Semester at Sea

|

I first heard of Semester at Sea (SAS) from my friend Alyssa who attended the University of Virginia, the official sponsor of the program. SAS is a study abroad program for college students. They live on a ship that circumnavigates the globe while they take courses and visit various regions. It attracts both youth struck by wanderlust and affluent collegiate party-goers alike.

I was envious that I didn’t spend an entire college semester partying aboard a luxurious ship that docked in exotic locations throughout the world. What was I doing drifting around Manhattan’s Morningside Heights when I could’ve explored Mauritius, Malaysia, and Malta? But as I asked Alyssa about her experience, I learned the cruise wasn’t always luxurious and while partying at sea was an allure for many students, it wasn’t the only one.


Confessions of a Noob Landlord I - How to Fix a Gas Range

|

  1. Have a tenant email you asking you to check out a strange chemical smell coming from her oven when she uses it.

    From: Tenant

    Date: January 20, 2015

    Subject: Oven problems

    To: David

    Hi David,

    I’m sorry to keep email [sic] you with problems, but over the past few weeks the oven has increasingly emitted a chemical smell. Any time the oven is turned on there is a strong burning/chemical odor from the back of the unit. The rear is unusually hot and the smell is so strong that it burns our eyes and noses, so we’ve stopped using it entirely.

    Thanks for your attention,


How to Troll Your Roommates With a Shared Router

|

This article will show you how to troll your roommates or family by sending their browsers to this amazing website where He Man sings “What’s Up” by 4 Non Blondes (flash required) whenever they try to visit facebook.com.

What you’ll need:

  • administrative access to a router (I used a Netgear router with firmware WNR1000v3 leased from Time Warner)
  • router firmware that lets you configure static routes, port forwarding, etc
  • a server connected to the router (I used jarvis which runs Ubuntu 12.04)
  • DNS software running on that server (I used bind)

What you won’t need:

  • access to your victims’ devices (we will be doing something more sophisticated than simply editing /etc/hosts)

How the prank will work

We will intercept the DNS queries unsuspecting devices make to the router for facebook.com and reply back with the IP address for He Man. The router will send those DNS queries to your server instead of legitimate DNS servers and your server will reply back with the IP for He Man. Your roommates will be confused.

Configure your router

If you’re connected to the router, you can find the router’s IP address with ifconfig. If you’re on a Mac, you can also go to Network settings -> [select the connection on the left hand side for the router] -> Advanced -> TCP/IP -> find the “Router” IP address.

Go to that IP address in a browser.

Most routers will show you an admin page that prompts for a username and password. The default is usually admin/admin or admin/password.

Find the page that lists the devices connected to the router. Note down your server’s IP address.

Set the DNS servers for your router to Google’s DNS servers: 8.8.8.8, 8.8.4.4.

Setup a static route for each of these Google IPs that point to your server.

Install and configure DNS software on your server. I used bind9 and followed this tutorial by Digital Ocean. I skipped the secondary DNS server and reverse zone files and anything after that.

/etc/bind/named.conf.options
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
acl "trusted" {
    localhost;    # ns1 - can be set to localhost
    192.168.254.1;  # apartment router
};

options {
    directory "/var/cache/bind";

    recursion yes;                 # enables resursive queries
    allow-recursion { trusted; };  # allows recursive queries from "trusted" clients
    allow-transfer { none; };      # disable zone transfers by default
 
    // Time Warner DNS to avoid infinite loop
    forwarders {
        209.18.47.61;
        209.18.47.62;
    };

    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};
/etc/bind/named.conf.local
1
2
3
4
5
6
7
8
9
10
11
//
// Do any local configuration here
//
zone "facebook.com" {
    type master;
    file "/etc/bind/zones/db.facebook.com"; # zone file path
};

// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/bind/zones.rfc1918";
/etc/bind/zones/db.facebook.com
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
;
; BIND data file for facebook.com zone
;
$TTL  604800
@ IN  SOA jarvis.davidxia.com. jarvis.davidxia.com. (
            3   ; Serial
       604800   ; Refresh
        86400   ; Retry
      2419200   ; Expire
       604800 ) ; Negative Cache TTL
;
; name servers - NS records
    IN      NS      jarvis.davidxia.com.

; name servers - A records
jarvis.davidxia.com.          IN      A       192.168.254.8

; 192.168.254/8 - A records
facebook.com.        IN      A      205.186.179.191
www.facebook.com.    IN      A      205.186.179.191

Make sure you use different DNS forwarders than the ones you specified in your router, otherwise you’ll create an infinite loop. I used Time Warner’s DNS servers.

