SOPA and PIPA are heinous US bills that could, and will if passed, deprive you of some of your most fundamental rights of information. Any otherwise legitimate website that contains a single page that infringe, or seem to infringe, on the rights of any intellectual property rightsholder could be taken down.

Depending on who makes the request, the court order could include barring online advertising networks and payment facilitators, such as PayPal, from doing business with the allegedly infringing website, barring search engines from linking to such sites, and requiring Internet service providers to block access to such sites.

Source: Wikipedia.org

Think of what this would mean for user-generated content. Think Twitter, Tumblr and Wikipedia. This bill should not be made law. In protest of this bill, my website will go down for one day on Friday 18 January. Yes, I KNOW my website has about 30 visits per week and that no one cares.

Fore more information:

• SOPA on Wikipedia.
• La Quadrature du Net makes a statement (in French).
• An analysis by the Electronic Frontier Foundation (EFF).

For the tech-inclined

The page that will be displayed instead of all pages will be this one: http://minutebutterfly.de/blackout.html.

The blackout page template was retrieved from this Github project. As recommended by SEO experts, the whole website will return a 503 status code. This will be achieved using the following .htaccess file:

ErrorDocument 503 /blackout.html
RewriteCond %{REQUEST_URI} !/blackout.html$  
RewriteCond %{TIME_MON} ^01$
RewriteCond %{TIME_DAY} ^18$
RewriteRule $ /blackout.html [R=503]

Feel free to copy and modify the files you need for your own use.

In Hebrew, Bekhmoharar, pronounced Bekhmoharash, signifies “son of our honored teacher and rabbi”. It was an honorific title granted to rabbi sons (obviously) and how it changed into a family name is actually an interesting story.

In 1722, Menahem Ashkenazi, son of rabbi Isaac, and rabbi himself, decided  for some obscure reason, that he would rather not have a family name at all. But his son Mordechai inherited the honorific title nonetheless, and was thus known as Mordechai Bekhmoharar Menahem instead of the longer “Mordechai Bekhmoharar Menahem Ashkenazi”. For a loooong time after that, all rabbi sons X of Y were named “X Bekhmoharar Y”. This family was known as the Bekhmoharar, which was weird, but everyone was happy about it.

After a couple centuries, the family had a bunch of non-rabbi branches, and being called “X Bekhmoharar” was getting a little too weird. The family decided to keep the name of Shimeon, which was common to many family members. After that, “Bekhmoharar Shimeon” passed through a dozen countries and wars to change into Behmo. Hence my name.

I am not so big on genealogy myself, but some people are very interested in the history of the ancient roots of the Behmoiras family. That’s how I became the webmaster of the Erensia Behmoiras website. These guys are doing some terrific research work. If you are from the Behmoiras family, just send me an email asking for access credentials.

This is so true:

(…) Most people who work in corporations or academia have witnessed something like the following: A number of engineers are sitting together in a room, bouncing ideas off each other. Out of the discussion emerges a new concept that seems promising. Then some laptop-wielding person in the corner, having performed a quick Google search, announces that this “new” idea is, in fact, an old one—or at least vaguely similar—and has already been tried. Either it failed, or it succeeded. If it failed, then no manager who wants to keep his or her job will approve spending money trying to revive it. If it succeeded, then it’s patented and entry to the market is presumed to be unattainable, since the first people who thought of it will have “first-mover advantage” and will have created “barriers to entry.” The number of seemingly promising ideas that have been crushed in this way must number in the millions. (…)

Everybody faces annoying firewalls that prevent you from accessing certain websites or online applications, for instance by blocking certain ports. In many cases, these hindrances can be circumvented by a simple SSH tunnel. However, in many companies port 22, which is the port behind which SSH operates, is also blocked. In these cases, the only ports left open are ports 80 (for HTTP) and 443 (for HTTPS). You might want your SSH server to listen to port 443, but that would prevent you from doing HTTPS on your server. The solution is to use a “port multiplexer” called SSLH. SSLH listens to port 443 and redirects the query to either your SSH or your HTTPS server, depending on the query type. Let’s see how you install and configure this beast on a Ubuntu machine with a running Apache server.

Configuring self-signed HTTPS on Apache

sudo a2enmod ssl # enable the SSL module
sudo a2ensite default-ssl # enable the default SSL site described in/etc/apache2/sites-available/default-ssl

You should now be able to access your website at https://yourwebsite.com.

However, you do not have enough money to buy yourself a public key certificate from a certificate authority. Therefore, at each connection you will (should) receive a message from your browser warning you that this connection is insecure. DO NOT CLICK THROUGH! Certain companies intentionally perform man-in-the-middle attacks to prevent you from making HTTPS connections, such as to your mailbox. You would not want your employer to peek on your passwords and emails, right? Instead, you should verify the integrity of the SHA1 (or MD5, though less secure) fingerprint produced by the HTTPS connection. To do so, issue the following command on your server:

openssl x509 -sha1 -in /etc/ssl/certs/ssl-cert-snakeoil.pem -fingerprint # This is the SSL certificate employed by default-ssl, as described in its configuration file (see above)

If the produced fingerprint does not match the fingerprint shown by your browser: fly, you fools. Someone is spying on you. Seriously, this kind of stuff happens. Now, on to SSH.

