Friday, October 9, 2009

Peace we can believe in?

I am not sure weather to laugh or cry, having wathced a clearly embarrassed Barack Obama accepting the Nobel Peace Price, not for having done a lot of peace work but for just leading the US on a slightly different course.

Slighly less warrior like; slightly more climate aware; slightly less capitalistic.

Don't get me wrong; Obama is my second favourite US president in my living time (the definite first place holder plays the sax and actually accomplished a lot), and I really think he has a shot to be a great president. I believe his motivation is sincere, BUT he is also very concious of the limitations of his office and do not go further in his changes than the general public of the US will accept. So, it may be that at the end of his term, there is still a war going on in the middle east, partly fuled by a US supported, war mungering Israel. It may still be war in Afghanistan, fuled by a western alliance that makes war but can't manage to build peace. 50 million US americans may still lack decent health care (not to mention the health care issues of the non-US americans). And US patent laws may still stiffle the IT industry to ensure the richest get even richer.

I hope he can make a difference. I believe he has a good shot at actually accomplishing something. But he had deserved the opportunity, in 8 years from now, to be acclaimed for what he actually changed in the world.

Very few people in the world have the power to force the will of the president of the United States. But the Nobel Comittee have proven they have. They get the opportunity to bask in the glow of a popular president. Instead of taking the opportunity to put the spotlight on forgotten warriors of peace. That also worries me a lot.

But enough gloomy thoughts:-) A famous saying from the sixties is "make love, not war". And our second life is really full of that. Love, that is:-) Yes, a bit war too, but in our fantasy world, love is actually dominating. So maybe next year, Mark Kingdom (aka M Linden) will be received in the Oslo City Hall, accepting the Nobel Price on behalf of the peace loving population of Second Life? LOL, now, is that a mind blowing enough thought on a lazy friday afternoon?

Anyway, congratulations Mr President, and welcome to Norway!

Tuesday, October 6, 2009

Work at home and play at work

This is the second part of an article, leaving the geeky parts alone. Click here if you are a certified network and computer freak (like me :-)

Car pooling in the new part of Avalon Town.

I belong to that group of people (is there such a group, or is it just me LOL) that don't divide work and non-work time very sharply. I am a man after all, so according to popular female theory I can think of just one thing (or one thing at a time perhaps). So, if I am not able to log into work a bit in the evening and finish that bit I was thinking about in the car on my way home (if you are thinking "he drives his CAR to work! Is he not thinking about the environment at all?" then I can tell you I am actually car pooling, but I guess thats another story for another time), I get this claustrophobic feeling.

And if I sit at work and thinks about something or someone in Second Life and are not able to log in a bit, I also get this claustrophobic feeling.

So, I don't acccept a job offer that don't allow me to work in the evening from home, whenever that is more convenient. I have yet to find an employer that raises their eyebrows when I tell them that.

It's a bit harder (to put it mildly) the other way around. The play at work part. I do have a hard time raising hell at work because the firewall stops all sorts of interesting traffic. Like the high UDP ports the SL client needs to work, sigh.

So, for SL access from my office for the 2 years I have been in SL I have used a cellular modem. Yes, sl on the mobile, almost:-)

Its a bit slow. And it makes the computer crash more often than usual (even if my computers are normally female, the exception being Hagrid, my giant kneebreaker of a laptop) and therefore should be able to do several things at once, it seems that the combination of being on the phone while watching me during certain animation cycles is too much for them to handle for a prolonged time.

But now it seems I have found a solution. Yes, it's geeky. It requires me to have a server up and running in my basement all day long. It was a bit of work to search for the proper software after I got the idea for the setup. And it took 2 days to actually make it work. But now it does!

The idea is quite simple: When my computer at work needs to talk to linden labs servers, it should be able to sort of squeeze all the different kind of network accesses, some of which the corporate firewall blocks, into a single thin stream going to my home computer. Then my home computer will unpack the thin stream, do all the dirty network stuff over the dam, get answers and send them back upline that tiny stream that our network admin won't know about:-) All they will see is that there is traffic that indicates someone is accessing a VPN, and all the hired consultant we have a lot of do that all the time to keep in touch with their corporate networks.

