Carl Johan Crafoord

When I've been visiting my wife in the US we've been watching some series and movies on hulu.com, sitting in bed and snacking on something. I like the presentation of it, it's cute. It's sort of the same feeling i've had with spotify. Finally content providers are starting to provide good experiences on the internets.

Back in Sweden, me and my wife spend most of our free time together connected through skype. Sometimes it's nice to both of us be watching the same thing at the same time, sort of mimicking the experience of actually being in the same bed next to each other watching the same thing.

Before we'd tried hulu, we'd just google around the internets looking for some shoddy, seedy, backalley website where movies can be streamed. But after trying out something smooth, cute, polished like hulu.. it's really hard going back.

That's the kind of thing that motivates me to learn about tools like amazons ec2/s3, openvpn and routing :)

So. let's talk about that.

Using a VPN to route hulu traffic through Amazon EC2 to make it look like i'm surfing from the US (or at least from a Cloud) on Mac OS X.

Step one; Setting up the Amazon EC2 tools.

Pretty much taken from: Starting Amazon EC2 with Mac OS X

1. Get an account at http://aws.amazon.com/ and sign up for Elastic Compute Cloud


2. Once signed up, follow the link to Create a New X.509 Certificate and when they ask you if you're sure, say yes. This generates two key-files, a private and a public one.


3. Download both files


4. Download the EC2 Command-Line Tools from here.



5. Open Terminal, create an .ec2 directory in your home directory and open it


cd ~
mkdir .ec2
cd .ec2
open .


6. Copy the public and private key-files into the new .ec2 directory


7. Unzip the EC2 Tools, and copy the unzipped bin and lib directories into the .ec2 directory



8. Edit your .profile to set some ec2 environmental variables. Using nano (or some other text editor), open your .profile


nano ~/.profile


9. At the bottom of the file, add


# Setup Amazon EC2 Command-Line Tools
export EC2_HOME=~/.ec2
export PATH=$PATH:$EC2_HOME/bin
export EC2_PRIVATE_KEY=`ls $EC2_HOME/pk-*.pem`
export EC2_CERT=`ls $EC2_HOME/cert-*.pem`
export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Home/

Save and close the file. Nano uses Ctrl+O to save, and then Ctrl+X to exit.

10. Reload it for the the changes to take effect


. ~/.profile


Step two: Setting up a Debian image in EC2

1. Start by creating a keypair. We need this to log into the instances we create. It'll be printed to the commandline, and you'll need to copy & paste it, including the —–BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—– lines into a new file named ec2-keypair in the .ec2 directory and then change the permission of the file


ec2-add-keypair ec2-keypair



2. Time to start up your instance. Remember, at this point amazon starts charging you for their time and bandwidth.


ec2-run-instances ami-67fe190e -k ec2-keypair



3. While it's booting up you can check it's status by running, this will also show you the domain name we'll use to connect to the instance later on


ec2-describe-instances



4. Now we need to open up the ports for ssh and openvp to our instance


ec2-authorize default -p 22
ec2-authorize default -p 1194



5. And now, connect to your instance over ssh using your keypair


ssh -i ~/.ec2/ec2-keypair root@ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com


Step three: Configuring openvpn, NAT and IP forwarding

This part mostly from: Install OpenVPN on Ubuntu, Hulu Outside the US and Network Security

1. Start by updating the package system, optionally running any needed upgrades, then install openvpn and openssl


aptitude update
aptitude upgrade
aptitude install openvpn openssl



2. Prepare the scripts we'll use to create private and public keys for the vpn


cd /etc/openvpn/
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ easy-rsa
cd easy-rsa


3. Open the script called vars and edit the lines at the bottom according to your location


nano vars

these are the default values:

# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"


4. Run the script you just edited, and clean up the key generation environment


. ./vars
./clean-all



5. Build the openvpn keys used for connecting a client to the server


./build-ca
./build-key-server server
./build-key client
./build-dh

You'll be asked a bunch of questions, but you should just go with the default values, and y for any y/n prompt.


