Mouse Without Borders

My relationship with Mouse Without Borders is complicated. On the one hand I dearly love it and rely on it for a lot of my workday. On the other hand it stops working for various reasons and it drives me absolutely insane. I have used Synergy in the past with Linux and MacOS, but if you are just connecting Windows machines, MWB is the way to go.

The reasons to love MWB are numerous. It lets you use one keyboard and mouse to control multiple computers with a single keyboard and mouse. This is different than using a KVM switch because there is no video. Instead, you place up to 4 computers side by side and MWB lets you move the mouse off of the screen on one machine and onto the screen of another. This is significant if you use several machines at once. Most video setups support 1 or 2 monitors, but I am hardcore and like to use 3 or more screens at the same time. I like to pretend that I work at NASA.

The reason to hate MWB is that it sits at the intersection of two explosive elements: human interface devices and Windows network security.

The keyboard and mouse on are a human interface to a computer system. They are of tremendous psychological significance to the human operating said system. If the human interface malfunctions in any way, the emotional impact on the human is swift and severe. This really isn’t MWB’s fault, but it’s a piece of software playing a dangerous game.

MWB uses networking to connect two Windows systems together. This means that MWB is at the mercy of Windows networking, which can be a fickle beast. Windows networking can make file shares randomly disappear, it can quit seeing print queues, it’s chaos. I really dread messing with firewall rules on Unix systems, but I actively avoid it on Windows. The same goes for editing Group Policy. You can spend hours tuning it and then a Windows security update wipes all of it out. Using MWB mans you have to get two Windows systems to play nicely with each other. That’s two Windows operating systems, two MWB installs, and two panicky firewalls to appease. I have reinstalled Windows on more than one occasion just to realize that the problem that I am having is actually with the *other* computer. Again, this isn’t necessarily MWB’s fault, but it’s a piece of software that decided to play a [doubly] dangerous game.

When you force a vital computing component like your keyboard to operate in a volatile environment like Windows networking, you get a service that alleviates a tremendous strain and the sudden re-introduction of that strain is distilled frustration.

Advertisements

Additional Remote Access Shenannegans

In my previous post, I expanded on my preferred methods for gaining remote access to my home network. Since then, I have decided to quit using Hyper-V because it’s awful.

I have now decided to move to ProxMox on my server. Proxmox is pretty cool, although the documentation sucks. I recently started using Linux containers for my remote access servers instead of VMs, which ProxMox supports out of the box. A truly compelling feature of Proxmox is its integration with Turnkey Linux. You can download Turnkey Linux Container Templates directly in Proxmox and spin them up quickly. I used the Turnkey OpenVPN template to rebuild GATE, my OpenVPN server.

The performance improvement is remarkable. On Hyper-V, each Linux VM ate 512MB of RAM just to sit idle 99.9% of the time. So far I have 3 containers configured with 512MB of ram each, but they use roughly 25-50MB each and they leave the rest for the server. PORTAL, my Windows VM, still takes his share of the RAM and doesn’t give it back, but that’s nothing new.

Moar RAM == moar servers!
On the plus side, efficient use of memory means that I can feel better about running a dedicated Linux box (container) for each application. Dedicated boxes mean that when I inevitably screw something up, it doesn’t affect the other applications that are running (that I haven’t screwed up yet.) Also, with pre-built containers and snapshots, you can toss machines that you screwed up without losing much time. I know, I know, rebuilding a Linux box instead of fixing it is sacrilege… but I got other shit to do.

On the minus side, containers don’t really act like VMs, especially when it comes to alternative network configurations. In particular, a Linux Container that uses a TUN or TAP interface needs some extra configuring. The TUN interface is how OpenVPN does its thing, so getting my GATE machine, the OpenVPN server that allows access to the DMZ on my internal network took a lot of fiddling with to get right. I did a bunch of Googling and I ended up with this forum post that recommends rebuilding the TUN interface at boot time with a script.

Here is the TUN script that I have graciously stolen so that I don’t have to Google it again (I didn’t even bother to change the German comments):

#! /bin/sh
### BEGIN INIT INFO
# Provides:          tun
# Required-Start:    $network
# Required-Stop:     $openvpn
# Default-Start:     S 1 2
# Default-Stop:      0 6
# Short-Description: Make a tun device.
# Description:       Create a tundev for openvpn
### END INIT INFO

# Aktionen
case "$1" in
    start)
        mkdir /dev/net
        mknod /dev/net/tun c 10 200
        chmod 666 /dev/net/tun
        ;;
    stop)
        rm /dev/net/tun
        rmdir /dev/net
        ;;
    restart)
        #do nothing!
        ;;
esac

exit 0

Then you enable the script and turn it on:
chmod 755 /etc/init.d/tun
update-rc.d tun defaults

With this script, I was able to stand up a real OpenVPN server (not just an Access Server appliance) for unlimited concurrent connections! Not that I need them. I’m the only one that uses the VPN and most of the time I just use SSH tunnels anyway.

Since OpenVPN container templates make standing up servers so easy, I thought build another one that works in reverse. In addition to GATE that lets OpenVPN clients route in to the DMZ, I thought I would use an OpenVPN client to route traffic from some DMZ hosts out to the Internet via Sweden. In the past, I used a VPN service to dump my Bittorrent box’s traffic this way, but I would like to extend that service to multiple machines. EVERYBODY GETS A VPN!

Öppna dörr. Getönda flörr.
I couldn’t figure out what a machine that does this kind of thing is called. It’s a server, but it serves up its client connection to other clients. It’s a router, but it just has the one network interface (eth0) that connects to a tunnel (tun0). It’s basically setting up a site-to-site VPN, but the other site is actually a secure gateway. This identity crisis led to a terminology problem that made finding documentation pretty tough. Fortunately, I found another pirate looking to do the same thing and stole his scripts 🙂

Since it’s a doorway to a VPN gateway to Sweden, I decided to call the box DÖRR, which is Swedish for “door”. I did this to maintain my trans-dimensional gateway theme (HUB, GATE, PORTAL, etc.) Also I would like to apologize to the entire region of Scandinavia for what I did you your languages to make the pun above.