Check your server returns He Man’s IP when asked for facebook.com.

dig facebook.com @localhost +short
205.186.179.191
dig heyyeyaaeyaaaeyaeyaa.com @localhost +short
205.186.179.191

Add iptable rules to replace the router’s incoming DNS query packets’ destination IP with your server’s IP to make your server from actually respond to them. Add rules for both UDP and TCP for both IP addresses for a total of four.

sudo iptables -t nat -A PREROUTING -p udp -d 8.8.8.8 --dport 53 -j NETMAP --to 192.168.254.8
sudo iptables -t nat -A PREROUTING -p udp -d 8.8.4.4 --dport 53 -j NETMAP --to 192.168.254.8
sudo iptables -t nat -A PREROUTING -p tcp -d 8.8.8.8 --dport 53 -j NETMAP --to 192.168.254.8
sudo iptables -t nat -A PREROUTING -p tcp -d 8.8.4.4 --dport 53 -j NETMAP --to 192.168.254.8

Check you get the following output.

sudo iptables --list -t nat

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
NETMAP     tcp  --  anywhere             google-public-dns-a.google.com  tcp dpt:domain192.168.254.8/32
NETMAP     tcp  --  anywhere             google-public-dns-b.google.com  tcp dpt:domain192.168.254.8/32
NETMAP     udp  --  anywhere             google-public-dns-b.google.com  udp dpt:domain192.168.254.8/32
NETMAP     udp  --  anywhere             google-public-dns-a.google.com  udp dpt:domain192.168.254.8/32

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Now check your router returns He Man’s IP when asked for facebook.com.

dig facebook.com @192.168.254.1 +short
205.186.179.191
dig heyyeyaaeyaaaeyaeyaa.com @192.168.254.1 +short
205.186.179.191

Use tcpdump to debug if this doesn’t work.

And you’re done! Kind of… There are a few things that still don’t work. The IP address for He Man is probably a server that hosts multiple domains and doesn’t know which one to go to if only given the IP. Bind can’t return a domain name, so I made bind return an IP address which led to a static page with some Javascript that simply redirects to heyyeyaaeyaaaeyaeyaa.com.

1
2
3
4
5
6
7
8
9
10
11
12
<html>
  <head>
    <title>Redirecting...</title>
  </head>

  <body>
    <p>Redirecting...</p>
    <script type="text/javascript">
      window.location = 'http://heyyeyaaeyaaaeyaeyaa.com/';
    </script>
  </body>
</html>

The major wrinkle is that Facebook uses SSL/HTTPS so modern browsers will just show a warning and not request the page. So you can really only redirect from HTTP sites to other HTTP sites, but hopefully this prank is still worth something. I certainly had fun with it :)


Can I Please Have an Unsubscribe Option for Physical Mail?

|

I hate email spam and fanatically guard my inbox from it. I try to not give out my real email address unless it’s for an account I need or a service I find useful. These include bank accounts and billing accounts like credit cards and utility bills.

But I inevitably receive spam. Gmail does a great job of filtering out most of them. But for ones that get through, I appreciate organizations that add an unsubscribe link in their email footers. They are doing themselves a favor because I’m going to click that link instead of marking their email as spam which might hurt their email reputation and actually make it harder for their emails to get into inboxes overall.

Almost all my physical mail is junk, but none of them tell me how to unsubscribe. It’s rather unfair how companies collect and use my email in the first place. They ask me for it when I buy something for the first time without explaining how they’re going to use it, or in the off-chance they do explain, it’s usually about following up on my purchase.

In the months that follow, they send me with sales offers and catalogues. Why would a merchant waste the goodwill I gave them by sending me unsolicited mail? I should be asked to opt-in to promotional and marketing mail. Okay, maybe they’re too lazy or their employee forgot. Then at least give me an option to unsubscribe.

Not only does it crowd my mailbox, I now have to worry that when I move, some sensitive piece of mail might find its way into a strangers hands and be exposed or used maliciously.

Here’s an example of a letter I received from Mount Sinai. I’ve only visited Mount Sinai once to ask a surgeon about what my options were for two herniated disks in my lumbar. I can’t think of any other way Mount Sinai got my mailing address.

The more I think about the letter in the photo above, the more I start to wonder. How and why did my email from a surgical consultation get passed on to Mount Sinai’s fundraising department’s mailing list? Does this violate HIPAA?

They should at least provide me a method to unsubscribe myself. Something like a website, phone number, even a mailing address. Instead they don’t even provide a postage paid envelope for the check they expect me to write.


