furia furialog · Every Noise at Once · New Particles · The War Against Silence · Aedliga (songs) · photography · other things · contact
I press Play, and the first song on the new Gamma Ray album starts.  

This could be fairly simple. Although there are a number of moral routes I could have taken to this moment, for my own reasons I have purchased the digital encoding of this album on a compact disc. I have a compact disc player, and it has a Play button.  

The disc, however, is sitting on a shelf in my study at home, several feet away from the player. The player is only connected to speakers in my house, anyway, which are not loud enough to reach me here in my office, a few miles away.  

This still could be fairly simple. I've ripped the CD into iTunes on my PowerBook at home. The PowerBook is up, and iTunes is running. iTunes is running here on the Windows PC in my office, too, and iTunes has an inherent gladness to share music.  

Sadly, Apple succumbed to myopic pressure and limited iTunes-sharing to computers on the same local network. But the fix for this is again fairly simple: Rendezvous Proxy, a little piece of software that runs on the PC, pretending to be another machine on the PC's local network, while actually just forwarding all requests to some other destination.  

This isn't quite enough. iTunes Sharing runs over port 3689, but my employer's corporate firewall blocks that port. In fact, it blocks just about everything, with the grudging exceptions of ports 80 (normal web-browsing) and 443 (secure browsing, i.e. https: sites). The fix for this is SSH Tunneling, a technique by which an SSH (Secure SHell, i.e. secure remote command-line login) client on the work PC intercepts messages intended for some blocked port, tags them with their intended destination, and re-routes them through an SSH connection to an SSH server on the other end, which reads the tags and re-re-routes the messages back to the path on which they originally set out. OS X has an SSH server built in, and there's a free SSH client for Windows called PuTTY.  

Of course, SSH normally accomplishes this magic over port 22, which is itself blocked here. And, for that matter, my PowerBook is behind an AirPort wireless router at home and thus not directly accessible to outside connections to begin with. Happily, these two problems can be solved at once: PuTTY can be switched to send SSH messages over any port, so I have it using 443. On the other end, the AirPort can forward incoming traffic on a given port (like 443) to any other port (like 22) on another computer on the home network (like my PowerBook).  
 

So here is only a semi-complete list of all the tweaks and contortions necessary to get this to work:  

- SSH server running on the PowerBook (built into OS X)  

- iTunes running on the PowerBook, with Sharing enabled in iTunes Preferences  

- Remote Login (i.e. SSH) enabled in the PowerBook's Firewall (in System Preferences under Sharing/Firewall; I have iTunes Sharing enabled there, too, but that isn't necessary for this, since the SSH Tunnel terminates inside the firewall)  

- Port Mapping on the AirPort set to send router port 443 to port 22 at the PowerBook's internal network IP address (10.0.1.x; look this up in System Preferences under Network/AirPort)  

- SSH client (PuTTY) running on the work PC, sending SSH over port 443 to the public IP address of the AirPort (look this up in AirPort Admin/Config/Internet at home)  

- SSH Tunnel set up in the PC SSH client, forwarding port 3689 on the PC to 127.0.0.1:3689 (this part confused me for two days before I understood that the destination IP address of a Tunnel is a forwarding instruction to the SSH server, so 127.0.0.1 is the PowerBook's IP address for itself; also, in SSH vocabulary this tunnel is Local, which means the data starts here at the PC end, rather than Remote, which would be a reverse tunnel for getting to the PC from home)  

- Rendezvous Proxy running on the PC with a host proxy defined for IP address 127.0.0.1, port 3689 (this time the 127.0.0.1 address is the PC's address for itself, i.e. the PC end of the port-3689 SSH Tunnel from the above step)  

- iTunes running on the PC, set to look for shared music  
 

For extra credit:  

- a second host proxy defined in Rendezvous Beacon for 127.0.0.1:3690  

- a second SSH tunnel defined in PuTTY routing 3690 to 10.0.1.x:3689, using the internal network IP-address for our second PowerBook at home  

- sharing enabled in iTunes on the second PowerBook  

- iTunes Sharing enabled in the Firewall on both PowerBooks  

That gets me access from work to either of our iTunes libraries at home.  
 

For extra extra credit:  

- VNC server running on the first PowerBook (OSXvnc), using display 0 (port 5900)  

- a third SSH tunnel routing 5900 to 127.0.0.1:5900  

- VNC client (TightVNC) running on the PC, connecting to localhost (i.e., the PC end of the port-5900 tunnel, as with Rendezvous Beacon above)  

This gives me remote control over the PowerBook at home, including (since the AirPort Express is connected to our home stereo) the ability to wirelessly stream music from the home PowerBook (actually, either of the home PowerBooks, since the second one's library is now wirelessly available to the first one via iTunes Sharing) into the home speakers. For maximum drain on worldwide network resources, I can then start an audio chat from my home PowerBook back to my office PC, and use that to listen to the music playing in our house. I suspect this signal-path exceeds the total complexity and throughput of the internet as of twenty years ago.  
 

PS: Note that order of operation is critical. All the home stuff must be set up first, and at work the SSH connection (with all the tunnels) must be established before anything else will operate. Security-wise, both the SSH and VNC connections require passwords (and iTunes sharing can optionally require a password, as well), and all these traffic streams are passed in encrypted form (through SSH) over a port that would normally be carrying encrypted traffic anyway (443, https). The value of this last detail I will leave as an exercise for the reader.  

PPS: The crowning caveat, at the end of this whole fantastic process, is that I carry my iPod to work with me every day, anyway, since I listen to it while commuting on the train, and it has the exact same music library as my PowerBook, so mostly what I really do is just plug it into my desk speakers, accomplishing the same Gamma Ray effusion in rather simpler fashion. (But if simplicity were an invariant goal, I wouldn't be listening to Gamma Ray to begin with.)  

PPPS: Great album.
Site contents published by glenn mcdonald under a Creative Commons BY/NC/ND License except where otherwise noted.