The Turnkey Linux OpenVPN template sets up in one of 3 modes: “Server”, “Gateway”, or “Client”. “Server” is the option I went with for GATE, which allows OVPN clients the option of accessing local subnets. This is the “Server” portion of a Site-to-Site VPN or a corporate VPN. “Gateway” forces all OVPN clients to route all traffic through it, this is the config for secure VPN services like NordVPN or AirVPN. “Client” makes a client connection to another OVPN server. If you connect a “Client” to a “Server” you get the full Site-to-Site solution, but there is no documentation on Turnkey about setting up a “Site-to-Site Client” to route traffic from its internal subnet to the “Site-to-Site Server”.

What I am looking to do is configure a “Site-to-Site Client” but point it to a “Gateway”. Another important consideration when setting this up was that I didn’t want to do any meddling with the setup of my DMZ network. I just want to manually configure a host to use DÖRR as its default gateway. No need for proxies, DNSMasq, DHCP or anything like that. Just static IP’s, the way God intended it 🙂

Step 1 – The Site-to-Site Client
Once I got the container running, I had to fix the /dev/tun problem (the script above) and then make some config changes to OpenVPN.

Because this is a VPN client, and not a server, you need to get the OpenVPN client profile loaded. The bulk of my experience with OpenVPN clients is on Windows where you start the client when you need it. For this application you need to automatically run the OpenVPN connect process at boot and keep it running indefinitely.

First, you need to obtain a client config. I downloaded my ‘client.ovpn’ file from my VPN provider, and I copied it to /etc/openvpn/client.conf as root. You can name the files whatever you want, just remember what you named them because it’s important later.

cp /root/client.ovpn /etc/openvpn/client.conf

Now test the connection to make sure everything worked

openvpn --config /etc/openvpn/client.conf &

The & is important because it puts the OpenVPN process into the background, so that you get your command prompt back by pressing ENTER a couple of times. You can then test your Internet connection to see what your IP is a few different ways. You can use SSH with a dynamic port and tunnel your web traffic thru it with a SOCKs proxy. You could use curl or lynx to view a page that will display your IP. Or you could just use wget. I set up a website that will display your IP so you can just grab the index.html from there:

wget -q relay.cinci2600.net
cat index.html

If all goes well, you should see your VPN provider’s IP and not your ISP’s.

Once you get the VPN client working, you then want it to start up and connect at boot time. You do this by setting the ‘autostart’ option in /etc/default/openvpn.

nano /etc/default/openvpn
AUTOSTART="client"

If you changed your ‘/etc/openvpn/client.conf’ filename, you change the name here. The AUTOSTART value is the name of that file minus the ‘.conf’

Now reboot your server and do your wget test again to make sure that the VPN connection is starting automatically.

Once that is working, you have to route traffic. This means IPTables, because OpenVPN and IPTables go together like pizza and beer.

Step 2 – De Routningen

Normally to route traffic between interfaces on Linux, you have to add IP forwarding (echo 1 > /proc/sys/net/ipv4/ip_forward etc.) In this case, the Turnkey OpenVPN template has already done that for you. All you have to do add a few forwarding rules:

iptables -A FORWARD -o tun0 -i eth0 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

Now it’s time to test them. For this you need a client computer with a static IP. For the default gateway you want to use the static IP that you assigned to eth0 on your VPN doorway server. I used 192.168.1.254 for DÖRR. If your test box also shows your VPN provider’s IP when you access a site like ipleak.net then it’s time to make those rules permanent. By saving them to /etc/iptables.up.rules. It is important to save them to that specific file because the Turnkey template calls that file when setting up the eth0 interface in /etc/network/interfaces.

iptables-save | tee /etc/iptables.up.rules

I don’t know why it’s set up that way. I’m just here to make awful jokes about Germanic languages.

Once that’s done, reboot the doorway server one last time and test with your client computer with the alternate default gateway.

Now that the my VPN client is working again, I need to rebuild my BitTorrent machine. I am going to try to save some more RAM by going with another Turnkey Linux container template.

EDIT: In my elation over getting something to work, I forgot to change the default gateway back. Unfortunately my test machine was PORTAL, which happens to control my dynamic DNS. So currently all of my hostnames are pointed at Sweden, LOL.

Remote Access Shenannegans

A while back, I wrote about using Windows HyperV server. The reason that I set up this server was to use the combination of a Linux server and a Windows desktop to get remote access to my home network. I thought that I would elaborate on the tools that I use to get into my home network from work or while traveling.

I use several methods, each with certain advantages and disadvantages. Mostly I prefer SSH over pretty much anything else in order to connect to a Linux host, and I prefer Remote Desktop over pretty much anything else in order to connect to a Windows host. As a backup, I will use Teamviewer. It’s not ideal, but it works where other services fail.

SSH is pretty much a Swiss Army Knife of network tools. You can use it to do waaaay more with it than just log into a Unix box and execute commands. It’s a tool for creating encrypted tunnels, it just so happens that 90% of those tunnels connect to remote shells. In addition to connecting to a remote shell, you can open ports on a host. I am fortunate enough to have Cincinnati Bell Fioptics which lets me open almost any port on my firewall without any bother. I forward port 22 directly to a Linux box named HUB, and I secure it with SSH keys. I can then use SSH to tunnel traffic into my home network, be that browser traffic through a SOCKS proxy and dynamic port, or RDP traffic with a local port. This works well when I am in a restrictive network that still allows outbound SSH traffic, and as long as I have my Putty session set up ahead of time with my private key. This is the technique that I use when I am not able to access my network through NeoRouter.

Remote Desktop (RDP) is another Swiss Army Knife for connecting to computers. I use Windows as my primary desktop OS. I like to use Linux mostly for server stuff and for running specific tools like Clonezilla or Kali. As a matter of fact, I prefer Linux for servers and tools over Windows. I know, I’m an odd duck. RDP not only gives you remote access to the Windows Desktop, it lets you map drives remotely to transfer files and it lets you connect at a desktop resolution that is greater or lesser than that of the machine that you are connecting to. This is a big deal when you are using RDP on a wide-screen monitor to control a server that is plugged into an old CRT monitor, or when you are using a tiny netbook to control your multi-screen desktop. Teamviewer (and the VNC server that it is based on) cannot do that.