6. You'll end up with three files in the keys folder. Copy the files back to your client computer, for example with scp


cd keys
scp ca.crt client.crt client.key me@myip



7. Create a configuration file /etc/openvpn/openvpn.conf


dev tun
proto tcp
port 1194

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem

user nobody
group nogroup
server 10.8.0.0 255.255.255.0

persist-key
persist-tun

#status openvpn-status.log
#verb 3
client-to-client

# hulu / akamai
push "route 77.67.0.0 255.255.128.0 vpn_gateway"
push "route 80.128.0.0 255.224.0.0 vpn_gateway"

# p.hulu.com
push "route 208.91.157.10 255.255.255.255 vpn_gateway"

# t.hulu.com
push "route 209.130.205.38 255.255.255.255 vpn_gateway"

log-append /var/log/openvpn
comp-lzo



8. Edit /etc/default/openvpn and add this line


AUTOSTART="openvpn"



9. Create another configuration file /etc/network/if-up.d/iptables


cd /etc/network/if-up.d
nano iptables



10. Add these lines to it, to enable IP forwarding and NAT


#!/bin/sh

# configure IP forwarding and IPTables NAT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE



11. Change the permissions of it and run it


chmod +x iptables
./iptables



12. Start the openvpn server


/etc/init.d/openvpn start


Step four: Configure your mac to connect to the vpn, with Tunnelblick

1. Download and install Tunnelblick


2. Put the files we downloaded from the keys directory into ~/Library/openvpn/


3. Create a new configuration file for the connection in Tunnelblick. Don't forget to change the remote server from xxx.xxx.xxx.xxx with the address to your ec2 instance


client
dev tun
proto tcp
remote x.y.z.w 1194
resolv-retry infinite
nobind

user nobody
group nogroup

persist-key
persist-tun

ca ca.crt
cert client1.crt
key client1.key

comp-lzo
verb 3



4. Tell Tunnelblick to connect, and you the rest should sort itself out.



5. You can verify that the routes have been added to your computer by running:


netstat -r -n


(optional) Step five: Saving your instance for later, powering it down, and starting it back up

This mostly taken from Saving a Customised Linux Amazon Instance (EC2 and S3)

1. Start by going back to http://aws.amazon.com/ and signing up for the Simple Storage Service


2. Copy over your keys to the instance


scp -i ~/.ec2/ec2-keypair ~/.ec2/pk-*.pem ~/.ec2/cert-*.pem root@ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com:/mnt


3. SSH to the server, and create a bundle out of your customized instance


ec2-bundle-vol -d /mnt -k /mnt/pk-*.pem -c /mnt/cert-*.pem -u XXXXXXXXXXXX

Where XXXXXXXXXXXX is your Amazon account number without the dashes.


4. Copy over the bundle to the Simple Storage Service


ec2-upload-bundle -b [your-s3-bucket] -m /mnt/image.manifest.xml -a [aws-access-key-id] -s [aws-secret-access-key]

Your access-key and secret-access-key can be found on the AWS website under "Access Identifiers"


5. Now, go back to your client machine and register your bundle on S3 as an AMI with EC2.


ec2-register [your-s3-bucket]/image.manifest.xml



6. And, you're done. Now you can shut down the instance when you're not using it. And then just start it back up using your new AMI


ec2-terminate-instances i-xxxxxxxx


And that should be it! :D

I will come back and look at this entry tomorrow when i'm not sleepy and can think straight again :3

Spending a lot of time in the mac terminal, I always make a lot of tweaks and settings because the defaults are pretty crap. What a good thing to put in a blag.

Colors

When I'm lazy and don't have the time to set up a color theme, I just go with the Pro theme. The basic white-text-on-black-background is good. It does have some serious issues with the readability of the ansi colored text on the black background though.

To remedy this, we first install SIMBL and then put this bundle into ~/Library/Application Support/SIMBL/Plugins/. There's more to read about that in this blag post and the comments to it.

After restarting the terminal and bringing up its preferences, there should now be a More... button under the selection color picker.



Click it to change your ANSI colors.

I like my terminals a bit blue and desaturated. So I made some settings and I call them Blueberry, you can download them here:

So, we got back from Florida late on Wednesday and we've both been working.. Ollie's got her 12 hour shifts and I've been picking up on work in sweden from here. Skype is a pretty amazing tool. My skin's peeling like mad today from the sunburn I got when we were down there.. heh.

( Pics pics & moar )

Yesterday we went to see wall-e which was a gorgeus movie of robot goodness.