I think it was a good idea. And when I started to google around for solutions, I was not surprised to discover that someone else has had the same idea. Although for different needs; I have yet to find anyone using OpenVPN in bridged mode with full redirect to access Second Life from behind a firewall (oops, seems a geeky sentence worked its way into here LOL).

So, what will this do for my second life? Ironically, I have found this at a time where my actual SL addiction is on an all time low. I still love to create and explore and socialize, but there is also so many other good things in life. So I tend to prioritize my SL activities rather sharply, not just goofing around as much. I need SL time to be with a very few close friends on the too rare occations when our online times matches. And I need SL time to script and make this gadgets I find fun and interesting to work with (have I mentioned the Drama Dolls on my blog earlier? Yes, I guess I have LOL).

So, hopefully, this will make life a little bit easier for me, and a bit less frustrating for those I meet "at work", because I won't display as a cloud or walk clumsily around or crash whenever we TP out of the skybox. Perhaps even vitalize SL for me a bit. So if you see me online a bit more but not answering IM's, it could be I am just sitting in my non-polluting car somewhere while RL work demand attention:-)

Maybe even hanging around at some beach while working will be more attractive again:-)

Monday, October 5, 2009

Using OpenVPN to access SL from behind a firewall

Warning: Geeky content:-)

The corporation where I work has some rather strict security standards. All the serious systems are connected to an internal network, almost fully decoupled from the Internet. No work stations or servers have direct connections outside. To access the net, we have a totally separate LAN with separate workstations.

And even that network is firewalled, blocking all UDP and high port connections, sigh. I can't even read my email because they block the POP port.

So: How then to access SL? By company regulations, we do allow hired consultants to connect to their corporate network using VPN. So I thougth, why can't I do the same thing? I'm allowed, so it's just a matter of setting it up.

So I tried to install OpenVPN on an old Linux server at home. Running Ubuntu 9.04 it's extremely stable, and with just 384K RAM it runs Apache2, mysql, Logitech Squeezecenter and now OpenVPN with no breathing problems. OpenVPN is directly supported in Ubuntu, so it can be installed from the standard package handler. The HOWTO is rather elaborate, but even so you should have some experience with linux and networking before you start on such a project.

I connected the client through port 443 using the tcp protocol. This is the shttp port, and few firewalls will block tcp communication on this port.

I have set up OpenVPN in socalled Bridged Mode, and are using a directive called

push "redirect-gateway def1"

This makes the windows client route all internet traffic to my vpn host. In the OpenVPN documentation this is not recommended, as they say it will slow down browsing. But actually I have found that almost all kinds of access is FASTER when sent through the vpn. My theory is that OpenVPN circumvents microsoft's IP stack, replacing it with the IP stack in Linux on my vpn server. It was very notably when I ran the vpn over the cellular modem. Also, I guess that through a small bandwith line, its faster to have one connection open and speeding all the time instead of continuosly openening and closing connections to the servers. Linux on a fast net connections is much more efficient for handling that.

So now Hagrid (my big laptop) is for all practical purposes connected to my home network, which has a 25/15 mb fibre optic connection to the net with no ports blocked. Performance is great, with graphics set on High I can walk around my favourite skin and hair shop Adam n Eve with 20+ fps, ping time < 300 ms and bandwith rates bursting up above 1gb.

To stess test the connection I started streaming FLAC music files while I was running around in SL. I had a downloadrate to the PC of about a mb/sec, SL was doing fine, music was fine and uninterrupted, and still the OpenVPN process used less than 2% of the really old CPU in my server. So even topping with Squeezecenter and its associated mysql database the server ran 94% idle..... I wonder how a Windows server would on the same hardware would have performed? Hmm, I guess it would still be downloading all the security fixes:-)

So, if you are bothered with firewalls at the office or in hotels while travelling, and are not afraid to get your hands a little dirty by digging into the interior of a Linux installation, this is a highly recommended setup. And all the software is free and open, so no hassle or expenses there either. I guess it could work equally well running on a vps server, if you just have enough bandwith the CPU load is almost negligable.