In order to make my SSH and RDP connections, I like to use either NeoRouter or OpenVPN. NeoRouter is technically a split-tunneling VPN solution, but I like to think of it as creating a network of computers that is independent of their actual networks. Split-tunneling VPN is a fancy term for VPN connections that don’t mess with your Internet access. There are lots of other features for split-tunnels, but under most circumstances, I want my computers to talk to each other differently than they talk to the Internet.

The NeoRouter network explorer tool lets me see which of my computers are up and connected. I run the NeoRouter server on HUB, which is sitting behind my firewall, with port 32976 forwarded to it as well. Running the server inside my firewall lets me do some neat networking tricks, like having my BitTorrent VM connect to the internal IP for HUB, instead of using the Internet. My BitTorrent box uses a VPN client to route all Internet traffic through Sweden, which really slows down my Remote Desktop session. I run the NeoRouter client on my desktops and laptops, and also on my file servers so that I can access shared folders remotely. File transfers this way can be really slow, so I also use One Drive top share big files like videos or ISO images.

OpenVPN is my tool of choice for open WiFi networks at hotels and coffee shops. I can access my home network while also securing all of my network traffic. I run OpenVPN Access Server on a dedicated VM named GATE. Access Server is easy to use and configure, and it’s free for two concurrent connections. For occasional use, especially by people other than me, it works really well. There’s even a ready made Hyper-V appliance that you can just boot up and go. I used to run OpenVPN on HUB, but the networking/subnet stuff meant that I had to remember the internal IP for the OpenVPN network segment and change it to connect to NeoRouter. So I just use two separate machines and it all works out. I have built OpenVPN servers without Access Server in the past. I like to use the Turnkey Linux OpenVPN appliance, and setup couldn’t be easier.

If I cannot get in via NeoRouter, OpenVPN, or old school SSH tunneling, then I fall back on using TeamViewer. It can get me in when pretty much all other tools fail me, but it’s not as nice as using RDP. Also, it should be noted that TeamViewer can only be used to control graphical desktops, there is no command line equivalent. In order to alleviate some of the frustrations of TeamViewer’s desktop resolution, I run a dedicated Windows VM that I call Portal. I keep the native (console) resolution fairly low, and I have RDP and Putty sessions set up so I can quickly connect to my other computers.

One other thing that I use Portal for is to move files into and out of my home network. You can use RDP or TeamViewer to copy files, but for big files like videos and ISO’s, One Drive does a much better job. I have a dedicated One Drive account that I use specifically for moving files this way. I just grab a file from somewhere, copy it to the One Drive folder on Portal, and it automagically uploads. Then, some time later, I can use the One Drive website to download the file, at much faster speeds than using RDP, SCP (SSH), or TeamViewer’s file transfer tool. It’s an extra step, but one worth taking, especially if I find myself in an oh-shit-i-forgot-that-important-file situation.

The Great Big Thing(tm): TV Edition

When I am not playing Skyrim to stave off my existential dread, I watch TV. Needless to say, I have been watching a lot of TV. I used to consider myself more of a cinema nerd, but films just aren’t that good anymore. When I compare some of my favorite films from a long time ago, to the franchise drek that is film today, it lacks quality. Sure, there are good films here and there, like The Dark Knight, and Rogue One, but there are a lot of CGI messes too, and some TV shows seem to deliver more consistent quality.

Film sucks for the most part, and I can’t binge watch Adam Curtis documentaries all the time or I will lose my goddamn mind, so I watch TV. Of course I also do family stuff, but with an infant who doesn’t sleep at night, that involves a fair amount of staying up all night holding a sleeping baby, so TV is a big part of my nightly routine.

I have been watching a few new shows and re-watching some old faves, so I’m just going to list them in no particular order and say random things about them.

Stranger Things

I watched Stranger Things for the first time a couple of weeks after it dropped on NetFlix. Since then, I’ve probably rewatched it at least 3 times. It’s a great show, full of nods to 80’s movies like E.T. and Stand By Me, but it also captures something essential about my childhood, which was playing Dungeons and Dragons in my friend’s basement for hours at a time and being bullied.

There are lots of neat things to spot in the show (like the fact that Hop’s daughter, Eleven, and Will all have the same stuffed tiger) and I am unreasonably pumped for season 2, which should be out in a few weeks. I have my own theories about what will happen, but I don’t really want to spoil anything if by some odd chance this is the thing that inspires someone to watch the show, and by an even odder chance I turn out to be right. I will say that the kids’ D&D game at the beginning of the game sort of outlines the plot of the season, and their game at the end probably outlines what will happen in the second series, or at least underlines what is still unresolved at the end of the first series.

Rick and Morty (obvs.)

The new season of Rick and Morty is awesome. It’s another show full of details and fan theories to obsess over. My existential angst is both alleviated and agitated by it. The conflicting ideas finding meaning in uncaring universe either helps or makes things worse; I can tell which.

In the context of watching people with beliefs having those beliefs tested at every turn, regardless of their political or philosophical affiliations, is very similar. Rick has all the answers, and that answer is to not to think about it. As power fantasies go, Rick is either the greatest expression because he is essentially all-powerful, or the worst expression because all of his scientific and technological power never seems to get him anywhere. Again, I can’t tell which.

True Detective (season 1)

Speaking of the dichotomy of belief and disbelief, the first season of True Detective is one of the best television shows I have ever seen. Rust (Matthew McConaughey) is incredibly intelligent and yet almost unable to interact with people, except for when he is interrogating them and luring them into making confessions. There are a number of similarities to Rick and Morty, mostly having to do with the juxtaposition of human meaning and savage cruelty, but also the juxtaposition of truth and deception, duty and corruption. There is just barely enough evidence in the show to convince you that Rust is either psychic or psychotic, and somehow not enough to convince you which one.

Season 2 is a good show, it’s just not the masterpiece that is season 1. It’s still worth watching, I just haven’t watched it a half-dozen times like I have season 1. If you are going to commit to both seasons, you should probably watch season 2 first. Also, season 2 unfortunately lacks both the Southern Gothic aesthetic of season 1, and the Lovecraftian symbolism. Season 2 takes place in L.A. and without those motifs, it’s just weird L.A. people doing weird L.A. shit. Kind of like a darker version of Bosch.

