Solo Eurotrip, Lisbon Part 1

11936502_10153558853019840_2377981980515560156_oAwesome start of the trip – flight was delayed by 3 hours, because our plane had to come in from Rome, and they had a sick crew member forcing them to return to the airport after takeoff. Sounds like fun.

While at the Luton Airport, I thought I would exchange some euro first since I was not very organized and didn’t do it earlier. Then I looked at the rate. 1£ = 1.17€. Nope. I knew airport exchanges are bad, but I didn’t know they are THAT bad. I later found 1£ = 1.35€ in central Lisbon (interbank rate was about 1.37, so that’s actually pretty good). It’s generally not a very good idea to do cash exchanges while travelling, since foreign ATM withdrawals usually give the best rates (usually interbank rate + 2.5% fees), but my situation was a bit special since I had to get rid of all my £s and close my UK bank account, etc.

Three hours flight and half an hour of AeroBus later, I made it to Praça dos Restauradores, a square in central Lisbon dedicated to their independence after decades of Spanish occupation in the 1600s.

20150911_191659(1)

Can you spot the hostel in the picture? Neither could I. It took me about 15 minutes to find it, but it’s right in the centre of the picture. For some reason, hostels always have tiny tiny entrances.

20150913_165937_HDR

A beautiful, young, and very friendly Polish girl showed me to the room (that’s all for now for the description of the girl, but she will come up again later in the story).

20150914_104138_HDR

It wasn’t my first time staying at a hostel, but it was my first time actually sharing room with strangers, so I didn’t really know what to expect.

What I absolutely did not expect, though, is to have a 4-hours long conversation with a stranger about everything from our favourite books, to travel, to politics, to violin-playing, purpose of life, self-confidence, and social psychology. And that’s exactly what happened.

Meet German girl #1. She’s from Hamburg, and travelling to figure out what to do with her life. She is pretty awesome.

PS. I am not including names in order to protect the guilty, but also so that people won’t know if I have forgotten their names already.

PS2. If you are reading this, no, Hannah, I have not forgotten your name :).

PS3. Sorry I’m also not including pictures of people, because 1) that’s creepy, and 2) privacy and stuff. You’ll just have to take my words for it – they are beautiful people, unless otherwise specified (there WILL be people later in the story who are otherwisely-specified to not be beautiful).

There was also a German guy (German guy #1). He was slightly older, and works with special needs kids in Germany. I didn’t get to talk to him much unfortunately, because he had to go to bed early to catch an early flight. He was gone when I woke up the next morning. He did give me the last of his awesome Portuguese egg tarts, though.

The next morning, I joined a tour organized by the hostel to Sintra (an old town close to Lisbon). I love it when hostels organize tours. Saves me all the research. It seems like hostels that target solo travellers do this more.

Our tour guide (a guy from the hostel) is a Portuguese guy (Portuguese guy #1) from rural Portugal. He is still in his early 20s, and just finished his degree in international commerce (IIRC), and wanted to learn more about people and their different cultures from all around the world. What better way to do that than working at a hostel? So that’s what he is doing now. Funny guy. Not sure if his going bald has something to do with the job as well, but he didn’t mind, so that’s all good.

Also on the tour were Moroccan girl #1, Australian guy #1, Australian guy #2, and Bostonian guy #1. I didn’t talk to the Australian guys much unfortunately. Bostonian #1 is a life coach. I am still not entirely sure what exactly is it that he does, but it sounded fascinating. Something about helping people making/breaking habits. He is also a fitness trainer.

Moroccan girl #1 does international marketing back home, and is also deeply passionate about politics in that region. I didn’t join that conversation since I know next to nothing about Moroccan and Middle Eastern politics. Sounded intense, though. She also speaks fluent Arabic, French, English and Spanish, and tried to speak French to me upon learning that I am Canadian. That didn’t go very well. Also, apparently 14 hours work-days are normal in Morocco. I’m glad I don’t live there…

Sintra was pretty nice. It’s an old and historical town on a mountain, where many famous poets and writers once lived. Many Portuguese people see it as a spiritual place, and every night, a bunch of people would go up there to perform weird rituals or black magic, etc, often involving drugs, making it slightly unsafe for normal people to visit. But just like all dangerous and mysterious places, it has become a popular place for adventurous teenagers to sneak into at night. It also has a medieval royal palace that is now a museum.

