Scott’s Blog

Is the party over in China? Massive unemployment looms

The Epoch Times has a good article discrediting a recent New York Times “review” of NTDTV’s recent Chinese New Year Splendor.

“One of those interviews was with John Wright, formerly with the Times own book review department. When asked what he thought of the show, Wright said, “It was very beautiful, very different.”

But the Times published on Feb. 6 a peculiar review of Splendor (under the byline of Eric Konigsberg) that did anything but suggest the consensus response. Backed with quotes from all of three audience members who were critical, only one of whom gave his or her full name, the Times proclaimed in its headline, “A Glimpse of Chinese Culture That Some Find Hard to Watch.”

What made the Times article even more unusual was that its criticisms mimic the line of China’s communist regime, which has engaged in a behind-the-scenes campaign to have Splendor shut down. “

I’m using OpenSSH on Windows XP as my server and my client is also Windows XP. After installing OpenSSH on the server, I ran a batch script to create password entries in my *passwd* and *group* files:

cd C:\Program Files\OpenSSH\bin
mkgroup -l >> ..\etc\group
mkpasswd -l -u [user name without these brackets] >> ..\etc\passwd

Then, I edited the sshd_config located in c:\program files\openssh\etc. First, I changed the default port to 443, as 22 is blocked by my company, from which I’m going to connect.

I also like to edit the banner.txt file as a reminder of where I have connected, but I guess this may be a security risk….

Anyway, I’d like to use public/private key exchange to authenticate with OpenSSH instead of the default method of username/password- all while using PuTTY to connect to my server.

Basic steps are:

1. On the server, use the command-line to get OpenSSH to create public/private keys
2. Copy text out of the generated public key into the authorized_keys file in /etc folder (unless you’ve indicated elsewhere in sshd_config) Note, you may have to create this file if you have not already done so.
3. Next, you pull off the private key to your remote client. This is what you’ll reference in PuTTY.
4. After pulling it off, you need to use puttygen to convert this RSA private key into a .ppk file that PuTTY needs.
5. Then, you reference that file in your PuTTY ‘SSH/Auth’ config area.
6. Next, test the connection.
7. If it works using the key file, edit the sshd_config and disable name/password authentication: (PasswordAuthentication no) Be careful with this last one, because if you’re not positive key file authentication is working, you’ll lock yourself out and will have to actually go to the server to re-edit the config file to open it back up.

Specific steps:

Create Public/Private Keys

On your server to which you’d like to connect, do the following.

• Start, Run… ‘cmd’ [Enter] to open Command window.
• Enter the command: ssh-keygen -q -f c:\id-rsa -t rsa
• Enter the passphrase that’s long and contains numbers and upper cases, but one also that you won’t mind typing when you connect in the future.
• Enter that password again.

This will have created an id-rsa and an id-rsa.pub file. The id-rsa file looks like:

—–BEGIN RSA PRIVATE KEY—–

AAD8F76ASDFA09SD8F7A09SD8F7A098DS7F4KJH13RE9Q8W7E4YI134….

(for 14 lines)

—–END RSA PRIVATE KEY—–

While the id-rsa.pub file looks like:

ssh-rsa AKJH234LH243K5234…(200 Characters worth)= username@computer-name

Copy public key into authorized_keys file

• Create or edit the authorized_keys file as referred to in your sshd_config. Mine says, “AuthorizedKeysFile /etc/authorized_keys”.
• Open/create this file and paste in the contents of id-rsa.pub. Of course, if you don’t have an authorized_keys file, you can just rename the id-rsa.pub file and place it in the appropriate directory. Some people like to create an .ssh folder and reference this in the config, but I just left the (Windows) OpenSSH default values as they were and put my info in there.
• On linux boxes, you’d need to ‘mkdir ~/.ssh’ and then ‘cat id-rsa.pub > ~/.ssh/authorized_keys’ (note that “>>” will append to that file)

Restart OpenSSH(?)

• Not sure if this is required, but it’s fairly easy to do: net stop opensshd, net start opensshd. But, if you’re doing all of this remotely, don’t do this, or you’ll be screwed. Instead, you should have a restart shortcut and restart the entire server, which will restart openssh in the process. You can create a shortcut whose program target is %windir%\system32\SHUTDOWN.exe -r -t 01

Pull off the private key file onto your remote client

Use PuttyGen to recreate private key file into one PuTTY can use

• Start Puttygen.exe

• Load the transferred private key

• Notice the Key Comment of “imported-openssh-key”. This is what appears when you connect in PuTTY. You might want to change this to reflect the name private key you’re using as a reminder.
• Next, enter the passphrase that you used to create this key file on the server.
• Confirm the passphrase by entering it again
• Then, click Save Private Key

• Save your .ppk file in a location to which you’ll be referring in your Putty config. Perhaps you have a centralized keys folder, or perhaps you have individual folders for the various locations to which you’ll be connecting- say, a sub-folder in each of your different web projects

Config PuTTY to connect to your server

I use port tunneling to connect to my server. I want to use XP Remote Connection, which uses port 3389, so that’s what I forward.