The Great Big Thing(tm): SPAAAAACE Edition

In an effort to stave off existential anxiety I have been watching YouTube videos about space. This guy Isaac Arthur has a large number of really interesting videos that cover some really interesting topics about the science of science fiction. I have been listening to him talk for weeks about gravity wells, and Dyson spheres and thinking about offworld societies. All of this stuff is super interesting, and then I existential bedrock again when I started watching his videos about the Fermi Paradox and the Simulation Hypothesis.

Basically, the Fermi Paradox is this idea that there are so many planets, stars, and galaxies in the universe that there should be other planets capable of supporting life, and if so, why are there no aliens?

Once I started thinking about the Fermi Paradox, it didn’t take long to start applying the logic to all sorts of things. At first I started thinking about this for other fantasy technologies, like time travel. No one has come from the future to stop catastrophes, so perhaps time travel just isn’t possible, or perhaps human life on earth is extinguished before time travel can be developed.

Then I hit upon the Simulation Hypothesis. Which is that our reality could just be an elaborate simulation. It was at this point that I remembered a New Yorker article about how election night and the Oscars might indicate some sort of breakdown of a simulation. At first I laughed it off, but for at least a couple of years things have been going badly all over (shootings, riots, natural disasters, you name it) and there hasn’t been much, if any hedonic adaptation as a result. Maybe we are living in a simulation, maybe we aren’t, but something certainly seems to have happened to the hedonic treadmill. Or maybe the chronic and constant bullshit that is living for 15+ years in post-9/11 America has taken a toll on everyone’s collective psyche.

The Great Big Thing(tm): Nazi Bullshit Edition

I have been unable to write for a while now, and so I figured I would just write about not being able to write. That ended up being this long rambling screed about my frustration with my friends and family over their obtusely two-dimensional socio-political views. It came across really angsty and disjointed. Then all this Nazi bullshit happened and I just kind of retreated again.

Getting into the Nazi thing is kind of a waste of my time. I have been dealing with Nazis off and on for most of my adult life. I had a few clashes with Nazi skins when I was a punk, and when I went into the military I clashed with a few more in the US and in Germany. Beefing with German skins was weird. What I didn’t realize, was how prevalent these hard right-wing white power types were in the Ohio National Guard. I had a squadmate that was an ex-skin and he and a few like him were treating their Guard service as training for their revolution. They were conservative gun nuts prepping for a “Shit Hitting The Fan” scenario. This was in the late 90’s. I know these dudes didn’t go anywhere, they just got pushed into silence by polite society, and the spectre of a global Islamic Jihad deflected the world’s attention from them.

I spent a lot of time with these dudes; I got to know them. One guy hated blacks because he was divorced and his wife was dating black dudes. Another was raised to be that way by his father who was a blue collar guy who got laid off in some recession. All of it just sounded like fear and weakness to me. These guys hate people of color because people of color have the power to make them feel inferior. It’s no different than those “nice guys” that hate women because women have the power to make them feel lonely and pathetic. It’s ironic when you think about it, white supremacy threatens the lives of so many, yet all it does is protect the egos of a few. Also, these dudes go on and on about liberty, but they are the worst sort of authoritarian apologists.

Maybe I am lucky to have more than one identity, or I’m just lucky that my identity isn’t threatened by women or minorities. Being a geek is a pretty white identity, but it’s not like John Boyega, Gal Gadot, or Rochelle are going to take that away from me. Glenn from The Walking Dead can kill all the zombies and bed all the white women he wants, it doesn’t affect me in any way. The same goes for female Ghostbusters, Daisy Ridley or Imperator Furiosa.

One thing that this new Nazi bullshit did was cause more debate about the First Amendment. The Intercept was nice enough to illustrate my point about how controlling hate speech ends up suppressing progressives, which confirms my bias on these things and helps me feel a little vindicated.

What disturbs me the most isn’t the presence of White Power. It’s the lack of conscience on display from leaders of all kinds. Of course the President had nothing to say, those fashy creeps put him into office, but what about basically everyone else? A bunch of corporations took a stand, and that is probably the worst possible result. They’re Nazis For Fuck’s Sake. They are literally the worst human beings there are. They’re the definition of an easy target. When the organizations whose General Counsel advises them against any course of action, any course of action that they end up taking is the absolute least that could be done.

My lamentations about corporate power also seem to have been vindicated a little, again thanks to The Intercept. I get that we as a country have lost faith in the political process, but corporate oligarchy is not the answer. Let’s not forget that no one served any time for crashing the economy in 2008. Let’s not forget that everyone looked the other way in the interest of keeping “the system” stable. What else are we going to look the other way on? Using a private army to violate the civil liberties of a group of people? Those people aren’t white, BTW. Just thought somebody should know that.

UPDATE: This:

There is a Great Big Thing that I can’t write about.

I write because it helps me cope with a lot of things. I haven’t been able to write lately because my mind is focused on a bunch of things that are connected, but not really in a concise way. What I am seeing around me is a kind of existential apocalypse. Part of it is the world around me, part of it is the realization that I live in a part of the world where I just don’t belong.

Writing is a way to let some of that negative energy out in a (mostly) harmless way. I have suffered some physical injuries in the past year, so my martial arts training weight lifting has been sidelined for quite a while, leaving me with video games and writing as my outlets. Lately writing has been hard, so I pretty much just play Skyrim.

The Great Big Thing is a kind of toxic complexity that has led to an existential threat at a global scale. I sense that our capitalist system is collapsing slowly under its own weight and the problem is so complex that not only can nobody see it, nobody can even face it. This reflexive/involuntary ignorance has left me with a kind of general malaise and a kind of ennui about evangelizing an alternative.

I have liberal friends who don’t understand nationalism or how white supremacists operate. I have conservative friends that don’t understand the shock doctrine or force multipliers. Neither faction seems to know the difference between fiscal policy and monetary policy, or what tax rates and margins are. The only friend I have that doesn’t want to just bitch about the presidential election is a batshit conspiracy theorist. What does that say about me?