20150912_111529_HDR-2

20150912_114022_HDR

20150912_130818

20150912_142722-2We ended up having Portuguese food at a local Portuguese place (how do you know the restaurant is local? easy. They don’t speak English!). Huge pieces of catfish + beetroot rice + random veggies, for about 6€. Not bad at all! The tour guide said it’s so good that he doesn’t mind going there 3 times a week (every time he does the tour).

In Portugal, they will always bring side dishes (cheese, olives, breads, etc) as soon as you sit down. However, unlike in North America, that’s not free! You are supposed to refuse them if you don’t want them. Usually they are 1€ or 2€, and are basically treated as tips.

As the day drew to a close, we stopped by a pastry place where the deserts were so yummy that I forgot to take pictures.

20150912_165925

Capo da Roca, the most western point of Europe… and where Australian guy #1 slipped and almost died.

“Where the land ends and the sea begins” – Luís de Camões (1525-1580)

To be continued…

 

Solo Eurotrip, Prelude

About a week ago, I left London and embarked on a solo backpacking trip to continental Europe.

It was originally out of necessity – as everyone who initially agreed to join me on the trip bailed out for one reason or another. I decided to go on a trip anyways because unlike most of my friends, I don’t normally live in Europe, and I don’t actually get that many opportunities to travel in Europe.

And that was quite possibly the best decision I’ve ever made in my life!

Like everyone else before they went backpacking for the first time, I had my worries and doubts and all that, but as it turned out, it was much easier than I had imagined. I don’t know why some backpackers make it sound like such a big deal, but it really isn’t! It does require some different skills than traveling as part of a group, but I wouldn’t say it’s more difficult really. Just different. Maybe it would be more difficult if you are travelling to less well-known places, but if you are just doing capital-city-hopping like I am, it’s pretty easy.

The first obvious problem is companionship. We all like to have people to talk to while travelling, and most people imagine solo travelling to be lonely, because well, we don’t have (a) fixed travel partner(s)! But that’s not the case!

Just because we have no fixed travel partner, it doesn’t mean we will always be by ourselves. It just means we have to make new friends all the time (as we sadly lose them at about the same rate). I have made quite possibly more friends in the past week than I have in the past months.

When travelling as a group we rarely make an effort to get to know strangers. When travelling solo, that becomes a necessity unless you really want no human contact at all. Hostels are usually the best place to meet people, since if you pick your hostels right, there would be a fair number of other solo travellers as well, and they would also be open to meeting strangers. Also, everyone speaks English in hostels, no matter where you are (at least in Europe). In countries where the majority of the population doesn’t speak English, people in hostels could be your only verbal human contact all day, and that’s very important for preserving sanity. I try to avoid larger groups usually, since they tend to form cliques, and not to talk to outsiders. Other solo travellers are the best, but couples or groups of 2 close friends are usually okay as well, presumably because they talk to each other all the time already, and would rather spend their travelling time talking to strangers.

Talking to strangers has never been easy for me, and that’s partly why I decided to go on this trip. I want to practice talking to strangers and making friends, and what’s a better way to do that than going on a solo trip where you have to make friends with complete strangers constantly, and have forced friendship resets every few days?

It was a bit awkward initially, but even after just one week, I have gotten much better at it. Now I almost don’t hesitate at all saying hi to strangers, and that’s something I have never done before. And it’s pretty awesome. All the cool stories of travelling and life in general, from people of all personalities and experiences who grew up in totally different environments, and have totally different priorities in life than yours. It’s amazing.

It’s surprising how deep connections can be formed in just a few days.

Saying goodbye can be difficult. Sometimes very difficult. But that’s part of the reality of backpacking. Sure, we exchange Facebook and all that, but technology can only do so much, and we all know we will probably fade out of each other’s lives very quickly.