My PuTTY config:

• Set up the SSH/Auth to use your newly created .ppk file

• Configure the Tunneling

• I’m going to use Remote Desktop Connection, which uses port 3389, so I’m going to forward my localhost one to the remote computer’s. If I were going to use VNC or something to remote-control my server, I might also forward 5900. I’m probably going to do this as to get Remote Desktop Connection to work in this manner, I have to right-click on it’s executable and tell it to run in Win98 mode as XP prevents localhost port forwarding.

• I’ve also read of some people forwarding 127.0.0.2’s 3389 and then using Remote Desktop Connection to connec to 127.0.0.2, but I’ve not gotten this to work.

• Finally, save the Configurations for later use

Test

• Load the saved configuration and Open it

• Enter user name for target computer

• Click on the thumbmail below to see this image, and notice the banner.txt text as well as the key file comment. Enter the passphrase as requested.

• If your passphrase matches that used in the generation of the key file, you’re in. You’ll see a message as to the date/time/location when/where you last logged in.

Remote Control

• What I typically do next is to start up my remote-control software. I use Microsoft’s Remote Desktop Connection (mstsc.exe). To use this on XP with the above method, you must locate this executible and tell it to run in Windows 98 compatibility mode. Doing so will allow you to connect through your PuTTY tunnel as follows:

• Yep, I connect to my own computer. Remote Desktop Connection wants to connect to computers using port 3389, but, using PuTTY, I’ve forwarded my local port 3389 to the remote one. So, when I try to connect to my local port 3389, the connection request will get forwarded by PuTTY to the remote computer and that remote computer will answer the call. I then log into that computer using its Windows name/password.

Edit Sshd_Config to disable name/password authentication

• Once we’re satisfied that this key file authentication is working, edit the sshd_config file and change the line saying *PasswordAuthentication yes* to *PasswordAuthentication no*.
• When OpenSSH restarts (perhaps by your Restart shortcut), name/password login will not be permitted. To test, you can remove the path to the key file in the Putty config and try to connect. You’ll be immediately closed down by the remote server.

I also found some info here about tunneling across SSH and using VNC or Remote Desktop Connection.

I recently constructed an index.php file that automatically looks into a directory for files, images in my case, to construct an index page of thumbnails. This has greatly reduced the workload of having to manually edit the html file, like I'd been doing before.

Sure, I could use some online photo sharing website, but I already have a hosting service and this gave me a chance to code up my own, so I took the plunge.

The core of the function is called searchdir(), which I found on php.net by a guy named Nicolas Merlet on a manual page about Directory Functions.
The code uses filectime() which, I believe is a linux function to derive the most recent file change time. Anyway the code uses this value to reverse sort all of the files and then uses this array to construct an image thumbnail gallery.
The assumption in my scheme is that the thumbnail image name is the same as the large image name, except for an extra "_sm" just before the file extension.

For example, given a file called 2006-10-24_17'33_139.jpg, it's associated thumbnail will be 2006-10-24_17'33_139_sm.jpg.

Notice that my file names are date/times. This was done with an open source utility to "batch rename" image files based on their exif data. The utility is called Lupas Rename 2000 (I guess it's 6 years old???). Anyway, it's handy and free and works well and gives you a preview option to specify how you want your files named. There's also another feature to automatically lowercase the file extension, for example. You can find Lupas Rename here.

The code for my index.php file:

I have just put the finishing touches on this. It is a php-based RSS feed. If you don't know what that is, you might want to stop reading here. Otherwise, I'm writing this to share with anyone who cares. What I've done is written a php file that searches in a directory for photos and builds an rss file out of the entries. The code sorts the images based on their modified date, such that the most recent entries appear first. I use this modified date in the <pubDate> tag on the RSS, as well.

The file is called rss.php:

“Lives Hang in the Balance”
(8/4/2006 14:7)

TORONTO (Falun Dafa Information Center) – When the report on organ harvesting from Falun Gong practitioners in China was published on July 6th (news) by David Kilgour, former Secretary of State (Asia Pacific), and international human rights lawyer, David Matas, we fully expected the Chinese regime to deny the report. A simple Google search with the words: "China Denies," after all, brings up over 7.7 million entries.

Any other nation faced with allegations of this magnitude involving their own government would, at the very least, state that they would investigate. However, the Chinese Communist Party (CCP) continues to deny these claims and the sum-total of its response has been to attack Falun Gong.

The CCP has a 60-year history of suppression and killing through decades of brutal campaigns from the Great Leap Forward, to the Cultural Revolution, to the Tiananmen Square student massacre. It has frequently denied proven atrocities. Yet, why do some Chinese media in Canada continue to carry their denials instead of demanding that they cease these practices?