I keep pitchin’ em and you keep missin’ em

Nationalism is a logical consequence to globalization. It is the result of the failure of politics to control corporate power, or possibly the corruption of politics via money by corporate interests. It’s what happens when people lose faith in institutions. Sure there is a racist/anti-immigration component to nationalism, but there is an equal, or possibly greater component that is economic. What you end up with is a population that is mad at the globe and wants to retreat inward.

Speaking of race and nationalism, modern white supremacists want to be judged and attacked for their beliefs, especially by other whites, because it plays into their whole “white genocide” narrative. It’s the exact same tactic employed by ISIS and the Westboro Baptist Church. ISIS wants the west to crack down on moderate Muslims because it empowers their “the west wants to destroy all of Islam” rhetoric. Westboro is a family of lawyers posing as radicals. They want people to assault them at their protests so that they can file lawsuits and collect settlements. Martyrdom is the endgame, and if you engage them, they win. They’re gonna get mileage off it, so you have to get even more.

What’s worse is that my liberal friends are calling for bans on this kind of speech. Hate speech in all forms is bullshit, but that’s not the point. The point is that awful speech is a kind of canary in the coal mine. It’s the way that you prove to the world that you are willing to stand up for all other (i.e. the important) forms of free speech. If you call for a ban on hate speech, how do you plan on enforcing it? The federal government? How will you keep that ban from silencing the people who need to speak the most? Bans by government at any level *WILL* be used against activists and protesters. Any move a government body makes against the Alt-Right *WILL* harm Black Lives Matter, Standing Rock, Occupy, and every other group that liberals think is cool. I have been called a “free speech apologist” by a liberal friend for pointing this out.

On the Conservative side, my friends don’t seem to understand the pernicious nature of authoritarianism. The shock doctrine is where authoritarian governments and leaders use crises to justify the maneuvers they make to restrict the rights of the people they govern. The neocons did this during the Bush administration after 9/11. That’s not a conspiracy, the PATRIOT act was a direct result. The intelligence apparat did the same thing during the Obama administration in response to various insurgencies in the Middle East following the Arab Spring.

Most liberals were quick to criticize Bush for letting the intelligence community build its mass surveillance apparatus, but they were curiously silent about Obama letting the intel community expand it and then equip it with murder drones. It’s not about the politics, it’s about the intel community and the industries that support it forming a kind of ‘deep state’ (I hate using that term) that’s immune to partisanship. The country swings from red to blue and back to red, but the Intel Community Apparatchiks gain more power with each cycle. Oh, and the American people are silently complicit. As Trump clashes with the Intel Apparat, liberals support the Apparat, as if they have forgotten about all the kidnapping and torture that has happened in the past. At this point, throwing shade at any president means that 50% of the time, I’m the bad guy every time.

Speaking of governmental overreach, my conservative friends are just as delusional as my liberal friends. A few of them seem to think that this is still 1776 and that they can fight *whomever* on equal footing. This is a willful disregard of modern military doctrine. A force multiplier is a technology or tactic that improves the combat effectiveness of a weapon, a soldier, or military unit. Satellite communications, navigation, advanced optics, and close air support are examples of force multipliers. It’s the tactical support that makes special operations so special, not beards and MOLLE gear. Don’t get me wrong, those operators are total badasses, but behind each badass operator on the ground there are dozens of people, millions of dollars in communications equipment, and thousands of man hours of intelligence gathering. You may be shit-hot at Call Of Duty, but you can’t call in an airstrike in the real world.

Because of this worship/obsession with special operations, a kind of cargo cult has formed around guns and gun culture as a result; a certain group of people think that carrying military-style equipment and weapons makes them one of these heroic badass operators fending off a mythical Golden Horde. AR-15’s, beards and vests don’t make you a badass, years of training and access to orbital technology does.

I have written elsewhere about geardos: non-military people, usually right wingers of some kind, who are obessed with military equipment. I can admit to making use of the modularity of MOLLE gear for carrying electronic equipment, so maybe I am more sensitive to this phenomenon than others. Also, I was in the Army in the mid 90’s and MOLLE gear is way more useful than the shitty Vietnam-era ALICE gear that I had to use. There are three basic types of geardos: 1) the 2nd amendment gun nut types, 2) doomsday preppers and survivalists, and 3) people who fantasize about the zombie apocalypse. There is a weird connection between all 3 types; in one form or another they all share this kind of male power fantasy about the proverbial shit hitting the fan. The point here is that once you remove the racist/right-wing fantasy, what remains is still fantasy.

So when some NRA gun-nut talks about using his god-given right to semi-automatics to “Don’t Tread On Me” against tyranny, don’t believe it for a second. The 2nd Amendment is real, and written into the constitution, so it’s not going anywhere. That doesn’t make it a hedge against tyranny. At all. If the culture wars blossom into a full blown civil war, the military will be the deciding factor, not the geardos. Whichever side the military backs will be the winning side in very short order. You could put the entire state of Kentucky, National Guard included, up against the First Infantry Division, and my money would still be on the Big Red One. The NRA knows this, which is why their thinly veiled threats are directed specifically at journalists and not at the left in general.

My side, your side, their side, we don’t know.

What I see around me is that the machinery of the western world is grinding to a halt, and I see a militarist/imperialist/plutocratic caste that is doing steadily crazier and crazier shit to keep the machines running. Meanwhile, everyone I know is arguing over what color we should have painted the machines last year. They are -Every. Single. One.- oblivious to the fact that the machine broke down like 20 years ago.

If all they did was argue about machine painting, that might be understandable, but that is not the case. They are so dug so deep into their paint-the-machines factions that they don’t see that they have basically switched places with each other. The memes and bumper stickers that rail against Trump are basically the same ones that railed against Obama. “Obama is a Socialist” has been replaced with “Trump is a Nazi”. One side looked stupid when they did it, and now the other side looks equally stupid. Again, it’s not about the politics, it’s about the blindness to the situation.

Both sides use the same hateful condescending language. Liberals have become the new bible thumpers. “Trump Supporter” carries the same vitriol as the word “libtard”. Saving the world from institutional bigotry is great, but the tools that they use are the same right-wing fundie bullshit: judgement and self-righteousness.

