Features I wanted:

1. reasonable P2P allowances
2. support for pfSense
3. speed, ideally 80-100% of my bandwidth capability
4. streaming video, eg, Netflix or Amazon Video not blocked

I am less concerned about:

• company location, ie, if the company is US-based
• logs, since all services shy away from keeping logs

I imagined that I may use some online-service (eg, Netflix) which wouldn’t work correctly, so I also setup another wifi network which bypasses all VPN connections.

My Top Service

Mullvad

I like Mullvad a lot. The pricing is very simple at $5/mo and there isn’t any long-term commitment necessary to get that pricing (ie, no need to pay for a full-year up front). I switched to a different server and was getting consistent 100-110 Mb/s download.

Signing up is dead simple. And the installation on pfSense seemed to be one of the easiest as well.

Mullvad also has port-forwarding capabilities. Unfortunately it didn’t help with my Plex issues.

Tested Services

Private Internet Access

I used a friend’s PIA account for this. Initially the speeds were great at around 110-120 Mbps, but after a few days they would drop to 5 Mbps and never recover.

ExpressVPN

ExpressVPN was decent. Their server speeds were consistent but pretty slow. On average, I was getting only 1/2 of my regular bandwidth.

The look of the website is clean, but I found it difficult to find out how to actually install their desktop software.

NordVPN

Separate server choices for P2P. Crazy number of US servers ! (but I don’t know where they are)

Downloaded software directly from their website. After launch it notified me that there were updates ! (Hmm, that’s bad ! The download should have already been the latest version.)

NordVPN had relatively higher speeds – definitely over 70-80 Mbps. However, it was hard to consistently test with testmy.net.

Their pfsense configuration was much more complex, including special DNS configurations which no one else had. My browsers would hang while surfing, etc. I seemed to be because the DNS queries took awhile to work – for example, on the command line I would ping a server. The first two responses would be icmp errors, then the ping would go through and would resolve the IP address.

iVPN

(to try)

IPvanish

This was the first VPN service I tried, however at the time I didn’t yet have my pfSense router. The service seemed good, so I’d like to try it again.

Vypr

(to try)

References

• https://thatoneprivacysite.net/simple-vpn-comparison-chart/
• https://www.top10vpn.com/top10-lists/
• http://www.top10bestvpn.com/
• https://www.bestvpn.com/best-vpn-services/

After some digging, I got it to work. Here’s my script:

on idle
  set myVPN to "VPN (dallas)" -- set name of VPN connection
  try
    set isConnected to do shell script "scutil --nc show \"" & myVPN & "\" | grep -c Connected"
  on error
    set isConnected to "0"
  end try
  if isConnected = "0" then
    do shell script "scutil --nc start \"" & myVPN & "\""
  end if
  return 15 -- how often to check, seconds
end idle

Modifications

Change the variable myVPN to the name of your network connection. Here mine is VPN (dallas).

Also modify the return value if you want the time between checks to be longer or shorter. Here I’ve set mine to 15 seconds.

References

These are the some of the pages that I started with. The instructions for script generation and auto-boot still apply. So you can still reference them for those other tasks:

• http://osxdaily.com/2016/08/10/auto-connect-vpn-mac-boot-login/
• https://www.maketecheasier.com/auto-connect-vpn-mac-startup/

Some other tech references which helped:
* https://www.cyberciti.biz/faq/mac-osx-applescript-run-shell-script/
* “on idle” reference

[vimeo 125632027]

The library is comprised of Widgets, Styles and Controls.

Many of the Widgets, like Text or TextField, wrap other OpenGL or platform-native objects to make them behave more consistently and without a doubt give them a lot more Awesome. Some of their important core functionality is based around concepts learned from Adobe Flex.
The other items like the ScrollView and TableView are evolutions based on both code I’ve written in the past and ideas from the UIKit API from Apple iOS.
All of the components are style/theme-aware.

The Styles represent a powerful way to manage style properties and can be linked together to form an inherited cascade of style goodness. There are a couple of ways in which they can be organized, and putting everything into a single location or into full themes is really easy.

The Controls, like Navigation, are totally new and again borrow a lot of lessons from iOS. This one alone saves me from writing a lot of navigation code for complex projects. There are more cool Controls still to build.

Even though some of the ideas are from iOS, I spent a lot of time thinking about WWCD (What Would Corona Do) as I think the Corona API is one of its many strong points. At times this required more coding to ensure this complex system was easy to use. I think the result is a good blend of the two worlds.

