schrödinger's dog

New printer - no more parallel ports

My old parallel port HP inkjet printer has finally been put out to pasture. I bought an HP 6840 inkjet for $68 on Ebay, plus shipping, which is a real bargin considering its list price is $179. It arrived yesterday with a big hole in the box, which had been taped over, presumably by the seller. He had stuffed a USB cable in the hole before doing the retaping. The USB cable had been described as a "bonus" on the Ebay page. Whatever made the hole in the box also took a major chunk out of the printer's housing. The printer works perfectly, however, so I'm not really complaining. What do you expect for $68?

I chose this printer because it has an Ethernet interface, which is surprisingly rare among low-end HP printers. I can connect the printer to my home network and I can use it from my PC and Barb can use it from her Mac. We had previously been routing all her printer traffic through my PC, which was connected to the parallel-port printer. Under Windows this requires lots of gymnastics. Under Linux it requires a little bit of work.

The new HP also has wireless networking. I can't really see the use of this, unless you want to put the printer someplace far away from any of your access points. It's not as if the printer is "mobile" in any sense.

The print quality is pretty good. Certainly better than my old one. I don't do photo printing at home. I usually sent that out to places like shutterfly.
Jim on 03.25.06 @ 06:28 PM ET [link]

Best blonde joke

The best blonde joke, ever.
Jim on 03.19.06 @ 05:28 PM ET [link]

Fagen

Saw Donald Fagen the other night at the Opera House in Boston. Despite Fagen's head cold that delayed the show two days, it was a very good concert. About one-third of the material was old Steely Dan music, one-third was from his new Morph The Cat CD, and one-third was from his other two solo albums. As usual with Fagen or Fagen/Becker, their backup musicians were impeccable.
Jim on 03.18.06 @ 07:10 PM ET [link]

Types of people

There are 10 types of people in the world - those who understand binary and those who don't.
Jim on 03.18.06 @ 02:56 PM ET [link]

Poor man's VPN

My company uses the Nortel Contivity VPN client for network access from outside the company premises. But I've never had luck getting it working under Linux, at least with the kernel versions I've tried. A colleague of mine actually paid for the Linux client and did get it working, but I've had no luck with the evaluation versions.

As a workaround, I've been using a reverse SSH tunnel from work to my basement server. The corporate network is a 10.x.x.x subnet behind a firewall, and my home network is a 192.168.0.x subnet behind a cable modem and NAT, with one public IP address. So my corporate machine SSH's to my home public IP addresses, usually something like:

ssh -NR 1022:localhost:22 [home-ip-address]
which would allow me to ssh from home back towards work with:
ssh localhost -p1022
and then run X apps over this. Command line apps work nicely, VNC is a little pokey, and X is pretty darn slow. It's also annoying since you need to start a new tunnel for each port you want to forward.

I just set up a slightly better system. I used a nice simple Perl script I found that combines a ppp link on top of an ssh link. It SSH's to my home basement server (public IP address), then starts up pppd on both ends of the pipe using addresses 172.16.0.1<->172.16.0.2.

Then I set up a NAT using iptables on my Linux machine at work. This maps the 172.16.0.x ppp subnet to the 10.x.x.x coporate network.

iptables -A POSTROUTING -t nat -o eth0 -s 172.16.0.0/24 -d 0/0 -j MASQUERADE -v

A few routing table entries are required on both ends and you're done. This allows my home machine to reach anywhere on the corporate network.

Since at home I actually sit at my desktop Linux machine rather than at my basement server, I have to route all the traffic through my basement server then over the ppp/ssh link to work, then out the NAT to the coporate network. This requires yet another routing table entry and NAT entry to get from my 192.168.0.x home network to the 172.16.0.x ppp network.

iptables -A POSTROUTING -t nat -o eth0 -s 192.168.0.0/24 -d 0/0 -j MASQUERADE -v

All this works better than I had expected, especially considering that it's really running TCP on top of TCP. The only thing I haven't gotten to work correctly is the DNS resolution from my desktop machine. I'd like to use my corporate DNS server when I'm connected to work, and the ISP's DNS server when I'm not. My home desktop machine doesn't have direct access to the ppp link, so I can't key off of its ip-up and ip-down scripts to tweak my desktop resolv.conf file. Right now I'm doing it maually.

The end result is that I pretty much have a VPN working from my home desktop to the network at work. And I'm not at the mercy of our corporate IT department.

Jim on 03.04.06 @ 07:35 PM ET [link]