Some people will like each other so much that they decide to travel together afterwards (and even get married apparently), but that’s relatively rare. Most of the time people plan to do things together in the city, but not beyond.

I think solo (or maybe 2-people) travelling is now my preferred way to travel. So much freedom. It’s feels good to not have to worry about other people when making travel plans.

For this trip, I’ve decided to go super-spontaneous, and never plan more than 2 days ahead. This is not recommended if you are travelling during peak seasons, or in a large group. But for a solo traveller in mid-September, it works quite well. I can still get all the very best hostels, and still have a lot of flexibility in extending or shortening stays in cities, depending on how they turn out. It’s fun to have absolutely no idea where you will be in 3 days. There is a certain amount of risk in doing things this way obviously, but if you are flexible with what cities you want to visit, this works really well. All the seats on the train to Budapest sold out already? Just go to Vienna instead!

No two stories are the same, because our stories are in large determined by the people we meet, and we never meet the same people.

This is my story.

On Quora

How do you waste your time online?

I used to blog quite a bit, and spend a lot of time on Facebook. As you may have noticed, I am now much less active on Facebook, and my blog posts are fewer and further between.

Of course, that doesn’t mean I don’t waste time online anymore (ha!), but I’ve found quite possibly the most productive way to waste time – on Quora!

If you haven’t already heard, Quora is essentially Yahoo Answers done right. It’s a site where people post questions, and others answer them.

The main difference between Quora and all other Q&A sites is that, Quora, for some reason, seems to attract very high quality content, unlike Yahoo Answers and Reddit (when used for Q&A). It’s either that low quality content don’t get posted, or that their machine learning systems are better than other sites’ at filtering out low quality content.

I spend about an hour on Quora everyday now for my daily doses of random knowledge. I used to read Wikipedia for that, but Quora is a little more social, and the content tend to be more casually-readable.

On Quora, your feed is personalized by “following” either people or topics. Following people means their content will show up in your feed more often (usually answers), and following topics means you get mostly unanswered questions in those topics. If you follow the right people, after a while, more or less everything on your feed will be interesting.

IMHO, the best thing about Quora and what sets it apart is the fact that many active users are experts in what they write answers on. This could mean professors (there are many), seasoned industry veterans, lawyers, doctors, or people who have their own restaurants (making them experts at running restaurants).

If you are getting started on Quora and have similar interests to mine, here are some of the people I follow. Maybe you’ll find some of them interesting, too? By the way, if you want to see their answers instead of all activities, click the “answers” link on the left.

Eva Kor – “Holocaust survivor and forgiveness advocate”. She was a child during the Holocaust, and was subject to medical experiments by Josef Mengele. Lot’s of very touching content on the Holocaust, Nazies, and forgiveness. Why did Eva Kor shake hands with a former Auschwitz guard?

Jimmy Wales – Founder of Wikipedia. He is actually a very active Quora user, and answers many question on the philosophies as well as day to day operations of Wikipedia (and Wikimedia Foundation).

Clayton Anderson – ex-NASA ISS Astronaut. Lots of answers on how ISS works, daily life on ISS, orbital mechanics, etc. Also, cool pictures :). What would happen to astronauts if they got detached from the ISS during EVA? Would they fall back to Earth or drift away into space?

Adriana Heguy – Professor of Pathology and genomics researcher at NYU. Answers on genomics and evolutionary biology, and biology in general. Given that eyes appear to have evolved multiple times independently through evolution, why has human-level intelligence not evolved more than once?

Robert Frost – NASA instructor. He trains astronauts! More space and ISS stuff.

Brian Bi – Competitive programmer and software engineer. And physicist. Lots of answers on C++.

Viola Yee – Generally awesome person :). I have no idea what she does for a living, but she writes a lot of good answers on a lot of different things. Mostly things to do with animals and plants. Is extracting wool harmful for sheep?

Emma Homes – Australian flight instructor. Answers on aviation, parenting, and pregnancies.

