August 29, 2006
The departure from Paris Charles de Gaulle was fairly anticlimactic. There was no fireworks display, no melodramatic atmospheric music, nothing. And yet, with the roar of the 747’s engines, I have now left Europe for about six months.
Thinking hard, I believe that this is my first expedition outside the european continent. Whee!
The hours leading up to the flight were no end of fun. If your definition of fun is waiting in a departure lounge while military patrols wave their famas around to give off the impression that they know what they are doing…
I arrived at the airport at 6:30am, just under 4 hours before my flight was due to leave. I was instructed by the company to do this, as enhanced security measures for planes bound for the USA slow the checkin and general boarding procedures.
So, I walk up to the checkin desk… And am informed that I must wait another 30 minutes, because the security teams have not yet arrived, and that you must go through security before checking in for your flight. Wha?
It turns out that this “security” post was one very bored person, asking for your passport and checking that your paperwork for flying to the US is in order. So I had to present passport, visa, DS–2019 (the form that says I’m eligible for a visa… I thought that being issued the visa had put an end to that, but apparently not), before having a bright orange sticker stuck to my passport and being waved on to the checkin desk.
Checkin was surprisingly painless, and I was even offered a seat by the emergency exit. Not that I’m phobic about flying, but the seats near the emergency exits have about two seats of leg space in front of them, a neat upgrade from the half-seat of space you get elsewhere in the plane.
So, I now have passport, visa, DS2019, and the boarding pass. Now on to the stage I was dreading - security.
I don’t think I have anything to hide, but the recent events in airline safety made me fear the worst about getting through the security checkpoints. Again, I was to be disappointed. I got through without so much as a body search, and only a cursory x-ray of luggage.
Oh well, here we are in the departure lounge then, a measly 2 hours before boarding time. I tried to kill the time by figuring out why my OzymanDNS wasn’t working. The idea was to tunnel SSH over the DNS servers provided by all the usual captive portal services you get in airports. I tested it with Orange, and it does work. I could get a fairly slow ssh link with SOCKS emulation, tunnelled over the DNS of the hotspot.
Then I did something bad, I guess, and the OzymanDNS server crashed, leaving me with a client who couldn’t find the tunnel server. I managed to get my dad on the phone, and walked him through the procedure to reboot the server software, but I couldn’t get a fix on it afterwards.
So, because I had so much time to kill, I gave in and tried to buy some time with the hotspot provider. First, I wanted to pay by credit card, do everything online. This is what I read during the procedure, where you are asked for your personal info:
“Please verify your email address. It is used to send you the confirmation email and login credentials.”
Can anyone spot the flaw in this beautiful plan? I need to pay for internet access, whereupon my login will be mailed to me, so that I can easily get hold of them from any kind of internet access… Oh.
Bottom line, I got robbed 10 euros by buying a prepaid card at the newsagent: even with full internet access to debug, I couldn’t get ozymandns to work again. I’d actually messed up the zone configuration the first time round, so with Orange hotspots I had to tell it to query my server directly, because the domain delegation was borky. My secret theory is that this hotspot transparently redirected all DNS queries to their own server, whereas Orange just lets 53/udp onto the net. And because their hotspot DNS had outdated zone information, it couldn’t work out the right nameserver for the ozyman tunnel server.
Oh well, I proved the concept, that’s good enough for now. I’ll try to setup something more definitive before I fly back.
Speaking of DNS, thanks to kos_tom, my reasoning has advanced somewhat since my last post on how to do multi-point DNS resolution efficiently. Kos_tom aptly pointed out that the NSS service on linux lets you specify which ‘service provider’ you use for gathering various information… Including DNS resolution. The default configuration is to have /etc/hosts as an override, and then a fallthrough to the system resolver, configured by /etc/resolv.conf.
So, after a little research, I decided that what I need to do is write an implementation of the NSS host interface, and insert that before the DNS server resolution fallthrough. This module would be configured by another file, eg. /etc/resolv.override.conf . If a request matches one of the capture patterns defined therein, the module does the resolution itself using the bind9 lightweight resolver library, and returns the result. If not, it declines handling the request, and the system configuration gets used. Shiny, clean, perfect.