Now I'm gonna go look see if I can find something mountainbike:y to ride on!

last night my luggage finally arrived, because apparently it's always lost for a few days when it's supposed to go from atlanta to kingsport. so we had to wait for that before going off on roadtrips southwards.

while waiting, i've accustomed myself to driving an automatic (first time i did the same thing i did first time i was learning to drive with my mom, put reverse in and stepped on the gas and wrooom back we go. didn't run over anything this time though) and going places always by car, never by walking, and shopping clothes and waving at people and drinking sweet ice teas and ice mochass. it's way warm. i haven't bothered with sunburns or short pants in ages, but we're working on that now. i've got funny red-and-white patterns all over.

but yesss. now the luggage finally arrived so today we'll probably get going towards florida. we've got a compass and it can show you what way south is, and that's the way we're going :D

oh and i have to find a converter plug thing. i want to power my computer D:

Waiting to board at Arlanda.



And apparently meeting up with people before i left wasn't really happening on saturday. It was friday. Big secret planning since long? Bathing and getting a new haircut (a wee bit on the short side) and all sorts of crazy things. I got to see some people I hadn't seen in.. forever. Amazing :) Some of us did get too much to drink, in the end, but I hope everyone's feeling better today. Saturday was just me and the friends from Mariefred watching the game :) it was very nice to be able to cool down and relax after fridays craziness.

Andreas+Diana, your blue blanket is in my apartment. Tanja has the keys to it. Thanks for bringing my gameboy :)

Check back in a bit, eh!

det är em-fest (läs: tv4-jippo) i kungsträdgården och på måndag åker jag till usa. kom och kramas, titta på fotboll, heja, kalasa, dansa, trixa, fixa, osv. det vore kul att ses innan jag åker!

saxat från info om em-festen på lördag:
Öppettiderna för EM-festen är 11.00 – 24.00.

12:00 Utmana allsvenska spelare i fotbollskunskap och teknik
12.30 Reprisering av gårdagens match på storbildsskärmen
14.15 Lattjo Lajban med Mallan och Jojo som spelar Staraoke med barnen
15.00 Gästframträdande av Frida
16:00 Ungefär här tänkte jag att vi skulle börja ses?
16.30 Talang med Peppe Eng
17.00 Fotbollsfrågesport. Segraren vinner biljetter till EM
18.00 Sverige-Spanien visas på storbildsskärmen
20.00 Gästframträdande av Robert Wells
20.45 Grekland-Ryssland visas på storbildsskärmen
22.45 Livemusik på scen
23.00-24.00 Fotbollskanalen: EM-magasinet med Peter Jihde sänds på storbildsskärmen
??:?? Vi hänger så länge vi bara kan!

this made my morning. fredrik recited it from memory :D



one cup of kind words
two brimming cups of understanding
four teaspoons of time and patience
one dash of warm personality
a sprinkle of humor

religious handouts just keep getting better.

so, after stepping on my brand new skypephone while stumbling out of the shower, it was sent for repairs and came back a while ago. yay! but all this switching of phones and firmwares and whatnot has left me without content on the phone. a lack of numbers and pictures and music! numbers i can figure out usually, so that's not a big problem. pictures i put there on my own :D and music.. well i made some and i figured it could be interesting to others as well, so this is what i did:

1. found some music that i like, that i thought "hey, this would be neat as a ringtone/alarm signal/etc" about
2. fire up audacity and select a ~1 minute part of the song
3. export as mp3 and move it over to the phone
4. ???
5. downloads! :D (you thought i was going to say profit, didn't you? shame on you)

(or you could go to: http://calle.pansarvagn.net/krimskrams/mobil/ )

cubismo grafico - ave maria
devolve - can i have it like that sweet child of mine
dizzee rascal - stand up tall
example - so many roads
example - you cant rap
familjen - det snurrar i min skalle
final fantasy - this lamb sells condos
final fantasy - this modern love cover
hellogoodbye - i saw it on your keyboard
imogen heap - hide and seek
jack johnson - better together
jack johnson - sitting waiting wishing
jamie t - if you got the money
jamie t - so lonely was the ballad
justice - dance
kate nash - merry happy
kate nash - pumpkin soup
kings of convenience - id rather dance with you
maskinen - alla som inte dansar
my darling you - please dont talk to me remix
owl city - designer skyline
owl city - hello seattle
paris hilton - screwed
perfume - game
playradioplay - mr brightside
regina spektor - better
regina spektor - fidelity
regina spektor - on the radio
the streets - could well be in
the streets - dreams
the streets - empty cans
to my boy - eureka
vapnet - kalla mig

gosh, livejournal. don't be such a bitch about letting me use javascript.