Windows has this “internet connection sharing” feature which lets you share an existing network connection over one network adapter by turning on NAT, forwarding and DHCP services on additional network adapters.

This is really useful, but Windows’ UI for enabling/disabling it is really lacking compared to, say, Mac OS X.

When I want to share the ethernet connection over wi-fi: I have to both set the wifi adapter to connect to a private ad-hoc network, and set the wired adapter to shared. This requires 2 separate steps in two completely different places in the network configuration UI.

Then, when I want to use the computer as a wi-fi client, I have to turn both of these off, again requiring 2 separate steps in 2 separate places.  If you just associate to a real wifi network but leave sharing enabled for the Ethernet connection, then Windows acts as dhcp server and not client on the wi-fi connection.  (And if you don’t know what’s wrong, the symptom is pretty non-obvious — Windows will let you join wireless networks and report it’s connected, but no traffic will flow.)  So you have to dig around in 2 different places and remember to change both or you get a broken config.

The Mac OS way of saying, all in one place, “share this [wired] through that [wifi]”, and if “that” is “wifi”, asking the name to share it under and setting up an AP, works far better.

Another wart in Windows’ ICS:: the result is an ad-hoc network which not everything is compatible with (my iPhone works until it sleeps, but loses its DHCP address on wake; Pre doesn’t even show it).

We’ve stayed in 3 places in Argentina that were sufficiently apartment-like to come with a kitchen or kitchenette with gas stove.

Only one of them included a way to light the stove (and none of the stoves were self-lighting).

The first time, the kitchen also had an on-demand (tankless) water heater, and while the pilot flame isn’t strong enough to light a candle from, we figured out we could turn on the hot water, watch the real water heater flame ignite, stick a candle inside the hot water heater, light the candle, then light the stove from the candle (then turn off the hot water).

The second time, they kindly gave us matches.

The third time, we had to buy our own lighter. No lucky hot water heater here.

Not chilling your mixers is a good way to mix poor drinks: drinks which require too much ice, which melts too quickly, which results in warm watery drinks.

It’s possible to hijack an SSL connection that’s forwarded through a network you control, if the user and browser combination aren’t extra vigilant to verify they ended up at the requested domain. (Actually, sslstrip can generally hijack traffic on adjacent networks by pretending to be the router, but it’s even easier and more reliable if it runs on the router.)

This hijacking is possible even using best-available off-the-shelf browsers. If you control the browser, of course it’s even easier to hijack SSL; you just fake the padlock icon and send the traffic wherever you want.

I’m not saying Amazon does anything like this with the Kindle, but I am curious how to verify that SSL traffic originating in the Kindle browser is actually secure end-to-end like SSL is supposed to be.

I got curious about this and used my Kindle’s 3G connection to retrieve some pages from an HTTPS server I control, and looked at the access log to see where the access came from.

Using the Kindle 3G connection (from Argentina!), the requesting IP address was 8.18.145.245, which back-resolves as kindle-user.whispernet.com according to nslookup. (That name doesn’t forward-resolve to anything, which is suspicious network management on Amazon’s part.) Running a traceroute to this address shows packets entering Amazon’s network and doesn’t show details past that.

Setting the Kindle to use Wi-Fi instead of 3G and then requesting the page again, the requesting IP address was 190.55.119.242, which back-resolves as cpe-190-55-119-242.telecentro-reversos.com.ar — clearly in Argentina.

As another comparison point: Using my cell phone on 3G, with Wi-Fi disabled, to request the same page yielded an access from IP address 170.51.255.253, which doesn’t have a reverse DNS entry; traceroute shows this address as clearly in Argentina, however. (The cell phone was on Claro’s network; I don’t know what 3G network the Kindle was using, and it’s not necessarily the same.)

What this means is that not only does Amazon control the Kindle hardware and software, but for 3G (Whispernet) connections, they apparently route all the traffic through Amazon’s network and datacenter. It’s probably cheaper for them to negotiate bulk data contracts with a bunch of 3G networks that way, but it would make me feel better if I saw a direct route from where I’m sitting to where I’m going, like I do with the cell phone.

(Note 1: this is all moot since again, if you control the browsing software and hardware as Amazon does, there are easier ways to cheat, and I do trust Amazon not to do any of this cheating.)

