Posts tagged: apple
About two weeks ago, I finally bit the bullet and retired my trusty iPhone 3G, and went to the
dark bright side, with an Orange San Francisco (also known as the ZTE Blade). At £99 (including a compulsory £10 Orange topup) it can be SIM unlocked for free and flashed to Froyo 2.2 with a variety of ROMs.
But despite a incredible take up by punters everywhere, the lack of handset accessories is frustrating. Until recently we couldn’t even get an OSF specific screen protector, let alone a protective cover. And still we can not buy a desktop charger that fits!
And so, when a colleague was unpacking a toner cartridge and I spotted the polystyrene padding material, I thought, why not bodge one myself?
15 minutes (and a sharp blade) later, and voila!
Let’s do a quick show of hands of parents who think that the internet is a safe place for children to spend their time on? If you’ve got your hands up you haven’t been on the internet for very long.
To be completely honest, the internet scares me. Or better, the amount of scary stuff that is on it, scares me. So now that my son is old enough to have his own PC in his bedroom, I looked around to see what was available to make sure that he doesn’t get exposed to material that is well above his age. They grow up quick enough anyway.
Now as someone who runs Ubuntu on his server, and OS X on his MacBook, I am already one step ahead of most parents, who have to deal with a Microsoft Windows environment of some sort. Good luck to you. This blog post depends on a Linux server of some sort, and although the client can be any operating system, I strongly advice you to stick to a *nix based desktop.
After dismissing most options available (things like OpenDNS, and a variety of dedicated applications to block any harmful content), I decided that however I was going to implement it, it would have to be by using a whitelist, rather than the normal practice of a blacklist. The reasoning behind this is that the amount of harmful content changes every minute, and no amount of blacklisting will catch 100% of it. With a whitelist, everything has to be vetted by me, but it ensures total control over their web experience. I also wanted to be able to approve/deny new websites as my son requests them, with little effort required on my side.
Something that sits between the client and the internet would be the perfect solution, and I quickly stumbled upon TinyProxy. As the name implies, the application is small, efficient, easy to manage and it supports blacklisting and whitelisting. Perfect.
- A server running your favourite Linux distribution. I personally use Ubuntu, but for the purpose of this guide, it doesn’t matter.
- TinyProxy as installed by your favourite package manager. For Ubuntu that’s as easy as
apt-get install tinyproxy, but obviously that will be different if you run something else. Make a note of the version number of TinyProxy though, as we’ll need version 1.6.5 or later.
- A webserver running on your server. Apache2 is what I use, but as long as it supports PHP, then it doesn’t matter. What does matter though, is that the webserver should be able to access your TinyProxy
whitelistfile, which if you have both TinyProxy and the webserver running on the same server will be the case.
- A client configured to use TinyProxy. This can be Firefox, Internet Explorer, Chrome, Opera, or any other browser you like to use. Be aware though that as soon as your child learns what a proxy is and how to remove it from his PC/laptop, the whole plan falls apart.
Before you continue with the next section, make sure that your webserver is able to serve some pages, and that you have confirmed that TinyProxy is working correctly for you.
Grab the tinyproxy-admin.tar.gz package and unpack it somewhere on your server. There are a number of files in there, each of them I will describe below.
tinyproxy.64 – These two binaries are the 1.6.5 binary patched with a small change to allow TinyProxy’s child processes to refresh their filter list when the parent receives a SIGHUP signal and when the
whitelist file is changed. These changes have also been submitted to the development version of TinyProxy, but because
apt-get on my Ubuntu system installs 1.6.5, I have used that code base. Eventually these patches will appear in the Ubuntu package manager, but until then, these will do. The extension indicates whether the binary is for 32-bit, or 64-bit *nix.
tinyproxy – This is the TinyProxy start file (usually found in
/etc/init.d), which contains a couple of changed lines. The permission on the
tinyproxy.log files is by default set to restrictive. It needs to be read by the webserver’s user, which means that setting it to 644 everytime we start TinyProxy is required.
The files below need to be put in your TinyProxy configuration directory, usually
tinyproxy.conf – This contains only the required changes to your distribution’s version. The ErrorFile, PidFile and Filter locations need to match your installation, and to switch from blacklisting to whitelisting, the FilterDefaultDeny parameter needs to be set to Yes.
whitelist – This contains just a single line;
localhost. You need to whitelist the domain that your webserver runs on, otherwise it won’t work. If your local webserver can be reached through a proper domain name, then change
localhost to that instead.
