Secure Pipes was built to solve my own problems...

I usually learn best from examples, and although for some people Secure Pipes might look like just a fancy wrapper around some SSH features (which it is), I found it quite difficult to explain to my friends and family the benefits of this software. So, I thought I would write this quick blog to tell the story about how this software came to be, which might help people discover its utility.

The Great Firewall of China

As my first assignment at my day job, I spent 4 years in China starting a factory. As most people know, all China web traffic is subject to the censorship restrictions of The Great Firewall. Coming from a tech background, it wasn't too difficult for me to get around this to access my Facebook account by just setting up an HTTP proxy server in our US office accessed via the company VPN. This worked, but required the overhead of the VPN, setting up an HTTP proxy server, and only handled HTTP(S). Some years later I discovered that SSH provides a much easier (and generic) way to set this up with its SOCK proxy support. However, the command line arguments were difficult to remember for the occasions that I used it, and quite often the connection would go down, forcing me to restart the proxy. Of course, I could write a quick shell script to fix this, but I thought it would be nicer, and more "Mac", to have the capability built right into the menu bar. In my former life I used to be a somewhat active Linux hacker with a focus on making open source software easier to use, so thus the desire to make an easy way to setup and manage a SOCKS proxy was born.

Privacy and OS X Server

Again, from my life at Cobalt, I have always had an interest in the server side of Internet life with a focus on making servers easy to use. Once OS X Server started being a simple and cheap addition to OS X, I bought a copy to play around with. At times a bit limiting, I still really like the software and like the idea of having a secure server platform that is easy to manage and not based on uninspired, overly complicated software. Call me old school, but I also like the idea of being in complete control of my data, which means running my own dedicated server without a service provider having any kind of superuser access. Cloud services are nice and convenient, but they have their place. I believe for applications like email and anything else that can have legal consequences to you or your company, you need to really own your data and accept the responsibility to protect it. So, I set my sights on finding a way to use OS X Server as a primary, Internet-facing mail server (including address book, calendaring, etc).

Unfortunately, Apple stopped making the Xserve and doesn't allow you to run OS X on general purpose hardware (like 1U rack mountable servers), even in a virtual environment. For these reasons, it's not really convenient to host a Mac in a data center and although solutions exists, you will pay a premium to have a hosted Mac server, and you're still stuck with a third party having keys to your data. Therefore, I convinced myself I needed a way to just run the server locally with my existing Internet connection.

Luckily, while learning about all the not so well known features of SSH, I learned about its ability to setup local and remote tunnels. I figured that with a cheap cloud hosted SSH server having a fixed IP and some remote forwards, it would be easy to get my OS X Server Internet-facing and unleash its real potential. However, as in the case with setting up the SOCKS Proxy with SSH, remembering how to setup the tunnels, making sure the tunnels stay up, restoring the tunnels in event of power outage, etc were some problems I wanted to solve. So thus my desire to write Secure Pipes was fueled even further.

Although far from complete or free from bugs, the minimum functionality I wanted for Secure Pipes is done, and I would like to share it with others in hopes you will find it useful for at least a) getting access to your Facebook accounts from China, and b) promoting the use of OS X Server. I will continue to blog about the software here with some tutorials and cookbooks to help people get started, and really appreciate getting feedback and/or questions from those of you who give it a try.

Happy piping,

Tim