(Note 2: proxying all wireless traffic, regardless of where your device is, through the home datacenter is also essentially how all Blackberry network access works, and also how Opera Mini works, right?)

This is traceroute output from a server in a datacenter in Fremont, California to the IP address of the DSL connection in the apartment I’m staying in in Buenos Aires:

skynet:~>traceroute 190.55.119.242

traceroute to 190.55.119.242 (190.55.119.242), 30 hops max, 40 byte packets

1 64.62.173.1 (64.62.173.1) 0.399 ms 0.302 ms 2.316 ms

2 gige-g3-15.core1.fmt1.he.net (64.62.244.109) 2.687 ms 3.670 ms 3.597 ms

3 10gigabitethernet1-2.core1.sjc2.he.net (72.52.92.110) 4.046 ms 4.094 ms 4.135 ms

4 Port-channel100.ar3.SJC2.gblx.net (64.214.174.245) 13.111 ms 13.034 ms 12.961 ms

5 INTERNATIONAL-SATELLITE-COMM.gigabitethernet2-5.ar3.EZE1.gblx.net (208.48.250.82) 195.896 ms 195.824 ms 195.702 ms

6 * * *

7 * * *

8 * * *

9 * * *

10 * * *

Hop 5 is the interesting one. (That lands in Buenos Aires, by the name; packets after that aren’t getting a response.) So Global Crossing is routing this over a satellite connection with ~200ms of latency?

The same trace in the other direction, from Buenos Aires to Fremont:

C:\Users\magi>tracert skynet.timespace.net

Tracing route to skynet.timespace.net [64.62.173.33]

over a maximum of 30 hops:

1 3 ms 1 ms 1 ms 192.168.1.1

2 * * * Request timed out.

3 10 ms 10 ms 10 ms cpe-200-115-195-85.telecentro-reversos.com.ar [200.115.195.85]

4 * 32 ms 33 ms te4-4.baires3.bai.seabone.net [195.22.220.33]

5 161 ms 162 ms 162 ms te4-4.ashburn2.ash.seabone.net [89.221.40.7]

6 * * * Request timed out.

7 207 ms 213 ms 207 ms 10gigabitethernet1-4.core1.pao1.he.net [72.52.92.29]

8 213 ms 221 ms 223 ms 10gigabitethernet1-2.core1.fmt1.he.net [66.160.158.241]

9 206 ms 207 ms 207 ms lafrance-internet- services.gigabitethernet3-15.core1.fmt1.he.net [66.220.10.126]

10 207 ms 207 ms 222 ms 64.62.173.33

That’s a little better; the long hop is over seabone.net, “the international backbone of Telecom Italia”; hopefully a higher-capacity land link but still slow.

No wonder net access from Argentina to US sites has seemed uniformly slow.

While traveling the world, Vanessa and I have been sharing a single netbook for internet access.  In addition to the netbook, we each have one of my old unlocked iPhones, which are useful for voice calls and even 3G data access in countries where that’s available cheap to travelers, and also come in handy as wi-fi devices for checking email/facebook/web/whatever when the netbook is already in use.

One thing we found is that in some countries (India, Argentina, Turkey) wi-fi is widely available and the iPhones (or even an iPod Touch) can get online almost anywhere; in other places (especially Japan) there’s widespread wired ethernet but no wi-fi. In these cases, it’s handy to use the netbook as a wi- fi base station, repeating the internet access from ethernet over a private wi-fi network so the iPhones can see it. (Another use for this technique is business hotels where they charge per device; if we get the netbook online we can use the iPhones simultaneously for free.)

To do this using Windows 7’s internet connection sharing, you need to do 2 things:

• set up a computer-to-computer network (in “Network and Sharing Center” control panel, go to “Manage Wireless Networks”, click Add, then choose “Create an Ad Hoc Network”; after you create this once, it will remain available in the list of available wi-fi networks)

• enable connection sharing (in “Network and Sharing Center” control panel, click “Change adapter settings”, get properties for the wired connection (probably called “Local Area Connection”), go to the Sharing tab, and enable “Allow other network users to connect through this computer’s internet connection”.

Note that you have to turn off internet connection sharing before you can join any other wireless networks. (If you don’t, Windows won’t give you any errors but traffic over the wireless network will just silently not work; this can be frustrating if you don’t know what’s going on.)