As “side projects” to this endeavor, I re-vamped my documentation site from an aging wiki server to a sleek, modern static-website (old is new again!) which has many benefits one of which is being blazingly fast. I also put a build system in place (snakemake) to help wrangle all of the updates to the modules in the DMC Libraries (now over 40+).

There’s more work to be done for sure, but I think we’re off to a really good start.

• http://docs.davidmccuskey.com
• http://github.com/dmccuskey

Enjoy !

~ dmc

I’ve been using my Echo for over a week and I like having it around, but should you get one at 99$ ? Well, if what you’re looking for in the Amazon Echo is:

• A personal assistant
  Right now the Echo has limited capabilities which consist of a small set of actions for a handful of categories – music, lists, information, weather or time. If you like technology and during the day you make lots of searches/queries in at least one of those categories then I would consider it. Otherwise, the Echo’s novelty is likely to fade quickly.

  Simply determine if any of your most-accessed mobile apps fit into the categories above. I find that I use Echo mostly for its music and news broadcasts and often ask help with weather, my shopping list, and timers. Similarly, I already have corresponding mobile apps which I use on a daily basis.

• Bluetooth speaker
  The Echo works really well as a Bluetooth speaker and has no trouble filling a large room with good quality sound. Playing bass-heavy music, like hip-hop or dance music, on the highest volume didn’t produce any obvious distortion. But even at 99$, I think that purchasing the Echo as just a speaker is a hard sell considering the likelihood another one on Amazon could outperform Echo for half that price.

  However, if the prospect of having the additional personal-assistant functionality is remotely interesting, then I’d consider it. What you’ll experience at least once when you use Echo, like when setting up your Bluetooth connection, is how easy it is to use technology when your voice becomes the UI.

  I’ve never owned a Bluetooth speaker before, but now I use Echo to play audio from my iPhone or iPad when using apps like Pandora or Newsy. I prefer the enhanced sound quality, plus it’s cool that I can still control the volume with my voice.

• Tech street-cred
  If you’re a technophile, a hard-core developer or someone that likes to play with cutting-edge technology then the Echo is for you. It’s already a very robust piece of technology which offers a glimpse of the future and will help you to re-imagine personal computing. However, to ensure a lasting relationship, refer to the guidelines I mentioned above in Personal Assistant as they still apply… at least until Amazon releases a dev kit.

I can envision a day that this type of technology plays a huge part in personal computing, but there’s a long road ahead before we’re there. So if you’re still on the fence about the Echo then you should probably sit out for awhile and wait until the technology matures.

Check out lua_objects @ github for more info.

These changes were inspired from continuing work on my Lua port of the WAMP Protocol library for Corona SDK. That project contains a lot of Python code and it has reminded me how much I like the Python language. Some particular things I re-discovered this time around were 1. method / class decorators and 2. multiple inheritance (including mixins).

That got me working on how to bring some of these aspects to Lua when doing OOP.

After the update, I was able to move the existing Event code (add/remove listener, etc) from the lua_objects core into its own module lua_events_mix.lua. Now that Event code can be easily re-used by other projects, either as a mixin or as a (monkey) patch.

Have fun !

References

• lua_objects: https://github.com/dmccuskey/lua-objects
• WAMP Protocol: http://wamp.ws/

LightCharts

A lightweight line-chart library for Flex.

Background

I created LightCharts for a project of mine that involves tracking many stock market symbols. Originally I was using the Adobe Flex Charting library, but found that performance suffered greatly given the number of charts I was using (around 60+), the amount of data displayed, and the constant real-time updates. Of course this isn’t necessarily due to poor coding on Adobe’s part, it’s just that their library contains an amazing amount of features to handle a variety of needs, consequently it’s very heavy. I didn’t need a lot of features, just a nimble way to display data.

I searched the Internet for other charting libraries which I could use and stumbled across a fantastic set of components created by Keith Peters called Minimal Comps. Keith’s library is extremely lightweight and it would have been a good fit, but MinimalComps is geared towards the pure Flash environment and not Flex – a major issue being the disparity in the component lifecycle.

Nonetheless, I was inspired by his code so I decided to use it as a starting point, adding and changing what I needed along the way.

Features

The result is a charting library that has many new features and several new object classes, some for visual enhancements and others for displaying and interacting with data. For instance, the data series class gives the ability to display multiple lines on a graph. The Toolset architecture is useful for creating mini plug-ins which can annotate or interact with data, all without needing to change any of the charting base classes.

Also, the line-chart class can be subclassed to create new line-chart types which have different visual characteristics or behavior. Included are a couple of examples for charts which I used in my project – these include the MACD and Stochastic. Note: These examples show how to make visual and behavioral changes to the base class, not how to calculate the values for the MACD or Stochastic charts. Those formulas can be easily found online.