Installing an SSH server

On Ubuntu (or Debian, I guess), this is as simple as it gets:
sudo apt-get install openssh-server openssh-client # Installing the client and server packages

Installing and configuring SSLH

SSLH is neatly packaged for Ubuntu:

sudo apt-get install sslh

However, the package comes intentionally unconfigured. You must edit the SSLH configuration file:

/etc/default/sslh

# Redirect port 443 of your server to either your SSH server (port 22) or Apache.
DAEMON_OPTS="-u sslh -p yourserveripaddress:443 -s 127.0.0.1:22 -l 127.0.0.1:443 -P /var/run/sslh.pid"
RUN=yes

Here, “yourserveripaddress” refers to the address of your server on your local network (if there is one). For instance, on my home server which is behind a router, the address is 192.168.0.3.

You must also ask Apache to listen to HTTPS connections to 127.0.0.1 only:

/etc/apache2/ports.conf

<IfModule mod_ssl.c>
Listen 127.0.0.1:443
</IfModule>

Finally, restart Apache and start SSLH:
sudo apache2ctl -k graceful
sudo /etc/init.d/sslh start

Testing SSH

To connect to your server on port 443, try out: ssh -p 443 username@servername.com

You will need to verify the RSA fingerprint (agin), which is different from the Apache SSL fingerprint:
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub # location of your SSH server public key

Les offres mobiles dites “illimitées” des opérateurs téléphoniques en France sont plus bridées que des coupés sport chinois. En novembre 2009 (J+0), je souscris à un forfait internet SFR Illimythics accompagné d’un HTC Hero, qui à l’époque était considéré comme un bon téléphone. Le reste n’a été qu’une suite de déceptions :

• J+1h : Je me rends compte que je n’ai pas accès à l’Android Market sur le réseau 3G.
• J+2h : Ah bon, pas d’IMAP ni de POP3 non plus ?
• J+1 : Et pour le SSH, j’imagine que c’est même pas la peine de rêver ?
• J+7 : Pas de VOIP ? Pas de YouTube ? Pas de POST vers Facebook ?

A mon retour de Chine, je me sentais comme Rambo qui revient du Vietnam et qui se rend compte qu’il doit continuer à mener sa guerre. Sortez les proxys ! Après deux ans de galère chez SFR et plusieurs heures de négociation avec les opérateurs de la hotline, j’ai enfin trouvé la solution à tous mes problèmes.

Préambule : Course à l’armement

Il faut que vous vous équipiez d’un serveur SSH qui écoute sur le port 443. Donc une machine qui tourne en permanence, quelque part dans le monde. Et le port 443, c’est parce que le port 22 est bloqué chez SFR, mais ça vous l’aviez deviné, non ? La manière la plus simple de réaliser ce montage, c’est de laisser une babasse sous Linux allumée chez soi avec openssl-server et de rediriger le port 443 de votre Live/Free/Bouygues/SFR/Neuf/Orange/Pourpre-box vers le port 22 de la babasse en question.

Passez à la suite dès que vous pouvez vous connecter à votre babasse à partir d’un terminal :

ssh -p 443 mon_nom_dutilisateur@le.petit.nom.de.ma.babasse.com

Bientôt, vous allez tellement aimer votre babasse que vous vous surprendrez à murmurer son petit nom dans vos rêves les plus doux.

Ouverture des hostilités : Freedom Like A Shopping Cart

Premier exercice : profiter de votre petit tunnel SSH tout neuf pour enfin télécharger des applis sur l’Android Market.

0. Devenez super-utilisateur et reprenez le contrôle de votre téléphone grâce à SuperUser.
1. Téléchargez l’appli SSHTunnel à partir d’un réseau Wifi. Si aucun réseau Wifi n’est disponible à proximité, vous pouvez télécharger directement l’appli à partir du site du développeur.
2. Créez un profil avec la configuration suivante : host = le.petit.nom.de.ma.babasse.com, user = mon_nom_dutilisateur, password = monmotdepasse, port=443, Use socks proxy = coché, local port = 1984, Global proxy = coché
3. Activez le profil (Tunnel switch), autorisez l’appli à devenir super user et lancez le Market. Tadam !

Opération Tunnel Fatality

Et maintenant vous aimeriez bien consulter votre boîte mail sans passer par un webmail pourri ? Comme je vous comprends. En ce qui me concerne je dispose d’un serveur SMTP qui écoute sur le port 465 et un serveur IMAP qui écoute sur le port 993. Ces deux ports étant bloqués par SFR et gnagnagna et gnagnagna. La solution : la  redirection de ports !

1. Installez ConnectBot grâce à votre tunnel SSH tout neuf.
2. Créez un profil avec le même genre d’infos que pour SSHTunnel (utilisateur, mot de passe, serveur, port 443). En option, vous pouvez créer un couple clé publique/clé privée sur votre babasse et copier votre clé privée sur votre téléphone pour ne pas avoir à retaper votre mot de passe à chaque connexion.
3. Ajouter deux redirections de ports :
   • Type = local, port source = 6665, destination = adresse.serveur.smtp:465
   • Type = local, port source = 6666, destination = adresse.serveur.imap:993 (localhost:993 dés lors que votre serveur IMAP se trouve sur la même machine que votre serveur SSH)
4. Installez un client mail IMAP, par exemple l’excellent K-9 Mail
5. Après avoir activé votre redirection de ports sous ConnectBot, configurez vos serveurs IMAP/SMTP sous K-9 Mail : localhost:6666 pour IMAP et localhost:6665 pour SMTP. Et ouala.

After I measured an impressive 29W peak power consumption on my Atom 330 dual core home server (admittedly, without any HD video rendering), and also because I love to show off a bit, I decided to publish my hardware configuration: it’s right here.

Great day! I just open-sourced Photoroid, which is an application meant to help you share pictures between friends. Its main strength, as opposed to other picture-sharing applications such as Picasa, Flickr, Facebook or Google+, is that it makes it very easy to gather images from many different people. More info on the project web page.