If you are a liberal and you are sick of conservatives clutching their pearls in judgement of your secular hedonistic lifestyle, you don’t respond by clutching your own pearls in judgement of their microaggressions. When my liberal friends attempt to deploy guilt and shame to enforce their world view, I want to scream “WHAT ARE YOU A FUCKING CATHOLIC?”

What it’s like listening to all of this

I can’t help but feel like Arthur Dent in “The Hitchhiker’s Guide To The Galaxy”. I feel like the last sane person in a world that has gone mad.

“It comes from a very ancient democracy, you see…”
“You mean, it comes from a world of lizards?”
“No,” said Ford, who by this time was a little more rational and coherent than he had been, having finally had the coffee forced down him, “nothing so simple. Nothing anything like so straightforward. On its world, the people are people. The leaders are lizards. The people hate the lizards and the lizards rule the people.”
“Odd,” said Arthur, “I thought you said it was a democracy.”
“I did,” said Ford. “It is.”
“So,” said Arthur, hoping he wasn’t sounding ridiculously obtuse, “why don’t people get rid of the lizards?”
“It honestly doesn’t occur to them,” said Ford. “They’ve all got the vote, so they all pretty much assume that the government they’ve voted in more or less approximates to the government they want.”
“You mean they actually vote for the lizards?”
“Oh yes,” said Ford with a shrug, “of course.”
“But,” said Arthur, going for the big one again, “why?”
“Because if they didn’t vote for a lizard,” said Ford, “the wrong lizard might get in. Got any gin?”
“What?”
“I said,” said Ford, with an increasing air of urgency creeping into his voice, “have you got any gin?”
“I’ll look. Tell me about the lizards.”
Ford shrugged again.
“Some people say that the lizards are the best thing that ever happenned to them,” he said. “They’re completely wrong of course, completely and utterly wrong, but someone’s got to say it.”
“But that’s terrible,” said Arthur.
“Listen, bud,” said Ford, “if I had one Altairian dollar for every time I heard one bit of the Universe look at another bit of the Universe and say ‘That’s terrible’ I wouldn’t be sitting here like a lemon looking for a gin.”

It’s the Economy, stupid.

The thing that bugs me the most is that both sides seem to be arguing petty cultural bullshit while corporations seize power hand over fist. Liberals and conservatives call for economic reforms without having a concept of basic economic principles.

For example, the difference between revenue and income. Revenue is simply a measure of the money that comes to you, income is a measure of what’s yours to keep. Most people think about their personal income with regard to income taxes, but to the government, income is a different animal. For corporations, income is a much bigger deal.

The issue I see a lot of people discussing is raising and lowering taxes with no real understanding of the difference between rates and margins. The tax rate is the amount that you are supposed to pay, the margin is the amount of your income and holdings that you actually hand over to the government. You can lobby all you want to increase the rate, and if by some miracle you succeed it won’t make much difference because corporations don’t cheat on their rates, they cheat on their margins. You could double the tax rates on the rich and you might see a slight increase in tax *revenue*, but the government would likely end up with less tax *income*.

A better approach, in my opinion would be to adopt a flat tax, where everyone pays the exact same rate, and there are absolutely no deductions. The actual rate could lower, say to 10%, and if you close all of the loopholes for bonuses, losses (real or fictitious), and the like, the government’s tax income could increase significantly. It would also put an end to all of those tax haven schemes that are said to be hiding several trillion dollars (See the Mark Blythe video above). So, stop arguing for raising or lowering taxes. Argue for the 1% to actually pay their goddamn taxes.

The same is true for fiscal policy and monetary policy. Fiscal policy has to do with how the government spends money. Monetary policy is how the fed controls the money supply through interest rates. The two really don’t have much to do with one another, other than they sort of come into play at similar times. Low interest rates are supposed to spur borrowing, but they also discourage saving. Interest rates have gone about as low as they can, so not much else can be done by the fed to stimulate the economy. It’s up to the government to do the rest.

This is where the complexity comes into play. I have ranted about this before, so I will do what I can to not duplicate the issue here. I am frustrated by the discussions that I see because the left and the right are arguing based on two narratives that don’t tell the whole story. Basically, engineering an economy always has unforeseen consequences. Not engineering an economy always has predictable consequences. The New Deal was probably the most ambitious attempt at engineering an economy, followed by the Clinton and Blair administrations’ campaigns to deregulate the economy in the late 90’s. Both maneuvers are what put us in the state that we are in now. It’s impossible to get it right, but that’s not the point. The point is that neither narrative (pro-economic-engineering or anti-economic-engineering) captures the complexities of a national or global economy. Economies are made up of individuals, who may or may not act rationally, and may or may not act in their own self interest. Trying to create stability within these large and complex systems is foolish and will ultimately lead to nonpolitical forces seizing power. Non-political forces do not have to answer to voters, which is undermining people’s liberty and will continue to undermine the social contract.

This is what I mean by the machinery of The West grinding to a halt. The machine isn’t doing what anyone wants, and so everyone keeps adding and removing gears, rather than taking a look at the overall design and looking at making a fundamental change. Not just the economy, not just the political system, but to pretty much everything. This is where I should get on my soapbox about a movement based on post-Internet ideas and technologies to give the power back to the people, but I just don’t have it in me.

I hate separating hackers based on morality.

I have given a few talks recently to non-hacker audiences. In so doing, I learned that even at its most basic level, the idea of what hacking is, is kind of lost on “normal people.” The “Wanna Cry” malware couldn’t have better illustrated the things I was trying to teach.

It’s not that normies aren’t capable of understanding, it’s that they have been given the wrong information  by the government, the media, and popular culture for years. There is this fairly lame idea of hackers following  this sort of monochromatic gradient matching that of the old-west: the good guys wear white hats, the bad guys wear black hats, and there is a spectrum of moralities in between. There are legitimate ethics that guide hackers, they just aren’t the kinds that you hear about in movies and on TV:

  1. The Sharing Imperative – Hacking is a gift economy. You get tools, knowledge and code for free, so you have to share what you have learned to keep growing the pool.
  2. The Hands-On Imperative – Just like “real” science, you have to learn by doing. Take things apart, break them even, and learn how they work. Use that knowledge to create interesting things.
  3. The Community Imperative – Communities (geographic, philosophical, etc.) are how it gets done. Crews, clubs, chat rooms, hackerspaces, conferences, email lists, are all places for n00bs to ask questions and get flamed, and for l33ts to hold court.