Screenshot

In the screenshot above you can see many of the features:

• Three different charts (standard, MACD, and Stochastic), displaying different backgrounds including gradients and alphas, line colors, value ranges, etc.
• On the first chart, the display of crosshairs and coordinate value on mouseover; all charts have this functionality.
• On the first and second charts, a custom plug-in called DotDisplayTool which displays a dot over the last data point in the series. DotDisplayTool is an example of a non-interactive plug-in.
• On the second and third charts, a custom plug-in called LinearDrawTool which allows you to draw on top of the data; it displays a line and the chart values which correspond to the beginning and ending points. LinearDrawTool is an example of an interactive plug-in.

Live Demo & Source

If you want to see the library in action, click on the following link: LightCharts live demo.

The source is covered under the MIT license and it’s currently available from the live demo “View Source…”.

There is a problem with these keys, however, if they are not truly random. This is detailed in a paper I stumbled upon entitled Brute-Force Exploitation of Web Application Session IDs by David Endler. It covers ways in which these keys can be “hacked” because they are not unique, but rather follow some sequence which can be guessed. He lists some major websites which he was able to get access to information that should have been private.

The paper got me thinking about how to generate random session keys, so I created some quick Python scripts using Twisted which demonstrates my solution. (This was my first time using Twisted, so it’s very possible that there is a better way to structure the code).

Solution

The character buffer in the server is used to generate new keys.

To fill the buffer:

1. Create a list of websites which themselves deliver random web pages (eg, wikipedia)
2. Select a website from random and ask for a random page
3. Grab the data within the HTML body tags and put that string in the character buffer
4. When the buffer needs more data, go back to 1.

To generate X number of keys:

1. Grab two random lengths of the character buffer. Use one to re-seed the random generator and the other as the basis for the new session key. Create the session key using MD5 and the key seed
2. Update() the current MD5 session key using a generated random character / string
3. Add that key to the buffer.
4. When the key buffer needs more keys, go back to Step 1. For every Y number of keys generated, go back to Step 0.

Notes

We don’t use a new seed for each MD5 session key because the buffer will be emptied too quickly. Of course, the settings for the buffer size, etc could be tweaked.

Performance

Running the server code on my Mac Mini (2.16GHz Dual Core) and 5 clients on another machine, I was able to service ~8000 keys/sec (~750 million keys/day).

Conclusion

My experiment satisfied my curiosity and answered the questions from my own project.

There are, of course, many tweaks that can be made. Send me the code changes to your favorites and I’ll include them.

“Click to download the client server files.”:/downloads/code/HTTP-Session-Key.zip

Resources

• Brute-Force Exploitation of Web Application Session IDs (PDF)

I built it using the Adobe Flex framework. You can “get more information about KryptoPhoto at MentalHijack.com.”:http://www.mentalhijack.com/software/kryptophoto/

I’ve always wanted a Point-and-Shoot in addition to my Canon Rebel XT DSLR because it’s not as convenient to carry around an SLR just to take random photos. However, I don’t buy things without justification, but I was able to convince myself that this trip was (finally) my reason to get one.

From the horse-riding lessons I have taken in preparation for the trip, I learned that horses can be devious like three year olds and some will try to annoy you when you’re not paying full attention. I imagined that this could be problematic while handling both the horse and a DSLR since I give the camera a lot of concentration when taking photos, basically opening myself up for horse trickery. My dream ends with me on the ground more times than I would enjoy with an expensive piece of equipment in my hands.
A little Point-and-Shoot is cheaper and easier to replace, can be stowed anywhere and would be much more comfortable to fall on.

I like Canon because they make great equipment at a very reasonable price and they have been at the top of their game for awhile. I chose the PowerShot SD890 IS from the entire PowerShot family because of two features: the image stabilization as well as the more powerful 5x optical zoom. The image stabilization will be handy to minimize blurred photos because horses don’t usually stand still. The bigger zoom will help make up any distance between me and the subject since maneuvering a 1,000 pound horse is an inexact science.

I think the camera is going to be fine for the trip. The only drawback I see is that the ergonomics of the camera are too good for what I need! This model is sloped on the right side to follow the curve of a hand and offers no edge which could be used like a camera grip. This would be immensely helpful for one-handed shooting while holding reins in the other. It’s not as much of an issue for normal use because people generally take photos holding the camera with both hands.

I know that I’ll have more to say about the PowerShot SD890 IS when I return from my trip.