Yoshua Bengio – If you do any machine learning, he probably doesn’t need any introduction. He is one of the pioneers in deep learning. Answers on deep learning, big data, life in academia, etc.

Sergey Zubkov – Living and breathing C++ standard. He knows just about everything about C++.

You can, of course, follow me as well, and I’d be incredibly honoured :). Most of my answers are in machine learning (especially deep learning and neural nets), electronics design, CS, and aviation. I also occasionally answer questions on martial arts, chess, viola/violin, scuba diving, and a few other things.

Happy Quora-ing!

Cats the Musical

catsOk, this is a strange one.

When I go watch musicals, I usually read the Wikipedia summary beforehand, because I find that I enjoy them better that way – not having to keep trying to figure out the story, and can focus solely on the singing and acting.

I decided to try something different this time, and went to see Cats with a blank slate.

I came out pretty much still with a blank slate.

WHOOSH.

It was almost entirely unlike what I expected it (or any musical) to be! There were some fun pieces and cool dances, but the whole thing felt a lot more like a concert than a musical.

I gave up trying to figure out the story half way through, and decided to focus on the music instead, and I’m glad I did – some of the songs are quite good.

The first act starts fairly light-hearted, and turned a little rock-y towards the intermission.

My personal favourite is the opening of the Jellicle Ball.

The second act is much more romantic and emo (what’s the I-need-to-sound-like-I-know-what-I’m-talking-about word for that?), and most of the songs seem to be centred around a particularly old cat and an evil cat… yeah I had no idea what was going on.

And of course, there were a few numbers based on the melody of Memory, which I thought was quite good. Memory is probably the most famous song from the musical, and for good reasons!

However, I did not find most of the rest of the musical particularly memorable. And it kept reminding me of Pink Panther for some reason…

Identity Theft by Email Spoofing

I have been running my own email server for almost 10 years now, and it has been pretty problem-free until now, so I didn’t really think about it that much. I know it’s not an open relay, and that’s about it. If it’s not broken, why fix it right? Ha!

Last week, I discovered that Gmail has been classifying a lot of my emails as junk recently, and it’s annoying, so I decided to look into it, and I’m glad I did!

My first suspicion was that my server is compromised, and someone is using it to spam. However, looking through mail.log, nothing really stood out. There were people brute forcing my server, but they have been doing that for almost 10 years now, and there is no sign of them being successful. While it’s also theoretically possible that the attacker modified the logs, it would have to be a pretty sophisticated and targeted attack, and that’s unlikely since I really don’t have that many enemies (that I know of anyways).

So I decided to change my focus to email spoofing.

Email spoofing is essentially the digital equivalent of sending someone a letter by post, and writing your neighbour’s name and address as the return address. If you think about it, there is really no easy way for the recipient to tell!

There are a few techniques to combat that in the digital world – SPF, DKIM, and DMARC, but I didn’t implement them because they weren’t really a “thing” back when I started my server.

I knew email spoofing is a potential problem, but it sounded so theoretical back then (silly me) that I didn’t really worry about it much.

I decided to implement them now, because better late than never, right?

The 3 aforementioned technologies are designed to work together, and they are actually all very simple in principle.

SPF, Sender Policy Framework, works by the domain owner adding a TXT field to their domain record, that essentially says which IPs are allowed to send emails on behalf of this domain, so if the receiver receives an email claiming to be from this domain, they can do a DNS lookup to get the list, and see if the incoming server is on the list. If not, they know it’s probably fraudulent.

For example, if you do a nslookup on my domain (from a Linux or OS X machine), you’ll see my SPF rule –

matthewlai@~$ nslookup -q=txt matthewlai.ca
Server: 77.244.128.44
Address: 77.244.128.44#53

Non-authoritative answer:
matthewlai.ca text = “v=spf1 a mx -all”

Authoritative answers can be found from:
matthewlai.ca nameserver = ns-1442.awsdns-52.org.
matthewlai.ca nameserver = ns-1775.awsdns-29.co.uk.
matthewlai.ca nameserver = ns-274.awsdns-34.com.
matthewlai.ca nameserver = ns-574.awsdns-07.net.

