Rather doing a simple vpn+nat-style situation, I decided that my local server (whack.csh.rit.edu) needs to be available to the world. The machine I vpn into (kenya) currently has a nat rule in pf.conf so I can get to the world from whack (which is now in my room on a roadrunner line behind a nat box). I changed the nat rule to a binat rule and added an IP alias to kenya, and now you can ssh to 'whack.csh.rit.edu' from anywhere and get the box here on roadrunner. Furthermore, all my traffic comes "from" whack.csh.rit.edu, so it's as if I were on csh's network. Go go gadget vpn.

This all seems quite neat to me, I didn't expect it to be so easy...

I put some more work into my kiosk interface today. I made the keyboard widget highly pluggable, such that you can drop one anywhere on a page. The particular place I wanted to try this first was on the Drink machine login page.

projects/kioskweb/demo/drink.cgi?login

If you do a 'view source' on that page, you'll see that it looks somewhat like html, but there's this little widget tag that you shouldn't recognize. An xslt sheet turns that tag into something more useful - Look in your dom inspector for the actual result. This shows you how I'm somewhat planning on building this web-based kiosk interfacing system.

The end result will be that you can write your pages in psuedo XHTML and drop in fully featured widgets with simple tags like the widget tag. I currently support two forms of input (xml-wise) - those are XHTML with slight modifications and something I came up with that's less html-oriented. An example of this can be seen in this directory: projects/kioskweb/demo/xml

The entire interface is in xml, any html pages you may load are actually static html pages generated from xml. If you want to take a look at my xslt sheet, then click here. Opera 8 does not appear to support doing xslt client-side, so if you are using opera the pages won't render properly if at all.

This project is going to be all over xml/xslt like a donkey on a waffle.

So I'm working on my new touch-based web interface, and I decide that having a pool of widget objects to use would be swell. The first thing I thought I would need would be some kind of on-screen keyboard. A quick glance at the first few google results for 'javascript on screen keyboard' showed nothing promising. So, I started reading about object-oriented javascript, and an hour or two later I have a keyboard.

Now I have a keyboard widget I can load at any time. Huzzah!

Demo: http://www.semicomplete.com/projects/kioskweb/demo/keyboard.html
Javascript: http://www.semicomplete.com/projects/kioskweb/demo/keyboard.js

Dropping Wendy off at the airport earlier this week reminded me to work on the kiosk interface project I've wanted to work on. I started it today, it uses XML, XSLT, and JavaScript. The current implementation is pretty crappy, but visually it gives you an idea of how things might work.

To be frank, it looks like Any Other Webpage and doesn't appear to have anything special about it, but the cool part comes soon, I guess.

See it: http://www.semicomplete.com/projects/kioskweb/demo/

I needed a neat way to write and present articles. I got bored and wrote a little xsl script that turns my happy new article xml into some html-ish stuff. So far it's looking very cool. For instance, it will do automatic table-of-contents generation with proper anchor tags, etc. I'll post more on this later when it's finished. I'd finish it tonight, but I'm tired.

• ppp over ssh article
• article.xsl
• article xml

I got bored today and wrote a quick script to start/stop a ppp over ssh vpn. I'm working on an article on how to get ppp over ssh working for freebsd, so that'll be up shortly. I've also been working on a few new upgrades to logwatch, i'll commit those as soon as they're completed.

% ifconfig ndis0
ndis0: [snip...]
        inet 129.21.112.158 netmask 0xffffff80 broadcast 129.21.112.255
        media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps)
        status: associated
        ssid baccus 1:baccus
        channel 11 authmode OPEN powersavemode OFF powersavesleep 100

As you can see, I'm currently using wireless on some random access point I associated to called baccus. I don't know who's access point this is, but it's what ndis0 insists on associating with, so I don't complain. Being on a school campus is, in my opinion, one of the most potentially dangerous networks you can put your computer on. Here you'll have an assortment of geeks of varying clue levels - pretty much anyone with half a brain can sniff all the wireless traffic they want.

Having my traffic sniffed isn't really annoying until I want to login someplace that insists on clear-text passwords (say, thefacebook.com). So, I have gotten into the habbit of using OpenSSH's SOCKS5 proxy to do that, but it's annoying starting a proxy every time I need one. What can I do instead?

A quick solution that is very simple is to tunnel PPP over SSH. I won't go into the details here, but the short of it is this: I have a ppp tunnel to one of my machines in my dorm room which is on a wired, switched network I consider to be trusted. Then, all of my traffic can possibly be tunneled to a safe network where it will then go forth and be happy.

As I mentioned, I'll be posting an article on how to make this go shortly.

Logwatch is gradually getting sexier as I throw more ideas and time into it. This recent batch of updates added, primarily, the following:

Users can define their own patterns in logwatch.conf:

patterns {
	clientandip = "\[client %IP%\]";
	hostname = "(\[wd-\]+.)*(\[w-\])";
};

Defines your own patterns in addition to the default ones. These new patterns are used the same way that default patterns are, as %clientandip% and %hostname%. A sample use of this would be:

file "/var/log/auth.log" {
	type "failed hostname lookup" {
		match = "reverse mapping checking getaddrinfo for %hostname% failed";
		threshold = 2;
		interval = 60;
		reaction = "echo 'Someone (%hostname%) is trying to ssh with broken dns... maybe they are being naughty?'";
	};
};

Patterns can be pretty much any regular expression perl will support. Also, as you can see with the clientandip pattern, you can embed existing patterns in new patterns. This includes your own patterns. Recursion is limited to 10 levels by default, this may change in the future.

I forgot to put up my procmailrc. There's nothing *too* special about it. It does spamassassin, filters duplicates, etc.

• procmailrc

I recently made a few changes to my vimrc and zshrc. The changes are somewhat trivial, but made working in zsh and vim easier. You can get the files here:

Downloadables:

• vimrc
• zshrc