Using BTSync Behind a Corporate Firewall

BitTorrent Sync is pretty neat. I have been using it ever since Scott recommended it in the quintesential backup thread of 2013. It even made it onto my big list of essential tools. It provides a nice alternative to cloud solutions such as Dropbox by enabling you to sync devices directly without storing your data on a centralized server owned by a third party.

One of the major issues I had with it was using it behind corporate firewalls. When you are on a network that only allows outbound communication on port 80 and 443, BTSync is completely useless. Unlike Dropbox or Google Drive which both have absolutely no issues synchronizing folders in such environment, the BTSync client simply does not work at all.

And yes, before you say anything, there are reasons to block outbound traffic on port 22. Firstly, if on average the number of users who need to ssh out of that location approaches zero, then leaving that port open simply increases the attack space for no reason. Secondly, even if users do need to ssh out, chances are they will be communicating with known servers. Why have a wide open port that can be used an abused, when you can control connections on IP and MAC address basis, and require audit trail, and change-of-permission request documentation when devs ask for more access.

The only outbound ports that are typically wide open are HTTP and HTTPS. Your local BOFHs can’t readily lock them down as tight as they would want to, unless they set up a proxy server. Fortunately, proxies break a lot of the modern, dynamic, internet based things so chances are you might not have one. And if you do not, then you can funnel your BTSync traffic through an SSH tunnel on a HTTP/HTTPS port.

To get this working working you will need a few things:

  • A functional shell with ssh on your work machine
  • An internet accessible remote machine running sshd server
  • Recent BTSync client (obviously)

If outbound communications on port 22 are open at your location, any server to which you have shell access will do. If you only can get out on ports 80 and 443, you will need to configure said server to run SSH daemon on one of these ports. This unfortunately requires root access.

You set this up by editing /etc/ssh/sshd_config. Search for the word “Port” and simply add another entry below, like this:

# What ports, IPs and protocols we listen for
Port 22
Port 443

Then restart ssh server:

sudo service ssh restart

Make sure you can ssh into it from behind the firewall. If your port 22 is closed, you can specify the alternate port on the command line like this:

ssh -p 443

If that works, you will now be able to create an SSH tunnel that will act as a SOCKS proxy. On the machine where you want to run the BTSync client, do the following:

ssh -D 9988 -N -p 443

This will create a SOCKS proxy tunnel running on the local machine on port 9988. You don’t have to use that port number. Feel free to use any other port, as long as it is not taken by anything else. I recommend making a script with this command and saving it somewhere in your path, because you will have to run it whenever you want to enable syncing.

Finally, once you have the tunnel running open the BTSync client, go to Preferences and open up the Advanced tab. Check the “Use proxy server” box, type in the localhost ip and the port number you picked (in my case 9988). Use the default SOCKS4 proxy type:

BtSync Proxy Setup

BtSync Proxy Setup

Save the settings, then pause and restart syncing to make them take effect. Once you do this, you should see your folders syncing up as they should. Of course the sync will stop when the tunnel is closed, but it is better than nothing.

Posted in sysadmin notes | Tagged , , | 8 Comments

Risk averse Workflows, or Why CEO’s Keep Losing Files

Let’s talk about workflows. If you are a white collar worker, chances are that you spend most of your day creating or editing digital files. Whether you are a programmer, sysadmin, accountant, salesman or a CEO, you will be spending considerable part of your day messing with data, grouped as some sort of logical entity: a document, spreadsheet, source code, etc.. Different people have different strategies and approaches for this sort of work.

For example, I have noticed that my personal workflow is very risk averse. I typically start with a git pull and ends with a git push. As I make changes to a file, I tend to save very often, which is not unusual for programming. When you write code you usually focus on small discrete, incremental changes that need to be tested in isolation. You make an edit, save the document, check if anything broke, make another change, and so on. When you finish working on a specific task or accomplish a specific goal, you commit the code encapsulating the changes into neat snapshot that could be rolled back later. Then you move on to the next thing. Multiple times per day you collect bunch of these snapshots and push them out to a remote repository.

The entire process is anchored not to the local the file system but also to a revision tracking system which provides me with backups and snapshots of my code. It is actually quite difficult for me to lose more than a few minutes of work due to a mistake or a software glitch. I always have at least 3 recent copies of the project: the working copy in storage, the local revision history, and the remote repository. More if I’m feeling adventurous, and I create feature branches which provide yet another working copy that is separate from the main one. It is a very safe way to work.

Busy CEO Workflow

Busy CEO Workflow

This is very different from what I call the “busy CEO workflow” which starts and ends within Outlook. I was recently able to observe several people using this exact Microsoft Office driven workflow and I was baffled how risky and failure prone it was. I would never actually choose to work this way, if nothing else than to save myself the stress and preserve my own sanity.