Consider:

• When allegations of organ harvesting broke in March regarding the Sujiatun hospital, it took over 3 weeks for the CCP to respond, which is ample time to clean up any evidence. It was only after this delay that the Western delegations were invited to a guided show tour of this hospital. It was not an independent investigation.
• The CCP’s rejection of the organ harvesting report published on July 6th was given on the same day the report was released. They attacked the report, not on the merits of the evidence or the process, but solely on its conclusion. They continue to do the same today.
• The CCP statement says nothing of the numerous Chinese state-run websites that advertised organs for sale to foreigners for up to $160,000US with an average waiting time of 2 weeks. Many of these sites were removed immediately after the organ harvesting practices were revealed.
• The CPP says nothing of reports from as far back as 1994 from media and the US State Department confirming that the Chinese authorities have been harvesting executed prisoners’ organs for years, and according to human rights groups, they have done so without consent from the victims.
• The CCP says nothing of the 40,000+ organ transplants done in China for which the sources are not explained.
• If the CCP firmly stands by their conviction that this is not happening, we demand they allow an independent investigation within China to investigate prisons and labour camps where Falun Gong prisoners of conscious are being held. If what the CCP says is true, they will have no difficulty in accepting this request.

The CCP denial and further attacks on Matas and Kilgour reinforce the conclusion that the CCP, if not directly responsible for these crimes against humanity, is certainly complicit in them.

Falun Gong practitioners are innocent victims of a brutal and deadly hate campaign and genocide waged by the CCP. We call on the media to expose such crimes, ask the tough questions and dig out the real story, rather than simply repeating the blanket denials of the CCP.

While so many languish in camps throughout China, and are poised to be carved up, their organs taken and cremated to destroy the evidence, it is vital media plays its role to uncover the truth. Lives hang in the balance.

Source http://www.faluninfo.net/displayAnArticle.asp?ID=9450

I just learned that last week, Wenyi Wang, the Falun Gong "White House Heckler" agreed to not protest any visiting foreign officials for one year in exchange for having all charges against her dropped. She received instantaneous international recognition when she bravely voiced her protests against visiting Chinese Communist leader Hu Jintao. In her remarks, she urged President Bush to help stop the persecution of Falun Gong. Wang said she decided to protest President Hu after her involvement in investigations of Live Organ Harvesting of Falun Gong practitioners in China, and the subsequent silence of the international media (aside from the BBC in this article).

The harvesting continues today, as does the brutal persecution of Falun Gong.

In addition, it appears that Falun Gong practitioners are not alone in their receipt of brutal persecution in China's Communist regime.

I received a genealogy chart made by my great-Aunt Margaret McCurdy back in 1998. She went out to Salt Lake City to the Family History Library, a place with over 2.4 million rolls of microfilmed records. Over the years, I've been searching online to fill in missing pieces- birth dates, locations, etc.

Last week, I tried again.

I had a reference to a Philip Tipping and in searching for him, I ran across RootsWeb. There, I was able to find a page related to Philip Tippin, a Revolutionary War Captain from Queen Anne, MD. I also found a page by a man in England entitled, Descendents of William Tipping, Esquire, who was born in 1470 in Tipping Hall, County Lancaster, England. His descendents were traced downward.

I found Philip Tippin at generation 8. He lived in a few places before settling in Tattnall County. Tattnall County was a happening place around that time as several of my kin hail from there. I gather when a new county was created, land grants were awarded to soldiers.

I am also related to Michael McKinzie Mattox, from Tattnal County, as well as Edward Kennedy, who immigrated to Tatnall County from Scotland in 1820.

On my mother's side, I found information about Gwendolyn Hammond Whitmore. The Whitmore line can be traced back to her great-grandfather, George Washington Whitmore, from Rockbridge County, Virgina, where everyone else was from. But, through her great-grandmother, Margaret Jane HUFFMAN, we can trace the line back to her great, great-grandmother, Anna Catharina RHEINBERGER, who was born in 1693 in Otterberg, The Palatinate, which according to this Wikipedia page, is a "historical territory of the Holy Roman Empire known as the Palatinate of the Rhine or Electoral Palatinate." So, they hail from the Rhine valley of Germany.

Perhaps I'll do some research today regarding the Fix line (GenGen's married name). I didn't find anything on the RootsWeb search page for a Clarence Fix, but if I can find out his mother, father, brother, or something, perhaps it'll come up.

UPDATE:

Using Roy Fix as the name of my maternal great grandfather, I found this entry for a Roy McFaddin FIX (b: 19 FEB 1880 in Rockbridge, VA) from Rockbridge, VA, which seems right.  He was one of 12 brothers and sisters.

I also found this page that says that Christian FIX, Roy's grandfather who was married to Sarah SWOOPE,  also had a child named Clamenza Clementine FIX (b: ABT 1859 in Rockbridge Co., Va).  She married Lucian A. HARTIGAN (b: 1851 in Rockbridge Co., Va) and had a mess of kids (12!) with the surname of HARTIGAN.

What the heck was in the water in Rockbridge County?

After a lengthy morning at the dealership, I drove my new, red Honda Fit home.  It's peppy and fun to drive, and quite roomy for such a small car.  I think I'll like it.

It seems my Fit is to arrive on Tuesday. I must admit I'm a little suspicious that it will actually be there when they say it will, but I have my fingers crossed. I had another line on one from Liberty Honda in Hartford that I was going to pick up last Friday, but it was sold before I could get there. Anyway, it'll be nice to have a little zippy car- and much cheaper at the pump!