Eric Butler released Firesheep yesterday and the Internet forums have already started debating the ethics of it. I’m not sure what kind of impact it’ll have on other people, but it convinced me to take action and secure my computers.
There are a few ways to secure your computers, but after reviewing the HN thread, it looks like the quickest and cheapest (free) way is to set up an SSH tunnel and route all wireless traffic through it.
These instructions assume you’re moderately tech savvy (find a nerdy friend), and that your home router runs Tomato.
Set up the SSH daemon
The first thing you’ll need to do is turn on Tomato’s built-in SSH daemon.
- Open up a web browser and navigate to http://192.168.1.1
- Type in your router’s username and password
- Click on the “Administration” link in the lefthand menu
- Check “Enable at Startup” and “Remote Access” (so that you can create an SSH tunnel to your router even when you’re out and about)
- Enter “2222″ for the remote port. (Pick another port number if you like.)
- Uncheck “Allow Password Login.” (We’ll enter in authorized keys in the next section.)
Set up each computer
Next, you’ll need to create SSH keys for each of the computers you plan on using.
- Open up Terminal and type
ssh-keygen -d to create a new key
- Accept all the defaults
- Type in a passphrase of your choosing
- Using a text editor, open up the newly created “id_dsa.pub” file. (Found under ~/.ssh/id_dsa.pub by default.)
- Copy and paste the contents of the file into the “Authorized keys” section in Tomato. (Add multiple keys by pasting them one after the other in the “Authorized keys” section.)
Connecting securely
- Create a new text file and paste in the following:
#!/bin/sh
ssh -fND 8887 -p 2222 root@[router's external IP address]
- Save the file as “setup_tunnel.sh”
- Make the file executable by running
chmod +x setup_tunnel.sh in Terminal
Now whenever you want to create an SSH tunnel to your router, just open up Terminal and run ./setup_tunnel.sh.
Route traffic through the tunnel
Once you’ve got a secure tunnel running on your computer, you’ll need to route traffic through it.
OS X
- System Preferences → Network
- Select “AirPort” in the lefthand list
- Click on the “Advanced” button
- Click on the “Proxies” tab
- Check “SOCKS Proxy” and enter “localhost” for the host and “8887″ for the port
Ubuntu
- System → Preferences → Network Proxy
- Check “Manual proxy configuration”
- Under “Socks host” type “localhost” and “8887″ for the port
- Click “Apply System-Wide…”
Secure Firefox
By default, Firefox doesn’t route DNS through the proxy, so do the following to fix that.
- Open up Firefox and type “about:config” in the address bar
- Click “I’ll be careful, I promise”
- Type “network.proxy.socks_remote_dns” in the filter.
- Toggle the value to “true” by double clicking on it
And that’s it, a free way to secure your computers’ Wi-Fi connections!
I’ve been using this setup for some time now and it’s so insanely useful it’d be a shame if I didn’t share it. (Note: this isn’t new.) Basically, I use Git for my source control and Dropbox as my online repository—and it’s a snap to set up.
- Create a directory in your Dropbox folder for your projects. Mine’s called “Projects.”
- Open up a terminal and go to the directory of the project you’d like to host on Dropbox.
- In the terminal type:
git clone --bare . ~/Dropbox/[projects folder]/[project name].git
- Then type:
git remote add [project name] ~/Dropbox/[projects folder]/[project name].git
That’s it! Now after every local commit, you can push your changes to Dropbox by doing git push [project name] master.
When I want to work on a project on my laptop, I run git clone ~/Dropbox/[projects folder]/[project name].git once to grab the initial code and git pull origin master everytime I want to pull new changes in.
Introduction
I spent part of last week working on an entry for the Boxee/Twilio developer contest. A few days before the deadline, I decided it’d be really slick if I added Netflix into the mix, so I started digging through the documentation. I think Twilio’s simple API and awesome debugging tools spoiled me because figuring out Netflix’s API was a pain. A lot of this had to do with there not being a really good PHP library to take care of authorization and making signed calls to the API. I went with OAuthSimple and ran into a lot of “invalid signature” errors and other little gotchas along the way. Hopefully, this write-up and sample code will save you guys some time.
Before You Begin
In order to get started, you’ll need to sign up for a Netflix developer account and apply for an API key. (This is separate from your normal Netflix account.) After you’ve been approved (as far as I can tell, approval is instant), you’ll receive a “key” and a “shared secret.” From here on out, we’ll call them the “consumer key” and “consumer secret.”
Write both of those down, because we’ll be using them often. You’ll also want to get yourself a copy of the OAuthSimple library.
Getting Authorized
Netflix uses OAuth, so you’ll need to have users authorize your application before you can work with their data. In order to do this, we’ll create a link that takes them to the authorization page.
If all goes well and the user authorizes the application, Netflix will call the page you specified in the link above and pass it the user’s OAuth token. You can then exchange that temporary token for a permanent OAuth token, OAuth token secret, and user ID. You’ll want to save this information in your database (or however you’re storing data) since you’ll be using it to make calls to the Netflix API.
Making Calls to the API
Now that the user has authorized your application, you’re ready to actually start working with the API [1]. The API is REST based, so it’s as simple as specifying a URL, passing in the proper parameters, and parsing the data returned.
For example, here’s how to get a list of the movies in the user’s Instant Watch queue:
Adding movies to a user’s queue is similar—just specify the URL (http://api.netflix.com/users/[netflix_user_id]/queues/instant/disc), pass in the proper parameters, and parse the data returned. Also, remember that when writing data, set cURL to POST the data (curl_setopt($curl, CURLOPT_POST, true) and curl_setopt($curl, CURLOPT_POSTFIELDS, [parameters to pass])) and set the action to POST in the OAuthSimple library ($oauth->setAction('POST')).
Check out Netflix’s documentation for other examples of common tasks.
Notes
- You can work with some parts of the Netflix API without being authorized by the user, but nothing too interesting—just searching the Netflix catalog for movies/TV shows.