Let me try to outline this workflow for you:

  1. You start by receiving a Word/Excel document attached to an email
  2. You double click on that attachment to open it
  3. You laboriously make dozens of changes over the span of next 3 hours
  4. When finished you hit “Save and Send” button on the toolbar
  5. Outlook attaches the modified file to a new email

Note how in this particular workflow, all the work is being done almost entirely in memory. When you open a Microsoft Office document attachment from Outlook it renders it opens it directly. It probably puts a working copy somewhere in a local temp folder, but not in a way you could later track down. All the changes you add to the document may or may not be saved to that ephemeral temp file, which will go away the minute you close Outlook.

Microsoft Office does offer you a little bit of protection from glitches and software crashes in terms of the auto-recovery feature (unless of course it was switched off) which will periodically attempt to create a snapshot of your work. If the application does not close cleanly, it prompts you to recover from one of the recent snapshots. Unfortunately these backup copies are immediately deleted when the user deliberately closes application. So if you accidentally close the wrong window, you are likely to lose all the work.

The “save and send” functionality relies on a magical hand-off happening between two office applications that involves passing around references to an ephemeral, temporary file, hidden away from the user. This interaction is semi-reliable but I have seen it break in such a way that it closes the edited document and silently drops the modified file without actually ever giving the user a chance to send it.

This breakage is not an isolated fluke, by the way. The Microsoft Office interop features are known to be rather fragile. Because of their complexity Office applications often end up in weird states which may affect these sort of hand-off situations. In fact, it happened twice in a week when I was working with end users gathering specs for a project. Both times it required closing and re-opening of all Office applications to restore the functionality.

This workflow is fraught with data loss risk and has way to many points of failure:

  • There is no user-accessible “work copy” of the file with recent changes
  • Only life-line is the magical auto-recovery feature
  • The “save” feature is not guaranteed to work all the time

You have got to admit that this is quite bad. If you are a tech savvy person, you know that this is not how one is supposed to work. You are supposed to anchor your work in the storage, not in main memory. You are supposed to save often and keep multiple copies of your work to keep track of changes. And yet, this email-to-email, in place-editing workflow is baked right into the very fabric of Microsoft office. It is easy, convenient and as such it is really appealing to the busy executives who must juggle a lot of balls in the air at all times.

No amount of user education can counteract the “common sense” logic of “if you’re not supposed to use it, then why did Microsoft include it as a feature” counter-argument. Software developers of course know that this fallacious line of reasoning: we put half-baked features into our software all the time, and we don’t always have the time or resources to work through all possible use-cases and usage scenarios. Once the feature is in production, it is hard to remove it.

So the universe is full of half-baked convenience features that don’t really work right. I imagine the “save and send” feature was intended for people who just want to fix 3 typos before approving a staff memo or a courtesy letter of some sort. But but I’ve just seen someone use it to re-write an 80 page report almost entirely, over the course of almost an entire day. That file sat there, in memory when the person took their lunch break, responded to other emails, and worked with dozen other attachments. And that’s quite scary. It is putting a lot of faith in a piece of software…

Which is something I have noticed people do. As a software engineer, the best advice I can probably give you is to never assume any software you use is reliable. It isn’t. Unless it has been developed by NASA for the explicit purpose of flying a rocket into space, then the code is probably a bug ridden mess. And even NASA fucks up every once in a while.

If you consistently lose work due to accidental clicks or software glitches, and someone told you that you can avoid it by modifying your work-flow to route around the flaws in the software, would you do it? Or would you keep your workflow and just be mad at flaky software and the IT staff’s inability to make a third party application do things it was not properly designed to do?

Is there a way to eliminate the busy CEO workflow from your organization? Can you force it out of the system via infrastructure change? Granted, trying to force out Microsoft Office from your organization would be tilting at windmills so that’s probably not a good approach. You will never convince the business folk to give up Word and Excel, but you can sometimes wean people off Outlook. Especially new generations of office workers who grew up on fast, reliable webmail interfaces with endless storage capacities tend to scoff at the very idea of a dedicated email client. And that’s actually a good thing.

For all their flaws, web-mail interfaces do one thing right: they force users to anchor their work in the file system by asking them to save attachments to disk before opening them. This may seem like a major annoyance at first, but that one extra click solves so many issues.

Thoughts? Comments? Ideas?

Posted in sysadmin notes | 5 Comments

Pretty Deadly

Back in my review of Ocean at the end of the Lane I mentioned that works of Neil Gaiman have a unique, recognizable style and mood. Gaimain is the undisputed master of mixing modern sensibilities with folk myth and magical mysticism almost creating something to a genre of its own. There is magical realism which spruces up modern tales with a dash of supernatural, and there is “Gaimanism” which swings the other way and anchors pure folklore and fantasy with a dash of reality. When people call a work “Gaimanesque” fans of his work instinctively know what to expect: a well mixed blend of old, forgotten mystical lore and something modern. Pretty Deadly by Kelly Sue DeConnick and Emma Ríos is exactly that: a Gaimanesque re-imaging and blending of a western, horror and folk tales about death and destiny.