Monochromatic Morality
The typical whitehat is a security researcher, penetration tester, or security consultant that only hacks the computers and networks that they have permission to hack. This can either be a lab environment built for research, a client who has retained security services, or an employer who has granted express permission. Whitehats then disclose their findings. This disclosure may be for the benefit of a client or an employer, or it may be to benefit the public. The key difference is that the whitehat first seeks permission and then shares their discovery for the benefit of others.

The typical blackhat is a generally considered to be a criminal. They hack systems that do not belong to them and then do not disclose their findings. The exploits that they develop are then hoarded and stockpiled for their benefit alone. The key difference is that blackhats do not seek permission, they do not disclose their findings, and they hack for the benefit of themselves.

The gray areas have to do with the degree to which a hacker has permission, discloses their findings, and how they profit from their activities. Whitehats are supposed to have “real” jobs and share everything, blackhats supposedly don’t have jobs and therefore hack for money. A typical grayhat might hack systems that don’t belong to them but then anonymously share their findings, or they might develop their exploits in a lab, but then sell those exploits rather than disclosing them.

In my professional life, I routinely employ hacking tools for the benefit of my employer, whether it’s scanning networks to find and fix problems, or cracking passwords to help users who have lost access to their computers. In previous jobs, I have exfiltrated research data from one network to another at the request of the data’s owner. While I don’t always have my employer’s explicit permission to do what I do, they hired me to fix problems for their users, so I do what it takes. The things that I learn, I then share and teach to others, whether that’s talks at conferences or Cinci2600 meetings, or posts on this blog. I have no idea where that falls in the white/gray spectrum.

Chromatic Pragmatism
red_vs_blueInstead of black and white, I prefer to look at hacking from a red vs. blue perspective. Regardless of your moral compass (or that of your employer), you are either on the offensive end which is the red team or the defensive end, which is blue team.

Teams are better terms to think in because hacking is a social activity. You may or may not be physically alone, but you are always learning from others. You read docs and code, you try stuff, you get stuck, you look up answers and ultimately ask someone for help. The idea of hackers as introverted smart kids living in their mom’s basements isn’t nearly as accurate as TV would have you believe.

Regardless of the reason why you are hacking a computer or a network, you are either the attacker or the defender. You are either probing defenses looking for  a way in, or you are hardening defenses to keep others out. You can further divide these activities into application vs. network security, but at that point the discussion is more about tools.

A great example of this is the people that run botnets. Once a bot-herder gets control of a computer (bad), they will then patch that computer (good) so that some other bot-herder doesn’t snatch it away from them (???).

Thinking about hacking in terms of offense and defense takes away all of the politics, business, and patriotism of your red and blue teams. If you are a red teamer, backed by your country’s military, you might be doing black hat stuff like seizing control of things that don’t belong to you for a “good” cause. You might be a blue teamer working for organized crime syndicate, doing white hat stuff like analyzing malware for “bad” people. You might be a whistle-blower or a journalist, exfiltrating stolen data to expose bad acts by a government.

Wanna Cry: with the good comes the bad, with the bad comes the good
The Wanna Cry debacle is interesting because of its timing, its origin, its disclosure, and its impact.

Its timing is interesting because nation-state political hacking is like half of all discussions when it comes to the Presidential election. Turns out that the USA hacks as much or more shit than Russia does.

Its origin is interesting because the tools in the leaked sample appear to come from the NSA. The leak comes from a group known as “Shadow Brokers.” They said they would auction the rest for a large sum of money. The world got a head start on an inevitable malware outbreak thanks to some bad guys doing a good thing by releasing something that they discovered. Something that the US Government had been hoarding to use against its enemies.

The disclosure is interesting because the first release is a free sample to prove the quality of the goods they intend to auction. This is the Golden Key problem in a nutshell: a tool, used by the good guys, falls into the hands of the bad guys, and chaos ensues.

The zero-day exploit exposed by the leaked tools was then used to implement a large scale ransomware attack that severely affected systems in Europe and the UK. A researcher was able to locate a call in the ransomware to deactivate the malware, which stopped the attack dead in its tracks. There are lots of theories about this strange turn of events, but my personal theory is that the ransomware campaign was a warning shot. Possibly to prove out a concept, possibly to urge everyone to patch against the vulnerability before a proper villain did some real damage with it.

The idea that NSA tools were compromised and disclosed by a criminal organization, turns the whole black hat/white hat thing on its head. The NSA was hoarding exploits and not disclosing them, which is total black hat move. Shadow Brokers exposed the tools, prompting a widespread campaign to fix a number of vulnerabilities, which is a total white hat move. So you have a government agency, a “good guy”, doing black hat things, and a criminal organization, a “bad guy”, doing white hat things.

If you want to talk about the specifics of the hack, the NSA’s blue team didn’t do its job, and the Shadow Brokers’ red team ate the NSA’s lunch. The blue team’s principle was a server where attacks were either launched or controlled. This server was the red team’s target. It’s a pretty epic win for the red team because the NSA is a very advanced hacking group, possibly the best in the world.

The Nature of Freedom

A few cultural events have caused me to think a lot about freedom lately. Of course our new Presidential administration has had an effect, but also some films, television programs, and documentaries. Also, I have been assisting my local political community and the results are pretty depressing.

One film that I saw was “Arrival“. It is based on a short story called “The Story Of Your Life” which goes into more philosophical detail than the film, and centers on the idea of free will. The aliens in the film can see time in a planar rather than linear fashion. Because of that, they have no concept of free will. Knowing what is coming leaves them with no choice but to play their parts to contribute to the known outcome. Speaking to others isn’t so much an exchange of ideas as it is a declaration or codification of events, like announcing a winner, or pronouncing someone dead. Reading the story left me feeling that I had broken my brain in some fundamental way.

Not long after that, I started watching “Westworld“. The hosts in West World are driven by code which is interpreted by their central processing units. Because they store memories digitally, they don’t remember things, and instead reload (relive) them. As a mercy to the hosts, their memories are erased on a regular basis. Something within the code that governs the hosts causes them to start remembering and all hell breaks loose. Again this idea, while fictional, made me think about the nature of freedom.