What would also be cool, but a little more tricky to implement, would be to make the override resolver know about which VPN links are up, and only accept resolution requests for those VPNs that are up. I’m not sure whether this is required, but it could avoid ‘no route to host’ timeouts on resolution attempts, or worse, leakage of hostnames to other DNS servers that would happen to occupy the same IP address space at the time of resolution.
However, I admit I have little to no idea of how to get the NSS module to figure out if a VPN is “active” or not. Maybe a specific /var/run directory that openvpn could write to when it boots a VPN, and that the NSS module polls before attempting resolution. Hmm. Any ideas?
So, anyway, while I was pondering all this and fuming about being robbed for internet access, the boarding gate for the San Francisco was set up. Another security gateway, this time with full and systematic bag and body search.
Going through it was, again, surprisingly painless. I was expecting a long emptying of my cabin bag. But the inspection was done very quickly (dare I say it was botched?). I had my camera bag at the bottom of the backpack, a fairly large pack containing my Canon SLR camera and a few accessories. This bag was not opened by security. Did they use their x-ray vision to work out there was nothing dangerous therein? To quote Dad’s Army, their security setup felt like it was “All for show, not for blow” (no pun intended, that’s the original quote). Oh well, I’m not complaining, I got through with minimal fuss, that’s all I care about.
And so here we are, on board the plane. It took a while to get to the runway. It feels like it taxied across half of the airport before getting to its assigned tarmac. Then, it was over surprisingly quickly. The big difference I felt compared to two-engine planes, is that with a four turbine plane, you get a much more immediate feel for the weight of the plane, and the thrust of the engines trying to get the winged brick off the ground.
But once the right speed is reached, it does like any other plane: high inclination, and off we go. I still have difficulty grasping that when those wheels left the tarmac, it was my last contact with europe for six months. I wonder what these six months have in store.
After lunch, I changed batteries on my laptop (four hours life left, and counting), and reset my timezone. Going from EST (GMT+1) to PDT (GMT–8). It was mid-morning when we left, it’ll be midday when we arrive, and I’ll feel like it’s early evening. Jet lag, I welcomethee.
Other than that, I was given my I–94 form, the last in the large puzzle that you have to complete to get a fully valid J–1 visa. I don’t see the point of the form, honestly. All the fields reproduce fields already printed in the visa and registered in the SEVIS database. What’s the point? The only extra piece of information is the flight number of the plane I’m on, not that I see why they might care about that in any way whatsoever. But they could just give you a sticker with the flight number, and have you stick that on the visa. You’d have the exact same information as a result.
But bleh. Looks like the US love information duplication. I now have my first, middle and last name in so many different forms archived in so many places of the american bureaucracy machine that I will never again fear amnesia: if I forget my name, I have 20 different forms that give it, along with where I live, what I do, what I don’t do (smuggle weapons, deal in radioactive substances, …), and where I did what I did do.
I wonder what I’m going to do. It’s 5:30am now (2:30pm for you frogs), and I have until 12:30 to fill in, doing… uh… Stuff. Once this laptop dies on me, there goes blogging and general hacking, so I’m left with music and books.
The books I chose in a bit of a hurry, and I’m mildly disappointed at the result. Aside from Heinlein’s Farmer in the Sky and Baxter’s Ring, which I brought along for their reread value (a good book is like a good film: each time you read it you experience something new), I brought a collection of Asimov mini-novels. The first of the four is fairly good, though a little vague on science and heavy on fiction, as is usual with Asimov. The second is more like pure fiction, which doesn’t appeal to me at all.
I guess I should try to get some sleep. It’s supposed to be the middle of the night right now, and I do feel tired, having had a short and restless night at the hotel. But… Bleh. It feels wrong somehow.
So ends this blog, my first written in a plane, and also my first written while over the Atlantic ocean. Lots of new things going on. Oh, and I snapped a few shots when I was flying from Strasbourg to Paris. We were flying over the cloud layer, and the sun was setting. It really cast a beautiful color in the sky, and the clouds felt like the ground of an ocean of earth, down below. I haven’t yet had a chance to see them properly, so I hope they worked out okay. I’m starting to like some of the creative modes of the camera, namely the manual aperture settings, which lets me mess with where the focus goes and whether I get two seconds of a slightly blurry world, or a sharp image snapped in an instant. I’ll put them online when I get to a real internet access.