Pretty Deadly Cover

Pretty Deadly Cover

The book’s setting is the archetypical, familiar western setting, complete with small desert towns, corrupt sheriffs, and shady saloons. But the very first pages establish that this is not a mundane western story. In this world the land is magical, and the legends are real. Folk songs and old wive’s tales are forgotten truth, and one is best to heed their warnings. In Pretty Deadly world, Death himself is a gunslinger with a horse skull instead of a face, who often meddles in the affairs of mortals. His grim rippers travel the world and do his bidding, and the only person who openly defies him is his mortal daughter Ginny. She rides the wind, and comes to the aid of those in need if they know how to summon her with a special rhyme whispered into the breeze. Like in a Neil Gaiman story, the supernatural elements are woven into the fabric of the reality of this world and inseparable from it.

Death and his captive

Death and his captive

I would not call myself a fan of the western genre. It is not something I read or watch often, and I don’t typically seek out stories about cowboys and gunslingers. But I was enthralled and captivated by this series. If I had to give you an elevator pitch, I would probably describe Pretty Deadly as: Sandman meets Preacher, meets Dead Lands with a pinch of American Gods thrown in for a good measure.

Ginny Deathface

Ginny Deathface

I keep mentioning Neil Gaiman as if it was his story but it isn’t. Even though these comparisons are meant as a positive praise (I consider myself a long time Gaiman fan) I think these comparison might be doing a disservice to the excellent writing of Kelly Sue DeConnick. This is after all, her world, and her story being brought to life by the art of Emma Ríos. Their work is not a mere imitation or emulation of that particular style. Pretty Deadly invokes Gaiman’s style, but then goes beyond and builds something new and original on top of it.

Myths and legends are real

Myths and legends are real

DeConnick expertly manipulates the Western setting, playing up familiar tropes only to tear them down and brutally subvert them. Characters you have pegged as bad guys, turn out to be unexpected heroes. Those you have assumed to be good guys are shown despicable. Even the all powerful Death ends up being developed into a tragic and complex character.

But western tropes are not the only things that are being subverted here. DeConnick and Rios conspire to break all the rules, starting with unconventional and unorthodox paneling. Rios uses the panel composition to create these claustrophobic funnels that build pressure and tension, or to direct action, and caged of inset areas to inform the surrounding action. Sometimes the panels bleed into each other, other times the panel lines become part of the architecture and set design.

The most interesting feature of her art however might be how she stages her combat scenes which sets her apart from most of her peers in the industry.

Ginny vs Alice

Ginny vs Alice

Sarah Horrocks wrote an excellent post about this on her blog 73 and I don’t think I could do her analysis justice if I tried to paraphrase it, so I will just quote the interesting bits here:

Female warriors in comics who are depicted as fast, shifty, untouchable are inherently at a deficit in their depiction to analogous male characters–because they create two spaces within their existence: one is the space that, if only they could be caught, then they could be conquered sexually, and the other is that their movement itself is meant to create the image of the beautiful untouchable woman on a pedestal that is the problematic way some men are taught to view women outside of these action packed scenarios.

It is because of these problems that when a fight comes along, particularly in western comics, like the fight in Pretty Deadly by Ginny Deathface and Big Alice–you tend to sit up and take notice. (…)

[Ginny] is set up in the first issue as this untouchable spirit of death. She is Queen Badass. But the Porcelain doll of death archetype is immedietely subverted in her very first fight in the second issue. She is most certainly Queen Badass–but she is not untouchable. She gets cut by Big Alice in the very first attacking exchange between the two. But she takes it and just keeps coming. Ginny continually sacrifices flesh and blood for tactical ground. And what’s more the perspective of the fight, and the character design employed for both characters doesn’t allow for any sexualization of this pain. This fight is never anything about two warriors brutally going at each other, doing whatever it takes to land the killing blow. There’s no perspectives, or contortions causing the characters to vogue for the camera. No orgasmic facial contortions. (…)

You want to know why so many female characters are supporting characters at best in adventure comics–it’s because of this notion of the primacy of their beauty over the brutality of the fight. It is the built in vanity of these characters as viewed objects rather than brutal fleshed out fighters who fully accept the stakes of their choices. (…)

But here’s the thing. Flesh is flesh. Blood is blood. Whether it comes out of a woman or a man, it is still blood. Pain is equal, fighting for your life is an animalistic experience that is not in any way tied to gender.

The notion being that sacrifice of blood for a final victory would be the domain solely of men is atrocious.

~ Sarrah Horrocks, 73

For context, Horrocks is comparing and contrasting Pretty Deadly with Blade of the Immortal by Hiroaki Samura with respect to how these works depict female fighters. The entire article is worth reading, but I think the excerpt quoted above works well as a glowing recommendation of the book.

Pretty Deadly is not just a blend of western, horror and folk tale. It is a western, horror folk tale centered around strong complex women (both as protagonists and antagonists) which manages to completely avoid objectification so endemic and entrenched in the comic book medium. If that, combined with the fantastic writing and striking and unique art style is not enough to convince you to read it, I don’t know what is.

If you read only one comic book series this year, make it this one.

Posted in comics | Tagged | 3 Comments