The idea of reality as a lived experience, the cognitive lens that we see the world through, is based on recollection of previous experiences. Our human memories are not perfect; we cannot retrieve bit-for-bit copies of stored data the way that a computer can. We cannot go back and relive an experience the way that a host from Westworld can. As we experience something, it is colored by a complex mix of emotions and bias. These imperfect and colorized recollections then shape how we experience new things. These new experiences, perceived through our flawed cognition, are then stored using that same flawed mechanism, making it even more flawed. As humans age and grow, their cognition becomes a kind of degenerative corruption of observation. Your lived experience might actually just be shitty encoding.

As I watched these works of fiction, I have also begun to listen to intellectuals dissect the ideas of freedom. I watched a series of documentary films by Adam Curtis. The idea of this series, is that efforts have been made to reduce the idea of humanity into self-serving automata. This numeric representation of humans relies on a kind of rational strategy that guides us. The problem with this simplified view of course is that it ignores the shitty encoding that guides human decision making.

The documentary series points out the use of Zero Sum Game Theory in modern political, economic, and even biological research. This cynical approach led to the dissolution of the idea of human individuality and the rise of popular psychology which uses drugs to manage human behavior. Oversimplification of human behavior leads to a kind of segregation based on small sets of variables, rather than meritocracy. The result is the corporate-run caste system that we have today. More importantly there are two varieties of freedom: one of struggle and coercion based on violent radicalism, and one of meaningless consumerism. Meaningless consumerism is how The West operates without violent revolution; people are free to do whatever they want, so long as all they want to do is watch TV and buy things.

This my issue with the western idea of freedom. It is a comfortable existence; it’s largely devoid of bloodshed, but it is also largely devoid of meaning. Buying new things – says the guy with 4 laptops – isn’t making yourself any happier. Watching TV – says the guy who came to this conclusion by watching movies and TV – doesn’t help you to improve yourself. Being a radical freedom fighter isn’t the alternative, and it’s not like you can bring down corporatism in a bloodless and market-friendly manner. What you can do, however, is diversify. Instead of using violence to coerce others into your idea of freedom, I think that you can build communities around ideas other than meaningless conformity and draconian order. Organizing into communities is the start, but you have to go much further.

Paradoxically (or perhaps ironically), I criticize the tendency for governments and corporations to reduce humanity into numerical figures, yet I cannot help but to see political and economic systems as complex networks. I am an avid proponent of peer-to-peer networking, of decentralization, and the mistrust of authority. In a peer-to-peer network, there are no clients and servers, there are only nodes. The power of the Internet is not that it connects nodes, but that it connects networks of nodes. We, as individuals, have to organize ourselves into networks that pursue and produce meaningful things. Individuality is important, but agency may actually be more important. Having freedoms that you do not make use of is pretty much the same as not having freedoms to begin with. If you are a corporate-run fascist state, it’s probably a better for you if your subjects ignore their freedoms. Convincing them to do that might be part of your game plan.

This is the idea that I am moving around in my mind. What is freedom? Do we in The West actually have it? Did we lose it or did we give it away? The thought process is similar to the Orwell vs. Huxley debate, but I think it goes further because it should take into account human tendencies. Huxley kind of does with his societal focus, but Orwell does not because he is more focused on politics. My concern is with more essential things, like the nature of cognition, the nature of free will, and the nature of humanity.

Windows Hyper-V Manager is Stupid

I spend many hours at work in the middle of the night. Sometimes I work on my own things by connecting to my gear at home. I call this telecommuting in reverse. In order to facilitate my reverse telecommute, I use a couple of machines, one Linux box I call Hub, for OpenVPN, SSH, and NeoRouter, and one Windows machine I call Portal, for Teamviewer, Remote Desktop, and to run my DNS hosts Windows-only dynamic DNS client. Hub died, and so I figured I would run the two machines on one box via XenServer or Virtualbox. It turns out that the hardware for Portal doesn’t do Linux very well. So I decided to take a run at virtualization with Hyper-V. Hyper-V Server 2012 R2 lets you evaluate the product indefinitely, so I thought that would be a good place to start.

After downloading the ISO, which is hard to locate on the MS TechNet site, I burned it to disk and wiped Portal and loaded Hyper-V Server and configured a static IP for it. This isn’t a high end box, it’s a dual core AMD with 8gb of ram. It’s fine for using Windows 7 as a springboard to get into my home network. I just want to spin up a couple of low end Linux boxes and a Windows machine. The sconfig.cmd tool is fine for the basics of setting up the box, but since I am not much of a powershell guy, I wanted to use the Hyper-V manager on another workstation. I was trying to do this without having to pirate anything, and it turned out to be a complete waste of time.

Hyper-V Manager and the Hyper-V Server that it can manage is basically a matched set. You can use the manager on Windows 7 to connect to Hyper-V on Server 2008 and earlier. You can’t really use Win7 or Win10 to manage 2012 R2. So, I basically have to either pirate Server 2008, pirate Win8.1, or pirate Server 2016. Or, I can just use a ProHVM, a third party tool from a Swedish company that seems to have been invented specifically because Hyper-V Manager is the worst.

Even with ProHVM, it’s not all champagne and roses. Accessing the console of a VM causes wonky keyboard performance. This is mildly frustrating, so I recommend using a mouse as much as possible for configuration of a VM. The only real showstopper is logging in to a Linux box with no GUI. Having only 50% of your keystrokes register makes logging into the console completely impossible because you don’t see the *** to let you know which character you are on.

My workaround for Debian VMs is to not set a root password, which forces Debian to disable root in favor of sudo, like Ubuntu. Then you set a very short password for your user account (like 12345, same as the combination to my luggage) and make certain that you set up an SSH server during setup. Then you can SSH to the box and use the ‘passwd’ command to reset the password to something more secure. Then you can configure SSH keys for your logins.

So if you find yourself in a situation where you need to do virtualization on Windows, and you are deeply invested in the idea of using 2012 R2, don’t bother with Hyper-V manager. Instead, download ProHVM, and then use ProHVM as little as possible. It’s free for non-commercial use and you can build new VMs and all that stuff that you *should* be able to use Hyper-V Manager for.