Also of note:

• internet connection sharing isn’t available in Windows 7 Home Basic that came with our netbook; we had to upgrade to Home Premium
• the wi-fi network that Windows creates isn’t perfect; one iPhone is perfectly happy to see it, another loses the DHCP settings every time it goes to sleep, and my Palm Pre can’t see it at all. Still, much better than nothing.

SFO doesnt actually use the TSA for passenger screening?

This TSA blog post is mostly a reaction to the story about how airports can opt out of hiring the TSA for passenger screening, reminding people that even if an airport does this it’s still regulated by the TSA — they still have to follow the same procedures the TSA would.

However, it also comes with a list of airports where security isn’t run by the TSA. Of personal interest, it includes SFO. I guess I’d noticed different uniforms on the security personnel but it hadn’t registered that they weren’t actually TSA.

If you use the Kindle device itself to shop in the Kindle store, you can browse and search for books, and view reviews, but: the reviews are sorted by time, ascending chronologically. There’s no way I can find to change this and it’s painful to scroll through more than a few (they’re presented 3 per screen, and there’s no way to jump around in the list), so in practice you only ever end up looking at the first few reviews in the list, which means the first few reviews posted.

There are some really egregious examples of this. For Dune, the reviews start in 1996, and even with a lot of clicking and waiting, my patience was exhausted before I got out of 1996. For the Lonely Planet  guidebook to Chile, the first reviews you see castigate the 1999 edition, but here in 2010, with the book having been revised several times since then, who knows how reflective that is of the current edition. (Note that if you follow the Dune link on the web, here, you get the real Amazon storefront which shows reviews sorted by “most helpful”, very unlike the Kindle result. That is, I can’t demonstrate the problem I’m talking about by linking to Amazon’s website, because the website doesn’t have this problem. Moreover, the Amazon website doesn’t even show the same search result for the Lonely Planet Chile guidebook I bought, so I can’t link to that at all.)

(Aside: my two examples are also additional examples of times when combining reviews for multiple editions of a product is not helpful. The current edition of Dune, and the one I bought, is the “40th anniversary edition” printed in 2005, so reviews from 1996 have only partial applicability to this edition. And the guidebook problem is obvious, since new editions aren’t just reprints with typo fixes, they’re ostensibly redone entirely.)

It would be better if they sorted reverse-chronologically, or sorted most- helpful-first, or even random if they don’t want the-rich-get-richer — which is a pretty bad problem with the current order.  But the current order is pretty much the worst possible one.

Story of TSA encounter when getting off a plane

The thing this, and stories like it, make me want to ask is: what purpose is being served here?

noblasters:

“You don’t need to see his identification.”

On November 21, 2010, I was allowed to enter the U.S. through an airport security checkpoint without being x-rayed or touched by a TSA officer. This post explains how.

_Edit: Minor edits for clarity. I have uploaded the audio and it is available _

Damn the Windows Notepad bug that makes the cursor move away from the end of the document when you add lines and press save.  How many years and they haven’t fixed that?

(I haven’t figured out the exact behavior that triggers this, but it’s something like: open a new or existing file, and add a paragraph or so at the end; leave the cursor at the end of the document; invoke the Save command, using mouse or keyboard shortcuts, and the cursor will move back a few characters. The amount it moves seems to be proportional to the amount of text you’ve added since the last save; I suspect some confusion over the 2-byte CRLF (\r\n) sequence.)

This is annoying because if you’ve trained yourself to press ctrl-s to save your document every once in a while, and you type, press ctrl-s, then keep typing, the later burst of typing won’t append like you expect it to, it’ll be in the middle of one of the words from the first burst of typing. Kind of like if your trackpad detects a false click from your palm and moves the cursor, except Notepad doesn’t need a trackpad’s help for this.

I’ve noticed this bug at least since Windows 2000, and each time there’s a new version of Windows I wonder if they’ll have noticed and fixed this, but as of Windows 7 it’s still there, and still annoying me.

Also, Notepad tends to add fake hard line breaks at the window width when you save with word wrap on.  It doesn’t really add line break, but it appears to; after you open a file (with word wrap on and necessary), edit it, save it, then widen the window, the lines don’t rewrap (until you exit and relauch Notepad).

(Yeah, who really uses Notepad? That’s probably why these bugs survive. Still, it’s there and the easiest thing to reach for when you want a text editor; if they’re going to ship it they should fix the bugs!)