The actual rule is the part in bold. What that means is, both the IPs in the A record (primary IP) and MX record (mail server IP) of the domain name are allowed to send emails on behalf of this domain, and no one else is allowed. In my case the 2 records are actually the same, and I only included both in case I want to separate out the mail server later.

SPF is pretty good, but since it’s purely IP-based, a determined attacker can still get around it by doing a man-in-the-middle attack, and pretend to be the IP in the A record to the receiver, and that’s why people came up with DKIM.


DKIM, or DomainKeys Identified Mail, uses cryptography to provide even more protection, but is otherwise similar to SPF, in that it also uses an extra DNS record for verification.

The server first generates a private key and the corresponding public key. The public key is published in a TXT record, and the server uses the private key to sign all authorized outgoing emails.

This is my public key:

default._domainkey.matthewlai.ca text = “p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgbviNtlzSeq+66pqhgvgpf4VXSwK5fQE3mvZevaE7MY6WZ7bnVAnUdQUDlAZcxXUY6R/6UqqLYzWcpAsc4uMGhjiU0UnTMAXeEcY/RC+j2hFRSYBw7sz/kfhvSbkJQCUYc5Vp61xd3RLJrl4AvxOUEVLViZsKZIBKCzQp6wmMxQIDAQAB”
default._domainkey.matthewlai.ca text = “v=DKIM1\; k=rsa\; s=email\; “

When the receiver receives an email, it retrieves the public key from the DNS record, and verifies the message signature using that key. If the verification is successful, that means the sender holds the private key, and that the message has not been modified in transit.

Note that the DKIM signature has nothing to do with the more common message signing using personal private keys. On a server using DKIM, all outgoing messages from all users would be signed using the same key, so it’s pretty useless for verifying the individual identity of senders.


SPF and DKIM tell recipients how to identify fraudulent emails, and our last friend DMARC tells them what to do with the result.

DMARC, Domain-based Message Authentication, Reporting and Conformance, adds yet another DNS record.

My DMARC rule looks like this:

_dmarc.matthewlai.ca text = “v=DMARC1; p=reject; rua=mailto:[my email]”

What that means is I want recipients of emails that fail both SPF and DKIM to be rejected – usually in the email world rejected means dropped, not bounced, because the claimed sender (myself in this case) is probably not the real sender.

The even more interesting part is rua. It tells other servers also using DMARC to send me an aggregated report per day, about all emails they received that claim to be from me.

A few hours later, I got a report from Gmail in XML format, and I used dmarcian.com to convert that to nice graphs (I would link to it, but I don’t think I can).

It says over the past 24 hours, there were 9 emails from my server (SPF pass), which sounds about right, and 20 emails from other servers!

Other domains were imperial.ac.uk, mit.edu, bhosted.nl, outlook.com, hotmail.com, and yahoo.com.

Interesting huh? I’m sure the ones from Imperial are not from me, because I don’t use their SMTP server, and I didn’t even go on campus in the past 24 hours, or connect to their VPN.

But the fact that Imperial is on the list is interesting. It could be a coincidence, but what’s the chance of that happening?

I believe what’s happening is either someone is trying to impersonate me at Imperial, or the more likely explanation – some of the people I sent emails to have a compromised system that’s collecting email addresses, and the attacker is trying to send out spoofed emails using their locally configured SMTP server (which would most likely be Imperial’s).

I will never know which one is true, since Google reports doesn’t give me the content of those emails, but either way, I hope my SPF+DKIM+DMARC (that’s a lot of acronyms!) will stop that now!

And Gmail is accepting my emails again after I added DMARC and DKIM signatures!

Moral of the story: If you run your own email server, make sure you are using SPF+DKIM+DMARC to protect yourself and your recipients!

EDIT: Apparently DMARC reject will cause problems with mailing lists. I have changed my policy to “none” for now (meaning the receiving server will use their own judgement for what to do with emails that fail SPF and DKIM), until a better solution comes along. If you don’t care about mailing lists, it should be fine to use “reject”.