traffic
There are some simple rules to add to /etc/firewall.user to allow VPN traffic into the router:
### OpenVPN
## allow connections from outside
iptables -t nat -A prerouting_wan -p tcp --dport 443 -j ACCEPT
iptables -A input_wan -p tcp --dport 443 -j ACCEPT
## allow input/forwarding for the VPN interfaces
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT
Note that above the tcp 443 correspond to the OpenVPN server configuration. Should you choose UDP or some other port, modify the rules accordingly.
Once those have been added, run /etc/firewall.user to commit those changes.
Step 8: Configure your client machine
I configured a Windows XP client by downloading the OpenVPN GUI for Windows. You’ll need the ca.crt, client key, and client cert you generated above to get the client working. Once you’ve installed the software, browse the example configuration file and change what’s appropriate. Generally this consists of updating the names of the keys, the name of the sever (your routers public IP or hostname)
Step 9: Test! Have a coffee!
At this point testing is best done from outside your home network. Go to a Starbucks or some other internet café. It would probably make your life easier if you knew the public IP of your router before you left the house. It would also help to have incoming SSH connections allowed through the firewall. Do this by adding or uncommenting these lines in /etc/firewall.user:
### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
iptables -t nat -A prerouting_wan -p tcp -s 69.63.196.112 --dport 22 -j ACCEPT
iptables -A input_wan -p tcp -s 69.63.196.112 --dport 22 -j ACCEPT
At this point your VPN should work. If it doesn’t you can SSH to the router to experiment with and modify the configuration. You can also look at the output your client is giving you: most OpenVPN clients seem to be rather verbose. Finally, you can run tcpdump on the router if you installed it.
Step 10: Enjoy!
If all went well you should have a lovely new VPN and your wireless router has a new lease on life. If things didn’t go so well, please share. If you’ve found a better way to do something or have questions, please comment. I’m not offering complete tech support, but I can answer questions. If you’d like to complain about my writing, feel free to leave a note with /dev/null.
Normally I think that the delivery chain style problems are interesting. How do you send a package from point A to point B as quickly and inexpensively as possible? That’s not an easy question to answer! It’s also very similar to how the internet works, sending your data from one computer to another when you look at a web page.
I cannot for the life of me fathom how FedEx makes any money.
Recently I ordered some items from Amazon. Since Amazon was, in this case, a front-end for another company I didn’t know if they’d be shipping from po-dunk Idaho, New York, or what until I got my shipping information from FedEx.
My package is shipping from Los Angeles, CA. From there it’s not going on to a truck down to San Diego, CA as you might expect. No, it’s going to FedEx’s famous Memphis sorting facility. From there it will fly back across the country to … Los Angeles where it will, I expect, be put on a truck and driven down to San Diego.
I called up FedEx to get some insight into what’s going on. The nice lady on the phone informed me that since Amazon had picked the 3 day delivery option it was going to show up in 3 business days. End of story. She also told me, amazingly, that had I picked overnight shipping (which wasn’t an option) it still would have flown to Memphis and then back to LA to be driven down to San Diego.
I just don’t get it; they’ve got a hub in LA — right at the airport! Why this extra step to Memphis? I like to think they’ve got a good reason for it but aside from “policy” I simply can’t think of one.
Recently I decided that running VNC on our Mac Mini was fun. VNC is a program that lets you control other computers as though you were sitting directly in front of them. Since the mini is connected to our TV that meant I could do things on it (like move files around) without having to change what’s on the TV.
That’s a pretty easy thing to do. I downloaded Vine Server onto the mini and opened it up. Next I downloaded Chicken of the VNC onto my laptop. Chicken of the VNC is a VNC client it lets me connect to Vine Server on the mini.
Once I got that working I decided that being able to do this kind of thing remotely would be really fun. The thing is, I didn’t want to open some ports in the firewall and give the whole world access to my mini. There was only one solution: a VPN! (Background on VPNs). Here’s the rub though — our wireless router (the ubiquitous WRT54G from Linksys) doesn’t have the software to be a VPN end-point.
If I wanted to get a VPN end-point box it would cost about $100. That’s $100 I didn’t want to spend. $100 buys a lot of sushi.
I remembered a friend of mine playing with OpenWRT before and having success. OpenWRT is a firmware replacement for WRT routers — just like mine! The firmware is what tells the device how to be what it is — like DNA for hardware.
So I downloaded OpenWRT and installed it. That put Linux on the router. Now that linux was on it I could install lots of Linuxy software. After a few more minutes I had OpenVPN installed and running. As you can guess from the name it’s a free (“Open”) VPN server. Following the directions only took a few minutes to get all the SSL certificates I would need set up.
When I got to work I quickly installed the OpenVPN for Windows software and got it configured. Now I can check on the tank if it’s a hot day and make sure it’s not getting too hot. I can also use Tight VNC (like Chicken of the VNC, but for Windows) to check on the mini from work.
Overall I this was a lot of fun and a great way to get some extra value out of hardware that’s already at least 4 years old. If you’d like more technical details, just say so in the comments!
to Higgins! Jess, Charles and I went up to LA on Saturday to pick him up from a breeder based out of Sacramento. He had a rough ride home, sleeping most of the way. Tonight after another brief introduction with Hannah we took some photos
I think this screenshot tells volumes about why I wanted to upgrade the firmware on our wireless router to OpenWRT. I wish I made it up, it’s lolspeak. This was the dying breath of the ancient firmware on our router.
Yes, these are the same kinds of cars I saw in Frankfurt.
Yes, they only have two seats.
Yes, they’re made by Mercedes-Benz.
Yes, they do have pep!
Yes, they’re supposed to go up to 90 mph!
Yes, they’re supposed to get ~ 40 mpg.
Yes, even perma-grump Charles had a good time test driving it!
No, you wouldn’t take this on a road trip.
cialis blues Cialis In India cialis comments
lilly cialis! 50mg Viagra Retail Price Q cialis restrictvalue web tadalafil soft tabs usa 576.
cialis patient assistance program Buy Real Cialis Online cialis generic pharmacy online
cialis en ligne de pharmacie How Do I Get Cialis australia viagra cialis supply;
cialis alternative
what is better levitra viagra cialis
tadalafil prescribing information Viagra Pfizer taking cialis and viagra together
5 mg cialis Best Canadian Pharmacy cialis segmentation,
are enseignes sp cialis esLevitra Uk hiv drugs and interactions with cialis
cialis best price Legal Pharmacy Online "cialis without a perscription"
buy cialis online say wordpress Buy Viagra Online Without Prescription lowest price cialis
very cheap cialis Soft Viagra cialis accessory
cialis general information Buy Viagra Soft Tabs cialis and erections
cialis dependence
net cialis
cialis blues Cialis Online From Canada cialis comments
cheapest cialis price Best Canada Meds Q cialis restrictvalue web tadalafil soft tabs usa 576.
cialis patient assistance program Viagra 50 Mg cialis generic pharmacy online
buy cialis domain Canadian Non Prescription Viagra australia viagra cialis supply;
cialis alternative
Q cialis restrictvalue web tadalafil soft tabs usa 576.
cialis and viagra Cheap 25mg Viagra cialis generic pharmacy online
cialis en ligne de pharmacie Propecia 1mg australia viagra cialis supply;
cialis alternative Buy Cialis Once Daily what is better levitra viagra cialis
This was definitely a learning dive.