Corporate Lingo

|

From elementary school through college, I learned standard English writing and speaking. But when I started working, I noticed there was something different about the language people spoke and wrote in the corporate world and the one I was taught in school. I couldn’t put my finger on it, but the jargon felt impersonal, verbose, bombastic, and loved nouns rather than verbs.

Here are some examples of sentences I’ve heard people utter with a straight face at work:

  • What’s the ask?
  • Our win of the week was…
  • After doing an A/B test, our learnings are…
  • The deliverable is forthcoming.
  • We are waiting for sign-off.

Why do we pervert perfectly good verbs into dreadful nouns? What’s wrong with

  • What does he want?
  • Our achievement this week was…
  • After doing an A/B test, we learned…
  • I will send the result to you soon.
  • Do you approve?

To fit into a corporate setting, be verbose and bombastic.

  • “We can get the deck turned around tomorrow.” instead of “We can give you the updated deck tomorrow.”
  • “The layout will be leveraged for all other workstreams.” instead of “Everybody will use the same f**king layout.”
  • “Please flag anything you might want to escalate.” vs “Tell us if you’re worried about anything.”
  • “Let’s talk offline.” (People have said this to me in person. What do they even mean? Aren’t we already offline?)

Blatantly misuse words.

  • “Please revert with comments.” vs “Please comment.”

And finally, just make up words that sound like Newspeak.

  • “Let’s future-think our mobile design.”

How about “buy-in” or “ideation” or “react” as a noun? People also say “we” when they really mean “you” as in “We should do this.” ie “You should do this.” This usually occurs when speaking to subordinates.

I’m reminded of George Orwell’s “Politics and the English Language” essay in which he criticized political language for being vague and meaningless. He called this kind of language a “contagion” and encouraged people instead to write and speak with concreteness and clarity.

I’m also reminded of the Java programming language which loves nouns instead of verbs. Here’s a fun explanation by Steve Yegge titled “Execution in the Kingdom of Nouns.”


How to Connect to Freenode IRC via SSL

|

It took me a while to figure out how connect to freenode’s IRC servers via SSL today. Here’s a reference for my future self and anyone else who might find this helpful.

N.B. I use weechat as my IRC client.

  1. Pick a nick that’s not already taken. Weechat kept retrying unsuccessfully when I used one that was already taken.
  2. freenode has instructions here on how to connect via SSL
  3. I run weechat on Ubuntu 12.04 and had to install the intermediate and root certificates mentioned in the link above. Otherwise, weechat complains that it doesn’t recognize the certificate.
  4. sudo mkdir /usr/share/ca-certificates/extra
  5. Copy the Gandi and InstantSSL certificates to that directory.
  6. Let Ubuntu add the new certificates’ path relative to /usr/share/ca-certificates to /etc/ca-certificates.conf by running sudo dpkg-reconfigure ca-certificates.

This should be all. Here’s the weechat IRC configuration for freenode which should be written to ~/.weechat/irc.conf.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
freenode.addresses = "dickson.freenode.net/7000"
freenode.proxy
freenode.ipv6
freenode.ssl = on
freenode.ssl_cert
freenode.ssl_priorities
freenode.ssl_dhkey_size = 1024
freenode.ssl_verify
freenode.password
freenode.capabilities
freenode.sasl_mechanism
freenode.sasl_username
freenode.sasl_password
freenode.sasl_timeout
freenode.autoconnect = on
freenode.autoreconnect
freenode.autoreconnect_delay
freenode.nicks = "davidxia"
freenode.username
freenode.realname = "David Xia"
freenode.local_hostname
freenode.command
freenode.command_delay
freenode.autojoin
freenode.autorejoin
freenode.autorejoin_delay
freenode.connection_timeout
freenode.anti_flood_prio_high
freenode.anti_flood_prio_low
freenode.away_check
freenode.away_check_max_nicks
freenode.default_msg_part
freenode.default_msg_quit
freenode.notify

New Yorker Redesign

|

The New Yorker recently redesigned their web site and made all articles free for a limited time. Everything looks great except for that giant sticky header that takes up at least an inch of your screen. I hope they get rid of it.


Amsterdam 2014

|

I visited Amsterdam after coming going to Stockholm for work recently. It was my first time there. Amsterdam’s canal, bike paths, and green spaces are beautiful.


Indonesia 2014

|

Nanette and I traveled to Indonesia and visited Borobudur, the site of the world’s largest buddhist temple, and hiked Mount Rinjani, an active volcano.