403.html – This is the file referred to by the ErrorFile directive in the
tinyproxy.conf file. It contains two variables which need to be changed to match your system.
The following files are part of the administration interface and will need to be put in a directory that can be served by your local webserver. For instance, if your webserver uses
/var/www as the root directory, put these in a new directory called
/var/www/tinyproxy. The pages should then be able to be accessible by navigating to the http://your.webserver.domain/tinyproxy url.
config.php – This is the configuration for the administration interface. Make sure that the variables match your configuration, and if you want it to notify you by Twitter each time a new domain approval request is made, enter your details in there too.
img (dir) – These are the remaining files which do not require any modification.
How it all works
Whenever a client is requesting a webpage from a domain, the request is done through TinyProxy. If it finds a line in the
whitelist file for the domain, it lets the request pass through, but if it doesn’t, an error 403 occurs (Forbidden) and the
403.html page is served to the client. The included
403.html file calls the
filter.html file internally and passes it the website that the client is trying to access.
When the request is made, the domain gets added to the
whitelist file, but with a prefix of M|, therefore still not matching a proper whitelisted domain name. And it is this mechanism which allows me to approve or deny domains whilst keeping the whitelists all in one place. The admin interface simply drops the M| prefix if the domain gets approved, or changes it to D| if it remains denied. Easy peasy :o)
I appreciate that the above is all a bit long and winded, so I’ll do a small summary/checklist below for those who are keen to get going.
- Install TinyProxy using package manager
- Install webserver
- Confirm the above are working
- Download tinyproxy-admin.tar.gz
- Amend config.php
- Move config.php, style.css, filter.html, admin.html, filter.php and the img directory to a subdirectory beneath your webserver
- Amend TinyProxy startup script: tinyproxy
- Amend TinyProxy configuration file: tinyproxy.conf
- Amend whitelist and move it to the TinyProxy configuration directory
- Amend 403.html and move it to the TinyProxy configuration directory
- Replace tinyproxy binary with patched version
- Restart TinyProxy
- Breath out ;o)
Who doesn’t have a multitude of devices, phones and other gadgets on their desks? I certainly have, and I finally had enough of all the chargers and wallwarts that each item seems to bring with them. With two iPhones almost constantly being charged, and a Nokia phone thrown in for good measure, I needed to have something flexible enough for those plus any future gadgets. So, I googled a bit, and found the IDAPT I3, and the beautiful, but ridiculously priced The Sanctuary. And then I started to think, how easy would it be to put a mains powered USB hub inside a box and have several USB charger leads coming out of the box, each charging a different device?
And the answer is, very easy :)
I started off with a 4 port powered USB hub, which I had lying in a drawer and plugged my iPhone charger leads into it, expecting them to instantly charge my two iPhones. But to my surpise, nothing happened… so another quick Google later, I came accross a blog entry of Carl Hutzler, which details why they won’t charge. All you have to do is sacrifice the hub and forego it’s PC functionality by cutting the D+/- lines and short them. A quick test shows they now finally charge themselves. Apparently it is better to stick 2x 100K Ohm resistors on the D+/- lines, which I will do at some point, but for now, this will do.
All I now had to do was find a suitable SWMBO friendly container, and as our furniture is all beech, the tea storage container I found for £1.99 at QD stores was perfect. I just needed to gut the compartiments out and put something on top of the plastic lid. At my local crafts store I found a small foam pad for 50p which was nice and soft. Unfortunately I got my measurements all wrong, so I messed up the black pad, but SWMBO came to the rescue by rummaging through my kids crafts drawers by digging up a piece of brown padding.
The final thing to do is then drill some holes at the locations convenient for your devices, and put it all together. Job done!
Glad to be back again
Just typical… 11 days after I received mine, Apple announces the new 13″ Macbook Pro’s at the Worldwide Developers Conference… I phone the Apple Store the next day to see if I can exchange it for one only to be told that I would have to return and re-order. So I did. Only to receive a new Macbook Pro today on my old order, whilst my new order is now in ‘Prepared for Shipping’, which means I can’t cancel it!
Guess I’ll be keeping the courier in business this month ;)