In the resources below I have included links to many of the sites I looked through in the quest to find my ultimate MacBook Air laptop bag. They should give you a good starting point for finding the bag that you love most.

It should go without saying, but I will anyway – as with anything fashionable, women have a much larger selection of cool, stylish and funky MacBook Air cases than men.

Here are some typical, safe, laptop bag alternatives if fashion isn’t a concern: “uggghh”:http://www.buy.com/prod/case-logic-15-4-slimline-laptop-case-nylon-black-case-logic-15-4/q/loc/16234/202778691.html, “‘khaki pants and sneakers'”:http://www.bestbuy.com/site/olspage.jsp?type=product&id=1218011398693, “death by extreme black-neoprene boredom”:http://www.officedepot.com/ddSKU.do?level=SK&id=564380.

h3. Resources

[updated 2009.03.19] – added Kenakai.com to the list

h4. “Orbino.com”:http://www.orbino.com/ – look no further than Orbino for stunning leather cases for iPods, laptops, handbags, etc.

• “Arista landing page”:http://www.orbino.com/store/index.php?cPath=30_128

h4. “kolobags.com”:http://www.kolobags.com/home.php?cat=36 has an incredible selection of men’s laptop bags.

• “knomo by kolobag”:http://www.kolobags.com/product.php?productid=918 is my second favorite. It’s a very stylish choice, though not sized especially for the Air.

• “knomo picture – tan”:http://www.kaboodle.com/reviews/knomo-bungo-oil-tan

h4. “Waterfield Bags”:http://www.sfbags.com/ has a large selection of different styles, all look very high quality.

• “Waterfield HardCase”:http://www.sfbags.com/products/hardcase/hardcase.htm

• “Waterfield HardCase review”:http://blogs.zdnet.com/Apple/?p=1381

• “Waterfield Vertigo”:http://www.sfbags.com/products/vertigo/vertigo.htm

• “Waterfield SleeveCase review”:http://blogs.zdnet.com/Apple/?p=1280

h4. “Tom Bihn”:http://www.tombihn.com/page/001/CTGY/MACBOOKAIR has a small selection of bags for the Air, most are technically complex.

• “Ristretto Messenger is a fav”:http://www.tombihn.com/page/001/PROD/MACBOOKAIR/TB0223

h4. “Built NY”:http://www.builtny.com/showPage.php?pageID=1518 has some fun cases fashioned from neoprene, if you’re into that sort of thing.

h4. “MacCase.com”:http://mac-case.com/MacCase13.html carries a whole bunch of stylish cases for the Air.

h4. “Mobile Edge”:http://www.mobileedge.com/ offers a huge selection of well made bags, Unfortunately the ones for men are more on the safe side of fashion, though the women’s cases are cute.

• “Mobile Edge men’s laptop bags”:http://www.mobileedge.com/mens-laptop-bags

• “Mobile Edge Paris bag”:http://www.amazon.com/Mobile-Edge-Paris-Backpack-Microfiber/dp/B000B54H6C/ – very European

h4. “LaptopStuff”:http://www.laptopstuff.co.uk/ has a nice selection of funky and hip bags and cases.

h4. “Case-Mate.com”:http://www.case-mate.com/laptop/MacBook-Air-Cases offers mainly sleeves for the Air.

h4. “Brenthaven”:http://www.brenthaven.com/ has some interesting styles, including several which are airport-scanner friendly.

h4. “Timbuk2”:http://www.timbuk2.com/tb2/products/laptop/ offers a solid line of tough, durable bags and cases though mostly of the messenger-style. If you really want something special, try their Build Your Own Bag wizard.

h4. “IGIO.com”:http://www.ogio.com/products.php?category=30 leans towards the boring side, but their Brain Bucket Mini (in color Wasabe) is ok.

• “Brain Bucket mini in multicolors”:http://www.amazon.com/Ogio-OGIO-Brain-Bucket-Mini/dp/B000FHE9K0

h4. Only sleeves

• “Kenakai.com”:http://www.kenakai.com/ has some fabulously rich sleeves for MacBooks, unfortunately not MacBook Air specific.

• “Wrappers”:http://wrappers.typepad.com/ has fun sleeves for different things.

h4. Aggregators, blogs, etc.

• “BizRate.com”:http://www.bizrate.com/computer-bags/ is a store aggregator. They list products from elsewhere.

• “squidoo.com computerbags”:http://www.squidoo.com/computerbags is small page with important goodies (for women).

• “Six Cool Sleeves for the MacBook Air”:http://tech.yahoo.com/blogs/hughes/22543