Misc

MiscComments
19
Jun 09

How to setup an Iran proxy, quick guide (not detailed)

Intro
If you are unaware, Iranian protesters are having to use proxies to avoid Internet and journalist censorship in Iran. Proxies are allowing them to post on sites such as Twitter, Facebook, Flickr, Youtube and others. As many people don’t know how to do this, I threw together a guide. I apologize for its brevity, but I am at work and trying to get the post up quickly and follow events in Iran all at the same time.

Having said that:

Install Squid
If you’re on Windows, just follow these instructions:

http://blog.austinheap.com/2009/06/15/how-to-setup-a-proxy-for-iran-citizens-for-windows/

If you’re on a Mac, first install MacPorts (if you don’t already have it):

http://www.macports.org

Then, in the Terminal, run

sudo port install squid

(if you’re on Linux I assume you know how to install, if not Google “install squid proxy”, I also highly recommend using Rackspace’s Cloud Servers or Amazon for this type of thing since you can bring servers up and down or increase capacity so quickly)

Configure
From there it is a matter of configuring and running Squid. Edit /opt/local/etc/squid/squid.conf in a text editor (like Textmate or vi or emacs) per Austin Heap’s instructions:

4) Configure the DNS name servers on the line that says “dns_nameservers” to point at your ISPs DNS servers.
5) Now the fun part, locking access down the just the Iranian IP blocks.

Inside the text editor search (Control-W) for the line “http_access deny all” and change it to “http_access allow all”. This will make your proxy open and accessible to the world. If you would like to limit your proxy to Iranian IP blocks, you want to change “http_access deny all” to read “http_access allow TRUSTED” add a line (BEFORE the http_access line to setup an access control list [ACL]). This ACL line that defines TRUSTED should read:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

6) Setup “visible_hostname” (normally just the public IP address).
7) Turn off logging by adding these two lines:

access_log none
cache_store_log none

And finally, start is up, on the Terminal, run:

sudo launchctl load -w /Library/LaunchDaemons/org.macports.Squid.plist

Making your proxy available from home
Finally, if you are running Squid from your home network, you will probably have to configure your router. There are decent instructions here:

http://thoughtsections.blogspot.com/2009/06/proxies-for-iran-walkthrough.html

Although I still recommend using Mosso or Amazon (do you really want your home network blocked from Iran?)

MiscComments
19
Jun 09

RMAD: Recoverable Mutually Assured Destruction, as seen first in Iran

Assuming reasonably equal resources and knowledge: two parties attempting to knock each other off the internet can result in only two outcomes: either they both get knocked off or neither does. The possibility of either party “winning” is essentially impossible. The Internet’s combination of network redundancy and ability to communicate with, and garner assistance from, sympathetic parties from around makes it nearly impossible to for one party to squash another. The only thing they can do is cut themselves off completely. I think of this is RMAD “Recoverable Mutually Assured Destruction” since they can turn it back on afterwards (unlike the nuclear MAD).

We are seeing this now in Iran. The government controls the connections, but can’t cut off the opposition without cutting themselves off. So we are seeing outside parties providing proxies and passing along messages (see http://twitter.com/#search?q=%23Iranelection).

This is all intuitively clear and long predicted, but I think this is the first time we are really seeing it in action.

MiscComments
11
Jun 09

NY vs. CA, Fail Style

Floyd Norris’ has a great quip

New York has long been competitive with California, which replaced it as the most populated state. Now they are in a tight race to see which state has the least functional government. It is too soon to declare a winner.

MiscComments
8
Jun 09

iPhone 3GS preordered

Or “3G S” as they label it at the Apple Store. Anyway, claims it will arrive on the 19th, so no waiting in line. And my remember-to-recharge-every-night-or-no-music-on-commute first gen iPhone can finally be retired.

MiscComments
2
Jun 08

Fiddling with neo4j

So I’ve been fiddling quite a bit with neo4j for an idea I had. I can say I definitely like how fast and intuitive it is to use. I’m a bit worried about storage. I created 1000 nodes with 100 relationships each and my database folder ballooned to 250 megs. That isn’t huge, but it is quite a bit larger than I expected. I’m new to the framework, so I may have done something wrong in that test.

MiscComments
2
Jan 08

Qi4j

Qi4j is a new framework I’ve been looking at. As my friend Nick put it, “it’s mixins for Java!” which is, well, true; but here’s the description from the site:

Qi4j is a framework for domain centric application development, including evolved concepts from AOP, DI and DDD.

Qi4j is an implementation of Composite Oriented Programming, using the standard Java 5 platform, without the use of any pre-processors or new language elements. Everything you know from Java 5 still applies and you can leverage both your experience and toolkits to become more productive with Composite Oriented Programming today.

Next question is “what is composite oriented programming” right?

Many objects has life cycles that are more extensive than the simple model that Object Oriented Programming model wants us to believe. A few simple examples;

  • An egg becomes a chicken which in turn becomes food.
  • I am a programmer at work, a father+husband at home, a victim in a traffic accident and hunter and pray in the jungle.

But it is more to it than that. The composition of the object may change over time. My home now has a garage and my car have different kind of problems with their own state related to it.
In the programming world, we are constantly faced with change of requirements. These changes are often not related to any real world changes, but people coming to new insights of the problem domain. OOP makes those changes a big deal, and often we have to tear up large chunks of the model and redo the work.

But wait, there is more.

Some objects traverses different scope boundaries to the extreme. For instance, a Person will have its attributes changing slightly over time, new abilities be learnt and so forth, that is mentioned above. But the Person will eventually die, but that doesn’t mean that the Person object should be deleted from a system, since the “memory of” that Person may live on for a long time. In a OOP system, we would need to transfer some of the state from a LivingPerson class to a DeadPerson class. In Composite Oriented Programming, it is the same object with different behavior.

We think that one of the the main flaws in OOP is that it is not object oriented at all, but in fact class oriented. Class is the first class citizen that objects are derived from. Not objects being the first-class citizen to which one or many classes are assigned.

I can’t wait to play with this, but I have not yet had time… :(

Newer Entries →